diff --git a/.github/workflows/changelog-merge-queue.yaml b/.github/workflows/changelog-merge-queue.yaml new file mode 100644 index 0000000000000..fe238771b4939 --- /dev/null +++ b/.github/workflows/changelog-merge-queue.yaml @@ -0,0 +1,25 @@ +# This check runs only on PRs that are in the merge queue. +# +# PRs in the merge queue have already been approved but the reviewers check +# is still required so this workflow allows the required check to succeed, +# otherwise PRs in the merge queue would be blocked indefinitely. +# +# See "Handling skipped but required checks" for more info: +# +# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks +# +# Note both workflows must have the same name. +name: Validate changelog entry +on: + merge_group: + +jobs: + validate-changelog: + name: Validate the changelog entry + runs-on: ubuntu-latest + + permissions: + contents: none + + steps: + - run: 'echo "Skipping changelog check in merge queue"' diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index ab46d098cd44e..0ce8e067961f0 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -228,4 +228,4 @@ jobs: - name: Check if Terraform resources are up to date # We have to add the current directory as a safe directory or else git commands will not work as expected. # The protoc-gen-terraform version must match the version in integrations/terraform/Makefile - run: git config --global --add safe.directory $(realpath .) && go install github.com/gravitational/protoc-gen-terraform@08768262d29336b8ae0915ef41bb6d9768518c66 && make terraform-resources-up-to-date + run: git config --global --add safe.directory $(realpath .) && go install github.com/gravitational/protoc-gen-terraform@c91cc3ef4d7d0046c36cb96b1cd337e466c61225 && make terraform-resources-up-to-date diff --git a/CHANGELOG.md b/CHANGELOG.md index e5697e44d8acb..c7a1d59a47526 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,105 @@ # Changelog +## 16.4.6 (10/22/2024) + +### Security Fixes + +#### [High] Privilege persistence in Okta SCIM-only integration + +When Okta SCIM-only integration is enabled, in certain cases Teleport could +calculate the effective set of permission based on SSO user's stale traits. This +could allow a user who was unassigned from an Okta group to log into a Teleport +cluster once with a role granted by the unassigned group being present in their +effective role set. + +Note: This issue only affects Teleport clusters that have installed a SCIM-only +Okta integration as described in this guide. If you have an Okta integration +with user sync enabled or only using Okta SSO auth connector to log into your +Teleport cluster without SCIM integration configured, you're unaffected. To +verify your configuration: + +- Use `tctl get plugins/okta --format=json | jq ".[].spec.Settings.okta.sync_settings.sync_users"` + command to check if you have Okta integration with user sync enabled. If it + outputs null or false, you may be affected and should upgrade. +- Check SCIM provisioning settings for the Okta application you created or + updated while following the SCIM-only setup guide. If SCIM provisioning is + enabled, you may be affected and should upgrade. + +We strongly recommend customers who use Okta SCIM integration to upgrade their +auth servers to version 16.3.0 or later. Teleport services other than auth +(proxy, SSH, Kubernetes, desktop, application, database and discovery) are not +impacted and do not need to be updated. + +### Other improvements and fixes + +* Added a new teleport_roles_total metric that exposes the number of roles which exist in a cluster. [#47812](https://github.com/gravitational/teleport/pull/47812) +* Teleport's Windows Desktop Service now filters domain-joined Linux hosts out during LDAP discovery. [#47773](https://github.com/gravitational/teleport/pull/47773) +* The `join_token.create` audit event has been enriched with additional metadata. [#47765](https://github.com/gravitational/teleport/pull/47765) +* Propagate resources configured in teleport-kube-agent chart values to post-install and post-delete hooks. [#47743](https://github.com/gravitational/teleport/pull/47743) +* Add support for the Datadog Incident Management plugin helm chart. [#47727](https://github.com/gravitational/teleport/pull/47727) +* Automatic device enrollment may be locally disabled using the TELEPORT_DEVICE_AUTO_ENROLL_DISABLED=1 environment variable. [#47720](https://github.com/gravitational/teleport/pull/47720) +* Fixed the Machine ID and GitHub Actions wizard. [#47708](https://github.com/gravitational/teleport/pull/47708) +* Added migration to update the old import_all_objects database object import rule to the new preset. [#47707](https://github.com/gravitational/teleport/pull/47707) +* Alter ServiceAccounts in the teleport-cluster Helm chart to automatically disable mounting of service account tokens on newer Kubernetes distributions, helping satisfy security linters. [#47703](https://github.com/gravitational/teleport/pull/47703) +* Avoid tsh auto-enroll escalation in machines without a TPM. [#47695](https://github.com/gravitational/teleport/pull/47695) +* Fixed a bug that prevented users from canceling `tsh scan keys` executions. [#47658](https://github.com/gravitational/teleport/pull/47658) +* Postgres database session start events now include the Postgres backend PID for the session. [#47643](https://github.com/gravitational/teleport/pull/47643) +* Reworked the `teleport-event-handler` integration to significantly improve performance, especially when running with larger `--concurrency` values. [#47633](https://github.com/gravitational/teleport/pull/47633) +* Fixes a bug where Let's Encrypt certificate renewal failed in AMI and HA deployments due to insufficient disk space caused by syncing audit logs. [#47622](https://github.com/gravitational/teleport/pull/47622) +* Adds support for custom SQS consumer lock name and disabling a consumer. [#47614](https://github.com/gravitational/teleport/pull/47614) +* Fixed an issue that prevented RDS Aurora discovery configuration in the AWS OIDC enrollment wizard when any cluster existed without member instances. [#47605](https://github.com/gravitational/teleport/pull/47605) +* Extend the Datadog plugin to support automatic approvals. [#47602](https://github.com/gravitational/teleport/pull/47602) +* Allow using a custom database for Firestore backends. [#47583](https://github.com/gravitational/teleport/pull/47583) +* Include host name instead of host uuid in error messages when SSH connections are prevented due to an invalid login. [#47578](https://github.com/gravitational/teleport/pull/47578) +* Fix the example Terraform code to support the new larger Teleport Enterprise licenses and updates output of web address to use fqdn when ACM is disabled. [#47512](https://github.com/gravitational/teleport/pull/47512) +* Add new `tctl` subcommands to manage bot instances. [#47225](https://github.com/gravitational/teleport/pull/47225) + +Enterprise: +* Device auto-enroll failures are now recorded in the audit log. +* Fixed possible panic when processing Okta assignments. + +## 16.4.3 (10/16/2024) + +* Extended Teleport Discovery Service to support resource discovery across all projects accessible by the service account. [#47568](https://github.com/gravitational/teleport/pull/47568) +* Fixed a bug that could allow users to list active sessions even when prohibited by RBAC. [#47564](https://github.com/gravitational/teleport/pull/47564) +* The `tctl tokens ls` command redacts secret join tokens by default. To include the token values, provide the new `--with-secrets flag`. [#47545](https://github.com/gravitational/teleport/pull/47545) +* Added missing field-level documentation to the terraform provider reference. [#47469](https://github.com/gravitational/teleport/pull/47469) +* Fixed a bug where `tsh logout` failed to parse flags passed with spaces. [#47460](https://github.com/gravitational/teleport/pull/47460) +* Fixed the resource-based labels handler crashing without restarting. [#47452](https://github.com/gravitational/teleport/pull/47452) +* Install teleport FIPS binary in FIPS environments during Server Auto Discover. [#47437](https://github.com/gravitational/teleport/pull/47437) +* Fix possibly missing rules when using large amount of Access Monitoring Rules. [#47430](https://github.com/gravitational/teleport/pull/47430) +* Added ability to list/get AccessMonitoringRule resources with `tctl`. [#47401](https://github.com/gravitational/teleport/pull/47401) +* Include JWK header in JWTs issued by Teleport Application Access. [#47393](https://github.com/gravitational/teleport/pull/47393) +* Teleport Workload ID now supports issuing JWT SVIDs via the Workload API. [#47389](https://github.com/gravitational/teleport/pull/47389) +* Added kubeconfig context name to the output table of `tsh proxy kube` command for enhanced clarity. [#47383](https://github.com/gravitational/teleport/pull/47383) +* Improve error messaging when connections to offline agents are attempted. [#47361](https://github.com/gravitational/teleport/pull/47361) +* Allow specifying the instance type of AWS HA Terraform bastion instance. [#47338](https://github.com/gravitational/teleport/pull/47338) +* Added a config option to Teleport Connect to control how it interacts with the local SSH agent (`sshAgent.addKeysToAgent`). [#47324](https://github.com/gravitational/teleport/pull/47324) +* Teleport Workload ID issued JWT SVIDs are now compatible with OIDC federation with a number of platforms. [#47317](https://github.com/gravitational/teleport/pull/47317) +* The "ha-autoscale-cluster" terraform module now support default AWS resource tags and ASG instance refresh on configuration or launch template changes. [#47299](https://github.com/gravitational/teleport/pull/47299) +* Fixed error in Workload ID in cases where the process ID cannot be resolved. [#47274](https://github.com/gravitational/teleport/pull/47274) +* Teleport Connect for Linux now requires glibc 2.31 or later. [#47262](https://github.com/gravitational/teleport/pull/47262) +* Fixed a bug where security group rules that refer to another security group by ID were not displayed in web UI enrollment wizards when viewing security group rules. [#47246](https://github.com/gravitational/teleport/pull/47246) +* Improve the msteams access plugin debug logging. [#47158](https://github.com/gravitational/teleport/pull/47158) +* Fix missing tsh MFA prompt in certain OTP+WebAuthn scenarios. [#47154](https://github.com/gravitational/teleport/pull/47154) +* Updates self-hosted db discover flow to generate 2190h TTL certs, not 12h. [#47125](https://github.com/gravitational/teleport/pull/47125) +* Fixes an issue preventing access requests from displaying user friendly resource names. [#47112](https://github.com/gravitational/teleport/pull/47112) +* Fixed a bug where only one IP CIDR block security group rule for a port range was displayed in the web UI RDS enrollment wizard when viewing a security group. [#47077](https://github.com/gravitational/teleport/pull/47077) +* The `tsh play` command now supports a text output format. [#47073](https://github.com/gravitational/teleport/pull/47073) +* Updated Go to 1.22.8. [#47050](https://github.com/gravitational/teleport/pull/47050) +* Fixed the "source path is empty" error when attempting to upload a file in Teleport Connect. [#47011](https://github.com/gravitational/teleport/pull/47011) +* Added static host users to Terraform provider. [#46974](https://github.com/gravitational/teleport/pull/46974) +* Enforce a global `device_trust.mode=required` on OSS processes paired with an Enterprise Auth. [#46947](https://github.com/gravitational/teleport/pull/46947) +* Added a new config option in Teleport Connect to control SSH agent forwarding (`ssh.forwardAgent`); starting in Teleport Connect v17, this option will be disabled by default. [#46895](https://github.com/gravitational/teleport/pull/46895) +* Correctly display available allowed logins of leaf AWS Console Apps on `tsh app login`. [#46806](https://github.com/gravitational/teleport/pull/46806) +* Allow all audit events to be trimmed if necessary. [#46499](https://github.com/gravitational/teleport/pull/46499) + +Enterprise: +* Fixed possible panic when processing Okta assignments. +* Fixed bug where an unknown device aborts device web authentication. +* Add the Datadog Incident Management Plugin as a hosted plugin. +* Permit bootstrapping enterprise clusters with state from an open source cluster. + ## 16.4.2 (09/25/2024) * Fixed a panic when using the self-hosted PagerDuty plugin. [#46925](https://github.com/gravitational/teleport/pull/46925) diff --git a/Makefile b/Makefile index d20b157623007..1338640f6ad12 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ # Stable releases: "1.0.0" # Pre-releases: "1.0.0-alpha.1", "1.0.0-beta.2", "1.0.0-rc.3" # Master/dev branch: "1.0.0-dev" -VERSION=16.4.2 +VERSION=16.4.6 DOCKER_IMAGE ?= teleport diff --git a/api/client/mfa.go b/api/client/mfa.go index 03cfc13b88a52..beba5b20c79dd 100644 --- a/api/client/mfa.go +++ b/api/client/mfa.go @@ -19,8 +19,6 @@ package client import ( "context" - "github.com/gravitational/trace" - "github.com/gravitational/teleport/api/client/proto" "github.com/gravitational/teleport/api/mfa" ) @@ -29,19 +27,9 @@ import ( // and prompts the user to answer the challenge with the given promptOpts, and ultimately returning // an MFA challenge response for the user. func (c *Client) PerformMFACeremony(ctx context.Context, challengeRequest *proto.CreateAuthenticateChallengeRequest, promptOpts ...mfa.PromptOpt) (*proto.MFAAuthenticateResponse, error) { - // Don't attempt the MFA ceremony if we can't prompt for a response. - if c.c.MFAPromptConstructor == nil { - return nil, trace.Wrap(&mfa.ErrMFANotSupported, "missing MFAPromptConstructor field, client cannot perform MFA ceremony") - } - - return mfa.PerformMFACeremony(ctx, c, challengeRequest, promptOpts...) -} - -// PromptMFA prompts the user for MFA. Implements [mfa.MFACeremonyClient]. -func (c *Client) PromptMFA(ctx context.Context, chal *proto.MFAAuthenticateChallenge, promptOpts ...mfa.PromptOpt) (*proto.MFAAuthenticateResponse, error) { - if c.c.MFAPromptConstructor == nil { - return nil, trace.Wrap(&mfa.ErrMFANotSupported, "missing MFAPromptConstructor field, client cannot prompt for MFA") + mfaCeremony := &mfa.Ceremony{ + CreateAuthenticateChallenge: c.CreateAuthenticateChallenge, + PromptConstructor: c.c.MFAPromptConstructor, } - - return c.c.MFAPromptConstructor(promptOpts...).Run(ctx, chal) + return mfaCeremony.Run(ctx, challengeRequest, promptOpts...) } diff --git a/api/client/proto/authservice.pb.go b/api/client/proto/authservice.pb.go index 69d1aeba37776..f2d9ddfc8ef95 100644 --- a/api/client/proto/authservice.pb.go +++ b/api/client/proto/authservice.pb.go @@ -1970,10 +1970,12 @@ type PingResponse struct { RemoteAddr string `protobuf:"bytes,7,opt,name=RemoteAddr,proto3" json:"remote_addr"` // LoadAllCAs signals whether or not tsh should load all CAs when trying // to ssh into a node. - LoadAllCAs bool `protobuf:"varint,8,opt,name=LoadAllCAs,proto3" json:"load_all_cas"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + LoadAllCAs bool `protobuf:"varint,8,opt,name=LoadAllCAs,proto3" json:"load_all_cas"` + // LicenseExpiry is the expiry date of the enterprise license, if applicable. + LicenseExpiry *time.Time `protobuf:"bytes,10,opt,name=LicenseExpiry,proto3,stdtime" json:"licenseExpiry"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *PingResponse) Reset() { *m = PingResponse{} } @@ -2058,6 +2060,13 @@ func (m *PingResponse) GetLoadAllCAs() bool { return false } +func (m *PingResponse) GetLicenseExpiry() *time.Time { + if m != nil { + return m.LicenseExpiry + } + return nil +} + // Features are auth server features. type Features struct { // Kubernetes enables Kubernetes Access product @@ -15564,930 +15573,932 @@ func init() { } var fileDescriptor_0ffcffcda38ae159 = []byte{ - // 14763 bytes of a gzipped FileDescriptorProto + // 14788 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0xbd, 0x5b, 0x6c, 0x5c, 0x4b, 0x76, 0x18, 0xca, 0xe6, 0x9b, 0x8b, 0xaf, 0x56, 0x91, 0x14, 0x5b, 0x14, 0xa5, 0x96, 0xb6, 0xce, 0x43, 0x47, 0x73, 0x46, 0x0f, 0xea, 0x9c, 0x33, 0xe7, 0x35, 0xe7, 0x4c, 0xf3, 0x21, 0x91, 0x12, 0x5f, 0x67, 0x37, 0x49, 0x9d, 0x97, 0xa7, 0x67, 0xb3, 0xbb, 0x44, 0x6e, 0xab, 0xb9, 0x77, 0xcf, - 0xde, 0xbb, 0xa5, 0xa3, 0xf1, 0xb5, 0x2f, 0x3c, 0xbe, 0x17, 0xd7, 0x3f, 0x37, 0xb1, 0x81, 0x38, - 0x70, 0xe0, 0x0f, 0x23, 0x40, 0x02, 0x04, 0xf9, 0x08, 0xfc, 0xe3, 0xf8, 0x27, 0xf9, 0x08, 0xf2, - 0x91, 0x89, 0x01, 0x23, 0x09, 0x6c, 0xff, 0xe4, 0x83, 0x4e, 0x06, 0xc8, 0x0f, 0x91, 0x7c, 0x18, - 0x41, 0x02, 0x64, 0x00, 0x03, 0x41, 0xad, 0x7a, 0xec, 0xaa, 0xfd, 0xe8, 0x26, 0x25, 0x9d, 0x71, - 0x7e, 0x24, 0xf6, 0xaa, 0xb5, 0x56, 0x55, 0xad, 0xaa, 0x5d, 0xb5, 0x6a, 0xd5, 0xaa, 0xb5, 0xe0, - 0x66, 0x44, 0x9b, 0xb4, 0xe5, 0x07, 0xd1, 0xad, 0x26, 0x3d, 0x70, 0xea, 0xcf, 0x6f, 0xd5, 0x9b, - 0x2e, 0xf5, 0xa2, 0x5b, 0xad, 0xc0, 0x8f, 0xfc, 0x5b, 0x4e, 0x3b, 0x3a, 0x0c, 0x69, 0xf0, 0xd4, - 0xad, 0xd3, 0x9b, 0x08, 0x21, 0x03, 0xf8, 0xdf, 0xdc, 0xf4, 0x81, 0x7f, 0xe0, 0x73, 0x1c, 0xf6, - 0x17, 0x2f, 0x9c, 0xbb, 0x78, 0xe0, 0xfb, 0x07, 0x4d, 0xca, 0x89, 0xf7, 0xdb, 0x8f, 0x6f, 0xd1, - 0xa3, 0x56, 0xf4, 0x5c, 0x14, 0x96, 0x93, 0x85, 0x91, 0x7b, 0x44, 0xc3, 0xc8, 0x39, 0x6a, 0x09, - 0x84, 0xb7, 0x54, 0x53, 0x9c, 0x28, 0x62, 0x25, 0x91, 0xeb, 0x7b, 0xb7, 0x9e, 0xde, 0xd1, 0x7f, - 0x0a, 0xd4, 0xeb, 0x1d, 0x5b, 0x5d, 0xa7, 0x41, 0x14, 0x9e, 0x0a, 0x93, 0x3e, 0xa5, 0x5e, 0x94, - 0xaa, 0x5e, 0x60, 0x46, 0xcf, 0x5b, 0x34, 0xe4, 0x28, 0xf2, 0x3f, 0x81, 0x7a, 0x35, 0x1b, 0x15, - 0xff, 0x15, 0x28, 0xdf, 0xcd, 0x46, 0x79, 0x46, 0xf7, 0x99, 0x4c, 0x3d, 0xf5, 0x47, 0x17, 0xf4, - 0xc0, 0x69, 0xb5, 0x68, 0x10, 0xff, 0x21, 0xd0, 0x2f, 0x28, 0xf4, 0xa3, 0xc7, 0x0e, 0x13, 0xd1, - 0xd1, 0x63, 0x27, 0xd5, 0x8d, 0x76, 0xe8, 0x1c, 0x50, 0xd1, 0xfc, 0xa7, 0x77, 0xf4, 0x9f, 0x1c, - 0xd5, 0xfa, 0xc3, 0x02, 0x0c, 0x3c, 0x72, 0xa2, 0xfa, 0x21, 0xf9, 0x14, 0x06, 0x1e, 0xba, 0x5e, - 0x23, 0x2c, 0x15, 0xae, 0xf4, 0x5d, 0x1f, 0x5d, 0x28, 0xde, 0xe4, 0x5d, 0xc1, 0x42, 0x56, 0xb0, - 0x38, 0xfb, 0xb3, 0xe3, 0x72, 0xcf, 0xc9, 0x71, 0x79, 0xf2, 0x09, 0x43, 0x7b, 0xdb, 0x3f, 0x72, - 0x23, 0x1c, 0x5b, 0x9b, 0xd3, 0x91, 0x5d, 0x98, 0xaa, 0x34, 0x9b, 0xfe, 0xb3, 0x6d, 0x27, 0x88, - 0x5c, 0xa7, 0x59, 0x6d, 0xd7, 0xeb, 0x34, 0x0c, 0x4b, 0xbd, 0x57, 0x0a, 0xd7, 0x87, 0x17, 0xaf, - 0x9d, 0x1c, 0x97, 0xcb, 0x0e, 0x2b, 0xae, 0xb5, 0x78, 0x79, 0x2d, 0xe4, 0x08, 0x1a, 0xa3, 0x2c, - 0x7a, 0xeb, 0x4f, 0x07, 0xa1, 0xb8, 0xea, 0x87, 0xd1, 0x12, 0x1b, 0x51, 0x9b, 0xfe, 0xb8, 0x4d, - 0xc3, 0x88, 0x5c, 0x83, 0x41, 0x06, 0x5b, 0x5b, 0x2e, 0x15, 0xae, 0x14, 0xae, 0x8f, 0x2c, 0x8e, - 0x9e, 0x1c, 0x97, 0x87, 0x0e, 0xfd, 0x30, 0xaa, 0xb9, 0x0d, 0x5b, 0x14, 0x91, 0xb7, 0x60, 0x78, - 0xd3, 0x6f, 0xd0, 0x4d, 0xe7, 0x88, 0x62, 0x2b, 0x46, 0x16, 0xc7, 0x4f, 0x8e, 0xcb, 0x23, 0x9e, - 0xdf, 0xa0, 0x35, 0xcf, 0x39, 0xa2, 0xb6, 0x2a, 0x26, 0x7b, 0xd0, 0x6f, 0xfb, 0x4d, 0x5a, 0xea, - 0x43, 0xb4, 0xc5, 0x93, 0xe3, 0x72, 0x7f, 0xe0, 0x37, 0xe9, 0x2f, 0x8e, 0xcb, 0xef, 0x1d, 0xb8, - 0xd1, 0x61, 0x7b, 0xff, 0x66, 0xdd, 0x3f, 0xba, 0x75, 0x10, 0x38, 0x4f, 0x5d, 0x3e, 0x09, 0x9d, - 0xe6, 0xad, 0x78, 0xaa, 0xb6, 0x5c, 0x31, 0xee, 0xd5, 0xe7, 0x61, 0x44, 0x8f, 0x18, 0x27, 0x1b, - 0xf9, 0x91, 0x47, 0x30, 0x5d, 0x69, 0x34, 0x5c, 0x4e, 0xb1, 0x1d, 0xb8, 0x5e, 0xdd, 0x6d, 0x39, - 0xcd, 0xb0, 0xd4, 0x7f, 0xa5, 0xef, 0xfa, 0x88, 0x10, 0x8a, 0x2a, 0xaf, 0xb5, 0x14, 0x82, 0x26, - 0x94, 0x4c, 0x06, 0xe4, 0x2e, 0x0c, 0x2f, 0x6f, 0x56, 0x59, 0xdb, 0xc3, 0xd2, 0x00, 0x32, 0x9b, - 0x3d, 0x39, 0x2e, 0x4f, 0x35, 0xbc, 0x10, 0xbb, 0xa6, 0x33, 0x50, 0x88, 0xe4, 0x3d, 0x18, 0xdb, - 0x6e, 0xef, 0x37, 0xdd, 0xfa, 0xce, 0x7a, 0xf5, 0x21, 0x7d, 0x5e, 0x1a, 0xbc, 0x52, 0xb8, 0x3e, - 0xb6, 0x48, 0x4e, 0x8e, 0xcb, 0x13, 0x2d, 0x84, 0xd7, 0xa2, 0x66, 0x58, 0x7b, 0x42, 0x9f, 0xdb, - 0x06, 0x5e, 0x4c, 0x57, 0xad, 0xae, 0x32, 0xba, 0xa1, 0x14, 0x5d, 0x18, 0x1e, 0xea, 0x74, 0x1c, - 0x8f, 0xdc, 0x02, 0xb0, 0xe9, 0x91, 0x1f, 0xd1, 0x4a, 0xa3, 0x11, 0x94, 0x86, 0x51, 0xb6, 0x93, - 0x27, 0xc7, 0xe5, 0xd1, 0x00, 0xa1, 0x35, 0xa7, 0xd1, 0x08, 0x6c, 0x0d, 0x85, 0x2c, 0xc1, 0xb0, - 0xed, 0x73, 0x01, 0x97, 0x46, 0xae, 0x14, 0xae, 0x8f, 0x2e, 0x4c, 0x8a, 0x69, 0x28, 0xc1, 0x8b, - 0xe7, 0x4f, 0x8e, 0xcb, 0x24, 0x10, 0xbf, 0xf4, 0x5e, 0x4a, 0x0c, 0x52, 0x86, 0xa1, 0x4d, 0x7f, - 0xc9, 0xa9, 0x1f, 0xd2, 0x12, 0xe0, 0xdc, 0x1b, 0x38, 0x39, 0x2e, 0x17, 0xbe, 0x6b, 0x4b, 0x28, - 0x79, 0x0a, 0xa3, 0xf1, 0x40, 0x85, 0xa5, 0x51, 0x14, 0xdf, 0xce, 0xc9, 0x71, 0xf9, 0x7c, 0x88, - 0xe0, 0x1a, 0x1b, 0x7a, 0x4d, 0x82, 0x2f, 0x31, 0x0b, 0xf4, 0x8a, 0xc8, 0xd7, 0x30, 0x13, 0xff, - 0xac, 0x84, 0x21, 0x0d, 0x18, 0x8f, 0xb5, 0xe5, 0xd2, 0x38, 0x4a, 0xe6, 0x8d, 0x93, 0xe3, 0xb2, - 0xa5, 0xb5, 0xa0, 0xe6, 0x48, 0x94, 0x9a, 0xdb, 0xd0, 0x7a, 0x9a, 0xcd, 0xe4, 0x41, 0xff, 0xf0, - 0x58, 0x71, 0xdc, 0xbe, 0xb4, 0xeb, 0x85, 0x91, 0xb3, 0xdf, 0xa4, 0x99, 0x48, 0xd6, 0xdf, 0x14, - 0x80, 0x6c, 0xb5, 0xa8, 0x57, 0xad, 0xae, 0xb2, 0xef, 0x49, 0x7e, 0x4e, 0x6f, 0xc3, 0x08, 0x1f, - 0x38, 0x36, 0xba, 0xbd, 0x38, 0xba, 0x13, 0x27, 0xc7, 0x65, 0x10, 0xa3, 0xcb, 0x46, 0x36, 0x46, - 0x20, 0xaf, 0x43, 0xdf, 0xce, 0xce, 0x3a, 0x7e, 0x2b, 0x7d, 0x8b, 0x53, 0x27, 0xc7, 0xe5, 0xbe, - 0x28, 0x6a, 0xfe, 0xe2, 0xb8, 0x3c, 0xbc, 0xdc, 0x0e, 0x50, 0x2c, 0x36, 0x2b, 0x27, 0xaf, 0xc3, - 0xd0, 0x52, 0xb3, 0x1d, 0x46, 0x34, 0x28, 0xf5, 0xc7, 0x1f, 0x69, 0x9d, 0x83, 0x6c, 0x59, 0x46, - 0xbe, 0x03, 0xfd, 0xbb, 0x21, 0x0d, 0x4a, 0x03, 0x38, 0xde, 0xe3, 0x62, 0xbc, 0x19, 0x68, 0x6f, - 0x61, 0x71, 0x98, 0x7d, 0x89, 0xed, 0x90, 0x06, 0x36, 0x22, 0x91, 0x9b, 0x30, 0xc0, 0x07, 0x6d, - 0x10, 0x17, 0xa9, 0x71, 0x35, 0x3b, 0x9a, 0x74, 0xef, 0xbd, 0xc5, 0x91, 0x93, 0xe3, 0xf2, 0x00, - 0x0e, 0x9e, 0xcd, 0xd1, 0x1e, 0xf4, 0x0f, 0x17, 0x8a, 0xbd, 0xf6, 0x30, 0xa3, 0x65, 0x9f, 0x85, - 0xf5, 0x1d, 0x18, 0xd5, 0xba, 0x4f, 0xe6, 0xa1, 0x9f, 0xfd, 0x8f, 0x8b, 0xc8, 0x18, 0xaf, 0x8c, - 0x6d, 0x1c, 0x36, 0x42, 0xad, 0x7f, 0x3e, 0x09, 0x45, 0x46, 0x69, 0xac, 0x3c, 0x86, 0xa8, 0x0a, - 0xdd, 0x44, 0x75, 0x1d, 0x54, 0xdd, 0x62, 0x09, 0x1a, 0x3b, 0x39, 0x2e, 0x0f, 0xb7, 0x05, 0x2c, - 0x6e, 0x19, 0xa9, 0xc2, 0xd0, 0xca, 0x37, 0x2d, 0x37, 0xa0, 0x21, 0x0a, 0x76, 0x74, 0x61, 0xee, - 0x26, 0xdf, 0x2c, 0x6f, 0xca, 0xcd, 0xf2, 0xe6, 0x8e, 0xdc, 0x2c, 0x17, 0x2f, 0x89, 0xa5, 0xf8, - 0x1c, 0xe5, 0x24, 0xf1, 0xec, 0xf8, 0x9d, 0xbf, 0x2a, 0x17, 0x6c, 0xc9, 0x89, 0xbc, 0x0d, 0x83, - 0xf7, 0xfc, 0xe0, 0xc8, 0x89, 0xc4, 0x08, 0x4c, 0x9f, 0x1c, 0x97, 0x8b, 0x8f, 0x11, 0xa2, 0x4d, - 0x28, 0x81, 0x43, 0xee, 0xc1, 0x84, 0xed, 0xb7, 0x23, 0xba, 0xe3, 0xcb, 0x71, 0x1b, 0x40, 0xaa, - 0xcb, 0x27, 0xc7, 0xe5, 0xb9, 0x80, 0x95, 0xd4, 0x22, 0xbf, 0x26, 0x06, 0x50, 0xa3, 0x4f, 0x50, - 0x91, 0x15, 0x98, 0xa8, 0xe0, 0xda, 0x2d, 0x64, 0xc6, 0x47, 0x6b, 0x64, 0xf1, 0xd2, 0xc9, 0x71, - 0xf9, 0x82, 0x83, 0x25, 0xb5, 0x40, 0x14, 0xe9, 0x6c, 0x4c, 0x22, 0xb2, 0x09, 0xe7, 0x1e, 0xb6, - 0xf7, 0x69, 0xe0, 0xd1, 0x88, 0x86, 0xb2, 0x45, 0x43, 0xd8, 0xa2, 0x2b, 0x27, 0xc7, 0xe5, 0xf9, - 0x27, 0xaa, 0x30, 0xa3, 0x4d, 0x69, 0x52, 0x42, 0x61, 0x52, 0x34, 0x74, 0xd9, 0x89, 0x9c, 0x7d, - 0x27, 0xa4, 0xb8, 0x24, 0x8d, 0x2e, 0x9c, 0xe7, 0x22, 0xbe, 0x99, 0x28, 0x5d, 0xbc, 0x26, 0xa4, - 0x7c, 0x51, 0xf5, 0xbd, 0x21, 0x8a, 0xb4, 0x8a, 0x92, 0x3c, 0xd9, 0xca, 0xac, 0x76, 0x9d, 0x11, - 0x6c, 0x2d, 0xae, 0xcc, 0x6a, 0xd7, 0xd1, 0xd7, 0x2c, 0xb5, 0xff, 0xac, 0xc3, 0xc0, 0x2e, 0xdb, - 0x9b, 0x71, 0xc5, 0x9a, 0x58, 0xb8, 0x2a, 0x5a, 0x94, 0x9c, 0x7d, 0x37, 0xd9, 0x0f, 0x44, 0xc4, - 0xef, 0x6e, 0x12, 0xf7, 0x73, 0x7d, 0x27, 0xc6, 0x32, 0xf2, 0x19, 0x80, 0x68, 0x55, 0xa5, 0xd5, - 0x2a, 0x8d, 0x62, 0x27, 0xcf, 0x99, 0x9d, 0xac, 0xb4, 0x5a, 0x8b, 0x97, 0x45, 0xff, 0xce, 0xab, - 0xfe, 0x39, 0xad, 0x96, 0xc6, 0x4d, 0x63, 0x42, 0x3e, 0x85, 0x31, 0x5c, 0xd0, 0xe4, 0x88, 0x8e, - 0xe1, 0x88, 0x5e, 0x3c, 0x39, 0x2e, 0xcf, 0xe2, 0x5a, 0x95, 0x31, 0x9e, 0x06, 0x01, 0xf9, 0x0d, - 0x98, 0x11, 0xec, 0x1e, 0xb9, 0x5e, 0xc3, 0x7f, 0x16, 0x2e, 0xd3, 0xf0, 0x49, 0xe4, 0xb7, 0x70, - 0xf1, 0x1b, 0x5d, 0x98, 0x37, 0x9b, 0x67, 0xe2, 0x2c, 0xde, 0x10, 0x2d, 0xb5, 0x54, 0x4b, 0x9f, - 0x71, 0x84, 0x5a, 0x83, 0x63, 0xe8, 0xcb, 0x63, 0x26, 0x0b, 0xb2, 0x06, 0x93, 0xbb, 0x21, 0x35, - 0xfa, 0x30, 0x81, 0xbb, 0x43, 0x99, 0x8d, 0x70, 0x3b, 0xa4, 0xb5, 0xbc, 0x7e, 0x24, 0xe9, 0x88, - 0x0d, 0x64, 0x39, 0xf0, 0x5b, 0x89, 0x39, 0x3e, 0x89, 0x12, 0xb1, 0x4e, 0x8e, 0xcb, 0x97, 0x1b, - 0x81, 0xdf, 0xaa, 0xe5, 0x4f, 0xf4, 0x0c, 0x6a, 0xf2, 0x43, 0x38, 0xbf, 0xe4, 0x7b, 0x1e, 0xad, - 0xb3, 0xf5, 0x73, 0xd9, 0x75, 0x0e, 0x3c, 0x3f, 0x8c, 0xdc, 0xfa, 0xda, 0x72, 0xa9, 0x18, 0x6f, - 0x0e, 0x75, 0x85, 0x51, 0x6b, 0x28, 0x14, 0x73, 0x73, 0xc8, 0xe1, 0x42, 0xbe, 0x82, 0x71, 0x51, - 0x17, 0x0d, 0x70, 0x6a, 0x9e, 0xeb, 0x3c, 0xd1, 0x14, 0x32, 0xdf, 0xe6, 0x03, 0xf9, 0x93, 0x2b, - 0x4e, 0x26, 0x2f, 0xf2, 0x35, 0x8c, 0x6e, 0xdc, 0xab, 0xd8, 0x34, 0x6c, 0xf9, 0x5e, 0x48, 0x4b, - 0x04, 0x47, 0xf4, 0xb2, 0x60, 0xbd, 0x71, 0xaf, 0x52, 0x69, 0x47, 0x87, 0xd4, 0x8b, 0xdc, 0xba, - 0x13, 0x51, 0x89, 0xb5, 0x38, 0xc7, 0x66, 0xde, 0xd1, 0x63, 0xa7, 0x16, 0x08, 0x88, 0xd6, 0x0b, - 0x9d, 0x1d, 0x99, 0x83, 0xe1, 0x6a, 0x75, 0x75, 0xdd, 0x3f, 0x70, 0xbd, 0xd2, 0x14, 0x13, 0x86, - 0xad, 0x7e, 0x93, 0x7d, 0x98, 0xd1, 0x4e, 0x06, 0x35, 0xf6, 0x3f, 0x3d, 0xa2, 0x5e, 0x54, 0x9a, - 0xc6, 0x36, 0x7c, 0x57, 0x1d, 0x6d, 0x6e, 0xea, 0x07, 0x88, 0xa7, 0x77, 0x6e, 0x56, 0xe2, 0x9f, - 0x55, 0x49, 0x64, 0x4f, 0x3b, 0x19, 0x50, 0xb2, 0x03, 0x43, 0xdb, 0xed, 0xa0, 0xe5, 0x87, 0xb4, - 0x34, 0x83, 0x42, 0xbb, 0xd6, 0xe9, 0xeb, 0x14, 0xa8, 0x8b, 0x33, 0x6c, 0x79, 0x6e, 0xf1, 0x1f, - 0x5a, 0xcf, 0x24, 0x2b, 0xeb, 0x73, 0x18, 0x51, 0x1f, 0x33, 0x19, 0x82, 0xbe, 0x4a, 0xb3, 0x59, - 0xec, 0x61, 0x7f, 0x54, 0xab, 0xab, 0xc5, 0x02, 0x99, 0x00, 0x88, 0x57, 0xb0, 0x62, 0x2f, 0x19, - 0x83, 0x61, 0xb9, 0xc2, 0x14, 0xfb, 0x10, 0xbf, 0xd5, 0x2a, 0xf6, 0x13, 0x02, 0x13, 0xe6, 0x3c, - 0x2f, 0x0e, 0x58, 0xbf, 0x5b, 0x80, 0x11, 0x35, 0x3e, 0x64, 0x12, 0x46, 0x77, 0x37, 0xab, 0xdb, - 0x2b, 0x4b, 0x6b, 0xf7, 0xd6, 0x56, 0x96, 0x8b, 0x3d, 0xe4, 0x12, 0x5c, 0xd8, 0xa9, 0xae, 0xd6, - 0x96, 0x17, 0x6b, 0xeb, 0x5b, 0x4b, 0x95, 0xf5, 0xda, 0xb6, 0xbd, 0xf5, 0xf9, 0x17, 0xb5, 0x9d, - 0xdd, 0xcd, 0xcd, 0x95, 0xf5, 0x62, 0x81, 0x94, 0x60, 0x9a, 0x15, 0x3f, 0xdc, 0x5d, 0x5c, 0xd1, - 0x11, 0x8a, 0xbd, 0xe4, 0x2a, 0x5c, 0xca, 0x2a, 0xa9, 0xad, 0xae, 0x54, 0x96, 0xd7, 0x57, 0xaa, - 0xd5, 0x62, 0x1f, 0x99, 0x85, 0x29, 0x86, 0x52, 0xd9, 0xde, 0x36, 0x68, 0xfb, 0xad, 0x26, 0x8c, - 0x6a, 0xc2, 0x21, 0xf3, 0x50, 0x5a, 0x5a, 0xb1, 0x77, 0x6a, 0xdb, 0xbb, 0xf6, 0xf6, 0x56, 0x75, - 0xa5, 0x66, 0xb6, 0x30, 0x59, 0xba, 0xbe, 0x75, 0x7f, 0x6d, 0xb3, 0xc6, 0x40, 0xd5, 0x62, 0x81, - 0x35, 0xc3, 0x28, 0xad, 0xae, 0x6d, 0xde, 0x5f, 0x5f, 0xa9, 0xed, 0x56, 0x57, 0x04, 0x4a, 0xaf, - 0xf5, 0xd3, 0xde, 0xd4, 0x52, 0x4f, 0x16, 0x60, 0xb4, 0xca, 0x4f, 0xb1, 0x38, 0xfd, 0xf9, 0xb1, - 0xa1, 0x78, 0x72, 0x5c, 0x1e, 0x13, 0x87, 0x5b, 0x3e, 0xb3, 0x75, 0x24, 0xb6, 0x7b, 0x6f, 0xb3, - 0x91, 0xae, 0xfb, 0x4d, 0x7d, 0xf7, 0x6e, 0x09, 0x98, 0xad, 0x4a, 0xc9, 0x82, 0xb6, 0xcf, 0xf3, - 0x33, 0x04, 0xea, 0xa9, 0x72, 0x9f, 0xd7, 0xd7, 0x7c, 0xb5, 0xe3, 0x2f, 0xc4, 0x43, 0x2a, 0xb6, - 0x67, 0xa4, 0xc9, 0xd8, 0x63, 0x14, 0x1e, 0x79, 0x4b, 0xea, 0x3f, 0x5c, 0xe7, 0xc7, 0x4d, 0x20, - 0xa1, 0xad, 0x0a, 0xd5, 0xc7, 0x6a, 0xe7, 0x2c, 0xb8, 0xe4, 0xa3, 0xe4, 0x9c, 0x11, 0xc2, 0x40, - 0x66, 0x89, 0x75, 0xd5, 0x4e, 0xa0, 0x92, 0x32, 0x0c, 0xf0, 0x2f, 0x91, 0xcb, 0x03, 0x35, 0xae, - 0x26, 0x03, 0xd8, 0x1c, 0x6e, 0xfd, 0x71, 0x9f, 0xbe, 0xf9, 0x30, 0x0d, 0x4b, 0x93, 0x37, 0x6a, - 0x58, 0x28, 0x67, 0x84, 0x92, 0x9b, 0x30, 0x52, 0xa5, 0x61, 0xc8, 0xb5, 0xe0, 0x5e, 0x35, 0x24, - 0x10, 0x72, 0x60, 0xcd, 0x6d, 0x94, 0x0a, 0x76, 0x8c, 0xc2, 0x0e, 0x14, 0x5c, 0xb7, 0xc2, 0x03, - 0x45, 0x5f, 0x7c, 0xa0, 0x10, 0xda, 0x17, 0x3f, 0x50, 0xc4, 0x28, 0x6c, 0xd4, 0xc5, 0xf6, 0x8f, - 0xad, 0xe8, 0x8f, 0x47, 0x5d, 0xa8, 0x0c, 0x62, 0xd4, 0x35, 0x24, 0xf2, 0x21, 0x40, 0xe5, 0x51, - 0x15, 0x35, 0x67, 0x7b, 0x53, 0xa8, 0x40, 0xb8, 0x58, 0x39, 0xcf, 0x42, 0xa1, 0x98, 0x07, 0xfa, - 0xc9, 0x43, 0xc3, 0x26, 0x8b, 0x30, 0x5e, 0xf9, 0x49, 0x3b, 0xa0, 0x6b, 0x0d, 0xb6, 0xde, 0x45, - 0xfc, 0x88, 0x35, 0xb2, 0x38, 0x7f, 0x72, 0x5c, 0x2e, 0x39, 0xac, 0xa0, 0xe6, 0x8a, 0x12, 0x8d, - 0x81, 0x49, 0x42, 0xb6, 0xe0, 0xdc, 0xfd, 0xa5, 0x6d, 0x31, 0x0f, 0x2b, 0xf5, 0xba, 0xdf, 0xf6, - 0x22, 0xa1, 0xf7, 0x5c, 0x3d, 0x39, 0x2e, 0x5f, 0x3a, 0xa8, 0xb7, 0x6a, 0x72, 0xce, 0x3a, 0xbc, - 0x58, 0x57, 0x7c, 0x52, 0xb4, 0xe4, 0x1a, 0xf4, 0xed, 0xda, 0x6b, 0xe2, 0xfc, 0x75, 0xee, 0xe4, - 0xb8, 0x3c, 0xde, 0x0e, 0x5c, 0x8d, 0x84, 0x95, 0x5a, 0x4d, 0x98, 0xb8, 0x4f, 0x23, 0x36, 0x39, - 0xa5, 0xa6, 0xdb, 0x79, 0xe8, 0x3e, 0x86, 0xd1, 0x47, 0x6e, 0x74, 0x58, 0xa5, 0xf5, 0x80, 0x46, - 0xf2, 0x94, 0x8f, 0x62, 0x7a, 0xe6, 0x46, 0x87, 0xb5, 0x90, 0xc3, 0xf5, 0x35, 0x5d, 0x43, 0xb7, - 0x56, 0x60, 0x52, 0xd4, 0xa6, 0x14, 0xeb, 0x05, 0x93, 0x61, 0x01, 0x19, 0xe2, 0x50, 0xe9, 0x0c, - 0x4d, 0x36, 0x7f, 0xdc, 0x0b, 0x33, 0x4b, 0x87, 0x8e, 0x77, 0x40, 0xb7, 0x9d, 0x30, 0x7c, 0xe6, - 0x07, 0x0d, 0xad, 0xf1, 0x78, 0xaa, 0x48, 0x35, 0x1e, 0x8f, 0x11, 0x0b, 0x30, 0xba, 0xd5, 0x6c, - 0x48, 0x1a, 0x71, 0xe2, 0xc1, 0xba, 0xfc, 0x66, 0xa3, 0xd6, 0x92, 0xbc, 0x74, 0x24, 0x46, 0xb3, - 0x49, 0x9f, 0x29, 0x9a, 0xbe, 0x98, 0xc6, 0xa3, 0xcf, 0x34, 0x1a, 0x0d, 0x89, 0xac, 0xc0, 0xb9, - 0x2a, 0xad, 0xfb, 0x5e, 0xe3, 0x9e, 0x53, 0x8f, 0xfc, 0x60, 0xc7, 0x7f, 0x42, 0x3d, 0x31, 0x09, - 0x51, 0x29, 0x0c, 0xb1, 0xb0, 0xf6, 0x18, 0x4b, 0x6b, 0x11, 0x2b, 0xb6, 0xd3, 0x14, 0x64, 0x0b, - 0x86, 0x1f, 0x09, 0x5b, 0x91, 0x38, 0x26, 0xbd, 0x7e, 0x53, 0x19, 0x8f, 0x96, 0x02, 0x8a, 0x33, - 0xc7, 0x69, 0xaa, 0x83, 0x9e, 0xda, 0x63, 0x71, 0xb9, 0x92, 0x98, 0xb6, 0x62, 0x62, 0xed, 0xc2, - 0xf8, 0x76, 0xb3, 0x7d, 0xe0, 0x7a, 0x6c, 0x61, 0xa9, 0xd2, 0x1f, 0x93, 0x65, 0x80, 0x18, 0x20, - 0x2c, 0x40, 0x53, 0xe2, 0x70, 0x15, 0x17, 0xec, 0xdd, 0x15, 0x5f, 0x1b, 0x42, 0x50, 0x1b, 0xb6, - 0x35, 0x3a, 0xeb, 0x7f, 0xf5, 0x01, 0x11, 0x03, 0x80, 0xdb, 0x67, 0x95, 0x46, 0x6c, 0x0b, 0x3a, - 0x0f, 0xbd, 0xca, 0x50, 0x33, 0x78, 0x72, 0x5c, 0xee, 0x75, 0x1b, 0x76, 0xef, 0xda, 0x32, 0x79, - 0x07, 0x06, 0x10, 0x0d, 0xe5, 0x3f, 0xa1, 0xea, 0xd3, 0x39, 0xf0, 0x05, 0x06, 0xb7, 0x75, 0x9b, - 0x23, 0x93, 0x77, 0x61, 0x64, 0x99, 0x36, 0xe9, 0x81, 0x13, 0xf9, 0x72, 0x09, 0xe0, 0xa6, 0x0f, - 0x09, 0xd4, 0xe6, 0x5c, 0x8c, 0xc9, 0x8e, 0x42, 0x36, 0x75, 0x42, 0xdf, 0xd3, 0x8f, 0x42, 0x01, - 0x42, 0xf4, 0xa3, 0x10, 0xc7, 0x21, 0xbf, 0x57, 0x80, 0xd1, 0x8a, 0xe7, 0x09, 0x93, 0x42, 0x28, - 0xa4, 0x3e, 0x73, 0x53, 0xd9, 0xe0, 0xd6, 0x9d, 0x7d, 0xda, 0xdc, 0x73, 0x9a, 0x6d, 0x1a, 0x2e, - 0x7e, 0xcd, 0xb4, 0xd3, 0xff, 0x78, 0x5c, 0xfe, 0xe8, 0x0c, 0x46, 0x82, 0xd8, 0x9a, 0xb7, 0x13, - 0x38, 0x6e, 0x14, 0x9e, 0x1c, 0x97, 0x67, 0x9c, 0xb8, 0x42, 0xfd, 0xbb, 0xd1, 0xda, 0x11, 0xaf, - 0xff, 0x83, 0xdd, 0xd6, 0x7f, 0x72, 0x04, 0x93, 0x95, 0x30, 0x6c, 0x1f, 0xd1, 0x6a, 0xe4, 0x04, - 0x11, 0x3b, 0x3b, 0xe2, 0x22, 0xd2, 0xf9, 0x60, 0xf9, 0xe6, 0xcf, 0x8e, 0xcb, 0x05, 0xa6, 0x10, - 0x3b, 0x48, 0xca, 0x14, 0xaa, 0x20, 0xaa, 0x45, 0xae, 0xbe, 0x85, 0xe1, 0x11, 0x33, 0xc9, 0xdb, - 0xba, 0xa6, 0x94, 0x8e, 0xb5, 0xe5, 0xbc, 0x11, 0xb7, 0x96, 0x60, 0xfe, 0x3e, 0x8d, 0x6c, 0x1a, - 0xd2, 0x48, 0x7e, 0x23, 0x38, 0xc3, 0x63, 0xb3, 0xde, 0x10, 0xfe, 0x56, 0xc4, 0x38, 0xfc, 0xfc, - 0xbb, 0x90, 0x25, 0xd6, 0xff, 0x53, 0x80, 0xf2, 0x52, 0x40, 0xb9, 0x2e, 0x99, 0xc3, 0xa8, 0xf3, - 0xda, 0x35, 0x0f, 0xfd, 0x3b, 0xcf, 0x5b, 0xf2, 0x44, 0x8e, 0xa5, 0x6c, 0x50, 0x6c, 0x84, 0x9e, - 0xd2, 0xbc, 0x61, 0x3d, 0x86, 0x19, 0x9b, 0x7a, 0xf4, 0x99, 0xb3, 0xdf, 0xa4, 0x86, 0x85, 0xa0, - 0x0c, 0x03, 0xfc, 0x43, 0x4f, 0x75, 0x81, 0xc3, 0xcf, 0x66, 0x6d, 0xb1, 0xc6, 0x61, 0x74, 0xdb, - 0xf5, 0x0e, 0x04, 0x77, 0xeb, 0x8f, 0xfa, 0x60, 0x8c, 0xff, 0x16, 0xea, 0x71, 0x62, 0x8b, 0x2b, - 0x9c, 0x66, 0x8b, 0x7b, 0x1f, 0xc6, 0xd9, 0x1e, 0x41, 0x83, 0x3d, 0x1a, 0xb0, 0xad, 0x55, 0x48, - 0x02, 0x55, 0xfd, 0x10, 0x0b, 0x6a, 0x4f, 0x79, 0x89, 0x6d, 0x22, 0x92, 0x75, 0x98, 0xe0, 0x80, - 0x7b, 0xd4, 0x89, 0xda, 0xb1, 0xb5, 0x62, 0x52, 0xe8, 0xc4, 0x12, 0xcc, 0xa7, 0xa6, 0xe0, 0xf5, - 0x58, 0x00, 0xed, 0x04, 0x2d, 0xf9, 0x14, 0x26, 0xb7, 0x03, 0xff, 0x9b, 0xe7, 0xda, 0xa6, 0xce, - 0xbf, 0x4e, 0xae, 0x3d, 0xb3, 0xa2, 0x9a, 0xbe, 0xb5, 0x27, 0xb1, 0xc9, 0x5b, 0x30, 0xbc, 0x16, - 0x2e, 0xfa, 0x81, 0xeb, 0x1d, 0xe0, 0x37, 0x3a, 0xcc, 0x4d, 0xbc, 0x6e, 0x58, 0xdb, 0x47, 0xa0, - 0xad, 0x8a, 0x13, 0xc6, 0xc8, 0xa1, 0xee, 0xc6, 0xc8, 0xdb, 0x00, 0xeb, 0xbe, 0xd3, 0xa8, 0x34, - 0x9b, 0x4b, 0x95, 0x10, 0x77, 0x4f, 0xb1, 0x1f, 0x35, 0x7d, 0xa7, 0x51, 0x73, 0x9a, 0xcd, 0x5a, - 0xdd, 0x09, 0x6d, 0x0d, 0xe7, 0x41, 0xff, 0xf0, 0x60, 0x71, 0xc8, 0x9e, 0x5c, 0x77, 0xeb, 0xd4, - 0x0b, 0xe9, 0x23, 0x27, 0xf0, 0x5c, 0xef, 0x20, 0xb4, 0xfe, 0xd9, 0x39, 0x18, 0x56, 0x5d, 0xbe, - 0xa9, 0x2b, 0xf6, 0x62, 0x97, 0xc3, 0xd1, 0x8f, 0xcd, 0x19, 0xb6, 0x86, 0x41, 0x2e, 0xa0, 0xaa, - 0x2f, 0xf6, 0xd7, 0x21, 0x36, 0x1b, 0x9d, 0x56, 0xcb, 0x66, 0x30, 0xf6, 0x95, 0x2d, 0x2f, 0xa2, - 0xfc, 0x87, 0xf9, 0x57, 0xd6, 0xd8, 0xb7, 0x7b, 0x97, 0x17, 0xd9, 0xf4, 0xde, 0x5a, 0x5b, 0x5e, - 0x42, 0x51, 0x0e, 0xf3, 0xe9, 0xed, 0xbb, 0x8d, 0xba, 0x8d, 0x50, 0x56, 0x5a, 0xad, 0x6c, 0xac, - 0x0b, 0x71, 0x61, 0x69, 0xe8, 0x1c, 0x35, 0x6d, 0x84, 0x32, 0xe5, 0x90, 0x9f, 0x4c, 0x97, 0x7c, - 0x2f, 0x0a, 0xfc, 0x66, 0x88, 0x1a, 0xcc, 0x30, 0x1f, 0x4e, 0x71, 0xa4, 0xad, 0x8b, 0x22, 0x3b, - 0x81, 0x4a, 0x1e, 0xc1, 0x6c, 0xa5, 0xf1, 0xd4, 0xf1, 0xea, 0xb4, 0xc1, 0x4b, 0x1e, 0xf9, 0xc1, - 0x93, 0xc7, 0x4d, 0xff, 0x59, 0x88, 0xf2, 0x1e, 0x16, 0x16, 0x20, 0x81, 0x22, 0x4f, 0xc8, 0xcf, - 0x24, 0x92, 0x9d, 0x47, 0xcd, 0x3e, 0xa9, 0xa5, 0xa6, 0xdf, 0x6e, 0x88, 0x51, 0xc0, 0x4f, 0xaa, - 0xce, 0x00, 0x36, 0x87, 0x33, 0x29, 0xad, 0x56, 0x37, 0xd0, 0xde, 0x22, 0xa4, 0x74, 0x18, 0x1e, - 0xd9, 0x0c, 0x46, 0x5e, 0x87, 0x21, 0xa9, 0xe7, 0x72, 0x73, 0x30, 0x9a, 0x21, 0xa5, 0x7e, 0x2b, - 0xcb, 0xd8, 0x27, 0x61, 0xd3, 0xba, 0xff, 0x94, 0x06, 0xcf, 0x97, 0xfc, 0x06, 0x95, 0xd6, 0x01, - 0x71, 0xfa, 0xe5, 0x05, 0xb5, 0x3a, 0x2b, 0xb1, 0x4d, 0x44, 0x56, 0x01, 0xdf, 0x03, 0xc3, 0xd2, - 0x64, 0x5c, 0x01, 0xdf, 0x23, 0x43, 0x5b, 0x96, 0x91, 0x65, 0x38, 0x57, 0x69, 0x47, 0xfe, 0x91, - 0x13, 0xb9, 0xf5, 0xdd, 0xd6, 0x41, 0xe0, 0xb0, 0x4a, 0x8a, 0x48, 0x80, 0x7a, 0xbf, 0x23, 0x0b, - 0x6b, 0x6d, 0x51, 0x6a, 0xa7, 0x09, 0xc8, 0x7b, 0x30, 0xb6, 0x16, 0x72, 0x0b, 0x90, 0x13, 0xd2, - 0x06, 0x1e, 0xe3, 0x45, 0x2b, 0xdd, 0xb0, 0x86, 0xf6, 0xa0, 0x1a, 0x3b, 0x29, 0x34, 0x6c, 0x03, - 0x8f, 0x58, 0x30, 0x58, 0x09, 0x43, 0x37, 0x8c, 0xf0, 0x74, 0x3e, 0xbc, 0x08, 0x27, 0xc7, 0xe5, - 0x41, 0x07, 0x21, 0xb6, 0x28, 0x21, 0x8f, 0x60, 0x74, 0x99, 0x32, 0xc5, 0x71, 0x27, 0x68, 0x87, - 0x11, 0x9e, 0xb5, 0x47, 0x17, 0x2e, 0x88, 0x0f, 0x5b, 0x2b, 0x11, 0x73, 0x99, 0x6b, 0x7b, 0x0d, - 0x84, 0xd7, 0x22, 0x56, 0xa0, 0xef, 0x5a, 0x1a, 0x3e, 0xd3, 0x8a, 0x05, 0xcd, 0xaa, 0xdb, 0x60, - 0x9f, 0xea, 0x34, 0xb6, 0x01, 0xb5, 0x62, 0xb1, 0x36, 0xd4, 0x0e, 0xb1, 0x44, 0xd7, 0x8a, 0x0d, - 0x12, 0x52, 0x4f, 0x19, 0x15, 0x67, 0x0c, 0xc3, 0x91, 0x59, 0x28, 0x9b, 0x78, 0x46, 0x93, 0xe3, - 0xc7, 0x30, 0xba, 0xd4, 0x0e, 0x23, 0xff, 0x68, 0xe7, 0x90, 0x1e, 0xd1, 0xd2, 0xf9, 0x58, 0xf7, - 0xaf, 0x23, 0xb8, 0x16, 0x31, 0xb8, 0xde, 0x4d, 0x0d, 0x9d, 0x7c, 0x06, 0x44, 0x2a, 0xf1, 0xf7, - 0xd9, 0xfc, 0xf0, 0xd8, 0x5c, 0x2e, 0xcd, 0x62, 0x5f, 0x51, 0x73, 0x97, 0xba, 0x7f, 0xed, 0x40, - 0x15, 0xeb, 0x66, 0xa1, 0x34, 0x31, 0x6b, 0x10, 0x6f, 0xe2, 0xfd, 0xc0, 0x69, 0x1d, 0x96, 0x4a, - 0xb1, 0x96, 0x2d, 0x3a, 0x75, 0xc0, 0xe0, 0x86, 0xb6, 0x10, 0xa3, 0x93, 0x2a, 0x00, 0xff, 0xb9, - 0xce, 0x06, 0xfe, 0x02, 0xca, 0xab, 0x64, 0xc8, 0x8b, 0x15, 0x48, 0x59, 0x5d, 0x40, 0x1d, 0x84, - 0xb3, 0x6d, 0xba, 0xc6, 0x68, 0x6a, 0x6c, 0xc8, 0x13, 0x28, 0xf2, 0x5f, 0x1b, 0xbe, 0xe7, 0x46, - 0x7c, 0xe9, 0x9d, 0x33, 0x2c, 0x3e, 0xc9, 0x62, 0x59, 0x01, 0x5a, 0xda, 0x44, 0x05, 0x47, 0xaa, - 0x54, 0xab, 0x26, 0xc5, 0x98, 0x6c, 0xc3, 0xe8, 0x76, 0xe0, 0x37, 0xda, 0xf5, 0x08, 0x37, 0xec, - 0x8b, 0xa8, 0x28, 0x12, 0x51, 0x8f, 0x56, 0xc2, 0x65, 0xd2, 0xe2, 0x80, 0x1a, 0xdb, 0xcc, 0x75, - 0x99, 0x68, 0x88, 0x64, 0x11, 0x06, 0xb7, 0xfd, 0xa6, 0x5b, 0x7f, 0x5e, 0x9a, 0xc7, 0x46, 0x4f, - 0x4b, 0x66, 0x08, 0x94, 0x4d, 0x45, 0xed, 0xb0, 0x85, 0x20, 0x5d, 0x3b, 0xe4, 0x48, 0xa4, 0x02, - 0xe3, 0x9f, 0xb1, 0x09, 0xe3, 0xfa, 0x9e, 0xe7, 0xb8, 0x01, 0x2d, 0x5d, 0xc2, 0x71, 0x41, 0x6b, - 0xe8, 0x8f, 0xf5, 0x02, 0x7d, 0x3a, 0x1b, 0x14, 0x64, 0x0d, 0x26, 0xd7, 0xc2, 0x6a, 0x14, 0xb8, - 0x2d, 0xba, 0xe1, 0x78, 0xce, 0x01, 0x6d, 0x94, 0x2e, 0xc7, 0xe6, 0x48, 0x37, 0xac, 0x85, 0x58, - 0x56, 0x3b, 0xe2, 0x85, 0xba, 0x39, 0x32, 0x41, 0x47, 0x3e, 0x87, 0xe9, 0x95, 0x6f, 0x22, 0x36, - 0x63, 0x9a, 0x95, 0x76, 0xc3, 0x8d, 0xaa, 0x91, 0x1f, 0x38, 0x07, 0xb4, 0x54, 0x46, 0x7e, 0xaf, - 0x9d, 0x1c, 0x97, 0xaf, 0x50, 0x51, 0x5e, 0x73, 0x18, 0x42, 0x2d, 0xe4, 0x18, 0xfa, 0x25, 0x63, - 0x16, 0x07, 0x26, 0xfd, 0x6a, 0xbb, 0xc5, 0x14, 0x57, 0x94, 0xfe, 0x15, 0x43, 0xfa, 0x5a, 0x09, - 0x97, 0x7e, 0xc8, 0x01, 0x29, 0xe9, 0x6b, 0x88, 0xc4, 0x06, 0xf2, 0xc0, 0x77, 0xbd, 0x4a, 0x3d, - 0x72, 0x9f, 0x52, 0x71, 0xae, 0x0f, 0x4b, 0x57, 0xb1, 0xa5, 0x68, 0x3a, 0xfd, 0x55, 0xdf, 0xf5, - 0x6a, 0x0e, 0x16, 0xd7, 0x84, 0x15, 0xc0, 0x30, 0x9d, 0xa6, 0xa9, 0xc9, 0x0f, 0xe1, 0xfc, 0x86, - 0xbf, 0xef, 0x36, 0x29, 0x5f, 0x72, 0xb8, 0x58, 0xd0, 0x08, 0x68, 0x21, 0x5f, 0x34, 0x9d, 0x1e, - 0x21, 0x46, 0x4d, 0xac, 0x56, 0x47, 0x0a, 0x47, 0x37, 0x9d, 0x66, 0x73, 0x21, 0x2b, 0x30, 0x86, - 0xdf, 0x65, 0x13, 0x7f, 0x86, 0xa5, 0x6b, 0x78, 0x3a, 0xba, 0x9a, 0x50, 0x78, 0x6e, 0xae, 0x68, - 0x38, 0x2b, 0x5e, 0x14, 0x3c, 0xb7, 0x0d, 0x32, 0xf2, 0x09, 0xcc, 0x25, 0xa7, 0xf7, 0x92, 0xef, - 0x3d, 0x76, 0x0f, 0xda, 0x01, 0x6d, 0x94, 0x5e, 0x63, 0x4d, 0xb5, 0x3b, 0x60, 0xcc, 0x3d, 0x82, - 0x73, 0xa9, 0x2a, 0x48, 0x11, 0xfa, 0x9e, 0x88, 0x7b, 0xa8, 0x11, 0x9b, 0xfd, 0x49, 0xde, 0x86, - 0x81, 0xa7, 0xec, 0x58, 0x82, 0x1a, 0x43, 0x7c, 0xb7, 0xa1, 0x91, 0xae, 0x79, 0x8f, 0x7d, 0x9b, - 0x23, 0x7d, 0xd8, 0xfb, 0x7e, 0xe1, 0x41, 0xff, 0xf0, 0x68, 0x71, 0x8c, 0x5f, 0x1f, 0x3e, 0xe8, - 0x1f, 0x1e, 0x2f, 0x4e, 0x58, 0x15, 0x98, 0x4c, 0xe0, 0x93, 0x12, 0x0c, 0x51, 0x8f, 0xa9, 0xba, - 0x0d, 0xae, 0xb3, 0xd8, 0xf2, 0x27, 0x99, 0x86, 0x81, 0xa6, 0x7b, 0xe4, 0x46, 0x58, 0xe1, 0x80, - 0xcd, 0x7f, 0x58, 0xbf, 0x5f, 0x00, 0x92, 0xde, 0x32, 0xc8, 0xad, 0x04, 0x1b, 0xae, 0xe8, 0x09, - 0x90, 0x6e, 0x26, 0x95, 0xdc, 0x3f, 0x83, 0x29, 0x3e, 0x66, 0x72, 0x73, 0xd3, 0xea, 0xe2, 0x8b, - 0x6a, 0x46, 0xb1, 0x6e, 0x0e, 0x11, 0xc5, 0xb8, 0x15, 0xae, 0x63, 0xd3, 0xda, 0x30, 0x93, 0xb9, - 0x59, 0x90, 0x0d, 0x98, 0x39, 0xf2, 0xbd, 0xe8, 0xb0, 0xf9, 0x5c, 0xee, 0x15, 0xa2, 0xb6, 0x02, - 0xd6, 0x86, 0xeb, 0x63, 0x26, 0x82, 0x3d, 0x25, 0xc0, 0x82, 0x23, 0xd6, 0xf3, 0xa0, 0x7f, 0xb8, - 0xb7, 0xd8, 0xa7, 0x7a, 0x62, 0xd9, 0x70, 0x2e, 0xb5, 0xe6, 0x92, 0xef, 0xc3, 0x58, 0x1d, 0x8f, - 0x32, 0x46, 0x4d, 0x7c, 0xc7, 0xd1, 0xe0, 0xfa, 0xe7, 0xc4, 0xe1, 0xbc, 0x2b, 0xff, 0xb8, 0x00, - 0xb3, 0x39, 0xab, 0xed, 0xd9, 0x45, 0xfd, 0x05, 0x9c, 0x3f, 0x72, 0xbe, 0xa9, 0x05, 0x78, 0x52, - 0xad, 0x05, 0x8e, 0x97, 0x90, 0x36, 0xae, 0x24, 0xd9, 0x18, 0xba, 0x0f, 0xc7, 0x91, 0xf3, 0x8d, - 0x8d, 0x08, 0x36, 0x2b, 0xe7, 0xed, 0xfc, 0x01, 0x8c, 0x1b, 0xeb, 0xeb, 0x99, 0x1b, 0x67, 0xdd, - 0x81, 0x73, 0xec, 0x2c, 0x1f, 0xd1, 0x53, 0x5b, 0xa8, 0xac, 0x6d, 0x80, 0x2a, 0x3d, 0x72, 0x5a, - 0x87, 0x3e, 0xd3, 0xbb, 0x17, 0xf5, 0x5f, 0xc2, 0xc2, 0x41, 0x84, 0xc5, 0x41, 0x15, 0xec, 0xdd, - 0xe5, 0xba, 0x78, 0xa8, 0x30, 0x6d, 0x8d, 0xca, 0xfa, 0xb3, 0x5e, 0x20, 0x62, 0x81, 0x0c, 0xa8, - 0x73, 0x24, 0x9b, 0xf1, 0x01, 0x8c, 0xf1, 0xf3, 0x28, 0x07, 0x63, 0x73, 0x46, 0x17, 0xa6, 0xc4, - 0x97, 0xa7, 0x17, 0xad, 0xf6, 0xd8, 0x06, 0x2a, 0x23, 0xb5, 0x29, 0x3f, 0x48, 0x23, 0x69, 0xaf, - 0x41, 0xaa, 0x17, 0x31, 0x52, 0xfd, 0x37, 0xf9, 0x14, 0x26, 0x96, 0xfc, 0xa3, 0x16, 0x93, 0x89, - 0x20, 0xee, 0x13, 0x46, 0x0a, 0x51, 0xaf, 0x51, 0xb8, 0xda, 0x63, 0x27, 0xd0, 0xc9, 0x26, 0x4c, - 0xdd, 0x6b, 0xb6, 0xc3, 0xc3, 0x8a, 0xd7, 0x58, 0x6a, 0xfa, 0xa1, 0xe4, 0xd2, 0x2f, 0x8c, 0x04, - 0x62, 0x79, 0x4b, 0x63, 0xac, 0xf6, 0xd8, 0x59, 0x84, 0xe4, 0x75, 0x18, 0x58, 0x79, 0xca, 0x96, - 0x5d, 0x79, 0x93, 0x2f, 0x1c, 0x8d, 0xb6, 0x3c, 0xba, 0xf5, 0x78, 0xb5, 0xc7, 0xe6, 0xa5, 0x8b, - 0x23, 0x30, 0x24, 0xcf, 0xb2, 0xb7, 0x98, 0x4a, 0xac, 0xc4, 0x59, 0x8d, 0x9c, 0xa8, 0x1d, 0x92, - 0x39, 0x18, 0xde, 0x6d, 0xb1, 0x23, 0x96, 0x34, 0x02, 0xd8, 0xea, 0xb7, 0xf5, 0xb6, 0x29, 0x69, - 0x32, 0xaf, 0xdb, 0x8f, 0x39, 0x72, 0x0c, 0xb0, 0x56, 0x4d, 0xe1, 0x76, 0xc6, 0x36, 0xea, 0xed, - 0x4d, 0xd4, 0x5b, 0x4c, 0xca, 0xda, 0x9a, 0xc9, 0x14, 0x9e, 0xf5, 0x39, 0x5c, 0xde, 0x6d, 0x85, - 0x34, 0x88, 0x2a, 0xad, 0x56, 0xd3, 0xad, 0xf3, 0x9b, 0x24, 0x3c, 0xf3, 0xca, 0xc9, 0xf2, 0x1e, - 0x0c, 0x72, 0x80, 0x98, 0x26, 0x72, 0x0e, 0x56, 0x5a, 0x2d, 0x71, 0xd2, 0xbe, 0xcb, 0x95, 0x73, - 0x7e, 0x76, 0xb6, 0x05, 0xb6, 0xf5, 0x3b, 0x05, 0xb8, 0xcc, 0xbf, 0x80, 0x5c, 0xd6, 0xdf, 0x81, - 0x11, 0xf4, 0xf3, 0x69, 0x39, 0x75, 0xf9, 0x4d, 0x70, 0x87, 0x27, 0x09, 0xb4, 0xe3, 0x72, 0xcd, - 0x83, 0xaa, 0x37, 0xdf, 0x83, 0x4a, 0x7e, 0x60, 0x7d, 0x99, 0x1f, 0xd8, 0x67, 0x60, 0x89, 0x16, - 0x35, 0x9b, 0xa9, 0x46, 0x85, 0x2f, 0xd2, 0x2a, 0xeb, 0xbf, 0xf5, 0xc2, 0xec, 0x7d, 0xea, 0xd1, - 0xc0, 0xc1, 0x7e, 0x1a, 0x36, 0x1d, 0xdd, 0x97, 0xa2, 0xd0, 0xd1, 0x97, 0xa2, 0x2c, 0xad, 0x64, - 0xbd, 0x68, 0x25, 0x4b, 0xb9, 0x85, 0xb0, 0xe3, 0xe2, 0xae, 0xbd, 0x26, 0xba, 0x85, 0xc7, 0xc5, - 0x76, 0xe0, 0xa2, 0x1d, 0x9c, 0xac, 0xc5, 0x7e, 0x18, 0xfd, 0x5d, 0xcd, 0x65, 0x53, 0xe2, 0x5e, - 0x7a, 0x48, 0xf8, 0x61, 0x98, 0xde, 0x17, 0x9b, 0x30, 0xc8, 0x8d, 0x7b, 0x78, 0x5b, 0x33, 0xba, - 0x70, 0x43, 0x7c, 0x53, 0x39, 0x1d, 0x14, 0x96, 0x40, 0xdc, 0xd8, 0xf9, 0x14, 0x88, 0x10, 0x60, - 0x0b, 0x2e, 0x73, 0x9f, 0xc1, 0xa8, 0x86, 0x72, 0x9a, 0xbd, 0x5f, 0x19, 0x19, 0x99, 0xc6, 0xe8, - 0x1d, 0x70, 0x7b, 0xa5, 0xb6, 0xf7, 0x5b, 0x1f, 0x41, 0x29, 0xdd, 0x1a, 0x61, 0x58, 0xea, 0x66, - 0xc7, 0xb2, 0x96, 0x61, 0xfa, 0x3e, 0x8d, 0x70, 0xe2, 0xe2, 0x47, 0xa4, 0xb9, 0xc8, 0x24, 0xbe, - 0x33, 0xb9, 0xaa, 0xca, 0x5b, 0x1d, 0xfd, 0x2b, 0xad, 0xc2, 0x4c, 0x82, 0x8b, 0xa8, 0xff, 0x43, - 0x18, 0x12, 0x20, 0xb5, 0xa2, 0x0a, 0x97, 0x44, 0xba, 0x2f, 0x0a, 0xf6, 0x16, 0xf8, 0xbc, 0x15, - 0x9c, 0x6d, 0x49, 0x60, 0x1d, 0xc2, 0x79, 0xb6, 0xcd, 0xc6, 0x5c, 0xd5, 0x74, 0xbc, 0x08, 0x23, - 0x2d, 0xa6, 0x28, 0x84, 0xee, 0x4f, 0xf8, 0x34, 0x1a, 0xb0, 0x87, 0x19, 0xa0, 0xea, 0xfe, 0x84, - 0x92, 0x4b, 0x00, 0x58, 0x88, 0xdd, 0x14, 0xab, 0x00, 0xa2, 0x73, 0xc3, 0x1d, 0x01, 0xf4, 0x45, - 0xe2, 0xf3, 0xc6, 0xc6, 0xbf, 0xad, 0x00, 0x66, 0x53, 0x35, 0x89, 0x0e, 0xdc, 0x82, 0x61, 0xa9, - 0xc2, 0x26, 0x4c, 0xea, 0x7a, 0x0f, 0x6c, 0x85, 0x44, 0xde, 0x80, 0x49, 0x8f, 0x7e, 0x13, 0xd5, - 0x52, 0x6d, 0x18, 0x67, 0xe0, 0x6d, 0xd9, 0x0e, 0xeb, 0x57, 0xd0, 0x8c, 0x5a, 0xf5, 0xfc, 0x67, - 0x8f, 0x9b, 0xce, 0x13, 0x9a, 0xaa, 0xf8, 0xfb, 0x30, 0x5c, 0xed, 0x5e, 0x31, 0xff, 0x7c, 0x64, - 0xe5, 0xb6, 0x22, 0xb1, 0x9a, 0x30, 0xc7, 0xba, 0x54, 0xad, 0x6c, 0xac, 0xaf, 0x35, 0xb6, 0xbf, - 0x6d, 0x01, 0x3e, 0x85, 0x8b, 0x99, 0xb5, 0x7d, 0xdb, 0x42, 0xfc, 0x97, 0xfd, 0x30, 0xcb, 0x37, - 0x93, 0xf4, 0x0c, 0x3e, 0xfd, 0x52, 0xf3, 0x4b, 0xb9, 0x91, 0xbc, 0x9d, 0x71, 0x23, 0x89, 0x24, - 0xfa, 0x8d, 0xa4, 0x71, 0x0f, 0xf9, 0x7e, 0xf6, 0x3d, 0x24, 0xda, 0x89, 0xcc, 0x7b, 0xc8, 0xe4, - 0xed, 0xe3, 0x4a, 0xfe, 0xed, 0x23, 0x5e, 0xb3, 0x64, 0xdc, 0x3e, 0x66, 0xdd, 0x39, 0x26, 0x5c, - 0x42, 0x86, 0x5f, 0xad, 0x4b, 0xc8, 0x1b, 0x30, 0x54, 0x69, 0xb5, 0x34, 0x17, 0x2b, 0x1c, 0x1e, - 0xa7, 0xd5, 0xe2, 0xc2, 0x93, 0x85, 0x72, 0x9d, 0x87, 0x8c, 0x75, 0xfe, 0x03, 0x80, 0x25, 0x74, - 0x03, 0xc7, 0x81, 0x1b, 0x45, 0x0c, 0xd4, 0xf0, 0xb9, 0x73, 0x38, 0x0e, 0x9c, 0x6e, 0x01, 0x89, - 0x91, 0xb9, 0x62, 0x6f, 0xed, 0x41, 0x29, 0x3d, 0x7d, 0x5e, 0xc1, 0xd2, 0xf5, 0x27, 0x05, 0xb8, - 0x24, 0x94, 0x9c, 0xc4, 0x07, 0x7e, 0xf6, 0xd9, 0xf9, 0x2e, 0x8c, 0x09, 0xda, 0x9d, 0xf8, 0x43, - 0xe0, 0x57, 0xc0, 0x72, 0x31, 0xe6, 0x2b, 0xba, 0x81, 0x46, 0xde, 0x85, 0x61, 0xfc, 0x23, 0xbe, - 0x06, 0x61, 0x92, 0x19, 0x41, 0xd4, 0x5a, 0xf2, 0x32, 0x44, 0xa1, 0x5a, 0x5f, 0xc3, 0xe5, 0xbc, - 0x86, 0xbf, 0x02, 0xb9, 0xfc, 0xab, 0x02, 0x5c, 0x14, 0xec, 0x8d, 0xa5, 0xe2, 0x85, 0x76, 0x9d, - 0x33, 0x38, 0x66, 0x3e, 0x80, 0x51, 0x56, 0xa1, 0x6c, 0x77, 0x9f, 0xd8, 0x5a, 0xc5, 0xc9, 0x21, - 0x2e, 0x59, 0x76, 0x22, 0x47, 0x38, 0x94, 0x38, 0x47, 0x4d, 0x69, 0xbc, 0xb0, 0x75, 0x62, 0xeb, - 0x4b, 0x98, 0xcf, 0xee, 0xc2, 0x2b, 0x90, 0xcf, 0x03, 0x98, 0xcb, 0xd8, 0x14, 0x5e, 0x6c, 0x4f, - 0xfe, 0x02, 0x2e, 0x66, 0xf2, 0x7a, 0x05, 0xcd, 0x5c, 0x65, 0x1a, 0x47, 0xf4, 0x0a, 0x86, 0xd0, - 0x7a, 0x04, 0x17, 0x32, 0x38, 0xbd, 0x82, 0x26, 0xde, 0x87, 0x59, 0xa5, 0x69, 0xbf, 0x54, 0x0b, - 0x37, 0xe0, 0x12, 0x67, 0xf4, 0x6a, 0x46, 0xe5, 0x21, 0x5c, 0x14, 0xec, 0x5e, 0x81, 0xf4, 0x56, - 0x61, 0x3e, 0x3e, 0x50, 0x67, 0xe8, 0x49, 0xa7, 0x5e, 0x64, 0xac, 0x75, 0xb8, 0x12, 0x73, 0xca, - 0x51, 0x1a, 0x4e, 0xcf, 0x8d, 0xab, 0x83, 0xf1, 0x28, 0xbd, 0x92, 0x11, 0x7d, 0x04, 0xe7, 0x0d, - 0xa6, 0xaf, 0x4c, 0x55, 0x5a, 0x83, 0x29, 0xce, 0xd8, 0x54, 0x9d, 0x17, 0x74, 0xd5, 0x79, 0x74, - 0xe1, 0x5c, 0xcc, 0x12, 0xc1, 0x7b, 0x77, 0x33, 0xb4, 0xe9, 0x0d, 0xd4, 0xa6, 0x25, 0x4a, 0xdc, - 0xc2, 0x77, 0x61, 0x90, 0x43, 0x44, 0xfb, 0x32, 0x98, 0xf1, 0xc3, 0x02, 0x27, 0x13, 0xc8, 0xd6, - 0x0f, 0xe1, 0x12, 0x3f, 0x89, 0xc6, 0x77, 0x89, 0xe6, 0x69, 0xf1, 0xfb, 0x89, 0x83, 0xe8, 0x05, - 0xc1, 0x37, 0x89, 0x9f, 0x73, 0x1e, 0xdd, 0x97, 0x73, 0x3b, 0x8f, 0xff, 0xa9, 0x9e, 0xe8, 0xc8, - 0x03, 0x66, 0x6f, 0xe6, 0x01, 0xf3, 0x1a, 0x5c, 0x55, 0x07, 0xcc, 0x64, 0x35, 0x72, 0x6a, 0x59, - 0x5f, 0xc2, 0x45, 0xde, 0x51, 0xe9, 0x24, 0x67, 0x36, 0xe3, 0xa3, 0x44, 0x37, 0x67, 0x45, 0x37, - 0x4d, 0xec, 0x9c, 0x4e, 0xfe, 0xff, 0x05, 0xf9, 0xc9, 0x65, 0x33, 0xff, 0x65, 0x9f, 0xb8, 0x37, - 0xa1, 0xac, 0x04, 0x62, 0xb6, 0xe8, 0xc5, 0x8e, 0xdb, 0x1b, 0x30, 0xa3, 0xb3, 0x71, 0xeb, 0x74, - 0xef, 0x0e, 0x5e, 0xf2, 0xbc, 0xc3, 0x3e, 0x0b, 0x04, 0xc8, 0x69, 0x57, 0xca, 0x90, 0x1b, 0xe2, - 0xdb, 0x0a, 0xd3, 0xaa, 0xc1, 0x7c, 0x7a, 0x28, 0xdc, 0xba, 0xf4, 0x9c, 0x26, 0x9f, 0xb2, 0x4f, - 0x18, 0x21, 0x62, 0x30, 0x72, 0x99, 0xca, 0xef, 0x98, 0x93, 0x4b, 0x2a, 0xcb, 0x92, 0x4b, 0x4d, - 0xa2, 0xff, 0xac, 0x76, 0x39, 0x1f, 0x7e, 0x1d, 0x88, 0x2c, 0x5a, 0xaa, 0xda, 0xb2, 0xea, 0x0b, - 0xd0, 0xb7, 0x54, 0xb5, 0xc5, 0x83, 0x0d, 0xd4, 0x04, 0xeb, 0x61, 0x60, 0x33, 0x58, 0x52, 0x23, - 0xef, 0x3d, 0x85, 0x46, 0xfe, 0xa0, 0x7f, 0xb8, 0xaf, 0xd8, 0x6f, 0x93, 0xaa, 0x7b, 0xe0, 0x3d, - 0x72, 0xa3, 0x43, 0x55, 0x61, 0xc5, 0xfa, 0x0a, 0xa6, 0x8c, 0xea, 0xc5, 0x57, 0xdc, 0xf1, 0xa5, - 0x09, 0xd3, 0x67, 0x97, 0x2a, 0xe8, 0x44, 0x82, 0x26, 0x8b, 0x31, 0xbe, 0xde, 0xd4, 0x9d, 0x1a, - 0x3e, 0x63, 0xb4, 0x65, 0xa1, 0xf5, 0x8f, 0xfa, 0x35, 0xee, 0xda, 0xfb, 0x9d, 0x0e, 0xbd, 0xbb, - 0x03, 0xc0, 0x67, 0x88, 0xd6, 0x39, 0xa6, 0x00, 0x8e, 0x0a, 0xdf, 0x0c, 0xbe, 0x24, 0xdb, 0x1a, - 0xd2, 0x69, 0xdf, 0xf7, 0x08, 0x8f, 0x5a, 0x4e, 0x24, 0x9f, 0xb4, 0x29, 0x8f, 0x5a, 0xc1, 0x3a, - 0xb4, 0x75, 0x24, 0xf2, 0xc3, 0xa4, 0x1b, 0xfa, 0x00, 0xde, 0x29, 0xbd, 0x26, 0x2f, 0x99, 0xd3, - 0x7d, 0x3b, 0x9b, 0x27, 0xfa, 0x33, 0x98, 0x61, 0xb4, 0xee, 0x63, 0x3c, 0x58, 0xac, 0x7c, 0x13, - 0x51, 0x8f, 0xaf, 0xed, 0x83, 0x58, 0xcf, 0xeb, 0x1d, 0xea, 0x89, 0x91, 0x85, 0xfd, 0x3d, 0xe6, - 0x53, 0xa3, 0xaa, 0xcc, 0xce, 0xe6, 0x8f, 0x93, 0xc8, 0x5e, 0x5f, 0xf1, 0x1a, 0x2d, 0xdf, 0x55, - 0x07, 0x26, 0x3e, 0x89, 0x82, 0x66, 0x8d, 0x0a, 0xb8, 0xad, 0x23, 0x59, 0x6f, 0x74, 0xf4, 0xd3, - 0x1e, 0x86, 0xfe, 0x9d, 0xa5, 0x9d, 0xf5, 0x62, 0xc1, 0xba, 0x05, 0xa0, 0xd5, 0x04, 0x30, 0xb8, - 0xb9, 0x65, 0x6f, 0x54, 0xd6, 0x8b, 0x3d, 0x64, 0x06, 0xce, 0x3d, 0x5a, 0xdb, 0x5c, 0xde, 0x7a, - 0x54, 0xad, 0x55, 0x37, 0x2a, 0xf6, 0xce, 0x52, 0xc5, 0x5e, 0x2e, 0x16, 0xac, 0xaf, 0x61, 0xda, - 0xec, 0xe1, 0x2b, 0x9d, 0x84, 0x11, 0x4c, 0x29, 0x7d, 0xe6, 0xc1, 0xa3, 0x1d, 0xcd, 0x7f, 0x53, - 0x1c, 0xfe, 0x92, 0x7e, 0x48, 0xe2, 0x98, 0x28, 0x3e, 0x23, 0x0d, 0x89, 0xbc, 0xc5, 0xd5, 0x82, - 0xe4, 0x0b, 0x4d, 0xa6, 0x16, 0xd4, 0x62, 0xbd, 0x00, 0x97, 0xbe, 0xef, 0xc1, 0xb4, 0x59, 0xeb, - 0x69, 0xad, 0x54, 0xaf, 0xa1, 0x63, 0xab, 0xf6, 0x80, 0x83, 0x10, 0xfd, 0xda, 0x40, 0xac, 0xac, - 0xdf, 0x83, 0xa2, 0xc0, 0x8a, 0x77, 0xde, 0x6b, 0xd2, 0x8c, 0x58, 0xc8, 0x78, 0x6c, 0x26, 0xdd, - 0xac, 0x7d, 0x28, 0xb2, 0x15, 0x53, 0x50, 0xf2, 0x0a, 0xa6, 0x61, 0x60, 0x3d, 0xbe, 0xce, 0xb1, - 0xf9, 0x0f, 0x7c, 0xc7, 0x10, 0x39, 0x41, 0x24, 0xbd, 0xbe, 0x46, 0x6c, 0xf5, 0x9b, 0xbc, 0x05, - 0x83, 0xf7, 0xdc, 0x66, 0x24, 0x4c, 0x23, 0xf1, 0x26, 0xcf, 0xd8, 0xf2, 0x02, 0x5b, 0x20, 0x58, - 0x36, 0x9c, 0xd3, 0x2a, 0x3c, 0x43, 0x53, 0x49, 0x09, 0x86, 0x36, 0xe9, 0x37, 0x5a, 0xfd, 0xf2, - 0xa7, 0xf5, 0x1e, 0x9c, 0x13, 0x1e, 0x75, 0x9a, 0x98, 0xae, 0x8a, 0x37, 0xb1, 0x05, 0xe3, 0x61, - 0x9e, 0x60, 0x89, 0x45, 0x8c, 0x6e, 0xb7, 0xd5, 0x78, 0x41, 0x3a, 0xb6, 0x51, 0x9c, 0x91, 0xee, - 0x4d, 0x79, 0x0b, 0xd4, 0x6d, 0x38, 0xff, 0xac, 0x00, 0xa5, 0x84, 0x95, 0x61, 0xe9, 0xd0, 0x69, - 0x36, 0xa9, 0x77, 0x40, 0xc9, 0x75, 0xe8, 0xdf, 0xd9, 0xda, 0xd9, 0x16, 0x56, 0x52, 0xe9, 0x00, - 0xc0, 0x40, 0x0a, 0xc7, 0x46, 0x0c, 0xf2, 0x10, 0xce, 0x49, 0x9f, 0x59, 0x55, 0x24, 0x46, 0xe8, - 0x52, 0x67, 0x0f, 0xdc, 0x34, 0x1d, 0x79, 0x47, 0x98, 0x44, 0x7e, 0xdc, 0x76, 0x03, 0xda, 0x40, - 0xcb, 0x4f, 0x7c, 0x9b, 0xae, 0x95, 0xd8, 0x3a, 0x1a, 0x7f, 0xc1, 0x68, 0xfd, 0x5e, 0x01, 0x66, - 0x73, 0xac, 0x26, 0xe4, 0x2d, 0xa3, 0x3b, 0x53, 0x5a, 0x77, 0x24, 0xca, 0x6a, 0x8f, 0xe8, 0xcf, - 0x92, 0xe6, 0x48, 0xdc, 0x77, 0x06, 0x47, 0xe2, 0xd5, 0x9e, 0xd8, 0x79, 0x78, 0x11, 0x60, 0x58, - 0xc2, 0xad, 0x49, 0x18, 0x37, 0xe4, 0x66, 0x59, 0x30, 0xa6, 0xd7, 0xcc, 0x06, 0x67, 0xc9, 0x6f, - 0xa8, 0xc1, 0x61, 0x7f, 0x5b, 0xbf, 0x5b, 0x80, 0x69, 0xec, 0xe2, 0x81, 0xcb, 0x96, 0xbe, 0x58, - 0x42, 0x0b, 0x46, 0x4f, 0xe6, 0x8d, 0x9e, 0x24, 0x70, 0x55, 0x97, 0x3e, 0x4c, 0x75, 0x69, 0x3e, - 0xab, 0x4b, 0x38, 0xbd, 0x5d, 0xdf, 0x33, 0x7a, 0xa2, 0x5d, 0x45, 0xfd, 0x7e, 0x01, 0xa6, 0xb4, - 0x36, 0xa9, 0xf6, 0xdf, 0x31, 0x9a, 0x74, 0x31, 0xa3, 0x49, 0x29, 0x21, 0x2f, 0xa6, 0x5a, 0xf4, - 0x5a, 0xa7, 0x16, 0x75, 0x95, 0xf1, 0x7f, 0x29, 0xc0, 0x4c, 0xa6, 0x0c, 0xc8, 0x79, 0xa6, 0xdb, - 0xd6, 0x03, 0x1a, 0x09, 0xf1, 0x8a, 0x5f, 0x0c, 0xbe, 0x16, 0x86, 0x6d, 0x1a, 0x88, 0xef, 0x5c, - 0xfc, 0x22, 0xaf, 0xc1, 0xf8, 0x36, 0x0d, 0x5c, 0xbf, 0xc1, 0x5d, 0xcc, 0xb9, 0xef, 0xe6, 0xb8, - 0x6d, 0x02, 0xc9, 0x3c, 0x8c, 0x54, 0x9a, 0x07, 0x7e, 0xe0, 0x46, 0x87, 0xfc, 0x36, 0x70, 0xc4, - 0x8e, 0x01, 0x8c, 0xf7, 0xb2, 0x7b, 0xc0, 0x2f, 0x35, 0x18, 0xb1, 0xf8, 0xc5, 0x16, 0x17, 0x69, - 0x2d, 0x1c, 0xe4, 0x8b, 0x8b, 0x34, 0x05, 0x9e, 0x87, 0xc1, 0xcf, 0x6c, 0x9c, 0x04, 0xf8, 0x6e, - 0xdc, 0x16, 0xbf, 0xc8, 0x04, 0x3a, 0x09, 0xe3, 0xab, 0x04, 0x74, 0x0e, 0xfe, 0x10, 0xa6, 0xb3, - 0xe4, 0x9a, 0x35, 0x85, 0x04, 0x6d, 0xaf, 0xa2, 0xfd, 0x12, 0xa6, 0x2a, 0x8d, 0xc6, 0xc6, 0xbd, - 0x0a, 0xf7, 0x39, 0x10, 0xa3, 0xca, 0x3f, 0x1e, 0x6e, 0xaf, 0x13, 0x2a, 0x5b, 0xff, 0x9a, 0xe7, - 0x46, 0xf6, 0xd4, 0xca, 0x37, 0x6e, 0x18, 0xb9, 0xde, 0x81, 0x66, 0x54, 0xb4, 0xcf, 0x6f, 0xd2, - 0x67, 0x19, 0x53, 0x80, 0xed, 0xa6, 0x26, 0x6f, 0x0e, 0xcf, 0x60, 0x3e, 0xad, 0xb1, 0x8d, 0x97, - 0x92, 0x59, 0x93, 0x6f, 0x5c, 0xd0, 0x57, 0xa9, 0x3f, 0xb1, 0xbe, 0x07, 0xe7, 0xf9, 0x92, 0xd6, - 0xa9, 0xf1, 0xa2, 0xd9, 0xba, 0x0d, 0xd4, 0x7a, 0x5f, 0x5a, 0x29, 0x3a, 0xb6, 0xcc, 0x1e, 0x33, - 0xda, 0x82, 0x55, 0xfe, 0xd7, 0x02, 0xcc, 0x25, 0x48, 0xab, 0xcf, 0xbd, 0xba, 0x5c, 0x4f, 0xdf, - 0x48, 0x3a, 0x61, 0xa3, 0x1e, 0xc0, 0x8d, 0x7f, 0x6e, 0x43, 0xf9, 0x61, 0x93, 0x5b, 0x00, 0x9c, - 0x58, 0xdb, 0xbe, 0xd1, 0xf4, 0x2d, 0x9c, 0x6c, 0x70, 0x03, 0xd7, 0x50, 0x48, 0x1b, 0xb2, 0xe4, - 0x2e, 0xbe, 0x91, 0x6e, 0xb6, 0x61, 0x8c, 0x95, 0x40, 0x05, 0x79, 0x2d, 0xc7, 0x48, 0x9c, 0xc5, - 0xdf, 0xfa, 0x3b, 0x7d, 0x30, 0xab, 0x0f, 0xe0, 0x8b, 0xf4, 0x75, 0x1b, 0x46, 0x97, 0x7c, 0x2f, - 0xa2, 0xdf, 0x44, 0xda, 0x5b, 0x75, 0xa2, 0x6e, 0xda, 0x55, 0x89, 0x50, 0x1d, 0x39, 0xa0, 0xc6, - 0xf4, 0x18, 0xc3, 0x59, 0x30, 0x46, 0x24, 0x4b, 0x30, 0xbe, 0x49, 0x9f, 0xa5, 0x04, 0x88, 0x0e, - 0x8b, 0x1e, 0x7d, 0x56, 0xd3, 0x84, 0xa8, 0x7b, 0x91, 0x19, 0x34, 0x64, 0x1f, 0x26, 0xe4, 0xe4, - 0x32, 0x84, 0x39, 0xa7, 0xef, 0x2a, 0xe6, 0x74, 0xe6, 0xaf, 0xb9, 0x59, 0x0d, 0x39, 0x32, 0x4c, - 0x70, 0x64, 0x5d, 0xe7, 0x35, 0xf2, 0x07, 0xca, 0xe6, 0xb6, 0xa5, 0x95, 0x18, 0xee, 0xa0, 0xc9, - 0x87, 0xc9, 0x3a, 0x0b, 0x6b, 0x1b, 0x4a, 0xe9, 0xf1, 0x10, 0xb5, 0xbd, 0x03, 0x83, 0x1c, 0x2a, - 0xd4, 0x00, 0x19, 0x86, 0x44, 0x61, 0xf3, 0x73, 0x3a, 0xaf, 0xc6, 0x16, 0xb8, 0xd6, 0x2a, 0xda, - 0x4e, 0x14, 0x8e, 0x52, 0xc4, 0x6e, 0x27, 0x87, 0x17, 0x3d, 0x6d, 0xe5, 0xf0, 0xea, 0x7e, 0x26, - 0xf2, 0x71, 0xc1, 0x12, 0x9a, 0x9f, 0x74, 0x4e, 0xa2, 0x61, 0x37, 0x60, 0x48, 0x80, 0x12, 0x01, - 0x52, 0xe2, 0xcf, 0x4f, 0x22, 0x58, 0x1f, 0xc2, 0x05, 0xb4, 0x85, 0xb9, 0xde, 0x41, 0x93, 0xee, - 0x86, 0xc6, 0xf3, 0x80, 0x6e, 0x9f, 0xf5, 0xc7, 0x30, 0x97, 0x45, 0xdb, 0xf5, 0xcb, 0xe6, 0x21, - 0x0b, 0xfe, 0xb2, 0x17, 0xa6, 0xd7, 0x42, 0x5d, 0x99, 0x10, 0x92, 0xb8, 0x99, 0xf5, 0x98, 0x1e, - 0x65, 0xb2, 0xda, 0x93, 0xf5, 0x58, 0xfe, 0x1d, 0xed, 0x71, 0x62, 0x6f, 0xa7, 0x57, 0xf2, 0x6c, - 0xdb, 0x52, 0xcf, 0x13, 0xdf, 0x80, 0xfe, 0x4d, 0xb6, 0x54, 0xf7, 0x89, 0xb1, 0xe3, 0x14, 0x0c, - 0x84, 0x8f, 0x03, 0xd9, 0x16, 0xc9, 0x7e, 0x90, 0x7b, 0xa9, 0x27, 0x88, 0xfd, 0xdd, 0x5f, 0x81, - 0xaf, 0xf6, 0xa4, 0x5e, 0x23, 0xbe, 0x07, 0xa3, 0x95, 0xc6, 0x11, 0xf7, 0x08, 0xf4, 0xbd, 0xc4, - 0x67, 0xa9, 0x95, 0xac, 0xf6, 0xd8, 0x3a, 0x22, 0x3b, 0xe1, 0x56, 0x5a, 0x2d, 0xdc, 0xa8, 0xb2, - 0x5e, 0xc6, 0xaf, 0xf6, 0xa0, 0x83, 0xfd, 0xe2, 0x30, 0x0c, 0xee, 0x38, 0xc1, 0x01, 0x8d, 0xac, - 0x2f, 0x61, 0x4e, 0x38, 0xa9, 0x70, 0xcb, 0x1f, 0xba, 0xb2, 0x84, 0xb1, 0x1f, 0x52, 0x27, 0xc7, - 0x92, 0xcb, 0x00, 0xa8, 0xe7, 0xaf, 0x79, 0x0d, 0xfa, 0x8d, 0xf0, 0x92, 0xd3, 0x20, 0xd6, 0xbb, - 0x30, 0xa2, 0x24, 0x84, 0xca, 0xac, 0xb6, 0xd9, 0xa1, 0xb4, 0xa6, 0x8d, 0x37, 0x97, 0xf2, 0xa1, - 0xe5, 0x05, 0xa3, 0xef, 0x22, 0xd2, 0x05, 0xd7, 0x7e, 0x5d, 0x98, 0x49, 0x4c, 0x82, 0xf8, 0x29, - 0xb5, 0xd2, 0x3f, 0xb9, 0x1b, 0x9f, 0xfa, 0x9d, 0x54, 0x4f, 0x7b, 0x4f, 0xa5, 0x9e, 0x5a, 0xff, - 0xb4, 0x17, 0x0f, 0x4e, 0x29, 0x79, 0x24, 0x6c, 0x50, 0xba, 0x1d, 0x6c, 0x11, 0x46, 0xb0, 0xf7, - 0xcb, 0xf2, 0xe9, 0x57, 0x67, 0x1f, 0x8b, 0xe1, 0x9f, 0x1d, 0x97, 0x7b, 0xd0, 0xb1, 0x22, 0x26, - 0x23, 0x9f, 0xc0, 0xd0, 0x8a, 0xd7, 0x40, 0x0e, 0x7d, 0x67, 0xe0, 0x20, 0x89, 0xd8, 0x98, 0x60, - 0x93, 0x77, 0xd8, 0x27, 0xcc, 0x4d, 0x17, 0xb6, 0x06, 0x89, 0x4f, 0x70, 0x03, 0x79, 0x27, 0xb8, - 0xc1, 0xc4, 0x09, 0xce, 0x82, 0x81, 0xad, 0xa0, 0x21, 0x22, 0x54, 0x4c, 0x2c, 0x8c, 0x09, 0xc1, - 0x21, 0xcc, 0xe6, 0x45, 0xd6, 0x7f, 0x2f, 0xc0, 0xec, 0x7d, 0x1a, 0x65, 0xce, 0x21, 0x43, 0x2a, - 0x85, 0x97, 0x96, 0x4a, 0xef, 0x8b, 0x48, 0x45, 0xf5, 0xba, 0x2f, 0xaf, 0xd7, 0xfd, 0x79, 0xbd, - 0x1e, 0xc8, 0xef, 0xf5, 0x7d, 0x18, 0xe4, 0x5d, 0x65, 0xa7, 0xd4, 0xb5, 0x88, 0x1e, 0xc5, 0xa7, - 0x54, 0xdd, 0x43, 0xcc, 0xe6, 0x65, 0x4c, 0x91, 0x5c, 0x77, 0x42, 0xfd, 0x94, 0x2a, 0x7e, 0x5a, - 0x3f, 0xc2, 0x47, 0xa3, 0xeb, 0x7e, 0xfd, 0x89, 0x66, 0xed, 0x1c, 0xe2, 0x5f, 0x68, 0xd2, 0x3a, - 0xce, 0xb0, 0x78, 0x89, 0x2d, 0x31, 0xc8, 0x15, 0x18, 0x5d, 0xf3, 0xee, 0xf9, 0x41, 0x9d, 0x6e, - 0x79, 0x4d, 0xce, 0x7d, 0xd8, 0xd6, 0x41, 0xc2, 0x0a, 0x20, 0x6a, 0x88, 0x8f, 0xd6, 0x08, 0x48, - 0x1c, 0xad, 0x19, 0x6c, 0x6f, 0xc1, 0xe6, 0x65, 0xc2, 0xc8, 0xc0, 0xfe, 0xee, 0x74, 0x2a, 0x55, - 0xc7, 0xd7, 0x6e, 0x88, 0xfb, 0x70, 0xc1, 0xa6, 0xad, 0xa6, 0xc3, 0x74, 0xba, 0x23, 0x9f, 0xe3, - 0xab, 0x3e, 0x5f, 0xc9, 0x78, 0xf0, 0x65, 0xfa, 0x0b, 0xa8, 0x26, 0xf7, 0x76, 0x68, 0xf2, 0x11, - 0x5c, 0xbd, 0x4f, 0x23, 0x73, 0x41, 0x8d, 0x6d, 0xa9, 0xa2, 0xf3, 0xab, 0x30, 0x1c, 0x9a, 0x76, - 0xe0, 0xcb, 0xf2, 0xfa, 0x21, 0x8b, 0x70, 0xef, 0xae, 0xbc, 0x29, 0x11, 0x7c, 0xd4, 0x5f, 0xd6, - 0xa7, 0x50, 0xce, 0xab, 0xee, 0x74, 0xee, 0x9c, 0x2e, 0x5c, 0xc9, 0x67, 0x20, 0x9a, 0xbb, 0x02, - 0xd2, 0x66, 0x2c, 0x3e, 0xa1, 0x6e, 0xad, 0x35, 0xcd, 0xcc, 0xe2, 0x0f, 0x6b, 0x51, 0x3a, 0xb6, - 0xbd, 0x44, 0x73, 0x6b, 0x78, 0x1d, 0x6b, 0x32, 0x88, 0xe5, 0x5a, 0x81, 0x61, 0x09, 0x13, 0x72, - 0x9d, 0xcd, 0x6c, 0xa9, 0x14, 0x68, 0x43, 0x32, 0x50, 0x64, 0xd6, 0x8f, 0xe4, 0xd5, 0x84, 0x49, - 0x71, 0xba, 0x17, 0x90, 0xa7, 0xb9, 0x8b, 0xb0, 0x7c, 0xb8, 0x60, 0xf2, 0xd6, 0x4d, 0xce, 0x45, - 0xcd, 0xe4, 0xcc, 0x2d, 0xcd, 0x57, 0x4c, 0x13, 0x68, 0xaf, 0x98, 0x97, 0x31, 0x88, 0x5c, 0xd6, - 0x0d, 0xcb, 0x63, 0xe9, 0x27, 0x95, 0xb7, 0x61, 0x2e, 0xab, 0x42, 0xed, 0x1c, 0xa8, 0xac, 0x97, - 0x42, 0xdf, 0x59, 0x86, 0xcb, 0x32, 0x46, 0x8c, 0xef, 0x47, 0x61, 0x14, 0x38, 0xad, 0x6a, 0x3d, - 0x70, 0x5b, 0x31, 0x95, 0x05, 0x83, 0x1c, 0x22, 0x24, 0xc1, 0xaf, 0x79, 0x38, 0x8e, 0x28, 0xb1, - 0x7e, 0xb3, 0x00, 0x96, 0xe1, 0x83, 0x84, 0xe3, 0xbc, 0x1d, 0xf8, 0x4f, 0xdd, 0x86, 0x76, 0xb5, - 0xf2, 0x96, 0x61, 0xd6, 0xe3, 0x4f, 0xe2, 0x92, 0xee, 0xcf, 0x62, 0xcd, 0xbc, 0x9d, 0x30, 0xb5, - 0x71, 0xc5, 0x13, 0xfd, 0x92, 0x9e, 0x50, 0xfd, 0x49, 0x89, 0x32, 0xc1, 0xfd, 0xcf, 0x02, 0x5c, - 0xeb, 0xd8, 0x06, 0xd1, 0x9f, 0x7d, 0x28, 0x26, 0xcb, 0xc4, 0x0c, 0x2a, 0x6b, 0x3e, 0x09, 0x69, - 0x0e, 0x7b, 0x77, 0xb8, 0x8f, 0xb5, 0xf4, 0xdd, 0x69, 0x29, 0xce, 0x29, 0x7e, 0x67, 0x6f, 0x3d, - 0xf9, 0x00, 0x60, 0xc7, 0x8f, 0x9c, 0xe6, 0x12, 0x1a, 0x00, 0xfa, 0x62, 0x7f, 0xf9, 0x88, 0x41, - 0x6b, 0xc9, 0x20, 0x05, 0x1a, 0xb2, 0xf5, 0x03, 0xfc, 0xae, 0xb3, 0x1b, 0x7d, 0xba, 0x4f, 0x6d, - 0x09, 0xae, 0x25, 0xee, 0xc5, 0x5f, 0x80, 0x49, 0x04, 0x33, 0x4c, 0xfc, 0x4c, 0xf7, 0xbe, 0x1f, - 0xf8, 0xed, 0xd6, 0x2f, 0x67, 0xd4, 0xff, 0xb4, 0xc0, 0x1d, 0x15, 0xf5, 0x6a, 0xc5, 0x40, 0x2f, - 0x01, 0xc4, 0xd0, 0x84, 0xc3, 0xba, 0x2a, 0xd8, 0xbb, 0xc3, 0x8f, 0xdc, 0x68, 0x31, 0x3f, 0xe0, - 0x0c, 0x34, 0xb2, 0x5f, 0xee, 0x48, 0xde, 0xc5, 0xcb, 0x70, 0x55, 0xfb, 0xe9, 0xe4, 0xfe, 0x9e, - 0xb4, 0x7f, 0x9c, 0x91, 0xee, 0x10, 0xa6, 0xd9, 0x0a, 0x50, 0x69, 0x47, 0x87, 0x7e, 0xe0, 0x46, - 0xf2, 0xe9, 0x05, 0xd9, 0x16, 0x6f, 0xbb, 0x39, 0xd5, 0xc7, 0xbf, 0x38, 0x2e, 0xbf, 0x7f, 0x96, - 0xd8, 0x7d, 0x92, 0xe7, 0x8e, 0x7a, 0x0f, 0x6e, 0xcd, 0x42, 0xdf, 0x92, 0xbd, 0x8e, 0x0b, 0x9e, - 0xbd, 0xae, 0x16, 0x3c, 0x7b, 0xdd, 0xfa, 0xeb, 0x5e, 0x28, 0xf3, 0xe8, 0x13, 0xe8, 0x43, 0x11, - 0x5b, 0x2d, 0x34, 0xa7, 0x8c, 0xd3, 0x1a, 0x18, 0x12, 0xd1, 0x25, 0x7a, 0x4f, 0x13, 0x5d, 0xe2, - 0xd7, 0x20, 0xc7, 0x64, 0x75, 0x0a, 0x2b, 0xc0, 0x9b, 0x27, 0xc7, 0xe5, 0x6b, 0xb1, 0x15, 0x80, - 0x97, 0x66, 0x99, 0x03, 0x72, 0xaa, 0x48, 0xdb, 0x2f, 0xfa, 0x5f, 0xc0, 0x7e, 0x71, 0x1b, 0x86, - 0xf0, 0x30, 0xb3, 0xb6, 0x2d, 0xbc, 0x1a, 0x71, 0x7a, 0x62, 0x3c, 0x99, 0x9a, 0xab, 0x07, 0xf5, - 0x92, 0x68, 0xd6, 0xdf, 0xef, 0x85, 0x2b, 0xf9, 0x32, 0x17, 0x6d, 0x5b, 0x06, 0x88, 0xbd, 0x37, - 0x3a, 0x79, 0x8b, 0xe0, 0xb7, 0xf3, 0x8c, 0xee, 0x2b, 0x6f, 0x2d, 0x8d, 0x8e, 0xe9, 0x3e, 0xf2, - 0xa1, 0x6f, 0xe2, 0xaa, 0xc0, 0x78, 0xff, 0x2b, 0x22, 0x52, 0x0a, 0x90, 0x11, 0x91, 0x52, 0xc0, - 0xc8, 0x3e, 0xcc, 0x6e, 0x07, 0xee, 0x53, 0x27, 0xa2, 0x0f, 0xe9, 0x73, 0xfe, 0x10, 0x66, 0x45, - 0xbc, 0x7e, 0xe1, 0xaf, 0xb7, 0xaf, 0x9f, 0x1c, 0x97, 0x5f, 0x6b, 0x71, 0x14, 0xf6, 0x61, 0xd6, - 0xf8, 0xd3, 0xc3, 0x5a, 0xfa, 0x41, 0x4c, 0x1e, 0x23, 0xeb, 0xdf, 0x16, 0xe0, 0x22, 0xaa, 0xe5, - 0xc2, 0xec, 0x2a, 0x2b, 0x7f, 0x21, 0xa7, 0x41, 0xbd, 0x83, 0x62, 0x2e, 0xa2, 0xd3, 0xa0, 0xf1, - 0x10, 0xda, 0x36, 0xd0, 0xc8, 0x1a, 0x8c, 0x8a, 0xdf, 0xf8, 0xfd, 0xf5, 0xe1, 0x81, 0x60, 0x46, - 0x5b, 0xb0, 0x70, 0xaa, 0x73, 0x53, 0x11, 0x4e, 0x6c, 0xc1, 0x0c, 0xdf, 0x0b, 0xda, 0x3a, 0xad, - 0xf5, 0xf3, 0x5e, 0x98, 0xdf, 0xa3, 0x81, 0xfb, 0xf8, 0x79, 0x4e, 0x67, 0xb6, 0x60, 0x5a, 0x82, - 0x78, 0x04, 0x0a, 0xe3, 0x13, 0xe3, 0x51, 0xe9, 0x64, 0x53, 0x45, 0x08, 0x0b, 0xf9, 0xc5, 0x65, - 0x12, 0x9e, 0xc1, 0x1d, 0xf0, 0x1d, 0x18, 0x4e, 0xc4, 0x80, 0xc1, 0xf1, 0x97, 0x5f, 0x68, 0x3c, - 0x54, 0xab, 0x3d, 0xb6, 0xc2, 0x24, 0xbf, 0x95, 0x7f, 0x7f, 0x23, 0x4c, 0x1f, 0xdd, 0xec, 0x9f, - 0xf8, 0xc1, 0xb2, 0x8f, 0xd5, 0xd1, 0x4a, 0x33, 0x3e, 0xd8, 0xd5, 0x1e, 0x3b, 0xaf, 0xa6, 0xc5, - 0x51, 0x18, 0xa9, 0xe0, 0x9d, 0x14, 0x3b, 0xb9, 0xff, 0x8f, 0x5e, 0xb8, 0x2c, 0x1f, 0xb5, 0xe4, - 0x88, 0xf9, 0x73, 0x98, 0x95, 0xa0, 0x4a, 0x8b, 0x29, 0x0c, 0xb4, 0x61, 0x4a, 0x9a, 0x47, 0x86, - 0x94, 0x92, 0x76, 0x04, 0x4e, 0x2c, 0xec, 0x3c, 0xf2, 0x57, 0x63, 0xfd, 0xfc, 0x24, 0x2b, 0x22, - 0x0f, 0x5a, 0x21, 0xf5, 0x35, 0xd3, 0x10, 0x8d, 0xb1, 0x7e, 0x36, 0x52, 0xd6, 0xd3, 0xfe, 0x97, - 0xb5, 0x9e, 0xae, 0xf6, 0x24, 0xed, 0xa7, 0x8b, 0x13, 0x30, 0xb6, 0x49, 0x9f, 0xc5, 0x72, 0xff, - 0x7f, 0x0b, 0x89, 0x48, 0x03, 0x4c, 0xc3, 0xe0, 0x21, 0x07, 0x0a, 0x71, 0x50, 0x17, 0x8c, 0x34, - 0xa0, 0x6b, 0x18, 0x1c, 0x75, 0x0d, 0x86, 0xf8, 0x45, 0x6d, 0xe3, 0x14, 0x27, 0x7c, 0xf5, 0x3a, - 0x85, 0x3f, 0x19, 0x6c, 0xf0, 0xc3, 0xbe, 0xa0, 0xb7, 0x1e, 0xc2, 0x55, 0xe1, 0xbf, 0x6c, 0x0e, - 0x3e, 0x56, 0x74, 0xc6, 0xed, 0xcb, 0x72, 0xe0, 0xf2, 0x7d, 0x9a, 0x5c, 0x7a, 0x8c, 0xd7, 0x3b, - 0x9f, 0xc2, 0xa4, 0x01, 0x57, 0x1c, 0x51, 0x2b, 0x55, 0x73, 0x48, 0xb1, 0x4e, 0x62, 0x5b, 0x57, - 0xb2, 0xaa, 0xd0, 0x1b, 0x6b, 0x51, 0x0c, 0xf1, 0x18, 0xc4, 0x57, 0x6c, 0xe1, 0x19, 0x56, 0xbd, - 0xeb, 0xda, 0x77, 0xcd, 0x57, 0x3c, 0x1e, 0xeb, 0x4d, 0xee, 0xbc, 0xaa, 0xd4, 0x1a, 0x37, 0xee, - 0x02, 0xac, 0x09, 0x18, 0x93, 0x45, 0x4d, 0x1a, 0x86, 0xd6, 0x4f, 0x07, 0xc0, 0x12, 0x82, 0xcd, - 0xba, 0x7d, 0x96, 0xf2, 0xd8, 0x4f, 0x35, 0x56, 0x6c, 0x54, 0xe7, 0xf5, 0xe8, 0x82, 0x71, 0x29, - 0x9f, 0x79, 0xa8, 0xe7, 0xd5, 0x63, 0xa8, 0x31, 0xf3, 0x52, 0xbd, 0xff, 0x2a, 0x67, 0x99, 0xe4, - 0x1f, 0xdb, 0xeb, 0x27, 0xc7, 0xe5, 0xab, 0x39, 0xcb, 0xa4, 0xc1, 0x37, 0x7b, 0xc9, 0xb4, 0xcd, - 0x2b, 0x91, 0xbe, 0x17, 0xb9, 0x12, 0x61, 0x5f, 0xa4, 0x7e, 0x29, 0xb2, 0x6b, 0xca, 0x52, 0x7c, - 0x8f, 0xf2, 0x4a, 0x5b, 0x2f, 0x12, 0x0f, 0xfe, 0x35, 0x88, 0xc1, 0xd5, 0x60, 0x43, 0x5c, 0x28, - 0x6a, 0x36, 0xcb, 0xa5, 0x43, 0x5a, 0x7f, 0x22, 0x6c, 0xc5, 0xf2, 0x42, 0x37, 0xcb, 0x66, 0xce, - 0xa3, 0xcc, 0xf2, 0xef, 0x9c, 0x17, 0xd4, 0xea, 0x8c, 0x54, 0x0f, 0x58, 0x90, 0x64, 0x4b, 0x7e, - 0x02, 0x53, 0x6a, 0xa8, 0x13, 0xee, 0x47, 0xa3, 0x0b, 0xaf, 0xc5, 0xe1, 0x28, 0x8f, 0x1e, 0x3b, - 0x37, 0x9f, 0xde, 0xb9, 0x99, 0x81, 0xcb, 0xdf, 0xc1, 0xd7, 0x65, 0x81, 0xe6, 0x7b, 0xa4, 0x5f, - 0x74, 0x65, 0x11, 0x6a, 0xd7, 0xd9, 0x7f, 0x4f, 0x39, 0xcb, 0x33, 0x7d, 0xc1, 0x6d, 0x52, 0xf1, - 0xea, 0x45, 0xce, 0xbe, 0x9c, 0xab, 0xb8, 0xc2, 0xb7, 0x7c, 0x15, 0xf7, 0x47, 0xbd, 0xf2, 0x89, - 0x40, 0xfa, 0x36, 0xf4, 0xcc, 0x37, 0x72, 0x99, 0x3d, 0x38, 0xd5, 0x66, 0x9a, 0xd9, 0x38, 0xb2, - 0x28, 0xef, 0x33, 0x55, 0x6c, 0xa8, 0x09, 0x75, 0x37, 0x10, 0x17, 0x18, 0x57, 0x9c, 0xa8, 0xba, - 0x68, 0x54, 0xc9, 0xcb, 0xb2, 0xbe, 0x97, 0xbf, 0x2c, 0xfb, 0x17, 0x23, 0x70, 0x6e, 0xdb, 0x39, - 0x70, 0x3d, 0xb6, 0x68, 0xdb, 0x34, 0xf4, 0xdb, 0x41, 0x9d, 0x92, 0x0a, 0x4c, 0x98, 0xfe, 0x9f, - 0x5d, 0xbc, 0x5b, 0xd9, 0xbe, 0x64, 0xc2, 0xc8, 0x02, 0x8c, 0xa8, 0x37, 0xa7, 0x62, 0x33, 0xc9, - 0x78, 0x8b, 0xba, 0xda, 0x63, 0xc7, 0x68, 0xe4, 0x03, 0xe3, 0x7e, 0x67, 0x52, 0x3d, 0x9f, 0x46, - 0xdc, 0x05, 0xee, 0xa0, 0xe7, 0xf9, 0x0d, 0x73, 0x43, 0xe4, 0x97, 0x18, 0x3f, 0x4a, 0x5d, 0xf9, - 0x0c, 0x18, 0x2d, 0x4e, 0xd9, 0xbd, 0x50, 0x17, 0xc8, 0x0d, 0xf3, 0x9b, 0x71, 0x19, 0xf4, 0x25, - 0x8c, 0x3e, 0x6c, 0xef, 0x53, 0x79, 0xb9, 0x35, 0x28, 0xf6, 0xc7, 0xa4, 0x57, 0xb3, 0x28, 0xdf, - 0xbb, 0xcb, 0xc7, 0xe0, 0x49, 0x7b, 0x9f, 0xa6, 0xe3, 0x47, 0xb3, 0x85, 0x49, 0x63, 0x46, 0x0e, - 0xa1, 0x98, 0x74, 0x40, 0x16, 0xd1, 0xd4, 0x3a, 0xb8, 0x4d, 0x63, 0x28, 0x0f, 0x2d, 0x4a, 0x35, - 0x77, 0x8b, 0x34, 0x2a, 0x49, 0x71, 0x25, 0xbf, 0x0e, 0x33, 0x99, 0x56, 0x47, 0xf5, 0x84, 0xaa, - 0xb3, 0x41, 0x13, 0x17, 0xf5, 0x84, 0xd4, 0xe4, 0x7b, 0x2d, 0xa3, 0xe6, 0xec, 0x5a, 0x48, 0x03, - 0x26, 0x13, 0x8e, 0xb5, 0x22, 0x10, 0x7f, 0xbe, 0xab, 0x2e, 0x6e, 0x4c, 0x32, 0x6a, 0x69, 0x66, - 0x5d, 0x49, 0x96, 0x64, 0x1d, 0x46, 0xd4, 0x71, 0x1f, 0x5f, 0x67, 0x65, 0x9b, 0x36, 0x4a, 0x27, - 0xc7, 0xe5, 0xe9, 0xd8, 0xb4, 0x61, 0xf0, 0x8c, 0x19, 0x90, 0xdf, 0x80, 0xab, 0x6a, 0x8a, 0x6e, - 0x05, 0xd9, 0x46, 0x20, 0x11, 0x05, 0xfb, 0x46, 0x72, 0x86, 0xe7, 0xe1, 0xef, 0xdd, 0x59, 0xec, - 0x2d, 0x15, 0x56, 0x7b, 0xec, 0xee, 0xac, 0xc9, 0x4f, 0x0b, 0x70, 0x3e, 0xa7, 0xd6, 0x31, 0xac, - 0xb5, 0xab, 0x65, 0x0e, 0x95, 0x7b, 0x7c, 0x36, 0xe4, 0x36, 0xe2, 0xe7, 0x75, 0xd2, 0x44, 0x67, - 0xf4, 0x3b, 0xa7, 0x26, 0xf2, 0x36, 0x0c, 0xe2, 0x19, 0x39, 0x2c, 0x8d, 0xa3, 0x16, 0x89, 0x11, - 0x6c, 0xf0, 0x24, 0xad, 0xef, 0x1b, 0x02, 0x87, 0xac, 0x32, 0x6d, 0x0c, 0xf7, 0x2d, 0xa9, 0x3d, - 0x89, 0x78, 0x57, 0x42, 0xa3, 0xe7, 0x45, 0x32, 0xca, 0x85, 0x11, 0xee, 0xdc, 0x24, 0x5b, 0x04, - 0x18, 0x0e, 0xc4, 0xaa, 0xf4, 0xa0, 0x7f, 0xb8, 0xbf, 0x38, 0xc0, 0x3f, 0x1c, 0xe9, 0xb1, 0xfd, - 0xdb, 0xc3, 0xfc, 0x79, 0xe7, 0xae, 0xe7, 0x3e, 0x76, 0xe3, 0x05, 0x4c, 0xb7, 0xae, 0xc5, 0x59, - 0x47, 0x84, 0xee, 0x9b, 0x93, 0x5f, 0x44, 0x19, 0xe2, 0x7a, 0xbb, 0x1a, 0xe2, 0xee, 0x6a, 0x57, - 0x56, 0x5a, 0x88, 0x48, 0xae, 0xe3, 0x98, 0x86, 0xaf, 0xf8, 0x2e, 0xeb, 0x6b, 0x18, 0xc4, 0xa8, - 0x8e, 0xfc, 0x3e, 0x70, 0x74, 0xe1, 0xa6, 0x58, 0xb6, 0x3b, 0x34, 0x9f, 0x87, 0x81, 0x14, 0x4f, - 0xb6, 0xb9, 0xc4, 0x11, 0x60, 0x48, 0x1c, 0x21, 0x64, 0x07, 0xa6, 0xb6, 0x03, 0xda, 0x10, 0x7e, - 0xc3, 0xad, 0x40, 0x18, 0x27, 0xb8, 0xd9, 0x03, 0xb7, 0xfc, 0x96, 0x2c, 0xae, 0x51, 0x55, 0xae, - 0x6f, 0xa8, 0x19, 0xe4, 0x64, 0x05, 0x26, 0xaa, 0xd4, 0x09, 0xea, 0x87, 0x0f, 0xe9, 0x73, 0xa6, - 0xee, 0x18, 0xa1, 0xf6, 0x43, 0x2c, 0x61, 0xfd, 0xc5, 0x22, 0xdd, 0xc7, 0xc3, 0x24, 0x22, 0x3f, - 0x80, 0xc1, 0xaa, 0x1f, 0x44, 0x8b, 0xcf, 0xc5, 0xa2, 0x26, 0x6f, 0x8c, 0x38, 0x70, 0xf1, 0x82, - 0x4c, 0x37, 0x10, 0xfa, 0x41, 0x54, 0xdb, 0x37, 0x42, 0x22, 0x71, 0x14, 0xf2, 0x1c, 0xa6, 0xcd, - 0x05, 0x45, 0xb8, 0xb3, 0x0e, 0x0b, 0x35, 0x2b, 0x6b, 0xd5, 0xe2, 0x28, 0x8b, 0xd7, 0x05, 0xf7, - 0x2b, 0xc9, 0x65, 0xeb, 0x31, 0x96, 0xeb, 0x51, 0x8a, 0xb2, 0xe8, 0xc9, 0x06, 0x66, 0x69, 0xe0, - 0x3d, 0xaa, 0x84, 0xdc, 0x0d, 0x76, 0x24, 0x0e, 0xba, 0xd5, 0xc6, 0x45, 0x09, 0x25, 0xe1, 0x84, - 0xc9, 0xd4, 0x1e, 0x76, 0x8a, 0x94, 0x6c, 0xc3, 0xb9, 0xdd, 0x90, 0x6e, 0x07, 0xf4, 0xa9, 0x4b, - 0x9f, 0x49, 0x7e, 0x10, 0x47, 0x28, 0x62, 0xfc, 0x5a, 0xbc, 0x34, 0x8b, 0x61, 0x9a, 0x98, 0x7c, - 0x00, 0xb0, 0xed, 0x7a, 0x1e, 0x6d, 0xe0, 0xb5, 0xe3, 0x28, 0xb2, 0x42, 0x93, 0x6a, 0x0b, 0xa1, - 0x35, 0xdf, 0x6b, 0xea, 0x22, 0xd5, 0x90, 0xc9, 0x22, 0x8c, 0xaf, 0x79, 0xf5, 0x66, 0x5b, 0xb8, - 0x07, 0x84, 0xb8, 0xa0, 0x88, 0xc8, 0x69, 0x2e, 0x2f, 0xa8, 0xa5, 0x3e, 0x72, 0x93, 0x84, 0x3c, - 0x04, 0x22, 0x00, 0x62, 0xd6, 0x3a, 0xfb, 0x4d, 0x2a, 0x3e, 0x77, 0x34, 0x95, 0x48, 0x46, 0x38, - 0xdd, 0x8d, 0x80, 0x64, 0x29, 0xb2, 0xb9, 0x0f, 0x60, 0x54, 0x9b, 0xf3, 0x19, 0x31, 0x08, 0xa6, - 0xf5, 0x18, 0x04, 0x23, 0x7a, 0xac, 0x81, 0x7f, 0x58, 0x80, 0xf9, 0xec, 0x6f, 0x49, 0x28, 0x60, - 0x5b, 0x30, 0xa2, 0x80, 0xea, 0xd5, 0x89, 0x54, 0xfd, 0x13, 0x1a, 0x10, 0xff, 0xa0, 0xe5, 0xca, - 0xa3, 0xf7, 0x3e, 0xe6, 0xf1, 0x02, 0xf6, 0xf8, 0xff, 0x6f, 0x18, 0xa6, 0xd1, 0xbb, 0x3a, 0xb9, - 0x4e, 0x7d, 0x8a, 0xb1, 0x44, 0x10, 0xa6, 0x99, 0x97, 0x85, 0xa5, 0x89, 0xc3, 0x93, 0x81, 0xaf, - 0x0c, 0x02, 0xf2, 0xae, 0xee, 0x13, 0xd1, 0xab, 0xe5, 0x85, 0x90, 0x40, 0xbd, 0x0b, 0xb1, 0xb3, - 0xc4, 0x5b, 0xc6, 0x95, 0xfc, 0xa9, 0x17, 0xbd, 0xfe, 0xd3, 0x2e, 0x7a, 0xbb, 0x6a, 0xd1, 0xe3, - 0x31, 0x2a, 0xde, 0xd4, 0x16, 0xbd, 0x57, 0xbf, 0xda, 0x0d, 0xbe, 0xea, 0xd5, 0x6e, 0xe8, 0xe5, - 0x56, 0xbb, 0xe1, 0x17, 0x5c, 0xed, 0xee, 0xc1, 0xc4, 0x26, 0xa5, 0x0d, 0xed, 0xa2, 0x64, 0x24, - 0xde, 0x3d, 0x3d, 0x8a, 0x26, 0xb0, 0xac, 0xdb, 0x92, 0x04, 0x55, 0xee, 0xaa, 0x09, 0x7f, 0x3b, - 0xab, 0xe6, 0xe8, 0x2b, 0x5e, 0x35, 0xc7, 0x5e, 0x66, 0xd5, 0x4c, 0x2d, 0x7d, 0xe3, 0x67, 0x5e, - 0xfa, 0x5e, 0x66, 0xb5, 0xfa, 0x04, 0x5d, 0x0a, 0xab, 0xd5, 0x55, 0xe1, 0x3d, 0xa2, 0xb9, 0x6b, - 0xac, 0xfa, 0xa1, 0xf4, 0xb8, 0xc6, 0xbf, 0x19, 0x6c, 0xdb, 0x0f, 0xe4, 0x95, 0x37, 0xfe, 0x6d, - 0x2d, 0xa2, 0x23, 0xa1, 0x4e, 0xaf, 0xdc, 0xf5, 0x87, 0xc4, 0x93, 0x3d, 0xb1, 0xc6, 0x25, 0x8f, - 0x51, 0xb6, 0x2c, 0xb7, 0xfe, 0xb2, 0xc0, 0x2f, 0x25, 0xff, 0x4f, 0x5c, 0x2a, 0x5f, 0xe6, 0xa2, - 0xf0, 0xb7, 0xe2, 0xa7, 0xfc, 0x22, 0xec, 0x40, 0xe0, 0xd4, 0x9f, 0xc4, 0x37, 0xb5, 0x3f, 0x64, - 0xdf, 0xb9, 0x5e, 0x80, 0x81, 0x55, 0xe3, 0xb3, 0xa2, 0x59, 0xb8, 0x77, 0x47, 0x2e, 0x00, 0x22, - 0xa2, 0x01, 0x07, 0x9b, 0x0b, 0x80, 0x4e, 0x80, 0xbe, 0x72, 0x93, 0x96, 0xcd, 0x5f, 0xa2, 0x67, - 0xb6, 0xe0, 0xbd, 0xf4, 0x5b, 0x6a, 0x3c, 0x8c, 0xc4, 0x6f, 0xa9, 0x75, 0x31, 0xc6, 0xaf, 0xaa, - 0x77, 0xe1, 0xa2, 0x4d, 0x8f, 0xfc, 0xa7, 0xf4, 0xd5, 0xb2, 0xfd, 0x0a, 0x2e, 0x98, 0x0c, 0xf9, - 0xab, 0x1b, 0x1e, 0x10, 0xfd, 0x93, 0xec, 0x30, 0xea, 0x82, 0x80, 0x87, 0x51, 0xe7, 0xd1, 0x98, - 0xd9, 0x9f, 0xfa, 0xbe, 0x81, 0x65, 0x96, 0x0f, 0xf3, 0x26, 0xf3, 0x4a, 0xa3, 0x81, 0x39, 0xf8, - 0xea, 0x6e, 0xcb, 0xf1, 0x22, 0xb2, 0x05, 0xa3, 0xda, 0xcf, 0x84, 0xa9, 0x40, 0x2b, 0x11, 0x3a, - 0x4d, 0x0c, 0x30, 0x42, 0x70, 0xc6, 0x60, 0x8b, 0x42, 0x39, 0x29, 0x1e, 0x26, 0x32, 0xbd, 0xce, - 0x45, 0x18, 0xd7, 0x7e, 0x2a, 0x93, 0x25, 0x7e, 0xfc, 0x5a, 0x0d, 0xa6, 0xc0, 0x4c, 0x12, 0xab, - 0x0e, 0x73, 0x59, 0x42, 0xc3, 0xe8, 0x4c, 0xcf, 0xc9, 0x4a, 0x1c, 0xe7, 0xa9, 0xbb, 0xb7, 0xdd, - 0x64, 0x5e, 0x8c, 0x27, 0xeb, 0xef, 0xf6, 0xc3, 0x45, 0x31, 0x18, 0xaf, 0x72, 0xc4, 0xc9, 0x8f, - 0x60, 0x54, 0x1b, 0x63, 0x21, 0xf4, 0x2b, 0x32, 0xf4, 0x66, 0xde, 0x5c, 0xe0, 0x26, 0x8d, 0x36, - 0x02, 0x6a, 0x89, 0xe1, 0x5e, 0xed, 0xb1, 0x75, 0x96, 0xa4, 0x09, 0x13, 0xe6, 0x40, 0x0b, 0xab, - 0xce, 0xb5, 0xcc, 0x4a, 0x4c, 0x54, 0x19, 0xc8, 0xb9, 0x51, 0xcb, 0x1c, 0xee, 0xd5, 0x1e, 0x3b, - 0xc1, 0x9b, 0x7c, 0x03, 0xe7, 0x52, 0xa3, 0x2c, 0x8c, 0x75, 0x6f, 0x64, 0x56, 0x98, 0xc2, 0xe6, - 0xe6, 0xd8, 0x00, 0xc1, 0xb9, 0xd5, 0xa6, 0x2b, 0x21, 0x0d, 0x18, 0xd3, 0x07, 0x5e, 0x98, 0x9d, - 0xae, 0x76, 0x10, 0x25, 0x47, 0xe4, 0xca, 0x9d, 0x90, 0x25, 0x8e, 0xfd, 0x73, 0xd3, 0xc4, 0x6c, - 0x20, 0x0f, 0xc3, 0x20, 0xff, 0xcd, 0x96, 0x80, 0xed, 0x80, 0x86, 0xd4, 0xab, 0x53, 0xc3, 0x41, - 0xfb, 0x25, 0x97, 0x80, 0x7f, 0x53, 0x80, 0x52, 0x16, 0xdf, 0x2a, 0xf5, 0x1a, 0x64, 0x1b, 0x8a, - 0xc9, 0x8a, 0xc4, 0xac, 0xb6, 0x54, 0xac, 0xdc, 0xdc, 0x26, 0xad, 0xf6, 0xd8, 0x29, 0x6a, 0xb2, - 0x09, 0xe7, 0x34, 0x98, 0x30, 0xae, 0xf6, 0x9e, 0xc6, 0xb8, 0xca, 0x46, 0x21, 0x45, 0xaa, 0xdb, - 0xa6, 0x57, 0x71, 0x67, 0x5c, 0xf6, 0x8f, 0x1c, 0xd7, 0x63, 0x8a, 0xae, 0x16, 0xea, 0x09, 0x62, - 0xa8, 0x90, 0x0d, 0xb7, 0xb6, 0x22, 0x54, 0x3e, 0x28, 0x51, 0x28, 0xd6, 0xc7, 0xb8, 0x82, 0x0b, - 0x1b, 0x1d, 0x7f, 0x9e, 0xaa, 0x98, 0x5d, 0x81, 0x81, 0x9d, 0xf5, 0xea, 0x52, 0x45, 0x3c, 0x76, - 0xe5, 0x21, 0x12, 0x9a, 0x61, 0xad, 0xee, 0xd8, 0xbc, 0xc0, 0xfa, 0x08, 0xc8, 0x7d, 0x1a, 0x89, - 0x60, 0xed, 0x8a, 0xee, 0x75, 0x18, 0x12, 0x20, 0x41, 0x89, 0xae, 0x71, 0x4d, 0x81, 0x25, 0xcb, - 0xac, 0x6d, 0x79, 0x4e, 0x68, 0x52, 0x27, 0xd4, 0x36, 0xe6, 0xf7, 0x61, 0x38, 0x10, 0x30, 0xb1, - 0x2f, 0x4f, 0xa8, 0xb4, 0x16, 0x08, 0xe6, 0xf6, 0x6c, 0x89, 0x63, 0xab, 0xbf, 0xac, 0x75, 0x0c, - 0x67, 0xb2, 0xb5, 0xb6, 0xbc, 0xc4, 0xa4, 0x2a, 0x84, 0x25, 0x87, 0xe3, 0x16, 0xfa, 0x90, 0x47, - 0x54, 0x7f, 0xea, 0x8a, 0xa2, 0xc1, 0x8f, 0x5c, 0x04, 0xf1, 0xd1, 0x50, 0xac, 0xbb, 0x2a, 0x38, - 0x4a, 0x06, 0xb7, 0xbc, 0xf4, 0x0c, 0x9b, 0x18, 0xf6, 0xe5, 0x3e, 0xba, 0xcb, 0xbc, 0x8a, 0x46, - 0x38, 0x30, 0xc7, 0xb7, 0x79, 0xd6, 0x2b, 0x91, 0x98, 0xcc, 0x57, 0x4b, 0xe3, 0x12, 0x8c, 0x28, - 0x98, 0xba, 0xfb, 0xe2, 0xb2, 0x32, 0xf0, 0xf7, 0xee, 0xf2, 0x57, 0xc1, 0x75, 0xc5, 0x20, 0xa6, - 0x63, 0x55, 0xf0, 0xef, 0xee, 0x5b, 0xae, 0x22, 0xa4, 0x41, 0xf4, 0xad, 0x56, 0x11, 0xc7, 0x05, - 0x3a, 0x4b, 0x15, 0x06, 0xfe, 0xde, 0xc2, 0x69, 0x04, 0xf5, 0x2d, 0x57, 0xc1, 0x04, 0xf5, 0xed, - 0x55, 0x41, 0x65, 0x00, 0x25, 0x3e, 0x49, 0x53, 0x95, 0xac, 0xa4, 0x2b, 0x91, 0x86, 0xeb, 0x04, - 0x45, 0xc7, 0xf1, 0xa0, 0x30, 0xcf, 0x85, 0xf5, 0x4b, 0xa8, 0x86, 0x09, 0xec, 0xdb, 0xad, 0xe6, - 0x1f, 0x14, 0x78, 0x38, 0xa7, 0xea, 0x96, 0x96, 0x12, 0xd0, 0x7b, 0xec, 0x6b, 0x57, 0xf3, 0xda, - 0xd7, 0xfe, 0xd0, 0xf5, 0x1a, 0xfa, 0xd5, 0xbc, 0xd3, 0x8e, 0x0e, 0x55, 0xb8, 0xe3, 0x27, 0xae, - 0xd7, 0xb0, 0x93, 0xd8, 0xe4, 0x03, 0x18, 0xd7, 0x40, 0x4a, 0x5b, 0xe3, 0x39, 0x23, 0x74, 0x72, - 0xb7, 0x61, 0x9b, 0x98, 0xd6, 0xdf, 0x14, 0x60, 0x2a, 0x23, 0x55, 0x2d, 0x1a, 0x33, 0xf0, 0x14, - 0xa4, 0x16, 0x2a, 0x91, 0x30, 0x09, 0x23, 0x4b, 0x18, 0x9b, 0xa4, 0x42, 0xc4, 0x68, 0xf9, 0x5a, - 0x5a, 0xdd, 0x5e, 0x2d, 0x75, 0x57, 0x76, 0x2a, 0x5d, 0x1d, 0x9d, 0x84, 0x00, 0x71, 0x4b, 0x84, - 0xd9, 0xb8, 0xca, 0x54, 0x5a, 0x2d, 0x27, 0xef, 0x2b, 0x49, 0x0a, 0xac, 0x55, 0x63, 0xfd, 0x56, - 0x2f, 0x9c, 0xcf, 0xe8, 0x7f, 0x95, 0x46, 0x7f, 0x1b, 0x22, 0x48, 0x64, 0x46, 0xee, 0xfb, 0x25, - 0x65, 0x46, 0xb6, 0xfe, 0x43, 0x2f, 0x9c, 0xdf, 0x6d, 0x85, 0xf8, 0xc2, 0x6a, 0xcd, 0x7b, 0x4a, - 0xbd, 0xc8, 0x0f, 0x9e, 0xe3, 0xab, 0x10, 0xf2, 0x2e, 0x0c, 0xac, 0xd2, 0x66, 0xd3, 0x17, 0xf3, - 0xff, 0x92, 0xf4, 0x8e, 0x48, 0x62, 0x23, 0xd2, 0x6a, 0x8f, 0xcd, 0xb1, 0xc9, 0x07, 0x30, 0xb2, - 0x4a, 0x9d, 0x20, 0xda, 0xa7, 0x8e, 0x3c, 0xb2, 0xc8, 0x4c, 0x16, 0x1a, 0x89, 0x40, 0x58, 0xed, - 0xb1, 0x63, 0x6c, 0xb2, 0xc0, 0x4e, 0xf3, 0xde, 0x81, 0x7a, 0x4d, 0x9e, 0x53, 0x21, 0xc3, 0x59, - 0xed, 0xb1, 0x11, 0x97, 0x6c, 0xc0, 0x78, 0xe5, 0x80, 0x7a, 0xd1, 0x06, 0x8d, 0x9c, 0x86, 0x13, - 0x39, 0x42, 0xb5, 0x7d, 0x3d, 0x8f, 0xd8, 0x40, 0x5e, 0xed, 0xb1, 0x4d, 0x6a, 0xf2, 0x11, 0x0c, - 0xdd, 0xf7, 0xfd, 0xc6, 0xfe, 0x73, 0x2a, 0xd4, 0xd5, 0x72, 0x1e, 0x23, 0x81, 0xb6, 0xda, 0x63, - 0x4b, 0x8a, 0xc5, 0x01, 0xe8, 0xdb, 0x08, 0x0f, 0xac, 0xe3, 0x02, 0x94, 0x96, 0xfd, 0x67, 0x5e, - 0xa6, 0x54, 0xbf, 0x67, 0x4a, 0x55, 0xb2, 0xcf, 0xc0, 0x4f, 0xc8, 0xf5, 0x1d, 0xe8, 0xdf, 0x76, - 0xbd, 0x83, 0x84, 0x2a, 0x98, 0x41, 0xc7, 0xb0, 0x50, 0x3c, 0xae, 0x77, 0x40, 0xd6, 0xa5, 0x0e, - 0x2e, 0x6c, 0x8d, 0x7d, 0x86, 0xe2, 0x9f, 0x41, 0xad, 0x63, 0xc7, 0xba, 0x36, 0xff, 0x2d, 0x3b, - 0xf8, 0x16, 0xcc, 0xe6, 0xd4, 0x2b, 0x9e, 0x87, 0xb3, 0xbe, 0xf5, 0xa3, 0x62, 0xf3, 0x26, 0xcc, - 0x64, 0x8e, 0x5f, 0x0a, 0xf1, 0x9f, 0x64, 0x4d, 0x44, 0xde, 0xf3, 0x12, 0x0c, 0xc9, 0x6c, 0x49, - 0xdc, 0xf6, 0x23, 0x7f, 0xe2, 0x03, 0x29, 0xf9, 0xa1, 0xca, 0xc0, 0x1e, 0xf2, 0x7b, 0xdc, 0xd3, - 0x02, 0x29, 0xf1, 0xcf, 0xe9, 0xc3, 0x97, 0xf8, 0x68, 0x14, 0x2f, 0x56, 0xe7, 0xaa, 0x1f, 0x46, - 0x9e, 0xf2, 0xbc, 0xb5, 0xd5, 0x6f, 0x72, 0x03, 0x8a, 0x32, 0x9d, 0x83, 0xc8, 0x1b, 0x23, 0x32, - 0x39, 0xdb, 0x29, 0x38, 0x79, 0x1f, 0x66, 0x93, 0x30, 0xd9, 0x4b, 0xfe, 0xc2, 0x2d, 0xaf, 0xd8, - 0xfa, 0x8b, 0x5e, 0x8c, 0x75, 0xdd, 0x61, 0x5e, 0x33, 0xe9, 0x6e, 0x55, 0x85, 0xb4, 0x7a, 0xb7, - 0xaa, 0x64, 0x1e, 0x46, 0xb6, 0xaa, 0x46, 0xca, 0x29, 0x3b, 0x06, 0xb0, 0x66, 0xb3, 0x2e, 0x54, - 0x82, 0xfa, 0xa1, 0x1b, 0xd1, 0x7a, 0xd4, 0x0e, 0xc4, 0x2a, 0x6c, 0xa7, 0xe0, 0xc4, 0x82, 0xb1, - 0xfb, 0x4d, 0x77, 0xbf, 0x2e, 0x99, 0x71, 0x11, 0x18, 0x30, 0xf2, 0x06, 0x4c, 0xac, 0x79, 0x61, - 0xe4, 0x34, 0x9b, 0x1b, 0x34, 0x3a, 0xf4, 0x1b, 0x22, 0x69, 0xa6, 0x9d, 0x80, 0xb2, 0x7a, 0x97, - 0x7c, 0x2f, 0x72, 0x5c, 0x8f, 0x06, 0x76, 0xdb, 0x8b, 0xdc, 0x23, 0x2a, 0xfa, 0x9e, 0x82, 0x93, - 0x77, 0x60, 0x46, 0xc1, 0xb6, 0x82, 0xfa, 0x21, 0x0d, 0xa3, 0x00, 0x13, 0xd1, 0x61, 0xc0, 0x1f, - 0x3b, 0xbb, 0x10, 0x6b, 0x68, 0xfa, 0xed, 0xc6, 0x8a, 0xf7, 0xd4, 0x0d, 0x7c, 0x0f, 0x73, 0x53, - 0x0c, 0x8b, 0x1a, 0x12, 0x70, 0xeb, 0x0f, 0x87, 0x33, 0x3f, 0xdb, 0x97, 0x99, 0x83, 0x5f, 0xc0, - 0xd8, 0x92, 0xd3, 0x72, 0xf6, 0xdd, 0xa6, 0x1b, 0xb9, 0x2a, 0x63, 0xd7, 0xbb, 0x5d, 0xbe, 0x79, - 0x99, 0xe0, 0x83, 0x36, 0x74, 0x62, 0xdb, 0x60, 0x35, 0xf7, 0xd7, 0x83, 0x30, 0x93, 0x89, 0x47, - 0xae, 0x8b, 0xd4, 0x5e, 0x6a, 0x5d, 0x15, 0xc9, 0xae, 0xec, 0x24, 0x98, 0x8d, 0x25, 0x82, 0x96, - 0x9a, 0xd4, 0xf1, 0xda, 0x22, 0xd5, 0x95, 0x6d, 0xc0, 0xd8, 0x58, 0x32, 0xbd, 0x41, 0x63, 0x86, - 0x8e, 0xd3, 0x76, 0x02, 0x4a, 0xae, 0xc0, 0x28, 0x83, 0x48, 0x56, 0xfd, 0xfc, 0x89, 0x9f, 0x06, - 0x62, 0x9c, 0x36, 0xfd, 0x06, 0xd5, 0x38, 0x0d, 0x70, 0x4e, 0x26, 0x94, 0x71, 0x62, 0x10, 0xc9, - 0x69, 0x90, 0x73, 0xd2, 0x40, 0xe4, 0x35, 0x18, 0xaf, 0xb4, 0x5a, 0x1a, 0x23, 0xcc, 0x71, 0x65, - 0x9b, 0x40, 0x72, 0x19, 0xa0, 0xd2, 0x6a, 0x49, 0x36, 0x98, 0xbf, 0xca, 0xd6, 0x20, 0xe4, 0x66, - 0x1c, 0xae, 0x4c, 0x63, 0x85, 0xd7, 0x09, 0x76, 0x46, 0x09, 0x93, 0xab, 0x8a, 0xed, 0x24, 0x98, - 0x02, 0x97, 0x6b, 0x02, 0x4c, 0x3e, 0x86, 0x0b, 0x09, 0xbf, 0x0b, 0xad, 0x02, 0x34, 0xf5, 0xdb, - 0xf9, 0x08, 0xe4, 0x3d, 0x38, 0x9f, 0x28, 0x94, 0xd5, 0xa1, 0x55, 0xdf, 0xce, 0x29, 0x25, 0x1f, - 0x42, 0x29, 0xf1, 0x6c, 0x3b, 0xae, 0x14, 0x2d, 0xf8, 0x76, 0x6e, 0x39, 0xfb, 0xba, 0x12, 0xef, - 0xbf, 0x44, 0x95, 0x78, 0x59, 0x69, 0x67, 0x17, 0x92, 0x55, 0x28, 0x67, 0xfa, 0xb2, 0x68, 0x15, - 0x63, 0x5e, 0x2e, 0xbb, 0x1b, 0x1a, 0x59, 0x84, 0xf9, 0x4c, 0x14, 0xd9, 0x0c, 0xcc, 0xd6, 0x65, - 0x77, 0xc4, 0x21, 0x0b, 0x30, 0x1d, 0xfb, 0xf4, 0x68, 0x4d, 0xc0, 0x44, 0x5d, 0x76, 0x66, 0x19, - 0x79, 0xdb, 0x7c, 0x9c, 0xcf, 0x2b, 0xc3, 0x3c, 0x5d, 0x76, 0xba, 0xc0, 0x3a, 0x29, 0xc0, 0x7c, - 0xe6, 0x46, 0x29, 0xf5, 0xf9, 0xb9, 0xa4, 0xe2, 0xa8, 0xad, 0x05, 0x37, 0xa0, 0x1f, 0x15, 0x7c, - 0x6e, 0x2b, 0x96, 0xbe, 0xa6, 0x48, 0xcf, 0x59, 0xb1, 0x52, 0x1b, 0x71, 0xc8, 0x7d, 0x75, 0x37, - 0xd8, 0x87, 0x96, 0x8c, 0x5b, 0x49, 0x05, 0x2a, 0xa3, 0x72, 0xfd, 0x8e, 0x50, 0xde, 0x06, 0xbe, - 0xcc, 0x35, 0xcc, 0x5f, 0x14, 0xa0, 0xdc, 0x45, 0x3f, 0x50, 0x7d, 0x2a, 0x9c, 0xa2, 0x4f, 0x0f, - 0x54, 0x9f, 0xf8, 0xdb, 0xd8, 0x85, 0xd3, 0xe9, 0x20, 0xaf, 0xba, 0x5b, 0x6d, 0x20, 0x69, 0x35, - 0x94, 0x7c, 0x17, 0x46, 0xaa, 0xd5, 0x55, 0xc3, 0xa1, 0x2f, 0x75, 0x39, 0x14, 0x63, 0x90, 0xdb, - 0xa7, 0xf2, 0xe0, 0xd3, 0xfc, 0xf7, 0xac, 0x65, 0x28, 0xe5, 0x69, 0x90, 0xb8, 0xb0, 0xf0, 0xd8, - 0x5a, 0xda, 0xc5, 0x12, 0x5f, 0x58, 0x4c, 0xb0, 0xf5, 0x1e, 0x9c, 0x57, 0xd4, 0x3c, 0x69, 0x87, - 0xf6, 0xf0, 0x5f, 0x1c, 0x3b, 0x55, 0x80, 0x81, 0x18, 0x60, 0xfd, 0x79, 0x7f, 0x8a, 0xb0, 0xda, - 0x3e, 0x3a, 0x72, 0x82, 0xe7, 0xa4, 0x62, 0x12, 0xf6, 0x75, 0xd5, 0xf4, 0x17, 0xfb, 0x7f, 0x76, - 0x5c, 0xee, 0xd1, 0xb8, 0xb3, 0xe5, 0x18, 0x37, 0x76, 0xaf, 0x4e, 0xf9, 0x95, 0x54, 0x2f, 0x0f, - 0x6e, 0x64, 0x00, 0xc9, 0x1e, 0x8c, 0x8b, 0x2d, 0x13, 0x7f, 0xcb, 0xa9, 0x7d, 0x3b, 0x39, 0xb5, - 0x8d, 0xe6, 0xdd, 0x34, 0x48, 0xf8, 0x24, 0x30, 0xd9, 0x90, 0x2f, 0x60, 0x42, 0x2a, 0x48, 0x82, - 0x31, 0x77, 0x22, 0xba, 0xd3, 0x99, 0xb1, 0x49, 0xc3, 0x39, 0x27, 0x18, 0xb1, 0x26, 0xcb, 0x35, - 0x86, 0x73, 0x1e, 0x38, 0x4d, 0x93, 0x0d, 0x12, 0xd1, 0x64, 0x03, 0x36, 0xf7, 0x03, 0x20, 0xe9, - 0x7e, 0x75, 0x9b, 0xc5, 0xe3, 0xda, 0x2c, 0x9e, 0xab, 0xc0, 0x54, 0x46, 0x07, 0xce, 0xc4, 0xe2, - 0x07, 0x40, 0xd2, 0x2d, 0x3d, 0x0b, 0x07, 0xeb, 0x3a, 0xbc, 0xa1, 0x44, 0xa0, 0x66, 0x83, 0xc1, - 0x53, 0x1a, 0x9e, 0x7f, 0xb3, 0x17, 0xca, 0x5d, 0x50, 0xc9, 0x1f, 0x14, 0x92, 0xd2, 0xe6, 0xb3, - 0xf1, 0x83, 0xa4, 0xb4, 0xb3, 0xe9, 0x33, 0xc4, 0xbe, 0xf8, 0xe1, 0x4f, 0xff, 0xea, 0x85, 0x15, - 0xfe, 0xf4, 0x90, 0x9d, 0x5d, 0x5a, 0xfd, 0xba, 0xb4, 0x6c, 0x98, 0x36, 0x8e, 0x4a, 0xa7, 0xd9, - 0x33, 0x2e, 0x03, 0x88, 0x14, 0x9f, 0xeb, 0xfe, 0x81, 0x50, 0xcf, 0x34, 0x88, 0x75, 0x0f, 0x66, - 0x12, 0x3c, 0x85, 0x31, 0xfc, 0xbb, 0xa0, 0x1e, 0x78, 0x23, 0xd3, 0xbe, 0xc5, 0x73, 0xbf, 0x38, - 0x2e, 0x8f, 0x33, 0x4d, 0xfa, 0x66, 0x1c, 0x3f, 0x5e, 0xfe, 0x65, 0x6d, 0xe8, 0xe6, 0xfc, 0x4a, - 0x53, 0x0f, 0x7c, 0x43, 0xee, 0xc0, 0x20, 0x87, 0x24, 0xa2, 0x34, 0xeb, 0xd8, 0x62, 0x4d, 0x10, - 0x88, 0xd6, 0x0c, 0x3e, 0x47, 0xc5, 0x1f, 0x95, 0x38, 0x7c, 0x82, 0xb5, 0xcb, 0xb3, 0x96, 0xc4, - 0x60, 0x15, 0x09, 0xba, 0xbf, 0x12, 0x87, 0x79, 0x90, 0xbe, 0x17, 0x12, 0xcf, 0xf3, 0x9f, 0x35, - 0x69, 0x83, 0x67, 0x84, 0x5b, 0x1c, 0x13, 0xbe, 0x17, 0xfd, 0x0e, 0x63, 0x80, 0x64, 0xd6, 0xa7, - 0x30, 0xc3, 0x36, 0xe8, 0x20, 0x59, 0x1f, 0xe6, 0x2a, 0x60, 0x30, 0xd3, 0xa1, 0xdd, 0x61, 0x20, - 0x74, 0x68, 0x17, 0x85, 0xd6, 0x3a, 0x5c, 0xe0, 0xc6, 0x40, 0xbd, 0x4b, 0xb1, 0xe9, 0x7d, 0x00, - 0x7f, 0x27, 0x1e, 0x33, 0x66, 0xf4, 0x9e, 0xe3, 0x59, 0x9f, 0xe0, 0x6b, 0x19, 0x31, 0x49, 0x5d, - 0xdf, 0x8b, 0x2d, 0x7f, 0xa7, 0x7b, 0x5e, 0xfb, 0x7f, 0xc3, 0x7c, 0xa5, 0xd5, 0xa2, 0x5e, 0x23, - 0x26, 0xdc, 0x09, 0x9c, 0x53, 0x06, 0x3f, 0x20, 0x15, 0x18, 0x40, 0x6c, 0x75, 0x6f, 0x29, 0x9a, - 0x9b, 0xd1, 0x1c, 0xc4, 0x13, 0x61, 0x3b, 0xb1, 0x02, 0x4e, 0x69, 0x35, 0x60, 0xb6, 0xda, 0xde, - 0x3f, 0x72, 0x23, 0x74, 0x83, 0xc7, 0x00, 0x22, 0xb2, 0xee, 0x35, 0x99, 0x68, 0x8a, 0x0b, 0xe3, - 0x7a, 0xfc, 0xaa, 0x02, 0x3d, 0xe9, 0x45, 0x50, 0x91, 0xa7, 0x77, 0x6e, 0xc6, 0xa4, 0x68, 0xf5, - 0xe0, 0xb5, 0x60, 0xb1, 0x48, 0x46, 0x65, 0x4d, 0xc1, 0x39, 0xfd, 0x0e, 0x88, 0xcf, 0x90, 0x19, - 0x98, 0x32, 0xef, 0x76, 0x38, 0xf8, 0x6b, 0x98, 0xe6, 0xb6, 0x67, 0x1e, 0x76, 0x7b, 0x21, 0x8e, - 0x30, 0xdd, 0xbb, 0xb7, 0x90, 0xf0, 0xbf, 0x47, 0xb7, 0x5c, 0x95, 0x50, 0x61, 0x6f, 0x81, 0xbf, - 0x78, 0x7c, 0xba, 0x60, 0xdc, 0x20, 0xf6, 0xee, 0x2d, 0x2c, 0x0e, 0x89, 0xf0, 0xa5, 0x8c, 0x3b, - 0x1f, 0xfe, 0x6f, 0x85, 0xfb, 0x02, 0x3e, 0xb2, 0x5f, 0xa5, 0x0e, 0x3e, 0x88, 0xc9, 0x7e, 0xaa, - 0x3c, 0x01, 0xbd, 0x6e, 0x43, 0x9e, 0xd6, 0xdd, 0x86, 0xf5, 0x27, 0x05, 0xb8, 0xce, 0x75, 0xa0, - 0x6c, 0x3a, 0xbc, 0xe8, 0xc9, 0x21, 0x26, 0xef, 0x03, 0xcf, 0xda, 0x2e, 0x14, 0x4d, 0x4b, 0xb4, - 0xbc, 0x13, 0x27, 0x4e, 0x40, 0x2a, 0x30, 0xa6, 0x3f, 0x29, 0x39, 0x5d, 0x78, 0x38, 0x7b, 0xf4, - 0xe8, 0xb1, 0xa3, 0x9e, 0x99, 0x3c, 0x81, 0x8b, 0x2b, 0xdf, 0xb0, 0x09, 0x21, 0x76, 0x27, 0xa1, - 0xb0, 0xc7, 0x4f, 0x61, 0x27, 0x77, 0xc4, 0x8c, 0x31, 0x4f, 0xd3, 0x49, 0x30, 0x3b, 0x9a, 0xca, - 0x0d, 0x4e, 0x69, 0xcd, 0x23, 0xb6, 0x01, 0xb3, 0xfe, 0xbc, 0x00, 0xf3, 0xd9, 0xb5, 0x89, 0x85, - 0x65, 0x0d, 0xce, 0x2d, 0x39, 0x9e, 0xef, 0xb9, 0x75, 0xa7, 0x59, 0xad, 0x1f, 0xd2, 0x46, 0x5b, - 0x05, 0x39, 0x55, 0xab, 0xcc, 0x01, 0xf5, 0x24, 0xb9, 0x44, 0xb1, 0xd3, 0x54, 0xec, 0x50, 0x86, - 0xaf, 0x12, 0xf8, 0xda, 0xdb, 0xa4, 0x81, 0xe2, 0xc7, 0x5b, 0x96, 0x53, 0x4a, 0x6e, 0x4b, 0x23, - 0x7b, 0x63, 0xd7, 0x73, 0x23, 0x45, 0xc4, 0xad, 0x2b, 0x59, 0x45, 0xd6, 0xbf, 0x2b, 0xc0, 0x05, - 0xcc, 0x6b, 0x64, 0x64, 0x4a, 0x8c, 0x63, 0xfd, 0xca, 0x70, 0xb5, 0x05, 0xe3, 0x95, 0x85, 0x81, - 0x6d, 0xc6, 0xad, 0x25, 0x6f, 0x43, 0x7f, 0x55, 0x3a, 0x49, 0x4d, 0x24, 0xd2, 0xd0, 0xca, 0x94, - 0xff, 0x7e, 0x10, 0xd9, 0x88, 0xc5, 0xf6, 0x9c, 0x65, 0x1a, 0xd6, 0xa9, 0x87, 0xf9, 0x82, 0xf9, - 0x61, 0x5f, 0x83, 0xc4, 0xa1, 0x8a, 0xfa, 0xf3, 0x42, 0x15, 0x0d, 0x98, 0xa1, 0x8a, 0xac, 0xa7, - 0x3c, 0xab, 0x51, 0xb2, 0x43, 0x62, 0x90, 0x3e, 0x49, 0xa5, 0x17, 0xe6, 0xfb, 0xc0, 0xf9, 0xac, - 0x9e, 0xed, 0xdd, 0x4d, 0x65, 0x0e, 0xce, 0x8f, 0xad, 0xbb, 0x0d, 0xaf, 0x19, 0xb8, 0x95, 0x66, - 0xd3, 0x7f, 0x46, 0x1b, 0xdb, 0x81, 0x7f, 0xe4, 0x47, 0x46, 0x56, 0x17, 0x91, 0x5f, 0x3b, 0xbe, - 0x46, 0x11, 0xb3, 0x32, 0x01, 0xb6, 0xfe, 0x2f, 0x78, 0xbd, 0x0b, 0x47, 0xd1, 0xa9, 0x2a, 0x9c, - 0x73, 0x12, 0x65, 0xd2, 0xdb, 0xe5, 0xf5, 0xac, 0x7e, 0x25, 0x19, 0x85, 0x76, 0x9a, 0xfe, 0xc6, - 0x8e, 0x91, 0x92, 0x97, 0x94, 0x60, 0x7a, 0xdb, 0xde, 0x5a, 0xde, 0x5d, 0xda, 0xa9, 0xed, 0x7c, - 0xb1, 0xbd, 0x52, 0xdb, 0xdd, 0x7c, 0xb8, 0xb9, 0xf5, 0x68, 0x93, 0x07, 0xa7, 0x36, 0x4a, 0x76, - 0x56, 0x2a, 0x1b, 0xc5, 0x02, 0x99, 0x86, 0xa2, 0x01, 0x5e, 0xd9, 0x5d, 0x2c, 0xf6, 0xde, 0xf8, - 0xda, 0x48, 0x35, 0x4b, 0xe6, 0xa1, 0x54, 0xdd, 0xdd, 0xde, 0xde, 0xb2, 0x15, 0x57, 0x3d, 0x34, - 0xf6, 0x0c, 0x9c, 0x33, 0x4a, 0xef, 0xd9, 0x2b, 0x2b, 0xc5, 0x02, 0x6b, 0x8a, 0x01, 0xde, 0xb6, - 0x57, 0x36, 0xd6, 0x76, 0x37, 0x8a, 0xbd, 0x37, 0x6a, 0xfa, 0xd3, 0x2e, 0x72, 0x11, 0x66, 0x97, - 0x57, 0xf6, 0xd6, 0x96, 0x56, 0xb2, 0x78, 0x4f, 0x43, 0x51, 0x2f, 0xdc, 0xd9, 0xda, 0xd9, 0xe6, - 0xac, 0x75, 0xe8, 0xa3, 0x95, 0xc5, 0xca, 0xee, 0xce, 0xea, 0x66, 0xb1, 0xcf, 0xea, 0x1f, 0xee, - 0x2d, 0xf6, 0xde, 0xf8, 0x91, 0xf1, 0xee, 0x8b, 0x35, 0x5f, 0xa0, 0xef, 0x56, 0x2b, 0xf7, 0xf3, - 0xab, 0xe0, 0xa5, 0x1b, 0xf7, 0x2a, 0xc5, 0x02, 0xb9, 0x04, 0x17, 0x0c, 0xe8, 0x76, 0xa5, 0x5a, - 0x7d, 0xb4, 0x65, 0x2f, 0xaf, 0xaf, 0x54, 0xab, 0xc5, 0xde, 0x1b, 0x7b, 0x46, 0x78, 0x36, 0x56, - 0xc3, 0xc6, 0xbd, 0x4a, 0xcd, 0x5e, 0xf9, 0x6c, 0x77, 0xcd, 0x5e, 0x59, 0x4e, 0xd7, 0x60, 0x94, - 0x7e, 0xb1, 0x52, 0x2d, 0x16, 0xc8, 0x14, 0x4c, 0x1a, 0xd0, 0xcd, 0xad, 0x62, 0xef, 0x8d, 0x37, - 0x44, 0x04, 0x2f, 0x32, 0x01, 0xb0, 0xbc, 0x52, 0x5d, 0x5a, 0xd9, 0x5c, 0x5e, 0xdb, 0xbc, 0x5f, - 0xec, 0x21, 0xe3, 0x30, 0x52, 0x51, 0x3f, 0x0b, 0x37, 0x3e, 0x84, 0xc9, 0xc4, 0x89, 0x9a, 0x61, - 0xa8, 0xc3, 0x68, 0xb1, 0x07, 0xc5, 0x2f, 0x7f, 0xa2, 0x59, 0x93, 0x1f, 0x8e, 0x8b, 0x85, 0x1b, - 0x8b, 0x32, 0xf5, 0xa9, 0xf6, 0x9d, 0x93, 0x51, 0x18, 0x5a, 0x5e, 0xb9, 0x57, 0xd9, 0x5d, 0xdf, - 0x29, 0xf6, 0xb0, 0x1f, 0x4b, 0xf6, 0x4a, 0x65, 0x67, 0x65, 0xb9, 0x58, 0x20, 0x23, 0x30, 0x50, - 0xdd, 0xa9, 0xec, 0xac, 0x14, 0x7b, 0xc9, 0x30, 0xf4, 0xef, 0x56, 0x57, 0xec, 0x62, 0xdf, 0xc2, - 0xbf, 0xfe, 0x83, 0x02, 0xb7, 0xed, 0xc9, 0x37, 0x44, 0x5f, 0x6b, 0x87, 0x49, 0xb1, 0xe4, 0x89, - 0x3c, 0x8f, 0xb9, 0x27, 0x47, 0xd4, 0x02, 0xe6, 0x3a, 0x5c, 0x76, 0x20, 0xc2, 0xf5, 0xc2, 0xed, - 0x02, 0xb1, 0xd1, 0x39, 0x24, 0x71, 0xb6, 0x52, 0x9c, 0xb3, 0x8f, 0xbf, 0x73, 0x97, 0x3a, 0x1e, - 0xc9, 0xc8, 0xaf, 0x81, 0xa5, 0xf3, 0xcc, 0x39, 0x81, 0x7c, 0xf7, 0x74, 0x27, 0x0d, 0x59, 0xe7, - 0x1b, 0xa7, 0x43, 0x27, 0x0f, 0x60, 0x9c, 0xe9, 0xe6, 0x0a, 0x8d, 0x5c, 0x4c, 0x12, 0x6a, 0xc7, - 0x81, 0xb9, 0xf9, 0xec, 0x42, 0x95, 0x8a, 0x65, 0x0c, 0x3b, 0xc2, 0x0f, 0xd6, 0x21, 0x91, 0x51, - 0x1e, 0x24, 0x84, 0xaf, 0xf8, 0x73, 0xe7, 0x12, 0xe0, 0xbd, 0x3b, 0xb7, 0x0b, 0xa4, 0x8a, 0x21, - 0xd6, 0x0c, 0x25, 0x9f, 0xc8, 0x47, 0x6d, 0x69, 0xed, 0x9f, 0xb7, 0xa6, 0xac, 0x12, 0x27, 0xe6, - 0x9c, 0x0e, 0x36, 0x81, 0xa4, 0x75, 0x67, 0x72, 0x25, 0x9e, 0x07, 0xd9, 0x6a, 0xf5, 0xdc, 0xf9, - 0x94, 0xcf, 0xdf, 0x0a, 0xd3, 0x9e, 0xc8, 0x0a, 0x4c, 0x88, 0x27, 0xdc, 0x42, 0x9b, 0x27, 0x9d, - 0xce, 0x03, 0xb9, 0x6c, 0xee, 0xa3, 0x9c, 0xd4, 0x89, 0x80, 0xcc, 0xc5, 0xfd, 0x48, 0x1e, 0x13, - 0xe6, 0x2e, 0x66, 0x96, 0x89, 0xfe, 0xdd, 0x83, 0x09, 0xf3, 0x70, 0x41, 0xe4, 0x00, 0x65, 0x9e, - 0x39, 0x72, 0x1b, 0x54, 0x83, 0xd9, 0x0d, 0xc7, 0xc5, 0x2b, 0x0a, 0xe1, 0x59, 0x26, 0xfd, 0xc2, - 0x48, 0xb9, 0x83, 0xa3, 0x58, 0x95, 0x7a, 0x0d, 0x35, 0x08, 0x79, 0x61, 0xd5, 0xf1, 0xb3, 0xa9, - 0x4a, 0x1d, 0xd9, 0xf4, 0xab, 0x23, 0x96, 0x99, 0x0c, 0x37, 0xcb, 0x55, 0x72, 0x2e, 0xcf, 0xbb, - 0x97, 0x6c, 0xa0, 0x92, 0x9e, 0xe0, 0xa8, 0xcd, 0x89, 0x33, 0xb3, 0x2b, 0x61, 0x20, 0x01, 0x2d, - 0x89, 0xb8, 0x28, 0x0c, 0x49, 0x8e, 0xe0, 0x72, 0x99, 0xdd, 0x2e, 0x90, 0xaf, 0xf1, 0xab, 0xce, - 0x64, 0xf7, 0xc8, 0x8d, 0x0e, 0x85, 0xf6, 0x73, 0x31, 0x93, 0x81, 0xf8, 0x50, 0x3a, 0x70, 0xb7, - 0x61, 0x3a, 0xcb, 0xa1, 0x58, 0x09, 0xb4, 0x83, 0xb7, 0x71, 0xee, 0x2c, 0xb0, 0xd9, 0x51, 0xa3, - 0x91, 0x3f, 0x48, 0x1d, 0xfc, 0x59, 0x73, 0x79, 0x7e, 0x0c, 0x13, 0x6c, 0x96, 0x3c, 0xa4, 0xb4, - 0x55, 0x69, 0xba, 0x4f, 0x69, 0x48, 0x64, 0x7c, 0x5c, 0x05, 0xca, 0xa3, 0xbd, 0x5e, 0x20, 0xdf, - 0x81, 0xd1, 0x47, 0x4e, 0x54, 0x3f, 0x14, 0x71, 0x22, 0x65, 0x18, 0x49, 0x84, 0xcd, 0xc9, 0x5f, - 0x58, 0x78, 0xbb, 0x40, 0xbe, 0x0f, 0x43, 0xf7, 0x69, 0x84, 0x8f, 0x8a, 0xaf, 0x2a, 0xdf, 0x3a, - 0x6e, 0x9b, 0x5c, 0xf3, 0xd4, 0xcb, 0x19, 0xd9, 0xe0, 0xa4, 0x01, 0x95, 0xdc, 0x02, 0xe0, 0x0b, - 0x02, 0x72, 0x48, 0x16, 0xcf, 0xa5, 0x9a, 0x4d, 0xee, 0x33, 0xe5, 0xa1, 0x49, 0x23, 0x7a, 0xda, - 0x2a, 0xf3, 0x64, 0xb4, 0x0e, 0x13, 0x2a, 0x7b, 0xcd, 0x26, 0x86, 0xf3, 0xb0, 0x12, 0xcc, 0xc2, - 0x33, 0x70, 0xfb, 0x90, 0x7d, 0x15, 0x3c, 0x75, 0x2b, 0xc6, 0x7d, 0xc0, 0x95, 0x74, 0x56, 0x0f, - 0x1e, 0xa1, 0x2f, 0xa1, 0x52, 0x88, 0x1c, 0x4d, 0xa3, 0x5d, 0xf5, 0xc3, 0xc8, 0xa4, 0x55, 0x90, - 0x6c, 0xda, 0x5f, 0x85, 0x39, 0xbd, 0x5e, 0x33, 0x50, 0x71, 0xbc, 0xe6, 0xe6, 0xc5, 0x3f, 0x9e, - 0xbb, 0xda, 0x01, 0x43, 0x9c, 0xdf, 0xfa, 0x7e, 0xbb, 0xb7, 0x80, 0xcb, 0xc9, 0x32, 0x4c, 0xc9, - 0xba, 0xb6, 0x5a, 0xd4, 0xab, 0x56, 0x57, 0x31, 0x53, 0x89, 0xf4, 0xe4, 0xd0, 0x60, 0x92, 0x3b, - 0x49, 0x17, 0xb1, 0xad, 0xcf, 0x88, 0xef, 0x40, 0x3a, 0x45, 0x7d, 0x88, 0xb7, 0xbe, 0xcc, 0x08, - 0xba, 0x0f, 0xb9, 0x51, 0xc9, 0x50, 0xfe, 0xf7, 0x16, 0x48, 0x87, 0x03, 0xd0, 0x5c, 0xce, 0x11, - 0xe2, 0x76, 0x81, 0x7c, 0x01, 0x24, 0x7d, 0x24, 0x51, 0x22, 0xcc, 0x3d, 0x7e, 0x29, 0x11, 0x76, - 0x38, 0xcf, 0xac, 0xc0, 0x94, 0x8a, 0xee, 0x12, 0x97, 0x93, 0x9c, 0xb6, 0x74, 0xd8, 0xc1, 0x66, - 0x32, 0xd8, 0xec, 0x2d, 0x74, 0x60, 0x94, 0x09, 0x27, 0x9f, 0xc2, 0x94, 0x98, 0xfb, 0x46, 0x7b, - 0x8a, 0x6a, 0x19, 0x13, 0x87, 0x9b, 0xdc, 0x96, 0x3c, 0x80, 0x99, 0x6a, 0x42, 0xf0, 0xdc, 0x8f, - 0xfd, 0x82, 0xc9, 0x02, 0x81, 0x55, 0x1a, 0x71, 0xc9, 0x67, 0xf3, 0x7a, 0x08, 0x84, 0xdb, 0x96, - 0x24, 0xbb, 0xa7, 0x2e, 0x7d, 0x46, 0x2e, 0x25, 0x9a, 0xce, 0x80, 0x88, 0x86, 0xeb, 0x60, 0x6e, - 0xcf, 0x76, 0x78, 0xfe, 0x62, 0x84, 0x1a, 0x37, 0xe0, 0x57, 0x0c, 0x02, 0xe3, 0x12, 0x5d, 0x8c, - 0xe3, 0x85, 0x5c, 0x0c, 0xf2, 0x1b, 0x18, 0x9d, 0xb5, 0xf3, 0xe9, 0x8c, 0x7c, 0x27, 0xeb, 0x10, - 0x9d, 0x73, 0xbe, 0x9c, 0x7b, 0xfb, 0x74, 0xc8, 0xea, 0x3c, 0x3c, 0x7e, 0x9f, 0x46, 0xdb, 0xcd, - 0xf6, 0x81, 0x8b, 0x99, 0x2d, 0x89, 0xb2, 0x3d, 0x29, 0x90, 0x98, 0xde, 0x32, 0x28, 0x5a, 0x5c, - 0x50, 0xa5, 0x3f, 0x26, 0x6b, 0x50, 0xe4, 0xdb, 0x88, 0xc6, 0xe2, 0x52, 0x8a, 0x85, 0x40, 0x71, - 0x02, 0xe7, 0x28, 0xcc, 0x1d, 0xad, 0x5b, 0xdc, 0xe5, 0x88, 0xc8, 0x4f, 0x5b, 0xd7, 0x53, 0xa7, - 0x0c, 0x98, 0x8a, 0x58, 0xcf, 0x46, 0xc4, 0xa6, 0x21, 0x8d, 0x64, 0x18, 0x18, 0x9e, 0xd7, 0xf4, - 0x5a, 0xac, 0x33, 0xa4, 0x4b, 0xe3, 0x15, 0x24, 0x11, 0xb2, 0x6c, 0xef, 0x2e, 0x51, 0xb9, 0x5e, - 0x33, 0x98, 0xbe, 0x61, 0xa8, 0x36, 0x67, 0xe3, 0xfb, 0x0e, 0x6e, 0x65, 0x18, 0xfa, 0x66, 0x26, - 0x6e, 0x1b, 0xfb, 0x2d, 0xa9, 0xc6, 0x35, 0xaa, 0xbd, 0x05, 0x5c, 0x19, 0xd9, 0x5e, 0xcb, 0x34, - 0xe1, 0x76, 0x10, 0x50, 0x8f, 0x13, 0xe7, 0xa9, 0x2d, 0x59, 0xd4, 0x9f, 0xe0, 0x0a, 0xa6, 0x51, - 0xf3, 0xe7, 0x76, 0xdd, 0x58, 0xf0, 0x3c, 0x3c, 0xb7, 0x0b, 0xe4, 0x7d, 0x18, 0x16, 0x6d, 0x64, - 0x44, 0x46, 0xa3, 0xc3, 0x0e, 0xad, 0x46, 0x4a, 0xe0, 0x42, 0xc2, 0x36, 0x9b, 0x38, 0x79, 0xa3, - 0xcf, 0xdb, 0xfc, 0x3e, 0xdb, 0xb3, 0x1b, 0x2f, 0x42, 0xb9, 0x24, 0x37, 0x6f, 0xa4, 0x2c, 0xa9, - 0x48, 0x2c, 0x12, 0xd4, 0x65, 0x97, 0xe5, 0x4c, 0x98, 0xfa, 0x8d, 0x31, 0x07, 0x55, 0xe8, 0x30, - 0xa5, 0x7e, 0x1b, 0xe0, 0x6e, 0x5b, 0xf6, 0x1a, 0x14, 0x2b, 0x75, 0xdc, 0x50, 0xaa, 0xf4, 0xc8, - 0x69, 0x1d, 0xfa, 0x01, 0x55, 0x67, 0x9f, 0x64, 0x81, 0xe4, 0x35, 0xa3, 0x14, 0x14, 0x51, 0xb0, - 0x4e, 0x1d, 0x0c, 0xcc, 0x3c, 0xab, 0x34, 0x94, 0x44, 0x51, 0x36, 0x45, 0x87, 0xb3, 0xce, 0xf4, - 0x12, 0x3b, 0x9d, 0x35, 0x5f, 0x8e, 0xcd, 0x87, 0xb8, 0x60, 0x28, 0xe4, 0x50, 0xed, 0x10, 0x0a, - 0xa4, 0x4e, 0x85, 0xf2, 0xe5, 0x8d, 0x42, 0xad, 0xc8, 0xab, 0xe7, 0x58, 0x2c, 0x79, 0xd4, 0x79, - 0xd5, 0x7f, 0x0f, 0x26, 0x56, 0xd8, 0x82, 0xde, 0x6e, 0xb8, 0x3c, 0x18, 0x3d, 0x31, 0xa3, 0x8b, - 0xe7, 0x12, 0xae, 0xca, 0xd4, 0x57, 0x48, 0x2a, 0x2c, 0x08, 0x72, 0x4f, 0xd1, 0x60, 0x72, 0x3c, - 0xa6, 0x25, 0x5b, 0x91, 0x0f, 0x00, 0x4f, 0xf8, 0xc2, 0x64, 0x30, 0xcb, 0x15, 0xcb, 0x4a, 0xab, - 0xd5, 0x94, 0x96, 0x6d, 0x7e, 0x53, 0xff, 0xba, 0x71, 0x12, 0x4d, 0x95, 0x4b, 0xde, 0x69, 0xdd, - 0xf3, 0x73, 0x2d, 0x15, 0x6d, 0x0e, 0xcf, 0x9c, 0xf2, 0x6e, 0x73, 0x51, 0x85, 0x8f, 0xae, 0x34, - 0x9b, 0x29, 0xe2, 0x90, 0xbc, 0x65, 0x72, 0xcf, 0xc2, 0xe9, 0x56, 0x03, 0x9e, 0xf4, 0xb9, 0xf2, - 0x56, 0x69, 0xb5, 0xf8, 0x62, 0x79, 0x59, 0x2d, 0x18, 0x66, 0x41, 0xfa, 0xa4, 0x9f, 0x2c, 0x17, - 0x6b, 0xfb, 0x03, 0x9c, 0x66, 0x71, 0xbe, 0x5a, 0xa2, 0x9f, 0x9b, 0x93, 0xe9, 0x7a, 0x95, 0x2e, - 0x97, 0x28, 0x54, 0xfb, 0xc4, 0x64, 0x22, 0x75, 0xbf, 0x32, 0xf0, 0xa4, 0x52, 0xfa, 0x73, 0x7e, - 0x97, 0xf3, 0x8a, 0x95, 0xc1, 0xb5, 0x98, 0xcc, 0x09, 0xae, 0xba, 0x9c, 0x93, 0x6b, 0x5e, 0x75, - 0x39, 0x37, 0x99, 0xf8, 0x03, 0x28, 0x26, 0xd3, 0x11, 0x2b, 0xa6, 0x39, 0x79, 0x8a, 0x73, 0xc7, - 0xe4, 0x1e, 0x4c, 0xeb, 0x23, 0xaa, 0xfa, 0x9d, 0xb7, 0xfa, 0xe7, 0xf1, 0xd9, 0x81, 0x99, 0xcc, - 0xec, 0xc1, 0x6a, 0x8b, 0xed, 0x94, 0x5b, 0x38, 0x97, 0x2b, 0x85, 0xf3, 0xd9, 0x09, 0xc4, 0xc9, - 0x6b, 0xa6, 0xfd, 0x20, 0x3b, 0x9d, 0xf2, 0xdc, 0xeb, 0x5d, 0xb0, 0x84, 0x40, 0xbf, 0xc6, 0x1d, - 0x30, 0x55, 0xc7, 0x55, 0xcd, 0xa2, 0x90, 0x53, 0x81, 0xd5, 0x09, 0x45, 0xcd, 0x81, 0xe9, 0x8c, - 0xe2, 0x7c, 0x11, 0x5f, 0xcb, 0xe7, 0x19, 0x4f, 0xac, 0x3d, 0x19, 0x25, 0x39, 0x57, 0x32, 0x1d, - 0x13, 0x4d, 0x77, 0x38, 0x92, 0xce, 0xa9, 0xf9, 0x70, 0xfa, 0x26, 0xe7, 0x71, 0x6b, 0x28, 0xeb, - 0x8f, 0x91, 0x05, 0x3a, 0x69, 0xfd, 0xc9, 0xca, 0x5e, 0xad, 0xc4, 0xd0, 0x29, 0x3f, 0x3a, 0xdf, - 0x8d, 0xbf, 0xe2, 0xe6, 0x20, 0xb3, 0x0a, 0xdd, 0x1c, 0x94, 0xc9, 0xff, 0x4a, 0x3e, 0x82, 0xce, - 0xdc, 0xe1, 0x77, 0xbf, 0x89, 0x34, 0xd6, 0x44, 0x3f, 0x71, 0x65, 0xa7, 0xb8, 0x56, 0x73, 0x23, - 0x13, 0x45, 0xaf, 0xe2, 0x91, 0xfc, 0x06, 0x73, 0xa4, 0xd4, 0x21, 0xc7, 0x77, 0x67, 0x35, 0x65, - 0x0b, 0x4a, 0xf1, 0x60, 0x26, 0x3a, 0x70, 0xc6, 0xa1, 0x94, 0xc2, 0xb8, 0x90, 0x9b, 0xd9, 0x9b, - 0xbc, 0x99, 0xfa, 0xd2, 0x73, 0x04, 0xd3, 0xb1, 0x0a, 0xbe, 0x9e, 0x6b, 0x51, 0x97, 0x2f, 0xc6, - 0xb6, 0x60, 0x3d, 0x09, 0x78, 0x6a, 0x3d, 0xcf, 0xc8, 0x10, 0x7e, 0x1f, 0xf5, 0x62, 0x2d, 0xcb, - 0x77, 0x6e, 0xaf, 0x2f, 0x65, 0xf1, 0x09, 0xd3, 0x2b, 0xae, 0xd6, 0x2e, 0xa9, 0xa7, 0x25, 0x0b, - 0xce, 0xb2, 0xe2, 0x9e, 0xa6, 0x69, 0x79, 0x7c, 0x96, 0x61, 0x54, 0x4b, 0x0f, 0x4e, 0x2e, 0x18, - 0x62, 0x32, 0xf6, 0xd0, 0x39, 0xa3, 0x73, 0xe6, 0xf6, 0xb9, 0x84, 0x16, 0x69, 0x95, 0x64, 0x3c, - 0xb7, 0x15, 0x17, 0xd3, 0x3c, 0x0c, 0x6b, 0xb4, 0x92, 0x02, 0x6f, 0xcd, 0x7c, 0x52, 0x38, 0x46, - 0x83, 0xf2, 0xbb, 0x44, 0x74, 0xd1, 0x74, 0x69, 0x52, 0xbe, 0xfe, 0x3a, 0x25, 0x72, 0x90, 0x62, - 0xaa, 0x14, 0x19, 0xb1, 0xef, 0xbc, 0x32, 0xad, 0x69, 0xd0, 0x0e, 0x96, 0x8e, 0x6d, 0x7c, 0xf8, - 0x91, 0x91, 0x2f, 0x5d, 0xad, 0xb0, 0x1d, 0xd3, 0xa9, 0x67, 0xe8, 0x6e, 0x6a, 0xcd, 0xce, 0xe5, - 0xd8, 0x31, 0x81, 0x7a, 0x6e, 0x4b, 0x7f, 0xa8, 0xad, 0xd9, 0xa9, 0xac, 0xe8, 0xe4, 0x7a, 0x52, - 0x71, 0xcb, 0x4b, 0x9c, 0xde, 0x61, 0x4f, 0x98, 0xce, 0x4a, 0xa8, 0xae, 0x99, 0x87, 0x73, 0xb3, - 0xad, 0x67, 0x48, 0xc1, 0x96, 0xf3, 0x3f, 0x87, 0x5b, 0x87, 0xf4, 0xea, 0xb9, 0x2d, 0xfc, 0x52, - 0x5b, 0xe8, 0x12, 0x69, 0xd0, 0xd5, 0x71, 0xbc, 0x4b, 0x9e, 0xf4, 0x5c, 0xde, 0x9b, 0xf8, 0x54, - 0x28, 0x9d, 0xc3, 0x5c, 0x69, 0x36, 0x9d, 0x32, 0x9c, 0x67, 0x5a, 0x8f, 0x67, 0xd2, 0x5d, 0x64, - 0xfc, 0xce, 0x27, 0x6c, 0xbf, 0xdd, 0x1a, 0xf6, 0xb5, 0x5c, 0x8c, 0x33, 0x72, 0x9f, 0x27, 0x16, - 0xe3, 0xfc, 0xec, 0xe8, 0x1d, 0x8e, 0x41, 0x93, 0x55, 0xf7, 0xc0, 0xd3, 0x52, 0x97, 0xab, 0x43, - 0x50, 0x3a, 0x9b, 0xba, 0x5a, 0x62, 0xb2, 0x32, 0x9d, 0x6f, 0x31, 0xfd, 0x87, 0x6b, 0xef, 0x7a, - 0x12, 0x6a, 0x32, 0x97, 0x9f, 0x7b, 0x5b, 0x2d, 0x37, 0x99, 0x59, 0xab, 0x35, 0x86, 0x7a, 0x06, - 0x68, 0xc5, 0x30, 0x23, 0x19, 0xb5, 0x62, 0x98, 0x99, 0x32, 0xfa, 0x16, 0x5a, 0x5d, 0x6c, 0xbf, - 0x49, 0x75, 0xab, 0x8b, 0x96, 0x52, 0x38, 0x61, 0xf4, 0x20, 0x1f, 0xa1, 0xc9, 0xa3, 0xb3, 0x9d, - 0x64, 0xd6, 0xe4, 0xa4, 0x7b, 0x96, 0x8c, 0xa8, 0x7c, 0xcd, 0xca, 0xc6, 0x9e, 0x4c, 0x19, 0x3d, - 0x57, 0x4a, 0x17, 0x08, 0xfa, 0x77, 0xa5, 0xd5, 0x04, 0x1b, 0x5c, 0x32, 0xad, 0x4d, 0xf9, 0x6d, - 0x7e, 0x57, 0x9a, 0x4c, 0x0c, 0xb2, 0x54, 0xb6, 0xe6, 0x24, 0xd9, 0xf7, 0x60, 0x2c, 0xce, 0xcc, - 0xbc, 0xb7, 0xa0, 0x11, 0x26, 0xd2, 0x35, 0x27, 0x09, 0xdf, 0x97, 0xd7, 0x2a, 0x58, 0x9f, 0x59, - 0xd8, 0x59, 0x05, 0xf8, 0x44, 0x9a, 0x68, 0x8c, 0x96, 0xa6, 0xf2, 0x3c, 0x77, 0x58, 0xb9, 0xc7, - 0xf4, 0x74, 0x92, 0x6a, 0x5e, 0x64, 0x24, 0x84, 0x55, 0xf3, 0x22, 0x2b, 0xa1, 0x6b, 0x7c, 0xed, - 0xf0, 0x85, 0xb4, 0x47, 0xc4, 0x4c, 0x2f, 0x19, 0xcd, 0x4a, 0xf1, 0xbd, 0x9c, 0x57, 0x9c, 0x64, - 0x5d, 0x85, 0x62, 0x32, 0xf7, 0xa5, 0x3a, 0xcc, 0xe5, 0x24, 0x29, 0x55, 0x27, 0xc4, 0xdc, 0xa4, - 0x99, 0xdb, 0xd2, 0xb8, 0x6e, 0xf2, 0xbd, 0x9a, 0xdd, 0x28, 0x9d, 0x75, 0xbe, 0xb5, 0x7d, 0xdc, - 0x48, 0x83, 0xa9, 0x1f, 0xb3, 0x53, 0x69, 0x36, 0x75, 0xb5, 0x2c, 0x23, 0x73, 0xa6, 0x2b, 0x83, - 0x3d, 0x65, 0x67, 0xe3, 0x7e, 0xcb, 0x3c, 0xff, 0x76, 0x88, 0x99, 0xde, 0xf5, 0x0a, 0x9a, 0xfc, - 0x0a, 0xcc, 0xe6, 0x84, 0x97, 0x26, 0xaf, 0x27, 0xcc, 0xb4, 0xd9, 0xe1, 0xa7, 0xd5, 0x04, 0xc9, - 0xcc, 0x4f, 0xbd, 0x81, 0xbe, 0x0b, 0x46, 0x58, 0x87, 0xd4, 0x7d, 0xe0, 0x23, 0x37, 0x3a, 0xe4, - 0x69, 0x98, 0xb5, 0x35, 0x37, 0x33, 0x1e, 0x04, 0xa9, 0xe2, 0x41, 0xc6, 0x80, 0x66, 0x5c, 0x09, - 0x66, 0x30, 0x9c, 0xcb, 0x66, 0xc8, 0xd6, 0x0e, 0x36, 0x17, 0x32, 0x62, 0x6e, 0xa8, 0xb9, 0x90, - 0x1f, 0x8f, 0x23, 0xb7, 0x99, 0xdb, 0x52, 0xc1, 0xca, 0xe6, 0x98, 0x1f, 0x7e, 0x23, 0x97, 0xe3, - 0x03, 0xc6, 0x31, 0x15, 0x51, 0x83, 0xe4, 0xa0, 0x77, 0x5e, 0x3d, 0x6c, 0xb9, 0x5f, 0x9b, 0x54, - 0x0b, 0x5a, 0xfb, 0xf2, 0x62, 0x77, 0xe4, 0xb6, 0x6f, 0x45, 0x7e, 0x4f, 0xd9, 0xed, 0x3b, 0xed, - 0x8e, 0xad, 0x2e, 0xcf, 0x12, 0x41, 0x5d, 0x8c, 0x8e, 0x6a, 0xf0, 0xb9, 0x1c, 0x38, 0xd9, 0x44, - 0x67, 0xa4, 0x24, 0x54, 0x3b, 0xd1, 0x66, 0x47, 0x8d, 0xc9, 0xe5, 0xc7, 0xe7, 0xb1, 0x11, 0x75, - 0xe3, 0x2c, 0xf3, 0x38, 0x11, 0xae, 0x43, 0xcc, 0x63, 0x03, 0x7a, 0xb6, 0x79, 0x9c, 0x60, 0x68, - 0xce, 0xe3, 0x64, 0x33, 0x93, 0x66, 0x82, 0xdc, 0x51, 0x4d, 0x36, 0x53, 0xcd, 0xe3, 0x6c, 0x8e, - 0xf9, 0xd1, 0x51, 0x72, 0x39, 0xaa, 0x79, 0x6c, 0x72, 0xcc, 0x41, 0x3f, 0xe5, 0x3c, 0x4e, 0x56, - 0x62, 0xce, 0xe3, 0x33, 0xb5, 0x4f, 0xcd, 0xe3, 0xec, 0xf6, 0x9d, 0x79, 0x1e, 0x27, 0xc2, 0x09, - 0x19, 0x1d, 0xcd, 0x9a, 0xc7, 0x49, 0x7c, 0x3e, 0x8f, 0x93, 0xd0, 0x84, 0x65, 0xa6, 0xc3, 0x3c, - 0x4e, 0x52, 0x7e, 0x86, 0xfc, 0x12, 0xa1, 0x50, 0x4e, 0x33, 0x93, 0x73, 0xa3, 0xa8, 0x90, 0x47, - 0x68, 0x1b, 0x4c, 0xc0, 0x4f, 0x37, 0x9b, 0xe7, 0xf3, 0x98, 0xe2, 0x7c, 0xde, 0x93, 0x42, 0x4c, - 0x36, 0xd7, 0x34, 0x7c, 0x65, 0x47, 0x82, 0xe9, 0xd0, 0xe0, 0x3d, 0x36, 0x6f, 0x1a, 0x1d, 0xf8, - 0x76, 0x0a, 0x64, 0xd3, 0x81, 0xaf, 0x3a, 0x07, 0x25, 0xf9, 0xe6, 0x92, 0x74, 0x9e, 0xdf, 0x9f, - 0xcb, 0xdb, 0x91, 0x24, 0xdd, 0x42, 0xe2, 0x64, 0x75, 0xe6, 0x96, 0xaa, 0x13, 0x56, 0xb2, 0xa5, - 0x67, 0x9d, 0xe7, 0x1b, 0x52, 0x7b, 0x48, 0x45, 0xc0, 0x4a, 0x74, 0x5a, 0x9f, 0xeb, 0xb9, 0x25, - 0x64, 0x07, 0x0d, 0xc1, 0x69, 0xb8, 0x66, 0x44, 0xce, 0x0b, 0xb5, 0xd5, 0x95, 0x6b, 0x2a, 0x96, - 0x8f, 0xce, 0x35, 0x2f, 0xd0, 0x8f, 0xe2, 0x9a, 0xa6, 0xfe, 0x14, 0x4d, 0x67, 0xe2, 0xc5, 0x97, - 0xf7, 0xd8, 0xcf, 0x3f, 0xe7, 0x4c, 0x19, 0x0e, 0x53, 0x0c, 0x17, 0xfd, 0xd4, 0x3e, 0x16, 0xd7, - 0x7f, 0x12, 0x98, 0x2b, 0xfc, 0x2c, 0x7a, 0xf2, 0x29, 0x14, 0xc5, 0xf2, 0x16, 0x33, 0xc8, 0x42, - 0xcc, 0x1d, 0xba, 0x45, 0x69, 0xb1, 0x3b, 0x45, 0x0b, 0x4e, 0x63, 0xa9, 0x3b, 0x8d, 0x24, 0xf2, - 0xcd, 0x5a, 0x6c, 0x3b, 0xdc, 0x09, 0xda, 0x61, 0x44, 0x1b, 0x69, 0x73, 0x94, 0xd9, 0x18, 0xe9, - 0x56, 0x61, 0xa2, 0xef, 0x2d, 0x90, 0x35, 0x5c, 0xdb, 0x4c, 0x70, 0x27, 0x7b, 0x5d, 0x36, 0x1b, - 0x5c, 0x7a, 0x56, 0xd5, 0xd3, 0x22, 0xb3, 0x4d, 0x79, 0x75, 0xe7, 0x37, 0x4a, 0x89, 0xe8, 0x94, - 0xbd, 0xcb, 0x13, 0x11, 0x3f, 0x50, 0x73, 0xdb, 0x61, 0x37, 0xc9, 0x24, 0x1f, 0x3b, 0x91, 0x1f, - 0xc0, 0x88, 0x24, 0xee, 0x2e, 0x90, 0x24, 0x35, 0x0a, 0x64, 0x19, 0xc6, 0x8d, 0x97, 0x5c, 0xea, - 0x74, 0x93, 0xf5, 0xbe, 0xab, 0xc3, 0x38, 0x8f, 0x1b, 0x2f, 0xb6, 0x14, 0x97, 0xac, 0x77, 0x5c, - 0xb9, 0x5c, 0xbe, 0x0f, 0xa3, 0x42, 0xa4, 0x1d, 0xa5, 0x91, 0x6f, 0xac, 0x9b, 0xd1, 0xbc, 0xa2, - 0xdb, 0x0d, 0x37, 0x5a, 0xf2, 0xbd, 0xc7, 0xee, 0x41, 0x57, 0xc1, 0xa4, 0x49, 0xf6, 0x16, 0xc8, - 0x57, 0x98, 0xb4, 0x58, 0xa6, 0x92, 0xa6, 0xd1, 0x33, 0x3f, 0x78, 0xe2, 0x7a, 0x07, 0x5d, 0x58, - 0x5e, 0x31, 0x59, 0x26, 0xe9, 0xa4, 0xe3, 0xc9, 0x57, 0x30, 0x57, 0xcd, 0x67, 0xde, 0x95, 0x49, - 0xe7, 0xed, 0xa5, 0x0a, 0xf3, 0xe8, 0x7a, 0x73, 0xd6, 0xb6, 0x77, 0x64, 0xfa, 0x05, 0x0f, 0xa2, - 0x28, 0x0d, 0xfd, 0x75, 0x3f, 0x68, 0x74, 0xe7, 0x58, 0x36, 0x9d, 0x79, 0x13, 0x64, 0x52, 0x18, - 0x5f, 0xc0, 0x85, 0x6a, 0x2e, 0xeb, 0x6e, 0x2c, 0xba, 0x69, 0x92, 0x17, 0x51, 0x14, 0x67, 0x6c, - 0x77, 0x47, 0x9e, 0x6b, 0xb8, 0xa6, 0xb1, 0x7d, 0x68, 0x3b, 0xa0, 0x8f, 0x69, 0x80, 0x2e, 0xe3, - 0xdd, 0x9c, 0xa5, 0x4d, 0x74, 0xd9, 0xf3, 0x35, 0x38, 0x57, 0x4d, 0xb1, 0xca, 0x23, 0xe9, 0x76, - 0x79, 0x34, 0x85, 0x3d, 0x3d, 0x65, 0xbb, 0xba, 0xb8, 0x18, 0x8d, 0xde, 0xa7, 0xd1, 0xee, 0x5a, - 0x17, 0x29, 0xc9, 0x37, 0x0d, 0x12, 0x71, 0xef, 0x0e, 0xa3, 0xac, 0x6a, 0x94, 0x69, 0x8c, 0xdc, - 0x8f, 0xf7, 0x07, 0xf2, 0x22, 0xa5, 0x6b, 0xb5, 0x79, 0x1c, 0xee, 0xe2, 0x5a, 0x28, 0xdc, 0xa6, - 0x35, 0x13, 0x24, 0x87, 0xc4, 0xa6, 0x3a, 0xcd, 0x83, 0x3a, 0x24, 0x15, 0x7e, 0xfc, 0xe3, 0xd3, - 0x43, 0xc0, 0x2e, 0xa7, 0xdc, 0xe9, 0x3b, 0xb2, 0xe0, 0x26, 0xd4, 0x75, 0xbf, 0xfe, 0x44, 0x37, - 0xa1, 0x6a, 0x69, 0xed, 0xe7, 0xcc, 0xa4, 0xf3, 0x62, 0xc5, 0xc7, 0xcc, 0xf3, 0xba, 0xd7, 0x98, - 0x9e, 0xd8, 0x5e, 0x37, 0xa1, 0x9a, 0x29, 0xf8, 0xef, 0x4a, 0xdb, 0x22, 0x56, 0x68, 0x72, 0xce, - 0x15, 0x8d, 0x32, 0x2b, 0x22, 0x91, 0x69, 0x56, 0xd4, 0x1b, 0x9a, 0x7f, 0x11, 0x40, 0xd2, 0x39, - 0xf8, 0xd5, 0x61, 0x25, 0x37, 0x3d, 0x7f, 0x07, 0xe7, 0xaf, 0x29, 0xe1, 0x32, 0x64, 0x08, 0x5e, - 0x05, 0x22, 0x4e, 0x97, 0xc5, 0xa2, 0xd4, 0x3d, 0x99, 0x6e, 0x17, 0xc8, 0x26, 0x9c, 0xbf, 0x4f, - 0x23, 0xb1, 0xc6, 0xd9, 0x34, 0x8c, 0x02, 0xb7, 0x1e, 0x75, 0xbc, 0x55, 0x94, 0x67, 0x93, 0x0c, - 0x9a, 0xbd, 0x77, 0x18, 0xbf, 0x6a, 0x36, 0xbf, 0x8e, 0x74, 0x1d, 0xfc, 0x6b, 0xc5, 0x55, 0xc5, - 0x59, 0x9a, 0x98, 0x3f, 0xc5, 0x87, 0xb8, 0xfb, 0x4e, 0x3e, 0x69, 0x31, 0x8e, 0x7a, 0x22, 0x4e, - 0x5b, 0x37, 0x61, 0x90, 0x13, 0xe5, 0x6e, 0xa8, 0x63, 0x3a, 0x0d, 0xb9, 0x03, 0x23, 0xca, 0xff, - 0x86, 0x18, 0x45, 0xb9, 0xed, 0xba, 0x03, 0x23, 0xfc, 0x68, 0x75, 0x7a, 0x92, 0x8f, 0x60, 0x44, - 0x39, 0xec, 0x9c, 0x79, 0xa7, 0xff, 0x14, 0xc6, 0x75, 0xd7, 0x9d, 0xb3, 0x0b, 0xf2, 0xfb, 0x78, - 0xf7, 0x2b, 0xaf, 0x58, 0xf2, 0xe9, 0x67, 0x12, 0x99, 0xbe, 0x84, 0x48, 0xf9, 0x02, 0x29, 0x81, - 0xb9, 0xcd, 0x3f, 0x97, 0xa2, 0x26, 0x1f, 0xc9, 0xd7, 0x54, 0x8a, 0x38, 0x8d, 0xd4, 0x41, 0x66, - 0x13, 0x5c, 0xcc, 0x2f, 0x42, 0xac, 0x16, 0xd8, 0xae, 0xcd, 0x3e, 0xcd, 0x1d, 0x75, 0x77, 0xd1, - 0xe5, 0x71, 0xd9, 0x42, 0x2d, 0x2d, 0x95, 0x83, 0x2e, 0x9f, 0xd1, 0xe5, 0xfc, 0xb4, 0x75, 0x38, - 0x18, 0x0f, 0xf0, 0x14, 0x98, 0x2a, 0xcd, 0xed, 0x5e, 0x87, 0x34, 0x78, 0xf1, 0xb1, 0x37, 0xcd, - 0xae, 0x03, 0x59, 0xa7, 0x53, 0xb4, 0x78, 0x23, 0xfa, 0x4a, 0xd8, 0xad, 0x49, 0x0f, 0xc8, 0xd3, - 0x77, 0x36, 0xbf, 0x65, 0x17, 0x33, 0x6e, 0xc5, 0xbb, 0x8e, 0x45, 0x1e, 0xbb, 0x5f, 0x41, 0xed, - 0x30, 0x33, 0x18, 0x58, 0x3e, 0xb3, 0xeb, 0x9a, 0x63, 0x45, 0x26, 0xa5, 0xda, 0xf4, 0x9e, 0xe0, - 0x33, 0xb5, 0xec, 0x2c, 0x7d, 0x6f, 0x74, 0xe1, 0x22, 0x25, 0xf1, 0x66, 0x57, 0x3c, 0x75, 0xc7, - 0x7a, 0x91, 0xef, 0xb0, 0xd9, 0xf5, 0x75, 0xc9, 0x3a, 0x98, 0x71, 0xed, 0xad, 0xdc, 0x4b, 0xb3, - 0x19, 0x9a, 0xee, 0xa5, 0x1d, 0xfb, 0x90, 0x27, 0xfe, 0xcf, 0xa0, 0x1c, 0x7b, 0x8f, 0x9c, 0x6d, - 0x10, 0xf2, 0xbd, 0x1a, 0x49, 0x4a, 0x52, 0x21, 0xe9, 0x94, 0x86, 0x67, 0xee, 0x6a, 0x9e, 0x84, - 0x43, 0xcd, 0x2d, 0x49, 0x78, 0xc5, 0x25, 0xf2, 0x55, 0xe6, 0x65, 0xbe, 0xec, 0x60, 0x87, 0x15, - 0xef, 0xf6, 0x5e, 0x09, 0xa3, 0xf4, 0x68, 0x9f, 0x9d, 0x91, 0x72, 0xee, 0x48, 0x30, 0xb2, 0x3a, - 0x0c, 0x6f, 0xf7, 0xab, 0xc7, 0x52, 0xce, 0xb8, 0x9e, 0x7d, 0x40, 0x9d, 0xf8, 0xad, 0x5a, 0x22, - 0x76, 0xa0, 0xfe, 0x3e, 0x38, 0x5d, 0x94, 0x7c, 0x68, 0x95, 0x85, 0xa1, 0x3c, 0xaa, 0x4a, 0xb2, - 0x0a, 0x06, 0x67, 0x47, 0x11, 0x3f, 0x70, 0xa3, 0xe7, 0x4b, 0xf6, 0x7a, 0x6c, 0x56, 0xd0, 0x0b, - 0x24, 0x6f, 0x90, 0x85, 0xf6, 0x3a, 0xf9, 0x12, 0x97, 0x12, 0xc1, 0x7e, 0xd1, 0xf7, 0xa3, 0x30, - 0x0a, 0x9c, 0x56, 0xb5, 0x1e, 0xb8, 0xad, 0x28, 0xb7, 0xd3, 0xb1, 0x03, 0x78, 0x16, 0x99, 0xe6, - 0x8f, 0x2a, 0x62, 0xcb, 0x67, 0x45, 0xdf, 0x51, 0x6f, 0x72, 0xb2, 0x0a, 0x3b, 0x9c, 0x5c, 0xaa, - 0x32, 0x9a, 0xfc, 0xab, 0x64, 0x5a, 0x83, 0xd9, 0x9c, 0x98, 0x45, 0xea, 0xf6, 0xb6, 0x73, 0x4c, - 0xa3, 0xb9, 0xce, 0x15, 0x93, 0xaf, 0x60, 0x26, 0x33, 0xa8, 0x91, 0xb2, 0x40, 0x77, 0x0a, 0x79, - 0xd4, 0x8d, 0xf9, 0x13, 0x28, 0xf1, 0xd7, 0x20, 0xe8, 0xf4, 0x6c, 0xc4, 0xb7, 0x89, 0xdf, 0x08, - 0xe5, 0x20, 0x24, 0xd7, 0xeb, 0x7c, 0x3c, 0xf5, 0xe0, 0x7d, 0x1a, 0x03, 0x9b, 0x24, 0xd2, 0xa1, - 0xab, 0x0f, 0x2f, 0xab, 0xb0, 0xd3, 0x43, 0xa4, 0x6d, 0x98, 0xd9, 0xa3, 0x81, 0xfb, 0xf8, 0x79, - 0x92, 0xa1, 0x94, 0x4c, 0x66, 0x69, 0x27, 0x8e, 0x9f, 0xc3, 0xec, 0x92, 0x7f, 0xd4, 0x12, 0x4f, - 0xfe, 0x0c, 0x9e, 0xea, 0x2a, 0x3e, 0xbb, 0xbc, 0xbb, 0x23, 0xd4, 0x5c, 0x7e, 0xe2, 0x7a, 0xe5, - 0xff, 0xd6, 0x35, 0xb7, 0xbd, 0x7a, 0xb8, 0x66, 0xd2, 0xef, 0xe0, 0x24, 0xcc, 0xca, 0x64, 0xaf, - 0x4f, 0xc2, 0x0e, 0x99, 0xee, 0x73, 0x1e, 0x90, 0xcd, 0xe6, 0x24, 0xaf, 0xef, 0xc0, 0xf5, 0x14, - 0xad, 0xdd, 0x94, 0x7b, 0x8b, 0x99, 0xe6, 0x3b, 0xe1, 0x71, 0x9d, 0x99, 0x03, 0x3c, 0xb3, 0x9d, - 0x5a, 0x64, 0x87, 0x66, 0xb3, 0x83, 0x8a, 0x45, 0xf4, 0xd0, 0x0e, 0x0c, 0x13, 0x8d, 0xf8, 0xe3, - 0x3a, 0x6d, 0xa7, 0xd5, 0x3a, 0x45, 0x8c, 0x4a, 0xed, 0x87, 0x30, 0x56, 0xd5, 0x2b, 0xcf, 0xa8, - 0x24, 0x77, 0x52, 0xa8, 0x27, 0x44, 0xdd, 0xdb, 0xde, 0xc1, 0x91, 0x54, 0x6d, 0x3c, 0xa7, 0xea, - 0x45, 0xae, 0xeb, 0x8c, 0x91, 0xb3, 0x4d, 0xed, 0x02, 0x59, 0x29, 0x15, 0x95, 0xeb, 0x4c, 0x76, - 0x9a, 0xb7, 0x1a, 0xcf, 0x32, 0x93, 0xcc, 0x98, 0x49, 0xac, 0xee, 0xa9, 0x69, 0x95, 0x43, 0x7d, - 0xc7, 0x94, 0x9b, 0xdc, 0xcf, 0x27, 0xce, 0x52, 0xa7, 0xfb, 0xf9, 0xa4, 0x72, 0xdf, 0xe9, 0x7e, - 0x3e, 0x19, 0x89, 0xed, 0x56, 0x90, 0x57, 0x9c, 0x9e, 0xa7, 0x83, 0x31, 0x42, 0xb1, 0xc9, 0xc8, - 0x02, 0xf4, 0x50, 0x0f, 0x10, 0xc2, 0x93, 0xfa, 0x74, 0xb0, 0xb5, 0x26, 0x03, 0x83, 0x24, 0xb2, - 0x00, 0xdd, 0x83, 0x22, 0xcf, 0x6f, 0x10, 0xc7, 0x54, 0x8c, 0xfd, 0x06, 0xd3, 0x69, 0x17, 0x3a, - 0x0c, 0x6a, 0x31, 0x19, 0x8d, 0x4e, 0x99, 0xcc, 0x72, 0xc2, 0xd4, 0x75, 0x98, 0xaa, 0x10, 0xc7, - 0x9c, 0x53, 0x86, 0xa9, 0x54, 0x18, 0xba, 0xb9, 0x0b, 0x19, 0x25, 0x4a, 0xa5, 0x1c, 0xd3, 0x23, - 0xd4, 0xa9, 0x2e, 0x65, 0x84, 0xad, 0x9b, 0xbb, 0x98, 0x59, 0x26, 0x18, 0x45, 0x3c, 0x3b, 0x73, - 0x76, 0x4e, 0xe9, 0xf8, 0x15, 0x58, 0x07, 0x1c, 0x59, 0xcd, 0x8d, 0xd3, 0xa0, 0x8a, 0x5a, 0xa9, - 0x4a, 0x4e, 0x94, 0x91, 0xc8, 0xfa, 0xcd, 0x8c, 0x87, 0x1a, 0x06, 0x46, 0xec, 0x0d, 0xd6, 0x39, - 0xab, 0x36, 0x79, 0x24, 0x93, 0xc5, 0xe4, 0xd4, 0xd4, 0x8d, 0x41, 0xee, 0x08, 0x3e, 0x92, 0xe9, - 0x61, 0x5e, 0x35, 0xe3, 0x7d, 0x98, 0x4f, 0xbc, 0xfe, 0x30, 0x19, 0xdf, 0xc8, 0x7e, 0x22, 0x92, - 0x29, 0x9e, 0x7c, 0x9d, 0xfd, 0x4a, 0xfa, 0x95, 0x48, 0x62, 0xdc, 0xcf, 0xba, 0xe6, 0x6d, 0xc0, - 0x04, 0x2e, 0x33, 0x32, 0x25, 0x7b, 0x1c, 0x9f, 0xc6, 0x04, 0x27, 0x03, 0x25, 0x25, 0x4b, 0x95, - 0xcb, 0xec, 0x98, 0x78, 0x51, 0xcc, 0x13, 0xbc, 0xcf, 0x99, 0xcf, 0x8c, 0x11, 0x98, 0xb5, 0x8b, - 0x89, 0xbc, 0xf1, 0xe4, 0xfb, 0x30, 0x19, 0x3f, 0x34, 0xe6, 0x2c, 0x32, 0xd0, 0x3a, 0x18, 0xca, - 0x26, 0xe3, 0xd7, 0xc6, 0x67, 0x27, 0x5f, 0x95, 0x5b, 0x51, 0x4c, 0x7e, 0x29, 0xf5, 0x56, 0xc6, - 0xe8, 0xc3, 0x69, 0x76, 0x24, 0x4d, 0xb6, 0x67, 0x1d, 0x9d, 0x3a, 0x7e, 0x6e, 0xd9, 0xa1, 0x17, - 0xf5, 0xcf, 0xad, 0x63, 0x78, 0x48, 0xa5, 0xfe, 0xe6, 0xf0, 0xd9, 0x80, 0x6b, 0x18, 0xae, 0x65, - 0x9b, 0x07, 0xe8, 0xcb, 0xc6, 0xca, 0x6f, 0x7b, 0x32, 0xc8, 0x4b, 0x13, 0xae, 0x76, 0x8d, 0x3d, - 0x49, 0x6e, 0x19, 0x2e, 0x2e, 0xdd, 0xa3, 0x54, 0x76, 0x38, 0x79, 0x4c, 0x67, 0x85, 0x70, 0x54, - 0xfb, 0x6c, 0x87, 0x68, 0x92, 0x6a, 0x9f, 0xed, 0x18, 0x03, 0xf2, 0x73, 0xcc, 0xc0, 0x24, 0xf6, - 0x28, 0x0c, 0xc1, 0x44, 0x3d, 0x1e, 0x94, 0xba, 0xe3, 0xb5, 0xcf, 0x55, 0xf3, 0x52, 0x34, 0x45, - 0x88, 0x67, 0x9a, 0xcb, 0xe2, 0x24, 0x96, 0xc7, 0xbc, 0x3b, 0x93, 0x0e, 0xae, 0xd5, 0x97, 0xf9, - 0x04, 0x3c, 0x73, 0xcb, 0x73, 0xe0, 0x8b, 0xcb, 0x3f, 0xfb, 0xcf, 0x97, 0x0b, 0x3f, 0xfb, 0xf9, - 0xe5, 0xc2, 0xbf, 0xff, 0xf9, 0xe5, 0xc2, 0x7f, 0xfa, 0xf9, 0xe5, 0xc2, 0x97, 0x0b, 0xa7, 0x0b, - 0x8d, 0x5c, 0x6f, 0xba, 0xd4, 0x8b, 0x6e, 0x71, 0x76, 0x83, 0xf8, 0xdf, 0xdd, 0xff, 0x1d, 0x00, - 0x00, 0xff, 0xff, 0x0a, 0x4a, 0x70, 0xc6, 0xba, 0xe6, 0x00, 0x00, + 0xde, 0xbb, 0xa5, 0xa3, 0xf1, 0xb5, 0x2f, 0x3c, 0xbe, 0x17, 0xd7, 0xf7, 0x23, 0x89, 0x0d, 0xc4, + 0x81, 0x03, 0x7f, 0x18, 0x01, 0x12, 0x20, 0xc8, 0x47, 0x90, 0x1f, 0xc7, 0x3f, 0xc9, 0x47, 0x90, + 0x8f, 0x4c, 0x0c, 0x18, 0x49, 0x60, 0xfb, 0x27, 0x1f, 0x74, 0x32, 0x40, 0x7e, 0x88, 0xe4, 0xc3, + 0x08, 0x12, 0x20, 0x03, 0x18, 0x08, 0x6a, 0xd5, 0x63, 0x57, 0xed, 0x47, 0x37, 0x29, 0xe9, 0x8c, + 0xf3, 0x23, 0xb1, 0x57, 0xad, 0xb5, 0xaa, 0x6a, 0x55, 0xed, 0xaa, 0x55, 0xab, 0x56, 0xad, 0x05, + 0x37, 0x23, 0xda, 0xa4, 0x2d, 0x3f, 0x88, 0x6e, 0x35, 0xe9, 0x81, 0x53, 0x7f, 0x7e, 0xab, 0xde, + 0x74, 0xa9, 0x17, 0xdd, 0x6a, 0x05, 0x7e, 0xe4, 0xdf, 0x72, 0xda, 0xd1, 0x61, 0x48, 0x83, 0xa7, + 0x6e, 0x9d, 0xde, 0x44, 0x08, 0x19, 0xc0, 0xff, 0xe6, 0xa6, 0x0f, 0xfc, 0x03, 0x9f, 0xe3, 0xb0, + 0xbf, 0x78, 0xe1, 0xdc, 0xc5, 0x03, 0xdf, 0x3f, 0x68, 0x52, 0x4e, 0xbc, 0xdf, 0x7e, 0x7c, 0x8b, + 0x1e, 0xb5, 0xa2, 0xe7, 0xa2, 0xb0, 0x9c, 0x2c, 0x8c, 0xdc, 0x23, 0x1a, 0x46, 0xce, 0x51, 0x4b, + 0x20, 0xbc, 0xa5, 0x9a, 0xe2, 0x44, 0x11, 0x2b, 0x89, 0x5c, 0xdf, 0xbb, 0xf5, 0xf4, 0x8e, 0xfe, + 0x53, 0xa0, 0x5e, 0xef, 0xd8, 0xea, 0x3a, 0x0d, 0xa2, 0xf0, 0x54, 0x98, 0xf4, 0x29, 0xf5, 0xa2, + 0x54, 0xf5, 0x02, 0x33, 0x7a, 0xde, 0xa2, 0x21, 0x47, 0x91, 0xff, 0x09, 0xd4, 0xab, 0xd9, 0xa8, + 0xf8, 0xaf, 0x40, 0xf9, 0x6e, 0x36, 0xca, 0x33, 0xba, 0xcf, 0x64, 0xea, 0xa9, 0x3f, 0xba, 0xa0, + 0x07, 0x4e, 0xab, 0x45, 0x83, 0xf8, 0x0f, 0x81, 0x7e, 0x41, 0xa1, 0x1f, 0x3d, 0x76, 0x98, 0x88, + 0x8e, 0x1e, 0x3b, 0xa9, 0x6e, 0xb4, 0x43, 0xe7, 0x80, 0x8a, 0xe6, 0x3f, 0xbd, 0xa3, 0xff, 0xe4, + 0xa8, 0xd6, 0x1f, 0x16, 0x60, 0xe0, 0x91, 0x13, 0xd5, 0x0f, 0xc9, 0xa7, 0x30, 0xf0, 0xd0, 0xf5, + 0x1a, 0x61, 0xa9, 0x70, 0xa5, 0xef, 0xfa, 0xe8, 0x42, 0xf1, 0x26, 0xef, 0x0a, 0x16, 0xb2, 0x82, + 0xc5, 0xd9, 0x9f, 0x1d, 0x97, 0x7b, 0x4e, 0x8e, 0xcb, 0x93, 0x4f, 0x18, 0xda, 0xdb, 0xfe, 0x91, + 0x1b, 0xe1, 0xd8, 0xda, 0x9c, 0x8e, 0xec, 0xc2, 0x54, 0xa5, 0xd9, 0xf4, 0x9f, 0x6d, 0x3b, 0x41, + 0xe4, 0x3a, 0xcd, 0x6a, 0xbb, 0x5e, 0xa7, 0x61, 0x58, 0xea, 0xbd, 0x52, 0xb8, 0x3e, 0xbc, 0x78, + 0xed, 0xe4, 0xb8, 0x5c, 0x76, 0x58, 0x71, 0xad, 0xc5, 0xcb, 0x6b, 0x21, 0x47, 0xd0, 0x18, 0x65, + 0xd1, 0x5b, 0x7f, 0x32, 0x08, 0xc5, 0x55, 0x3f, 0x8c, 0x96, 0xd8, 0x88, 0xda, 0xf4, 0xc7, 0x6d, + 0x1a, 0x46, 0xe4, 0x1a, 0x0c, 0x32, 0xd8, 0xda, 0x72, 0xa9, 0x70, 0xa5, 0x70, 0x7d, 0x64, 0x71, + 0xf4, 0xe4, 0xb8, 0x3c, 0x74, 0xe8, 0x87, 0x51, 0xcd, 0x6d, 0xd8, 0xa2, 0x88, 0xbc, 0x05, 0xc3, + 0x9b, 0x7e, 0x83, 0x6e, 0x3a, 0x47, 0x14, 0x5b, 0x31, 0xb2, 0x38, 0x7e, 0x72, 0x5c, 0x1e, 0xf1, + 0xfc, 0x06, 0xad, 0x79, 0xce, 0x11, 0xb5, 0x55, 0x31, 0xd9, 0x83, 0x7e, 0xdb, 0x6f, 0xd2, 0x52, + 0x1f, 0xa2, 0x2d, 0x9e, 0x1c, 0x97, 0xfb, 0x03, 0xbf, 0x49, 0x7f, 0x71, 0x5c, 0x7e, 0xef, 0xc0, + 0x8d, 0x0e, 0xdb, 0xfb, 0x37, 0xeb, 0xfe, 0xd1, 0xad, 0x83, 0xc0, 0x79, 0xea, 0xf2, 0x49, 0xe8, + 0x34, 0x6f, 0xc5, 0x53, 0xb5, 0xe5, 0x8a, 0x71, 0xaf, 0x3e, 0x0f, 0x23, 0x7a, 0xc4, 0x38, 0xd9, + 0xc8, 0x8f, 0x3c, 0x82, 0xe9, 0x4a, 0xa3, 0xe1, 0x72, 0x8a, 0xed, 0xc0, 0xf5, 0xea, 0x6e, 0xcb, + 0x69, 0x86, 0xa5, 0xfe, 0x2b, 0x7d, 0xd7, 0x47, 0x84, 0x50, 0x54, 0x79, 0xad, 0xa5, 0x10, 0x34, + 0xa1, 0x64, 0x32, 0x20, 0x77, 0x61, 0x78, 0x79, 0xb3, 0xca, 0xda, 0x1e, 0x96, 0x06, 0x90, 0xd9, + 0xec, 0xc9, 0x71, 0x79, 0xaa, 0xe1, 0x85, 0xd8, 0x35, 0x9d, 0x81, 0x42, 0x24, 0xef, 0xc1, 0xd8, + 0x76, 0x7b, 0xbf, 0xe9, 0xd6, 0x77, 0xd6, 0xab, 0x0f, 0xe9, 0xf3, 0xd2, 0xe0, 0x95, 0xc2, 0xf5, + 0xb1, 0x45, 0x72, 0x72, 0x5c, 0x9e, 0x68, 0x21, 0xbc, 0x16, 0x35, 0xc3, 0xda, 0x13, 0xfa, 0xdc, + 0x36, 0xf0, 0x62, 0xba, 0x6a, 0x75, 0x95, 0xd1, 0x0d, 0xa5, 0xe8, 0xc2, 0xf0, 0x50, 0xa7, 0xe3, + 0x78, 0xe4, 0x16, 0x80, 0x4d, 0x8f, 0xfc, 0x88, 0x56, 0x1a, 0x8d, 0xa0, 0x34, 0x8c, 0xb2, 0x9d, + 0x3c, 0x39, 0x2e, 0x8f, 0x06, 0x08, 0xad, 0x39, 0x8d, 0x46, 0x60, 0x6b, 0x28, 0x64, 0x09, 0x86, + 0x6d, 0x9f, 0x0b, 0xb8, 0x34, 0x72, 0xa5, 0x70, 0x7d, 0x74, 0x61, 0x52, 0x4c, 0x43, 0x09, 0x5e, + 0x3c, 0x7f, 0x72, 0x5c, 0x26, 0x81, 0xf8, 0xa5, 0xf7, 0x52, 0x62, 0x90, 0x32, 0x0c, 0x6d, 0xfa, + 0x4b, 0x4e, 0xfd, 0x90, 0x96, 0x00, 0xe7, 0xde, 0xc0, 0xc9, 0x71, 0xb9, 0xf0, 0x5d, 0x5b, 0x42, + 0xc9, 0x53, 0x18, 0x8d, 0x07, 0x2a, 0x2c, 0x8d, 0xa2, 0xf8, 0x76, 0x4e, 0x8e, 0xcb, 0xe7, 0x43, + 0x04, 0xd7, 0xd8, 0xd0, 0x6b, 0x12, 0x7c, 0x89, 0x59, 0xa0, 0x57, 0x44, 0xbe, 0x86, 0x99, 0xf8, + 0x67, 0x25, 0x0c, 0x69, 0xc0, 0x78, 0xac, 0x2d, 0x97, 0xc6, 0x51, 0x32, 0x6f, 0x9c, 0x1c, 0x97, + 0x2d, 0xad, 0x05, 0x35, 0x47, 0xa2, 0xd4, 0xdc, 0x86, 0xd6, 0xd3, 0x6c, 0x26, 0x0f, 0xfa, 0x87, + 0xc7, 0x8a, 0xe3, 0xf6, 0xa5, 0x5d, 0x2f, 0x8c, 0x9c, 0xfd, 0x26, 0xcd, 0x44, 0xb2, 0xfe, 0xba, + 0x00, 0x64, 0xab, 0x45, 0xbd, 0x6a, 0x75, 0x95, 0x7d, 0x4f, 0xf2, 0x73, 0x7a, 0x1b, 0x46, 0xf8, + 0xc0, 0xb1, 0xd1, 0xed, 0xc5, 0xd1, 0x9d, 0x38, 0x39, 0x2e, 0x83, 0x18, 0x5d, 0x36, 0xb2, 0x31, + 0x02, 0x79, 0x1d, 0xfa, 0x76, 0x76, 0xd6, 0xf1, 0x5b, 0xe9, 0x5b, 0x9c, 0x3a, 0x39, 0x2e, 0xf7, + 0x45, 0x51, 0xf3, 0x17, 0xc7, 0xe5, 0xe1, 0xe5, 0x76, 0x80, 0x62, 0xb1, 0x59, 0x39, 0x79, 0x1d, + 0x86, 0x96, 0x9a, 0xed, 0x30, 0xa2, 0x41, 0xa9, 0x3f, 0xfe, 0x48, 0xeb, 0x1c, 0x64, 0xcb, 0x32, + 0xf2, 0x1d, 0xe8, 0xdf, 0x0d, 0x69, 0x50, 0x1a, 0xc0, 0xf1, 0x1e, 0x17, 0xe3, 0xcd, 0x40, 0x7b, + 0x0b, 0x8b, 0xc3, 0xec, 0x4b, 0x6c, 0x87, 0x34, 0xb0, 0x11, 0x89, 0xdc, 0x84, 0x01, 0x3e, 0x68, + 0x83, 0xb8, 0x48, 0x8d, 0xab, 0xd9, 0xd1, 0xa4, 0x7b, 0xef, 0x2d, 0x8e, 0x9c, 0x1c, 0x97, 0x07, + 0x70, 0xf0, 0x6c, 0x8e, 0xf6, 0xa0, 0x7f, 0xb8, 0x50, 0xec, 0xb5, 0x87, 0x19, 0x2d, 0xfb, 0x2c, + 0xac, 0xef, 0xc0, 0xa8, 0xd6, 0x7d, 0x32, 0x0f, 0xfd, 0xec, 0x7f, 0x5c, 0x44, 0xc6, 0x78, 0x65, + 0x6c, 0xe3, 0xb0, 0x11, 0x6a, 0xfd, 0xf3, 0x49, 0x28, 0x32, 0x4a, 0x63, 0xe5, 0x31, 0x44, 0x55, + 0xe8, 0x26, 0xaa, 0xeb, 0xa0, 0xea, 0x16, 0x4b, 0xd0, 0xd8, 0xc9, 0x71, 0x79, 0xb8, 0x2d, 0x60, + 0x71, 0xcb, 0x48, 0x15, 0x86, 0x56, 0xbe, 0x69, 0xb9, 0x01, 0x0d, 0x51, 0xb0, 0xa3, 0x0b, 0x73, + 0x37, 0xf9, 0x66, 0x79, 0x53, 0x6e, 0x96, 0x37, 0x77, 0xe4, 0x66, 0xb9, 0x78, 0x49, 0x2c, 0xc5, + 0xe7, 0x28, 0x27, 0x89, 0x67, 0xc7, 0xef, 0xfc, 0x65, 0xb9, 0x60, 0x4b, 0x4e, 0xe4, 0x6d, 0x18, + 0xbc, 0xe7, 0x07, 0x47, 0x4e, 0x24, 0x46, 0x60, 0xfa, 0xe4, 0xb8, 0x5c, 0x7c, 0x8c, 0x10, 0x6d, + 0x42, 0x09, 0x1c, 0x72, 0x0f, 0x26, 0x6c, 0xbf, 0x1d, 0xd1, 0x1d, 0x5f, 0x8e, 0xdb, 0x00, 0x52, + 0x5d, 0x3e, 0x39, 0x2e, 0xcf, 0x05, 0xac, 0xa4, 0x16, 0xf9, 0x35, 0x31, 0x80, 0x1a, 0x7d, 0x82, + 0x8a, 0xac, 0xc0, 0x44, 0x05, 0xd7, 0x6e, 0x21, 0x33, 0x3e, 0x5a, 0x23, 0x8b, 0x97, 0x4e, 0x8e, + 0xcb, 0x17, 0x1c, 0x2c, 0xa9, 0x05, 0xa2, 0x48, 0x67, 0x63, 0x12, 0x91, 0x4d, 0x38, 0xf7, 0xb0, + 0xbd, 0x4f, 0x03, 0x8f, 0x46, 0x34, 0x94, 0x2d, 0x1a, 0xc2, 0x16, 0x5d, 0x39, 0x39, 0x2e, 0xcf, + 0x3f, 0x51, 0x85, 0x19, 0x6d, 0x4a, 0x93, 0x12, 0x0a, 0x93, 0xa2, 0xa1, 0xcb, 0x4e, 0xe4, 0xec, + 0x3b, 0x21, 0xc5, 0x25, 0x69, 0x74, 0xe1, 0x3c, 0x17, 0xf1, 0xcd, 0x44, 0xe9, 0xe2, 0x35, 0x21, + 0xe5, 0x8b, 0xaa, 0xef, 0x0d, 0x51, 0xa4, 0x55, 0x94, 0xe4, 0xc9, 0x56, 0x66, 0xb5, 0xeb, 0x8c, + 0x60, 0x6b, 0x71, 0x65, 0x56, 0xbb, 0x8e, 0xbe, 0x66, 0xa9, 0xfd, 0x67, 0x1d, 0x06, 0x76, 0xd9, + 0xde, 0x8c, 0x2b, 0xd6, 0xc4, 0xc2, 0x55, 0xd1, 0xa2, 0xe4, 0xec, 0xbb, 0xc9, 0x7e, 0x20, 0x22, + 0x7e, 0x77, 0x93, 0xb8, 0x9f, 0xeb, 0x3b, 0x31, 0x96, 0x91, 0xcf, 0x00, 0x44, 0xab, 0x2a, 0xad, + 0x56, 0x69, 0x14, 0x3b, 0x79, 0xce, 0xec, 0x64, 0xa5, 0xd5, 0x5a, 0xbc, 0x2c, 0xfa, 0x77, 0x5e, + 0xf5, 0xcf, 0x69, 0xb5, 0x34, 0x6e, 0x1a, 0x13, 0xf2, 0x29, 0x8c, 0xe1, 0x82, 0x26, 0x47, 0x74, + 0x0c, 0x47, 0xf4, 0xe2, 0xc9, 0x71, 0x79, 0x16, 0xd7, 0xaa, 0x8c, 0xf1, 0x34, 0x08, 0xc8, 0x6f, + 0xc0, 0x8c, 0x60, 0xf7, 0xc8, 0xf5, 0x1a, 0xfe, 0xb3, 0x70, 0x99, 0x86, 0x4f, 0x22, 0xbf, 0x85, + 0x8b, 0xdf, 0xe8, 0xc2, 0xbc, 0xd9, 0x3c, 0x13, 0x67, 0xf1, 0x86, 0x68, 0xa9, 0xa5, 0x5a, 0xfa, + 0x8c, 0x23, 0xd4, 0x1a, 0x1c, 0x43, 0x5f, 0x1e, 0x33, 0x59, 0x90, 0x35, 0x98, 0xdc, 0x0d, 0xa9, + 0xd1, 0x87, 0x09, 0xdc, 0x1d, 0xca, 0x6c, 0x84, 0xdb, 0x21, 0xad, 0xe5, 0xf5, 0x23, 0x49, 0x47, + 0x6c, 0x20, 0xcb, 0x81, 0xdf, 0x4a, 0xcc, 0xf1, 0x49, 0x94, 0x88, 0x75, 0x72, 0x5c, 0xbe, 0xdc, + 0x08, 0xfc, 0x56, 0x2d, 0x7f, 0xa2, 0x67, 0x50, 0x93, 0x1f, 0xc2, 0xf9, 0x25, 0xdf, 0xf3, 0x68, + 0x9d, 0xad, 0x9f, 0xcb, 0xae, 0x73, 0xe0, 0xf9, 0x61, 0xe4, 0xd6, 0xd7, 0x96, 0x4b, 0xc5, 0x78, + 0x73, 0xa8, 0x2b, 0x8c, 0x5a, 0x43, 0xa1, 0x98, 0x9b, 0x43, 0x0e, 0x17, 0xf2, 0x15, 0x8c, 0x8b, + 0xba, 0x68, 0x80, 0x53, 0xf3, 0x5c, 0xe7, 0x89, 0xa6, 0x90, 0xf9, 0x36, 0x1f, 0xc8, 0x9f, 0x5c, + 0x71, 0x32, 0x79, 0x91, 0xaf, 0x61, 0x74, 0xe3, 0x5e, 0xc5, 0xa6, 0x61, 0xcb, 0xf7, 0x42, 0x5a, + 0x22, 0x38, 0xa2, 0x97, 0x05, 0xeb, 0x8d, 0x7b, 0x95, 0x4a, 0x3b, 0x3a, 0xa4, 0x5e, 0xe4, 0xd6, + 0x9d, 0x88, 0x4a, 0xac, 0xc5, 0x39, 0x36, 0xf3, 0x8e, 0x1e, 0x3b, 0xb5, 0x40, 0x40, 0xb4, 0x5e, + 0xe8, 0xec, 0xc8, 0x1c, 0x0c, 0x57, 0xab, 0xab, 0xeb, 0xfe, 0x81, 0xeb, 0x95, 0xa6, 0x98, 0x30, + 0x6c, 0xf5, 0x9b, 0xec, 0xc3, 0x8c, 0x76, 0x32, 0xa8, 0xb1, 0xff, 0xe9, 0x11, 0xf5, 0xa2, 0xd2, + 0x34, 0xb6, 0xe1, 0xbb, 0xea, 0x68, 0x73, 0x53, 0x3f, 0x40, 0x3c, 0xbd, 0x73, 0xb3, 0x12, 0xff, + 0xac, 0x4a, 0x22, 0x7b, 0xda, 0xc9, 0x80, 0x92, 0x1d, 0x18, 0xda, 0x6e, 0x07, 0x2d, 0x3f, 0xa4, + 0xa5, 0x19, 0x14, 0xda, 0xb5, 0x4e, 0x5f, 0xa7, 0x40, 0x5d, 0x9c, 0x61, 0xcb, 0x73, 0x8b, 0xff, + 0xd0, 0x7a, 0x26, 0x59, 0x59, 0x9f, 0xc3, 0x88, 0xfa, 0x98, 0xc9, 0x10, 0xf4, 0x55, 0x9a, 0xcd, + 0x62, 0x0f, 0xfb, 0xa3, 0x5a, 0x5d, 0x2d, 0x16, 0xc8, 0x04, 0x40, 0xbc, 0x82, 0x15, 0x7b, 0xc9, + 0x18, 0x0c, 0xcb, 0x15, 0xa6, 0xd8, 0x87, 0xf8, 0xad, 0x56, 0xb1, 0x9f, 0x10, 0x98, 0x30, 0xe7, + 0x79, 0x71, 0xc0, 0xfa, 0xdd, 0x02, 0x8c, 0xa8, 0xf1, 0x21, 0x93, 0x30, 0xba, 0xbb, 0x59, 0xdd, + 0x5e, 0x59, 0x5a, 0xbb, 0xb7, 0xb6, 0xb2, 0x5c, 0xec, 0x21, 0x97, 0xe0, 0xc2, 0x4e, 0x75, 0xb5, + 0xb6, 0xbc, 0x58, 0x5b, 0xdf, 0x5a, 0xaa, 0xac, 0xd7, 0xb6, 0xed, 0xad, 0xcf, 0xbf, 0xa8, 0xed, + 0xec, 0x6e, 0x6e, 0xae, 0xac, 0x17, 0x0b, 0xa4, 0x04, 0xd3, 0xac, 0xf8, 0xe1, 0xee, 0xe2, 0x8a, + 0x8e, 0x50, 0xec, 0x25, 0x57, 0xe1, 0x52, 0x56, 0x49, 0x6d, 0x75, 0xa5, 0xb2, 0xbc, 0xbe, 0x52, + 0xad, 0x16, 0xfb, 0xc8, 0x2c, 0x4c, 0x31, 0x94, 0xca, 0xf6, 0xb6, 0x41, 0xdb, 0x6f, 0x35, 0x61, + 0x54, 0x13, 0x0e, 0x99, 0x87, 0xd2, 0xd2, 0x8a, 0xbd, 0x53, 0xdb, 0xde, 0xb5, 0xb7, 0xb7, 0xaa, + 0x2b, 0x35, 0xb3, 0x85, 0xc9, 0xd2, 0xf5, 0xad, 0xfb, 0x6b, 0x9b, 0x35, 0x06, 0xaa, 0x16, 0x0b, + 0xac, 0x19, 0x46, 0x69, 0x75, 0x6d, 0xf3, 0xfe, 0xfa, 0x4a, 0x6d, 0xb7, 0xba, 0x22, 0x50, 0x7a, + 0xad, 0x9f, 0xf6, 0xa6, 0x96, 0x7a, 0xb2, 0x00, 0xa3, 0x55, 0x7e, 0x8a, 0xc5, 0xe9, 0xcf, 0x8f, + 0x0d, 0xc5, 0x93, 0xe3, 0xf2, 0x98, 0x38, 0xdc, 0xf2, 0x99, 0xad, 0x23, 0xb1, 0xdd, 0x7b, 0x9b, + 0x8d, 0x74, 0xdd, 0x6f, 0xea, 0xbb, 0x77, 0x4b, 0xc0, 0x6c, 0x55, 0x4a, 0x16, 0xb4, 0x7d, 0x9e, + 0x9f, 0x21, 0x50, 0x4f, 0x95, 0xfb, 0xbc, 0xbe, 0xe6, 0xab, 0x1d, 0x7f, 0x21, 0x1e, 0x52, 0xb1, + 0x3d, 0x23, 0x4d, 0xc6, 0x1e, 0xa3, 0xf0, 0xc8, 0x5b, 0x52, 0xff, 0xe1, 0x3a, 0x3f, 0x6e, 0x02, + 0x09, 0x6d, 0x55, 0xa8, 0x3e, 0x56, 0x3b, 0x67, 0xc1, 0x25, 0x1f, 0x25, 0xe7, 0x8c, 0x10, 0x06, + 0x32, 0x4b, 0xac, 0xab, 0x76, 0x02, 0x95, 0x94, 0x61, 0x80, 0x7f, 0x89, 0x5c, 0x1e, 0xa8, 0x71, + 0x35, 0x19, 0xc0, 0xe6, 0x70, 0xeb, 0x8f, 0xfa, 0xf4, 0xcd, 0x87, 0x69, 0x58, 0x9a, 0xbc, 0x51, + 0xc3, 0x42, 0x39, 0x23, 0x94, 0xdc, 0x84, 0x91, 0x2a, 0x0d, 0x43, 0xae, 0x05, 0xf7, 0xaa, 0x21, + 0x81, 0x90, 0x03, 0x6b, 0x6e, 0xa3, 0x54, 0xb0, 0x63, 0x14, 0x76, 0xa0, 0xe0, 0xba, 0x15, 0x1e, + 0x28, 0xfa, 0xe2, 0x03, 0x85, 0xd0, 0xbe, 0xf8, 0x81, 0x22, 0x46, 0x61, 0xa3, 0x2e, 0xb6, 0x7f, + 0x6c, 0x45, 0x7f, 0x3c, 0xea, 0x42, 0x65, 0x10, 0xa3, 0xae, 0x21, 0x91, 0x0f, 0x01, 0x2a, 0x8f, + 0xaa, 0xa8, 0x39, 0xdb, 0x9b, 0x42, 0x05, 0xc2, 0xc5, 0xca, 0x79, 0x16, 0x0a, 0xc5, 0x3c, 0xd0, + 0x4f, 0x1e, 0x1a, 0x36, 0x59, 0x84, 0xf1, 0xca, 0x4f, 0xda, 0x01, 0x5d, 0x6b, 0xb0, 0xf5, 0x2e, + 0xe2, 0x47, 0xac, 0x91, 0xc5, 0xf9, 0x93, 0xe3, 0x72, 0xc9, 0x61, 0x05, 0x35, 0x57, 0x94, 0x68, + 0x0c, 0x4c, 0x12, 0xb2, 0x05, 0xe7, 0xee, 0x2f, 0x6d, 0x8b, 0x79, 0x58, 0xa9, 0xd7, 0xfd, 0xb6, + 0x17, 0x09, 0xbd, 0xe7, 0xea, 0xc9, 0x71, 0xf9, 0xd2, 0x41, 0xbd, 0x55, 0x93, 0x73, 0xd6, 0xe1, + 0xc5, 0xba, 0xe2, 0x93, 0xa2, 0x25, 0xd7, 0xa0, 0x6f, 0xd7, 0x5e, 0x13, 0xe7, 0xaf, 0x73, 0x27, + 0xc7, 0xe5, 0xf1, 0x76, 0xe0, 0x6a, 0x24, 0xac, 0xd4, 0x6a, 0xc2, 0xc4, 0x7d, 0x1a, 0xb1, 0xc9, + 0x29, 0x35, 0xdd, 0xce, 0x43, 0xf7, 0x31, 0x8c, 0x3e, 0x72, 0xa3, 0xc3, 0x2a, 0xad, 0x07, 0x34, + 0x92, 0xa7, 0x7c, 0x14, 0xd3, 0x33, 0x37, 0x3a, 0xac, 0x85, 0x1c, 0xae, 0xaf, 0xe9, 0x1a, 0xba, + 0xb5, 0x02, 0x93, 0xa2, 0x36, 0xa5, 0x58, 0x2f, 0x98, 0x0c, 0x0b, 0xc8, 0x10, 0x87, 0x4a, 0x67, + 0x68, 0xb2, 0xf9, 0xa3, 0x5e, 0x98, 0x59, 0x3a, 0x74, 0xbc, 0x03, 0xba, 0xed, 0x84, 0xe1, 0x33, + 0x3f, 0x68, 0x68, 0x8d, 0xc7, 0x53, 0x45, 0xaa, 0xf1, 0x78, 0x8c, 0x58, 0x80, 0xd1, 0xad, 0x66, + 0x43, 0xd2, 0x88, 0x13, 0x0f, 0xd6, 0xe5, 0x37, 0x1b, 0xb5, 0x96, 0xe4, 0xa5, 0x23, 0x31, 0x9a, + 0x4d, 0xfa, 0x4c, 0xd1, 0xf4, 0xc5, 0x34, 0x1e, 0x7d, 0xa6, 0xd1, 0x68, 0x48, 0x64, 0x05, 0xce, + 0x55, 0x69, 0xdd, 0xf7, 0x1a, 0xf7, 0x9c, 0x7a, 0xe4, 0x07, 0x3b, 0xfe, 0x13, 0xea, 0x89, 0x49, + 0x88, 0x4a, 0x61, 0x88, 0x85, 0xb5, 0xc7, 0x58, 0x5a, 0x8b, 0x58, 0xb1, 0x9d, 0xa6, 0x20, 0x5b, + 0x30, 0xfc, 0x48, 0xd8, 0x8a, 0xc4, 0x31, 0xe9, 0xf5, 0x9b, 0xca, 0x78, 0xb4, 0x14, 0x50, 0x9c, + 0x39, 0x4e, 0x53, 0x1d, 0xf4, 0xd4, 0x1e, 0x8b, 0xcb, 0x95, 0xc4, 0xb4, 0x15, 0x13, 0x6b, 0x17, + 0xc6, 0xb7, 0x9b, 0xed, 0x03, 0xd7, 0x63, 0x0b, 0x4b, 0x95, 0xfe, 0x98, 0x2c, 0x03, 0xc4, 0x00, + 0x61, 0x01, 0x9a, 0x12, 0x87, 0xab, 0xb8, 0x60, 0xef, 0xae, 0xf8, 0xda, 0x10, 0x82, 0xda, 0xb0, + 0xad, 0xd1, 0x59, 0xff, 0xab, 0x0f, 0x88, 0x18, 0x00, 0xdc, 0x3e, 0xab, 0x34, 0x62, 0x5b, 0xd0, + 0x79, 0xe8, 0x55, 0x86, 0x9a, 0xc1, 0x93, 0xe3, 0x72, 0xaf, 0xdb, 0xb0, 0x7b, 0xd7, 0x96, 0xc9, + 0x3b, 0x30, 0x80, 0x68, 0x28, 0xff, 0x09, 0x55, 0x9f, 0xce, 0x81, 0x2f, 0x30, 0xb8, 0xad, 0xdb, + 0x1c, 0x99, 0xbc, 0x0b, 0x23, 0xcb, 0xb4, 0x49, 0x0f, 0x9c, 0xc8, 0x97, 0x4b, 0x00, 0x37, 0x7d, + 0x48, 0xa0, 0x36, 0xe7, 0x62, 0x4c, 0x76, 0x14, 0xb2, 0xa9, 0x13, 0xfa, 0x9e, 0x7e, 0x14, 0x0a, + 0x10, 0xa2, 0x1f, 0x85, 0x38, 0x0e, 0xf9, 0xbd, 0x02, 0x8c, 0x56, 0x3c, 0x4f, 0x98, 0x14, 0x42, + 0x21, 0xf5, 0x99, 0x9b, 0xca, 0x06, 0xb7, 0xee, 0xec, 0xd3, 0xe6, 0x9e, 0xd3, 0x6c, 0xd3, 0x70, + 0xf1, 0x6b, 0xa6, 0x9d, 0xfe, 0xc7, 0xe3, 0xf2, 0x47, 0x67, 0x30, 0x12, 0xc4, 0xd6, 0xbc, 0x9d, + 0xc0, 0x71, 0xa3, 0xf0, 0xe4, 0xb8, 0x3c, 0xe3, 0xc4, 0x15, 0xea, 0xdf, 0x8d, 0xd6, 0x8e, 0x78, + 0xfd, 0x1f, 0xec, 0xb6, 0xfe, 0x93, 0x23, 0x98, 0xac, 0x84, 0x61, 0xfb, 0x88, 0x56, 0x23, 0x27, + 0x88, 0xd8, 0xd9, 0x11, 0x17, 0x91, 0xce, 0x07, 0xcb, 0x37, 0x7f, 0x76, 0x5c, 0x2e, 0x30, 0x85, + 0xd8, 0x41, 0x52, 0xa6, 0x50, 0x05, 0x51, 0x2d, 0x72, 0xf5, 0x2d, 0x0c, 0x8f, 0x98, 0x49, 0xde, + 0xd6, 0x35, 0xa5, 0x74, 0xac, 0x2d, 0xe7, 0x8d, 0xb8, 0xb5, 0x04, 0xf3, 0xf7, 0x69, 0x64, 0xd3, + 0x90, 0x46, 0xf2, 0x1b, 0xc1, 0x19, 0x1e, 0x9b, 0xf5, 0x86, 0xf0, 0xb7, 0x22, 0xc6, 0xe1, 0xe7, + 0xdf, 0x85, 0x2c, 0xb1, 0xfe, 0x9f, 0x02, 0x94, 0x97, 0x02, 0xca, 0x75, 0xc9, 0x1c, 0x46, 0x9d, + 0xd7, 0xae, 0x79, 0xe8, 0xdf, 0x79, 0xde, 0x92, 0x27, 0x72, 0x2c, 0x65, 0x83, 0x62, 0x23, 0xf4, + 0x94, 0xe6, 0x0d, 0xeb, 0x31, 0xcc, 0xd8, 0xd4, 0xa3, 0xcf, 0x9c, 0xfd, 0x26, 0x35, 0x2c, 0x04, + 0x65, 0x18, 0xe0, 0x1f, 0x7a, 0xaa, 0x0b, 0x1c, 0x7e, 0x36, 0x6b, 0x8b, 0x35, 0x0e, 0xa3, 0xdb, + 0xae, 0x77, 0x20, 0xb8, 0x5b, 0xff, 0x7f, 0x3f, 0x8c, 0xf1, 0xdf, 0x42, 0x3d, 0x4e, 0x6c, 0x71, + 0x85, 0xd3, 0x6c, 0x71, 0xef, 0xc3, 0x38, 0xdb, 0x23, 0x68, 0xb0, 0x47, 0x03, 0xb6, 0xb5, 0x0a, + 0x49, 0xa0, 0xaa, 0x1f, 0x62, 0x41, 0xed, 0x29, 0x2f, 0xb1, 0x4d, 0x44, 0xb2, 0x0e, 0x13, 0x1c, + 0x70, 0x8f, 0x3a, 0x51, 0x3b, 0xb6, 0x56, 0x4c, 0x0a, 0x9d, 0x58, 0x82, 0xf9, 0xd4, 0x14, 0xbc, + 0x1e, 0x0b, 0xa0, 0x9d, 0xa0, 0x25, 0x9f, 0xc2, 0xe4, 0x76, 0xe0, 0x7f, 0xf3, 0x5c, 0xdb, 0xd4, + 0xf9, 0xd7, 0xc9, 0xb5, 0x67, 0x56, 0x54, 0xd3, 0xb7, 0xf6, 0x24, 0x36, 0x79, 0x0b, 0x86, 0xd7, + 0xc2, 0x45, 0x3f, 0x70, 0xbd, 0x03, 0xfc, 0x46, 0x87, 0xb9, 0x89, 0xd7, 0x0d, 0x6b, 0xfb, 0x08, + 0xb4, 0x55, 0x71, 0xc2, 0x18, 0x39, 0xd4, 0xdd, 0x18, 0x79, 0x1b, 0x60, 0xdd, 0x77, 0x1a, 0x95, + 0x66, 0x73, 0xa9, 0x12, 0xe2, 0xee, 0x29, 0xf6, 0xa3, 0xa6, 0xef, 0x34, 0x6a, 0x4e, 0xb3, 0x59, + 0xab, 0x3b, 0xa1, 0xad, 0xe1, 0x90, 0x47, 0x30, 0xbe, 0xee, 0xd6, 0xa9, 0x17, 0x52, 0x34, 0xc0, + 0x3c, 0xc7, 0xd3, 0x7c, 0xe7, 0x0f, 0x8e, 0x75, 0x74, 0xbc, 0xa9, 0x13, 0xe1, 0xe7, 0x65, 0xf2, + 0x79, 0xd0, 0x3f, 0x3c, 0x58, 0x1c, 0xb2, 0x27, 0x05, 0xf0, 0x91, 0x13, 0x78, 0xae, 0x77, 0x10, + 0x5a, 0xff, 0xf4, 0x1c, 0x0c, 0x2b, 0x59, 0xde, 0xd4, 0x4f, 0x0c, 0x62, 0xfb, 0xc4, 0x69, 0x15, + 0xdb, 0x49, 0x6c, 0x0d, 0x83, 0x5c, 0xc0, 0x33, 0x84, 0xd8, 0xb8, 0x87, 0xd8, 0x34, 0x77, 0x5a, + 0x2d, 0x9b, 0xc1, 0xd8, 0xe7, 0xbb, 0xbc, 0x88, 0x03, 0x3b, 0xcc, 0x3f, 0xdf, 0xc6, 0xbe, 0xdd, + 0xbb, 0xbc, 0xc8, 0xbe, 0x9b, 0xad, 0xb5, 0xe5, 0x25, 0x1c, 0xa3, 0x61, 0xfe, 0xdd, 0xf8, 0x6e, + 0xa3, 0x6e, 0x23, 0x94, 0x95, 0x56, 0x2b, 0x1b, 0xeb, 0x62, 0x1c, 0xb0, 0x34, 0x74, 0x8e, 0x9a, + 0x36, 0x42, 0x99, 0xd6, 0xc9, 0x8f, 0xbc, 0x4b, 0xbe, 0x17, 0x05, 0x7e, 0x33, 0x44, 0xd5, 0x68, + 0x98, 0xcf, 0x13, 0x71, 0x56, 0xae, 0x8b, 0x22, 0x3b, 0x81, 0x4a, 0x1e, 0xc1, 0x6c, 0xa5, 0xf1, + 0xd4, 0xf1, 0xea, 0xb4, 0xc1, 0x4b, 0x1e, 0xf9, 0xc1, 0x93, 0xc7, 0x4d, 0xff, 0x59, 0x88, 0x03, + 0x39, 0x2c, 0x4c, 0x4b, 0x02, 0x45, 0x1e, 0xbd, 0x9f, 0x49, 0x24, 0x3b, 0x8f, 0x9a, 0x7d, 0xab, + 0x4b, 0x4d, 0xbf, 0xdd, 0x10, 0xc3, 0x8b, 0xdf, 0x6a, 0x9d, 0x01, 0x6c, 0x0e, 0x67, 0x52, 0x5a, + 0xad, 0x6e, 0xa0, 0x21, 0x47, 0x48, 0xe9, 0x30, 0x3c, 0xb2, 0x19, 0x8c, 0xbc, 0x0e, 0x43, 0x52, + 0x81, 0xe6, 0x76, 0x66, 0xb4, 0x6f, 0x4a, 0xc5, 0x59, 0x96, 0xb1, 0x6f, 0xcd, 0xa6, 0x75, 0xff, + 0x29, 0x0d, 0x9e, 0x2f, 0xf9, 0x0d, 0x2a, 0xcd, 0x0e, 0xe2, 0x58, 0xcd, 0x0b, 0x6a, 0x75, 0x56, + 0x62, 0x9b, 0x88, 0xac, 0x02, 0xbe, 0xb9, 0x86, 0xa5, 0xc9, 0xb8, 0x02, 0xbe, 0xf9, 0x86, 0xb6, + 0x2c, 0x23, 0xcb, 0x70, 0xae, 0xd2, 0x8e, 0xfc, 0x23, 0x27, 0x72, 0xeb, 0xbb, 0xad, 0x83, 0xc0, + 0x61, 0x95, 0x14, 0x91, 0x00, 0x0f, 0x14, 0x8e, 0x2c, 0xac, 0xb5, 0x45, 0xa9, 0x9d, 0x26, 0x20, + 0xef, 0xc1, 0xd8, 0x5a, 0xc8, 0x4d, 0x4b, 0x4e, 0x48, 0x1b, 0x68, 0x1f, 0x10, 0xad, 0x74, 0xc3, + 0x1a, 0x1a, 0x9a, 0x6a, 0xec, 0x08, 0xd2, 0xb0, 0x0d, 0x3c, 0x62, 0xc1, 0x60, 0x25, 0x0c, 0xdd, + 0x30, 0xc2, 0x63, 0xff, 0xf0, 0x22, 0x9c, 0x1c, 0x97, 0x07, 0x1d, 0x84, 0xd8, 0xa2, 0x84, 0x3c, + 0x82, 0xd1, 0x65, 0xca, 0x34, 0xd2, 0x9d, 0xa0, 0x1d, 0x46, 0x78, 0x88, 0x1f, 0x5d, 0xb8, 0x20, + 0x56, 0x0c, 0xad, 0x44, 0xcc, 0x65, 0xae, 0x46, 0x36, 0x10, 0x5e, 0x8b, 0x58, 0x81, 0xbe, 0x1d, + 0x6a, 0xf8, 0x4c, 0xdd, 0x16, 0x34, 0xab, 0x6e, 0x83, 0xad, 0x01, 0xd3, 0xd8, 0x06, 0x54, 0xb7, + 0xc5, 0xa2, 0x53, 0x3b, 0xc4, 0x12, 0x5d, 0xdd, 0x36, 0x48, 0x48, 0x3d, 0x65, 0xad, 0x9c, 0x31, + 0x2c, 0x52, 0x66, 0xa1, 0x6c, 0xe2, 0x19, 0x6d, 0x99, 0x1f, 0xc3, 0xe8, 0x52, 0x3b, 0x8c, 0xfc, + 0xa3, 0x9d, 0x43, 0x7a, 0x44, 0x4b, 0xe7, 0xe3, 0x43, 0x45, 0x1d, 0xc1, 0xb5, 0x88, 0xc1, 0xf5, + 0x6e, 0x6a, 0xe8, 0xe4, 0x33, 0x20, 0xf2, 0x74, 0x70, 0x9f, 0xcd, 0x0f, 0x8f, 0xcd, 0xe5, 0xd2, + 0x2c, 0xf6, 0x15, 0x8f, 0x04, 0xf2, 0x50, 0x51, 0x3b, 0x50, 0xc5, 0xba, 0xbd, 0x29, 0x4d, 0xcc, + 0x1a, 0xc4, 0x9b, 0x78, 0x3f, 0x70, 0x5a, 0x87, 0xa5, 0x52, 0xac, 0xbe, 0x8b, 0x4e, 0x1d, 0x30, + 0xb8, 0xa1, 0x86, 0xc4, 0xe8, 0xa4, 0x0a, 0xc0, 0x7f, 0xae, 0xb3, 0x81, 0xbf, 0x80, 0xf2, 0x2a, + 0x19, 0xf2, 0x62, 0x05, 0x52, 0x56, 0x17, 0x50, 0xb9, 0xe1, 0x6c, 0x9b, 0xae, 0x31, 0x9a, 0x1a, + 0x1b, 0xf2, 0x04, 0x8a, 0xfc, 0xd7, 0x86, 0xef, 0xb9, 0x11, 0x5f, 0xd3, 0xe7, 0x0c, 0x53, 0x52, + 0xb2, 0x58, 0x56, 0x80, 0x26, 0x3c, 0x51, 0xc1, 0x91, 0x2a, 0xd5, 0xaa, 0x49, 0x31, 0x26, 0xdb, + 0x30, 0xba, 0x1d, 0xf8, 0x8d, 0x76, 0x3d, 0x42, 0x4d, 0xe0, 0x22, 0x6a, 0xa0, 0x44, 0xd4, 0xa3, + 0x95, 0x70, 0x99, 0xb4, 0x38, 0xa0, 0xc6, 0xb4, 0x04, 0x5d, 0x26, 0x1a, 0x22, 0x59, 0x84, 0xc1, + 0x6d, 0xbf, 0xe9, 0xd6, 0x9f, 0x97, 0xe6, 0xb1, 0xd1, 0xd3, 0x92, 0x19, 0x02, 0x65, 0x53, 0x51, + 0xed, 0x6c, 0x21, 0x48, 0x57, 0x3b, 0x39, 0x12, 0xa9, 0xc0, 0xf8, 0x67, 0x6c, 0xc2, 0xb8, 0xbe, + 0xe7, 0x39, 0x6e, 0x40, 0x4b, 0x97, 0x70, 0x5c, 0xd0, 0xcc, 0xfa, 0x63, 0xbd, 0x40, 0x9f, 0xce, + 0x06, 0x05, 0x59, 0x83, 0xc9, 0xb5, 0xb0, 0x1a, 0x05, 0x6e, 0x8b, 0x6e, 0x38, 0x9e, 0x73, 0x40, + 0x1b, 0xa5, 0xcb, 0xb1, 0x9d, 0xd3, 0x0d, 0x6b, 0x21, 0x96, 0xd5, 0x8e, 0x78, 0xa1, 0x6e, 0xe7, + 0x4c, 0xd0, 0x91, 0xcf, 0x61, 0x7a, 0xe5, 0x9b, 0x88, 0xcd, 0x98, 0x66, 0xa5, 0xdd, 0x70, 0xa3, + 0x6a, 0xe4, 0x07, 0xce, 0x01, 0x2d, 0x95, 0x91, 0xdf, 0x6b, 0x27, 0xc7, 0xe5, 0x2b, 0x54, 0x94, + 0xd7, 0x1c, 0x86, 0x50, 0x0b, 0x39, 0x86, 0x7e, 0x7b, 0x99, 0xc5, 0x81, 0x49, 0xbf, 0xda, 0x6e, + 0x31, 0x8d, 0x18, 0xa5, 0x7f, 0xc5, 0x90, 0xbe, 0x56, 0xc2, 0xa5, 0x1f, 0x72, 0x40, 0x4a, 0xfa, + 0x1a, 0x22, 0xb1, 0x81, 0x3c, 0xf0, 0x5d, 0xaf, 0x52, 0x8f, 0xdc, 0xa7, 0x54, 0x18, 0x0c, 0xc2, + 0xd2, 0x55, 0x6c, 0x29, 0xda, 0x64, 0x7f, 0xd5, 0x77, 0xbd, 0x9a, 0x83, 0xc5, 0x35, 0x61, 0x5e, + 0x30, 0x6c, 0xb2, 0x69, 0x6a, 0xf2, 0x43, 0x38, 0xbf, 0xe1, 0xef, 0xbb, 0x4d, 0xca, 0x97, 0x1c, + 0x2e, 0x16, 0xb4, 0x2e, 0x5a, 0xc8, 0x17, 0x6d, 0xb2, 0x47, 0x88, 0x51, 0x13, 0xab, 0xd5, 0x91, + 0xc2, 0xd1, 0x6d, 0xb2, 0xd9, 0x5c, 0xc8, 0x0a, 0x8c, 0xe1, 0x77, 0xd9, 0xc4, 0x9f, 0x61, 0xe9, + 0x1a, 0x1e, 0xbb, 0xae, 0x26, 0x34, 0xa9, 0x9b, 0x2b, 0x1a, 0xce, 0x8a, 0x17, 0x05, 0xcf, 0x6d, + 0x83, 0x8c, 0x7c, 0x02, 0x73, 0xc9, 0xe9, 0xbd, 0xe4, 0x7b, 0x8f, 0xdd, 0x83, 0x76, 0x40, 0x1b, + 0xa5, 0xd7, 0x58, 0x53, 0xed, 0x0e, 0x18, 0x73, 0x8f, 0xe0, 0x5c, 0xaa, 0x0a, 0x52, 0x84, 0xbe, + 0x27, 0xe2, 0x82, 0x6b, 0xc4, 0x66, 0x7f, 0x92, 0xb7, 0x61, 0xe0, 0x29, 0x3b, 0xef, 0xa0, 0xc6, + 0x10, 0x5f, 0x9a, 0x68, 0xa4, 0x6b, 0xde, 0x63, 0xdf, 0xe6, 0x48, 0x1f, 0xf6, 0xbe, 0x5f, 0x78, + 0xd0, 0x3f, 0x3c, 0x5a, 0x1c, 0xe3, 0xf7, 0x92, 0x0f, 0xfa, 0x87, 0xc7, 0x8b, 0x13, 0x56, 0x05, + 0x26, 0x13, 0xf8, 0xa4, 0x04, 0x43, 0xd4, 0x63, 0x3a, 0x74, 0x83, 0xeb, 0x2c, 0xb6, 0xfc, 0x49, + 0xa6, 0x61, 0xa0, 0xe9, 0x1e, 0xb9, 0x11, 0x56, 0x38, 0x60, 0xf3, 0x1f, 0xd6, 0xef, 0x17, 0x80, + 0xa4, 0xb7, 0x0c, 0x72, 0x2b, 0xc1, 0x86, 0x6b, 0x90, 0x02, 0xa4, 0xdb, 0x5f, 0x25, 0xf7, 0xcf, + 0x60, 0x8a, 0x8f, 0x99, 0xdc, 0xdc, 0xb4, 0xba, 0xf8, 0xa2, 0x9a, 0x51, 0xac, 0xdb, 0x59, 0x44, + 0x31, 0x6e, 0x85, 0xeb, 0xd8, 0xb4, 0x36, 0xcc, 0x64, 0x6e, 0x16, 0x64, 0x03, 0x66, 0x8e, 0x7c, + 0x2f, 0x3a, 0x6c, 0x3e, 0x97, 0x7b, 0x85, 0xa8, 0xad, 0x80, 0xb5, 0xe1, 0xfa, 0x98, 0x89, 0x60, + 0x4f, 0x09, 0xb0, 0xe0, 0x88, 0xf5, 0x3c, 0xe8, 0x1f, 0xee, 0x2d, 0xf6, 0xa9, 0x9e, 0x58, 0x36, + 0x9c, 0x4b, 0xad, 0xb9, 0xe4, 0xfb, 0x30, 0x56, 0xc7, 0x33, 0x92, 0x51, 0x13, 0xdf, 0x71, 0x34, + 0xb8, 0xfe, 0x39, 0x71, 0x38, 0xef, 0xca, 0x3f, 0x2a, 0xc0, 0x6c, 0xce, 0x6a, 0x7b, 0x76, 0x51, + 0x7f, 0x01, 0xe7, 0x8f, 0x9c, 0x6f, 0x6a, 0x01, 0x1e, 0x81, 0x6b, 0x81, 0xe3, 0x25, 0xa4, 0x8d, + 0x2b, 0x49, 0x36, 0x86, 0xee, 0x1c, 0x72, 0xe4, 0x7c, 0x63, 0x23, 0x82, 0xcd, 0xca, 0x79, 0x3b, + 0x7f, 0x00, 0xe3, 0xc6, 0xfa, 0x7a, 0xe6, 0xc6, 0x59, 0x77, 0xe0, 0xdc, 0x32, 0x6d, 0xd2, 0x88, + 0x9e, 0xda, 0xf4, 0x65, 0x6d, 0x03, 0x54, 0xe9, 0x91, 0xd3, 0x3a, 0xf4, 0x99, 0xde, 0xbd, 0xa8, + 0xff, 0x12, 0xa6, 0x13, 0x22, 0x4c, 0x19, 0xaa, 0x60, 0xef, 0x2e, 0xd7, 0xc5, 0x43, 0x85, 0x69, + 0x6b, 0x54, 0xd6, 0x9f, 0xf6, 0x02, 0x11, 0x0b, 0x64, 0x40, 0x9d, 0x23, 0xd9, 0x8c, 0x0f, 0x60, + 0x8c, 0x1f, 0x74, 0x39, 0x18, 0x9b, 0x33, 0xba, 0x30, 0x25, 0xbe, 0x3c, 0xbd, 0x68, 0xb5, 0xc7, + 0x36, 0x50, 0x19, 0xa9, 0x4d, 0xf9, 0x09, 0x1d, 0x49, 0x7b, 0x0d, 0x52, 0xbd, 0x88, 0x91, 0xea, + 0xbf, 0xc9, 0xa7, 0x30, 0xb1, 0xe4, 0x1f, 0xb5, 0x98, 0x4c, 0x04, 0x71, 0x9f, 0xb0, 0x7e, 0x88, + 0x7a, 0x8d, 0xc2, 0xd5, 0x1e, 0x3b, 0x81, 0x4e, 0x36, 0x61, 0xea, 0x5e, 0xb3, 0x1d, 0x1e, 0x56, + 0xbc, 0xc6, 0x52, 0xd3, 0x0f, 0x25, 0x97, 0x7e, 0x71, 0x18, 0x12, 0xcb, 0x5b, 0x1a, 0x63, 0xb5, + 0xc7, 0xce, 0x22, 0x24, 0xaf, 0xc3, 0xc0, 0xca, 0x53, 0xb6, 0xec, 0x4a, 0x17, 0x01, 0xe1, 0xc1, + 0xb4, 0xe5, 0xd1, 0xad, 0xc7, 0xab, 0x3d, 0x36, 0x2f, 0x5d, 0x1c, 0x81, 0x21, 0x79, 0x48, 0xbe, + 0xc5, 0x54, 0x62, 0x25, 0xce, 0x6a, 0xe4, 0x44, 0xed, 0x90, 0xcc, 0xc1, 0xf0, 0x6e, 0x8b, 0x9d, + 0xdd, 0xa4, 0x75, 0xc1, 0x56, 0xbf, 0xad, 0xb7, 0x4d, 0x49, 0x93, 0x79, 0xdd, 0x30, 0xcd, 0x91, + 0x63, 0x80, 0xb5, 0x6a, 0x0a, 0xb7, 0x33, 0xb6, 0x51, 0x6f, 0x6f, 0xa2, 0xde, 0x62, 0x52, 0xd6, + 0xd6, 0x4c, 0xa6, 0xf0, 0xac, 0xcf, 0xe1, 0xf2, 0x6e, 0x2b, 0xa4, 0x41, 0x54, 0x69, 0xb5, 0x9a, + 0x6e, 0x9d, 0x5f, 0x51, 0xe1, 0x61, 0x5a, 0x4e, 0x96, 0xf7, 0x60, 0x90, 0x03, 0xc4, 0x34, 0x91, + 0x73, 0xb0, 0xd2, 0x6a, 0x89, 0x23, 0xfc, 0x5d, 0xae, 0x9c, 0xf3, 0x43, 0xb9, 0x2d, 0xb0, 0xad, + 0xdf, 0x29, 0xc0, 0x65, 0xfe, 0x05, 0xe4, 0xb2, 0xfe, 0x0e, 0x8c, 0xa0, 0x03, 0x51, 0xcb, 0xa9, + 0xcb, 0x6f, 0x82, 0x7b, 0x52, 0x49, 0xa0, 0x1d, 0x97, 0x6b, 0xae, 0x59, 0xbd, 0xf9, 0xae, 0x59, + 0xf2, 0x03, 0xeb, 0xcb, 0xfc, 0xc0, 0x3e, 0x03, 0x4b, 0xb4, 0xa8, 0xd9, 0x4c, 0x35, 0x2a, 0x7c, + 0x91, 0x56, 0x59, 0xff, 0xad, 0x17, 0x66, 0xef, 0x53, 0x8f, 0x06, 0x0e, 0xf6, 0xd3, 0x30, 0x16, + 0xe9, 0x4e, 0x1a, 0x85, 0x8e, 0x4e, 0x1a, 0x65, 0x69, 0x7e, 0xeb, 0x45, 0xf3, 0x5b, 0xca, 0xdf, + 0x84, 0x1d, 0x17, 0x77, 0xed, 0x35, 0xd1, 0x2d, 0x3c, 0x2e, 0xb6, 0x03, 0x17, 0x0d, 0xec, 0x64, + 0x2d, 0x76, 0xf0, 0xe8, 0xef, 0x6a, 0x16, 0x98, 0x12, 0x17, 0xde, 0x43, 0xc2, 0xc1, 0xc3, 0x74, + 0xeb, 0xd8, 0x84, 0x41, 0x6e, 0x35, 0xc4, 0x6b, 0xa0, 0xd1, 0x85, 0x1b, 0xe2, 0x9b, 0xca, 0xe9, + 0xa0, 0x30, 0x31, 0xe2, 0xc6, 0xce, 0xa7, 0x40, 0x84, 0x00, 0x5b, 0x70, 0x99, 0xfb, 0x0c, 0x46, + 0x35, 0x94, 0xd3, 0xec, 0xfd, 0xca, 0x7a, 0xc9, 0x34, 0x46, 0xef, 0x80, 0x1b, 0x42, 0xb5, 0xbd, + 0xdf, 0xfa, 0x08, 0x4a, 0xe9, 0xd6, 0x08, 0x8b, 0x55, 0x37, 0x03, 0x99, 0xb5, 0x0c, 0xd3, 0xf7, + 0x69, 0x84, 0x13, 0x17, 0x3f, 0x22, 0xcd, 0xf7, 0x26, 0xf1, 0x9d, 0xc9, 0x55, 0x55, 0x5e, 0x17, + 0xe9, 0x5f, 0x69, 0x15, 0x66, 0x12, 0x5c, 0x44, 0xfd, 0x1f, 0xc2, 0x90, 0x00, 0xa9, 0x15, 0x55, + 0xf8, 0x3a, 0xd2, 0x7d, 0x51, 0xb0, 0xb7, 0xc0, 0xe7, 0xad, 0xe0, 0x6c, 0x4b, 0x02, 0xeb, 0x10, + 0xce, 0xb3, 0x6d, 0x36, 0xe6, 0xaa, 0xa6, 0xe3, 0x45, 0x18, 0x69, 0x31, 0x45, 0x21, 0x74, 0x7f, + 0xc2, 0xa7, 0xd1, 0x80, 0x3d, 0xcc, 0x00, 0x55, 0xf7, 0x27, 0x94, 0x5c, 0x02, 0xc0, 0x42, 0xec, + 0xa6, 0x58, 0x05, 0x10, 0x9d, 0x5b, 0x04, 0x09, 0xa0, 0x93, 0x13, 0x9f, 0x37, 0x36, 0xfe, 0x6d, + 0x05, 0x30, 0x9b, 0xaa, 0x49, 0x74, 0xe0, 0x16, 0x0c, 0x4b, 0x15, 0x36, 0x61, 0xab, 0xd7, 0x7b, + 0x60, 0x2b, 0x24, 0xf2, 0x06, 0x4c, 0x7a, 0xf4, 0x9b, 0xa8, 0x96, 0x6a, 0xc3, 0x38, 0x03, 0x6f, + 0xcb, 0x76, 0x58, 0xbf, 0x82, 0xf6, 0xd9, 0xaa, 0xe7, 0x3f, 0x7b, 0xdc, 0x74, 0x9e, 0xd0, 0x54, + 0xc5, 0xdf, 0x87, 0xe1, 0x6a, 0xf7, 0x8a, 0xf9, 0xe7, 0x23, 0x2b, 0xb7, 0x15, 0x89, 0xd5, 0x84, + 0x39, 0xd6, 0xa5, 0x6a, 0x65, 0x63, 0x7d, 0xad, 0xb1, 0xfd, 0x6d, 0x0b, 0xf0, 0x29, 0x5c, 0xcc, + 0xac, 0xed, 0xdb, 0x16, 0xe2, 0xbf, 0xec, 0x87, 0x59, 0xbe, 0x99, 0xa4, 0x67, 0xf0, 0xe9, 0x97, + 0x9a, 0x5f, 0xca, 0x55, 0xe7, 0xed, 0x8c, 0xab, 0x4e, 0x24, 0xd1, 0xaf, 0x3a, 0x8d, 0x0b, 0xce, + 0xf7, 0xb3, 0x2f, 0x38, 0xd1, 0x4e, 0x64, 0x5e, 0x70, 0x26, 0xaf, 0x35, 0x57, 0xf2, 0xaf, 0x35, + 0xf1, 0xfe, 0x26, 0xe3, 0x5a, 0x33, 0xeb, 0x32, 0x33, 0xe1, 0x6b, 0x32, 0xfc, 0x6a, 0x7d, 0x4d, + 0xde, 0x80, 0xa1, 0x4a, 0xab, 0xa5, 0xf9, 0x6e, 0xe1, 0xf0, 0x38, 0xad, 0x16, 0x17, 0x9e, 0x2c, + 0x94, 0xeb, 0x3c, 0x64, 0xac, 0xf3, 0x1f, 0x00, 0x2c, 0xa1, 0x7f, 0x39, 0x0e, 0xdc, 0x28, 0x62, + 0xa0, 0x86, 0xcf, 0xbd, 0xce, 0x71, 0xe0, 0x74, 0x0b, 0x48, 0x8c, 0xcc, 0x15, 0x7b, 0x6b, 0x0f, + 0x4a, 0xe9, 0xe9, 0xf3, 0x0a, 0x96, 0xae, 0x3f, 0x2e, 0xc0, 0x25, 0xa1, 0xe4, 0x24, 0x3e, 0xf0, + 0xb3, 0xcf, 0xce, 0x77, 0x61, 0x4c, 0xd0, 0xee, 0xc4, 0x1f, 0x02, 0xbf, 0x5b, 0x96, 0x8b, 0x31, + 0x5f, 0xd1, 0x0d, 0x34, 0xf2, 0x2e, 0x0c, 0xe3, 0x1f, 0xf1, 0xfd, 0x0a, 0x93, 0xcc, 0x08, 0xa2, + 0xd6, 0x92, 0xb7, 0x2c, 0x0a, 0xd5, 0xfa, 0x1a, 0x2e, 0xe7, 0x35, 0xfc, 0x15, 0xc8, 0xe5, 0x5f, + 0x15, 0xe0, 0xa2, 0x60, 0x6f, 0x2c, 0x15, 0x2f, 0xb4, 0xeb, 0x9c, 0xc1, 0xe3, 0xf3, 0x01, 0x8c, + 0xb2, 0x0a, 0x65, 0xbb, 0xfb, 0xc4, 0xd6, 0x2a, 0x4e, 0x0e, 0x71, 0xc9, 0xb2, 0x13, 0x39, 0xc2, + 0x53, 0xc5, 0x39, 0x6a, 0x4a, 0xe3, 0x85, 0xad, 0x13, 0x5b, 0x5f, 0xc2, 0x7c, 0x76, 0x17, 0x5e, + 0x81, 0x7c, 0x1e, 0xc0, 0x5c, 0xc6, 0xa6, 0xf0, 0x62, 0x7b, 0xf2, 0x17, 0x70, 0x31, 0x93, 0xd7, + 0x2b, 0x68, 0xe6, 0x2a, 0xd3, 0x38, 0xa2, 0x57, 0x30, 0x84, 0xd6, 0x23, 0xb8, 0x90, 0xc1, 0xe9, + 0x15, 0x34, 0xf1, 0x3e, 0xcc, 0x2a, 0x4d, 0xfb, 0xa5, 0x5a, 0xb8, 0x01, 0x97, 0x38, 0xa3, 0x57, + 0x33, 0x2a, 0x0f, 0xe1, 0xa2, 0x60, 0xf7, 0x0a, 0xa4, 0xb7, 0x0a, 0xf3, 0xf1, 0x81, 0x3a, 0x43, + 0x4f, 0x3a, 0xf5, 0x22, 0x63, 0xad, 0xc3, 0x95, 0x98, 0x53, 0x8e, 0xd2, 0x70, 0x7a, 0x6e, 0x5c, + 0x1d, 0x8c, 0x47, 0xe9, 0x95, 0x8c, 0xe8, 0x23, 0x38, 0x6f, 0x30, 0x7d, 0x65, 0xaa, 0xd2, 0x1a, + 0x4c, 0x71, 0xc6, 0xa6, 0xea, 0xbc, 0xa0, 0xab, 0xce, 0xa3, 0x0b, 0xe7, 0x62, 0x96, 0x08, 0xde, + 0xbb, 0x9b, 0xa1, 0x4d, 0x6f, 0xa0, 0x36, 0x2d, 0x51, 0xe2, 0x16, 0xbe, 0x0b, 0x83, 0x1c, 0x22, + 0xda, 0x97, 0xc1, 0x8c, 0x1f, 0x16, 0x38, 0x99, 0x40, 0xb6, 0x7e, 0x08, 0x97, 0xf8, 0x49, 0x34, + 0xbe, 0x4b, 0x34, 0x4f, 0x8b, 0xdf, 0x4f, 0x1c, 0x44, 0x2f, 0x08, 0xbe, 0x49, 0xfc, 0x9c, 0xf3, + 0xe8, 0xbe, 0x9c, 0xdb, 0x79, 0xfc, 0x4f, 0xf5, 0xf6, 0x47, 0x1e, 0x30, 0x7b, 0x33, 0x0f, 0x98, + 0xd7, 0xe0, 0xaa, 0x3a, 0x60, 0x26, 0xab, 0x91, 0x53, 0xcb, 0xfa, 0x12, 0x2e, 0xf2, 0x8e, 0x4a, + 0xef, 0x3b, 0xb3, 0x19, 0x1f, 0x25, 0xba, 0x39, 0x2b, 0xba, 0x69, 0x62, 0xe7, 0x74, 0xf2, 0x6f, + 0x15, 0xe4, 0x27, 0x97, 0xcd, 0xfc, 0x97, 0x7d, 0xe2, 0xde, 0x84, 0xb2, 0x12, 0x88, 0xd9, 0xa2, + 0x17, 0x3b, 0x6e, 0x6f, 0xc0, 0x8c, 0xce, 0xc6, 0xad, 0xd3, 0xbd, 0x3b, 0x78, 0xc9, 0xf3, 0x0e, + 0xfb, 0x2c, 0x10, 0x20, 0xa7, 0x5d, 0x29, 0x43, 0x6e, 0x88, 0x6f, 0x2b, 0x4c, 0xab, 0x06, 0xf3, + 0xe9, 0xa1, 0x70, 0xeb, 0xd2, 0x25, 0x9b, 0x7c, 0xca, 0x3e, 0x61, 0x84, 0x88, 0xc1, 0xc8, 0x65, + 0x2a, 0xbf, 0x63, 0x4e, 0x2e, 0xa9, 0x2c, 0x4b, 0x2e, 0x35, 0x89, 0xfe, 0xb3, 0xda, 0xe5, 0x7c, + 0xf8, 0x75, 0x20, 0xb2, 0x68, 0xa9, 0x6a, 0xcb, 0xaa, 0x2f, 0x40, 0xdf, 0x52, 0xd5, 0x16, 0x2f, + 0x41, 0x50, 0x13, 0xac, 0x87, 0x81, 0xcd, 0x60, 0x49, 0x8d, 0xbc, 0xf7, 0x14, 0x1a, 0xf9, 0x83, + 0xfe, 0xe1, 0xbe, 0x62, 0xbf, 0x4d, 0xaa, 0xee, 0x81, 0xf7, 0xc8, 0x8d, 0x0e, 0x55, 0x85, 0x15, + 0xeb, 0x2b, 0x98, 0x32, 0xaa, 0x17, 0x5f, 0x71, 0xc7, 0x27, 0x2c, 0x4c, 0x9f, 0x5d, 0xaa, 0xa0, + 0x77, 0x0a, 0x9a, 0x2c, 0xc6, 0xf8, 0x7a, 0x53, 0x77, 0x6a, 0xf8, 0x3e, 0xd2, 0x96, 0x85, 0xd6, + 0x3f, 0xec, 0xd7, 0xb8, 0x6b, 0x0f, 0x83, 0x3a, 0xf4, 0xee, 0x0e, 0x00, 0x9f, 0x21, 0x5a, 0xe7, + 0x98, 0x02, 0x38, 0x2a, 0x9c, 0x3e, 0xf8, 0x92, 0x6c, 0x6b, 0x48, 0xa7, 0x7d, 0x38, 0x24, 0x5c, + 0x75, 0x39, 0x91, 0x7c, 0x2b, 0xa7, 0x5c, 0x75, 0x05, 0xeb, 0xd0, 0xd6, 0x91, 0xc8, 0x0f, 0x93, + 0xfe, 0xed, 0x03, 0x78, 0xa7, 0xf4, 0x9a, 0xbc, 0x64, 0x4e, 0xf7, 0xed, 0x6c, 0x2e, 0xee, 0xcf, + 0x60, 0x86, 0xd1, 0xba, 0x8f, 0xf1, 0x60, 0xb1, 0xf2, 0x4d, 0x44, 0x3d, 0xbe, 0xb6, 0x0f, 0x62, + 0x3d, 0xaf, 0x77, 0xa8, 0x27, 0x46, 0x16, 0xf6, 0xf7, 0x98, 0x4f, 0x8d, 0xaa, 0x32, 0x3b, 0x9b, + 0x3f, 0x4e, 0x22, 0x7b, 0x7d, 0xc5, 0x6b, 0xb4, 0x7c, 0x57, 0x1d, 0x98, 0xf8, 0x24, 0x0a, 0x9a, + 0x35, 0x2a, 0xe0, 0xb6, 0x8e, 0x64, 0xbd, 0xd1, 0xd1, 0x01, 0x7c, 0x18, 0xfa, 0x77, 0x96, 0x76, + 0xd6, 0x8b, 0x05, 0xeb, 0x16, 0x80, 0x56, 0x13, 0xc0, 0xe0, 0xe6, 0x96, 0xbd, 0x51, 0x59, 0x2f, + 0xf6, 0x90, 0x19, 0x38, 0xf7, 0x68, 0x6d, 0x73, 0x79, 0xeb, 0x51, 0xb5, 0x56, 0xdd, 0xa8, 0xd8, + 0x3b, 0x4b, 0x15, 0x7b, 0xb9, 0x58, 0xb0, 0xbe, 0x86, 0x69, 0xb3, 0x87, 0xaf, 0x74, 0x12, 0x46, + 0x30, 0xa5, 0xf4, 0x99, 0x07, 0x8f, 0x76, 0x34, 0xc7, 0x50, 0x71, 0xf8, 0x4b, 0x3a, 0x38, 0x89, + 0x63, 0xa2, 0xf8, 0x8c, 0x34, 0x24, 0xf2, 0x16, 0x57, 0x0b, 0x92, 0x4f, 0x3f, 0x99, 0x5a, 0x50, + 0x8b, 0xf5, 0x02, 0x5c, 0xfa, 0xbe, 0x07, 0xd3, 0x66, 0xad, 0xa7, 0xb5, 0x52, 0xbd, 0x86, 0x1e, + 0xb3, 0xda, 0xcb, 0x10, 0x42, 0xf4, 0x6b, 0x03, 0xb1, 0xb2, 0x7e, 0x0f, 0x8a, 0x02, 0x2b, 0xde, + 0x79, 0xaf, 0x49, 0x33, 0x62, 0x21, 0xe3, 0x15, 0x9b, 0xf4, 0xdf, 0xf6, 0xa1, 0xc8, 0x56, 0x4c, + 0x41, 0xc9, 0x2b, 0x98, 0x86, 0x81, 0xf5, 0xf8, 0x3a, 0xc7, 0xe6, 0x3f, 0xf0, 0x81, 0x44, 0xe4, + 0x04, 0x91, 0x74, 0x27, 0x1b, 0xb1, 0xd5, 0x6f, 0xf2, 0x16, 0x0c, 0xde, 0x73, 0x9b, 0x91, 0x30, + 0x8d, 0xc4, 0x9b, 0x3c, 0x63, 0xcb, 0x0b, 0x6c, 0x81, 0x60, 0xd9, 0x70, 0x4e, 0xab, 0xf0, 0x0c, + 0x4d, 0x25, 0x25, 0x18, 0xda, 0xa4, 0xdf, 0x68, 0xf5, 0xcb, 0x9f, 0xd6, 0x7b, 0x70, 0x4e, 0xb8, + 0xea, 0x69, 0x62, 0xba, 0x2a, 0x1e, 0xdb, 0x16, 0x8c, 0x17, 0x7f, 0x82, 0x25, 0x16, 0x31, 0xba, + 0xdd, 0x56, 0xe3, 0x05, 0xe9, 0xd8, 0x46, 0x71, 0x46, 0xba, 0x37, 0xe5, 0x2d, 0x50, 0xb7, 0xe1, + 0xfc, 0xd3, 0x02, 0x94, 0x12, 0x56, 0x86, 0xa5, 0x43, 0xa7, 0xd9, 0xa4, 0xde, 0x01, 0x25, 0xd7, + 0xa1, 0x7f, 0x67, 0x6b, 0x67, 0x5b, 0x58, 0x49, 0xa5, 0x03, 0x00, 0x03, 0x29, 0x1c, 0x1b, 0x31, + 0xc8, 0x43, 0x38, 0x27, 0x9d, 0x71, 0x55, 0x91, 0x18, 0xa1, 0x4b, 0x9d, 0x5d, 0x7b, 0xd3, 0x74, + 0xe4, 0x1d, 0x61, 0x12, 0xf9, 0x71, 0xdb, 0x0d, 0x68, 0x03, 0x2d, 0x3f, 0xf1, 0x6d, 0xba, 0x56, + 0x62, 0xeb, 0x68, 0xfc, 0x69, 0xa4, 0xf5, 0x7b, 0x05, 0x98, 0xcd, 0xb1, 0x9a, 0x90, 0xb7, 0x8c, + 0xee, 0x4c, 0x69, 0xdd, 0x91, 0x28, 0xab, 0x3d, 0xa2, 0x3f, 0x4b, 0x9a, 0x87, 0x72, 0xdf, 0x19, + 0x3c, 0x94, 0x57, 0x7b, 0x62, 0xaf, 0xe4, 0x45, 0x80, 0x61, 0x09, 0xb7, 0x26, 0x61, 0xdc, 0x90, + 0x9b, 0x65, 0xc1, 0x98, 0x5e, 0x33, 0x1b, 0x9c, 0x25, 0xbf, 0xa1, 0x06, 0x87, 0xfd, 0x6d, 0xfd, + 0x6e, 0x01, 0xa6, 0xb1, 0x8b, 0x07, 0x2e, 0x5b, 0xfa, 0x62, 0x09, 0x2d, 0x18, 0x3d, 0x99, 0x37, + 0x7a, 0x92, 0xc0, 0x55, 0x5d, 0xfa, 0x30, 0xd5, 0xa5, 0xf9, 0xac, 0x2e, 0xe1, 0xf4, 0x76, 0x7d, + 0xcf, 0xe8, 0x89, 0x76, 0x15, 0xf5, 0xfb, 0x05, 0x98, 0xd2, 0xda, 0xa4, 0xda, 0x7f, 0xc7, 0x68, + 0xd2, 0xc5, 0x8c, 0x26, 0xa5, 0x84, 0xbc, 0x98, 0x6a, 0xd1, 0x6b, 0x9d, 0x5a, 0xd4, 0x55, 0xc6, + 0xff, 0xa5, 0x00, 0x33, 0x99, 0x32, 0x20, 0xe7, 0x99, 0x6e, 0x5b, 0x0f, 0x68, 0x24, 0xc4, 0x2b, + 0x7e, 0x31, 0xf8, 0x5a, 0x18, 0xb6, 0x69, 0x20, 0xbe, 0x73, 0xf1, 0x8b, 0xbc, 0x06, 0xe3, 0xdb, + 0x34, 0x70, 0xfd, 0x06, 0xf7, 0x5d, 0xe7, 0x4e, 0xa1, 0xe3, 0xb6, 0x09, 0x24, 0xf3, 0x30, 0x52, + 0x69, 0x1e, 0xf8, 0x81, 0x1b, 0x1d, 0xf2, 0xdb, 0xc0, 0x11, 0x3b, 0x06, 0x30, 0xde, 0xcb, 0xee, + 0x01, 0xbf, 0xd4, 0x60, 0xc4, 0xe2, 0x17, 0x5b, 0x5c, 0xa4, 0xb5, 0x70, 0x90, 0x2f, 0x2e, 0xd2, + 0x14, 0x78, 0x1e, 0x06, 0x3f, 0xb3, 0x71, 0x12, 0xe0, 0x83, 0x74, 0x5b, 0xfc, 0x22, 0x13, 0xe8, + 0x7d, 0x8c, 0xcf, 0x1d, 0xd0, 0xeb, 0xf8, 0x43, 0x98, 0xce, 0x92, 0x6b, 0xd6, 0x14, 0x12, 0xb4, + 0xbd, 0x8a, 0xf6, 0x4b, 0x98, 0xaa, 0x34, 0x1a, 0x1b, 0xf7, 0x2a, 0xdc, 0xe7, 0x40, 0x8c, 0x2a, + 0xff, 0x78, 0xb8, 0xbd, 0x4e, 0xa8, 0x6c, 0xfd, 0x6b, 0x9e, 0x1b, 0xd9, 0x53, 0x2b, 0xdf, 0xb8, + 0x61, 0xe4, 0x7a, 0x07, 0x9a, 0x51, 0xd1, 0x3e, 0xbf, 0x49, 0x9f, 0x65, 0x4c, 0x01, 0xb6, 0x9b, + 0x9a, 0xbc, 0x39, 0x3c, 0x83, 0xf9, 0xb4, 0xc6, 0x36, 0x5e, 0x4a, 0x66, 0x4d, 0xbe, 0x71, 0x41, + 0x5f, 0xa5, 0xfe, 0xc4, 0xfa, 0x1e, 0x9c, 0xe7, 0x4b, 0x5a, 0xa7, 0xc6, 0x8b, 0x66, 0xeb, 0x36, + 0x50, 0xeb, 0x7d, 0x69, 0xa5, 0xe8, 0xd8, 0x32, 0x7b, 0xcc, 0x68, 0x0b, 0x56, 0xf9, 0x5f, 0x0b, + 0x30, 0x97, 0x20, 0xad, 0x3e, 0xf7, 0xea, 0x72, 0x3d, 0x7d, 0x23, 0xe9, 0xdd, 0x8d, 0x7a, 0x00, + 0x37, 0xfe, 0xb9, 0x0d, 0xe5, 0xe0, 0x4d, 0x6e, 0x01, 0x70, 0x62, 0x6d, 0xfb, 0x46, 0xd3, 0xb7, + 0x70, 0xb2, 0xc1, 0x0d, 0x5c, 0x43, 0x21, 0x6d, 0xc8, 0x92, 0xbb, 0xf8, 0x46, 0xba, 0xd9, 0x86, + 0x31, 0x08, 0x03, 0x15, 0xe4, 0xb5, 0x1c, 0x23, 0x71, 0x16, 0x7f, 0xeb, 0x6f, 0xf7, 0xc1, 0xac, + 0x3e, 0x80, 0x2f, 0xd2, 0xd7, 0x6d, 0x18, 0x5d, 0xf2, 0xbd, 0x88, 0x7e, 0x13, 0x69, 0x8f, 0xe0, + 0x89, 0xba, 0x69, 0x57, 0x25, 0x42, 0x75, 0xe4, 0x80, 0x1a, 0xd3, 0x63, 0x0c, 0x67, 0xc1, 0x18, + 0x91, 0x2c, 0xc1, 0xf8, 0x26, 0x7d, 0x96, 0x12, 0x20, 0x3a, 0x2c, 0x7a, 0xf4, 0x59, 0x4d, 0x13, + 0xa2, 0xee, 0x45, 0x66, 0xd0, 0x90, 0x7d, 0x98, 0x90, 0x93, 0xcb, 0x10, 0xe6, 0x9c, 0xbe, 0xab, + 0x98, 0xd3, 0x99, 0x3f, 0x13, 0x67, 0x35, 0xe4, 0xc8, 0x30, 0xc1, 0x91, 0x75, 0x9d, 0xd7, 0xc8, + 0x5f, 0x3e, 0x9b, 0xdb, 0x96, 0x56, 0x62, 0xb8, 0x83, 0x26, 0x5f, 0x3c, 0xeb, 0x2c, 0xac, 0x6d, + 0x28, 0xa5, 0xc7, 0x43, 0xd4, 0xf6, 0x0e, 0x0c, 0x72, 0xa8, 0x50, 0x03, 0x64, 0x7c, 0x13, 0x85, + 0xcd, 0xcf, 0xe9, 0xbc, 0x1a, 0x5b, 0xe0, 0x5a, 0xab, 0x68, 0x3b, 0x51, 0x38, 0x4a, 0x11, 0xbb, + 0x9d, 0x1c, 0x5e, 0xf4, 0xb4, 0x95, 0xc3, 0xab, 0xfb, 0x99, 0xc8, 0x57, 0x0b, 0x4b, 0x68, 0x7e, + 0xd2, 0x39, 0x89, 0x86, 0xdd, 0x80, 0x21, 0x01, 0x4a, 0x44, 0x5e, 0x89, 0x3f, 0x3f, 0x89, 0x60, + 0x7d, 0x08, 0x17, 0xd0, 0x16, 0xe6, 0x7a, 0x07, 0x4d, 0xba, 0x1b, 0x1a, 0xef, 0x0e, 0xba, 0x7d, + 0xd6, 0x1f, 0xc3, 0x5c, 0x16, 0x6d, 0xd7, 0x2f, 0x9b, 0xc7, 0x42, 0xf8, 0x8b, 0x5e, 0x98, 0x5e, + 0x0b, 0x75, 0x65, 0x42, 0x48, 0xe2, 0x66, 0xd6, 0x2b, 0x7d, 0x94, 0xc9, 0x6a, 0x4f, 0xd6, 0x2b, + 0xfc, 0x77, 0xb4, 0x57, 0x8f, 0xbd, 0x9d, 0x9e, 0xdf, 0xb3, 0x6d, 0x4b, 0xbd, 0x7b, 0x7c, 0x03, + 0xfa, 0x37, 0xd9, 0x52, 0xdd, 0x27, 0xc6, 0x8e, 0x53, 0x30, 0x10, 0xbe, 0x3a, 0x64, 0x5b, 0x24, + 0xfb, 0x41, 0xee, 0xa5, 0xde, 0x36, 0xf6, 0x77, 0x7f, 0x5e, 0xbe, 0xda, 0x93, 0x7a, 0xe6, 0xf8, + 0x1e, 0x8c, 0x56, 0x1a, 0x47, 0xdc, 0x23, 0xd0, 0xf7, 0x12, 0x9f, 0xa5, 0x56, 0xb2, 0xda, 0x63, + 0xeb, 0x88, 0xec, 0x84, 0x5b, 0x69, 0xb5, 0x70, 0xa3, 0xca, 0x7a, 0x72, 0xbf, 0xda, 0x83, 0x0e, + 0xf6, 0x8b, 0xc3, 0x30, 0xb8, 0xe3, 0x04, 0x07, 0x34, 0xb2, 0xbe, 0x84, 0x39, 0xe1, 0xa4, 0xc2, + 0x2d, 0x7f, 0xe8, 0xca, 0x12, 0xc6, 0x7e, 0x48, 0x9d, 0x1c, 0x4b, 0x2e, 0x03, 0xa0, 0x9e, 0xbf, + 0xe6, 0x35, 0xe8, 0x37, 0xc2, 0x4b, 0x4e, 0x83, 0x58, 0xef, 0xc2, 0x88, 0x92, 0x10, 0x2a, 0xb3, + 0xda, 0x66, 0x87, 0xd2, 0x9a, 0x36, 0x1e, 0x73, 0xca, 0x17, 0x9c, 0x17, 0x8c, 0xbe, 0x8b, 0x10, + 0x1a, 0x5c, 0xfb, 0x75, 0x61, 0x26, 0x31, 0x09, 0xe2, 0x37, 0xda, 0x4a, 0xff, 0xe4, 0x6e, 0x7c, + 0xea, 0x77, 0x52, 0x3d, 0xed, 0x3d, 0x95, 0x7a, 0x6a, 0xfd, 0x93, 0x5e, 0x3c, 0x38, 0xa5, 0xe4, + 0x91, 0xb0, 0x41, 0xe9, 0x76, 0xb0, 0x45, 0x18, 0xc1, 0xde, 0x2f, 0xcb, 0x37, 0x65, 0x9d, 0x7d, + 0x2c, 0x86, 0x7f, 0x76, 0x5c, 0xee, 0x41, 0xc7, 0x8a, 0x98, 0x8c, 0x7c, 0x02, 0x43, 0x2b, 0x5e, + 0x03, 0x39, 0xf4, 0x9d, 0x81, 0x83, 0x24, 0x62, 0x63, 0x82, 0x4d, 0xde, 0x61, 0x9f, 0x30, 0x37, + 0x5d, 0xd8, 0x1a, 0x24, 0x3e, 0xc1, 0x0d, 0xe4, 0x9d, 0xe0, 0x06, 0x13, 0x27, 0x38, 0x0b, 0x06, + 0xb6, 0x82, 0x86, 0x08, 0x7d, 0x31, 0xb1, 0x30, 0x26, 0x04, 0x87, 0x30, 0x9b, 0x17, 0x59, 0xff, + 0xbd, 0x00, 0xb3, 0xf7, 0x69, 0x94, 0x39, 0x87, 0x0c, 0xa9, 0x14, 0x5e, 0x5a, 0x2a, 0xbd, 0x2f, + 0x22, 0x15, 0xd5, 0xeb, 0xbe, 0xbc, 0x5e, 0xf7, 0xe7, 0xf5, 0x7a, 0x20, 0xbf, 0xd7, 0xf7, 0x61, + 0x90, 0x77, 0x95, 0x9d, 0x52, 0xd7, 0x22, 0x7a, 0x14, 0x9f, 0x52, 0x75, 0x0f, 0x31, 0x9b, 0x97, + 0x31, 0x45, 0x72, 0xdd, 0x09, 0xf5, 0x53, 0xaa, 0xf8, 0x69, 0xfd, 0x08, 0x5f, 0xa3, 0xae, 0xfb, + 0xf5, 0x27, 0x9a, 0xb5, 0x73, 0x88, 0x7f, 0xa1, 0x49, 0xeb, 0x38, 0xc3, 0xe2, 0x25, 0xb6, 0xc4, + 0x20, 0x57, 0x60, 0x74, 0xcd, 0xbb, 0xe7, 0x07, 0x75, 0xba, 0xe5, 0x35, 0x39, 0xf7, 0x61, 0x5b, + 0x07, 0x09, 0x2b, 0x80, 0xa8, 0x21, 0x3e, 0x5a, 0x23, 0x20, 0x71, 0xb4, 0x66, 0xb0, 0xbd, 0x05, + 0x9b, 0x97, 0x09, 0x23, 0x03, 0xfb, 0xbb, 0xd3, 0xa9, 0x54, 0x1d, 0x5f, 0xbb, 0x21, 0xee, 0xc3, + 0x05, 0x9b, 0xb6, 0x9a, 0x0e, 0xd3, 0xe9, 0x8e, 0x7c, 0x8e, 0xaf, 0xfa, 0x7c, 0x25, 0xe3, 0x25, + 0x99, 0xe9, 0x2f, 0xa0, 0x9a, 0xdc, 0xdb, 0xa1, 0xc9, 0x47, 0x70, 0xf5, 0x3e, 0x8d, 0xcc, 0x05, + 0x35, 0xb6, 0xa5, 0x8a, 0xce, 0xaf, 0xc2, 0x70, 0x68, 0xda, 0x81, 0x2f, 0xcb, 0xeb, 0x87, 0x2c, + 0xc2, 0xbd, 0xbb, 0xf2, 0xa6, 0x44, 0xf0, 0x51, 0x7f, 0x59, 0x9f, 0x42, 0x39, 0xaf, 0xba, 0xd3, + 0xb9, 0x73, 0xba, 0x70, 0x25, 0x9f, 0x81, 0x68, 0xee, 0x0a, 0x48, 0x9b, 0xb1, 0xf8, 0x84, 0xba, + 0xb5, 0xd6, 0x34, 0x33, 0x8b, 0x3f, 0xac, 0x45, 0xe9, 0xd8, 0xf6, 0x12, 0xcd, 0xad, 0xe1, 0x75, + 0xac, 0xc9, 0x20, 0x96, 0x6b, 0x05, 0x86, 0x25, 0x4c, 0xc8, 0x75, 0x36, 0xb3, 0xa5, 0x52, 0xa0, + 0x0d, 0xc9, 0x40, 0x91, 0x59, 0x3f, 0x92, 0x57, 0x13, 0x26, 0xc5, 0xe9, 0x9e, 0x56, 0x9e, 0xe6, + 0x2e, 0xc2, 0xf2, 0xe1, 0x82, 0xc9, 0x5b, 0x37, 0x39, 0x17, 0x35, 0x93, 0x33, 0xb7, 0x34, 0x5f, + 0x31, 0x4d, 0xa0, 0xbd, 0x62, 0x5e, 0xc6, 0x20, 0x72, 0x59, 0x37, 0x2c, 0x8f, 0xa5, 0xdf, 0x6a, + 0xde, 0x86, 0xb9, 0xac, 0x0a, 0xb5, 0x73, 0xa0, 0xb2, 0x5e, 0x0a, 0x7d, 0x67, 0x19, 0x2e, 0xcb, + 0xe0, 0x33, 0xbe, 0x1f, 0x85, 0x51, 0xe0, 0xb4, 0xaa, 0xf5, 0xc0, 0x6d, 0xc5, 0x54, 0x16, 0x0c, + 0x72, 0x88, 0x90, 0x04, 0xbf, 0xe6, 0xe1, 0x38, 0xa2, 0xc4, 0xfa, 0xcd, 0x02, 0x58, 0x86, 0x0f, + 0x12, 0x8e, 0xf3, 0x76, 0xe0, 0x3f, 0x75, 0x1b, 0xda, 0xd5, 0xca, 0x5b, 0x86, 0x59, 0x8f, 0x3f, + 0x89, 0x4b, 0xba, 0x3f, 0x8b, 0x35, 0xf3, 0x76, 0xc2, 0xd4, 0xc6, 0x15, 0x4f, 0xf4, 0x4b, 0x7a, + 0x42, 0xf5, 0x27, 0x25, 0xca, 0x04, 0xf7, 0x3f, 0x0b, 0x70, 0xad, 0x63, 0x1b, 0x44, 0x7f, 0xf6, + 0xa1, 0x98, 0x2c, 0x13, 0x33, 0xa8, 0xac, 0xf9, 0x24, 0xa4, 0x39, 0xec, 0xdd, 0xe1, 0x3e, 0xd6, + 0xd2, 0x77, 0xa7, 0xa5, 0x38, 0xa7, 0xf8, 0x9d, 0xbd, 0xf5, 0xe4, 0x03, 0x80, 0x1d, 0x3f, 0x72, + 0x9a, 0x4b, 0x68, 0x00, 0xe8, 0x8b, 0xfd, 0xe5, 0x23, 0x06, 0xad, 0x25, 0xa3, 0x1f, 0x68, 0xc8, + 0xd6, 0x0f, 0xf0, 0xbb, 0xce, 0x6e, 0xf4, 0xe9, 0x3e, 0xb5, 0x25, 0xb8, 0x96, 0xb8, 0x17, 0x7f, + 0x01, 0x26, 0x11, 0xcc, 0x30, 0xf1, 0x33, 0xdd, 0xfb, 0x7e, 0xe0, 0xb7, 0x5b, 0xbf, 0x9c, 0x51, + 0xff, 0x93, 0x02, 0x77, 0x54, 0xd4, 0xab, 0x15, 0x03, 0xbd, 0x04, 0x10, 0x43, 0x13, 0x0e, 0xeb, + 0xaa, 0x60, 0xef, 0x0e, 0x3f, 0x72, 0xa3, 0xc5, 0xfc, 0x80, 0x33, 0xd0, 0xc8, 0x7e, 0xb9, 0x23, + 0x79, 0x17, 0x2f, 0xc3, 0x55, 0xed, 0xa7, 0x93, 0xfb, 0x7b, 0xd2, 0xfe, 0x71, 0x46, 0xba, 0x43, + 0x98, 0x66, 0x2b, 0x40, 0xa5, 0x1d, 0x1d, 0xfa, 0x81, 0x1b, 0xc9, 0xa7, 0x17, 0x64, 0x5b, 0x3c, + 0x1a, 0xe7, 0x54, 0x1f, 0xff, 0xe2, 0xb8, 0xfc, 0xfe, 0x59, 0x82, 0x02, 0x4a, 0x9e, 0x3b, 0xea, + 0xa1, 0xb9, 0x35, 0x0b, 0x7d, 0x4b, 0xf6, 0x3a, 0x2e, 0x78, 0xf6, 0xba, 0x5a, 0xf0, 0xec, 0x75, + 0xeb, 0xaf, 0x7a, 0xa1, 0xcc, 0xc3, 0x5a, 0xa0, 0x0f, 0x45, 0x6c, 0xb5, 0xd0, 0x9c, 0x32, 0x4e, + 0x6b, 0x60, 0x48, 0x84, 0xad, 0xe8, 0x3d, 0x4d, 0xd8, 0x8a, 0x5f, 0x83, 0x1c, 0x93, 0xd5, 0x29, + 0xac, 0x00, 0x6f, 0x9e, 0x1c, 0x97, 0xaf, 0xc5, 0x56, 0x00, 0x5e, 0x9a, 0x65, 0x0e, 0xc8, 0xa9, + 0x22, 0x6d, 0xbf, 0xe8, 0x7f, 0x01, 0xfb, 0xc5, 0x6d, 0x18, 0xc2, 0xc3, 0xcc, 0xda, 0xb6, 0xf0, + 0x6a, 0xc4, 0xe9, 0x89, 0x81, 0x6a, 0x6a, 0xae, 0x1e, 0x2d, 0x4c, 0xa2, 0x59, 0x7f, 0xaf, 0x17, + 0xae, 0xe4, 0xcb, 0x5c, 0xb4, 0x6d, 0x19, 0x20, 0xf6, 0xde, 0xe8, 0xe4, 0x2d, 0x82, 0xdf, 0xce, + 0x33, 0xba, 0xaf, 0xbc, 0xb5, 0x34, 0x3a, 0xa6, 0xfb, 0xc8, 0x87, 0xbe, 0x89, 0xab, 0x02, 0xe3, + 0xfd, 0xaf, 0x08, 0x75, 0x29, 0x40, 0x46, 0xa8, 0x4b, 0x01, 0x23, 0xfb, 0x30, 0xbb, 0x1d, 0xb8, + 0x4f, 0x9d, 0x88, 0x3e, 0xa4, 0xcf, 0xf9, 0x43, 0x98, 0x15, 0xf1, 0xfa, 0x85, 0xbf, 0xde, 0xbe, + 0x7e, 0x72, 0x5c, 0x7e, 0xad, 0xc5, 0x51, 0xd8, 0x87, 0x59, 0xe3, 0x4f, 0x0f, 0x6b, 0xe9, 0x07, + 0x31, 0x79, 0x8c, 0xac, 0x7f, 0x5b, 0x80, 0x8b, 0xa8, 0x96, 0x0b, 0xb3, 0xab, 0xac, 0xfc, 0x85, + 0x9c, 0x06, 0xf5, 0x0e, 0x8a, 0xb9, 0x88, 0x4e, 0x83, 0xc6, 0x43, 0x68, 0xdb, 0x40, 0x23, 0x6b, + 0x30, 0x2a, 0x7e, 0xe3, 0xf7, 0xd7, 0x87, 0x07, 0x82, 0x19, 0x6d, 0xc1, 0xc2, 0xa9, 0xce, 0x4d, + 0x45, 0x38, 0xb1, 0x05, 0x33, 0x7c, 0x2f, 0x68, 0xeb, 0xb4, 0xd6, 0xcf, 0x7b, 0x61, 0x7e, 0x8f, + 0x06, 0xee, 0xe3, 0xe7, 0x39, 0x9d, 0xd9, 0x82, 0x69, 0x09, 0xe2, 0xa1, 0x2d, 0x8c, 0x4f, 0x8c, + 0x87, 0xbb, 0x93, 0x4d, 0x15, 0xb1, 0x31, 0xe4, 0x17, 0x97, 0x49, 0x78, 0x06, 0x77, 0xc0, 0x77, + 0x60, 0x38, 0x11, 0x5c, 0x06, 0xc7, 0x5f, 0x7e, 0xa1, 0xf1, 0x50, 0xad, 0xf6, 0xd8, 0x0a, 0x93, + 0xfc, 0x56, 0xfe, 0xfd, 0x8d, 0x30, 0x7d, 0x74, 0xb3, 0x7f, 0xe2, 0x07, 0xcb, 0x3e, 0x56, 0x47, + 0x2b, 0xcd, 0xf8, 0x60, 0x57, 0x7b, 0xec, 0xbc, 0x9a, 0x16, 0x47, 0x61, 0xa4, 0x82, 0x77, 0x52, + 0xec, 0xe4, 0xfe, 0x3f, 0x7a, 0xe1, 0xb2, 0x7c, 0xd4, 0x92, 0x23, 0xe6, 0xcf, 0x61, 0x56, 0x82, + 0x2a, 0x2d, 0xa6, 0x30, 0xd0, 0x86, 0x29, 0x69, 0x1e, 0x72, 0x52, 0x4a, 0xda, 0x11, 0x38, 0xb1, + 0xb0, 0xf3, 0xc8, 0x5f, 0x8d, 0xf5, 0xf3, 0x93, 0xac, 0x50, 0x3f, 0x68, 0x85, 0xd4, 0xd7, 0x4c, + 0x43, 0x34, 0xc6, 0xfa, 0xd9, 0x48, 0x59, 0x4f, 0xfb, 0x5f, 0xd6, 0x7a, 0xba, 0xda, 0x93, 0xb4, + 0x9f, 0x2e, 0x4e, 0xc0, 0xd8, 0x26, 0x7d, 0x16, 0xcb, 0xfd, 0xff, 0x2d, 0x24, 0x22, 0x0d, 0x30, + 0x0d, 0x83, 0x87, 0x1c, 0x28, 0xc4, 0xd1, 0x62, 0x30, 0xd2, 0x80, 0xae, 0x61, 0x70, 0xd4, 0x35, + 0x18, 0xe2, 0x17, 0xb5, 0x8d, 0x53, 0x9c, 0xf0, 0xd5, 0xeb, 0x14, 0xfe, 0x64, 0xb0, 0xc1, 0x0f, + 0xfb, 0x82, 0xde, 0x7a, 0x08, 0x57, 0x85, 0xff, 0xb2, 0x39, 0xf8, 0x58, 0xd1, 0x19, 0xb7, 0x2f, + 0xcb, 0x81, 0xcb, 0xf7, 0x69, 0x72, 0xe9, 0x31, 0x5e, 0xef, 0x7c, 0x0a, 0x93, 0x06, 0x5c, 0x71, + 0x44, 0xad, 0x54, 0xcd, 0x21, 0xc5, 0x3a, 0x89, 0x6d, 0x5d, 0xc9, 0xaa, 0x42, 0x6f, 0xac, 0x45, + 0x31, 0x76, 0x64, 0x10, 0x5f, 0xb1, 0x85, 0x67, 0x58, 0xf5, 0xae, 0x6b, 0xdf, 0x35, 0x5f, 0xf1, + 0x78, 0x10, 0x39, 0xb9, 0xf3, 0xaa, 0x52, 0x6b, 0xdc, 0xb8, 0x0b, 0xb0, 0x26, 0x60, 0x4c, 0x16, + 0x35, 0x69, 0x18, 0x5a, 0x3f, 0x1d, 0x00, 0x4b, 0x08, 0x36, 0xeb, 0xf6, 0x59, 0xca, 0x63, 0x3f, + 0xd5, 0x58, 0xb1, 0x51, 0x9d, 0xd7, 0xc3, 0x16, 0xc6, 0xa5, 0x7c, 0xe6, 0xa1, 0x9e, 0x57, 0x8f, + 0xa1, 0xc6, 0xcc, 0x4b, 0xf5, 0xfe, 0xab, 0x9c, 0x65, 0x92, 0x7f, 0x6c, 0xaf, 0x9f, 0x1c, 0x97, + 0xaf, 0xe6, 0x2c, 0x93, 0x06, 0xdf, 0xec, 0x25, 0xd3, 0x36, 0xaf, 0x44, 0xfa, 0x5e, 0xe4, 0x4a, + 0x84, 0x7d, 0x91, 0xfa, 0xa5, 0xc8, 0xae, 0x29, 0x4b, 0xf1, 0x3d, 0xca, 0x2b, 0x6d, 0xbd, 0x48, + 0x3c, 0xf8, 0xd7, 0x20, 0x06, 0x57, 0x83, 0x0d, 0x71, 0xa1, 0xa8, 0xd9, 0x2c, 0x97, 0x0e, 0x69, + 0xfd, 0x89, 0xb0, 0x15, 0xcb, 0x0b, 0xdd, 0x2c, 0x9b, 0x39, 0x0f, 0x5f, 0xcb, 0xbf, 0x73, 0x5e, + 0x50, 0xab, 0x33, 0x52, 0x3d, 0x60, 0x41, 0x92, 0x2d, 0xf9, 0x09, 0x4c, 0xa9, 0xa1, 0x4e, 0xb8, + 0x1f, 0x8d, 0x2e, 0xbc, 0x16, 0xc7, 0xb9, 0x3c, 0x7a, 0xec, 0xdc, 0x7c, 0x7a, 0xe7, 0x66, 0x06, + 0x2e, 0x7f, 0x07, 0x5f, 0x97, 0x05, 0x9a, 0xef, 0x91, 0x7e, 0xd1, 0x95, 0x45, 0xa8, 0x5d, 0x67, + 0xff, 0x5d, 0xe5, 0x2c, 0xcf, 0xf4, 0x05, 0xb7, 0x49, 0xc5, 0xab, 0x17, 0x39, 0xfb, 0x72, 0xae, + 0xe2, 0x0a, 0xdf, 0xf2, 0x55, 0xdc, 0x3f, 0xeb, 0x95, 0x4f, 0x04, 0xd2, 0xb7, 0xa1, 0x67, 0xbe, + 0x91, 0xcb, 0xec, 0xc1, 0xa9, 0x36, 0xd3, 0xcc, 0xc6, 0x91, 0x45, 0x79, 0x9f, 0xa9, 0x82, 0x4e, + 0x4d, 0xa8, 0xbb, 0x81, 0xb8, 0xc0, 0xb8, 0xe2, 0x44, 0xd5, 0x45, 0xa3, 0x4a, 0x5e, 0x96, 0xf5, + 0xbd, 0xfc, 0x65, 0xd9, 0xbf, 0x18, 0x81, 0x73, 0xdb, 0xce, 0x81, 0xeb, 0xb1, 0x45, 0xdb, 0xa6, + 0xa1, 0xdf, 0x0e, 0xea, 0x94, 0x54, 0x60, 0xc2, 0xf4, 0xff, 0xec, 0xe2, 0xdd, 0xca, 0xf6, 0x25, + 0x13, 0x46, 0x16, 0x60, 0x44, 0xbd, 0x39, 0x15, 0x9b, 0x49, 0xc6, 0x5b, 0xd4, 0xd5, 0x1e, 0x3b, + 0x46, 0x23, 0x1f, 0x18, 0xf7, 0x3b, 0x93, 0xea, 0xf9, 0x34, 0xe2, 0x2e, 0x70, 0x07, 0x3d, 0xcf, + 0x6f, 0x98, 0x1b, 0x22, 0xbf, 0xc4, 0xf8, 0x51, 0xea, 0xca, 0x67, 0xc0, 0x68, 0x71, 0xca, 0xee, + 0x85, 0xba, 0x40, 0x6e, 0xfc, 0xe0, 0x8c, 0xcb, 0xa0, 0x2f, 0x61, 0xf4, 0x61, 0x7b, 0x9f, 0xca, + 0xcb, 0xad, 0x41, 0xb1, 0x3f, 0x26, 0xbd, 0x9a, 0x45, 0xf9, 0xde, 0x5d, 0x3e, 0x06, 0x4f, 0xda, + 0xfb, 0x34, 0x1d, 0x98, 0x9a, 0x2d, 0x4c, 0x1a, 0x33, 0x72, 0x08, 0xc5, 0xa4, 0x03, 0xb2, 0x08, + 0xd3, 0xd6, 0xc1, 0x6d, 0x1a, 0x43, 0x79, 0x68, 0xe1, 0xaf, 0xb9, 0x5b, 0xa4, 0x51, 0x49, 0x8a, + 0x2b, 0xf9, 0x75, 0x98, 0xc9, 0xb4, 0x3a, 0xaa, 0x27, 0x54, 0x9d, 0x0d, 0x9a, 0xb8, 0xa8, 0x27, + 0xa4, 0x26, 0xdf, 0x6b, 0x19, 0x35, 0x67, 0xd7, 0x42, 0x1a, 0x30, 0x99, 0x70, 0xac, 0x15, 0x11, + 0xfe, 0xf3, 0x5d, 0x75, 0x71, 0x63, 0x92, 0xe1, 0x50, 0x33, 0xeb, 0x4a, 0xb2, 0x24, 0xeb, 0x30, + 0xa2, 0x8e, 0xfb, 0x22, 0xfa, 0x56, 0x96, 0x69, 0xa3, 0x74, 0x72, 0x5c, 0x9e, 0x8e, 0x4d, 0x1b, + 0x06, 0xcf, 0x98, 0x01, 0xf9, 0x0d, 0xb8, 0xaa, 0xa6, 0xe8, 0x56, 0x90, 0x6d, 0x04, 0x12, 0xe1, + 0xb5, 0x6f, 0x24, 0x67, 0x78, 0x1e, 0xfe, 0xde, 0x9d, 0xc5, 0xde, 0x52, 0x61, 0xb5, 0xc7, 0xee, + 0xce, 0x9a, 0xfc, 0xb4, 0x00, 0xe7, 0x73, 0x6a, 0x1d, 0xc3, 0x5a, 0xbb, 0x5a, 0xe6, 0x50, 0xb9, + 0xc7, 0x67, 0x43, 0x6e, 0x23, 0x7e, 0x5e, 0x27, 0x4d, 0x74, 0x46, 0xbf, 0x73, 0x6a, 0x22, 0x6f, + 0xc3, 0x20, 0x9e, 0x91, 0xc3, 0xd2, 0x38, 0x6a, 0x91, 0x18, 0xc1, 0x06, 0x4f, 0xd2, 0xfa, 0xbe, + 0x21, 0x70, 0xc8, 0x2a, 0xd3, 0xc6, 0x70, 0xdf, 0x92, 0xda, 0x93, 0x88, 0x77, 0x25, 0x34, 0x7a, + 0x5e, 0x24, 0xa3, 0x5c, 0x18, 0x71, 0xd4, 0x4d, 0xb2, 0x45, 0x80, 0xe1, 0x40, 0xac, 0x4a, 0x0f, + 0xfa, 0x87, 0xfb, 0x8b, 0x03, 0xfc, 0xc3, 0x91, 0x1e, 0xdb, 0xbf, 0x3d, 0xcc, 0x9f, 0x77, 0xee, + 0x7a, 0xee, 0x63, 0x37, 0x5e, 0xc0, 0x74, 0xeb, 0x5a, 0x9c, 0xce, 0x44, 0xe8, 0xbe, 0x39, 0x89, + 0x4b, 0x94, 0x21, 0xae, 0xb7, 0xab, 0x21, 0xee, 0xae, 0x76, 0x65, 0xa5, 0xc5, 0x9e, 0xe4, 0x3a, + 0x8e, 0x69, 0xf8, 0x8a, 0xef, 0xb2, 0xbe, 0x86, 0x41, 0x0c, 0x17, 0xc9, 0xef, 0x03, 0x47, 0x17, + 0x6e, 0x8a, 0x65, 0xbb, 0x43, 0xf3, 0x79, 0x7c, 0x49, 0xf1, 0x64, 0x9b, 0x4b, 0x1c, 0x01, 0x86, + 0xc4, 0x11, 0x42, 0x76, 0x60, 0x6a, 0x3b, 0xa0, 0x0d, 0xe1, 0x37, 0xdc, 0x0a, 0x84, 0x71, 0x82, + 0x9b, 0x3d, 0x70, 0xcb, 0x6f, 0xc9, 0xe2, 0x1a, 0x55, 0xe5, 0xfa, 0x86, 0x9a, 0x41, 0x4e, 0x56, + 0x60, 0xa2, 0x4a, 0x9d, 0xa0, 0x7e, 0xf8, 0x90, 0x3e, 0x67, 0xea, 0x8e, 0x11, 0xc3, 0x3f, 0xc4, + 0x12, 0xd6, 0x5f, 0x2c, 0xd2, 0x7d, 0x3c, 0x4c, 0x22, 0xf2, 0x03, 0x18, 0xac, 0xfa, 0x41, 0xb4, + 0xf8, 0x5c, 0x2c, 0x6a, 0xf2, 0xc6, 0x88, 0x03, 0x17, 0x2f, 0xc8, 0x3c, 0x06, 0xa1, 0x1f, 0x44, + 0xb5, 0x7d, 0x23, 0x24, 0x12, 0x47, 0x21, 0xcf, 0x61, 0xda, 0x5c, 0x50, 0x84, 0x3b, 0xeb, 0xb0, + 0x50, 0xb3, 0xb2, 0x56, 0x2d, 0x8e, 0xb2, 0x78, 0x5d, 0x70, 0xbf, 0x92, 0x5c, 0xb6, 0x1e, 0x63, + 0xb9, 0x1e, 0xa5, 0x28, 0x8b, 0x9e, 0x6c, 0x60, 0xfa, 0x07, 0xde, 0xa3, 0x4a, 0xc8, 0xdd, 0x60, + 0x47, 0xe2, 0xa0, 0x5b, 0x6d, 0x5c, 0x94, 0x50, 0x12, 0x4e, 0x98, 0xcc, 0x19, 0x62, 0xa7, 0x48, + 0xc9, 0x36, 0x9c, 0xdb, 0x0d, 0xe9, 0x76, 0x40, 0x9f, 0xba, 0xf4, 0x99, 0xe4, 0x07, 0x71, 0x84, + 0x22, 0xc6, 0xaf, 0xc5, 0x4b, 0xb3, 0x18, 0xa6, 0x89, 0xc9, 0x07, 0x00, 0xdb, 0xae, 0xe7, 0xd1, + 0x06, 0x5e, 0x3b, 0x8e, 0x22, 0x2b, 0x34, 0xa9, 0xb6, 0x10, 0x5a, 0xf3, 0xbd, 0xa6, 0x2e, 0x52, + 0x0d, 0x99, 0x2c, 0xc2, 0xf8, 0x9a, 0x57, 0x6f, 0xb6, 0x85, 0x7b, 0x40, 0x88, 0x0b, 0x8a, 0x88, + 0x9c, 0xe6, 0xf2, 0x82, 0x5a, 0xea, 0x23, 0x37, 0x49, 0xc8, 0x43, 0x20, 0x02, 0x20, 0x66, 0xad, + 0xb3, 0xdf, 0xa4, 0xe2, 0x73, 0x47, 0x53, 0x89, 0x64, 0x84, 0xd3, 0xdd, 0x08, 0x48, 0x96, 0x22, + 0x9b, 0xfb, 0x00, 0x46, 0xb5, 0x39, 0x9f, 0x11, 0x83, 0x60, 0x5a, 0x8f, 0x41, 0x30, 0xa2, 0xc7, + 0x1a, 0xf8, 0x07, 0x05, 0x98, 0xcf, 0xfe, 0x96, 0x84, 0x02, 0xb6, 0x05, 0x23, 0x0a, 0xa8, 0x5e, + 0x9d, 0x48, 0xd5, 0x3f, 0xa1, 0x01, 0xf1, 0x0f, 0x5a, 0xae, 0x3c, 0x7a, 0xef, 0x63, 0x1e, 0x2f, + 0x60, 0x8f, 0xff, 0xff, 0x86, 0x61, 0x1a, 0xbd, 0xab, 0x93, 0xeb, 0xd4, 0xa7, 0x18, 0x4b, 0x04, + 0x61, 0x9a, 0x79, 0x59, 0x58, 0x9a, 0x38, 0x3c, 0x19, 0xf8, 0xca, 0x20, 0x20, 0xef, 0xea, 0x3e, + 0x11, 0xbd, 0x5a, 0xc2, 0x09, 0x09, 0xd4, 0xbb, 0x10, 0x3b, 0x4b, 0xbc, 0x65, 0x5c, 0xc9, 0x9f, + 0x7a, 0xd1, 0xeb, 0x3f, 0xed, 0xa2, 0xb7, 0xab, 0x16, 0x3d, 0x1e, 0xa3, 0xe2, 0x4d, 0x6d, 0xd1, + 0x7b, 0xf5, 0xab, 0xdd, 0xe0, 0xab, 0x5e, 0xed, 0x86, 0x5e, 0x6e, 0xb5, 0x1b, 0x7e, 0xc1, 0xd5, + 0xee, 0x1e, 0x4c, 0x6c, 0x52, 0xda, 0xd0, 0x2e, 0x4a, 0x46, 0xe2, 0xdd, 0xd3, 0xa3, 0x68, 0x02, + 0xcb, 0xba, 0x2d, 0x49, 0x50, 0xe5, 0xae, 0x9a, 0xf0, 0x37, 0xb3, 0x6a, 0x8e, 0xbe, 0xe2, 0x55, + 0x73, 0xec, 0x65, 0x56, 0xcd, 0xd4, 0xd2, 0x37, 0x7e, 0xe6, 0xa5, 0xef, 0x65, 0x56, 0xab, 0x4f, + 0xd0, 0xa5, 0xb0, 0x5a, 0x5d, 0x15, 0xde, 0x23, 0x9a, 0xbb, 0xc6, 0xaa, 0x1f, 0x4a, 0x8f, 0x6b, + 0xfc, 0x9b, 0xc1, 0xb6, 0xfd, 0x40, 0x5e, 0x79, 0xe3, 0xdf, 0xd6, 0x22, 0x3a, 0x12, 0xea, 0xf4, + 0xca, 0x5d, 0x7f, 0x48, 0x3c, 0xd9, 0x13, 0x6b, 0x5c, 0xf2, 0x18, 0x65, 0xcb, 0x72, 0xeb, 0x2f, + 0x0a, 0xfc, 0x52, 0xf2, 0xff, 0xc4, 0xa5, 0xf2, 0x65, 0x2e, 0x0a, 0x7f, 0x2b, 0x7e, 0xca, 0x2f, + 0xc2, 0x0e, 0x04, 0x4e, 0xfd, 0x49, 0x7c, 0x53, 0xfb, 0x43, 0xf6, 0x9d, 0xeb, 0x05, 0x18, 0x58, + 0x35, 0x3e, 0x2b, 0x9a, 0x85, 0x7b, 0x77, 0xe4, 0x02, 0x20, 0x22, 0x1a, 0x70, 0xb0, 0xb9, 0x00, + 0xe8, 0x04, 0xe8, 0x2b, 0x37, 0x69, 0xd9, 0xfc, 0x25, 0x7a, 0x66, 0x0b, 0xde, 0x4b, 0xbf, 0xa5, + 0xc6, 0xc3, 0x48, 0xfc, 0x96, 0x5a, 0x17, 0x63, 0xfc, 0xaa, 0x7a, 0x17, 0x2e, 0xda, 0xf4, 0xc8, + 0x7f, 0x4a, 0x5f, 0x2d, 0xdb, 0xaf, 0xe0, 0x82, 0xc9, 0x90, 0xbf, 0xba, 0xe1, 0x91, 0xd6, 0x3f, + 0xc9, 0x8e, 0xcf, 0x2e, 0x08, 0x78, 0x7c, 0x76, 0x1e, 0xe6, 0x99, 0xfd, 0xa9, 0xef, 0x1b, 0x58, + 0x66, 0xf9, 0x30, 0x6f, 0x32, 0xaf, 0x34, 0x1a, 0x98, 0xdc, 0xaf, 0xee, 0xb6, 0x1c, 0x2f, 0x22, + 0x5b, 0x30, 0xaa, 0xfd, 0x4c, 0x98, 0x0a, 0xb4, 0x12, 0xa1, 0xd3, 0xc4, 0x00, 0x23, 0x04, 0x67, + 0x0c, 0xb6, 0x28, 0x94, 0x93, 0xe2, 0x61, 0x22, 0xd3, 0xeb, 0x5c, 0x84, 0x71, 0xed, 0xa7, 0x32, + 0x59, 0xe2, 0xc7, 0xaf, 0xd5, 0x60, 0x0a, 0xcc, 0x24, 0xb1, 0xea, 0x30, 0x97, 0x25, 0x34, 0x1e, + 0xab, 0x99, 0xac, 0xc4, 0x71, 0x9e, 0xba, 0x7b, 0xdb, 0x4d, 0xe6, 0xc5, 0x78, 0xb2, 0xfe, 0x4e, + 0x3f, 0x5c, 0x14, 0x83, 0xf1, 0x2a, 0x47, 0x9c, 0xfc, 0x08, 0x46, 0xb5, 0x31, 0x16, 0x42, 0xbf, + 0x22, 0x43, 0x6f, 0xe6, 0xcd, 0x05, 0x6e, 0xd2, 0x68, 0x23, 0xa0, 0x96, 0x18, 0xee, 0xd5, 0x1e, + 0x5b, 0x67, 0x49, 0x9a, 0x30, 0x61, 0x0e, 0xb4, 0xb0, 0xea, 0x5c, 0xcb, 0xac, 0xc4, 0x44, 0x95, + 0x81, 0x9c, 0x1b, 0xb5, 0xcc, 0xe1, 0x5e, 0xed, 0xb1, 0x13, 0xbc, 0xc9, 0x37, 0x70, 0x2e, 0x35, + 0xca, 0xc2, 0x58, 0xf7, 0x46, 0x66, 0x85, 0x29, 0x6c, 0x6e, 0x8e, 0x0d, 0x10, 0x9c, 0x5b, 0x6d, + 0xba, 0x12, 0xd2, 0x80, 0x31, 0x7d, 0xe0, 0x85, 0xd9, 0xe9, 0x6a, 0x07, 0x51, 0x72, 0x44, 0xae, + 0xdc, 0x09, 0x59, 0xe2, 0xd8, 0x3f, 0x37, 0x4d, 0xcc, 0x06, 0xf2, 0x30, 0x0c, 0xf2, 0xdf, 0x6c, + 0x09, 0xd8, 0x0e, 0x68, 0x48, 0xbd, 0x3a, 0x35, 0x1c, 0xb4, 0x5f, 0x72, 0x09, 0xf8, 0x37, 0x05, + 0x28, 0x65, 0xf1, 0xad, 0x52, 0xaf, 0x41, 0xb6, 0xa1, 0x98, 0xac, 0x48, 0xcc, 0x6a, 0x4b, 0xc5, + 0xca, 0xcd, 0x6d, 0xd2, 0x6a, 0x8f, 0x9d, 0xa2, 0x26, 0x9b, 0x70, 0x4e, 0x83, 0x09, 0xe3, 0x6a, + 0xef, 0x69, 0x8c, 0xab, 0x6c, 0x14, 0x52, 0xa4, 0xba, 0x6d, 0x7a, 0x15, 0x77, 0xc6, 0x65, 0xff, + 0xc8, 0x71, 0x3d, 0xa6, 0xe8, 0x6a, 0xa1, 0x9e, 0x20, 0x86, 0x0a, 0xd9, 0x70, 0x6b, 0x2b, 0x42, + 0xe5, 0x83, 0x12, 0x85, 0x62, 0x7d, 0x8c, 0x2b, 0xb8, 0xb0, 0xd1, 0xf1, 0xe7, 0xa9, 0x8a, 0xd9, + 0x15, 0x18, 0xd8, 0x59, 0xaf, 0x2e, 0x55, 0xc4, 0x63, 0x57, 0x1e, 0x22, 0xa1, 0x19, 0xd6, 0xea, + 0x8e, 0xcd, 0x0b, 0xac, 0x8f, 0x80, 0xdc, 0xa7, 0x91, 0x08, 0xd6, 0xae, 0xe8, 0x5e, 0x87, 0x21, + 0x01, 0x12, 0x94, 0xe8, 0x1a, 0x27, 0x42, 0xbf, 0xdb, 0xb2, 0xcc, 0xda, 0x96, 0xe7, 0x84, 0x26, + 0x75, 0x42, 0x6d, 0x63, 0x7e, 0x1f, 0x86, 0x03, 0x01, 0x13, 0xfb, 0xf2, 0x84, 0xca, 0x97, 0x81, + 0x60, 0x6e, 0xcf, 0x96, 0x38, 0xb6, 0xfa, 0xcb, 0x5a, 0xc7, 0x70, 0x26, 0x5b, 0x6b, 0xcb, 0x4b, + 0x4c, 0xaa, 0x42, 0x58, 0x72, 0x38, 0x6e, 0xa1, 0x0f, 0x79, 0x44, 0xf5, 0xa7, 0xae, 0x28, 0x1a, + 0xfc, 0xc8, 0x45, 0x10, 0x1f, 0x0d, 0xc5, 0xba, 0xab, 0x82, 0xa3, 0x64, 0x70, 0xcb, 0xcb, 0xfb, + 0xb0, 0x89, 0x61, 0x5f, 0xee, 0xa3, 0xbb, 0xcc, 0xab, 0x68, 0x84, 0x03, 0x73, 0x7c, 0x9b, 0x67, + 0xbd, 0x12, 0x19, 0xcf, 0x7c, 0xb5, 0x34, 0x2e, 0xc1, 0x88, 0x82, 0xa9, 0xbb, 0x2f, 0x2e, 0x2b, + 0x03, 0x7f, 0xef, 0x2e, 0x7f, 0x15, 0x5c, 0x57, 0x0c, 0x62, 0x3a, 0x56, 0x05, 0xff, 0xee, 0xbe, + 0xe5, 0x2a, 0x42, 0x1a, 0x44, 0xdf, 0x6a, 0x15, 0x71, 0x5c, 0xa0, 0xb3, 0x54, 0x61, 0xe0, 0xef, + 0x2d, 0x9c, 0x46, 0x50, 0xdf, 0x72, 0x15, 0x4c, 0x50, 0xdf, 0x5e, 0x15, 0x54, 0x06, 0x50, 0xe2, + 0x93, 0x34, 0x55, 0xc9, 0x4a, 0xba, 0x12, 0x69, 0xb8, 0x4e, 0x50, 0x74, 0x1c, 0x0f, 0x0a, 0xf3, + 0x5c, 0x58, 0xbf, 0x84, 0x6a, 0x98, 0xc0, 0xbe, 0xdd, 0x6a, 0xfe, 0x7e, 0x81, 0x87, 0x73, 0xaa, + 0x6e, 0x69, 0xb9, 0x06, 0xbd, 0xc7, 0xbe, 0x76, 0x35, 0xaf, 0x7d, 0xed, 0x0f, 0x5d, 0xaf, 0xa1, + 0x5f, 0xcd, 0x3b, 0xed, 0xe8, 0x50, 0x85, 0x3b, 0x7e, 0xe2, 0x7a, 0x0d, 0x3b, 0x89, 0x4d, 0x3e, + 0x80, 0x71, 0x0d, 0xa4, 0xb4, 0x35, 0x9e, 0x33, 0x42, 0x27, 0x77, 0x1b, 0xb6, 0x89, 0x69, 0xfd, + 0x75, 0x01, 0xa6, 0x32, 0x72, 0xe0, 0xa2, 0x31, 0x03, 0x4f, 0x41, 0x6a, 0xa1, 0x12, 0x99, 0x98, + 0x30, 0xb2, 0x84, 0xb1, 0x49, 0x2a, 0x44, 0x8c, 0x96, 0xaf, 0xe5, 0xeb, 0xed, 0xd5, 0x72, 0x82, + 0x65, 0xe7, 0xe8, 0xd5, 0xd1, 0x49, 0x08, 0x10, 0xb7, 0x44, 0x98, 0x8d, 0xab, 0x4c, 0xa5, 0xd5, + 0x92, 0xfd, 0xbe, 0x92, 0x6c, 0xc3, 0x5a, 0x35, 0xd6, 0x6f, 0xf5, 0xc2, 0xf9, 0x8c, 0xfe, 0x57, + 0x69, 0xf4, 0x37, 0x21, 0x82, 0x44, 0xca, 0xe5, 0xbe, 0x5f, 0x52, 0xca, 0x65, 0xeb, 0x3f, 0xf4, + 0xc2, 0xf9, 0xdd, 0x56, 0x88, 0x2f, 0xac, 0xd6, 0xbc, 0xa7, 0xd4, 0x8b, 0xfc, 0xe0, 0x39, 0xbe, + 0x0a, 0x21, 0xef, 0xc2, 0xc0, 0x2a, 0x6d, 0x36, 0x7d, 0x31, 0xff, 0x2f, 0x49, 0xef, 0x88, 0x24, + 0x36, 0x22, 0xad, 0xf6, 0xd8, 0x1c, 0x9b, 0x7c, 0x00, 0x23, 0xab, 0xd4, 0x09, 0xa2, 0x7d, 0xea, + 0xc8, 0x23, 0x8b, 0xcc, 0x64, 0xa1, 0x91, 0x08, 0x84, 0xd5, 0x1e, 0x3b, 0xc6, 0x26, 0x0b, 0xec, + 0x34, 0xef, 0x1d, 0xa8, 0xd7, 0xe4, 0x39, 0x15, 0x32, 0x9c, 0xd5, 0x1e, 0x1b, 0x71, 0xc9, 0x06, + 0x8c, 0x57, 0x0e, 0xa8, 0x17, 0x6d, 0xd0, 0xc8, 0x69, 0x38, 0x91, 0x23, 0x54, 0xdb, 0xd7, 0xf3, + 0x88, 0x0d, 0xe4, 0xd5, 0x1e, 0xdb, 0xa4, 0x26, 0x1f, 0xc1, 0xd0, 0x7d, 0xdf, 0x6f, 0xec, 0x3f, + 0xa7, 0x42, 0x5d, 0x2d, 0xe7, 0x31, 0x12, 0x68, 0xab, 0x3d, 0xb6, 0xa4, 0x58, 0x1c, 0x80, 0xbe, + 0x8d, 0xf0, 0xc0, 0x3a, 0x2e, 0x40, 0x69, 0xd9, 0x7f, 0xe6, 0x65, 0x4a, 0xf5, 0x7b, 0xa6, 0x54, + 0x25, 0xfb, 0x0c, 0xfc, 0x84, 0x5c, 0xdf, 0x81, 0xfe, 0x6d, 0xd7, 0x3b, 0x48, 0xa8, 0x82, 0x19, + 0x74, 0x0c, 0x0b, 0xc5, 0xe3, 0x7a, 0x07, 0x64, 0x5d, 0xea, 0xe0, 0xc2, 0xd6, 0xd8, 0x67, 0x28, + 0xfe, 0x19, 0xd4, 0x3a, 0x76, 0xac, 0x6b, 0xf3, 0xdf, 0xb2, 0x83, 0x6f, 0xc1, 0x6c, 0x4e, 0xbd, + 0xe2, 0x79, 0x38, 0xeb, 0x5b, 0x3f, 0x2a, 0x36, 0x6f, 0xc2, 0x4c, 0xe6, 0xf8, 0xa5, 0x10, 0xff, + 0x71, 0xd6, 0x44, 0xe4, 0x3d, 0x2f, 0xc1, 0x90, 0x4c, 0xc3, 0xc4, 0x6d, 0x3f, 0xf2, 0x27, 0x3e, + 0x90, 0x92, 0x1f, 0xaa, 0x0c, 0xec, 0x21, 0xbf, 0xc7, 0x3d, 0x2d, 0x90, 0x12, 0xff, 0x9c, 0x3e, + 0x7c, 0x89, 0x8f, 0x46, 0xf1, 0x62, 0x75, 0xae, 0xfa, 0x61, 0xe4, 0x29, 0xcf, 0x5b, 0x5b, 0xfd, + 0x26, 0x37, 0xa0, 0x28, 0xd3, 0x39, 0x88, 0xbc, 0x31, 0x22, 0x45, 0xb4, 0x9d, 0x82, 0x93, 0xf7, + 0x61, 0x36, 0x09, 0x93, 0xbd, 0xe4, 0x2f, 0xdc, 0xf2, 0x8a, 0xad, 0x3f, 0xef, 0xc5, 0x58, 0xd7, + 0x1d, 0xe6, 0x35, 0x93, 0xee, 0x56, 0x55, 0x48, 0xab, 0x77, 0xab, 0x4a, 0xe6, 0x61, 0x64, 0xab, + 0x6a, 0xe4, 0xb2, 0xb2, 0x63, 0x00, 0x6b, 0x36, 0xeb, 0x42, 0x25, 0xa8, 0x1f, 0xba, 0x11, 0xad, + 0x47, 0xed, 0x40, 0xac, 0xc2, 0x76, 0x0a, 0x4e, 0x2c, 0x18, 0xbb, 0xdf, 0x74, 0xf7, 0xeb, 0x92, + 0x19, 0x17, 0x81, 0x01, 0x23, 0x6f, 0xc0, 0xc4, 0x9a, 0x17, 0x46, 0x4e, 0xb3, 0xb9, 0x41, 0xa3, + 0x43, 0xbf, 0x21, 0xb2, 0x71, 0xda, 0x09, 0x28, 0xab, 0x77, 0xc9, 0xf7, 0x22, 0xc7, 0xf5, 0x68, + 0x60, 0xb7, 0xbd, 0xc8, 0x3d, 0xa2, 0xa2, 0xef, 0x29, 0x38, 0x79, 0x07, 0x66, 0x14, 0x6c, 0x2b, + 0xa8, 0x1f, 0xd2, 0x30, 0x0a, 0x30, 0xc3, 0x1d, 0x06, 0xfc, 0xb1, 0xb3, 0x0b, 0xb1, 0x86, 0xa6, + 0xdf, 0x6e, 0xac, 0x78, 0x4f, 0xdd, 0xc0, 0xf7, 0x30, 0x37, 0xc5, 0xb0, 0xa8, 0x21, 0x01, 0xb7, + 0xfe, 0x70, 0x38, 0xf3, 0xb3, 0x7d, 0x99, 0x39, 0xf8, 0x05, 0x8c, 0x2d, 0x39, 0x2d, 0x67, 0xdf, + 0x6d, 0xba, 0x91, 0xab, 0x52, 0x81, 0xbd, 0xdb, 0xe5, 0x9b, 0x97, 0x09, 0x3e, 0x68, 0x43, 0x27, + 0xb6, 0x0d, 0x56, 0x73, 0x7f, 0x35, 0x08, 0x33, 0x99, 0x78, 0xe4, 0xba, 0xc8, 0x19, 0xa6, 0xd6, + 0x55, 0x91, 0xec, 0xca, 0x4e, 0x82, 0xd9, 0x58, 0x22, 0x68, 0xa9, 0x49, 0x1d, 0xaf, 0x2d, 0x52, + 0x5d, 0xd9, 0x06, 0x8c, 0x8d, 0x25, 0xd3, 0x1b, 0x34, 0x66, 0xe8, 0x38, 0x6d, 0x27, 0xa0, 0xe4, + 0x0a, 0x8c, 0x32, 0x88, 0x64, 0xd5, 0xcf, 0x9f, 0xf8, 0x69, 0x20, 0xc6, 0x69, 0xd3, 0x6f, 0x50, + 0x8d, 0xd3, 0x00, 0xe7, 0x64, 0x42, 0x19, 0x27, 0x06, 0x91, 0x9c, 0x06, 0x39, 0x27, 0x0d, 0x44, + 0x5e, 0x83, 0xf1, 0x4a, 0xab, 0xa5, 0x31, 0xc2, 0x1c, 0x57, 0xb6, 0x09, 0x24, 0x97, 0x01, 0x2a, + 0xad, 0x96, 0x64, 0x83, 0xf9, 0xab, 0x6c, 0x0d, 0x42, 0x6e, 0xc6, 0xe1, 0xca, 0x34, 0x56, 0x78, + 0x9d, 0x60, 0x67, 0x94, 0x30, 0xb9, 0xaa, 0xd8, 0x4e, 0x82, 0x29, 0x70, 0xb9, 0x26, 0xc0, 0xe4, + 0x63, 0xb8, 0x90, 0xf0, 0xbb, 0xd0, 0x2a, 0x40, 0x53, 0xbf, 0x9d, 0x8f, 0x40, 0xde, 0x83, 0xf3, + 0x89, 0x42, 0x59, 0x1d, 0x5a, 0xf5, 0xed, 0x9c, 0x52, 0xf2, 0x21, 0x94, 0x12, 0xcf, 0xb6, 0xe3, + 0x4a, 0xd1, 0x82, 0x6f, 0xe7, 0x96, 0xb3, 0xaf, 0x2b, 0xf1, 0xfe, 0x4b, 0x54, 0x89, 0x97, 0x95, + 0x76, 0x76, 0x21, 0x59, 0x85, 0x72, 0xa6, 0x2f, 0x8b, 0x56, 0x31, 0xe6, 0xe5, 0xb2, 0xbb, 0xa1, + 0x91, 0x45, 0x98, 0xcf, 0x44, 0x91, 0xcd, 0xc0, 0x6c, 0x5d, 0x76, 0x47, 0x1c, 0xb2, 0x00, 0xd3, + 0xb1, 0x4f, 0x8f, 0xd6, 0x04, 0x4c, 0xd4, 0x65, 0x67, 0x96, 0x91, 0xb7, 0xcd, 0xc7, 0xf9, 0xbc, + 0x32, 0xcc, 0xd3, 0x65, 0xa7, 0x0b, 0xac, 0x93, 0x02, 0xcc, 0x67, 0x6e, 0x94, 0x52, 0x9f, 0x9f, + 0x4b, 0x2a, 0x8e, 0xda, 0x5a, 0x70, 0x03, 0xfa, 0x51, 0xc1, 0xe7, 0xb6, 0x62, 0xe9, 0x6b, 0x8a, + 0xf4, 0x9c, 0x15, 0x2b, 0xb5, 0x11, 0x87, 0xdc, 0x57, 0x77, 0x83, 0x7d, 0x68, 0xc9, 0xb8, 0x95, + 0x54, 0xa0, 0x32, 0x2a, 0xd7, 0xef, 0x08, 0xe5, 0x6d, 0xe0, 0xcb, 0x5c, 0xc3, 0xfc, 0x79, 0x01, + 0xca, 0x5d, 0xf4, 0x03, 0xd5, 0xa7, 0xc2, 0x29, 0xfa, 0xf4, 0x40, 0xf5, 0x89, 0xbf, 0x8d, 0x5d, + 0x38, 0x9d, 0x0e, 0xf2, 0xaa, 0xbb, 0xd5, 0x06, 0x92, 0x56, 0x43, 0xc9, 0x77, 0x61, 0xa4, 0x5a, + 0x5d, 0x35, 0x1c, 0xfa, 0x52, 0x97, 0x43, 0x31, 0x06, 0xb9, 0x7d, 0x2a, 0x0f, 0x3e, 0xcd, 0x7f, + 0xcf, 0x5a, 0x86, 0x52, 0x9e, 0x06, 0x89, 0x0b, 0x0b, 0x8f, 0xad, 0xa5, 0x5d, 0x2c, 0xf1, 0x85, + 0xc5, 0x04, 0x5b, 0xef, 0xc1, 0x79, 0x45, 0xcd, 0x93, 0x76, 0x68, 0x0f, 0xff, 0xc5, 0xb1, 0x53, + 0x05, 0x18, 0x88, 0x01, 0xd6, 0x9f, 0xf5, 0xa7, 0x08, 0xab, 0xed, 0xa3, 0x23, 0x27, 0x78, 0x4e, + 0x2a, 0x26, 0x61, 0x5f, 0x57, 0x4d, 0x7f, 0xb1, 0xff, 0x67, 0xc7, 0xe5, 0x1e, 0x8d, 0x3b, 0x5b, + 0x8e, 0x71, 0x63, 0xf7, 0xea, 0x94, 0x5f, 0x49, 0xf5, 0xf2, 0xe0, 0x46, 0x06, 0x90, 0xec, 0xc1, + 0xb8, 0xd8, 0x32, 0xf1, 0xb7, 0x9c, 0xda, 0xb7, 0x93, 0x53, 0xdb, 0x68, 0xde, 0x4d, 0x83, 0x84, + 0x4f, 0x02, 0x93, 0x0d, 0xf9, 0x02, 0x26, 0xa4, 0x82, 0x24, 0x18, 0x73, 0x27, 0xa2, 0x3b, 0x9d, + 0x19, 0x9b, 0x34, 0x9c, 0x73, 0x82, 0x11, 0x6b, 0xb2, 0x5c, 0x63, 0x38, 0xe7, 0x81, 0xd3, 0x34, + 0xd9, 0x20, 0x11, 0x4d, 0x36, 0x60, 0x73, 0x3f, 0x00, 0x92, 0xee, 0x57, 0xb7, 0x59, 0x3c, 0xae, + 0xcd, 0xe2, 0xb9, 0x0a, 0x4c, 0x65, 0x74, 0xe0, 0x4c, 0x2c, 0x7e, 0x00, 0x24, 0xdd, 0xd2, 0xb3, + 0x70, 0xb0, 0xae, 0xc3, 0x1b, 0x4a, 0x04, 0x6a, 0x36, 0x18, 0x3c, 0xa5, 0xe1, 0xf9, 0x37, 0x7b, + 0xa1, 0xdc, 0x05, 0x95, 0xfc, 0x41, 0x21, 0x29, 0x6d, 0x3e, 0x1b, 0x3f, 0x48, 0x4a, 0x3b, 0x9b, + 0x3e, 0x43, 0xec, 0x8b, 0x1f, 0xfe, 0xf4, 0x2f, 0x5f, 0x58, 0xe1, 0x4f, 0x0f, 0xd9, 0xd9, 0xa5, + 0xd5, 0xaf, 0x4b, 0xcb, 0x86, 0x69, 0xe3, 0xa8, 0x74, 0x9a, 0x3d, 0xe3, 0x32, 0x80, 0x48, 0xf1, + 0xb9, 0xee, 0x1f, 0x08, 0xf5, 0x4c, 0x83, 0x58, 0xf7, 0x60, 0x26, 0xc1, 0x53, 0x18, 0xc3, 0xbf, + 0x0b, 0xea, 0x81, 0x37, 0x32, 0xed, 0x5b, 0x3c, 0xf7, 0x8b, 0xe3, 0xf2, 0x38, 0xd3, 0xa4, 0x6f, + 0xc6, 0xf1, 0xe3, 0xe5, 0x5f, 0xd6, 0x86, 0x6e, 0xce, 0xaf, 0x34, 0xf5, 0xc0, 0x37, 0xe4, 0x0e, + 0x0c, 0x72, 0x48, 0x22, 0x4a, 0xb3, 0x8e, 0x2d, 0xd6, 0x04, 0x81, 0x68, 0xcd, 0xe0, 0x73, 0x54, + 0xfc, 0x51, 0x89, 0xc3, 0x27, 0x58, 0xbb, 0x3c, 0x6b, 0x49, 0x0c, 0x56, 0x91, 0xa0, 0xfb, 0x2b, + 0x71, 0x98, 0x07, 0xe9, 0x7b, 0x21, 0xf1, 0x3c, 0xff, 0x59, 0x93, 0x36, 0x78, 0x46, 0xb8, 0xc5, + 0x31, 0xe1, 0x7b, 0xd1, 0xef, 0x30, 0x06, 0x48, 0x66, 0x7d, 0x0a, 0x33, 0x6c, 0x83, 0x0e, 0x92, + 0xf5, 0x61, 0xae, 0x02, 0x06, 0x33, 0x1d, 0xda, 0x1d, 0x06, 0x42, 0x87, 0x76, 0x51, 0x68, 0xad, + 0xc3, 0x05, 0x6e, 0x0c, 0xd4, 0xbb, 0x14, 0x9b, 0xde, 0x07, 0xf0, 0x77, 0xe2, 0x31, 0x63, 0x46, + 0xef, 0x39, 0x9e, 0xf5, 0x09, 0xbe, 0x96, 0x11, 0x93, 0xd4, 0xf5, 0xbd, 0xd8, 0xf2, 0x77, 0xba, + 0xe7, 0xb5, 0xff, 0x37, 0xcc, 0x57, 0x5a, 0x2d, 0xea, 0x35, 0x62, 0xc2, 0x9d, 0xc0, 0x39, 0x65, + 0xf0, 0x03, 0x52, 0x81, 0x01, 0xc4, 0x56, 0xf7, 0x96, 0xa2, 0xb9, 0x19, 0xcd, 0x41, 0x3c, 0x11, + 0xb6, 0x13, 0x2b, 0xe0, 0x94, 0x56, 0x03, 0x66, 0xab, 0xed, 0xfd, 0x23, 0x37, 0x42, 0x37, 0x78, + 0x0c, 0x20, 0x22, 0xeb, 0x5e, 0x93, 0x89, 0xa6, 0xb8, 0x30, 0xae, 0xc7, 0xaf, 0x2a, 0xd0, 0x93, + 0x5e, 0x04, 0x15, 0x79, 0x7a, 0xe7, 0x66, 0x4c, 0x8a, 0x56, 0x0f, 0x5e, 0x0b, 0x16, 0x8b, 0x64, + 0x54, 0xd6, 0x14, 0x9c, 0xd3, 0xef, 0x80, 0xf8, 0x0c, 0x99, 0x81, 0x29, 0xf3, 0x6e, 0x87, 0x83, + 0xbf, 0x86, 0x69, 0x6e, 0x7b, 0xe6, 0x61, 0xb7, 0x17, 0xe2, 0x08, 0xd3, 0xbd, 0x7b, 0x0b, 0x09, + 0xff, 0x7b, 0x74, 0xcb, 0x55, 0x09, 0x15, 0xf6, 0x16, 0xf8, 0x8b, 0xc7, 0xa7, 0x0b, 0xc6, 0x0d, + 0x62, 0xef, 0xde, 0xc2, 0xe2, 0x90, 0x08, 0x5f, 0xca, 0xb8, 0xf3, 0xe1, 0xff, 0x56, 0xb8, 0x2f, + 0xe0, 0x23, 0xfb, 0x55, 0xea, 0xe0, 0x83, 0x98, 0xec, 0xa7, 0xca, 0x13, 0xd0, 0xeb, 0x36, 0xe4, + 0x69, 0xdd, 0x6d, 0x58, 0x7f, 0x5c, 0x80, 0xeb, 0x5c, 0x07, 0xca, 0xa6, 0xc3, 0x8b, 0x9e, 0x1c, + 0x62, 0xf2, 0x3e, 0xf0, 0x74, 0xf0, 0x42, 0xd1, 0xb4, 0x44, 0xcb, 0x3b, 0x71, 0xe2, 0x04, 0xa4, + 0x02, 0x63, 0xfa, 0x93, 0x92, 0xd3, 0x85, 0x87, 0xb3, 0x47, 0x8f, 0x1e, 0x3b, 0xea, 0x99, 0xc9, + 0x13, 0xb8, 0xb8, 0xf2, 0x0d, 0x9b, 0x10, 0x62, 0x77, 0x12, 0x0a, 0x7b, 0xfc, 0x14, 0x76, 0x72, + 0x47, 0xcc, 0x18, 0xf3, 0x34, 0x9d, 0x04, 0xb3, 0xa3, 0xa9, 0xdc, 0xe0, 0x94, 0xd6, 0x3c, 0x62, + 0x1b, 0x30, 0xeb, 0xcf, 0x0a, 0x30, 0x9f, 0x5d, 0x9b, 0x58, 0x58, 0xd6, 0xe0, 0xdc, 0x92, 0xe3, + 0xf9, 0x9e, 0x5b, 0x77, 0x9a, 0xd5, 0xfa, 0x21, 0x6d, 0xb4, 0x55, 0x90, 0x53, 0xb5, 0xca, 0x1c, + 0x50, 0x4f, 0x92, 0x4b, 0x14, 0x3b, 0x4d, 0xc5, 0x0e, 0x65, 0xf8, 0x2a, 0x81, 0xaf, 0xbd, 0x4d, + 0x1a, 0x28, 0x7e, 0xbc, 0x65, 0x39, 0xa5, 0xe4, 0xb6, 0x34, 0xb2, 0x37, 0x76, 0x3d, 0x37, 0x52, + 0x44, 0xdc, 0xba, 0x92, 0x55, 0x64, 0xfd, 0xbb, 0x02, 0x5c, 0xc0, 0xbc, 0x46, 0x46, 0xa6, 0xc4, + 0x38, 0xd6, 0xaf, 0x0c, 0x57, 0x5b, 0x30, 0x5e, 0x59, 0x18, 0xd8, 0x66, 0xdc, 0x5a, 0xf2, 0x36, + 0xf4, 0x57, 0xa5, 0x93, 0xd4, 0x44, 0x22, 0x0d, 0xad, 0xa0, 0x60, 0xe5, 0x36, 0x62, 0xb1, 0x3d, + 0x67, 0x99, 0x86, 0x75, 0xea, 0x61, 0xbe, 0x60, 0x7e, 0xd8, 0xd7, 0x20, 0x71, 0xa8, 0xa2, 0xfe, + 0xbc, 0x50, 0x45, 0x03, 0x66, 0xa8, 0x22, 0xeb, 0x29, 0xcf, 0x6a, 0x94, 0xec, 0x90, 0x18, 0xa4, + 0x4f, 0x52, 0xe9, 0x85, 0xf9, 0x3e, 0x70, 0x3e, 0xab, 0x67, 0x7b, 0x77, 0x53, 0x99, 0x83, 0xf3, + 0x63, 0xeb, 0x6e, 0xc3, 0x6b, 0x06, 0x6e, 0xa5, 0xd9, 0xf4, 0x9f, 0xd1, 0xc6, 0x76, 0xe0, 0x1f, + 0xf9, 0x91, 0x91, 0xd5, 0x45, 0xe4, 0xd7, 0x8e, 0xaf, 0x51, 0xc4, 0xac, 0x4c, 0x80, 0xad, 0xff, + 0x0b, 0x5e, 0xef, 0xc2, 0x51, 0x74, 0xaa, 0x0a, 0xe7, 0x9c, 0x44, 0x99, 0xf4, 0x76, 0x79, 0x3d, + 0xab, 0x5f, 0x49, 0x46, 0xa1, 0x9d, 0xa6, 0xbf, 0xb1, 0x63, 0xa4, 0xe4, 0x25, 0x25, 0x98, 0xde, + 0xb6, 0xb7, 0x96, 0x77, 0x97, 0x76, 0x6a, 0x3b, 0x5f, 0x6c, 0xaf, 0xd4, 0x76, 0x37, 0x1f, 0x6e, + 0x6e, 0x3d, 0xda, 0xe4, 0xc1, 0xa9, 0x8d, 0x92, 0x9d, 0x95, 0xca, 0x46, 0xb1, 0x40, 0xa6, 0xa1, + 0x68, 0x80, 0x57, 0x76, 0x17, 0x8b, 0xbd, 0x37, 0xbe, 0x36, 0x52, 0xcd, 0x92, 0x79, 0x28, 0x55, + 0x77, 0xb7, 0xb7, 0xb7, 0x6c, 0xc5, 0x55, 0x0f, 0x8d, 0x3d, 0x03, 0xe7, 0x8c, 0xd2, 0x7b, 0xf6, + 0xca, 0x4a, 0xb1, 0xc0, 0x9a, 0x62, 0x80, 0xb7, 0xed, 0x95, 0x8d, 0xb5, 0xdd, 0x8d, 0x62, 0xef, + 0x8d, 0x9a, 0xfe, 0xb4, 0x8b, 0x5c, 0x84, 0xd9, 0xe5, 0x95, 0xbd, 0xb5, 0xa5, 0x95, 0x2c, 0xde, + 0xd3, 0x50, 0xd4, 0x0b, 0x77, 0xb6, 0x76, 0xb6, 0x39, 0x6b, 0x1d, 0xfa, 0x68, 0x65, 0xb1, 0xb2, + 0xbb, 0xb3, 0xba, 0x59, 0xec, 0xb3, 0xfa, 0x87, 0x7b, 0x8b, 0xbd, 0x37, 0x7e, 0x64, 0xbc, 0xfb, + 0x62, 0xcd, 0x17, 0xe8, 0xbb, 0xd5, 0xca, 0xfd, 0xfc, 0x2a, 0x78, 0xe9, 0xc6, 0xbd, 0x4a, 0xb1, + 0x40, 0x2e, 0xc1, 0x05, 0x03, 0xba, 0x5d, 0xa9, 0x56, 0x1f, 0x6d, 0xd9, 0xcb, 0xeb, 0x2b, 0xd5, + 0x6a, 0xb1, 0xf7, 0xc6, 0x9e, 0x11, 0x9e, 0x8d, 0xd5, 0xb0, 0x71, 0xaf, 0x52, 0xb3, 0x57, 0x3e, + 0xdb, 0x5d, 0xb3, 0x57, 0x96, 0xd3, 0x35, 0x18, 0xa5, 0x5f, 0xac, 0x54, 0x8b, 0x05, 0x32, 0x05, + 0x93, 0x06, 0x74, 0x73, 0xab, 0xd8, 0x7b, 0xe3, 0x0d, 0x11, 0xc1, 0x8b, 0x4c, 0x00, 0x2c, 0xaf, + 0x54, 0x97, 0x56, 0x36, 0x97, 0xd7, 0x36, 0xef, 0x17, 0x7b, 0xc8, 0x38, 0x8c, 0x54, 0xd4, 0xcf, + 0xc2, 0x8d, 0x0f, 0x61, 0x32, 0x71, 0xa2, 0x66, 0x18, 0xea, 0x30, 0x5a, 0xec, 0x41, 0xf1, 0xcb, + 0x9f, 0x68, 0xd6, 0xe4, 0x87, 0xe3, 0x62, 0xe1, 0xc6, 0xa2, 0x4c, 0x7d, 0xaa, 0x7d, 0xe7, 0x64, + 0x14, 0x86, 0x96, 0x57, 0xee, 0x55, 0x76, 0xd7, 0x77, 0x8a, 0x3d, 0xec, 0xc7, 0x92, 0xbd, 0x52, + 0xd9, 0x59, 0x59, 0x2e, 0x16, 0xc8, 0x08, 0x0c, 0x54, 0x77, 0x2a, 0x3b, 0x2b, 0xc5, 0x5e, 0x32, + 0x0c, 0xfd, 0xbb, 0xd5, 0x15, 0xbb, 0xd8, 0xb7, 0xf0, 0xaf, 0xff, 0xa0, 0xc0, 0x6d, 0x7b, 0xf2, + 0x0d, 0xd1, 0xd7, 0xda, 0x61, 0x52, 0x2c, 0x79, 0x22, 0xcf, 0x63, 0xee, 0xc9, 0x11, 0xb5, 0x80, + 0xb9, 0x0e, 0x97, 0x1d, 0x88, 0x70, 0xbd, 0x70, 0xbb, 0x40, 0x6c, 0x74, 0x0e, 0x49, 0x9c, 0xad, + 0x14, 0xe7, 0xec, 0xe3, 0xef, 0xdc, 0xa5, 0x8e, 0x47, 0x32, 0xf2, 0x6b, 0x60, 0xe9, 0x3c, 0x73, + 0x4e, 0x20, 0xdf, 0x3d, 0xdd, 0x49, 0x43, 0xd6, 0xf9, 0xc6, 0xe9, 0xd0, 0xc9, 0x03, 0x18, 0x67, + 0xba, 0xb9, 0x42, 0x23, 0x17, 0x93, 0x84, 0xda, 0x71, 0x60, 0x6e, 0x3e, 0xbb, 0x50, 0xa5, 0x62, + 0x19, 0xc3, 0x8e, 0xf0, 0x83, 0x75, 0x48, 0x64, 0x94, 0x07, 0x09, 0xe1, 0x2b, 0xfe, 0xdc, 0xb9, + 0x04, 0x78, 0xef, 0xce, 0xed, 0x02, 0xa9, 0x62, 0x88, 0x35, 0x43, 0xc9, 0x27, 0xf2, 0x51, 0x5b, + 0x5a, 0xfb, 0xe7, 0xad, 0x29, 0xab, 0xc4, 0x89, 0x39, 0xa7, 0x83, 0x4d, 0x20, 0x69, 0xdd, 0x99, + 0x5c, 0x89, 0xe7, 0x41, 0xb6, 0x5a, 0x3d, 0x77, 0x3e, 0xe5, 0xf3, 0xb7, 0xc2, 0xb4, 0x27, 0xb2, + 0x02, 0x13, 0xe2, 0x09, 0xb7, 0xd0, 0xe6, 0x49, 0xa7, 0xf3, 0x40, 0x2e, 0x9b, 0xfb, 0x28, 0x27, + 0x75, 0x22, 0x20, 0x73, 0x71, 0x3f, 0x92, 0xc7, 0x84, 0xb9, 0x8b, 0x99, 0x65, 0xa2, 0x7f, 0xf7, + 0x60, 0xc2, 0x3c, 0x5c, 0x10, 0x39, 0x40, 0x99, 0x67, 0x8e, 0xdc, 0x06, 0xd5, 0x60, 0x76, 0xc3, + 0x71, 0xf1, 0x8a, 0x42, 0x78, 0x96, 0x49, 0xbf, 0x30, 0x52, 0xee, 0xe0, 0x28, 0x56, 0xa5, 0x5e, + 0x43, 0x0d, 0x42, 0x5e, 0x58, 0x75, 0xfc, 0x6c, 0xaa, 0x52, 0x47, 0x36, 0xfd, 0xea, 0x88, 0x65, + 0x26, 0xc3, 0xcd, 0x72, 0x95, 0x9c, 0xcb, 0xf3, 0xee, 0x25, 0x1b, 0xa8, 0xa4, 0x27, 0x38, 0x6a, + 0x73, 0xe2, 0xcc, 0xec, 0x4a, 0x18, 0x48, 0x40, 0x4b, 0x22, 0x2e, 0x0a, 0x43, 0x92, 0x23, 0xb8, + 0x5c, 0x66, 0xb7, 0x0b, 0xe4, 0x6b, 0xfc, 0xaa, 0x33, 0xd9, 0x3d, 0x72, 0xa3, 0x43, 0xa1, 0xfd, + 0x5c, 0xcc, 0x64, 0x20, 0x3e, 0x94, 0x0e, 0xdc, 0x6d, 0x98, 0xce, 0x72, 0x28, 0x56, 0x02, 0xed, + 0xe0, 0x6d, 0x9c, 0x3b, 0x0b, 0x6c, 0x76, 0xd4, 0x68, 0xe4, 0x0f, 0x52, 0x07, 0x7f, 0xd6, 0x5c, + 0x9e, 0x1f, 0xc3, 0x04, 0x9b, 0x25, 0x0f, 0x29, 0x6d, 0x55, 0x9a, 0xee, 0x53, 0x1a, 0x12, 0x19, + 0x1f, 0x57, 0x81, 0xf2, 0x68, 0xaf, 0x17, 0xc8, 0x77, 0x60, 0xf4, 0x91, 0x13, 0xd5, 0x0f, 0x45, + 0x9c, 0x48, 0x19, 0x46, 0x12, 0x61, 0x73, 0xf2, 0x17, 0x16, 0xde, 0x2e, 0x90, 0xef, 0xc3, 0xd0, + 0x7d, 0x1a, 0xe1, 0xa3, 0xe2, 0xab, 0xca, 0xb7, 0x8e, 0xdb, 0x26, 0xd7, 0x3c, 0xf5, 0x72, 0x46, + 0x36, 0x38, 0x69, 0x40, 0x25, 0xb7, 0x00, 0xf8, 0x82, 0x80, 0x1c, 0x92, 0xc5, 0x73, 0xa9, 0x66, + 0x93, 0xfb, 0x4c, 0x79, 0x68, 0xd2, 0x88, 0x9e, 0xb6, 0xca, 0x3c, 0x19, 0xad, 0xc3, 0x84, 0xca, + 0x5e, 0xb3, 0x89, 0xe1, 0x3c, 0xac, 0x04, 0xb3, 0xf0, 0x0c, 0xdc, 0x3e, 0x64, 0x5f, 0x05, 0x4f, + 0xdd, 0x8a, 0x71, 0x1f, 0x70, 0x25, 0x9d, 0xd5, 0x83, 0x47, 0xe8, 0x4b, 0xa8, 0x14, 0x22, 0x47, + 0xd3, 0x68, 0x57, 0xfd, 0x30, 0x32, 0x69, 0x15, 0x24, 0x9b, 0xf6, 0x57, 0x61, 0x4e, 0xaf, 0xd7, + 0x0c, 0x54, 0x1c, 0xaf, 0xb9, 0x79, 0xf1, 0x8f, 0xe7, 0xae, 0x76, 0xc0, 0x10, 0xe7, 0xb7, 0xbe, + 0xdf, 0xee, 0x2d, 0xe0, 0x72, 0xb2, 0x0c, 0x53, 0xb2, 0xae, 0xad, 0x16, 0xf5, 0xaa, 0xd5, 0x55, + 0xcc, 0x54, 0x22, 0x3d, 0x39, 0x34, 0x98, 0xe4, 0x4e, 0xd2, 0x45, 0x6c, 0xeb, 0x33, 0xe2, 0x3b, + 0x90, 0x4e, 0x51, 0x1f, 0xe2, 0xad, 0x2f, 0x33, 0x82, 0xee, 0x43, 0x6e, 0x54, 0x32, 0x94, 0xff, + 0xbd, 0x05, 0xd2, 0xe1, 0x00, 0x34, 0x97, 0x73, 0x84, 0xb8, 0x5d, 0x20, 0x5f, 0x00, 0x49, 0x1f, + 0x49, 0x94, 0x08, 0x73, 0x8f, 0x5f, 0x4a, 0x84, 0x1d, 0xce, 0x33, 0x2b, 0x30, 0xa5, 0xa2, 0xbb, + 0xc4, 0xe5, 0x24, 0xa7, 0x2d, 0x1d, 0x76, 0xb0, 0x99, 0x0c, 0x36, 0x7b, 0x0b, 0x1d, 0x18, 0x65, + 0xc2, 0xc9, 0xa7, 0x30, 0x25, 0xe6, 0xbe, 0xd1, 0x9e, 0xa2, 0x5a, 0xc6, 0xc4, 0xe1, 0x26, 0xb7, + 0x25, 0x0f, 0x60, 0xa6, 0x9a, 0x10, 0x3c, 0xf7, 0x63, 0xbf, 0x60, 0xb2, 0x40, 0x60, 0x95, 0x46, + 0x5c, 0xf2, 0xd9, 0xbc, 0x1e, 0x02, 0xe1, 0xb6, 0x25, 0xc9, 0xee, 0xa9, 0x4b, 0x9f, 0x91, 0x4b, + 0x89, 0xa6, 0x33, 0x20, 0xa2, 0xe1, 0x3a, 0x98, 0xdb, 0xb3, 0x1d, 0x9e, 0xbf, 0x18, 0xa1, 0xc6, + 0x0d, 0xf8, 0x15, 0x83, 0xc0, 0xb8, 0x44, 0x17, 0xe3, 0x78, 0x21, 0x17, 0x83, 0xfc, 0x06, 0x46, + 0x67, 0xed, 0x7c, 0x3a, 0x23, 0xdf, 0xc9, 0x3a, 0x44, 0xe7, 0x9c, 0x2f, 0xe7, 0xde, 0x3e, 0x1d, + 0xb2, 0x3a, 0x0f, 0x8f, 0xdf, 0xa7, 0xd1, 0x76, 0xb3, 0x7d, 0xe0, 0x62, 0x66, 0x4b, 0xa2, 0x6c, + 0x4f, 0x0a, 0x24, 0xa6, 0xb7, 0x0c, 0x8a, 0x16, 0x17, 0x54, 0xe9, 0x8f, 0xc9, 0x1a, 0x14, 0xf9, + 0x36, 0xa2, 0xb1, 0xb8, 0x94, 0x62, 0x21, 0x50, 0x9c, 0xc0, 0x39, 0x0a, 0x73, 0x47, 0xeb, 0x16, + 0x77, 0x39, 0x22, 0xf2, 0xd3, 0xd6, 0xf5, 0xd4, 0x29, 0x03, 0xa6, 0x22, 0xd6, 0xb3, 0x11, 0xb1, + 0x69, 0x48, 0x23, 0x19, 0x06, 0x86, 0xe7, 0x35, 0xbd, 0x16, 0xeb, 0x0c, 0xe9, 0xd2, 0x78, 0x05, + 0x49, 0x84, 0x2c, 0xdb, 0xbb, 0x4b, 0x54, 0xae, 0xd7, 0x0c, 0xa6, 0x6f, 0x18, 0xaa, 0xcd, 0xd9, + 0xf8, 0xbe, 0x83, 0x5b, 0x19, 0x86, 0xbe, 0x99, 0x89, 0xdb, 0xc6, 0x7e, 0x4b, 0xaa, 0x71, 0x8d, + 0x6a, 0x6f, 0x01, 0x57, 0x46, 0xb6, 0xd7, 0x32, 0x4d, 0xb8, 0x1d, 0x04, 0xd4, 0xe3, 0xc4, 0x79, + 0x6a, 0x4b, 0x16, 0xf5, 0x27, 0xb8, 0x82, 0x69, 0xd4, 0xfc, 0xb9, 0x5d, 0x37, 0x16, 0x3c, 0x0f, + 0xcf, 0xed, 0x02, 0x79, 0x1f, 0x86, 0x45, 0x1b, 0x19, 0x91, 0xd1, 0xe8, 0xb0, 0x43, 0xab, 0x91, + 0x12, 0xb8, 0x90, 0xb0, 0xcd, 0x26, 0x4e, 0xde, 0xe8, 0xf3, 0x36, 0xbf, 0xcf, 0xf6, 0xec, 0xc6, + 0x8b, 0x50, 0x2e, 0xc9, 0xcd, 0x1b, 0x29, 0x4b, 0x2a, 0x12, 0x8b, 0x04, 0x75, 0xd9, 0x65, 0x39, + 0x13, 0xa6, 0x7e, 0x63, 0xcc, 0x41, 0x15, 0x3a, 0x4c, 0xa9, 0xdf, 0x06, 0xb8, 0xdb, 0x96, 0xbd, + 0x06, 0xc5, 0x4a, 0x1d, 0x37, 0x94, 0x2a, 0x3d, 0x72, 0x5a, 0x87, 0x7e, 0x40, 0xd5, 0xd9, 0x27, + 0x59, 0x20, 0x79, 0xcd, 0x28, 0x05, 0x45, 0x14, 0xac, 0x53, 0x07, 0x03, 0x33, 0xcf, 0x2a, 0x0d, + 0x25, 0x51, 0x94, 0x4d, 0xd1, 0xe1, 0xac, 0x33, 0xbd, 0xc4, 0x4e, 0x67, 0xcd, 0x97, 0x63, 0xf3, + 0x21, 0x2e, 0x18, 0x0a, 0x39, 0x54, 0x3b, 0x84, 0x02, 0xa9, 0x53, 0xa1, 0x7c, 0x79, 0xa3, 0x50, + 0x2b, 0xf2, 0xea, 0x39, 0x16, 0x4b, 0x1e, 0x75, 0x5e, 0xf5, 0xdf, 0x83, 0x89, 0x15, 0xb6, 0xa0, + 0xb7, 0x1b, 0x2e, 0x0f, 0x46, 0x4f, 0xcc, 0xe8, 0xe2, 0xb9, 0x84, 0xab, 0x32, 0xf5, 0x15, 0x92, + 0x0a, 0x0b, 0x82, 0xdc, 0x53, 0x34, 0x98, 0x1c, 0x8f, 0x69, 0xc9, 0x56, 0xe4, 0x03, 0xc0, 0x13, + 0xbe, 0x30, 0x19, 0xcc, 0x72, 0xc5, 0xb2, 0xd2, 0x6a, 0x35, 0xa5, 0x65, 0x9b, 0xdf, 0xd4, 0xbf, + 0x6e, 0x9c, 0x44, 0x53, 0xe5, 0x92, 0x77, 0x5a, 0xf7, 0xfc, 0x5c, 0x4b, 0x45, 0x9b, 0xc3, 0x33, + 0xa7, 0xbc, 0xdb, 0x5c, 0x54, 0xe1, 0xa3, 0x2b, 0xcd, 0x66, 0x8a, 0x38, 0x24, 0x6f, 0x99, 0xdc, + 0xb3, 0x70, 0xba, 0xd5, 0x80, 0x27, 0x7d, 0xae, 0xbc, 0x55, 0x5a, 0x2d, 0xbe, 0x58, 0x5e, 0x56, + 0x0b, 0x86, 0x59, 0x90, 0x3e, 0xe9, 0x27, 0xcb, 0xc5, 0xda, 0xfe, 0x00, 0xa7, 0x59, 0x9c, 0xaf, + 0x96, 0xe8, 0xe7, 0xe6, 0x64, 0xba, 0x5e, 0xa5, 0xcb, 0x25, 0x0a, 0xd5, 0x3e, 0x31, 0x99, 0x48, + 0xdd, 0xaf, 0x0c, 0x3c, 0xa9, 0x94, 0xfe, 0x9c, 0xdf, 0xe5, 0xbc, 0x62, 0x65, 0x70, 0x2d, 0x26, + 0x73, 0x82, 0xab, 0x2e, 0xe7, 0xe4, 0x9a, 0x57, 0x5d, 0xce, 0x4d, 0x26, 0xfe, 0x00, 0x8a, 0xc9, + 0x74, 0xc4, 0x8a, 0x69, 0x4e, 0x9e, 0xe2, 0xdc, 0x31, 0xb9, 0x07, 0xd3, 0xfa, 0x88, 0xaa, 0x7e, + 0xe7, 0xad, 0xfe, 0x79, 0x7c, 0x76, 0x60, 0x26, 0x33, 0x7b, 0xb0, 0xda, 0x62, 0x3b, 0xe5, 0x16, + 0xce, 0xe5, 0x4a, 0xe1, 0x7c, 0x76, 0x02, 0x71, 0xf2, 0x9a, 0x69, 0x3f, 0xc8, 0x4e, 0xa7, 0x3c, + 0xf7, 0x7a, 0x17, 0x2c, 0x21, 0xd0, 0xaf, 0x71, 0x07, 0x4c, 0xd5, 0x71, 0x55, 0xb3, 0x28, 0xe4, + 0x54, 0x60, 0x75, 0x42, 0x51, 0x73, 0x60, 0x3a, 0xa3, 0x38, 0x5f, 0xc4, 0xd7, 0xf2, 0x79, 0xc6, + 0x13, 0x6b, 0x4f, 0x46, 0x49, 0xce, 0x95, 0x4c, 0xc7, 0x44, 0xd3, 0x1d, 0x8e, 0xa4, 0x73, 0x6a, + 0x3e, 0x9c, 0xbe, 0xc9, 0x79, 0xdc, 0x1a, 0xca, 0xfa, 0x63, 0x64, 0x81, 0x4e, 0x5a, 0x7f, 0xb2, + 0xb2, 0x57, 0x2b, 0x31, 0x74, 0xca, 0x8f, 0xce, 0x77, 0xe3, 0xaf, 0xb8, 0x39, 0xc8, 0xac, 0x42, + 0x37, 0x07, 0x65, 0xf2, 0xbf, 0x92, 0x8f, 0xa0, 0x33, 0x77, 0xf8, 0xdd, 0x6f, 0x22, 0x8d, 0x35, + 0xd1, 0x4f, 0x5c, 0xd9, 0x29, 0xae, 0xd5, 0xdc, 0xc8, 0x44, 0xd1, 0xab, 0x78, 0x24, 0xbf, 0xc1, + 0x1c, 0x29, 0x75, 0xc8, 0xf1, 0xdd, 0x59, 0x4d, 0xd9, 0x82, 0x52, 0x3c, 0x98, 0x89, 0x0e, 0x9c, + 0x71, 0x28, 0xa5, 0x30, 0x2e, 0xe4, 0x66, 0xf6, 0x26, 0x6f, 0xa6, 0xbe, 0xf4, 0x1c, 0xc1, 0x74, + 0xac, 0x82, 0xaf, 0xe7, 0x5a, 0xd4, 0xe5, 0x8b, 0xb1, 0x2d, 0x58, 0x4f, 0x02, 0x9e, 0x5a, 0xcf, + 0x33, 0x32, 0x84, 0xdf, 0x47, 0xbd, 0x58, 0xcb, 0xf2, 0x9d, 0xdb, 0xeb, 0x4b, 0x59, 0x7c, 0xc2, + 0xf4, 0x8a, 0xab, 0xb5, 0x4b, 0xea, 0x69, 0xc9, 0x82, 0xb3, 0xac, 0xb8, 0xa7, 0x69, 0x5a, 0x1e, + 0x9f, 0x65, 0x18, 0xd5, 0xd2, 0x83, 0x93, 0x0b, 0x86, 0x98, 0x8c, 0x3d, 0x74, 0xce, 0xe8, 0x9c, + 0xb9, 0x7d, 0x2e, 0xa1, 0x45, 0x5a, 0x25, 0x19, 0xcf, 0x6d, 0xc5, 0xc5, 0x34, 0x0f, 0xc3, 0x1a, + 0xad, 0xa4, 0xc0, 0x5b, 0x33, 0x9f, 0x14, 0x8e, 0xd1, 0xa0, 0xfc, 0x2e, 0x11, 0x5d, 0x34, 0x5d, + 0x9a, 0x94, 0xaf, 0xbf, 0x4e, 0x89, 0x1c, 0xa4, 0x98, 0x2a, 0x45, 0x46, 0xec, 0x3b, 0xaf, 0x4c, + 0x6b, 0x1a, 0xb4, 0x83, 0xa5, 0x63, 0x1b, 0x1f, 0x7e, 0x64, 0xe4, 0x4b, 0x57, 0x2b, 0x6c, 0xc7, + 0x74, 0xea, 0x19, 0xba, 0x9b, 0x5a, 0xb3, 0x73, 0x39, 0x76, 0x4c, 0xa0, 0x9e, 0xdb, 0xd2, 0x1f, + 0x6a, 0x6b, 0x76, 0x2a, 0x2b, 0x3a, 0xb9, 0x9e, 0x54, 0xdc, 0xf2, 0x12, 0xa7, 0x77, 0xd8, 0x13, + 0xa6, 0xb3, 0x12, 0xaa, 0x6b, 0xe6, 0xe1, 0xdc, 0x6c, 0xeb, 0x19, 0x52, 0xb0, 0xe5, 0xfc, 0xcf, + 0xe1, 0xd6, 0x21, 0xbd, 0x7a, 0x6e, 0x0b, 0xbf, 0xd4, 0x16, 0xba, 0x44, 0x1a, 0x74, 0x75, 0x1c, + 0xef, 0x92, 0x27, 0x3d, 0x97, 0xf7, 0x26, 0x3e, 0x15, 0x4a, 0xe7, 0x30, 0x57, 0x9a, 0x4d, 0xa7, + 0x0c, 0xe7, 0x99, 0xd6, 0xe3, 0x99, 0x74, 0x17, 0x19, 0xbf, 0xf3, 0x09, 0xdb, 0x6f, 0xb7, 0x86, + 0x7d, 0x2d, 0x17, 0xe3, 0x8c, 0xdc, 0xe7, 0x89, 0xc5, 0x38, 0x3f, 0x3b, 0x7a, 0x87, 0x63, 0xd0, + 0x64, 0xd5, 0x3d, 0xf0, 0xb4, 0xd4, 0xe5, 0xea, 0x10, 0x94, 0xce, 0xa6, 0xae, 0x96, 0x98, 0xac, + 0x4c, 0xe7, 0x5b, 0x4c, 0xff, 0xe1, 0xda, 0xbb, 0x9e, 0x84, 0x9a, 0xcc, 0xe5, 0xe7, 0xde, 0x56, + 0xcb, 0x4d, 0x66, 0xd6, 0x6a, 0x8d, 0xa1, 0x9e, 0x01, 0x5a, 0x31, 0xcc, 0x48, 0x46, 0xad, 0x18, + 0x66, 0xa6, 0x8c, 0xbe, 0x85, 0x56, 0x17, 0xdb, 0x6f, 0x52, 0xdd, 0xea, 0xa2, 0xa5, 0x14, 0x4e, + 0x18, 0x3d, 0xc8, 0x47, 0x68, 0xf2, 0xe8, 0x6c, 0x27, 0x99, 0x35, 0x39, 0xe9, 0x9e, 0x25, 0x23, + 0x2a, 0x5f, 0xb3, 0xb2, 0xb1, 0x27, 0x53, 0x46, 0xcf, 0x95, 0xd2, 0x05, 0x82, 0xfe, 0x5d, 0x69, + 0x35, 0xc1, 0x06, 0x97, 0x4c, 0x6b, 0x53, 0x7e, 0x9b, 0xdf, 0x95, 0x26, 0x13, 0x83, 0x2c, 0x95, + 0xad, 0x39, 0x49, 0xf6, 0x3d, 0x18, 0x8b, 0x33, 0x33, 0xef, 0x2d, 0x68, 0x84, 0x89, 0x74, 0xcd, + 0x49, 0xc2, 0xf7, 0xe5, 0xb5, 0x0a, 0xd6, 0x67, 0x16, 0x76, 0x56, 0x01, 0x3e, 0x91, 0x26, 0x1a, + 0xa3, 0xa5, 0xa9, 0x3c, 0xcf, 0x1d, 0x56, 0xee, 0x31, 0x3d, 0x9d, 0xa4, 0x9a, 0x17, 0x19, 0x09, + 0x61, 0xd5, 0xbc, 0xc8, 0x4a, 0xe8, 0x1a, 0x5f, 0x3b, 0x7c, 0x21, 0xed, 0x11, 0x31, 0xd3, 0x4b, + 0x46, 0xb3, 0x52, 0x7c, 0x2f, 0xe7, 0x15, 0x27, 0x59, 0x57, 0xa1, 0x98, 0xcc, 0x7d, 0xa9, 0x0e, + 0x73, 0x39, 0x49, 0x4a, 0xd5, 0x09, 0x31, 0x37, 0x69, 0xe6, 0xb6, 0x34, 0xae, 0x9b, 0x7c, 0xaf, + 0x66, 0x37, 0x4a, 0x67, 0x9d, 0x6f, 0x6d, 0x1f, 0x37, 0xd2, 0x60, 0xea, 0xc7, 0xec, 0x54, 0x9a, + 0x4d, 0x5d, 0x2d, 0xcb, 0xc8, 0x9c, 0xe9, 0xca, 0x60, 0x4f, 0xd9, 0xd9, 0xb8, 0xdf, 0x32, 0xcf, + 0xbf, 0x1d, 0x62, 0xa6, 0x77, 0xbd, 0x82, 0x26, 0xbf, 0x02, 0xb3, 0x39, 0xe1, 0xa5, 0xc9, 0xeb, + 0x09, 0x33, 0x6d, 0x76, 0xf8, 0x69, 0x35, 0x41, 0x32, 0xf3, 0x53, 0x6f, 0xa0, 0xef, 0x82, 0x11, + 0xd6, 0x21, 0x75, 0x1f, 0xf8, 0xc8, 0x8d, 0x0e, 0x79, 0x1a, 0x66, 0x6d, 0xcd, 0xcd, 0x8c, 0x07, + 0x41, 0xaa, 0x78, 0x90, 0x31, 0xa0, 0x19, 0x57, 0x82, 0x19, 0x0c, 0xe7, 0xb2, 0x19, 0xb2, 0xb5, + 0x83, 0xcd, 0x85, 0x8c, 0x98, 0x1b, 0x6a, 0x2e, 0xe4, 0xc7, 0xe3, 0xc8, 0x6d, 0xe6, 0xb6, 0x54, + 0xb0, 0xb2, 0x39, 0xe6, 0x87, 0xdf, 0xc8, 0xe5, 0xf8, 0x80, 0x71, 0x4c, 0x45, 0xd4, 0x20, 0x39, + 0xe8, 0x9d, 0x57, 0x0f, 0x5b, 0xee, 0xd7, 0x26, 0xd5, 0x82, 0xd6, 0xbe, 0xbc, 0xd8, 0x1d, 0xb9, + 0xed, 0x5b, 0x91, 0xdf, 0x53, 0x76, 0xfb, 0x4e, 0xbb, 0x63, 0xab, 0xcb, 0xb3, 0x44, 0x50, 0x17, + 0xa3, 0xa3, 0x1a, 0x7c, 0x2e, 0x07, 0x4e, 0x36, 0xd1, 0x19, 0x29, 0x09, 0xd5, 0x4e, 0xb4, 0xd9, + 0x51, 0x63, 0x72, 0xf9, 0xf1, 0x79, 0x6c, 0x44, 0xdd, 0x38, 0xcb, 0x3c, 0x4e, 0x84, 0xeb, 0x10, + 0xf3, 0xd8, 0x80, 0x9e, 0x6d, 0x1e, 0x27, 0x18, 0x9a, 0xf3, 0x38, 0xd9, 0xcc, 0xa4, 0x99, 0x20, + 0x77, 0x54, 0x93, 0xcd, 0x54, 0xf3, 0x38, 0x9b, 0x63, 0x7e, 0x74, 0x94, 0x5c, 0x8e, 0x6a, 0x1e, + 0x9b, 0x1c, 0x73, 0xd0, 0x4f, 0x39, 0x8f, 0x93, 0x95, 0x98, 0xf3, 0xf8, 0x4c, 0xed, 0x53, 0xf3, + 0x38, 0xbb, 0x7d, 0x67, 0x9e, 0xc7, 0x89, 0x70, 0x42, 0x46, 0x47, 0xb3, 0xe6, 0x71, 0x12, 0x9f, + 0xcf, 0xe3, 0x24, 0x34, 0x61, 0x99, 0xe9, 0x30, 0x8f, 0x93, 0x94, 0x9f, 0x21, 0xbf, 0x44, 0x28, + 0x94, 0xd3, 0xcc, 0xe4, 0xdc, 0x28, 0x2a, 0xe4, 0x11, 0xda, 0x06, 0x13, 0xf0, 0xd3, 0xcd, 0xe6, + 0xf9, 0x3c, 0xa6, 0x38, 0x9f, 0xf7, 0xa4, 0x10, 0x93, 0xcd, 0x35, 0x0d, 0x5f, 0xd9, 0x91, 0x60, + 0x3a, 0x34, 0x78, 0x8f, 0xcd, 0x9b, 0x46, 0x07, 0xbe, 0x9d, 0x02, 0xd9, 0x74, 0xe0, 0xab, 0xce, + 0x41, 0x49, 0xbe, 0xb9, 0x24, 0x9d, 0xe7, 0xf7, 0xe7, 0xf2, 0x76, 0x24, 0x49, 0xb7, 0x90, 0x38, + 0x59, 0x9d, 0xb9, 0xa5, 0xea, 0x84, 0x95, 0x6c, 0xe9, 0x59, 0xe7, 0xf9, 0x86, 0xd4, 0x1e, 0x52, + 0x11, 0xb0, 0x12, 0x9d, 0xd6, 0xe7, 0x7a, 0x6e, 0x09, 0xd9, 0x41, 0x43, 0x70, 0x1a, 0xae, 0x19, + 0x91, 0xf3, 0x42, 0x6d, 0x75, 0xe5, 0x9a, 0x8a, 0xe5, 0xa3, 0x73, 0xcd, 0x0b, 0xf4, 0xa3, 0xb8, + 0xa6, 0xa9, 0x3f, 0x45, 0xd3, 0x99, 0x78, 0xf1, 0xe5, 0x3d, 0xf6, 0xf3, 0xcf, 0x39, 0x53, 0x86, + 0xc3, 0x14, 0xc3, 0x45, 0x3f, 0xb5, 0x8f, 0xc5, 0xf5, 0x9f, 0x04, 0xe6, 0x0a, 0x3f, 0x8b, 0x9e, + 0x7c, 0x0a, 0x45, 0xb1, 0xbc, 0xc5, 0x0c, 0xb2, 0x10, 0x73, 0x87, 0x6e, 0x51, 0x5a, 0xec, 0x4e, + 0xd1, 0x82, 0xd3, 0x58, 0xea, 0x4e, 0x23, 0x89, 0x7c, 0xb3, 0x16, 0xdb, 0x0e, 0x77, 0x82, 0x76, + 0x18, 0xd1, 0x46, 0xda, 0x1c, 0x65, 0x36, 0x46, 0xba, 0x55, 0x98, 0xe8, 0x7b, 0x0b, 0x64, 0x0d, + 0xd7, 0x36, 0x13, 0xdc, 0xc9, 0x5e, 0x97, 0xcd, 0x06, 0x97, 0x9e, 0x55, 0xf5, 0xb4, 0xc8, 0x6c, + 0x53, 0x5e, 0xdd, 0xf9, 0x8d, 0x52, 0x22, 0x3a, 0x65, 0xef, 0xf2, 0x44, 0xc4, 0x0f, 0xd4, 0xdc, + 0x76, 0xd8, 0x4d, 0x32, 0xc9, 0xc7, 0x4e, 0xe4, 0x07, 0x30, 0x22, 0x89, 0xbb, 0x0b, 0x24, 0x49, + 0x8d, 0x02, 0x59, 0x86, 0x71, 0xe3, 0x25, 0x97, 0x3a, 0xdd, 0x64, 0xbd, 0xef, 0xea, 0x30, 0xce, + 0xe3, 0xc6, 0x8b, 0x2d, 0xc5, 0x25, 0xeb, 0x1d, 0x57, 0x2e, 0x97, 0xef, 0xc3, 0xa8, 0x10, 0x69, + 0x47, 0x69, 0xe4, 0x1b, 0xeb, 0x66, 0x34, 0xaf, 0xe8, 0x76, 0xc3, 0x8d, 0x96, 0x7c, 0xef, 0xb1, + 0x7b, 0xd0, 0x55, 0x30, 0x69, 0x92, 0xbd, 0x05, 0xf2, 0x15, 0x26, 0x2d, 0x96, 0xa9, 0xa4, 0x69, + 0xf4, 0xcc, 0x0f, 0x9e, 0xb8, 0xde, 0x41, 0x17, 0x96, 0x57, 0x4c, 0x96, 0x49, 0x3a, 0xe9, 0x78, + 0xf2, 0x15, 0xcc, 0x55, 0xf3, 0x99, 0x77, 0x65, 0xd2, 0x79, 0x7b, 0xa9, 0xc2, 0x3c, 0xba, 0xde, + 0x9c, 0xb5, 0xed, 0x1d, 0x99, 0x7e, 0xc1, 0x83, 0x28, 0x4a, 0x43, 0x7f, 0xdd, 0x0f, 0x1a, 0xdd, + 0x39, 0x96, 0x4d, 0x67, 0xde, 0x04, 0x99, 0x14, 0xc6, 0x17, 0x70, 0xa1, 0x9a, 0xcb, 0xba, 0x1b, + 0x8b, 0x6e, 0x9a, 0xe4, 0x45, 0x14, 0xc5, 0x19, 0xdb, 0xdd, 0x91, 0xe7, 0x1a, 0xae, 0x69, 0x6c, + 0x1f, 0xda, 0x0e, 0xe8, 0x63, 0x1a, 0xa0, 0xcb, 0x78, 0x37, 0x67, 0x69, 0x13, 0x5d, 0xf6, 0x7c, + 0x0d, 0xce, 0x55, 0x53, 0xac, 0xf2, 0x48, 0xba, 0x5d, 0x1e, 0x4d, 0x61, 0x4f, 0x4f, 0xd9, 0xae, + 0x2e, 0x2e, 0x46, 0xa3, 0xf7, 0x69, 0xb4, 0xbb, 0xd6, 0x45, 0x4a, 0xf2, 0x4d, 0x83, 0x44, 0xdc, + 0xbb, 0xc3, 0x28, 0xab, 0x1a, 0x65, 0x1a, 0x23, 0xf7, 0xe3, 0xfd, 0x81, 0xbc, 0x48, 0xe9, 0x5a, + 0x6d, 0x1e, 0x87, 0xbb, 0xb8, 0x16, 0x0a, 0xb7, 0x69, 0xcd, 0x04, 0xc9, 0x21, 0xb1, 0xa9, 0x4e, + 0xf3, 0xa0, 0x0e, 0x49, 0x85, 0x1f, 0xff, 0xf8, 0xf4, 0x10, 0xb0, 0xcb, 0x29, 0x77, 0xfa, 0x8e, + 0x2c, 0xb8, 0x09, 0x75, 0xdd, 0xaf, 0x3f, 0xd1, 0x4d, 0xa8, 0x5a, 0x5a, 0xfb, 0x39, 0x33, 0xe9, + 0xbc, 0x58, 0xf1, 0x31, 0xf3, 0xbc, 0xee, 0x35, 0xa6, 0x27, 0xb6, 0xd7, 0x4d, 0xa8, 0x66, 0x0a, + 0xfe, 0xbb, 0xd2, 0xb6, 0x88, 0x15, 0x9a, 0x9c, 0x73, 0x45, 0xa3, 0xcc, 0x8a, 0x48, 0x64, 0x9a, + 0x15, 0xf5, 0x86, 0xe6, 0x5f, 0x04, 0x90, 0x74, 0x0e, 0x7e, 0x75, 0x58, 0xc9, 0x4d, 0xcf, 0xdf, + 0xc1, 0xf9, 0x6b, 0x4a, 0xb8, 0x0c, 0x19, 0x82, 0x57, 0x81, 0x88, 0xd3, 0x65, 0xb1, 0x28, 0x75, + 0x4f, 0xa6, 0xdb, 0x05, 0xb2, 0x09, 0xe7, 0xef, 0xd3, 0x48, 0xac, 0x71, 0x36, 0x0d, 0xa3, 0xc0, + 0xad, 0x47, 0x1d, 0x6f, 0x15, 0xe5, 0xd9, 0x24, 0x83, 0x66, 0xef, 0x1d, 0xc6, 0xaf, 0x9a, 0xcd, + 0xaf, 0x23, 0x5d, 0x07, 0xff, 0x5a, 0x71, 0x55, 0x71, 0x96, 0x26, 0xe6, 0x4f, 0xf1, 0x21, 0xee, + 0xbe, 0x93, 0x4f, 0x5a, 0x8c, 0xa3, 0x9e, 0x88, 0xd3, 0xd6, 0x4d, 0x18, 0xe4, 0x44, 0xb9, 0x1b, + 0xea, 0x98, 0x4e, 0x43, 0xee, 0xc0, 0x88, 0xf2, 0xbf, 0x21, 0x46, 0x51, 0x6e, 0xbb, 0xee, 0xc0, + 0x08, 0x3f, 0x5a, 0x9d, 0x9e, 0xe4, 0x23, 0x18, 0x51, 0x0e, 0x3b, 0x67, 0xde, 0xe9, 0x3f, 0x85, + 0x71, 0xdd, 0x75, 0xe7, 0xec, 0x82, 0xfc, 0x3e, 0xde, 0xfd, 0xca, 0x2b, 0x96, 0x7c, 0xfa, 0x99, + 0x44, 0xa6, 0x2f, 0x21, 0x52, 0xbe, 0x40, 0x4a, 0x60, 0x6e, 0xf3, 0xcf, 0xa5, 0xa8, 0xc9, 0x47, + 0xf2, 0x35, 0x95, 0x22, 0x4e, 0x23, 0x75, 0x90, 0xd9, 0x04, 0x17, 0xf3, 0x8b, 0x10, 0xab, 0x05, + 0xb6, 0x6b, 0xb3, 0x4f, 0x73, 0x47, 0xdd, 0x5d, 0x74, 0x79, 0x5c, 0xb6, 0x50, 0x4b, 0x4b, 0xe5, + 0xa0, 0xcb, 0x67, 0x74, 0x39, 0x3f, 0x6d, 0x1d, 0x0e, 0xc6, 0x03, 0x3c, 0x05, 0xa6, 0x4a, 0x73, + 0xbb, 0xd7, 0x21, 0x0d, 0x5e, 0x7c, 0xec, 0x4d, 0xb3, 0xeb, 0x40, 0xd6, 0xe9, 0x14, 0x2d, 0xde, + 0x88, 0xbe, 0x12, 0x76, 0x6b, 0xd2, 0x03, 0xf2, 0xf4, 0x9d, 0xcd, 0x6f, 0xd9, 0xc5, 0x8c, 0x5b, + 0xf1, 0xae, 0x63, 0x91, 0xc7, 0xee, 0x57, 0x50, 0x3b, 0xcc, 0x0c, 0x06, 0x96, 0xcf, 0xec, 0xba, + 0xe6, 0x58, 0x91, 0x49, 0xa9, 0x36, 0xbd, 0x27, 0xf8, 0x4c, 0x2d, 0x3b, 0x4b, 0xdf, 0x1b, 0x5d, + 0xb8, 0x48, 0x49, 0xbc, 0xd9, 0x15, 0x4f, 0xdd, 0xb1, 0x5e, 0xe4, 0x3b, 0x6c, 0x76, 0x7d, 0x5d, + 0xb2, 0x0e, 0x66, 0x5c, 0x7b, 0x2b, 0xf7, 0xd2, 0x6c, 0x86, 0xa6, 0x7b, 0x69, 0xc7, 0x3e, 0xe4, + 0x89, 0xff, 0x33, 0x28, 0xc7, 0xde, 0x23, 0x67, 0x1b, 0x84, 0x7c, 0xaf, 0x46, 0x92, 0x92, 0x54, + 0x48, 0x3a, 0xa5, 0xe1, 0x99, 0xbb, 0x9a, 0x27, 0xe1, 0x50, 0x73, 0x4b, 0x12, 0x5e, 0x71, 0x89, + 0x7c, 0x95, 0x79, 0x99, 0x2f, 0x3b, 0xd8, 0x61, 0xc5, 0xbb, 0xbd, 0x57, 0xc2, 0x28, 0x3d, 0xda, + 0x67, 0x67, 0xa4, 0x9c, 0x3b, 0x12, 0x8c, 0xac, 0x0e, 0xc3, 0xdb, 0xfd, 0xea, 0xb1, 0x94, 0x33, + 0xae, 0x67, 0x1f, 0x50, 0x27, 0x7e, 0xab, 0x96, 0x88, 0x1d, 0xa8, 0xbf, 0x0f, 0x4e, 0x17, 0x25, + 0x1f, 0x5a, 0x65, 0x61, 0x28, 0x8f, 0xaa, 0x92, 0xac, 0x82, 0xc1, 0xd9, 0x51, 0xc4, 0x0f, 0xdc, + 0xe8, 0xf9, 0x92, 0xbd, 0x1e, 0x9b, 0x15, 0xf4, 0x02, 0xc9, 0x1b, 0x64, 0xa1, 0xbd, 0x4e, 0xbe, + 0xc4, 0xa5, 0x44, 0xb0, 0x5f, 0xf4, 0xfd, 0x28, 0x8c, 0x02, 0xa7, 0x55, 0xad, 0x07, 0x6e, 0x2b, + 0xca, 0xed, 0x74, 0xec, 0x00, 0x9e, 0x45, 0xa6, 0xf9, 0xa3, 0x8a, 0xd8, 0xf2, 0x59, 0xd1, 0x77, + 0xd4, 0x9b, 0x9c, 0xac, 0xc2, 0x0e, 0x27, 0x97, 0xaa, 0x8c, 0x26, 0xff, 0x2a, 0x99, 0xd6, 0x60, + 0x36, 0x27, 0x66, 0x91, 0xba, 0xbd, 0xed, 0x1c, 0xd3, 0x68, 0xae, 0x73, 0xc5, 0xe4, 0x2b, 0x98, + 0xc9, 0x0c, 0x6a, 0xa4, 0x2c, 0xd0, 0x9d, 0x42, 0x1e, 0x75, 0x63, 0xfe, 0x04, 0x4a, 0xfc, 0x35, + 0x08, 0x3a, 0x3d, 0x1b, 0xf1, 0x6d, 0xe2, 0x37, 0x42, 0x39, 0x08, 0xc9, 0xf5, 0x3a, 0x1f, 0x4f, + 0x3d, 0x78, 0x9f, 0xc6, 0xc0, 0x26, 0x89, 0x74, 0xe8, 0xea, 0xc3, 0xcb, 0x2a, 0xec, 0xf4, 0x10, + 0x69, 0x1b, 0x66, 0xf6, 0x68, 0xe0, 0x3e, 0x7e, 0x9e, 0x64, 0x28, 0x25, 0x93, 0x59, 0xda, 0x89, + 0xe3, 0xe7, 0x30, 0xbb, 0xe4, 0x1f, 0xb5, 0xc4, 0x93, 0x3f, 0x83, 0xa7, 0xba, 0x8a, 0xcf, 0x2e, + 0xef, 0xee, 0x08, 0x35, 0x97, 0x9f, 0xb8, 0x5e, 0xf9, 0xbf, 0x75, 0xcd, 0x6d, 0xaf, 0x1e, 0xae, + 0x99, 0xf4, 0x3b, 0x38, 0x09, 0xb3, 0x32, 0xd9, 0xeb, 0x93, 0xb0, 0x43, 0xa6, 0xfb, 0x9c, 0x07, + 0x64, 0xb3, 0x39, 0xc9, 0xeb, 0x3b, 0x70, 0x3d, 0x45, 0x6b, 0x37, 0xe5, 0xde, 0x62, 0xa6, 0xf9, + 0x4e, 0x78, 0x5c, 0x67, 0xe6, 0x00, 0xcf, 0x6c, 0xa7, 0x16, 0xd9, 0xa1, 0xd9, 0xec, 0xa0, 0x62, + 0x11, 0x3d, 0xb4, 0x03, 0xc3, 0x44, 0x23, 0xfe, 0xb8, 0x4e, 0xdb, 0x69, 0xb5, 0x4e, 0x11, 0xa3, + 0x52, 0xfb, 0x21, 0x8c, 0x55, 0xf5, 0xca, 0x33, 0x2a, 0xc9, 0x9d, 0x14, 0xea, 0x09, 0x51, 0xf7, + 0xb6, 0x77, 0x70, 0x24, 0x55, 0x1b, 0xcf, 0xa9, 0x7a, 0x91, 0xeb, 0x3a, 0x63, 0xe4, 0x6c, 0x53, + 0xbb, 0x40, 0x56, 0x4a, 0x45, 0xe5, 0x3a, 0x93, 0x9d, 0xe6, 0xad, 0xc6, 0xb3, 0xcc, 0x24, 0x33, + 0x66, 0x12, 0xab, 0x7b, 0x6a, 0x5a, 0xe5, 0x50, 0xdf, 0x31, 0xe5, 0x26, 0xf7, 0xf3, 0x89, 0xb3, + 0xd4, 0xe9, 0x7e, 0x3e, 0xa9, 0xdc, 0x77, 0xba, 0x9f, 0x4f, 0x46, 0x62, 0xbb, 0x15, 0xe4, 0x15, + 0xa7, 0xe7, 0xe9, 0x60, 0x8c, 0x50, 0x6c, 0x32, 0xb2, 0x00, 0x3d, 0xd4, 0x03, 0x84, 0xf0, 0xa4, + 0x3e, 0x1d, 0x6c, 0xad, 0xc9, 0xc0, 0x20, 0x89, 0x2c, 0x40, 0xf7, 0xa0, 0xc8, 0xf3, 0x1b, 0xc4, + 0x31, 0x15, 0x63, 0xbf, 0xc1, 0x74, 0xda, 0x85, 0x0e, 0x83, 0x5a, 0x4c, 0x46, 0xa3, 0x53, 0x26, + 0xb3, 0x9c, 0x30, 0x75, 0x1d, 0xa6, 0x2a, 0xc4, 0x31, 0xe7, 0x94, 0x61, 0x2a, 0x15, 0x86, 0x6e, + 0xee, 0x42, 0x46, 0x89, 0x52, 0x29, 0xc7, 0xf4, 0x08, 0x75, 0xaa, 0x4b, 0x19, 0x61, 0xeb, 0xe6, + 0x2e, 0x66, 0x96, 0x09, 0x46, 0x11, 0xcf, 0xce, 0x9c, 0x9d, 0x53, 0x3a, 0x7e, 0x05, 0xd6, 0x01, + 0x47, 0x56, 0x73, 0xe3, 0x34, 0xa8, 0xa2, 0x56, 0xaa, 0x92, 0x13, 0x65, 0x24, 0xb2, 0x7e, 0x33, + 0xe3, 0xa1, 0x86, 0x81, 0x11, 0x7b, 0x83, 0x75, 0xce, 0xaa, 0x4d, 0x1e, 0xc9, 0x64, 0x31, 0x39, + 0x35, 0x75, 0x63, 0x90, 0x3b, 0x82, 0x8f, 0x64, 0x7a, 0x98, 0x57, 0xcd, 0x78, 0x1f, 0xe6, 0x13, + 0xaf, 0x3f, 0x4c, 0xc6, 0x37, 0xb2, 0x9f, 0x88, 0x64, 0x8a, 0x27, 0x5f, 0x67, 0xbf, 0x92, 0x7e, + 0x25, 0x92, 0x18, 0xf7, 0xb3, 0xae, 0x79, 0x1b, 0x30, 0x81, 0xcb, 0x8c, 0x4c, 0xc9, 0x1e, 0xc7, + 0xa7, 0x31, 0xc1, 0xc9, 0x40, 0x49, 0xc9, 0x52, 0xe5, 0x32, 0x3b, 0x26, 0x5e, 0x14, 0xf3, 0x04, + 0xef, 0x73, 0xe6, 0x33, 0x63, 0x04, 0x66, 0xed, 0x62, 0x22, 0x6f, 0x3c, 0xf9, 0x3e, 0x4c, 0xc6, + 0x0f, 0x8d, 0x39, 0x8b, 0x0c, 0xb4, 0x0e, 0x86, 0xb2, 0xc9, 0xf8, 0xb5, 0xf1, 0xd9, 0xc9, 0x57, + 0xe5, 0x56, 0x14, 0x93, 0x5f, 0x4a, 0xbd, 0x95, 0x31, 0xfa, 0x70, 0x9a, 0x1d, 0x49, 0x93, 0xed, + 0x59, 0x47, 0xa7, 0x8e, 0x9f, 0x5b, 0x76, 0xe8, 0x45, 0xfd, 0x73, 0xeb, 0x18, 0x1e, 0x52, 0xa9, + 0xbf, 0x39, 0x7c, 0x36, 0xe0, 0x1a, 0x86, 0x6b, 0xd9, 0xe6, 0x01, 0xfa, 0xb2, 0xb1, 0xf2, 0xdb, + 0x9e, 0x0c, 0xf2, 0xd2, 0x84, 0xab, 0x5d, 0x63, 0x4f, 0x92, 0x5b, 0x86, 0x8b, 0x4b, 0xf7, 0x28, + 0x95, 0x1d, 0x4e, 0x1e, 0xd3, 0x59, 0x21, 0x1c, 0xd5, 0x3e, 0xdb, 0x21, 0x9a, 0xa4, 0xda, 0x67, + 0x3b, 0xc6, 0x80, 0xfc, 0x1c, 0x33, 0x30, 0x89, 0x3d, 0x0a, 0x43, 0x30, 0x51, 0x8f, 0x07, 0xa5, + 0xee, 0x78, 0xed, 0x73, 0xd5, 0xbc, 0x14, 0x4d, 0x11, 0xe2, 0x99, 0xe6, 0xb2, 0x38, 0x89, 0xe5, + 0x31, 0xef, 0xce, 0xa4, 0x83, 0x6b, 0xf5, 0x65, 0x3e, 0x01, 0xcf, 0xdc, 0xf2, 0x1c, 0xf8, 0xe2, + 0xf2, 0xcf, 0xfe, 0xf3, 0xe5, 0xc2, 0xcf, 0x7e, 0x7e, 0xb9, 0xf0, 0xef, 0x7f, 0x7e, 0xb9, 0xf0, + 0x9f, 0x7e, 0x7e, 0xb9, 0xf0, 0xe5, 0xc2, 0xe9, 0x42, 0x23, 0xd7, 0x9b, 0x2e, 0xf5, 0xa2, 0x5b, + 0x9c, 0xdd, 0x20, 0xfe, 0x77, 0xf7, 0x7f, 0x07, 0x00, 0x00, 0xff, 0xff, 0x3e, 0xfc, 0x2f, 0x9a, + 0x13, 0xe7, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -28281,6 +28292,16 @@ func (m *PingResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.LicenseExpiry != nil { + n12, err12 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.LicenseExpiry, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.LicenseExpiry):]) + if err12 != nil { + return 0, err12 + } + i -= n12 + i = encodeVarintAuthservice(dAtA, i, uint64(n12)) + i-- + dAtA[i] = 0x52 + } if m.LoadAllCAs { i-- if m.LoadAllCAs { @@ -29533,12 +29554,12 @@ func (m *GenerateAppTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) dAtA[i] = 0x2a } } - n26, err26 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) - if err26 != nil { - return 0, err26 + n27, err27 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):]) + if err27 != nil { + return 0, err27 } - i -= n26 - i = encodeVarintAuthservice(dAtA, i, uint64(n26)) + i -= n27 + i = encodeVarintAuthservice(dAtA, i, uint64(n27)) i-- dAtA[i] = 0x22 if len(m.URI) > 0 { @@ -32855,21 +32876,21 @@ func (m *GetEventsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { dAtA[i] = 0x22 } } - n61, err61 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.EndDate, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.EndDate):]) - if err61 != nil { - return 0, err61 - } - i -= n61 - i = encodeVarintAuthservice(dAtA, i, uint64(n61)) - i-- - dAtA[i] = 0x1a - n62, err62 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.StartDate, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.StartDate):]) + n62, err62 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.EndDate, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.EndDate):]) if err62 != nil { return 0, err62 } i -= n62 i = encodeVarintAuthservice(dAtA, i, uint64(n62)) i-- + dAtA[i] = 0x1a + n63, err63 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.StartDate, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.StartDate):]) + if err63 != nil { + return 0, err63 + } + i -= n63 + i = encodeVarintAuthservice(dAtA, i, uint64(n63)) + i-- dAtA[i] = 0x12 if len(m.Namespace) > 0 { i -= len(m.Namespace) @@ -32922,21 +32943,21 @@ func (m *GetSessionEventsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) i-- dAtA[i] = 0x18 } - n63, err63 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.EndDate, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.EndDate):]) - if err63 != nil { - return 0, err63 - } - i -= n63 - i = encodeVarintAuthservice(dAtA, i, uint64(n63)) - i-- - dAtA[i] = 0x12 - n64, err64 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.StartDate, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.StartDate):]) + n64, err64 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.EndDate, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.EndDate):]) if err64 != nil { return 0, err64 } i -= n64 i = encodeVarintAuthservice(dAtA, i, uint64(n64)) i-- + dAtA[i] = 0x12 + n65, err65 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.StartDate, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.StartDate):]) + if err65 != nil { + return 0, err65 + } + i -= n65 + i = encodeVarintAuthservice(dAtA, i, uint64(n65)) + i-- dAtA[i] = 0xa return len(dAtA) - i, nil } @@ -34301,12 +34322,12 @@ func (m *RecoveryCodes) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - n71, err71 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):]) - if err71 != nil { - return 0, err71 + n72, err72 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):]) + if err72 != nil { + return 0, err72 } - i -= n71 - i = encodeVarintAuthservice(dAtA, i, uint64(n71)) + i -= n72 + i = encodeVarintAuthservice(dAtA, i, uint64(n72)) i-- dAtA[i] = 0x12 if len(m.Codes) > 0 { @@ -35750,12 +35771,12 @@ func (m *SessionTrackerUpdateExpiry) MarshalToSizedBuffer(dAtA []byte) (int, err copy(dAtA[i:], m.XXX_unrecognized) } if m.Expires != nil { - n96, err96 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Expires):]) - if err96 != nil { - return 0, err96 + n97, err97 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Expires):]) + if err97 != nil { + return 0, err97 } - i -= n96 - i = encodeVarintAuthservice(dAtA, i, uint64(n96)) + i -= n97 + i = encodeVarintAuthservice(dAtA, i, uint64(n97)) i-- dAtA[i] = 0xa } @@ -39349,6 +39370,10 @@ func (m *PingResponse) Size() (n int) { if m.LoadAllCAs { n += 2 } + if m.LicenseExpiry != nil { + l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.LicenseExpiry) + n += 1 + l + sovAuthservice(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -47720,6 +47745,42 @@ func (m *PingResponse) Unmarshal(dAtA []byte) error { } } m.LoadAllCAs = bool(v != 0) + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field LicenseExpiry", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthservice + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthservice + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthservice + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.LicenseExpiry == nil { + m.LicenseExpiry = new(time.Time) + } + if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(m.LicenseExpiry, dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAuthservice(dAtA[iNdEx:]) diff --git a/api/client/usertask/usertask.go b/api/client/usertask/usertask.go index 5cb92983c3b8e..e8a9ef6ccdb2a 100644 --- a/api/client/usertask/usertask.go +++ b/api/client/usertask/usertask.go @@ -47,6 +47,20 @@ func (c *Client) ListUserTasks(ctx context.Context, pageSize int64, nextToken st return resp.UserTasks, resp.NextPageToken, nil } +// ListUserTasksByIntegration returns a list of User Tasks filtered by an integration. +func (c *Client) ListUserTasksByIntegration(ctx context.Context, pageSize int64, nextToken string, integration string) ([]*usertaskv1.UserTask, string, error) { + resp, err := c.grpcClient.ListUserTasksByIntegration(ctx, &usertaskv1.ListUserTasksByIntegrationRequest{ + PageSize: pageSize, + PageToken: nextToken, + Integration: integration, + }) + if err != nil { + return nil, "", trace.Wrap(err) + } + + return resp.UserTasks, resp.NextPageToken, nil +} + // CreateUserTask creates a new User Task. func (c *Client) CreateUserTask(ctx context.Context, req *usertaskv1.UserTask) (*usertaskv1.UserTask, error) { rsp, err := c.grpcClient.CreateUserTask(ctx, &usertaskv1.CreateUserTaskRequest{ diff --git a/api/gen/proto/go/teleport/accesslist/v1/accesslist.pb.go b/api/gen/proto/go/teleport/accesslist/v1/accesslist.pb.go index aedb1e7c725c6..607e5644f9d82 100644 --- a/api/gen/proto/go/teleport/accesslist/v1/accesslist.pb.go +++ b/api/gen/proto/go/teleport/accesslist/v1/accesslist.pb.go @@ -222,7 +222,7 @@ type AccessList struct { // header is the header for the resource. Header *v1.ResourceHeader `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"` - // spec is the specification for the access list. + // spec is the specification for the Access List. Spec *AccessListSpec `protobuf:"bytes,2,opt,name=spec,proto3" json:"spec,omitempty"` // status contains dynamically calculated fields. Status *AccessListStatus `protobuf:"bytes,3,opt,name=status,proto3" json:"status,omitempty"` @@ -281,33 +281,33 @@ func (x *AccessList) GetStatus() *AccessListStatus { return nil } -// AccessListSpec is the specification for an access list. +// AccessListSpec is the specification for an Access List. type AccessListSpec struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // description is an optional plaintext description of the access list. + // description is an optional plaintext description of the Access List. Description string `protobuf:"bytes,1,opt,name=description,proto3" json:"description,omitempty"` - // owners is a list of owners of the access list. + // owners is a list of owners of the Access List. Owners []*AccessListOwner `protobuf:"bytes,2,rep,name=owners,proto3" json:"owners,omitempty"` - // audit describes the frequency that this access list must be audited. + // audit describes the frequency that this Access List must be audited. Audit *AccessListAudit `protobuf:"bytes,3,opt,name=audit,proto3" json:"audit,omitempty"` // membership_requires describes the requirements for a user to be a member of - // the access list. For a membership to an access list to be effective, the + // the Access List. For a membership to an Access List to be effective, the // user must meet the requirements of Membership_requires and must be in the // members list. MembershipRequires *AccessListRequires `protobuf:"bytes,4,opt,name=membership_requires,json=membershipRequires,proto3" json:"membership_requires,omitempty"` // ownership_requires describes the requirements for a user to be an owner of - // the access list. For ownership of an access list to be effective, the user + // the Access List. For ownership of an Access List to be effective, the user // must meet the requirements of ownership_requires and must be in the owners // list. OwnershipRequires *AccessListRequires `protobuf:"bytes,5,opt,name=ownership_requires,json=ownershipRequires,proto3" json:"ownership_requires,omitempty"` - // grants describes the access granted by membership to this access list. + // grants describes the access granted by membership to this Access List. Grants *AccessListGrants `protobuf:"bytes,6,opt,name=grants,proto3" json:"grants,omitempty"` - // title is a plaintext short description of the access list. + // title is a plaintext short description of the Access List. Title string `protobuf:"bytes,8,opt,name=title,proto3" json:"title,omitempty"` - // owner_grants describes the access granted by owners to this access list. + // owner_grants describes the access granted by owners to this Access List. OwnerGrants *AccessListGrants `protobuf:"bytes,11,opt,name=owner_grants,json=ownerGrants,proto3" json:"owner_grants,omitempty"` } @@ -399,7 +399,7 @@ func (x *AccessListSpec) GetOwnerGrants() *AccessListGrants { return nil } -// AccessListOwner is an owner of an access list. +// AccessListOwner is an owner of an Access List. type AccessListOwner struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -468,7 +468,7 @@ func (x *AccessListOwner) GetIneligibleStatus() IneligibleStatus { return IneligibleStatus_INELIGIBLE_STATUS_UNSPECIFIED } -// AccessListAudit describes the audit configuration for an access list. +// AccessListAudit describes the audit configuration for an Access List. type AccessListAudit struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -647,7 +647,7 @@ func (x *Notifications) GetStart() *durationpb.Duration { return nil } -// AccessListRequires describes a requirement section for an access list. A user +// AccessListRequires describes a requirement section for an Access List. A user // must meet the following criteria to obtain the specific access to the list. type AccessListRequires struct { state protoimpl.MessageState @@ -707,18 +707,18 @@ func (x *AccessListRequires) GetTraits() []*v11.Trait { return nil } -// AccessListGrants describes what access is granted by membership to the access -// list. +// AccessListGrants describes what access is granted by membership to the Access +// List. type AccessListGrants struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // roles are the roles that are granted to users who are members of the access - // list. + // roles are the roles that are granted to users who are members of the Access + // List. Roles []string `protobuf:"bytes,1,rep,name=roles,proto3" json:"roles,omitempty"` // traits are the traits that are granted to users who are members of the - // access list. + // Access List. Traits []*v11.Trait `protobuf:"bytes,2,rep,name=traits,proto3" json:"traits,omitempty"` } @@ -768,7 +768,7 @@ func (x *AccessListGrants) GetTraits() []*v11.Trait { return nil } -// Member describes a member of an access list. +// Member describes a member of an Access List. type Member struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -776,7 +776,7 @@ type Member struct { // header is the header for the resource. Header *v1.ResourceHeader `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"` - // spec is the specification for the access list member. + // spec is the specification for the Access List member. Spec *MemberSpec `protobuf:"bytes,2,opt,name=spec,proto3" json:"spec,omitempty"` } @@ -826,23 +826,23 @@ func (x *Member) GetSpec() *MemberSpec { return nil } -// MemberSpec is the specification for an access list member. +// MemberSpec is the specification for an Access List member. type MemberSpec struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // associated access list + // associated Access List AccessList string `protobuf:"bytes,1,opt,name=access_list,json=accessList,proto3" json:"access_list,omitempty"` - // name is the name of the member of the access list. + // name is the name of the member of the Access List. Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` - // joined is when the user joined the access list. + // joined is when the user joined the Access List. Joined *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=joined,proto3" json:"joined,omitempty"` - // expires is when the user's membership to the access list expires. + // expires is when the user's membership to the Access List expires. Expires *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=expires,proto3" json:"expires,omitempty"` - // reason is the reason this user was added to the access list. + // reason is the reason this user was added to the Access List. Reason string `protobuf:"bytes,5,opt,name=reason,proto3" json:"reason,omitempty"` - // added_by is the user that added this user to the access list. + // added_by is the user that added this user to the Access List. AddedBy string `protobuf:"bytes,6,opt,name=added_by,json=addedBy,proto3" json:"added_by,omitempty"` // ineligible_status describes if this member is eligible or not // and if not, describes how they're lacking eligibility. @@ -930,7 +930,7 @@ func (x *MemberSpec) GetIneligibleStatus() IneligibleStatus { return IneligibleStatus_INELIGIBLE_STATUS_UNSPECIFIED } -// Review is a review of an access list. +// Review is a review of an Access List. type Review struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -938,7 +938,7 @@ type Review struct { // header is the header for the resource. Header *v1.ResourceHeader `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"` - // spec is the specification for the access list review. + // spec is the specification for the Access List review. Spec *ReviewSpec `protobuf:"bytes,2,opt,name=spec,proto3" json:"spec,omitempty"` } @@ -988,13 +988,13 @@ func (x *Review) GetSpec() *ReviewSpec { return nil } -// ReviewSpec is the specification for an access list review. +// ReviewSpec is the specification for an Access List review. type ReviewSpec struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // access_list is the name of the access list that this review is for. + // access_list is the name of the Access List that this review is for. AccessList string `protobuf:"bytes,1,opt,name=access_list,json=accessList,proto3" json:"access_list,omitempty"` // reviewers are the users who performed the review. Reviewers []string `protobuf:"bytes,2,rep,name=reviewers,proto3" json:"reviewers,omitempty"` @@ -1159,7 +1159,7 @@ type AccessListStatus struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // member_count is the number of members in the in the access list. + // member_count is the number of members in the in the Access List. MemberCount *uint32 `protobuf:"varint,1,opt,name=member_count,json=memberCount,proto3,oneof" json:"member_count,omitempty"` } diff --git a/api/gen/proto/go/teleport/usertasks/v1/user_tasks.pb.go b/api/gen/proto/go/teleport/usertasks/v1/user_tasks.pb.go index 73785724fa686..0c4568ee42151 100644 --- a/api/gen/proto/go/teleport/usertasks/v1/user_tasks.pb.go +++ b/api/gen/proto/go/teleport/usertasks/v1/user_tasks.pb.go @@ -228,6 +228,12 @@ type DiscoverEC2 struct { AccountId string `protobuf:"bytes,2,opt,name=account_id,json=accountId,proto3" json:"account_id,omitempty"` // Region is the AWS Region where Teleport failed to enroll EC2 instances. Region string `protobuf:"bytes,3,opt,name=region,proto3" json:"region,omitempty"` + // SSMDocument is the Amazon Systems Manager SSM Document name that was used to install teleport on the instance. + // In Amazon console, the document is at: + // https://REGION.console.aws.amazon.com/systems-manager/documents/SSM_DOCUMENT/description + SsmDocument string `protobuf:"bytes,4,opt,name=ssm_document,json=ssmDocument,proto3" json:"ssm_document,omitempty"` + // InstallerScript is the Teleport installer script that was used to install teleport on the instance. + InstallerScript string `protobuf:"bytes,5,opt,name=installer_script,json=installerScript,proto3" json:"installer_script,omitempty"` } func (x *DiscoverEC2) Reset() { @@ -283,6 +289,20 @@ func (x *DiscoverEC2) GetRegion() string { return "" } +func (x *DiscoverEC2) GetSsmDocument() string { + if x != nil { + return x.SsmDocument + } + return "" +} + +func (x *DiscoverEC2) GetInstallerScript() string { + if x != nil { + return x.InstallerScript + } + return "" +} + // DiscoverEC2Instance contains the result of enrolling an AWS EC2 Instance. type DiscoverEC2Instance struct { state protoimpl.MessageState @@ -415,7 +435,7 @@ var file_teleport_usertasks_v1_user_tasks_proto_rawDesc = []byte{ 0x32, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x45, 0x43, 0x32, 0x52, 0x0b, 0x64, 0x69, 0x73, - 0x63, 0x6f, 0x76, 0x65, 0x72, 0x45, 0x63, 0x32, 0x22, 0xff, 0x01, 0x0a, 0x0b, 0x44, 0x69, 0x73, + 0x63, 0x6f, 0x76, 0x65, 0x72, 0x45, 0x63, 0x32, 0x22, 0xcd, 0x02, 0x0a, 0x0b, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x45, 0x43, 0x32, 0x12, 0x4f, 0x0a, 0x09, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, @@ -425,37 +445,42 @@ var file_teleport_usertasks_v1_user_tasks_proto_rawDesc = []byte{ 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, - 0x1a, 0x68, 0x0a, 0x0e, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x6b, 0x65, 0x79, 0x12, 0x40, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, - 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x69, 0x73, 0x63, - 0x6f, 0x76, 0x65, 0x72, 0x45, 0x43, 0x32, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x9e, 0x02, 0x0a, 0x13, 0x44, - 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x45, 0x43, 0x32, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, - 0x63, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, - 0x65, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x69, 0x6e, 0x76, 0x6f, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0d, 0x69, 0x6e, 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, 0x6c, 0x12, 0x29, - 0x0a, 0x10, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, 0x63, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, - 0x65, 0x72, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x27, 0x0a, 0x0f, 0x64, 0x69, 0x73, - 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x07, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x47, 0x72, 0x6f, - 0x75, 0x70, 0x12, 0x37, 0x0a, 0x09, 0x73, 0x79, 0x6e, 0x63, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, - 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, - 0x70, 0x52, 0x08, 0x73, 0x79, 0x6e, 0x63, 0x54, 0x69, 0x6d, 0x65, 0x4a, 0x04, 0x08, 0x03, 0x10, - 0x04, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x52, 0x0a, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, - 0x5f, 0x69, 0x64, 0x52, 0x06, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x42, 0x56, 0x5a, 0x54, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, - 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, - 0x6f, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x74, - 0x61, 0x73, 0x6b, 0x73, 0x2f, 0x76, 0x31, 0x3b, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, - 0x73, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x73, 0x6d, 0x5f, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x73, 0x6d, 0x44, 0x6f, 0x63, 0x75, 0x6d, + 0x65, 0x6e, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x65, 0x72, + 0x5f, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x69, + 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x65, 0x72, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x1a, 0x68, + 0x0a, 0x0e, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, + 0x65, 0x79, 0x12, 0x40, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x2a, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, + 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, + 0x65, 0x72, 0x45, 0x43, 0x32, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x9e, 0x02, 0x0a, 0x13, 0x44, 0x69, 0x73, + 0x63, 0x6f, 0x76, 0x65, 0x72, 0x45, 0x43, 0x32, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, + 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, + 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x69, 0x6e, 0x76, 0x6f, 0x63, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x69, + 0x6e, 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, 0x6c, 0x12, 0x29, 0x0a, 0x10, + 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, + 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x27, 0x0a, 0x0f, 0x64, 0x69, 0x73, 0x63, 0x6f, + 0x76, 0x65, 0x72, 0x79, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x47, 0x72, 0x6f, 0x75, 0x70, + 0x12, 0x37, 0x0a, 0x09, 0x73, 0x79, 0x6e, 0x63, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x08, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, + 0x08, 0x73, 0x79, 0x6e, 0x63, 0x54, 0x69, 0x6d, 0x65, 0x4a, 0x04, 0x08, 0x03, 0x10, 0x04, 0x4a, + 0x04, 0x08, 0x04, 0x10, 0x05, 0x52, 0x0a, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x69, + 0x64, 0x52, 0x06, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x42, 0x56, 0x5a, 0x54, 0x67, 0x69, 0x74, + 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x61, + 0x70, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x2f, + 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, + 0x6b, 0x73, 0x2f, 0x76, 0x31, 0x3b, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x76, + 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/api/gen/proto/go/teleport/usertasks/v1/user_tasks_service.pb.go b/api/gen/proto/go/teleport/usertasks/v1/user_tasks_service.pb.go index 89494f6caa231..eae16296d0c9a 100644 --- a/api/gen/proto/go/teleport/usertasks/v1/user_tasks_service.pb.go +++ b/api/gen/proto/go/teleport/usertasks/v1/user_tasks_service.pb.go @@ -239,6 +239,74 @@ func (x *ListUserTasksRequest) GetPageToken() string { return "" } +// ListUserTasksByIntegrationRequest is a request to get a list of User Tasks filtered by an Integration. +type ListUserTasksByIntegrationRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // page_size is the maximum number of items to return. + // The server may impose a different page size at its discretion. + PageSize int64 `protobuf:"varint,1,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` + // page_token is the next_page_token value returned from a previous List request, if any. + PageToken string `protobuf:"bytes,2,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` + // integration is the integration name that will be used to filter the returned list. + Integration string `protobuf:"bytes,3,opt,name=integration,proto3" json:"integration,omitempty"` +} + +func (x *ListUserTasksByIntegrationRequest) Reset() { + *x = ListUserTasksByIntegrationRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListUserTasksByIntegrationRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListUserTasksByIntegrationRequest) ProtoMessage() {} + +func (x *ListUserTasksByIntegrationRequest) ProtoReflect() protoreflect.Message { + mi := &file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListUserTasksByIntegrationRequest.ProtoReflect.Descriptor instead. +func (*ListUserTasksByIntegrationRequest) Descriptor() ([]byte, []int) { + return file_teleport_usertasks_v1_user_tasks_service_proto_rawDescGZIP(), []int{4} +} + +func (x *ListUserTasksByIntegrationRequest) GetPageSize() int64 { + if x != nil { + return x.PageSize + } + return 0 +} + +func (x *ListUserTasksByIntegrationRequest) GetPageToken() string { + if x != nil { + return x.PageToken + } + return "" +} + +func (x *ListUserTasksByIntegrationRequest) GetIntegration() string { + if x != nil { + return x.Integration + } + return "" +} + // ListUserTasksResponse is a response to ListUserTasks. type ListUserTasksResponse struct { state protoimpl.MessageState @@ -254,7 +322,7 @@ type ListUserTasksResponse struct { func (x *ListUserTasksResponse) Reset() { *x = ListUserTasksResponse{} if protoimpl.UnsafeEnabled { - mi := &file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[4] + mi := &file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -267,7 +335,7 @@ func (x *ListUserTasksResponse) String() string { func (*ListUserTasksResponse) ProtoMessage() {} func (x *ListUserTasksResponse) ProtoReflect() protoreflect.Message { - mi := &file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[4] + mi := &file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -280,7 +348,7 @@ func (x *ListUserTasksResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use ListUserTasksResponse.ProtoReflect.Descriptor instead. func (*ListUserTasksResponse) Descriptor() ([]byte, []int) { - return file_teleport_usertasks_v1_user_tasks_service_proto_rawDescGZIP(), []int{4} + return file_teleport_usertasks_v1_user_tasks_service_proto_rawDescGZIP(), []int{5} } func (x *ListUserTasksResponse) GetUserTasks() []*UserTask { @@ -309,7 +377,7 @@ type UpdateUserTaskRequest struct { func (x *UpdateUserTaskRequest) Reset() { *x = UpdateUserTaskRequest{} if protoimpl.UnsafeEnabled { - mi := &file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[5] + mi := &file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -322,7 +390,7 @@ func (x *UpdateUserTaskRequest) String() string { func (*UpdateUserTaskRequest) ProtoMessage() {} func (x *UpdateUserTaskRequest) ProtoReflect() protoreflect.Message { - mi := &file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[5] + mi := &file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -335,7 +403,7 @@ func (x *UpdateUserTaskRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use UpdateUserTaskRequest.ProtoReflect.Descriptor instead. func (*UpdateUserTaskRequest) Descriptor() ([]byte, []int) { - return file_teleport_usertasks_v1_user_tasks_service_proto_rawDescGZIP(), []int{5} + return file_teleport_usertasks_v1_user_tasks_service_proto_rawDescGZIP(), []int{6} } func (x *UpdateUserTaskRequest) GetUserTask() *UserTask { @@ -358,7 +426,7 @@ type DeleteUserTaskRequest struct { func (x *DeleteUserTaskRequest) Reset() { *x = DeleteUserTaskRequest{} if protoimpl.UnsafeEnabled { - mi := &file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[6] + mi := &file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -371,7 +439,7 @@ func (x *DeleteUserTaskRequest) String() string { func (*DeleteUserTaskRequest) ProtoMessage() {} func (x *DeleteUserTaskRequest) ProtoReflect() protoreflect.Message { - mi := &file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[6] + mi := &file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[7] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -384,7 +452,7 @@ func (x *DeleteUserTaskRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use DeleteUserTaskRequest.ProtoReflect.Descriptor instead. func (*DeleteUserTaskRequest) Descriptor() ([]byte, []int) { - return file_teleport_usertasks_v1_user_tasks_service_proto_rawDescGZIP(), []int{6} + return file_teleport_usertasks_v1_user_tasks_service_proto_rawDescGZIP(), []int{7} } func (x *DeleteUserTaskRequest) GetName() string { @@ -424,67 +492,83 @@ var file_teleport_usertasks_v1_user_tasks_service_proto_rawDesc = []byte{ 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x70, 0x61, 0x67, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, - 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x7f, 0x0a, 0x15, 0x4c, 0x69, 0x73, 0x74, - 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x12, 0x3e, 0x0a, 0x0a, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, - 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x73, - 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x52, 0x09, 0x75, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, - 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, - 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6e, 0x65, 0x78, 0x74, - 0x50, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x55, 0x0a, 0x15, 0x55, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x12, 0x3c, 0x0a, 0x09, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x74, 0x61, 0x73, 0x6b, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, + 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x81, 0x01, 0x0a, 0x21, 0x4c, 0x69, 0x73, + 0x74, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x73, 0x42, 0x79, 0x49, 0x6e, 0x74, 0x65, + 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1b, + 0x0a, 0x09, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x03, 0x52, 0x08, 0x70, 0x61, 0x67, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, + 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x09, 0x70, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x69, 0x6e, + 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0b, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x7f, 0x0a, 0x15, + 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x73, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3e, 0x0a, 0x0a, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x74, 0x61, + 0x73, 0x6b, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x74, 0x65, 0x6c, 0x65, + 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, + 0x31, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x52, 0x09, 0x75, 0x73, 0x65, 0x72, + 0x54, 0x61, 0x73, 0x6b, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, 0x61, + 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, + 0x6e, 0x65, 0x78, 0x74, 0x50, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x55, 0x0a, + 0x15, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3c, 0x0a, 0x09, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x74, + 0x61, 0x73, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x74, 0x65, 0x6c, 0x65, + 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, + 0x31, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, + 0x54, 0x61, 0x73, 0x6b, 0x22, 0x2b, 0x0a, 0x15, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x55, 0x73, + 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x32, 0xda, 0x05, 0x0a, 0x0f, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x5f, 0x0a, 0x0e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x55, + 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x12, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, + 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, + 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x73, - 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, - 0x22, 0x2b, 0x0a, 0x15, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, - 0x73, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x32, 0xd3, 0x04, - 0x0a, 0x0f, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x12, 0x5f, 0x0a, 0x0e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x54, - 0x61, 0x73, 0x6b, 0x12, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, - 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, - 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x12, 0x5f, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x65, 0x72, 0x74, + 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x12, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, + 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, + 0x2e, 0x55, 0x70, 0x73, 0x65, 0x72, 0x74, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, + 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, + 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x12, 0x59, 0x0a, 0x0b, 0x47, 0x65, 0x74, 0x55, 0x73, + 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x12, 0x29, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, + 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47, + 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, - 0x73, 0x6b, 0x12, 0x5f, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x65, 0x72, 0x74, 0x55, 0x73, 0x65, 0x72, - 0x54, 0x61, 0x73, 0x6b, 0x12, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, - 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x73, - 0x65, 0x72, 0x74, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, - 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x54, - 0x61, 0x73, 0x6b, 0x12, 0x59, 0x0a, 0x0b, 0x47, 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, - 0x73, 0x6b, 0x12, 0x29, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, - 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x55, 0x73, - 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, - 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, - 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x12, 0x6a, - 0x0a, 0x0d, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x73, 0x12, - 0x2b, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, - 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, - 0x54, 0x61, 0x73, 0x6b, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x74, - 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, - 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, - 0x6b, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5f, 0x0a, 0x0e, 0x55, 0x70, - 0x64, 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x12, 0x2c, 0x2e, 0x74, - 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, - 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x54, - 0x61, 0x73, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x74, 0x65, 0x6c, - 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, - 0x76, 0x31, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x12, 0x56, 0x0a, 0x0e, 0x44, - 0x65, 0x6c, 0x65, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x12, 0x2c, 0x2e, + 0x73, 0x6b, 0x12, 0x6a, 0x0a, 0x0d, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, + 0x73, 0x6b, 0x73, 0x12, 0x2b, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, + 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, + 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, + 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, + 0x72, 0x54, 0x61, 0x73, 0x6b, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x84, + 0x01, 0x0a, 0x1a, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x73, + 0x42, 0x79, 0x49, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x38, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, - 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, - 0x54, 0x61, 0x73, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, - 0x70, 0x74, 0x79, 0x42, 0x56, 0x5a, 0x54, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x2f, - 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x67, 0x65, 0x6e, - 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, - 0x72, 0x74, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2f, 0x76, 0x31, 0x3b, - 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, + 0x73, 0x6b, 0x73, 0x42, 0x79, 0x49, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, + 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, + 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x73, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5f, 0x0a, 0x0e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x55, + 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x12, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, + 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, + 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, + 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x73, + 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x12, 0x56, 0x0a, 0x0e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, + 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x12, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, + 0x6f, 0x72, 0x74, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2e, 0x76, 0x31, + 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x42, 0x56, + 0x5a, 0x54, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, + 0x76, 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, + 0x6f, 0x72, 0x74, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x2f, 0x67, 0x6f, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x75, 0x73, + 0x65, 0x72, 0x74, 0x61, 0x73, 0x6b, 0x73, 0x2f, 0x76, 0x31, 0x3b, 0x75, 0x73, 0x65, 0x72, 0x74, + 0x61, 0x73, 0x6b, 0x73, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -499,37 +583,40 @@ func file_teleport_usertasks_v1_user_tasks_service_proto_rawDescGZIP() []byte { return file_teleport_usertasks_v1_user_tasks_service_proto_rawDescData } -var file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes = make([]protoimpl.MessageInfo, 7) +var file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes = make([]protoimpl.MessageInfo, 8) var file_teleport_usertasks_v1_user_tasks_service_proto_goTypes = []interface{}{ - (*CreateUserTaskRequest)(nil), // 0: teleport.usertasks.v1.CreateUserTaskRequest - (*UpsertUserTaskRequest)(nil), // 1: teleport.usertasks.v1.UpsertUserTaskRequest - (*GetUserTaskRequest)(nil), // 2: teleport.usertasks.v1.GetUserTaskRequest - (*ListUserTasksRequest)(nil), // 3: teleport.usertasks.v1.ListUserTasksRequest - (*ListUserTasksResponse)(nil), // 4: teleport.usertasks.v1.ListUserTasksResponse - (*UpdateUserTaskRequest)(nil), // 5: teleport.usertasks.v1.UpdateUserTaskRequest - (*DeleteUserTaskRequest)(nil), // 6: teleport.usertasks.v1.DeleteUserTaskRequest - (*UserTask)(nil), // 7: teleport.usertasks.v1.UserTask - (*emptypb.Empty)(nil), // 8: google.protobuf.Empty + (*CreateUserTaskRequest)(nil), // 0: teleport.usertasks.v1.CreateUserTaskRequest + (*UpsertUserTaskRequest)(nil), // 1: teleport.usertasks.v1.UpsertUserTaskRequest + (*GetUserTaskRequest)(nil), // 2: teleport.usertasks.v1.GetUserTaskRequest + (*ListUserTasksRequest)(nil), // 3: teleport.usertasks.v1.ListUserTasksRequest + (*ListUserTasksByIntegrationRequest)(nil), // 4: teleport.usertasks.v1.ListUserTasksByIntegrationRequest + (*ListUserTasksResponse)(nil), // 5: teleport.usertasks.v1.ListUserTasksResponse + (*UpdateUserTaskRequest)(nil), // 6: teleport.usertasks.v1.UpdateUserTaskRequest + (*DeleteUserTaskRequest)(nil), // 7: teleport.usertasks.v1.DeleteUserTaskRequest + (*UserTask)(nil), // 8: teleport.usertasks.v1.UserTask + (*emptypb.Empty)(nil), // 9: google.protobuf.Empty } var file_teleport_usertasks_v1_user_tasks_service_proto_depIdxs = []int32{ - 7, // 0: teleport.usertasks.v1.CreateUserTaskRequest.user_task:type_name -> teleport.usertasks.v1.UserTask - 7, // 1: teleport.usertasks.v1.UpsertUserTaskRequest.user_task:type_name -> teleport.usertasks.v1.UserTask - 7, // 2: teleport.usertasks.v1.ListUserTasksResponse.user_tasks:type_name -> teleport.usertasks.v1.UserTask - 7, // 3: teleport.usertasks.v1.UpdateUserTaskRequest.user_task:type_name -> teleport.usertasks.v1.UserTask + 8, // 0: teleport.usertasks.v1.CreateUserTaskRequest.user_task:type_name -> teleport.usertasks.v1.UserTask + 8, // 1: teleport.usertasks.v1.UpsertUserTaskRequest.user_task:type_name -> teleport.usertasks.v1.UserTask + 8, // 2: teleport.usertasks.v1.ListUserTasksResponse.user_tasks:type_name -> teleport.usertasks.v1.UserTask + 8, // 3: teleport.usertasks.v1.UpdateUserTaskRequest.user_task:type_name -> teleport.usertasks.v1.UserTask 0, // 4: teleport.usertasks.v1.UserTaskService.CreateUserTask:input_type -> teleport.usertasks.v1.CreateUserTaskRequest 1, // 5: teleport.usertasks.v1.UserTaskService.UpsertUserTask:input_type -> teleport.usertasks.v1.UpsertUserTaskRequest 2, // 6: teleport.usertasks.v1.UserTaskService.GetUserTask:input_type -> teleport.usertasks.v1.GetUserTaskRequest 3, // 7: teleport.usertasks.v1.UserTaskService.ListUserTasks:input_type -> teleport.usertasks.v1.ListUserTasksRequest - 5, // 8: teleport.usertasks.v1.UserTaskService.UpdateUserTask:input_type -> teleport.usertasks.v1.UpdateUserTaskRequest - 6, // 9: teleport.usertasks.v1.UserTaskService.DeleteUserTask:input_type -> teleport.usertasks.v1.DeleteUserTaskRequest - 7, // 10: teleport.usertasks.v1.UserTaskService.CreateUserTask:output_type -> teleport.usertasks.v1.UserTask - 7, // 11: teleport.usertasks.v1.UserTaskService.UpsertUserTask:output_type -> teleport.usertasks.v1.UserTask - 7, // 12: teleport.usertasks.v1.UserTaskService.GetUserTask:output_type -> teleport.usertasks.v1.UserTask - 4, // 13: teleport.usertasks.v1.UserTaskService.ListUserTasks:output_type -> teleport.usertasks.v1.ListUserTasksResponse - 7, // 14: teleport.usertasks.v1.UserTaskService.UpdateUserTask:output_type -> teleport.usertasks.v1.UserTask - 8, // 15: teleport.usertasks.v1.UserTaskService.DeleteUserTask:output_type -> google.protobuf.Empty - 10, // [10:16] is the sub-list for method output_type - 4, // [4:10] is the sub-list for method input_type + 4, // 8: teleport.usertasks.v1.UserTaskService.ListUserTasksByIntegration:input_type -> teleport.usertasks.v1.ListUserTasksByIntegrationRequest + 6, // 9: teleport.usertasks.v1.UserTaskService.UpdateUserTask:input_type -> teleport.usertasks.v1.UpdateUserTaskRequest + 7, // 10: teleport.usertasks.v1.UserTaskService.DeleteUserTask:input_type -> teleport.usertasks.v1.DeleteUserTaskRequest + 8, // 11: teleport.usertasks.v1.UserTaskService.CreateUserTask:output_type -> teleport.usertasks.v1.UserTask + 8, // 12: teleport.usertasks.v1.UserTaskService.UpsertUserTask:output_type -> teleport.usertasks.v1.UserTask + 8, // 13: teleport.usertasks.v1.UserTaskService.GetUserTask:output_type -> teleport.usertasks.v1.UserTask + 5, // 14: teleport.usertasks.v1.UserTaskService.ListUserTasks:output_type -> teleport.usertasks.v1.ListUserTasksResponse + 5, // 15: teleport.usertasks.v1.UserTaskService.ListUserTasksByIntegration:output_type -> teleport.usertasks.v1.ListUserTasksResponse + 8, // 16: teleport.usertasks.v1.UserTaskService.UpdateUserTask:output_type -> teleport.usertasks.v1.UserTask + 9, // 17: teleport.usertasks.v1.UserTaskService.DeleteUserTask:output_type -> google.protobuf.Empty + 11, // [11:18] is the sub-list for method output_type + 4, // [4:11] is the sub-list for method input_type 4, // [4:4] is the sub-list for extension type_name 4, // [4:4] is the sub-list for extension extendee 0, // [0:4] is the sub-list for field type_name @@ -591,7 +678,7 @@ func file_teleport_usertasks_v1_user_tasks_service_proto_init() { } } file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ListUserTasksResponse); i { + switch v := v.(*ListUserTasksByIntegrationRequest); i { case 0: return &v.state case 1: @@ -603,7 +690,7 @@ func file_teleport_usertasks_v1_user_tasks_service_proto_init() { } } file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UpdateUserTaskRequest); i { + switch v := v.(*ListUserTasksResponse); i { case 0: return &v.state case 1: @@ -615,6 +702,18 @@ func file_teleport_usertasks_v1_user_tasks_service_proto_init() { } } file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UpdateUserTaskRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_teleport_usertasks_v1_user_tasks_service_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*DeleteUserTaskRequest); i { case 0: return &v.state @@ -633,7 +732,7 @@ func file_teleport_usertasks_v1_user_tasks_service_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_teleport_usertasks_v1_user_tasks_service_proto_rawDesc, NumEnums: 0, - NumMessages: 7, + NumMessages: 8, NumExtensions: 0, NumServices: 1, }, diff --git a/api/gen/proto/go/teleport/usertasks/v1/user_tasks_service_grpc.pb.go b/api/gen/proto/go/teleport/usertasks/v1/user_tasks_service_grpc.pb.go index 747e130ee1dc7..ad15f65b3a217 100644 --- a/api/gen/proto/go/teleport/usertasks/v1/user_tasks_service_grpc.pb.go +++ b/api/gen/proto/go/teleport/usertasks/v1/user_tasks_service_grpc.pb.go @@ -34,12 +34,13 @@ import ( const _ = grpc.SupportPackageIsVersion7 const ( - UserTaskService_CreateUserTask_FullMethodName = "/teleport.usertasks.v1.UserTaskService/CreateUserTask" - UserTaskService_UpsertUserTask_FullMethodName = "/teleport.usertasks.v1.UserTaskService/UpsertUserTask" - UserTaskService_GetUserTask_FullMethodName = "/teleport.usertasks.v1.UserTaskService/GetUserTask" - UserTaskService_ListUserTasks_FullMethodName = "/teleport.usertasks.v1.UserTaskService/ListUserTasks" - UserTaskService_UpdateUserTask_FullMethodName = "/teleport.usertasks.v1.UserTaskService/UpdateUserTask" - UserTaskService_DeleteUserTask_FullMethodName = "/teleport.usertasks.v1.UserTaskService/DeleteUserTask" + UserTaskService_CreateUserTask_FullMethodName = "/teleport.usertasks.v1.UserTaskService/CreateUserTask" + UserTaskService_UpsertUserTask_FullMethodName = "/teleport.usertasks.v1.UserTaskService/UpsertUserTask" + UserTaskService_GetUserTask_FullMethodName = "/teleport.usertasks.v1.UserTaskService/GetUserTask" + UserTaskService_ListUserTasks_FullMethodName = "/teleport.usertasks.v1.UserTaskService/ListUserTasks" + UserTaskService_ListUserTasksByIntegration_FullMethodName = "/teleport.usertasks.v1.UserTaskService/ListUserTasksByIntegration" + UserTaskService_UpdateUserTask_FullMethodName = "/teleport.usertasks.v1.UserTaskService/UpdateUserTask" + UserTaskService_DeleteUserTask_FullMethodName = "/teleport.usertasks.v1.UserTaskService/DeleteUserTask" ) // UserTaskServiceClient is the client API for UserTaskService service. @@ -54,6 +55,8 @@ type UserTaskServiceClient interface { GetUserTask(ctx context.Context, in *GetUserTaskRequest, opts ...grpc.CallOption) (*UserTask, error) // ListUserTasks returns a list of UserTasks. It supports pagination and filters. ListUserTasks(ctx context.Context, in *ListUserTasksRequest, opts ...grpc.CallOption) (*ListUserTasksResponse, error) + // ListUserTasksByIntegration returns a list of UserTasks filtered by an integration and other optional fields. It supports pagination. + ListUserTasksByIntegration(ctx context.Context, in *ListUserTasksByIntegrationRequest, opts ...grpc.CallOption) (*ListUserTasksResponse, error) // UpdateUserTask updates an existing User Task. UpdateUserTask(ctx context.Context, in *UpdateUserTaskRequest, opts ...grpc.CallOption) (*UserTask, error) // DeleteUserTask deletes a User Task. @@ -104,6 +107,15 @@ func (c *userTaskServiceClient) ListUserTasks(ctx context.Context, in *ListUserT return out, nil } +func (c *userTaskServiceClient) ListUserTasksByIntegration(ctx context.Context, in *ListUserTasksByIntegrationRequest, opts ...grpc.CallOption) (*ListUserTasksResponse, error) { + out := new(ListUserTasksResponse) + err := c.cc.Invoke(ctx, UserTaskService_ListUserTasksByIntegration_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *userTaskServiceClient) UpdateUserTask(ctx context.Context, in *UpdateUserTaskRequest, opts ...grpc.CallOption) (*UserTask, error) { out := new(UserTask) err := c.cc.Invoke(ctx, UserTaskService_UpdateUserTask_FullMethodName, in, out, opts...) @@ -134,6 +146,8 @@ type UserTaskServiceServer interface { GetUserTask(context.Context, *GetUserTaskRequest) (*UserTask, error) // ListUserTasks returns a list of UserTasks. It supports pagination and filters. ListUserTasks(context.Context, *ListUserTasksRequest) (*ListUserTasksResponse, error) + // ListUserTasksByIntegration returns a list of UserTasks filtered by an integration and other optional fields. It supports pagination. + ListUserTasksByIntegration(context.Context, *ListUserTasksByIntegrationRequest) (*ListUserTasksResponse, error) // UpdateUserTask updates an existing User Task. UpdateUserTask(context.Context, *UpdateUserTaskRequest) (*UserTask, error) // DeleteUserTask deletes a User Task. @@ -157,6 +171,9 @@ func (UnimplementedUserTaskServiceServer) GetUserTask(context.Context, *GetUserT func (UnimplementedUserTaskServiceServer) ListUserTasks(context.Context, *ListUserTasksRequest) (*ListUserTasksResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method ListUserTasks not implemented") } +func (UnimplementedUserTaskServiceServer) ListUserTasksByIntegration(context.Context, *ListUserTasksByIntegrationRequest) (*ListUserTasksResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ListUserTasksByIntegration not implemented") +} func (UnimplementedUserTaskServiceServer) UpdateUserTask(context.Context, *UpdateUserTaskRequest) (*UserTask, error) { return nil, status.Errorf(codes.Unimplemented, "method UpdateUserTask not implemented") } @@ -248,6 +265,24 @@ func _UserTaskService_ListUserTasks_Handler(srv interface{}, ctx context.Context return interceptor(ctx, in, info, handler) } +func _UserTaskService_ListUserTasksByIntegration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ListUserTasksByIntegrationRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(UserTaskServiceServer).ListUserTasksByIntegration(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: UserTaskService_ListUserTasksByIntegration_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(UserTaskServiceServer).ListUserTasksByIntegration(ctx, req.(*ListUserTasksByIntegrationRequest)) + } + return interceptor(ctx, in, info, handler) +} + func _UserTaskService_UpdateUserTask_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(UpdateUserTaskRequest) if err := dec(in); err != nil { @@ -307,6 +342,10 @@ var UserTaskService_ServiceDesc = grpc.ServiceDesc{ MethodName: "ListUserTasks", Handler: _UserTaskService_ListUserTasks_Handler, }, + { + MethodName: "ListUserTasksByIntegration", + Handler: _UserTaskService_ListUserTasksByIntegration_Handler, + }, { MethodName: "UpdateUserTask", Handler: _UserTaskService_UpdateUserTask_Handler, diff --git a/api/gen/proto/go/usageevents/v1/usageevents.pb.go b/api/gen/proto/go/usageevents/v1/usageevents.pb.go index da74998e9a003..3ac0962122ea6 100644 --- a/api/gen/proto/go/usageevents/v1/usageevents.pb.go +++ b/api/gen/proto/go/usageevents/v1/usageevents.pb.go @@ -230,6 +230,7 @@ const ( CTA_CTA_EXTERNAL_AUDIT_STORAGE CTA = 10 CTA_CTA_OKTA_USER_SYNC CTA = 11 CTA_CTA_ENTRA_ID CTA = 12 + CTA_CTA_OKTA_SCIM CTA = 13 ) var CTA_name = map[int32]string{ @@ -246,6 +247,7 @@ var CTA_name = map[int32]string{ 10: "CTA_EXTERNAL_AUDIT_STORAGE", 11: "CTA_OKTA_USER_SYNC", 12: "CTA_ENTRA_ID", + 13: "CTA_OKTA_SCIM", } var CTA_value = map[string]int32{ @@ -262,6 +264,7 @@ var CTA_value = map[string]int32{ "CTA_EXTERNAL_AUDIT_STORAGE": 10, "CTA_OKTA_USER_SYNC": 11, "CTA_ENTRA_ID": 12, + "CTA_OKTA_SCIM": 13, } func (x CTA) String() string { @@ -274,6 +277,10 @@ func (CTA) EnumDescriptor() ([]byte, []int) { // IntegrationEnrollKind represents the types of integration that // can be enrolled. +// +// Note: IntegrationEnrollKind enum must be kept in sync with the values defined +// in proto/prehog/v1alpha/teleport.proto. Values 18-25 have become out of sync +// and are manually mapped to each other. type IntegrationEnrollKind int32 const ( @@ -298,6 +305,11 @@ const ( IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_SERVICENOW IntegrationEnrollKind = 18 IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_ENTRA_ID IntegrationEnrollKind = 19 IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_DATADOG_INCIDENT_MANAGEMENT IntegrationEnrollKind = 20 + IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_MACHINE_ID_AWS IntegrationEnrollKind = 21 + IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_MACHINE_ID_GCP IntegrationEnrollKind = 22 + IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_MACHINE_ID_AZURE IntegrationEnrollKind = 23 + IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_MACHINE_ID_SPACELIFT IntegrationEnrollKind = 24 + IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_MACHINE_ID_KUBERNETES IntegrationEnrollKind = 25 ) var IntegrationEnrollKind_name = map[int32]string{ @@ -322,6 +334,11 @@ var IntegrationEnrollKind_name = map[int32]string{ 18: "INTEGRATION_ENROLL_KIND_SERVICENOW", 19: "INTEGRATION_ENROLL_KIND_ENTRA_ID", 20: "INTEGRATION_ENROLL_KIND_DATADOG_INCIDENT_MANAGEMENT", + 21: "INTEGRATION_ENROLL_KIND_MACHINE_ID_AWS", + 22: "INTEGRATION_ENROLL_KIND_MACHINE_ID_GCP", + 23: "INTEGRATION_ENROLL_KIND_MACHINE_ID_AZURE", + 24: "INTEGRATION_ENROLL_KIND_MACHINE_ID_SPACELIFT", + 25: "INTEGRATION_ENROLL_KIND_MACHINE_ID_KUBERNETES", } var IntegrationEnrollKind_value = map[string]int32{ @@ -346,6 +363,11 @@ var IntegrationEnrollKind_value = map[string]int32{ "INTEGRATION_ENROLL_KIND_SERVICENOW": 18, "INTEGRATION_ENROLL_KIND_ENTRA_ID": 19, "INTEGRATION_ENROLL_KIND_DATADOG_INCIDENT_MANAGEMENT": 20, + "INTEGRATION_ENROLL_KIND_MACHINE_ID_AWS": 21, + "INTEGRATION_ENROLL_KIND_MACHINE_ID_GCP": 22, + "INTEGRATION_ENROLL_KIND_MACHINE_ID_AZURE": 23, + "INTEGRATION_ENROLL_KIND_MACHINE_ID_SPACELIFT": 24, + "INTEGRATION_ENROLL_KIND_MACHINE_ID_KUBERNETES": 25, } func (x IntegrationEnrollKind) String() string { @@ -4416,6 +4438,99 @@ func (m *DiscoveryFetchEvent) GetResourceType() string { return "" } +// UserTaskStateEvent is emitted when a UserTask state changes. +// This can happen when the Task is created, when it's manually +// resolved by the user or when it changes back to being open +// when the issue happens again. +// +// PostHog event: tp.usertask.state +type UserTaskStateEvent struct { + // task_type is the identifier for the type of task. + // Eg, discover-ec2 + // + // PostHog property: tp.usertask.task_type + TaskType string `protobuf:"bytes,1,opt,name=task_type,json=taskType,proto3" json:"task_type,omitempty"` + // issue_type is the identifier for the type of issue that occurred. + // + // PostHog property: tp.usertask.issue_type + IssueType string `protobuf:"bytes,2,opt,name=issue_type,json=issueType,proto3" json:"issue_type,omitempty"` + // state identifies the new state for this task. + // One of: OPEN, RESOLVED + // + // PostHog property: tp.usertask.state + State string `protobuf:"bytes,3,opt,name=state,proto3" json:"state,omitempty"` + // instances_count contains the number of instances that were affected by the issue + // This field is only present for the following task_types: + // - discover-ec2 + // + // PostHog property: tp.usertask.discover_ec2.instances_count + InstancesCount int32 `protobuf:"varint,4,opt,name=instances_count,json=instancesCount,proto3" json:"instances_count,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *UserTaskStateEvent) Reset() { *m = UserTaskStateEvent{} } +func (m *UserTaskStateEvent) String() string { return proto.CompactTextString(m) } +func (*UserTaskStateEvent) ProtoMessage() {} +func (*UserTaskStateEvent) Descriptor() ([]byte, []int) { + return fileDescriptor_94cf2ca1c69fd564, []int{64} +} +func (m *UserTaskStateEvent) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *UserTaskStateEvent) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_UserTaskStateEvent.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *UserTaskStateEvent) XXX_Merge(src proto.Message) { + xxx_messageInfo_UserTaskStateEvent.Merge(m, src) +} +func (m *UserTaskStateEvent) XXX_Size() int { + return m.Size() +} +func (m *UserTaskStateEvent) XXX_DiscardUnknown() { + xxx_messageInfo_UserTaskStateEvent.DiscardUnknown(m) +} + +var xxx_messageInfo_UserTaskStateEvent proto.InternalMessageInfo + +func (m *UserTaskStateEvent) GetTaskType() string { + if m != nil { + return m.TaskType + } + return "" +} + +func (m *UserTaskStateEvent) GetIssueType() string { + if m != nil { + return m.IssueType + } + return "" +} + +func (m *UserTaskStateEvent) GetState() string { + if m != nil { + return m.State + } + return "" +} + +func (m *UserTaskStateEvent) GetInstancesCount() int32 { + if m != nil { + return m.InstancesCount + } + return 0 +} + // UsageEventOneOf is a message that can accept a oneof of any supported // external usage event. type UsageEventOneOf struct { @@ -4479,6 +4594,7 @@ type UsageEventOneOf struct { // *UsageEventOneOf_UiDiscoverCreateAppServerEvent // *UsageEventOneOf_AccessGraphAwsScanEvent // *UsageEventOneOf_UiAccessGraphCrownJewelDiffView + // *UsageEventOneOf_UserTaskStateEvent Event isUsageEventOneOf_Event `protobuf_oneof:"event"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` @@ -4489,7 +4605,7 @@ func (m *UsageEventOneOf) Reset() { *m = UsageEventOneOf{} } func (m *UsageEventOneOf) String() string { return proto.CompactTextString(m) } func (*UsageEventOneOf) ProtoMessage() {} func (*UsageEventOneOf) Descriptor() ([]byte, []int) { - return fileDescriptor_94cf2ca1c69fd564, []int{64} + return fileDescriptor_94cf2ca1c69fd564, []int{65} } func (m *UsageEventOneOf) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4698,6 +4814,9 @@ type UsageEventOneOf_AccessGraphAwsScanEvent struct { type UsageEventOneOf_UiAccessGraphCrownJewelDiffView struct { UiAccessGraphCrownJewelDiffView *UIAccessGraphCrownJewelDiffViewEvent `protobuf:"bytes,59,opt,name=ui_access_graph_crown_jewel_diff_view,json=uiAccessGraphCrownJewelDiffView,proto3,oneof" json:"ui_access_graph_crown_jewel_diff_view,omitempty"` } +type UsageEventOneOf_UserTaskStateEvent struct { + UserTaskStateEvent *UserTaskStateEvent `protobuf:"bytes,60,opt,name=user_task_state_event,json=userTaskStateEvent,proto3,oneof" json:"user_task_state_event,omitempty"` +} func (*UsageEventOneOf_UiBannerClick) isUsageEventOneOf_Event() {} func (*UsageEventOneOf_UiOnboardCompleteGoToDashboardClick) isUsageEventOneOf_Event() {} @@ -4757,6 +4876,7 @@ func (*UsageEventOneOf_UiDiscoverKubeEksEnrollEvent) isUsageEventOneOf_Event() func (*UsageEventOneOf_UiDiscoverCreateAppServerEvent) isUsageEventOneOf_Event() {} func (*UsageEventOneOf_AccessGraphAwsScanEvent) isUsageEventOneOf_Event() {} func (*UsageEventOneOf_UiAccessGraphCrownJewelDiffView) isUsageEventOneOf_Event() {} +func (*UsageEventOneOf_UserTaskStateEvent) isUsageEventOneOf_Event() {} func (m *UsageEventOneOf) GetEvent() isUsageEventOneOf_Event { if m != nil { @@ -5171,6 +5291,13 @@ func (m *UsageEventOneOf) GetUiAccessGraphCrownJewelDiffView() *UIAccessGraphCro return nil } +func (m *UsageEventOneOf) GetUserTaskStateEvent() *UserTaskStateEvent { + if x, ok := m.GetEvent().(*UsageEventOneOf_UserTaskStateEvent); ok { + return x.UserTaskStateEvent + } + return nil +} + // XXX_OneofWrappers is for the internal use of the proto package. func (*UsageEventOneOf) XXX_OneofWrappers() []interface{} { return []interface{}{ @@ -5232,6 +5359,7 @@ func (*UsageEventOneOf) XXX_OneofWrappers() []interface{} { (*UsageEventOneOf_UiDiscoverCreateAppServerEvent)(nil), (*UsageEventOneOf_AccessGraphAwsScanEvent)(nil), (*UsageEventOneOf_UiAccessGraphCrownJewelDiffView)(nil), + (*UsageEventOneOf_UserTaskStateEvent)(nil), } } @@ -5309,6 +5437,7 @@ func init() { proto.RegisterType((*UIAccessGraphCrownJewelDiffViewEvent)(nil), "teleport.usageevents.v1.UIAccessGraphCrownJewelDiffViewEvent") proto.RegisterType((*SecurityReportGetResultEvent)(nil), "teleport.usageevents.v1.SecurityReportGetResultEvent") proto.RegisterType((*DiscoveryFetchEvent)(nil), "teleport.usageevents.v1.DiscoveryFetchEvent") + proto.RegisterType((*UserTaskStateEvent)(nil), "teleport.usageevents.v1.UserTaskStateEvent") proto.RegisterType((*UsageEventOneOf)(nil), "teleport.usageevents.v1.UsageEventOneOf") } @@ -5317,333 +5446,342 @@ func init() { } var fileDescriptor_94cf2ca1c69fd564 = []byte{ - // 5206 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe4, 0x5c, 0x5d, 0x6c, 0xdb, 0x4a, - 0x76, 0x16, 0x6d, 0x27, 0x71, 0x26, 0x8e, 0xc3, 0x30, 0x89, 0x2d, 0xc7, 0x71, 0x7e, 0x94, 0x7f, - 0xdf, 0xbb, 0xf6, 0x8d, 0x93, 0xdd, 0x9b, 0xbb, 0x77, 0xdb, 0x5b, 0x9a, 0xa2, 0x25, 0xc6, 0x92, - 0xa8, 0x3b, 0xa4, 0x92, 0xf5, 0x5d, 0x2c, 0x06, 0x34, 0x39, 0x76, 0xd8, 0x48, 0xa2, 0x96, 0xa4, - 0xec, 0xeb, 0x16, 0xc5, 0x6e, 0xff, 0x16, 0x45, 0x77, 0xb7, 0x3f, 0x40, 0xb1, 0x28, 0xb0, 0x40, - 0xd1, 0xa2, 0x3f, 0xe8, 0x43, 0x81, 0x3e, 0x15, 0xfb, 0xda, 0x7d, 0xeb, 0x63, 0x81, 0x3e, 0xf6, - 0xa5, 0xb8, 0x4f, 0x7d, 0xeb, 0x53, 0x8b, 0xfe, 0xa2, 0xc5, 0xfc, 0x50, 0xa4, 0x24, 0x4a, 0xe4, - 0xbd, 0xcd, 0x62, 0x81, 0xe4, 0x4d, 0x9a, 0x39, 0x67, 0xce, 0x37, 0x67, 0xce, 0x9c, 0x39, 0x33, - 0xe7, 0x48, 0xe0, 0x61, 0x88, 0xdb, 0xb8, 0xe7, 0xf9, 0xe1, 0x66, 0x3f, 0xb0, 0x0e, 0x31, 0x3e, - 0xc2, 0xdd, 0x30, 0xd8, 0x3c, 0x7a, 0x94, 0xfc, 0xba, 0xd1, 0xf3, 0xbd, 0xd0, 0x93, 0x96, 0x23, - 0xd2, 0x8d, 0x64, 0xdf, 0xd1, 0xa3, 0xd2, 0x3a, 0x90, 0x5a, 0xda, 0xb6, 0xd5, 0xed, 0x62, 0x5f, - 0x69, 0xbb, 0xf6, 0x2b, 0x95, 0xf4, 0x48, 0x97, 0xc1, 0x29, 0xab, 0x8d, 0xfd, 0xb0, 0x28, 0xdc, - 0x14, 0x1e, 0x9c, 0x85, 0xec, 0x4b, 0x69, 0x07, 0x3c, 0x68, 0x69, 0x7a, 0x77, 0xdf, 0xb3, 0x7c, - 0x47, 0xf1, 0x3a, 0xbd, 0x36, 0x0e, 0x71, 0xc5, 0x33, 0xbd, 0xb2, 0x15, 0xbc, 0x64, 0x8d, 0xf1, - 0x08, 0x57, 0xc1, 0x7c, 0x3f, 0xc0, 0x7e, 0xd7, 0xea, 0x60, 0x3e, 0xc8, 0xe0, 0x7b, 0xe9, 0x2e, - 0xb8, 0x3d, 0x18, 0x47, 0x76, 0x9c, 0x1d, 0xd7, 0x0f, 0x42, 0x88, 0x03, 0xaf, 0xef, 0xdb, 0x38, - 0x1e, 0xa2, 0xb4, 0x9e, 0x10, 0x37, 0x4a, 0x56, 0xb3, 0xc2, 0x24, 0xe0, 0xd2, 0x47, 0xe0, 0xd6, - 0x80, 0xd6, 0xc0, 0xa1, 0xe2, 0x63, 0x07, 0x77, 0x43, 0xd7, 0x6a, 0x1b, 0xfd, 0xfd, 0x8e, 0x1b, - 0x66, 0x63, 0x4a, 0x0e, 0xf0, 0x71, 0x1f, 0x07, 0xa1, 0xeb, 0x75, 0xbb, 0x96, 0xeb, 0xe3, 0xbc, - 0x03, 0xfc, 0x0a, 0xb8, 0x3b, 0x18, 0x00, 0xe2, 0x43, 0x37, 0x20, 0x00, 0x5f, 0x5a, 0xed, 0x36, - 0xee, 0x1e, 0xe6, 0x1d, 0x44, 0x5a, 0x01, 0xf3, 0x9d, 0x03, 0x0b, 0x85, 0x27, 0x3d, 0x5c, 0x9c, - 0xa1, 0x7d, 0x67, 0x3a, 0x07, 0x96, 0x79, 0xd2, 0xc3, 0xd2, 0x1a, 0x00, 0x6d, 0xef, 0xd0, 0xed, - 0xa2, 0x83, 0xb6, 0x77, 0x5c, 0x9c, 0xa5, 0x9d, 0x67, 0x69, 0xcb, 0x4e, 0xdb, 0x3b, 0x66, 0xf8, - 0x21, 0xb6, 0xbd, 0x23, 0xec, 0x9f, 0x28, 0x9e, 0x83, 0x03, 0xc5, 0xeb, 0x86, 0x6e, 0xb7, 0x8f, - 0x73, 0x2e, 0xca, 0x87, 0x60, 0x6d, 0x6c, 0x80, 0xde, 0x49, 0x4e, 0xe6, 0xaf, 0x81, 0xeb, 0x23, - 0xcc, 0x4d, 0xdf, 0xed, 0x86, 0x39, 0xb9, 0x4b, 0x40, 0x2c, 0xbb, 0x01, 0x65, 0xae, 0xe3, 0xd0, - 0x72, 0xac, 0xd0, 0x92, 0x16, 0xc1, 0x8c, 0xeb, 0x70, 0xca, 0x19, 0xd7, 0x29, 0x59, 0xa0, 0x18, - 0xd1, 0x44, 0x36, 0x30, 0xa0, 0x55, 0xc1, 0xbc, 0xcf, 0xdb, 0x28, 0xc7, 0xe2, 0xd6, 0xc3, 0x8d, - 0x09, 0xf6, 0xbe, 0x31, 0x3a, 0x08, 0x1c, 0xb0, 0x96, 0x5e, 0x01, 0x29, 0xea, 0x35, 0x42, 0xdc, - 0x33, 0x42, 0x2b, 0xec, 0x07, 0xd2, 0x47, 0xe0, 0x74, 0x40, 0x3f, 0xf1, 0xa1, 0xef, 0x67, 0x0e, - 0xcd, 0x18, 0x21, 0x67, 0x23, 0x7b, 0x09, 0xfb, 0xbe, 0xe7, 0xf3, 0x05, 0x65, 0x5f, 0x4a, 0x7f, - 0x26, 0x80, 0xa5, 0x96, 0x96, 0x60, 0xf1, 0x43, 0xec, 0x30, 0x55, 0xa9, 0x60, 0xbe, 0xc3, 0xa7, - 0x46, 0x65, 0x9e, 0xcb, 0x31, 0x9d, 0x48, 0x17, 0x70, 0xc0, 0x2a, 0x29, 0x03, 0xe0, 0x33, 0x74, - 0x90, 0x77, 0x72, 0x00, 0x8f, 0x66, 0x1d, 0x81, 0x2f, 0xfd, 0x8f, 0x00, 0x6e, 0xc6, 0x30, 0x23, - 0xa5, 0x19, 0xb8, 0x8d, 0x6d, 0xb2, 0x43, 0x5e, 0x2b, 0xe0, 0x7a, 0x62, 0x19, 0x19, 0xe4, 0x47, - 0xb9, 0x97, 0x31, 0x1e, 0x2e, 0x1a, 0x22, 0x31, 0xff, 0xd9, 0x2f, 0x3e, 0xff, 0xdf, 0x9c, 0x21, - 0x4e, 0x28, 0x22, 0xd0, 0xba, 0x21, 0x3e, 0xf4, 0x2d, 0x32, 0x73, 0xf9, 0x85, 0xa1, 0x6b, 0x65, - 0x45, 0xf1, 0xba, 0x5d, 0x6c, 0x87, 0x6f, 0xbc, 0x1e, 0x7e, 0x3c, 0x93, 0xb4, 0x83, 0xb2, 0x15, - 0x5a, 0xfb, 0x56, 0x80, 0x61, 0xd9, 0x50, 0xbb, 0xbe, 0xd7, 0x6e, 0xbf, 0xe9, 0xf3, 0x97, 0x9e, - 0x82, 0x62, 0x40, 0x8d, 0x1e, 0x3b, 0x28, 0x1a, 0x39, 0x40, 0xb6, 0xd7, 0xef, 0x86, 0xc5, 0xb9, - 0x9b, 0xc2, 0x83, 0x59, 0xb8, 0x14, 0xf5, 0x47, 0x50, 0x02, 0x85, 0xf4, 0x96, 0xfe, 0x43, 0x00, - 0xd7, 0x62, 0xcd, 0xed, 0xf6, 0xf7, 0xb1, 0xba, 0xfb, 0x96, 0x68, 0xad, 0xf4, 0x0c, 0x14, 0x5b, - 0x9a, 0x62, 0xb5, 0xdb, 0xa6, 0x27, 0x53, 0x7f, 0x91, 0x38, 0x10, 0x36, 0xc0, 0xac, 0xcd, 0x67, - 0xbc, 0xb8, 0x75, 0x6d, 0xe2, 0xe8, 0x8a, 0x29, 0x43, 0x42, 0x58, 0xfa, 0xc1, 0xa9, 0xa4, 0x1e, - 0xcb, 0xb8, 0xd7, 0xf6, 0x4e, 0x0c, 0xec, 0x1f, 0xb9, 0x36, 0x7e, 0xe3, 0xad, 0xef, 0x10, 0x9c, - 0x77, 0xe8, 0x84, 0x51, 0x07, 0x87, 0x2f, 0x3d, 0x87, 0x9a, 0xdc, 0xe2, 0xd6, 0xf6, 0xc4, 0xb1, - 0xa6, 0x29, 0x6a, 0x83, 0x35, 0xd5, 0xe9, 0x48, 0x70, 0xc1, 0x49, 0x7c, 0x93, 0x2c, 0x70, 0x8e, - 0x0b, 0xa2, 0x21, 0xc8, 0x29, 0x2a, 0xe6, 0x17, 0xfe, 0x3f, 0x62, 0x48, 0xec, 0x02, 0x81, 0x33, - 0xf8, 0x5c, 0x42, 0x60, 0x21, 0x09, 0x40, 0x5a, 0x03, 0x2b, 0x65, 0xb5, 0x59, 0xd3, 0xf7, 0x50, - 0x5d, 0x35, 0xab, 0x7a, 0x19, 0xb5, 0x1a, 0x46, 0x53, 0x55, 0xb4, 0x1d, 0x4d, 0x2d, 0x8b, 0x05, - 0x69, 0x09, 0x48, 0xc3, 0xdd, 0x72, 0xcb, 0xd4, 0x45, 0x41, 0x2a, 0x82, 0xcb, 0xc3, 0xed, 0x75, - 0xb9, 0xd1, 0x92, 0x6b, 0xe2, 0x4c, 0x09, 0x03, 0x10, 0x8b, 0x96, 0x56, 0xc1, 0x32, 0xa7, 0x33, - 0xf7, 0x9a, 0xea, 0xc8, 0xe0, 0xd7, 0xc1, 0xd5, 0x64, 0xa7, 0xd6, 0x30, 0x4c, 0xb9, 0x56, 0x43, - 0x86, 0x02, 0xb5, 0xa6, 0x29, 0x0a, 0xd2, 0x55, 0xb0, 0x94, 0xec, 0x97, 0xeb, 0xf2, 0x27, 0x7a, - 0x03, 0xa9, 0x8a, 0x21, 0xce, 0x94, 0x7e, 0x34, 0x07, 0xee, 0xc4, 0xf3, 0x57, 0x7c, 0x6c, 0x85, - 0x38, 0xfa, 0x76, 0xa2, 0x78, 0xdd, 0x03, 0xf7, 0xf0, 0x8d, 0xb7, 0x4b, 0x0f, 0x9c, 0xb7, 0xe9, - 0x4c, 0x87, 0xed, 0xf2, 0x59, 0x0e, 0x83, 0x99, 0xac, 0xb0, 0x0d, 0xf6, 0x39, 0xb2, 0x4f, 0x3b, - 0xf1, 0xad, 0xf4, 0x17, 0x02, 0x58, 0x48, 0x76, 0x13, 0xeb, 0x51, 0xf4, 0xc6, 0x8e, 0x56, 0x49, - 0xb7, 0x9e, 0xb1, 0x6e, 0xf9, 0x85, 0x81, 0x54, 0x65, 0x0b, 0x19, 0x46, 0x5d, 0x14, 0xc8, 0xfa, - 0xa7, 0x77, 0xab, 0x9a, 0xa2, 0x8a, 0x33, 0xe9, 0xec, 0xb0, 0x6c, 0x50, 0x13, 0x98, 0x95, 0x56, - 0xc0, 0x95, 0x14, 0xf6, 0x5d, 0x43, 0x9c, 0x2b, 0xfd, 0xb7, 0x00, 0x6e, 0xa4, 0x9c, 0x97, 0xfc, - 0x5e, 0xf0, 0xc6, 0x3b, 0xfe, 0x5f, 0x9d, 0x49, 0x6e, 0x8e, 0x68, 0xfa, 0x6c, 0xe5, 0xfa, 0x3e, - 0xae, 0x9b, 0x35, 0xe3, 0x8d, 0xd7, 0xc1, 0xef, 0xcc, 0x80, 0x47, 0x49, 0x07, 0x19, 0xbc, 0x0a, - 0xbd, 0x1e, 0x39, 0x06, 0x8f, 0x70, 0xd9, 0xf5, 0xb1, 0x1d, 0x7a, 0xfe, 0x89, 0xe9, 0x79, 0xed, - 0x40, 0xeb, 0x06, 0xa1, 0xf5, 0x16, 0x44, 0x03, 0xdf, 0x9b, 0x01, 0x1b, 0x59, 0x0a, 0x19, 0x98, - 0xc8, 0x1b, 0xaf, 0x8d, 0xbf, 0x9a, 0x01, 0xf7, 0x62, 0x6d, 0xc8, 0xfd, 0xd0, 0x8b, 0x3e, 0x27, - 0x42, 0xc8, 0x37, 0xfe, 0x04, 0xb9, 0x0f, 0x2e, 0xa4, 0x87, 0xd3, 0x8b, 0xfe, 0x70, 0x18, 0xfd, - 0x9d, 0x19, 0x70, 0x3b, 0x56, 0x97, 0xaa, 0x6c, 0xd1, 0x5d, 0xd3, 0x7d, 0x9b, 0xee, 0xa2, 0xff, - 0x26, 0x80, 0x95, 0xd1, 0x88, 0x8b, 0x1c, 0x54, 0x6f, 0xd9, 0xc4, 0x59, 0xe4, 0xd0, 0xf0, 0x9c, - 0x37, 0xdf, 0x47, 0xfc, 0x97, 0x00, 0xae, 0x8f, 0x4e, 0x5c, 0xee, 0xf5, 0x48, 0x98, 0xfd, 0x16, - 0x04, 0x11, 0xdf, 0x9d, 0x01, 0x0f, 0xa7, 0x04, 0x11, 0x9a, 0x5c, 0x6f, 0x7a, 0x6d, 0xd7, 0x3e, - 0x79, 0xe3, 0x15, 0xf1, 0xbf, 0x02, 0x28, 0xc5, 0x8a, 0x68, 0xfa, 0x6e, 0xd7, 0x76, 0x7b, 0x56, - 0x3b, 0x78, 0x7b, 0x0e, 0xcb, 0xff, 0x14, 0xc0, 0x5a, 0xac, 0x01, 0x13, 0x07, 0x21, 0x7f, 0x78, - 0x7b, 0x1b, 0xfc, 0xfe, 0xbf, 0x0a, 0xa0, 0x98, 0xf0, 0x02, 0x3c, 0xf1, 0xe2, 0xbc, 0xf1, 0xf3, - 0x5e, 0x25, 0x5e, 0x9f, 0x7b, 0x7b, 0x7c, 0x0c, 0xbd, 0x76, 0x32, 0x39, 0x74, 0x83, 0x18, 0xc4, - 0x50, 0xa7, 0x61, 0x1d, 0x25, 0x09, 0x6e, 0x91, 0x0b, 0xd8, 0x30, 0x37, 0x09, 0x17, 0xda, 0x09, - 0x92, 0x77, 0xc1, 0xfa, 0x08, 0xc9, 0x73, 0x17, 0x1f, 0x97, 0x3d, 0xbb, 0xdf, 0xc1, 0xdd, 0xd0, - 0x1a, 0x7e, 0xb0, 0x2a, 0xfd, 0x8d, 0x00, 0xae, 0xc8, 0x41, 0xe0, 0x12, 0xdb, 0xa3, 0x4b, 0x30, - 0xb0, 0xbd, 0xfb, 0xe0, 0x82, 0xed, 0x75, 0x8f, 0xb0, 0x1f, 0x50, 0x1e, 0x34, 0x48, 0x5c, 0x2c, - 0x26, 0x9b, 0x35, 0x47, 0xba, 0x05, 0x16, 0x42, 0x2f, 0xb4, 0xda, 0x28, 0xf4, 0x5e, 0xe1, 0x2e, - 0x7b, 0x98, 0x9f, 0x85, 0xe7, 0x68, 0x9b, 0x49, 0x9b, 0xa4, 0xdb, 0xe0, 0x7c, 0xcf, 0xf7, 0x3a, - 0xbd, 0x30, 0xa2, 0x99, 0xa5, 0x34, 0x0b, 0xac, 0x91, 0x13, 0xbd, 0x03, 0x2e, 0xda, 0x03, 0x0c, - 0x11, 0x21, 0x8b, 0x9b, 0xc4, 0xb8, 0x83, 0x11, 0x97, 0xfe, 0x41, 0x00, 0x97, 0x19, 0x6e, 0xf5, - 0x53, 0x6c, 0xf7, 0xbf, 0x00, 0xec, 0x35, 0x00, 0xba, 0x9e, 0x83, 0x79, 0x7c, 0xc6, 0x40, 0x9f, - 0x25, 0x2d, 0x34, 0x34, 0x1b, 0x9b, 0xd5, 0x6c, 0x8e, 0x59, 0xcd, 0xe5, 0x9d, 0xd5, 0xa9, 0x09, - 0xb3, 0x7a, 0x0a, 0xae, 0xb2, 0x49, 0x35, 0xf0, 0xb1, 0x92, 0x80, 0x3b, 0xc8, 0x36, 0xd9, 0x56, - 0x88, 0x0f, 0x3d, 0xff, 0x24, 0xca, 0x36, 0x45, 0xdf, 0x4b, 0x7f, 0x2d, 0x80, 0x4b, 0x8c, 0x55, - 0xb6, 0x6d, 0x1c, 0x04, 0x10, 0x7f, 0xab, 0x8f, 0x83, 0x90, 0x60, 0x8c, 0xec, 0x97, 0xbd, 0x7e, - 0x31, 0xc6, 0x85, 0xa8, 0x91, 0x3e, 0x27, 0xfd, 0x4c, 0x56, 0xf0, 0x47, 0x02, 0x58, 0x88, 0x10, - 0x93, 0x66, 0x69, 0x09, 0x9c, 0xb6, 0xe8, 0x27, 0x8e, 0x91, 0x7f, 0xfb, 0xd9, 0xa0, 0xbb, 0x03, - 0x24, 0xa6, 0xc8, 0x9a, 0x1b, 0x84, 0x13, 0xf3, 0x77, 0xdf, 0x00, 0x62, 0x4c, 0xc5, 0xf6, 0x9c, - 0x54, 0x19, 0xf3, 0x5d, 0x93, 0xfd, 0xc4, 0xb8, 0x88, 0xd8, 0x7b, 0x0d, 0x0f, 0xde, 0xea, 0x39, - 0x3f, 0xbd, 0xc1, 0xcb, 0x98, 0xf8, 0xde, 0xd7, 0x37, 0xb8, 0x05, 0x96, 0x92, 0xfd, 0x9d, 0xfd, - 0x28, 0xcc, 0xfb, 0xa9, 0x8a, 0x78, 0xdd, 0x2a, 0x4a, 0x11, 0xf1, 0xba, 0x15, 0xf5, 0x4b, 0x49, - 0x11, 0x15, 0xdf, 0xea, 0x86, 0x81, 0xe9, 0xb5, 0x02, 0xec, 0x4b, 0x1b, 0xe0, 0x12, 0x75, 0x4c, - 0xc8, 0xf7, 0xda, 0x38, 0x40, 0x87, 0xa4, 0x0f, 0x33, 0xd3, 0x3b, 0x05, 0x2f, 0xd2, 0x2e, 0xe2, - 0xda, 0x83, 0x0a, 0xeb, 0x90, 0xde, 0x03, 0x97, 0x19, 0x7d, 0xe8, 0x5b, 0x6e, 0x18, 0x33, 0xcc, - 0x50, 0x06, 0x89, 0xf6, 0x99, 0xb4, 0x8b, 0x73, 0x94, 0x7e, 0x38, 0x9b, 0x14, 0x0e, 0xf1, 0x91, - 0x8b, 0x8f, 0x5f, 0xf3, 0x2a, 0x49, 0x4f, 0xc1, 0x8a, 0x63, 0x9d, 0x04, 0xa8, 0x67, 0x05, 0x21, - 0xea, 0xe2, 0x4f, 0x43, 0x64, 0xf5, 0x1d, 0x37, 0x44, 0x64, 0xa1, 0x38, 0xb4, 0x2b, 0x84, 0xa0, - 0x69, 0x11, 0x97, 0xf7, 0x69, 0x28, 0x93, 0xde, 0x32, 0x81, 0xb0, 0x03, 0x6e, 0x74, 0xa8, 0xca, - 0x83, 0x97, 0x6e, 0x0f, 0xf9, 0xf8, 0x5b, 0x7d, 0xd7, 0xc7, 0xe4, 0x00, 0x0b, 0x90, 0xfd, 0xd2, - 0xea, 0x1e, 0x62, 0x87, 0xee, 0xf1, 0x79, 0xb8, 0x16, 0x93, 0xc1, 0x04, 0x95, 0xc2, 0x88, 0xa4, - 0xa7, 0xa0, 0xe8, 0xd3, 0xa9, 0xa1, 0x03, 0x32, 0x08, 0xee, 0xda, 0x27, 0x83, 0x01, 0xe6, 0xe8, - 0x00, 0x4b, 0xac, 0x7f, 0x27, 0xea, 0x8e, 0x38, 0xbf, 0x06, 0x56, 0x39, 0xa7, 0x63, 0x9d, 0x20, - 0xef, 0x00, 0x75, 0xbc, 0x6e, 0xf8, 0x72, 0xc0, 0x7c, 0x8a, 0x32, 0x2f, 0x33, 0x92, 0xb2, 0x75, - 0xa2, 0x1f, 0xd4, 0x49, 0x7f, 0xc4, 0xfd, 0x01, 0x58, 0xe9, 0xf6, 0x09, 0x30, 0xc2, 0xe9, 0xe3, - 0x8e, 0x77, 0x84, 0x1d, 0xc4, 0xa1, 0x16, 0x4f, 0xd3, 0x99, 0x2f, 0x31, 0x02, 0xfd, 0x00, 0xb2, - 0x6e, 0x66, 0x62, 0x41, 0xe9, 0x0f, 0x84, 0xf1, 0x85, 0x79, 0xcd, 0x86, 0x27, 0x3d, 0x02, 0x57, - 0x2c, 0xda, 0x8f, 0xda, 0x6e, 0x10, 0x22, 0x3e, 0x51, 0xd7, 0xe1, 0xe9, 0x7c, 0xc9, 0x1a, 0x91, - 0xaf, 0x39, 0xa5, 0xef, 0x0b, 0x60, 0x25, 0x91, 0x2a, 0x66, 0xc9, 0xbe, 0x49, 0x9e, 0x51, 0xda, - 0x06, 0x73, 0xaf, 0xdc, 0x2e, 0x1b, 0x6f, 0x71, 0x6b, 0x63, 0x22, 0xca, 0xb1, 0x11, 0x77, 0xdd, - 0xae, 0x03, 0x29, 0xaf, 0xb4, 0x0a, 0xce, 0xf6, 0x03, 0xec, 0x23, 0x5a, 0x5e, 0x31, 0x1b, 0x97, - 0x57, 0x34, 0xac, 0x0e, 0x2e, 0x79, 0x24, 0x54, 0x1a, 0xe3, 0xa6, 0x25, 0x07, 0xec, 0xb4, 0x6c, - 0x8c, 0xe9, 0x6a, 0x2b, 0x3f, 0x8a, 0x94, 0xbd, 0xea, 0x83, 0x9b, 0x29, 0x02, 0xa3, 0xc0, 0xf5, - 0xa7, 0x23, 0xf3, 0x1f, 0x05, 0x70, 0x69, 0x50, 0x43, 0x44, 0xf7, 0x26, 0x93, 0x93, 0xeb, 0x54, - 0x4f, 0xbc, 0x42, 0x21, 0xcf, 0x77, 0x0f, 0xdd, 0x2e, 0x5f, 0xdd, 0xc1, 0x2b, 0x94, 0x4e, 0x5b, - 0xa5, 0xbb, 0x60, 0xd1, 0x6e, 0x7b, 0x7d, 0x07, 0xf5, 0x7c, 0xef, 0xc8, 0x75, 0xb0, 0xcf, 0x95, - 0x7d, 0x9e, 0xb6, 0x36, 0x79, 0xa3, 0xa4, 0x83, 0x79, 0x87, 0x5f, 0x57, 0xe9, 0xd6, 0x39, 0xb7, - 0xf5, 0x38, 0x33, 0x00, 0xc6, 0x4e, 0x74, 0xc3, 0x8d, 0x67, 0x17, 0x0d, 0x52, 0x7a, 0x0e, 0xae, - 0x4e, 0xa6, 0x93, 0x96, 0xc1, 0x19, 0x67, 0x3f, 0x39, 0xbb, 0xd3, 0xce, 0x3e, 0x9d, 0xd7, 0x0d, - 0x70, 0xce, 0xd9, 0x47, 0xb4, 0x02, 0xcc, 0xf6, 0xda, 0x7c, 0x4e, 0xc0, 0xd9, 0x6f, 0xf2, 0x96, - 0xd2, 0xbf, 0x08, 0xe0, 0xea, 0x0e, 0xb6, 0xc2, 0xbe, 0x8f, 0x21, 0xb6, 0xbd, 0x4e, 0x07, 0x77, - 0x9d, 0x44, 0x18, 0x35, 0x64, 0x56, 0xc2, 0xb0, 0x59, 0x49, 0x5f, 0x05, 0x67, 0x0e, 0x18, 0x2b, - 0x37, 0xdd, 0x9b, 0x13, 0xe7, 0x18, 0x89, 0x88, 0x18, 0xa4, 0x4f, 0xc1, 0x1a, 0xff, 0x88, 0xfc, - 0x21, 0xb9, 0x28, 0x71, 0x6d, 0x58, 0xdc, 0x7a, 0x92, 0x39, 0xe2, 0x10, 0x33, 0xbf, 0x3f, 0xac, - 0x1e, 0x4c, 0xee, 0x2c, 0x1d, 0x83, 0xcb, 0xa6, 0x5c, 0x61, 0x91, 0x30, 0xfe, 0xb8, 0x8f, 0x7d, - 0xfe, 0x7c, 0x70, 0x03, 0xb0, 0x30, 0x09, 0x91, 0xb8, 0x96, 0xd5, 0xfa, 0xcc, 0x42, 0x40, 0x9b, - 0x1a, 0xa4, 0x25, 0x26, 0xc0, 0xce, 0x21, 0x8e, 0x42, 0x2b, 0x46, 0xa0, 0x92, 0x16, 0x12, 0x25, - 0xbb, 0x01, 0x0a, 0xfa, 0xd4, 0x1f, 0x70, 0x97, 0x7b, 0xd6, 0x0d, 0x0c, 0xd6, 0x50, 0xfa, 0xe7, - 0x59, 0xb0, 0xcc, 0x1c, 0x4d, 0xc5, 0xb7, 0x7a, 0x2f, 0xe5, 0x17, 0x86, 0x61, 0x5b, 0xdd, 0x28, - 0x17, 0x7e, 0x89, 0x8f, 0x6d, 0x6f, 0x21, 0x97, 0x3f, 0x6c, 0x32, 0x10, 0x73, 0xf0, 0x22, 0x93, - 0x61, 0x0f, 0x5e, 0x3c, 0x13, 0x58, 0xc8, 0x62, 0x30, 0x2c, 0x73, 0x1c, 0x0b, 0x39, 0x12, 0x83, - 0x38, 0x10, 0x3c, 0xf4, 0xbd, 0x7e, 0x8f, 0xa1, 0x99, 0xe3, 0x81, 0x60, 0x85, 0x36, 0xc5, 0x63, - 0xd0, 0x63, 0x93, 0x9a, 0x69, 0x34, 0x06, 0x3d, 0x2e, 0x89, 0xad, 0x33, 0x82, 0x9e, 0xd7, 0x76, - 0x6d, 0x17, 0xb3, 0x58, 0x7c, 0x0e, 0x9e, 0xa7, 0xad, 0x4d, 0xde, 0x28, 0xbd, 0x0b, 0x24, 0x8e, - 0xfd, 0x55, 0x80, 0xec, 0x76, 0x3f, 0x08, 0x23, 0xbf, 0x3d, 0x07, 0x45, 0x06, 0xfd, 0x55, 0xa0, - 0xf0, 0xf6, 0x78, 0xa6, 0xbe, 0x13, 0x24, 0x66, 0x7a, 0x26, 0x31, 0x53, 0xe8, 0x04, 0xf1, 0x4c, - 0x1f, 0x00, 0x36, 0x06, 0x0a, 0x1e, 0xa3, 0xfd, 0xbe, 0xfd, 0x0a, 0x87, 0x41, 0x71, 0x9e, 0x12, - 0x33, 0x70, 0xc6, 0xe3, 0x6d, 0xd6, 0x4a, 0x8e, 0x75, 0x4e, 0x69, 0x75, 0xda, 0x83, 0xfd, 0x19, - 0x14, 0xcf, 0x52, 0x6a, 0x86, 0xd1, 0xb0, 0x3a, 0xed, 0x68, 0x93, 0x26, 0x38, 0x3c, 0xd7, 0xb1, - 0x13, 0x1c, 0x20, 0xc1, 0xa1, 0xbb, 0x8e, 0x1d, 0x73, 0x0c, 0x54, 0x62, 0xd9, 0x34, 0x4c, 0x08, - 0x8a, 0xe7, 0x12, 0x2a, 0x91, 0x79, 0x63, 0xe9, 0x87, 0x02, 0xb8, 0xd3, 0xd2, 0x12, 0x8b, 0xad, - 0xf8, 0xde, 0x71, 0xf7, 0x19, 0x3e, 0xc6, 0xed, 0xb2, 0x7b, 0x70, 0x40, 0x2e, 0x99, 0x6c, 0xdd, - 0x9f, 0x82, 0xa2, 0x75, 0x70, 0x30, 0x5c, 0x55, 0x82, 0x12, 0x85, 0x6c, 0x67, 0xe1, 0x52, 0xd4, - 0x3f, 0x28, 0xbd, 0x62, 0x17, 0xec, 0x27, 0x60, 0x69, 0x9c, 0x33, 0x51, 0x36, 0x78, 0x79, 0x94, - 0x8f, 0xe6, 0xde, 0x77, 0xc0, 0x35, 0x03, 0xdb, 0x7d, 0xdf, 0x0d, 0x4f, 0x20, 0xdd, 0x56, 0x15, - 0x1c, 0x42, 0x1c, 0xf4, 0xdb, 0xfc, 0x20, 0x90, 0xc0, 0x5c, 0x62, 0xab, 0xd3, 0xcf, 0xa4, 0x8d, - 0xc4, 0x1d, 0x3c, 0x06, 0xa1, 0x9f, 0x4b, 0x16, 0xb8, 0x34, 0xc8, 0xdc, 0xee, 0xe0, 0xd0, 0x7e, - 0xc9, 0xd8, 0xc7, 0xbd, 0xa3, 0x90, 0xe6, 0x1d, 0xc7, 0x5c, 0xf2, 0xcc, 0xb8, 0x4b, 0x2e, 0x7d, - 0xf6, 0x01, 0xb8, 0xd0, 0x22, 0x7b, 0x9e, 0x0e, 0xad, 0x77, 0xb1, 0x7e, 0x20, 0xb5, 0xc0, 0x85, - 0xbe, 0x8b, 0xf6, 0x69, 0xb1, 0x2a, 0xb2, 0xc9, 0xcd, 0x3c, 0xf3, 0x68, 0x1f, 0xaf, 0x6d, 0xad, - 0x16, 0xe0, 0xf9, 0xbe, 0x9b, 0x68, 0x95, 0x7e, 0x24, 0x80, 0x87, 0x7d, 0x17, 0x79, 0xac, 0x76, - 0x13, 0xf1, 0x0b, 0x0e, 0x46, 0x87, 0x1e, 0x0a, 0x3d, 0xe4, 0x44, 0xc5, 0xad, 0x5c, 0x22, 0x7b, - 0xd0, 0x90, 0xa7, 0x48, 0xcc, 0x57, 0x21, 0x5b, 0x2d, 0xc0, 0xdb, 0x7d, 0x37, 0x93, 0x56, 0xfa, - 0x9e, 0x00, 0x6e, 0x27, 0xd0, 0x59, 0x8e, 0x83, 0x0e, 0x5c, 0x9f, 0x46, 0x22, 0x5c, 0x87, 0x0c, - 0x17, 0x3b, 0x67, 0xbe, 0x96, 0x8d, 0x6b, 0x72, 0xc5, 0x6d, 0xb5, 0x00, 0xaf, 0x0f, 0x20, 0xa5, - 0x92, 0x8d, 0xea, 0x2a, 0x05, 0x4d, 0xdb, 0x0a, 0x07, 0xab, 0x73, 0x2a, 0xaf, 0xae, 0x32, 0xca, - 0x7b, 0x87, 0x74, 0x35, 0x99, 0x56, 0xfa, 0x0d, 0x01, 0xdc, 0x4c, 0xa0, 0x0b, 0x70, 0x88, 0xec, - 0x41, 0x25, 0x30, 0x0a, 0x68, 0x11, 0x2e, 0x75, 0x4d, 0xe7, 0xb6, 0xbe, 0x9a, 0x0d, 0x6a, 0x52, - 0x1d, 0x71, 0xb5, 0x00, 0xaf, 0x0d, 0xd0, 0xa4, 0x10, 0x49, 0xbf, 0x27, 0x80, 0x3b, 0x09, 0x18, - 0x3e, 0xcf, 0xfa, 0x93, 0x80, 0x98, 0x95, 0x03, 0x47, 0x50, 0xce, 0x50, 0x28, 0x3f, 0x9f, 0x0d, - 0x65, 0x5a, 0x41, 0x71, 0xb5, 0x00, 0x6f, 0x0e, 0xe0, 0x4c, 0x20, 0x8c, 0x34, 0xe3, 0xf3, 0x12, - 0x5d, 0x64, 0x93, 0x33, 0x0d, 0xd9, 0xbc, 0x44, 0x98, 0x2f, 0xd7, 0x7c, 0xa6, 0x66, 0x32, 0x0a, - 0x8c, 0x99, 0x66, 0x26, 0x13, 0x49, 0x9f, 0x82, 0x6b, 0x69, 0x28, 0x7a, 0x27, 0x1c, 0xc1, 0x59, - 0x8a, 0xe0, 0x2b, 0xf9, 0x11, 0x24, 0x2b, 0x94, 0xab, 0x05, 0x58, 0x1c, 0x93, 0xce, 0x09, 0xa4, - 0x5f, 0x06, 0x6b, 0xe3, 0x92, 0x7b, 0xbe, 0xdb, 0x0d, 0xb9, 0x68, 0x40, 0x45, 0xbf, 0x9f, 0x57, - 0xf4, 0x48, 0x7d, 0x73, 0xb5, 0x00, 0x57, 0x46, 0x64, 0xc7, 0x14, 0x52, 0x1b, 0xac, 0xf4, 0x5d, - 0xe4, 0x70, 0x97, 0x49, 0x62, 0x1c, 0x9f, 0x38, 0x6e, 0x3a, 0x38, 0x3d, 0x42, 0xce, 0x6d, 0x6d, - 0xe6, 0xa8, 0x99, 0x49, 0x56, 0x09, 0x57, 0x0b, 0x70, 0xa9, 0xef, 0xa6, 0xd6, 0x0f, 0x7f, 0x8f, - 0x99, 0xdf, 0x40, 0x5c, 0x7c, 0xb2, 0x44, 0xa9, 0x52, 0x2e, 0x79, 0x81, 0x4a, 0xfe, 0x20, 0x87, - 0xe4, 0xf4, 0xc2, 0x5f, 0x66, 0x79, 0x19, 0xc5, 0xc1, 0xdf, 0xa6, 0x86, 0x37, 0x00, 0xc3, 0xcb, - 0xcb, 0x02, 0x56, 0x29, 0xc6, 0x81, 0x9c, 0xa7, 0x40, 0xbe, 0xfc, 0x85, 0xea, 0xcc, 0x98, 0xcd, - 0x4d, 0xa9, 0x0b, 0xfc, 0x2d, 0xe6, 0x40, 0x63, 0x04, 0x3c, 0x7c, 0x8e, 0xf7, 0x25, 0x03, 0xb1, - 0x48, 0x41, 0x3c, 0xcd, 0x03, 0x22, 0xad, 0x9c, 0xa7, 0x5a, 0x80, 0x37, 0x12, 0x38, 0x52, 0x2b, - 0x7e, 0xfe, 0x90, 0x79, 0xcf, 0x71, 0x28, 0x76, 0x94, 0xc9, 0x41, 0x9d, 0xb0, 0x1d, 0x70, 0x40, - 0x17, 0x28, 0xa0, 0x9f, 0xfb, 0x1c, 0x80, 0xc6, 0x0b, 0x6c, 0xaa, 0x05, 0x78, 0x67, 0x1c, 0x55, - 0x4c, 0x17, 0xb6, 0x79, 0x8d, 0xc1, 0x4f, 0x04, 0xf0, 0x74, 0x78, 0x9d, 0x68, 0x79, 0x06, 0xb2, - 0x68, 0x7d, 0x06, 0x72, 0xa2, 0x02, 0x0d, 0x14, 0x7a, 0x5e, 0x9b, 0x87, 0x6e, 0xed, 0x36, 0x47, - 0x2a, 0x52, 0xa4, 0xcf, 0x72, 0xad, 0x5f, 0xae, 0x32, 0x98, 0x6a, 0x01, 0x3e, 0x4a, 0x2e, 0x6a, - 0xbe, 0xda, 0x99, 0x1f, 0x0b, 0xe0, 0x49, 0xae, 0x39, 0xc4, 0xea, 0x66, 0xf8, 0x2f, 0x52, 0xfc, - 0x95, 0x2f, 0x8c, 0x7f, 0x38, 0x11, 0x57, 0x2d, 0xc0, 0x8d, 0x2c, 0xf0, 0x23, 0xa9, 0xbb, 0x3f, - 0x12, 0xc0, 0x3b, 0x49, 0xe4, 0x56, 0x9f, 0x44, 0x1e, 0x83, 0x1b, 0x5f, 0xa2, 0xe4, 0x98, 0x01, - 0x96, 0x28, 0xe0, 0x8f, 0x72, 0x00, 0x9e, 0x56, 0x58, 0x52, 0x2d, 0xc0, 0x7b, 0x31, 0xd0, 0xa9, - 0x25, 0x28, 0x7f, 0x29, 0x80, 0xcd, 0x0c, 0xcb, 0x75, 0xad, 0x0e, 0xbb, 0x2a, 0x9c, 0x70, 0x90, - 0x97, 0x28, 0xc8, 0xed, 0x2f, 0x62, 0xbf, 0xc3, 0xb9, 0xdd, 0x6a, 0x01, 0x3e, 0x9c, 0x62, 0xc4, - 0x9a, 0xd5, 0x49, 0x26, 0x82, 0x7f, 0x5f, 0x00, 0xf7, 0x92, 0x50, 0x7b, 0x83, 0x7c, 0xe9, 0xd8, - 0xba, 0x5f, 0xa6, 0x08, 0x3f, 0xcc, 0x81, 0x70, 0x52, 0xd2, 0xb5, 0x5a, 0x80, 0xa5, 0x18, 0xda, - 0xc4, 0xd4, 0xec, 0xaf, 0x09, 0xe0, 0x56, 0x12, 0x53, 0x88, 0x83, 0x90, 0xa0, 0xe9, 0x0e, 0xf9, - 0xe3, 0x2b, 0x99, 0xa7, 0xdf, 0x94, 0x0c, 0x68, 0xb5, 0x00, 0xd7, 0x62, 0x24, 0x69, 0x29, 0x52, - 0x1f, 0xac, 0x26, 0x31, 0x44, 0x71, 0x6e, 0x74, 0x0e, 0x2d, 0x65, 0xa4, 0xfd, 0x26, 0xa5, 0x20, - 0xd9, 0xb1, 0x3b, 0x21, 0x3d, 0xd9, 0x06, 0xc5, 0xbe, 0x4b, 0x82, 0x30, 0x2b, 0xc4, 0xa8, 0x8b, - 0x8f, 0xe9, 0x6d, 0x93, 0x9f, 0xb8, 0xcb, 0x19, 0xcf, 0x3e, 0x13, 0x93, 0x7f, 0xd5, 0x02, 0xbc, - 0xdc, 0x77, 0xc7, 0x3b, 0xa5, 0x13, 0x7a, 0xc8, 0x8f, 0x4a, 0x0b, 0xac, 0xa3, 0x48, 0x64, 0x31, - 0x53, 0xc3, 0x53, 0x52, 0x8a, 0x6c, 0xa2, 0xe9, 0x04, 0xd2, 0xb7, 0xc1, 0x8d, 0xb4, 0x89, 0xd2, - 0x94, 0x23, 0x17, 0xbe, 0x92, 0x79, 0xc0, 0x4c, 0x4d, 0x57, 0x56, 0x0b, 0xf0, 0xea, 0xe8, 0xac, - 0x63, 0x12, 0xe9, 0x4f, 0x98, 0x0b, 0x19, 0x45, 0xc0, 0x9e, 0x65, 0x93, 0x29, 0x4d, 0x8e, 0xe6, - 0x2a, 0x45, 0xa3, 0xe4, 0x45, 0x33, 0x25, 0x33, 0x5a, 0x2d, 0xc0, 0xbb, 0x23, 0xc0, 0xd2, 0xa9, - 0xa5, 0x3f, 0x17, 0xc0, 0x46, 0xd2, 0x04, 0xdd, 0xf8, 0x61, 0x0f, 0x59, 0xc7, 0x01, 0xbb, 0x88, - 0xf3, 0x6d, 0xc1, 0xad, 0x72, 0x35, 0xf3, 0x0a, 0x91, 0xef, 0xc7, 0x39, 0xd5, 0x02, 0x7c, 0x10, - 0x5b, 0x69, 0x92, 0xf6, 0x38, 0x20, 0x97, 0xfc, 0xa1, 0x1f, 0xf2, 0x7c, 0x5f, 0x00, 0x77, 0xd3, - 0x43, 0x06, 0x27, 0x40, 0x98, 0x3e, 0x41, 0x72, 0x78, 0xd7, 0x72, 0x87, 0x50, 0xe9, 0xbf, 0x99, - 0x19, 0x0e, 0xa1, 0x06, 0x34, 0x4e, 0x90, 0xfc, 0x85, 0x48, 0xc8, 0xcc, 0x9a, 0x9c, 0xb7, 0xa1, - 0x87, 0x58, 0xae, 0x8f, 0xad, 0x22, 0x47, 0xb1, 0x96, 0xb9, 0x75, 0xd3, 0x7f, 0x84, 0xc1, 0x2d, - 0x3a, 0xfd, 0x07, 0x1a, 0xdf, 0x04, 0x17, 0x2d, 0x9a, 0x74, 0x44, 0x71, 0xca, 0xaf, 0x78, 0x9d, - 0x4a, 0x9a, 0xfc, 0x48, 0x9d, 0x9a, 0x20, 0xaf, 0x16, 0xa0, 0x68, 0x8d, 0x74, 0x44, 0x2e, 0x31, - 0x69, 0x02, 0x5c, 0xb3, 0x34, 0x3c, 0xe6, 0x33, 0xbb, 0x91, 0xb9, 0x61, 0xa7, 0x3c, 0x6c, 0x33, - 0x97, 0x38, 0xed, 0xe5, 0x9b, 0x87, 0xca, 0x29, 0x20, 0x06, 0xaf, 0x00, 0x0c, 0xc7, 0xcd, 0xcc, - 0x75, 0x9e, 0xfe, 0xde, 0xcd, 0xd6, 0x39, 0xe3, 0x4d, 0xfc, 0xd7, 0x05, 0xea, 0x44, 0xa2, 0x7b, - 0xe3, 0xb7, 0x92, 0x3f, 0x43, 0x8d, 0xae, 0x8c, 0xb7, 0xf2, 0xde, 0x5e, 0x27, 0xfd, 0x88, 0x75, - 0xe8, 0xf6, 0x9a, 0x42, 0x24, 0x7d, 0x02, 0xf8, 0x62, 0x21, 0x1c, 0xd5, 0x0b, 0x14, 0x4b, 0x54, - 0xea, 0x97, 0x32, 0x96, 0x7d, 0xb8, 0xbe, 0xa0, 0x5a, 0x80, 0x17, 0xac, 0xe1, 0x76, 0xa9, 0x03, - 0x96, 0xf9, 0xd8, 0xc4, 0x41, 0x25, 0xcb, 0x0c, 0x8a, 0xb7, 0x33, 0xde, 0xc9, 0x27, 0x67, 0xfb, - 0xab, 0x05, 0x78, 0xc5, 0x4a, 0xeb, 0x95, 0xf6, 0xc1, 0x95, 0xf8, 0x95, 0x84, 0x39, 0x46, 0xb6, - 0x9c, 0x77, 0xa8, 0xb0, 0x77, 0x27, 0x0a, 0x4b, 0xc9, 0x24, 0x54, 0x0b, 0xf0, 0x92, 0x9f, 0x92, - 0x60, 0x38, 0x06, 0xd7, 0x26, 0x3c, 0x65, 0x33, 0x51, 0x77, 0x33, 0xe6, 0x35, 0xf9, 0xf9, 0x9d, - 0x38, 0xfc, 0x83, 0xc9, 0x8f, 0xf3, 0xfb, 0x80, 0xcf, 0x1a, 0xf1, 0xfc, 0x94, 0xcf, 0x0a, 0x19, - 0x8a, 0xf7, 0x32, 0x26, 0x97, 0x52, 0xfc, 0x40, 0x26, 0x67, 0xa5, 0xd4, 0x44, 0xd4, 0xc0, 0xf9, - 0x81, 0x0c, 0xba, 0x4a, 0xf7, 0xe9, 0xd8, 0x77, 0x33, 0xc7, 0x26, 0xc4, 0xd5, 0x02, 0x5c, 0xb0, - 0x92, 0x65, 0x0b, 0x7b, 0x40, 0x4a, 0xa6, 0xd2, 0xd8, 0x8a, 0x14, 0x1f, 0x64, 0x54, 0x2d, 0x8d, - 0x96, 0x0d, 0x50, 0x6f, 0x32, 0x5a, 0x4a, 0x30, 0x32, 0x74, 0x9f, 0x26, 0xb8, 0x8b, 0x0f, 0x73, - 0x0f, 0xcd, 0x32, 0xe2, 0xc3, 0x43, 0xf3, 0x2c, 0xf9, 0xc8, 0xd0, 0x0e, 0xcd, 0x2f, 0x16, 0xd7, - 0x73, 0x0f, 0xcd, 0x12, 0x92, 0xc3, 0x43, 0xf3, 0x24, 0x65, 0x1b, 0xac, 0x24, 0x87, 0x66, 0x49, - 0xcf, 0x48, 0x2f, 0xef, 0x64, 0xbc, 0x0b, 0xa4, 0xd7, 0x0d, 0x54, 0x0b, 0x70, 0xc9, 0x4a, 0xaf, - 0x28, 0x48, 0x97, 0xc6, 0x55, 0xf5, 0xee, 0xe7, 0x94, 0x36, 0x50, 0xd8, 0x98, 0x34, 0xae, 0xb6, - 0x74, 0x69, 0x5c, 0x7b, 0x5f, 0xfa, 0x9c, 0xd2, 0x06, 0x3a, 0x1c, 0x93, 0xc6, 0x35, 0xd9, 0x01, - 0x57, 0x93, 0xd2, 0x68, 0x4e, 0x3f, 0x20, 0xa7, 0x65, 0x3f, 0xc0, 0x7e, 0x71, 0x23, 0xb7, 0xb8, - 0x64, 0x65, 0xc1, 0xb0, 0xb8, 0xa1, 0x9a, 0x83, 0xdf, 0x16, 0x40, 0x29, 0x19, 0x20, 0x24, 0xf3, - 0x36, 0xf1, 0x33, 0x4b, 0x71, 0x33, 0xf3, 0x4d, 0x36, 0xb3, 0xa0, 0x9d, 0xbd, 0xc9, 0x0e, 0xc8, - 0xec, 0x71, 0x32, 0xe9, 0x15, 0x58, 0x4e, 0x79, 0x61, 0xc1, 0xae, 0x8d, 0x8b, 0xef, 0x65, 0x86, - 0xd8, 0x13, 0xca, 0xc9, 0x59, 0x88, 0x3d, 0xd2, 0xe9, 0xda, 0x78, 0x54, 0x58, 0x14, 0x6e, 0x7a, - 0x0e, 0x2e, 0x3e, 0xca, 0x2d, 0x6c, 0xa4, 0x84, 0x7b, 0x58, 0x58, 0xdc, 0x29, 0x7d, 0x03, 0x5c, - 0x0c, 0xad, 0x43, 0x7e, 0x0e, 0x61, 0x72, 0x20, 0xfa, 0x27, 0xc5, 0xad, 0x8c, 0xb3, 0x28, 0x2d, - 0xbd, 0x47, 0xce, 0xa2, 0xd0, 0x3a, 0x4c, 0xb6, 0x4b, 0x21, 0xb8, 0x1a, 0xf0, 0x64, 0x08, 0xf2, - 0xe9, 0x48, 0xe8, 0x10, 0xd3, 0x87, 0xec, 0x7e, 0x3b, 0x2c, 0x3e, 0xce, 0x78, 0x92, 0x9a, 0x96, - 0x47, 0xa9, 0x16, 0xe0, 0x72, 0x90, 0xde, 0x3f, 0xba, 0x2d, 0x78, 0x39, 0x01, 0xdf, 0xf2, 0x4f, - 0x72, 0xdb, 0x69, 0xb2, 0x08, 0x65, 0xd8, 0x4e, 0x87, 0xca, 0x53, 0xd2, 0xa5, 0xf1, 0x4d, 0xf8, - 0xe5, 0xcf, 0x29, 0x2d, 0x6d, 0x13, 0x0e, 0xd5, 0x5c, 0xec, 0x83, 0x2b, 0x91, 0x61, 0x9c, 0xa0, - 0x03, 0x1c, 0xda, 0x2f, 0xf9, 0x19, 0xf8, 0x95, 0x8c, 0x13, 0x29, 0x25, 0x99, 0x44, 0x4e, 0x24, - 0x27, 0x25, 0xc7, 0xf4, 0x83, 0x91, 0xd7, 0x3c, 0x6e, 0x80, 0xb1, 0x5c, 0x76, 0xc7, 0x2f, 0xbe, - 0x9f, 0xfb, 0xf1, 0x6c, 0xf2, 0x2f, 0x11, 0x87, 0x9f, 0xf4, 0x52, 0xe9, 0xa4, 0xef, 0x8c, 0xdc, - 0xec, 0x5f, 0xf5, 0xf7, 0x31, 0x4d, 0x85, 0x0e, 0x5d, 0x13, 0x9e, 0xe6, 0x7e, 0xe0, 0x1c, 0xff, - 0x81, 0xf8, 0xf0, 0x03, 0x27, 0xed, 0x7f, 0x35, 0x74, 0x3d, 0xf8, 0x6e, 0xba, 0x4a, 0xac, 0x5e, - 0x8f, 0x3e, 0xb3, 0x0e, 0x1e, 0x38, 0x3f, 0xc8, 0x7c, 0xe1, 0x9e, 0xf6, 0x4b, 0x83, 0x61, 0x47, - 0x94, 0xfa, 0x5b, 0x84, 0x1e, 0x58, 0xe5, 0xd6, 0x76, 0xe8, 0x5b, 0xbd, 0x97, 0xf4, 0x4a, 0x17, - 0xd8, 0x56, 0x14, 0x09, 0x7d, 0x95, 0xca, 0x7f, 0x2f, 0xc3, 0xde, 0xc6, 0xb2, 0xe3, 0x64, 0x37, - 0x59, 0x89, 0xae, 0xe3, 0x20, 0x4e, 0x9c, 0xff, 0x2e, 0xbb, 0xa8, 0x0d, 0x49, 0xb5, 0x7d, 0xef, - 0xb8, 0x8b, 0x7e, 0x11, 0x1f, 0xe3, 0x36, 0x72, 0xdc, 0x83, 0x03, 0x7a, 0x05, 0x2e, 0x7e, 0x98, - 0x69, 0x0f, 0xd9, 0xf9, 0x5a, 0x66, 0x0f, 0x53, 0xe9, 0xb6, 0xcf, 0x80, 0x53, 0x74, 0xd0, 0x67, - 0x73, 0xf3, 0x33, 0xe2, 0x2c, 0x59, 0xb9, 0x41, 0x3c, 0x4f, 0xbc, 0x4b, 0xf4, 0xf4, 0x4f, 0x6f, - 0x6f, 0xeb, 0x7f, 0x7b, 0x21, 0xfe, 0xe7, 0x93, 0x28, 0xe4, 0x94, 0x6e, 0x81, 0xb5, 0xb2, 0x66, - 0x28, 0xfa, 0x73, 0x15, 0x22, 0xa8, 0x1a, 0x7a, 0x0b, 0x2a, 0xa3, 0xbf, 0x5b, 0xbe, 0x06, 0x8a, - 0xe3, 0x24, 0x86, 0x0a, 0x9f, 0xab, 0x50, 0x14, 0xa4, 0x9b, 0xe0, 0xda, 0x78, 0xef, 0x6e, 0x6b, - 0x5b, 0x85, 0x0d, 0xd5, 0x54, 0x0d, 0x71, 0x46, 0x7a, 0x0c, 0x36, 0xc7, 0x29, 0xca, 0xb2, 0x29, - 0x6f, 0xcb, 0x86, 0x8a, 0x9a, 0xba, 0x61, 0x56, 0xa0, 0x6a, 0x20, 0x43, 0xad, 0xed, 0xa0, 0xaa, - 0x6e, 0x98, 0x6a, 0x59, 0x9c, 0x95, 0xde, 0x03, 0xef, 0x4e, 0x61, 0xaa, 0xef, 0x19, 0x1f, 0xd7, - 0x86, 0x38, 0xe6, 0xa4, 0x2d, 0xb0, 0x31, 0x8d, 0x43, 0x6f, 0x54, 0xf4, 0xf2, 0xf6, 0x10, 0xcf, - 0x29, 0xe9, 0x1d, 0x70, 0x3f, 0x0f, 0x34, 0x58, 0x36, 0xc4, 0xd3, 0xd2, 0x03, 0x70, 0x27, 0x13, - 0x12, 0xa1, 0x3c, 0x23, 0xdd, 0x03, 0xa5, 0x71, 0x4a, 0xb9, 0xd9, 0xac, 0x69, 0x8a, 0x6c, 0x6a, - 0x7a, 0x03, 0x55, 0x4d, 0xb3, 0x29, 0xce, 0x4b, 0x77, 0xc1, 0xad, 0xe9, 0x74, 0xa6, 0xd2, 0x14, - 0xcf, 0xa6, 0x93, 0xbd, 0xd0, 0x1a, 0x65, 0xfd, 0x85, 0x81, 0xca, 0xaa, 0xb1, 0x6b, 0xea, 0x4d, - 0x11, 0x48, 0xef, 0x82, 0x07, 0x53, 0xf0, 0x19, 0x1f, 0xd7, 0xd8, 0x9a, 0x51, 0x8c, 0xe7, 0x32, - 0x14, 0x1c, 0x4f, 0x5d, 0x2d, 0x1b, 0x55, 0x6d, 0xc7, 0x14, 0x17, 0xa4, 0x27, 0xe0, 0xbd, 0x5c, - 0xe3, 0x27, 0x55, 0x7c, 0x3e, 0x43, 0x0e, 0x54, 0xcb, 0xda, 0xf0, 0xd2, 0x2f, 0xe6, 0x5d, 0x94, - 0x8a, 0xd2, 0x14, 0x2f, 0xe4, 0x5a, 0x14, 0x42, 0x29, 0xe6, 0x56, 0x0f, 0xa1, 0xbe, 0x28, 0x7d, - 0x08, 0xde, 0xff, 0x3c, 0xea, 0xe1, 0xfb, 0xa1, 0xa6, 0x1a, 0x86, 0x28, 0x49, 0x5f, 0x02, 0x0f, - 0xf3, 0x30, 0xcb, 0x9f, 0xb4, 0xa0, 0x2a, 0x5e, 0x92, 0xee, 0x83, 0xdb, 0x53, 0xc8, 0xcb, 0x7b, - 0x0d, 0xb9, 0xae, 0x97, 0xb7, 0xc5, 0xcb, 0x19, 0x26, 0xae, 0xc8, 0x86, 0x21, 0x37, 0xca, 0x50, - 0x46, 0xbb, 0xea, 0x9e, 0xd1, 0x94, 0x15, 0xd5, 0x10, 0xaf, 0x64, 0xac, 0x5a, 0xcc, 0x93, 0x5c, - 0x83, 0x25, 0xe9, 0x29, 0x78, 0x32, 0x85, 0x4b, 0xad, 0xc9, 0x86, 0xa9, 0x29, 0x86, 0x2a, 0x43, - 0xa5, 0x3a, 0xc4, 0xb9, 0x9c, 0x6b, 0xbd, 0x39, 0xbf, 0xac, 0x54, 0x55, 0xb1, 0x98, 0xa1, 0x2d, - 0xc6, 0x51, 0x57, 0xeb, 0x3a, 0xdc, 0x2b, 0x6f, 0x8b, 0x2b, 0xb9, 0x04, 0x50, 0xcd, 0x22, 0x26, - 0xe0, 0x6a, 0xc6, 0x64, 0x18, 0x87, 0x52, 0x6b, 0x19, 0xe6, 0x88, 0xf1, 0xae, 0x4a, 0xeb, 0xe0, - 0x5e, 0xa6, 0x75, 0xb1, 0x55, 0xbc, 0x26, 0x6d, 0x80, 0xf5, 0x5c, 0xf6, 0xc5, 0xe8, 0xd7, 0x32, - 0x16, 0x33, 0xa6, 0xaf, 0x6b, 0x0a, 0xd4, 0x0d, 0x7d, 0xc7, 0x14, 0xaf, 0x4b, 0x5f, 0x01, 0x5b, - 0xd3, 0x16, 0x53, 0x57, 0x76, 0xa1, 0x2e, 0x2b, 0xd5, 0x11, 0x3f, 0x77, 0x23, 0xc3, 0xf6, 0x23, - 0xdf, 0x28, 0x9b, 0x35, 0xd9, 0x10, 0x6f, 0x66, 0xec, 0x29, 0xa3, 0xa1, 0xbf, 0xd8, 0xa9, 0xc9, - 0xbb, 0xaa, 0x78, 0x6b, 0xc2, 0xb8, 0xba, 0x92, 0xd0, 0x6e, 0xd9, 0x40, 0x4d, 0xa8, 0x7f, 0x7d, - 0x4f, 0x2c, 0x4d, 0x30, 0xc5, 0x24, 0x75, 0x55, 0xab, 0x54, 0x91, 0xfc, 0x5c, 0xd6, 0x6a, 0xf2, - 0xb6, 0x56, 0xd3, 0xcc, 0x3d, 0xf1, 0xb6, 0xf4, 0x3e, 0x78, 0x9c, 0xc1, 0x45, 0x77, 0x88, 0xa6, - 0x20, 0xa8, 0x56, 0x34, 0xc3, 0x84, 0xd4, 0x75, 0x8a, 0x77, 0xd2, 0xbd, 0xb0, 0x21, 0xd7, 0x6b, - 0x49, 0x17, 0x2b, 0xde, 0x95, 0x4a, 0xe0, 0xfa, 0x38, 0x9d, 0xaa, 0x6c, 0xb1, 0x7f, 0xe8, 0x68, - 0x28, 0xaa, 0x78, 0x6f, 0x82, 0xd1, 0xe9, 0xca, 0xa8, 0x1b, 0x46, 0x0d, 0xbd, 0x81, 0xe4, 0xb2, - 0x78, 0x5f, 0xba, 0x03, 0x6e, 0x4e, 0x3b, 0x17, 0xe9, 0x3f, 0x37, 0x3c, 0x48, 0xb7, 0xfd, 0xe4, - 0x09, 0x20, 0xbf, 0x30, 0x90, 0xa2, 0x37, 0x0c, 0xbd, 0xa6, 0x8a, 0x0f, 0xd7, 0xff, 0x54, 0x00, - 0x8b, 0xc3, 0x7f, 0xfc, 0x25, 0xdd, 0x00, 0xab, 0x83, 0x11, 0x0c, 0x53, 0x36, 0x5b, 0xc6, 0xc8, - 0xf1, 0xbd, 0x0a, 0x96, 0x47, 0x09, 0x8c, 0x96, 0xa2, 0x10, 0x4f, 0x25, 0xa4, 0x76, 0xee, 0x6a, - 0xcd, 0xa6, 0x5a, 0x16, 0x67, 0xa4, 0x15, 0x70, 0x65, 0xb4, 0x53, 0x85, 0x50, 0x87, 0xe2, 0x6c, - 0x1a, 0x9f, 0xbc, 0xad, 0x43, 0x7a, 0x12, 0xaf, 0xff, 0x64, 0x06, 0xcc, 0x2a, 0xa6, 0x2c, 0x5d, - 0x02, 0x17, 0x14, 0x53, 0x1e, 0xff, 0x8b, 0x15, 0xd2, 0x28, 0xb7, 0xcc, 0x2a, 0x99, 0x58, 0x43, - 0x55, 0x4c, 0x9d, 0xc4, 0x11, 0xcb, 0xe0, 0x12, 0x6d, 0x57, 0x4c, 0xed, 0x39, 0x09, 0x2f, 0x0c, - 0x43, 0xd3, 0x1b, 0x24, 0x7c, 0x18, 0x74, 0x10, 0xc8, 0x08, 0xaa, 0x1f, 0xb7, 0x54, 0xc3, 0x34, - 0xc4, 0xd9, 0xa8, 0xa3, 0x09, 0xd5, 0xba, 0xd6, 0xaa, 0x23, 0xa3, 0xd5, 0x6c, 0xea, 0xd0, 0x14, - 0xe7, 0xa2, 0x0e, 0x13, 0x92, 0x2d, 0x5d, 0x46, 0x65, 0xf5, 0xb9, 0x46, 0x7c, 0xe1, 0xa9, 0x48, - 0x76, 0xab, 0x59, 0x81, 0x72, 0x59, 0x45, 0xdb, 0x72, 0xa3, 0xa1, 0x42, 0xf1, 0x74, 0xc4, 0xb0, - 0xad, 0xd5, 0x6a, 0x5a, 0xa3, 0x82, 0x8c, 0x56, 0xbd, 0x2e, 0xc3, 0x3d, 0xf1, 0x4c, 0x34, 0x03, - 0x2e, 0xbb, 0xa6, 0x19, 0xa6, 0x38, 0x4f, 0xff, 0x88, 0x23, 0x6e, 0xac, 0xeb, 0x0d, 0xcd, 0xd4, - 0xa1, 0xd6, 0xa8, 0x88, 0x67, 0xe9, 0x5f, 0x7c, 0x98, 0x32, 0x52, 0xbf, 0x6e, 0xaa, 0xb0, 0x21, - 0xd7, 0x90, 0xdc, 0x2a, 0x6b, 0x26, 0x32, 0x4c, 0x1d, 0xca, 0x15, 0x55, 0x04, 0x11, 0x00, 0x7d, - 0x97, 0xa0, 0x30, 0x88, 0xee, 0xf6, 0x1a, 0x8a, 0x78, 0x4e, 0x12, 0xc1, 0x02, 0xe5, 0x6b, 0x98, - 0x50, 0x46, 0x5a, 0x59, 0x5c, 0x58, 0xff, 0xf7, 0xd3, 0xe0, 0x4a, 0x6a, 0x0d, 0x36, 0x39, 0x2d, - 0xb4, 0x86, 0xa9, 0x56, 0x98, 0x9d, 0x23, 0xb5, 0x01, 0xf5, 0x5a, 0x0d, 0xed, 0x6a, 0x8d, 0xd1, - 0xbf, 0x23, 0xb9, 0x05, 0xd6, 0x26, 0x11, 0x1a, 0x35, 0x59, 0xd9, 0x15, 0x05, 0x62, 0xa4, 0x93, - 0x48, 0x88, 0xe1, 0xe9, 0x5a, 0x59, 0x11, 0x67, 0x48, 0xfc, 0x31, 0x89, 0xaa, 0x29, 0x57, 0x54, - 0x58, 0x6e, 0x99, 0x7b, 0xe2, 0xec, 0x34, 0x79, 0x6a, 0x5d, 0xd6, 0x6a, 0xe2, 0x1c, 0x09, 0x16, - 0x27, 0x91, 0x3c, 0xd3, 0xa0, 0x2c, 0x9e, 0x92, 0x6e, 0x83, 0x1b, 0x93, 0x28, 0xa8, 0xc1, 0xc1, - 0xb2, 0x78, 0x9a, 0xec, 0xec, 0x49, 0x44, 0x75, 0xd9, 0x34, 0x55, 0x58, 0xd7, 0x0d, 0x53, 0x3c, - 0x33, 0x6d, 0x7a, 0x75, 0x03, 0x99, 0xaa, 0x5c, 0x37, 0xc4, 0xf9, 0x69, 0x54, 0x7a, 0xd3, 0xa8, - 0xa8, 0x0d, 0x4d, 0x15, 0xcf, 0x4e, 0x83, 0x4e, 0x96, 0x53, 0x04, 0x53, 0x27, 0x27, 0xd7, 0x77, - 0xc4, 0x73, 0xd3, 0x71, 0x2b, 0x55, 0xad, 0xa1, 0xd2, 0xc5, 0x97, 0xbe, 0x0c, 0x1e, 0x65, 0xd3, - 0xa1, 0x8a, 0x66, 0x56, 0x5b, 0xdb, 0x74, 0xc7, 0x90, 0x9d, 0x72, 0x5e, 0xda, 0x04, 0xef, 0xe4, - 0x60, 0x53, 0x34, 0xa8, 0xd4, 0x54, 0x45, 0x13, 0x17, 0x89, 0xf7, 0xc9, 0x27, 0xa7, 0x26, 0x6f, - 0x8b, 0x17, 0xc8, 0x09, 0x97, 0x83, 0xfc, 0x99, 0xda, 0xd8, 0xd5, 0x1a, 0x86, 0x28, 0xe6, 0xa4, - 0x97, 0x1b, 0x86, 0xb6, 0x5d, 0x53, 0xc5, 0x8b, 0xd3, 0xd4, 0x43, 0xce, 0x42, 0x4d, 0x51, 0x1b, - 0xfa, 0x0b, 0x51, 0x9a, 0xb6, 0x60, 0x83, 0x1d, 0x74, 0x89, 0x9c, 0x1b, 0x13, 0x2d, 0x49, 0x36, - 0xe5, 0xb2, 0x5e, 0x41, 0x5a, 0x43, 0xd1, 0xca, 0x6a, 0xc3, 0x44, 0x75, 0xb9, 0x21, 0x57, 0xd4, - 0xba, 0xda, 0x30, 0xc5, 0xcb, 0xeb, 0x1f, 0x81, 0x33, 0xfc, 0x99, 0x9c, 0x38, 0x86, 0x1d, 0x55, - 0x36, 0x49, 0x30, 0x31, 0xe6, 0x54, 0xa3, 0x8e, 0x51, 0x37, 0x23, 0xac, 0xff, 0xb1, 0x00, 0x56, - 0xa7, 0x94, 0x8c, 0x13, 0xb5, 0x47, 0xcc, 0x50, 0x55, 0xf4, 0x7a, 0x5d, 0x6d, 0x94, 0x19, 0xc8, - 0x54, 0x07, 0xbe, 0x0e, 0xee, 0x4d, 0x27, 0x6f, 0xe8, 0x26, 0xa3, 0x15, 0x88, 0x0a, 0xa7, 0xd3, - 0x96, 0xf5, 0x86, 0x2a, 0xce, 0x6c, 0x7f, 0xf3, 0xef, 0x3e, 0xbb, 0x2e, 0xfc, 0xfd, 0x67, 0xd7, - 0x85, 0x7f, 0xfa, 0xec, 0xba, 0xf0, 0x89, 0x7e, 0xe8, 0x86, 0x2f, 0xfb, 0xfb, 0x1b, 0xb6, 0xd7, - 0xd9, 0x3c, 0xf4, 0xad, 0x23, 0x97, 0xa5, 0x51, 0xad, 0xf6, 0xe6, 0xe0, 0x3f, 0x5f, 0xad, 0x9e, - 0xbb, 0x79, 0x88, 0xbb, 0x9b, 0xb4, 0xbc, 0x7f, 0xf3, 0xd0, 0x1b, 0xf9, 0x13, 0xd8, 0x0f, 0x13, - 0x5f, 0x8f, 0x1e, 0xed, 0x9f, 0xa6, 0x64, 0x8f, 0xff, 0x2f, 0x00, 0x00, 0xff, 0xff, 0x83, 0x85, - 0x29, 0x6a, 0x34, 0x56, 0x00, 0x00, + // 5350 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe4, 0x7c, 0x4d, 0x8c, 0xdb, 0x48, + 0x76, 0xbf, 0xd8, 0x1f, 0x76, 0xbb, 0x6c, 0xb7, 0x69, 0xda, 0x6e, 0xab, 0xdd, 0x6e, 0x7f, 0xc8, + 0xdf, 0x3d, 0x33, 0xdd, 0xe3, 0xf6, 0xec, 0x8e, 0x77, 0x66, 0xfe, 0xff, 0x09, 0x9b, 0x62, 0x4b, + 0x74, 0x4b, 0xa2, 0xa6, 0x48, 0xd9, 0xdb, 0xb3, 0x58, 0x54, 0xd8, 0x64, 0x75, 0x9b, 0x69, 0x49, + 0xd4, 0x92, 0x54, 0xf7, 0x74, 0x82, 0x60, 0x37, 0x5f, 0x8b, 0x20, 0xbb, 0x9b, 0x4d, 0x80, 0x60, + 0x11, 0x60, 0x81, 0x20, 0x41, 0x3e, 0x90, 0x43, 0x80, 0x9c, 0x82, 0xbd, 0x26, 0x40, 0x0e, 0x39, + 0x06, 0x48, 0x6e, 0xb9, 0x04, 0x9b, 0x4b, 0x6e, 0x39, 0x25, 0x40, 0xbe, 0x90, 0xa0, 0x3e, 0x48, + 0x51, 0x12, 0x25, 0x72, 0x26, 0x5e, 0x2c, 0x60, 0xdf, 0xa4, 0xaa, 0xf7, 0xea, 0xfd, 0xea, 0xd5, + 0xab, 0x57, 0xaf, 0xea, 0x3d, 0x09, 0x3c, 0x0a, 0x71, 0x1b, 0xf7, 0x3c, 0x3f, 0xdc, 0xe8, 0x07, + 0xd6, 0x01, 0xc6, 0x47, 0xb8, 0x1b, 0x06, 0x1b, 0x47, 0x8f, 0x93, 0x5f, 0xd7, 0x7b, 0xbe, 0x17, + 0x7a, 0xd2, 0xd5, 0x88, 0x74, 0x3d, 0xd9, 0x77, 0xf4, 0xb8, 0xb4, 0x06, 0xa4, 0x96, 0xb6, 0x65, + 0x75, 0xbb, 0xd8, 0x57, 0xda, 0xae, 0x7d, 0xa8, 0x92, 0x1e, 0xe9, 0x32, 0x98, 0xb7, 0xda, 0xd8, + 0x0f, 0x8b, 0xc2, 0x2d, 0xe1, 0xe1, 0x19, 0xc8, 0xbe, 0x94, 0xb6, 0xc1, 0xc3, 0x96, 0xa6, 0x77, + 0xf7, 0x3c, 0xcb, 0x77, 0x14, 0xaf, 0xd3, 0x6b, 0xe3, 0x10, 0x57, 0x3c, 0xd3, 0x2b, 0x5b, 0xc1, + 0x4b, 0xd6, 0x38, 0x18, 0xe1, 0x1a, 0x58, 0xe8, 0x07, 0xd8, 0xef, 0x5a, 0x1d, 0xcc, 0x07, 0x89, + 0xbf, 0x97, 0xee, 0x81, 0x3b, 0xf1, 0x38, 0xb2, 0xe3, 0x6c, 0xbb, 0x7e, 0x10, 0x42, 0x1c, 0x78, + 0x7d, 0xdf, 0xc6, 0x83, 0x21, 0x4a, 0x6b, 0x09, 0x71, 0xa3, 0x64, 0x35, 0x2b, 0x4c, 0x02, 0x2e, + 0x7d, 0x0c, 0x6e, 0xc7, 0xb4, 0x06, 0x0e, 0x15, 0x1f, 0x3b, 0xb8, 0x1b, 0xba, 0x56, 0xdb, 0xe8, + 0xef, 0x75, 0xdc, 0x30, 0x1b, 0x53, 0x72, 0x80, 0x4f, 0xfa, 0x38, 0x08, 0x5d, 0xaf, 0xdb, 0xb5, + 0x5c, 0x1f, 0xe7, 0x1d, 0xe0, 0x17, 0xc1, 0xbd, 0x78, 0x00, 0x88, 0x0f, 0xdc, 0x80, 0x00, 0x7c, + 0x69, 0xb5, 0xdb, 0xb8, 0x7b, 0x90, 0x77, 0x10, 0x69, 0x19, 0x2c, 0x74, 0xf6, 0x2d, 0x14, 0x9e, + 0xf4, 0x70, 0x71, 0x86, 0xf6, 0x9d, 0xee, 0xec, 0x5b, 0xe6, 0x49, 0x0f, 0x4b, 0xab, 0x00, 0xb4, + 0xbd, 0x03, 0xb7, 0x8b, 0xf6, 0xdb, 0xde, 0x71, 0x71, 0x96, 0x76, 0x9e, 0xa1, 0x2d, 0xdb, 0x6d, + 0xef, 0x98, 0xe1, 0x87, 0xd8, 0xf6, 0x8e, 0xb0, 0x7f, 0xa2, 0x78, 0x0e, 0x0e, 0x14, 0xaf, 0x1b, + 0xba, 0xdd, 0x3e, 0xce, 0xb9, 0x28, 0x1f, 0x82, 0xd5, 0xb1, 0x01, 0x7a, 0x27, 0x39, 0x99, 0x3f, + 0x02, 0x37, 0x46, 0x98, 0x9b, 0xbe, 0xdb, 0x0d, 0x73, 0x72, 0x97, 0x80, 0x58, 0x76, 0x03, 0xca, + 0x5c, 0xc7, 0xa1, 0xe5, 0x58, 0xa1, 0x25, 0x2d, 0x82, 0x19, 0xd7, 0xe1, 0x94, 0x33, 0xae, 0x53, + 0xb2, 0x40, 0x31, 0xa2, 0x89, 0x6c, 0x20, 0xa6, 0x55, 0xc1, 0x82, 0xcf, 0xdb, 0x28, 0xc7, 0xe2, + 0xe6, 0xa3, 0xf5, 0x09, 0xf6, 0xbe, 0x3e, 0x3a, 0x08, 0x8c, 0x59, 0x4b, 0x87, 0x40, 0x8a, 0x7a, + 0x8d, 0x10, 0xf7, 0x8c, 0xd0, 0x0a, 0xfb, 0x81, 0xf4, 0x31, 0x38, 0x15, 0xd0, 0x4f, 0x7c, 0xe8, + 0x07, 0x99, 0x43, 0x33, 0x46, 0xc8, 0xd9, 0xc8, 0x5e, 0xc2, 0xbe, 0xef, 0xf9, 0x7c, 0x41, 0xd9, + 0x97, 0xd2, 0x1f, 0x09, 0x60, 0xa9, 0xa5, 0x25, 0x58, 0xfc, 0x10, 0x3b, 0x4c, 0x55, 0x2a, 0x58, + 0xe8, 0xf0, 0xa9, 0x51, 0x99, 0x67, 0x73, 0x4c, 0x27, 0xd2, 0x05, 0x8c, 0x59, 0x25, 0x25, 0x06, + 0x3e, 0x43, 0x07, 0x79, 0x2b, 0x07, 0xf0, 0x68, 0xd6, 0x11, 0xf8, 0xd2, 0x7f, 0x0b, 0xe0, 0xd6, + 0x00, 0x66, 0xa4, 0x34, 0x03, 0xb7, 0xb1, 0x4d, 0x76, 0xc8, 0x2b, 0x05, 0x5c, 0x4f, 0x2c, 0x23, + 0x83, 0xfc, 0x38, 0xf7, 0x32, 0x0e, 0x86, 0x8b, 0x86, 0x48, 0xcc, 0x7f, 0xf6, 0x8b, 0xcf, 0xff, + 0xd7, 0x66, 0x88, 0x13, 0x8a, 0x08, 0xb4, 0x6e, 0x88, 0x0f, 0x7c, 0x8b, 0xcc, 0x5c, 0x7e, 0x61, + 0xe8, 0x5a, 0x59, 0x51, 0xbc, 0x6e, 0x17, 0xdb, 0xe1, 0x6b, 0xaf, 0x87, 0x1f, 0xcd, 0x24, 0xed, + 0xa0, 0x6c, 0x85, 0xd6, 0x9e, 0x15, 0x60, 0x58, 0x36, 0xd4, 0xae, 0xef, 0xb5, 0xdb, 0xaf, 0xfb, + 0xfc, 0xa5, 0xa7, 0xa0, 0x18, 0x50, 0xa3, 0xc7, 0x0e, 0x8a, 0x46, 0x0e, 0x90, 0xed, 0xf5, 0xbb, + 0x61, 0x71, 0xee, 0x96, 0xf0, 0x70, 0x16, 0x2e, 0x45, 0xfd, 0x11, 0x94, 0x40, 0x21, 0xbd, 0xa5, + 0x7f, 0x17, 0xc0, 0xf5, 0x81, 0xe6, 0x76, 0xfa, 0x7b, 0x58, 0xdd, 0x79, 0x43, 0xb4, 0x56, 0x7a, + 0x06, 0x8a, 0x2d, 0x4d, 0xb1, 0xda, 0x6d, 0xd3, 0x93, 0xa9, 0xbf, 0x48, 0x1c, 0x08, 0xeb, 0x60, + 0xd6, 0xe6, 0x33, 0x5e, 0xdc, 0xbc, 0x3e, 0x71, 0x74, 0xc5, 0x94, 0x21, 0x21, 0x2c, 0x7d, 0x6f, + 0x3e, 0xa9, 0xc7, 0x32, 0xee, 0xb5, 0xbd, 0x13, 0x03, 0xfb, 0x47, 0xae, 0x8d, 0x5f, 0x7b, 0xeb, + 0x3b, 0x00, 0xe7, 0x1d, 0x3a, 0x61, 0xd4, 0xc1, 0xe1, 0x4b, 0xcf, 0xa1, 0x26, 0xb7, 0xb8, 0xb9, + 0x35, 0x71, 0xac, 0x69, 0x8a, 0x5a, 0x67, 0x4d, 0x75, 0x3a, 0x12, 0x3c, 0xe7, 0x24, 0xbe, 0x49, + 0x16, 0x38, 0xcb, 0x05, 0xd1, 0x10, 0x64, 0x9e, 0x8a, 0xf9, 0x99, 0xff, 0x8b, 0x18, 0x12, 0xbb, + 0x40, 0xe0, 0xc4, 0x9f, 0x4b, 0x08, 0x9c, 0x4b, 0x02, 0x90, 0x56, 0xc1, 0x72, 0x59, 0x6d, 0xd6, + 0xf4, 0x5d, 0x54, 0x57, 0xcd, 0xaa, 0x5e, 0x46, 0xad, 0x86, 0xd1, 0x54, 0x15, 0x6d, 0x5b, 0x53, + 0xcb, 0x62, 0x41, 0x5a, 0x02, 0xd2, 0x70, 0xb7, 0xdc, 0x32, 0x75, 0x51, 0x90, 0x8a, 0xe0, 0xf2, + 0x70, 0x7b, 0x5d, 0x6e, 0xb4, 0xe4, 0x9a, 0x38, 0x53, 0xc2, 0x00, 0x0c, 0x44, 0x4b, 0x2b, 0xe0, + 0x2a, 0xa7, 0x33, 0x77, 0x9b, 0xea, 0xc8, 0xe0, 0x37, 0xc0, 0xb5, 0x64, 0xa7, 0xd6, 0x30, 0x4c, + 0xb9, 0x56, 0x43, 0x86, 0x02, 0xb5, 0xa6, 0x29, 0x0a, 0xd2, 0x35, 0xb0, 0x94, 0xec, 0x97, 0xeb, + 0xf2, 0xa7, 0x7a, 0x03, 0xa9, 0x8a, 0x21, 0xce, 0x94, 0x7e, 0x38, 0x07, 0xee, 0x0e, 0xe6, 0xaf, + 0xf8, 0xd8, 0x0a, 0x71, 0xf4, 0xed, 0x44, 0xf1, 0xba, 0xfb, 0xee, 0xc1, 0x6b, 0x6f, 0x97, 0x1e, + 0x38, 0x6f, 0xd3, 0x99, 0x0e, 0xdb, 0xe5, 0xb3, 0x1c, 0x06, 0x33, 0x59, 0x61, 0xeb, 0xec, 0x73, + 0x64, 0x9f, 0x76, 0xe2, 0x5b, 0xe9, 0x4f, 0x04, 0x70, 0x2e, 0xd9, 0x4d, 0xac, 0x47, 0xd1, 0x1b, + 0xdb, 0x5a, 0x25, 0xdd, 0x7a, 0xc6, 0xba, 0xe5, 0x17, 0x06, 0x52, 0x95, 0x4d, 0x64, 0x18, 0x75, + 0x51, 0x20, 0xeb, 0x9f, 0xde, 0xad, 0x6a, 0x8a, 0x2a, 0xce, 0xa4, 0xb3, 0xc3, 0xb2, 0x41, 0x4d, + 0x60, 0x56, 0x5a, 0x06, 0x57, 0x52, 0xd8, 0x77, 0x0c, 0x71, 0xae, 0xf4, 0x5f, 0x02, 0xb8, 0x99, + 0x72, 0x5e, 0xf2, 0x7b, 0xc1, 0x6b, 0xef, 0xf8, 0x7f, 0x69, 0x26, 0xb9, 0x39, 0xa2, 0xe9, 0xb3, + 0x95, 0xeb, 0xfb, 0xb8, 0x6e, 0xd6, 0x8c, 0xd7, 0x5e, 0x07, 0xbf, 0x39, 0x03, 0x1e, 0x27, 0x1d, + 0x64, 0x70, 0x18, 0x7a, 0x3d, 0x72, 0x0c, 0x1e, 0xe1, 0xb2, 0xeb, 0x63, 0x3b, 0xf4, 0xfc, 0x13, + 0xd3, 0xf3, 0xda, 0x81, 0xd6, 0x0d, 0x42, 0xeb, 0x0d, 0x88, 0x06, 0xbe, 0x33, 0x03, 0xd6, 0xb3, + 0x14, 0x12, 0x9b, 0xc8, 0x6b, 0xaf, 0x8d, 0x3f, 0x9b, 0x01, 0xf7, 0x07, 0xda, 0x90, 0xfb, 0xa1, + 0x17, 0x7d, 0x4e, 0x84, 0x90, 0xaf, 0xfd, 0x09, 0xf2, 0x00, 0x5c, 0x48, 0x0f, 0xa7, 0x17, 0xfd, + 0xe1, 0x30, 0xfa, 0x5b, 0x33, 0xe0, 0xce, 0x40, 0x5d, 0xaa, 0xb2, 0x49, 0x77, 0x4d, 0xf7, 0x4d, + 0xba, 0x8b, 0xfe, 0x9b, 0x00, 0x96, 0x47, 0x23, 0x2e, 0x72, 0x50, 0xbd, 0x61, 0x13, 0x67, 0x91, + 0x43, 0xc3, 0x73, 0x5e, 0x7f, 0x1f, 0xf1, 0x9f, 0x02, 0xb8, 0x31, 0x3a, 0x71, 0xb9, 0xd7, 0x23, + 0x61, 0xf6, 0x1b, 0x10, 0x44, 0x7c, 0x7b, 0x06, 0x3c, 0x9a, 0x12, 0x44, 0x68, 0x72, 0xbd, 0xe9, + 0xb5, 0x5d, 0xfb, 0xe4, 0xb5, 0x57, 0xc4, 0xff, 0x08, 0xa0, 0x34, 0x50, 0x44, 0xd3, 0x77, 0xbb, + 0xb6, 0xdb, 0xb3, 0xda, 0xc1, 0x9b, 0x73, 0x58, 0xfe, 0x87, 0x00, 0x56, 0x07, 0x1a, 0x30, 0x71, + 0x10, 0xf2, 0x87, 0xb7, 0x37, 0xc1, 0xef, 0xff, 0xab, 0x00, 0x8a, 0x09, 0x2f, 0xc0, 0x13, 0x2f, + 0xce, 0x6b, 0x3f, 0xef, 0x15, 0xe2, 0xf5, 0xb9, 0xb7, 0xc7, 0xc7, 0xd0, 0x6b, 0x27, 0x93, 0x43, + 0x37, 0x89, 0x41, 0x0c, 0x75, 0x1a, 0xd6, 0x51, 0x92, 0xe0, 0x36, 0xb9, 0x80, 0x0d, 0x73, 0x93, + 0x70, 0xa1, 0x9d, 0x20, 0x79, 0x1b, 0xac, 0x8d, 0x90, 0x3c, 0x77, 0xf1, 0x71, 0xd9, 0xb3, 0xfb, + 0x1d, 0xdc, 0x0d, 0xad, 0xe1, 0x07, 0xab, 0xd2, 0x5f, 0x08, 0xe0, 0x8a, 0x1c, 0x04, 0x2e, 0xb1, + 0x3d, 0xba, 0x04, 0xb1, 0xed, 0x3d, 0x00, 0x17, 0x6c, 0xaf, 0x7b, 0x84, 0xfd, 0x80, 0xf2, 0xa0, + 0x38, 0x71, 0xb1, 0x98, 0x6c, 0xd6, 0x1c, 0xe9, 0x36, 0x38, 0x17, 0x7a, 0xa1, 0xd5, 0x46, 0xa1, + 0x77, 0x88, 0xbb, 0xec, 0x61, 0x7e, 0x16, 0x9e, 0xa5, 0x6d, 0x26, 0x6d, 0x92, 0xee, 0x80, 0xf3, + 0x3d, 0xdf, 0xeb, 0xf4, 0xc2, 0x88, 0x66, 0x96, 0xd2, 0x9c, 0x63, 0x8d, 0x9c, 0xe8, 0x2d, 0x70, + 0xd1, 0x8e, 0x31, 0x44, 0x84, 0x2c, 0x6e, 0x12, 0x07, 0x1d, 0x8c, 0xb8, 0xf4, 0x77, 0x02, 0xb8, + 0xcc, 0x70, 0xab, 0x9f, 0x61, 0xbb, 0xff, 0x05, 0x60, 0xaf, 0x02, 0xd0, 0xf5, 0x1c, 0xcc, 0xe3, + 0x33, 0x06, 0xfa, 0x0c, 0x69, 0xa1, 0xa1, 0xd9, 0xd8, 0xac, 0x66, 0x73, 0xcc, 0x6a, 0x2e, 0xef, + 0xac, 0xe6, 0x27, 0xcc, 0xea, 0x29, 0xb8, 0xc6, 0x26, 0xd5, 0xc0, 0xc7, 0x4a, 0x02, 0x6e, 0x9c, + 0x6d, 0xb2, 0xad, 0x10, 0x1f, 0x78, 0xfe, 0x49, 0x94, 0x6d, 0x8a, 0xbe, 0x97, 0xfe, 0x5c, 0x00, + 0x97, 0x18, 0xab, 0x6c, 0xdb, 0x38, 0x08, 0x20, 0xfe, 0x46, 0x1f, 0x07, 0x21, 0xc1, 0x18, 0xd9, + 0x2f, 0x7b, 0xfd, 0x62, 0x8c, 0xe7, 0xa2, 0x46, 0xfa, 0x9c, 0xf4, 0x53, 0x59, 0xc1, 0x1f, 0x0a, + 0xe0, 0x5c, 0x84, 0x98, 0x34, 0x4b, 0x4b, 0xe0, 0x94, 0x45, 0x3f, 0x71, 0x8c, 0xfc, 0xdb, 0x4f, + 0x07, 0xdd, 0x5d, 0x20, 0x31, 0x45, 0xd6, 0xdc, 0x20, 0x9c, 0x98, 0xbf, 0xfb, 0x1a, 0x10, 0x07, + 0x54, 0x6c, 0xcf, 0x49, 0x95, 0x31, 0xdf, 0x35, 0xd9, 0x4f, 0x8c, 0x8b, 0x18, 0x78, 0xaf, 0xe1, + 0xc1, 0x5b, 0x3d, 0xe7, 0x27, 0x37, 0x78, 0x19, 0x13, 0xdf, 0xfb, 0xea, 0x06, 0xb7, 0xc0, 0x52, + 0xb2, 0xbf, 0xb3, 0x17, 0x85, 0x79, 0x3f, 0x51, 0x11, 0xaf, 0x5a, 0x45, 0x29, 0x22, 0x5e, 0xb5, + 0xa2, 0x7e, 0x3e, 0x29, 0xa2, 0xe2, 0x5b, 0xdd, 0x30, 0x30, 0xbd, 0x56, 0x80, 0x7d, 0x69, 0x1d, + 0x5c, 0xa2, 0x8e, 0x09, 0xf9, 0x5e, 0x1b, 0x07, 0xe8, 0x80, 0xf4, 0x61, 0x66, 0x7a, 0xf3, 0xf0, + 0x22, 0xed, 0x22, 0xae, 0x3d, 0xa8, 0xb0, 0x0e, 0xe9, 0x5d, 0x70, 0x99, 0xd1, 0x87, 0xbe, 0xe5, + 0x86, 0x03, 0x86, 0x19, 0xca, 0x20, 0xd1, 0x3e, 0x93, 0x76, 0x71, 0x8e, 0xd2, 0x0f, 0x66, 0x93, + 0xc2, 0x21, 0x3e, 0x72, 0xf1, 0xf1, 0x2b, 0x5e, 0x25, 0xe9, 0x29, 0x58, 0x76, 0xac, 0x93, 0x00, + 0xf5, 0xac, 0x20, 0x44, 0x5d, 0xfc, 0x59, 0x88, 0xac, 0xbe, 0xe3, 0x86, 0x88, 0x2c, 0x14, 0x87, + 0x76, 0x85, 0x10, 0x34, 0x2d, 0xe2, 0xf2, 0x3e, 0x0b, 0x65, 0xd2, 0x5b, 0x26, 0x10, 0xb6, 0xc1, + 0xcd, 0x0e, 0x55, 0x79, 0xf0, 0xd2, 0xed, 0x21, 0x1f, 0x7f, 0xa3, 0xef, 0xfa, 0x98, 0x1c, 0x60, + 0x01, 0xb2, 0x5f, 0x5a, 0xdd, 0x03, 0xec, 0xd0, 0x3d, 0xbe, 0x00, 0x57, 0x07, 0x64, 0x30, 0x41, + 0xa5, 0x30, 0x22, 0xe9, 0x29, 0x28, 0xfa, 0x74, 0x6a, 0x68, 0x9f, 0x0c, 0x82, 0xbb, 0xf6, 0x49, + 0x3c, 0xc0, 0x1c, 0x1d, 0x60, 0x89, 0xf5, 0x6f, 0x47, 0xdd, 0x11, 0xe7, 0x47, 0x60, 0x85, 0x73, + 0x3a, 0xd6, 0x09, 0xf2, 0xf6, 0x51, 0xc7, 0xeb, 0x86, 0x2f, 0x63, 0xe6, 0x79, 0xca, 0x7c, 0x95, + 0x91, 0x94, 0xad, 0x13, 0x7d, 0xbf, 0x4e, 0xfa, 0x23, 0xee, 0xaf, 0x80, 0xe5, 0x6e, 0x9f, 0x00, + 0x23, 0x9c, 0x3e, 0xee, 0x78, 0x47, 0xd8, 0x41, 0x1c, 0x6a, 0xf1, 0x14, 0x9d, 0xf9, 0x12, 0x23, + 0xd0, 0xf7, 0x21, 0xeb, 0x66, 0x26, 0x16, 0x94, 0x7e, 0x47, 0x18, 0x5f, 0x98, 0x57, 0x6c, 0x78, + 0xd2, 0x63, 0x70, 0xc5, 0xa2, 0xfd, 0xa8, 0xed, 0x06, 0x21, 0xe2, 0x13, 0x75, 0x1d, 0x9e, 0xce, + 0x97, 0xac, 0x11, 0xf9, 0x9a, 0x53, 0xfa, 0xae, 0x00, 0x96, 0x13, 0xa9, 0x62, 0x96, 0xec, 0x9b, + 0xe4, 0x19, 0xa5, 0x2d, 0x30, 0x77, 0xe8, 0x76, 0xd9, 0x78, 0x8b, 0x9b, 0xeb, 0x13, 0x51, 0x8e, + 0x8d, 0xb8, 0xe3, 0x76, 0x1d, 0x48, 0x79, 0xa5, 0x15, 0x70, 0xa6, 0x1f, 0x60, 0x1f, 0xd1, 0xf2, + 0x8a, 0xd9, 0x41, 0x79, 0x45, 0xc3, 0xea, 0xe0, 0x92, 0x47, 0x42, 0xa5, 0x31, 0x6e, 0x5a, 0x72, + 0xc0, 0x4e, 0xcb, 0xc6, 0x98, 0xae, 0x36, 0xf3, 0xa3, 0x48, 0xd9, 0xab, 0x3e, 0xb8, 0x95, 0x22, + 0x30, 0x0a, 0x5c, 0x7f, 0x32, 0x32, 0xff, 0x41, 0x00, 0x97, 0xe2, 0x1a, 0x22, 0xba, 0x37, 0x99, + 0x9c, 0x5c, 0xa7, 0x7a, 0xe2, 0x15, 0x0a, 0x79, 0xbe, 0x7b, 0xe0, 0x76, 0xf9, 0xea, 0xc6, 0xaf, + 0x50, 0x3a, 0x6d, 0x95, 0xee, 0x81, 0x45, 0xbb, 0xed, 0xf5, 0x1d, 0xd4, 0xf3, 0xbd, 0x23, 0xd7, + 0xc1, 0x3e, 0x57, 0xf6, 0x79, 0xda, 0xda, 0xe4, 0x8d, 0x92, 0x0e, 0x16, 0x1c, 0x7e, 0x5d, 0xa5, + 0x5b, 0xe7, 0xec, 0xe6, 0x93, 0xcc, 0x00, 0x18, 0x3b, 0xd1, 0x0d, 0x77, 0x30, 0xbb, 0x68, 0x90, + 0xd2, 0x73, 0x70, 0x6d, 0x32, 0x9d, 0x74, 0x15, 0x9c, 0x76, 0xf6, 0x92, 0xb3, 0x3b, 0xe5, 0xec, + 0xd1, 0x79, 0xdd, 0x04, 0x67, 0x9d, 0x3d, 0x44, 0x2b, 0xc0, 0x6c, 0xaf, 0xcd, 0xe7, 0x04, 0x9c, + 0xbd, 0x26, 0x6f, 0x29, 0xfd, 0x8b, 0x00, 0xae, 0x6d, 0x63, 0x2b, 0xec, 0xfb, 0x18, 0x62, 0xdb, + 0xeb, 0x74, 0x70, 0xd7, 0x49, 0x84, 0x51, 0x43, 0x66, 0x25, 0x0c, 0x9b, 0x95, 0xf4, 0x01, 0x38, + 0xbd, 0xcf, 0x58, 0xb9, 0xe9, 0xde, 0x9a, 0x38, 0xc7, 0x48, 0x44, 0xc4, 0x20, 0x7d, 0x06, 0x56, + 0xf9, 0x47, 0xe4, 0x0f, 0xc9, 0x45, 0x89, 0x6b, 0xc3, 0xe2, 0xe6, 0x7b, 0x99, 0x23, 0x0e, 0x31, + 0xf3, 0xfb, 0xc3, 0xca, 0xfe, 0xe4, 0xce, 0xd2, 0x31, 0xb8, 0x6c, 0xca, 0x15, 0x16, 0x09, 0xe3, + 0x4f, 0xfa, 0xd8, 0xe7, 0xcf, 0x07, 0x37, 0x01, 0x0b, 0x93, 0x10, 0x89, 0x6b, 0x59, 0xad, 0xcf, + 0x2c, 0x04, 0xb4, 0xa9, 0x41, 0x5a, 0x06, 0x04, 0xd8, 0x39, 0xc0, 0x51, 0x68, 0xc5, 0x08, 0x54, + 0xd2, 0x42, 0xa2, 0x64, 0x37, 0x40, 0x41, 0x9f, 0xfa, 0x03, 0xee, 0x72, 0xcf, 0xb8, 0x81, 0xc1, + 0x1a, 0x4a, 0xff, 0x3c, 0x0b, 0xae, 0x32, 0x47, 0x53, 0xf1, 0xad, 0xde, 0x4b, 0xf9, 0x85, 0x61, + 0xd8, 0x56, 0x37, 0xca, 0x85, 0x5f, 0xe2, 0x63, 0xdb, 0x9b, 0xc8, 0xe5, 0x0f, 0x9b, 0x0c, 0xc4, + 0x1c, 0xbc, 0xc8, 0x64, 0xd8, 0xf1, 0x8b, 0x67, 0x02, 0x0b, 0x59, 0x0c, 0x86, 0x65, 0x8e, 0x63, + 0x21, 0x47, 0x62, 0x30, 0x08, 0x04, 0x0f, 0x7c, 0xaf, 0xdf, 0x63, 0x68, 0xe6, 0x78, 0x20, 0x58, + 0xa1, 0x4d, 0x83, 0x31, 0xe8, 0xb1, 0x49, 0xcd, 0x34, 0x1a, 0x83, 0x1e, 0x97, 0xc4, 0xd6, 0x19, + 0x41, 0xcf, 0x6b, 0xbb, 0xb6, 0x8b, 0x59, 0x2c, 0x3e, 0x07, 0xcf, 0xd3, 0xd6, 0x26, 0x6f, 0x94, + 0xde, 0x06, 0x12, 0xc7, 0x7e, 0x18, 0x20, 0xbb, 0xdd, 0x0f, 0xc2, 0xc8, 0x6f, 0xcf, 0x41, 0x91, + 0x41, 0x3f, 0x0c, 0x14, 0xde, 0x3e, 0x98, 0xa9, 0xef, 0x04, 0x89, 0x99, 0x9e, 0x4e, 0xcc, 0x14, + 0x3a, 0xc1, 0x60, 0xa6, 0x0f, 0x01, 0x1b, 0x03, 0x05, 0x4f, 0xd0, 0x5e, 0xdf, 0x3e, 0xc4, 0x61, + 0x50, 0x5c, 0xa0, 0xc4, 0x0c, 0x9c, 0xf1, 0x64, 0x8b, 0xb5, 0x92, 0x63, 0x9d, 0x53, 0x5a, 0x9d, + 0x76, 0xbc, 0x3f, 0x83, 0xe2, 0x19, 0x4a, 0xcd, 0x30, 0x1a, 0x56, 0xa7, 0x1d, 0x6d, 0xd2, 0x04, + 0x87, 0xe7, 0x3a, 0x76, 0x82, 0x03, 0x24, 0x38, 0x74, 0xd7, 0xb1, 0x07, 0x1c, 0xb1, 0x4a, 0x2c, + 0x9b, 0x86, 0x09, 0x41, 0xf1, 0x6c, 0x42, 0x25, 0x32, 0x6f, 0x2c, 0xfd, 0x40, 0x00, 0x77, 0x5b, + 0x5a, 0x62, 0xb1, 0x15, 0xdf, 0x3b, 0xee, 0x3e, 0xc3, 0xc7, 0xb8, 0x5d, 0x76, 0xf7, 0xf7, 0xc9, + 0x25, 0x93, 0xad, 0xfb, 0x53, 0x50, 0xb4, 0xf6, 0xf7, 0x87, 0xab, 0x4a, 0x50, 0xa2, 0x90, 0xed, + 0x0c, 0x5c, 0x8a, 0xfa, 0xe3, 0xd2, 0x2b, 0x76, 0xc1, 0x7e, 0x0f, 0x2c, 0x8d, 0x73, 0x26, 0xca, + 0x06, 0x2f, 0x8f, 0xf2, 0xd1, 0xdc, 0xfb, 0x36, 0xb8, 0x6e, 0x60, 0xbb, 0xef, 0xbb, 0xe1, 0x09, + 0xa4, 0xdb, 0xaa, 0x82, 0x43, 0x88, 0x83, 0x7e, 0x9b, 0x1f, 0x04, 0x12, 0x98, 0x4b, 0x6c, 0x75, + 0xfa, 0x99, 0xb4, 0x91, 0xb8, 0x83, 0xc7, 0x20, 0xf4, 0x73, 0xc9, 0x02, 0x97, 0xe2, 0xcc, 0xed, + 0x36, 0x0e, 0xed, 0x97, 0x8c, 0x7d, 0xdc, 0x3b, 0x0a, 0x69, 0xde, 0x71, 0xcc, 0x25, 0xcf, 0x8c, + 0xbb, 0xe4, 0xd2, 0xf7, 0x05, 0x20, 0x11, 0x5b, 0x36, 0xad, 0xe0, 0x90, 0x6c, 0x5d, 0x1c, 0x7b, + 0xa4, 0xd0, 0x0a, 0x0e, 0x93, 0xce, 0x6e, 0x81, 0x34, 0x44, 0x25, 0x92, 0x6e, 0x10, 0xf4, 0x87, + 0x46, 0x3d, 0x43, 0x5b, 0x68, 0xf7, 0x65, 0x30, 0x4f, 0xbc, 0x4b, 0x74, 0x40, 0xb2, 0x2f, 0xc4, + 0xf7, 0xc7, 0x76, 0x98, 0xc8, 0x40, 0xcc, 0xc3, 0xc5, 0xb8, 0x99, 0x65, 0x20, 0xfe, 0xfa, 0x03, + 0x70, 0xa1, 0x45, 0xbc, 0x10, 0x45, 0xa2, 0x77, 0xb1, 0xbe, 0x2f, 0xb5, 0xc0, 0x85, 0xbe, 0x8b, + 0xf6, 0x68, 0xf9, 0x2c, 0xb2, 0xdb, 0xae, 0x7d, 0x98, 0x19, 0x6c, 0x8c, 0x57, 0xdb, 0x56, 0x0b, + 0xf0, 0x7c, 0xdf, 0x4d, 0xb4, 0x4a, 0x3f, 0x14, 0xc0, 0xa3, 0xbe, 0x8b, 0x3c, 0x56, 0x4d, 0x8a, + 0xf8, 0x95, 0x0b, 0xa3, 0x03, 0x0f, 0x85, 0x1e, 0x72, 0xa2, 0x72, 0x5b, 0x2e, 0x91, 0x3d, 0xb1, + 0xc8, 0x53, 0x24, 0xe6, 0xab, 0xd9, 0xad, 0x16, 0xe0, 0x9d, 0xbe, 0x9b, 0x49, 0x2b, 0x7d, 0x47, + 0x00, 0x77, 0x12, 0xe8, 0x2c, 0xc7, 0x41, 0xfb, 0xae, 0x4f, 0x63, 0x23, 0xbe, 0xaa, 0x0c, 0x17, + 0x3b, 0xf9, 0x3e, 0xca, 0xc6, 0x35, 0xb9, 0x06, 0xb8, 0x5a, 0x80, 0x37, 0x62, 0x48, 0xa9, 0x64, + 0xa3, 0xba, 0x4a, 0x41, 0xd3, 0xb6, 0xc2, 0x78, 0x75, 0xe6, 0xf3, 0xea, 0x2a, 0xa3, 0xe0, 0x78, + 0x48, 0x57, 0x93, 0x69, 0xa5, 0x5f, 0x15, 0xc0, 0xad, 0x04, 0xba, 0x00, 0x87, 0xc8, 0x8e, 0x6b, + 0x93, 0x51, 0x40, 0xcb, 0x82, 0xa9, 0xb3, 0x3c, 0xbb, 0xf9, 0x41, 0x36, 0xa8, 0x49, 0x95, 0xcd, + 0xd5, 0x02, 0xbc, 0x1e, 0xa3, 0x49, 0x21, 0x92, 0x7e, 0x4b, 0x00, 0x77, 0x13, 0x30, 0x7c, 0x5e, + 0x87, 0x40, 0x42, 0x74, 0x56, 0xa0, 0x1c, 0x41, 0x39, 0x4d, 0xa1, 0xfc, 0xff, 0x6c, 0x28, 0xd3, + 0x4a, 0x9c, 0xab, 0x05, 0x78, 0x2b, 0x86, 0x33, 0x81, 0x30, 0xd2, 0x8c, 0xcf, 0x8b, 0x86, 0x91, + 0x4d, 0x4e, 0x59, 0x64, 0xf3, 0xa2, 0x65, 0xbe, 0x5c, 0x0b, 0x99, 0x9a, 0xc9, 0x28, 0x79, 0x66, + 0x9a, 0x99, 0x4c, 0x24, 0x7d, 0x06, 0xae, 0xa7, 0xa1, 0xe8, 0x9d, 0x70, 0x04, 0x67, 0x28, 0x82, + 0x2f, 0xe7, 0x47, 0x90, 0xac, 0x99, 0xae, 0x16, 0x60, 0x71, 0x4c, 0x3a, 0x27, 0x90, 0x7e, 0x01, + 0xac, 0x8e, 0x4b, 0xee, 0xf9, 0x6e, 0x37, 0xe4, 0xa2, 0x01, 0x15, 0xfd, 0x7e, 0x5e, 0xd1, 0x23, + 0x15, 0xd7, 0xd5, 0x02, 0x5c, 0x1e, 0x91, 0x3d, 0xa0, 0x90, 0xda, 0x60, 0xb9, 0xef, 0x22, 0x87, + 0x3b, 0x71, 0x12, 0x75, 0xf9, 0xe4, 0x28, 0xa1, 0x83, 0xd3, 0x43, 0xed, 0xec, 0xe6, 0x46, 0x8e, + 0x2a, 0x9e, 0x64, 0xdd, 0x72, 0xb5, 0x00, 0x97, 0xfa, 0x6e, 0x6a, 0x45, 0xf3, 0x77, 0x98, 0xf9, + 0xc5, 0xe2, 0x06, 0x67, 0x5d, 0x94, 0xbc, 0xe5, 0x92, 0xcf, 0x51, 0xc9, 0x5f, 0xc9, 0x21, 0x39, + 0xbd, 0x14, 0x99, 0x59, 0x5e, 0x46, 0xb9, 0xf2, 0x37, 0xa9, 0xe1, 0xc5, 0x60, 0x78, 0xc1, 0x5b, + 0xc0, 0x6a, 0xd7, 0x38, 0x90, 0xf3, 0x14, 0xc8, 0x97, 0xbe, 0x50, 0xe5, 0x1b, 0xb3, 0xb9, 0x29, + 0x95, 0x8a, 0xbf, 0xce, 0x1c, 0xe8, 0x00, 0x01, 0x0f, 0xe8, 0x07, 0xfb, 0x92, 0x81, 0x58, 0xa4, + 0x20, 0x9e, 0xe6, 0x01, 0x91, 0x56, 0x60, 0x54, 0x2d, 0xc0, 0x9b, 0x09, 0x1c, 0xa9, 0x35, 0x48, + 0xbf, 0xcb, 0xbc, 0xe7, 0x38, 0x14, 0x3b, 0xca, 0x2d, 0xa1, 0x4e, 0xd8, 0x0e, 0x38, 0xa0, 0x0b, + 0x14, 0xd0, 0xff, 0xfb, 0x1c, 0x80, 0xc6, 0x4b, 0x7e, 0xaa, 0x05, 0x78, 0x77, 0x1c, 0xd5, 0x80, + 0x2e, 0x6c, 0xf3, 0xaa, 0x87, 0xbf, 0x12, 0xc0, 0xd3, 0xe1, 0x75, 0xa2, 0x05, 0x23, 0xc8, 0xa2, + 0x15, 0x23, 0xc8, 0x89, 0x4a, 0x46, 0x50, 0xe8, 0x79, 0x6d, 0x1e, 0x4c, 0xb6, 0xdb, 0x1c, 0xa9, + 0x48, 0x91, 0x3e, 0xcb, 0xb5, 0x7e, 0xb9, 0x0a, 0x73, 0xaa, 0x05, 0xf8, 0x38, 0xb9, 0xa8, 0xf9, + 0xaa, 0x79, 0x7e, 0x24, 0x80, 0xf7, 0x72, 0xcd, 0x61, 0xa0, 0x6e, 0x86, 0xff, 0x22, 0xc5, 0x5f, + 0xf9, 0xc2, 0xf8, 0x87, 0x53, 0x83, 0xd5, 0x02, 0x5c, 0xcf, 0x02, 0x3f, 0x92, 0x4c, 0xfc, 0x3d, + 0x01, 0xbc, 0x95, 0x44, 0x6e, 0xf5, 0x49, 0xe4, 0x11, 0xdf, 0x41, 0x13, 0x45, 0xd0, 0x0c, 0xb0, + 0x44, 0x01, 0x7f, 0x9c, 0x03, 0xf0, 0xb4, 0x52, 0x97, 0x6a, 0x01, 0xde, 0x1f, 0x00, 0x9d, 0x5a, + 0x14, 0xf3, 0xa7, 0x02, 0xd8, 0xc8, 0xb0, 0x5c, 0xd7, 0xea, 0xb0, 0xcb, 0xcb, 0x09, 0x07, 0x79, + 0x89, 0x82, 0xdc, 0xfa, 0x22, 0xf6, 0x3b, 0x9c, 0x6d, 0xae, 0x16, 0xe0, 0xa3, 0x29, 0x46, 0xac, + 0x59, 0x9d, 0x64, 0x6a, 0xfa, 0xb7, 0x05, 0x70, 0x3f, 0x09, 0xb5, 0x17, 0x67, 0x70, 0xc7, 0xd6, + 0xfd, 0x32, 0x45, 0xf8, 0x61, 0x0e, 0x84, 0x93, 0xd2, 0xc0, 0xd5, 0x02, 0x2c, 0x0d, 0xa0, 0x4d, + 0x4c, 0x16, 0xff, 0xb2, 0x00, 0x6e, 0x27, 0x31, 0x85, 0x38, 0x08, 0x09, 0x9a, 0xee, 0x90, 0x3f, + 0xbe, 0x92, 0x79, 0xfa, 0x4d, 0xc9, 0xc9, 0x56, 0x0b, 0x70, 0x75, 0x80, 0x24, 0x2d, 0x69, 0xeb, + 0x83, 0x95, 0x24, 0x86, 0x28, 0xce, 0x8d, 0xce, 0xa1, 0xa5, 0x8c, 0x44, 0xe4, 0xa4, 0xa4, 0x28, + 0x3b, 0x76, 0x27, 0x24, 0x4c, 0xdb, 0xa0, 0xd8, 0x77, 0x49, 0x10, 0x66, 0x85, 0x18, 0x75, 0xf1, + 0x31, 0xbd, 0xff, 0xf2, 0x13, 0xf7, 0x6a, 0xc6, 0x43, 0xd4, 0xc4, 0x74, 0x64, 0xb5, 0x00, 0x2f, + 0xf7, 0xdd, 0xf1, 0x4e, 0xe9, 0x84, 0x1e, 0xf2, 0xa3, 0xd2, 0x02, 0xeb, 0x28, 0x12, 0x59, 0xcc, + 0xd4, 0xf0, 0x94, 0x24, 0x27, 0x9b, 0x68, 0x3a, 0x81, 0xf4, 0x4d, 0x70, 0x33, 0x6d, 0xa2, 0x34, + 0x09, 0xca, 0x85, 0x2f, 0x67, 0x1e, 0x30, 0x53, 0x13, 0xa8, 0xd5, 0x02, 0xbc, 0x36, 0x3a, 0xeb, + 0x01, 0x89, 0xf4, 0x07, 0xcc, 0x85, 0x8c, 0x22, 0x60, 0x0f, 0xc5, 0xc9, 0x24, 0x2b, 0x47, 0x73, + 0x8d, 0xa2, 0x51, 0xf2, 0xa2, 0x99, 0x92, 0xab, 0xad, 0x16, 0xe0, 0xbd, 0x11, 0x60, 0xe9, 0xd4, + 0xd2, 0x1f, 0x0b, 0x60, 0x3d, 0x69, 0x82, 0xee, 0xe0, 0xa9, 0x11, 0x59, 0xc7, 0x01, 0x7b, 0x1a, + 0xe0, 0xdb, 0x82, 0x5b, 0xe5, 0x4a, 0xe6, 0x15, 0x22, 0xdf, 0xcf, 0x85, 0xaa, 0x05, 0xf8, 0x70, + 0x60, 0xa5, 0x49, 0xda, 0xe3, 0x40, 0x77, 0x1d, 0x7b, 0xe8, 0xa7, 0x45, 0xdf, 0x15, 0xc0, 0xbd, + 0xf4, 0x90, 0xc1, 0x09, 0x10, 0xa6, 0x8f, 0xa2, 0x1c, 0xde, 0xf5, 0xdc, 0x21, 0x54, 0xfa, 0xaf, + 0x78, 0x86, 0x43, 0xa8, 0x98, 0xc6, 0x09, 0x92, 0xbf, 0x59, 0x09, 0x99, 0x59, 0x93, 0xf3, 0x36, + 0xf4, 0x10, 0xcb, 0x3e, 0xb2, 0x55, 0xe4, 0x28, 0x56, 0x33, 0xb7, 0x6e, 0xfa, 0xcf, 0x42, 0xb8, + 0x45, 0xa7, 0xff, 0x64, 0xe4, 0xeb, 0xe0, 0xa2, 0x45, 0xd3, 0xa0, 0x68, 0x90, 0x84, 0x2c, 0xde, + 0xa0, 0x92, 0x26, 0x3f, 0x9b, 0xa7, 0xa6, 0xec, 0xab, 0x05, 0x28, 0x5a, 0x23, 0x1d, 0x91, 0x4b, + 0x4c, 0x9a, 0x00, 0xd7, 0x2c, 0x0d, 0x8f, 0xf9, 0xcc, 0x6e, 0x66, 0x6e, 0xd8, 0x29, 0x4f, 0xed, + 0xcc, 0x25, 0x4e, 0x7b, 0x8b, 0xe7, 0xa1, 0x72, 0x0a, 0x88, 0xf8, 0x15, 0x80, 0xe1, 0xb8, 0x95, + 0xb9, 0xce, 0xd3, 0x5f, 0xe0, 0xd9, 0x3a, 0x67, 0xbc, 0xd2, 0xff, 0x8a, 0x40, 0x9d, 0x48, 0x74, + 0x6f, 0xfc, 0x46, 0xf2, 0x87, 0xb1, 0xd1, 0x95, 0xf1, 0x76, 0xde, 0xdb, 0xeb, 0xa4, 0x9f, 0xd5, + 0x0e, 0xdd, 0x5e, 0x53, 0x88, 0xa4, 0x4f, 0x01, 0x5f, 0x2c, 0x84, 0xa3, 0x0a, 0x86, 0x62, 0x89, + 0x4a, 0x7d, 0x27, 0x63, 0xd9, 0x87, 0x2b, 0x1e, 0xaa, 0x05, 0x78, 0xc1, 0x1a, 0x6e, 0x97, 0x3a, + 0xe0, 0x2a, 0x1f, 0x9b, 0x38, 0xa8, 0x64, 0xe1, 0x43, 0xf1, 0x4e, 0xc6, 0xcb, 0xfd, 0xe4, 0xfa, + 0x83, 0x6a, 0x01, 0x5e, 0xb1, 0xd2, 0x7a, 0xa5, 0x3d, 0x70, 0x65, 0xf0, 0x4a, 0xc2, 0x1c, 0x23, + 0x5b, 0xce, 0xbb, 0x54, 0xd8, 0xdb, 0x13, 0x85, 0xa5, 0xe4, 0x36, 0xaa, 0x05, 0x78, 0xc9, 0x4f, + 0x49, 0x79, 0x1c, 0x83, 0xeb, 0x13, 0x1e, 0xd7, 0x99, 0xa8, 0x7b, 0x19, 0xf3, 0x9a, 0x9c, 0x10, + 0x20, 0x0e, 0x7f, 0x7f, 0x72, 0xba, 0x60, 0x0f, 0xf0, 0x59, 0x23, 0x9e, 0x31, 0xf3, 0x59, 0x69, + 0x45, 0xf1, 0x7e, 0xc6, 0xe4, 0x52, 0xca, 0x31, 0xc8, 0xe4, 0xac, 0x94, 0x2a, 0x8d, 0x1a, 0x38, + 0x1f, 0xcb, 0xa0, 0xab, 0xf4, 0x80, 0x8e, 0x7d, 0x2f, 0x73, 0x6c, 0x42, 0x5c, 0x2d, 0xc0, 0x73, + 0x56, 0xb2, 0x90, 0x62, 0x17, 0x48, 0xc9, 0xe4, 0x1e, 0x5b, 0x91, 0xe2, 0xc3, 0x8c, 0x3a, 0xaa, + 0xd1, 0x42, 0x06, 0xea, 0x4d, 0x46, 0x8b, 0x1b, 0x46, 0x86, 0xee, 0xd3, 0x94, 0x7b, 0xf1, 0x51, + 0xee, 0xa1, 0x59, 0x8e, 0x7e, 0x78, 0x68, 0x9e, 0xb7, 0x1f, 0x19, 0xda, 0xa1, 0x19, 0xcf, 0xe2, + 0x5a, 0xee, 0xa1, 0x59, 0x8a, 0x74, 0x78, 0x68, 0x9e, 0x36, 0x6d, 0x83, 0xe5, 0xe4, 0xd0, 0x2c, + 0x0d, 0x1b, 0xe9, 0xe5, 0xad, 0x8c, 0x77, 0x81, 0xf4, 0x4a, 0x86, 0x6a, 0x01, 0x2e, 0x59, 0xe9, + 0x35, 0x0e, 0xe9, 0xd2, 0xb8, 0xaa, 0xde, 0xfe, 0x9c, 0xd2, 0x62, 0x85, 0x8d, 0x49, 0xe3, 0x6a, + 0x4b, 0x97, 0xc6, 0xb5, 0xf7, 0xce, 0xe7, 0x94, 0x16, 0xeb, 0x70, 0x4c, 0x1a, 0xd7, 0x64, 0x07, + 0x5c, 0x4b, 0x4a, 0xa3, 0x55, 0x06, 0x01, 0x39, 0x2d, 0xfb, 0x01, 0xf6, 0x8b, 0xeb, 0xb9, 0xc5, + 0x25, 0x6b, 0x1d, 0x86, 0xc5, 0x0d, 0x55, 0x41, 0xfc, 0x86, 0x00, 0x4a, 0xc9, 0x00, 0x21, 0x99, + 0x49, 0x1a, 0x3c, 0xb3, 0x14, 0x37, 0x32, 0xdf, 0x64, 0x33, 0x4b, 0xec, 0xd9, 0x9b, 0x6c, 0x4c, + 0x66, 0x8f, 0x93, 0x49, 0x87, 0xe0, 0x6a, 0xca, 0x0b, 0x0b, 0x76, 0x6d, 0x5c, 0x7c, 0x37, 0x33, + 0xc4, 0x9e, 0x50, 0xe0, 0xce, 0x42, 0xec, 0x91, 0x4e, 0xd7, 0xc6, 0xa3, 0xc2, 0xa2, 0x70, 0xd3, + 0x73, 0x70, 0xf1, 0x71, 0x6e, 0x61, 0x23, 0x45, 0xe5, 0xc3, 0xc2, 0x06, 0x9d, 0xd2, 0xd7, 0xc0, + 0xc5, 0xd0, 0x3a, 0xe0, 0xe7, 0x10, 0x26, 0x07, 0xa2, 0x7f, 0x52, 0xdc, 0xcc, 0x38, 0x8b, 0xd2, + 0x12, 0x8e, 0xe4, 0x2c, 0x0a, 0xad, 0x83, 0x64, 0xbb, 0x14, 0x82, 0x6b, 0x01, 0x4f, 0xcf, 0x20, + 0x9f, 0x8e, 0x84, 0x0e, 0x30, 0x7d, 0xc8, 0xee, 0xb7, 0xc3, 0xe2, 0x93, 0x8c, 0x27, 0xa9, 0x69, + 0x99, 0x9d, 0x6a, 0x01, 0x5e, 0x0d, 0xd2, 0xfb, 0x47, 0xb7, 0x05, 0x2f, 0x70, 0xe0, 0x5b, 0xfe, + 0xbd, 0xdc, 0x76, 0x9a, 0x2c, 0x8b, 0x19, 0xb6, 0xd3, 0xa1, 0x82, 0x99, 0x74, 0x69, 0x7c, 0x13, + 0x7e, 0xe9, 0x73, 0x4a, 0x4b, 0xdb, 0x84, 0x43, 0x55, 0x20, 0x7b, 0xe0, 0x4a, 0x64, 0x18, 0x27, + 0x68, 0x1f, 0x87, 0xf6, 0x4b, 0x7e, 0x06, 0x7e, 0x39, 0xe3, 0x44, 0x4a, 0x49, 0x6f, 0x91, 0x13, + 0xc9, 0x49, 0xc9, 0x7a, 0x7d, 0x6f, 0xe4, 0x35, 0x8f, 0x1b, 0xe0, 0x40, 0x2e, 0xbb, 0xe3, 0x17, + 0xdf, 0xcf, 0xfd, 0x78, 0x36, 0xf9, 0xb7, 0x91, 0xc3, 0x4f, 0x7a, 0xa9, 0x74, 0xd2, 0xb7, 0x46, + 0x6e, 0xf6, 0x87, 0xfd, 0x3d, 0x4c, 0x93, 0xb3, 0x43, 0xd7, 0x84, 0xa7, 0xb9, 0x1f, 0x38, 0xc7, + 0x7f, 0xb2, 0x3e, 0xfc, 0xc0, 0x49, 0xfb, 0x0f, 0x87, 0xae, 0x07, 0xdf, 0x4e, 0x57, 0x89, 0xd5, + 0xeb, 0xd1, 0x67, 0xd6, 0xf8, 0x81, 0xf3, 0x2b, 0x99, 0x2f, 0xdc, 0xd3, 0x7e, 0xfb, 0x30, 0xec, + 0x88, 0x52, 0x7f, 0x1d, 0xd1, 0x03, 0x2b, 0xdc, 0xda, 0x0e, 0x7c, 0xab, 0xf7, 0x92, 0x5e, 0xe9, + 0x02, 0xdb, 0x8a, 0x22, 0xa1, 0x0f, 0xa8, 0xfc, 0x77, 0x33, 0xec, 0x6d, 0x2c, 0x5f, 0x4f, 0x76, + 0x93, 0x95, 0xe8, 0x3a, 0x0e, 0x06, 0xa9, 0xfc, 0xef, 0xb3, 0x8b, 0xda, 0x90, 0x54, 0xdb, 0xf7, + 0x8e, 0xbb, 0xe8, 0xe7, 0xf0, 0x31, 0x6e, 0x23, 0xc7, 0xdd, 0xdf, 0xa7, 0x57, 0xe0, 0xe2, 0x87, + 0x99, 0xf6, 0x90, 0x9d, 0x41, 0x66, 0xf6, 0x30, 0x95, 0x4e, 0xfa, 0x59, 0x70, 0x85, 0x16, 0x71, + 0xd0, 0xbc, 0x29, 0xcd, 0x79, 0xf2, 0xd9, 0x7f, 0x94, 0x95, 0xa9, 0x1c, 0x4b, 0xbf, 0x56, 0x0b, + 0x50, 0xea, 0x8f, 0xb5, 0x6e, 0x9d, 0x06, 0xf3, 0x94, 0xeb, 0xd9, 0xdc, 0xc2, 0x8c, 0x38, 0x4b, + 0x6c, 0x23, 0xbe, 0x31, 0x10, 0xff, 0x15, 0x25, 0x17, 0xe8, 0xfd, 0x70, 0xed, 0x2f, 0x2f, 0x0c, + 0xfe, 0xed, 0x25, 0x0a, 0x6a, 0xa5, 0xdb, 0x60, 0xb5, 0xac, 0x19, 0x8a, 0xfe, 0x5c, 0x85, 0x08, + 0xaa, 0x86, 0xde, 0x82, 0xca, 0xe8, 0x6f, 0xb5, 0xaf, 0x83, 0xe2, 0x38, 0x89, 0xa1, 0xc2, 0xe7, + 0x2a, 0x14, 0x05, 0xe9, 0x16, 0xb8, 0x3e, 0xde, 0xbb, 0xd3, 0xda, 0x52, 0x61, 0x43, 0x35, 0x55, + 0x43, 0x9c, 0x91, 0x9e, 0x80, 0x8d, 0x71, 0x8a, 0xb2, 0x6c, 0xca, 0x5b, 0xb2, 0xa1, 0xa2, 0xa6, + 0x6e, 0x98, 0x15, 0xa8, 0x1a, 0xc8, 0x50, 0x6b, 0xdb, 0xa8, 0xaa, 0x1b, 0xa6, 0x5a, 0x16, 0x67, + 0xa5, 0x77, 0xc1, 0xdb, 0x53, 0x98, 0xea, 0xbb, 0xc6, 0x27, 0xb5, 0x21, 0x8e, 0x39, 0x69, 0x13, + 0xac, 0x4f, 0xe3, 0xd0, 0x1b, 0x15, 0xbd, 0xbc, 0x35, 0xc4, 0x33, 0x2f, 0xbd, 0x05, 0x1e, 0xe4, + 0x81, 0x06, 0xcb, 0x86, 0x78, 0x4a, 0x7a, 0x08, 0xee, 0x66, 0x42, 0x22, 0x94, 0xa7, 0xa5, 0xfb, + 0xa0, 0x34, 0x4e, 0x29, 0x37, 0x9b, 0x35, 0x4d, 0x91, 0x4d, 0x4d, 0x6f, 0xa0, 0xaa, 0x69, 0x36, + 0xc5, 0x05, 0xe9, 0x1e, 0xb8, 0x3d, 0x9d, 0xce, 0x54, 0x9a, 0xe2, 0x99, 0x74, 0xb2, 0x17, 0x5a, + 0xa3, 0xac, 0xbf, 0x30, 0x50, 0x59, 0x35, 0x76, 0x4c, 0xbd, 0x29, 0x02, 0xe9, 0x6d, 0xf0, 0x70, + 0x0a, 0x3e, 0xe3, 0x93, 0x1a, 0x5b, 0x33, 0x8a, 0xf1, 0x6c, 0x86, 0x82, 0x07, 0x53, 0x57, 0xcb, + 0x46, 0x55, 0xdb, 0x36, 0xc5, 0x73, 0xd2, 0x7b, 0xe0, 0xdd, 0x5c, 0xe3, 0x27, 0x55, 0x7c, 0x3e, + 0x43, 0x0e, 0x54, 0xcb, 0xda, 0xf0, 0xd2, 0x2f, 0xe6, 0x5d, 0x94, 0x8a, 0xd2, 0x14, 0x2f, 0xe4, + 0x5a, 0x14, 0x42, 0x29, 0xe6, 0x56, 0x0f, 0xa1, 0xbe, 0x28, 0x7d, 0x08, 0xde, 0xff, 0x3c, 0xea, + 0xe1, 0xfb, 0xa1, 0xa6, 0x1a, 0x86, 0x28, 0x49, 0xef, 0x80, 0x47, 0x79, 0x98, 0xe5, 0x4f, 0x5b, + 0x50, 0x15, 0x2f, 0x49, 0x0f, 0xc0, 0x9d, 0x29, 0xe4, 0xe5, 0xdd, 0x86, 0x5c, 0xd7, 0xcb, 0x5b, + 0xe2, 0xe5, 0x0c, 0x13, 0x57, 0x64, 0xc3, 0x90, 0x1b, 0x65, 0x28, 0xa3, 0x1d, 0x75, 0xd7, 0x68, + 0xca, 0x8a, 0x6a, 0x88, 0x57, 0x32, 0x56, 0x6d, 0xc0, 0x93, 0x5c, 0x83, 0x25, 0xe9, 0x29, 0x78, + 0x6f, 0x0a, 0x97, 0x5a, 0x93, 0x0d, 0x53, 0x53, 0x0c, 0x55, 0x86, 0x4a, 0x75, 0x88, 0xf3, 0x6a, + 0xae, 0xf5, 0xe6, 0xfc, 0xb2, 0x52, 0x55, 0xc5, 0x62, 0x86, 0xb6, 0x18, 0x47, 0x5d, 0xad, 0xeb, + 0x70, 0xb7, 0xbc, 0x25, 0x2e, 0xe7, 0x12, 0x40, 0x35, 0x8b, 0x98, 0x80, 0x6b, 0x19, 0x93, 0x61, + 0x1c, 0x4a, 0xad, 0x65, 0x98, 0x23, 0xc6, 0xbb, 0x22, 0xad, 0x81, 0xfb, 0x99, 0xd6, 0xc5, 0x56, + 0xf1, 0xba, 0xb4, 0x0e, 0xd6, 0x72, 0xd9, 0x17, 0xa3, 0x5f, 0xcd, 0x58, 0xcc, 0x01, 0x7d, 0x5d, + 0x53, 0xa0, 0x6e, 0xe8, 0xdb, 0xa6, 0x78, 0x43, 0xfa, 0x32, 0xd8, 0x9c, 0xb6, 0x98, 0xba, 0xb2, + 0x03, 0x75, 0x59, 0xa9, 0x8e, 0xf8, 0xb9, 0x9b, 0x19, 0xb6, 0x1f, 0xf9, 0x46, 0xd9, 0xac, 0xc9, + 0x86, 0x78, 0x2b, 0x63, 0x4f, 0x19, 0x0d, 0xfd, 0xc5, 0x76, 0x4d, 0xde, 0x51, 0xc5, 0xdb, 0x13, + 0xc6, 0xd5, 0x95, 0x84, 0x76, 0xcb, 0x06, 0x6a, 0x42, 0xfd, 0xab, 0xbb, 0x62, 0x69, 0x82, 0x29, + 0x26, 0xa9, 0xab, 0x5a, 0xa5, 0x8a, 0xe4, 0xe7, 0xb2, 0x56, 0x93, 0xb7, 0xb4, 0x9a, 0x66, 0xee, + 0x8a, 0x77, 0xa4, 0xf7, 0xc1, 0x93, 0x0c, 0x2e, 0xba, 0x43, 0x34, 0x05, 0x41, 0xb5, 0xa2, 0x19, + 0x26, 0xa4, 0xae, 0x53, 0xbc, 0x9b, 0xee, 0x85, 0x0d, 0xb9, 0x5e, 0x4b, 0xba, 0x58, 0xf1, 0x9e, + 0x54, 0x02, 0x37, 0xc6, 0xe9, 0x54, 0x65, 0x93, 0xfd, 0x2b, 0x49, 0x43, 0x51, 0xc5, 0xfb, 0x13, + 0x8c, 0x4e, 0x57, 0x46, 0xdd, 0x30, 0x6a, 0xe8, 0x0d, 0x24, 0x97, 0xc5, 0x07, 0xd2, 0x5d, 0x70, + 0x6b, 0xda, 0xb9, 0x48, 0xff, 0xad, 0xe2, 0x61, 0xba, 0xed, 0x27, 0x4f, 0x00, 0xf9, 0x85, 0x81, + 0x14, 0xbd, 0x61, 0xe8, 0x35, 0x55, 0x7c, 0xb4, 0xf6, 0x87, 0x02, 0x58, 0x1c, 0xfe, 0xb3, 0x33, + 0xe9, 0x26, 0x58, 0x89, 0x47, 0x30, 0x4c, 0xd9, 0x6c, 0x19, 0x23, 0xc7, 0xf7, 0x0a, 0xb8, 0x3a, + 0x4a, 0x60, 0xb4, 0x14, 0x85, 0x78, 0x2a, 0x21, 0xb5, 0x73, 0x47, 0x6b, 0x36, 0xd5, 0xb2, 0x38, + 0x23, 0x2d, 0x83, 0x2b, 0xa3, 0x9d, 0x2a, 0x84, 0x3a, 0x14, 0x67, 0xd3, 0xf8, 0xe4, 0x2d, 0x1d, + 0xd2, 0x93, 0x78, 0xed, 0xef, 0x67, 0xc0, 0xac, 0x62, 0xca, 0xd2, 0x25, 0x70, 0x41, 0x31, 0xe5, + 0xf1, 0xbf, 0x95, 0x21, 0x8d, 0x72, 0xcb, 0xac, 0x92, 0x89, 0x35, 0x54, 0xc5, 0xd4, 0x49, 0x1c, + 0x71, 0x15, 0x5c, 0xa2, 0xed, 0x8a, 0xa9, 0x3d, 0x27, 0xe1, 0x85, 0x61, 0x68, 0x7a, 0x83, 0x84, + 0x0f, 0x71, 0x07, 0x81, 0x8c, 0xa0, 0xfa, 0x49, 0x4b, 0x35, 0x4c, 0x43, 0x9c, 0x8d, 0x3a, 0x9a, + 0x50, 0xad, 0x6b, 0xad, 0x3a, 0x32, 0x5a, 0xcd, 0xa6, 0x0e, 0x4d, 0x71, 0x2e, 0xea, 0x30, 0x21, + 0xd9, 0xd2, 0x65, 0x54, 0x56, 0x9f, 0x6b, 0xc4, 0x17, 0xce, 0x47, 0xb2, 0x5b, 0xcd, 0x0a, 0x94, + 0xcb, 0x2a, 0xda, 0x92, 0x1b, 0x0d, 0x15, 0x8a, 0xa7, 0x22, 0x86, 0x2d, 0xad, 0x56, 0xd3, 0x1a, + 0x15, 0x64, 0xb4, 0xea, 0x75, 0x19, 0xee, 0x8a, 0xa7, 0xa3, 0x19, 0x70, 0xd9, 0x35, 0xcd, 0x30, + 0xc5, 0x05, 0xfa, 0xe7, 0x23, 0x83, 0xc6, 0xba, 0xde, 0xd0, 0x4c, 0x1d, 0x6a, 0x8d, 0x8a, 0x78, + 0x86, 0xfe, 0xad, 0x89, 0x29, 0x23, 0xf5, 0xab, 0xa6, 0x0a, 0x1b, 0x72, 0x0d, 0xc9, 0xad, 0xb2, + 0x66, 0x22, 0xc3, 0xd4, 0xa1, 0x5c, 0x51, 0x45, 0x10, 0x01, 0xd0, 0x77, 0x08, 0x0a, 0x83, 0xe8, + 0x6e, 0xb7, 0xa1, 0x88, 0x67, 0x25, 0x11, 0x9c, 0xa3, 0x7c, 0x0d, 0x13, 0xca, 0x48, 0x2b, 0x8b, + 0xe7, 0xa4, 0x8b, 0xe0, 0x7c, 0x4c, 0x69, 0x28, 0x5a, 0x5d, 0x3c, 0xbf, 0xf6, 0x4f, 0x0b, 0xe0, + 0x4a, 0x6a, 0x29, 0x3a, 0x39, 0x40, 0xb4, 0x86, 0xa9, 0x56, 0x98, 0xe9, 0x23, 0xb5, 0x01, 0xf5, + 0x5a, 0x0d, 0xed, 0x68, 0x8d, 0xd1, 0x7f, 0x65, 0xb9, 0x0d, 0x56, 0x27, 0x11, 0x1a, 0x35, 0x59, + 0xd9, 0x11, 0x05, 0x62, 0xb7, 0x93, 0x48, 0x88, 0x2d, 0xea, 0x5a, 0x59, 0x11, 0x67, 0x48, 0x48, + 0x32, 0x89, 0xaa, 0x29, 0x57, 0x54, 0x58, 0x6e, 0x99, 0xbb, 0xe2, 0xec, 0x34, 0x79, 0x6a, 0x5d, + 0xd6, 0x6a, 0xe2, 0x1c, 0x89, 0x1f, 0x27, 0x91, 0x3c, 0xd3, 0xa0, 0x2c, 0xce, 0x4b, 0x77, 0xc0, + 0xcd, 0x49, 0x14, 0xd4, 0x06, 0x61, 0x59, 0x3c, 0x45, 0x36, 0xfb, 0x24, 0xa2, 0xba, 0x6c, 0x9a, + 0x2a, 0xac, 0xeb, 0x86, 0x29, 0x9e, 0x9e, 0x36, 0xbd, 0xba, 0x81, 0x4c, 0x55, 0xae, 0x1b, 0xe2, + 0xc2, 0x34, 0x2a, 0xbd, 0x69, 0x54, 0xd4, 0x86, 0xa6, 0x8a, 0x67, 0xa6, 0x41, 0x27, 0xeb, 0x26, + 0x82, 0xa9, 0x93, 0x93, 0xeb, 0xdb, 0xe2, 0xd9, 0xe9, 0xb8, 0x95, 0xaa, 0xd6, 0x50, 0x99, 0x3d, + 0x7c, 0x09, 0x3c, 0xce, 0xa6, 0x43, 0x15, 0xcd, 0xac, 0xb6, 0xb6, 0xe8, 0x26, 0x22, 0x9b, 0xe7, + 0xbc, 0xb4, 0x01, 0xde, 0xca, 0xc1, 0xa6, 0x68, 0x50, 0xa9, 0xa9, 0x8a, 0x26, 0x2e, 0x12, 0x87, + 0x94, 0x4f, 0x4e, 0x4d, 0xde, 0x12, 0x2f, 0x90, 0x43, 0x2f, 0x07, 0xf9, 0x33, 0xb5, 0xb1, 0xa3, + 0x35, 0x0c, 0x51, 0xcc, 0x49, 0x2f, 0x37, 0x0c, 0x6d, 0xab, 0xa6, 0x8a, 0x17, 0xa7, 0xa9, 0x87, + 0x1c, 0x8f, 0x9a, 0xa2, 0x36, 0xf4, 0x17, 0xa2, 0x34, 0x6d, 0xc1, 0xe2, 0x4d, 0x75, 0x89, 0x1c, + 0x25, 0x13, 0x2d, 0x49, 0x36, 0xe5, 0xb2, 0x5e, 0x41, 0x5a, 0x43, 0xd1, 0xca, 0x6a, 0xc3, 0x44, + 0x75, 0xb9, 0x21, 0x57, 0xd4, 0xba, 0xda, 0x30, 0xc5, 0xcb, 0x24, 0x0e, 0xc8, 0x03, 0xfb, 0x05, + 0x09, 0xb8, 0xf2, 0xd1, 0x92, 0x28, 0x73, 0x89, 0x9c, 0x9f, 0x79, 0xc6, 0xa5, 0x11, 0x03, 0x0d, + 0xad, 0x72, 0x50, 0xd3, 0xc8, 0xaf, 0x46, 0x42, 0xf6, 0xa2, 0xf4, 0x18, 0xbc, 0x93, 0x83, 0x23, + 0x71, 0x5b, 0x5b, 0x5e, 0xfb, 0x18, 0x9c, 0xe6, 0x69, 0x08, 0xe2, 0x16, 0xb7, 0x55, 0xd9, 0x24, + 0xa1, 0xd4, 0xd8, 0x91, 0x12, 0x75, 0x8c, 0x3a, 0x59, 0x61, 0xed, 0xf7, 0x05, 0xb0, 0x32, 0xe5, + 0x47, 0x02, 0xc4, 0xc2, 0x22, 0x66, 0xa8, 0x2a, 0x7a, 0xbd, 0xae, 0x36, 0xca, 0x0c, 0x5e, 0xea, + 0xf1, 0xb5, 0x06, 0xee, 0x4f, 0x27, 0x6f, 0xe8, 0x26, 0xa3, 0x15, 0x88, 0xb5, 0x4c, 0xa7, 0x2d, + 0xeb, 0x0d, 0x55, 0x9c, 0xd9, 0xfa, 0xfa, 0xdf, 0xfc, 0xf8, 0x86, 0xf0, 0xb7, 0x3f, 0xbe, 0x21, + 0xfc, 0xe3, 0x8f, 0x6f, 0x08, 0x9f, 0xea, 0x07, 0x6e, 0xf8, 0xb2, 0xbf, 0xb7, 0x6e, 0x7b, 0x9d, + 0x8d, 0x03, 0xdf, 0x3a, 0x72, 0x59, 0x9a, 0xda, 0x6a, 0x6f, 0xc4, 0xff, 0xf2, 0x6b, 0xf5, 0xdc, + 0x8d, 0x03, 0xdc, 0xdd, 0xa0, 0x3f, 0xe8, 0xd8, 0x38, 0xf0, 0x46, 0xfe, 0xf6, 0xf7, 0xc3, 0xc4, + 0xd7, 0xa3, 0xc7, 0x7b, 0xa7, 0x28, 0xd9, 0x93, 0xff, 0x0d, 0x00, 0x00, 0xff, 0xff, 0x1d, 0x20, + 0x6f, 0x36, 0x26, 0x58, 0x00, 0x00, } func (m *UIBannerClickEvent) Marshal() (dAtA []byte, err error) { @@ -8688,6 +8826,59 @@ func (m *DiscoveryFetchEvent) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *UserTaskStateEvent) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *UserTaskStateEvent) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *UserTaskStateEvent) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.InstancesCount != 0 { + i = encodeVarintUsageevents(dAtA, i, uint64(m.InstancesCount)) + i-- + dAtA[i] = 0x20 + } + if len(m.State) > 0 { + i -= len(m.State) + copy(dAtA[i:], m.State) + i = encodeVarintUsageevents(dAtA, i, uint64(len(m.State))) + i-- + dAtA[i] = 0x1a + } + if len(m.IssueType) > 0 { + i -= len(m.IssueType) + copy(dAtA[i:], m.IssueType) + i = encodeVarintUsageevents(dAtA, i, uint64(len(m.IssueType))) + i-- + dAtA[i] = 0x12 + } + if len(m.TaskType) > 0 { + i -= len(m.TaskType) + copy(dAtA[i:], m.TaskType) + i = encodeVarintUsageevents(dAtA, i, uint64(len(m.TaskType))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + func (m *UsageEventOneOf) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -10030,6 +10221,29 @@ func (m *UsageEventOneOf_UiAccessGraphCrownJewelDiffView) MarshalToSizedBuffer(d } return len(dAtA) - i, nil } +func (m *UsageEventOneOf_UserTaskStateEvent) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *UsageEventOneOf_UserTaskStateEvent) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + if m.UserTaskStateEvent != nil { + { + size, err := m.UserTaskStateEvent.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintUsageevents(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x3 + i-- + dAtA[i] = 0xe2 + } + return len(dAtA) - i, nil +} func encodeVarintUsageevents(dAtA []byte, offset int, v uint64) int { offset -= sovUsageevents(v) base := offset @@ -11355,6 +11569,33 @@ func (m *DiscoveryFetchEvent) Size() (n int) { return n } +func (m *UserTaskStateEvent) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.TaskType) + if l > 0 { + n += 1 + l + sovUsageevents(uint64(l)) + } + l = len(m.IssueType) + if l > 0 { + n += 1 + l + sovUsageevents(uint64(l)) + } + l = len(m.State) + if l > 0 { + n += 1 + l + sovUsageevents(uint64(l)) + } + if m.InstancesCount != 0 { + n += 1 + sovUsageevents(uint64(m.InstancesCount)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func (m *UsageEventOneOf) Size() (n int) { if m == nil { return 0 @@ -12066,6 +12307,18 @@ func (m *UsageEventOneOf_UiAccessGraphCrownJewelDiffView) Size() (n int) { } return n } +func (m *UsageEventOneOf_UserTaskStateEvent) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.UserTaskStateEvent != nil { + l = m.UserTaskStateEvent.Size() + n += 2 + l + sovUsageevents(uint64(l)) + } + return n +} func sovUsageevents(x uint64) (n int) { return (math_bits.Len64(x|1) + 6) / 7 @@ -19759,6 +20012,172 @@ func (m *DiscoveryFetchEvent) Unmarshal(dAtA []byte) error { } return nil } +func (m *UserTaskStateEvent) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowUsageevents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: UserTaskStateEvent: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: UserTaskStateEvent: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TaskType", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowUsageevents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthUsageevents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthUsageevents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.TaskType = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field IssueType", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowUsageevents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthUsageevents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthUsageevents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.IssueType = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field State", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowUsageevents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthUsageevents + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthUsageevents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.State = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field InstancesCount", wireType) + } + m.InstancesCount = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowUsageevents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.InstancesCount |= int32(b&0x7F) << shift + if b < 0x80 { + break + } + } + default: + iNdEx = preIndex + skippy, err := skipUsageevents(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthUsageevents + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *UsageEventOneOf) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -21818,6 +22237,41 @@ func (m *UsageEventOneOf) Unmarshal(dAtA []byte) error { } m.Event = &UsageEventOneOf_UiAccessGraphCrownJewelDiffView{v} iNdEx = postIndex + case 60: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserTaskStateEvent", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowUsageevents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthUsageevents + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthUsageevents + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &UserTaskStateEvent{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Event = &UsageEventOneOf_UserTaskStateEvent{v} + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipUsageevents(dAtA[iNdEx:]) diff --git a/api/mfa/ceremony.go b/api/mfa/ceremony.go index 09fd11c910271..67b55e8fea379 100644 --- a/api/mfa/ceremony.go +++ b/api/mfa/ceremony.go @@ -25,32 +25,35 @@ import ( mfav1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/mfa/v1" ) -// MFACeremonyClient is a client that can perform an MFA ceremony, from retrieving -// the MFA challenge to prompting for an MFA response from the user. -type MFACeremonyClient interface { - // CreateAuthenticateChallenge creates and returns MFA challenges for a users registered MFA devices. - CreateAuthenticateChallenge(ctx context.Context, in *proto.CreateAuthenticateChallengeRequest) (*proto.MFAAuthenticateChallenge, error) - // PromptMFA prompts the user for MFA. - PromptMFA(ctx context.Context, chal *proto.MFAAuthenticateChallenge, promptOpts ...PromptOpt) (*proto.MFAAuthenticateResponse, error) +// Ceremony is an MFA ceremony. +type Ceremony struct { + // CreateAuthenticateChallenge creates an authentication challenge. + CreateAuthenticateChallenge CreateAuthenticateChallengeFunc + // PromptConstructor creates a prompt to prompt the user to solve an authentication challenge. + PromptConstructor PromptConstructor } -// PerformMFACeremony retrieves an MFA challenge from the server with the given challenge extensions -// and prompts the user to answer the challenge with the given promptOpts, and ultimately returning -// an MFA challenge response for the user. -func PerformMFACeremony(ctx context.Context, clt MFACeremonyClient, challengeRequest *proto.CreateAuthenticateChallengeRequest, promptOpts ...PromptOpt) (*proto.MFAAuthenticateResponse, error) { - if challengeRequest == nil { - return nil, trace.BadParameter("missing challenge request") - } - - if challengeRequest.ChallengeExtensions == nil { +// CreateAuthenticateChallengeFunc is a function that creates an authentication challenge. +type CreateAuthenticateChallengeFunc func(ctx context.Context, req *proto.CreateAuthenticateChallengeRequest) (*proto.MFAAuthenticateChallenge, error) + +// Run the MFA ceremony. +// +// req may be nil if ceremony.CreateAuthenticateChallenge does not require it, e.g. in +// the moderated session mfa ceremony which uses a custom stream rpc to create challenges. +func (c *Ceremony) Run(ctx context.Context, req *proto.CreateAuthenticateChallengeRequest, promptOpts ...PromptOpt) (*proto.MFAAuthenticateResponse, error) { + switch { + case c.CreateAuthenticateChallenge == nil: + return nil, trace.BadParameter("mfa ceremony must have CreateAuthenticateChallenge set in order to begin") + case req == nil: + // req may be nil in cases where the ceremony's CreateAuthenticateChallenge sources + // its own req or uses a different rpc, e.g. moderated sessions. + case req.ChallengeExtensions == nil: return nil, trace.BadParameter("missing challenge extensions") - } - - if challengeRequest.ChallengeExtensions.Scope == mfav1.ChallengeScope_CHALLENGE_SCOPE_UNSPECIFIED { + case req.ChallengeExtensions.Scope == mfav1.ChallengeScope_CHALLENGE_SCOPE_UNSPECIFIED: return nil, trace.BadParameter("mfa challenge scope must be specified") } - chal, err := clt.CreateAuthenticateChallenge(ctx, challengeRequest) + chal, err := c.CreateAuthenticateChallenge(ctx, req) if err != nil { // CreateAuthenticateChallenge returns a bad parameter error when the client // user is not a Teleport user - for example, the AdminRole. Treat this as an MFA @@ -67,21 +70,26 @@ func PerformMFACeremony(ctx context.Context, clt MFACeremonyClient, challengeReq return nil, &ErrMFANotRequired } - return clt.PromptMFA(ctx, chal, promptOpts...) + if c.PromptConstructor == nil { + return nil, trace.Wrap(&ErrMFANotSupported, "mfa ceremony must have PromptConstructor set in order to succeed") + } + + resp, err := c.PromptConstructor(promptOpts...).Run(ctx, chal) + return resp, trace.Wrap(err) } -type MFACeremony func(ctx context.Context, challengeRequest *proto.CreateAuthenticateChallengeRequest, promptOpts ...PromptOpt) (*proto.MFAAuthenticateResponse, error) +// CeremonyFn is a function that will carry out an MFA ceremony. +type CeremonyFn func(ctx context.Context, in *proto.CreateAuthenticateChallengeRequest, promptOpts ...PromptOpt) (*proto.MFAAuthenticateResponse, error) // PerformAdminActionMFACeremony retrieves an MFA challenge from the server for an admin // action, prompts the user to answer the challenge, and returns the resulting MFA response. -func PerformAdminActionMFACeremony(ctx context.Context, mfaCeremony MFACeremony, allowReuse bool) (*proto.MFAAuthenticateResponse, error) { +func PerformAdminActionMFACeremony(ctx context.Context, mfaCeremony CeremonyFn, allowReuse bool) (*proto.MFAAuthenticateResponse, error) { allowReuseExt := mfav1.ChallengeAllowReuse_CHALLENGE_ALLOW_REUSE_NO if allowReuse { allowReuseExt = mfav1.ChallengeAllowReuse_CHALLENGE_ALLOW_REUSE_YES } challengeRequest := &proto.CreateAuthenticateChallengeRequest{ - Request: &proto.CreateAuthenticateChallengeRequest_ContextUser{}, MFARequiredCheck: &proto.IsMFARequiredRequest{ Target: &proto.IsMFARequiredRequest_AdminAction{ AdminAction: &proto.AdminAction{}, @@ -93,5 +101,6 @@ func PerformAdminActionMFACeremony(ctx context.Context, mfaCeremony MFACeremony, }, } - return mfaCeremony(ctx, challengeRequest, WithPromptReasonAdminAction()) + resp, err := mfaCeremony(ctx, challengeRequest, WithPromptReasonAdminAction()) + return resp, trace.Wrap(err) } diff --git a/api/mfa/ceremony_test.go b/api/mfa/ceremony_test.go index 5e9df622534b7..7d94fd4de5327 100644 --- a/api/mfa/ceremony_test.go +++ b/api/mfa/ceremony_test.go @@ -21,6 +21,7 @@ import ( "errors" "testing" + "github.com/gravitational/trace" "github.com/stretchr/testify/assert" "github.com/gravitational/teleport/api/client/proto" @@ -32,6 +33,9 @@ func TestPerformMFACeremony(t *testing.T) { t.Parallel() ctx := context.Background() + testMFAChallenge := &proto.MFAAuthenticateChallenge{ + TOTP: &proto.TOTPChallenge{}, + } testMFAResponse := &proto.MFAAuthenticateResponse{ Response: &proto.MFAAuthenticateResponse_TOTP{ TOTP: &proto.TOTPResponse{ @@ -42,13 +46,20 @@ func TestPerformMFACeremony(t *testing.T) { for _, tt := range []struct { name string - ceremonyClient *fakeMFACeremonyClient + ceremony *mfa.Ceremony assertCeremonyResponse func(*testing.T, *proto.MFAAuthenticateResponse, error, ...interface{}) }{ { - name: "OK ceremony success", - ceremonyClient: &fakeMFACeremonyClient{ - challengeResponse: testMFAResponse, + name: "OK ceremony success prompt", + ceremony: &mfa.Ceremony{ + CreateAuthenticateChallenge: func(ctx context.Context, req *proto.CreateAuthenticateChallengeRequest) (*proto.MFAAuthenticateChallenge, error) { + return testMFAChallenge, nil + }, + PromptConstructor: func(po ...mfa.PromptOpt) mfa.Prompt { + return mfa.PromptFunc(func(ctx context.Context, chal *proto.MFAAuthenticateChallenge) (*proto.MFAAuthenticateResponse, error) { + return testMFAResponse, nil + }) + }, }, assertCeremonyResponse: func(t *testing.T, mr *proto.MFAAuthenticateResponse, err error, i ...interface{}) { assert.NoError(t, err) @@ -56,9 +67,17 @@ func TestPerformMFACeremony(t *testing.T) { }, }, { name: "OK ceremony not required", - ceremonyClient: &fakeMFACeremonyClient{ - challengeResponse: testMFAResponse, - mfaRequired: proto.MFARequired_MFA_REQUIRED_NO, + ceremony: &mfa.Ceremony{ + CreateAuthenticateChallenge: func(ctx context.Context, req *proto.CreateAuthenticateChallengeRequest) (*proto.MFAAuthenticateChallenge, error) { + return &proto.MFAAuthenticateChallenge{ + MFARequired: proto.MFARequired_MFA_REQUIRED_NO, + }, nil + }, + PromptConstructor: func(opts ...mfa.PromptOpt) mfa.Prompt { + return mfa.PromptFunc(func(ctx context.Context, chal *proto.MFAAuthenticateChallenge) (*proto.MFAAuthenticateResponse, error) { + return nil, trace.BadParameter("expected mfa not required") + }) + }, }, assertCeremonyResponse: func(t *testing.T, mr *proto.MFAAuthenticateResponse, err error, i ...interface{}) { assert.Error(t, err, mfa.ErrMFANotRequired) @@ -66,9 +85,15 @@ func TestPerformMFACeremony(t *testing.T) { }, }, { name: "NOK create challenge fail", - ceremonyClient: &fakeMFACeremonyClient{ - challengeResponse: testMFAResponse, - createAuthenticateChallengeErr: errors.New("create authenticate challenge failure"), + ceremony: &mfa.Ceremony{ + CreateAuthenticateChallenge: func(ctx context.Context, req *proto.CreateAuthenticateChallengeRequest) (*proto.MFAAuthenticateChallenge, error) { + return nil, errors.New("create authenticate challenge failure") + }, + PromptConstructor: func(opts ...mfa.PromptOpt) mfa.Prompt { + return mfa.PromptFunc(func(ctx context.Context, chal *proto.MFAAuthenticateChallenge) (*proto.MFAAuthenticateResponse, error) { + return nil, trace.BadParameter("expected challenge failure") + }) + }, }, assertCeremonyResponse: func(t *testing.T, mr *proto.MFAAuthenticateResponse, err error, i ...interface{}) { assert.ErrorContains(t, err, "create authenticate challenge failure") @@ -76,9 +101,15 @@ func TestPerformMFACeremony(t *testing.T) { }, }, { name: "NOK prompt mfa fail", - ceremonyClient: &fakeMFACeremonyClient{ - challengeResponse: testMFAResponse, - promptMFAErr: errors.New("prompt mfa failure"), + ceremony: &mfa.Ceremony{ + CreateAuthenticateChallenge: func(ctx context.Context, req *proto.CreateAuthenticateChallengeRequest) (*proto.MFAAuthenticateChallenge, error) { + return testMFAChallenge, nil + }, + PromptConstructor: func(po ...mfa.PromptOpt) mfa.Prompt { + return mfa.PromptFunc(func(ctx context.Context, chal *proto.MFAAuthenticateChallenge) (*proto.MFAAuthenticateResponse, error) { + return nil, errors.New("prompt mfa failure") + }) + }, }, assertCeremonyResponse: func(t *testing.T, mr *proto.MFAAuthenticateResponse, err error, i ...interface{}) { assert.ErrorContains(t, err, "prompt mfa failure") @@ -87,7 +118,7 @@ func TestPerformMFACeremony(t *testing.T) { }, } { t.Run(tt.name, func(t *testing.T) { - resp, err := mfa.PerformMFACeremony(ctx, tt.ceremonyClient, &proto.CreateAuthenticateChallengeRequest{ + resp, err := tt.ceremony.Run(ctx, &proto.CreateAuthenticateChallengeRequest{ ChallengeExtensions: &mfav1.ChallengeExtensions{ Scope: mfav1.ChallengeScope_CHALLENGE_SCOPE_ADMIN_ACTION, }, @@ -97,34 +128,3 @@ func TestPerformMFACeremony(t *testing.T) { }) } } - -type fakeMFACeremonyClient struct { - createAuthenticateChallengeErr error - promptMFAErr error - mfaRequired proto.MFARequired - challengeResponse *proto.MFAAuthenticateResponse -} - -func (c *fakeMFACeremonyClient) CreateAuthenticateChallenge(ctx context.Context, in *proto.CreateAuthenticateChallengeRequest) (*proto.MFAAuthenticateChallenge, error) { - if c.createAuthenticateChallengeErr != nil { - return nil, c.createAuthenticateChallengeErr - } - - chal := &proto.MFAAuthenticateChallenge{ - TOTP: &proto.TOTPChallenge{}, - } - - if in.MFARequiredCheck != nil { - chal.MFARequired = c.mfaRequired - } - - return chal, nil -} - -func (c *fakeMFACeremonyClient) PromptMFA(ctx context.Context, chal *proto.MFAAuthenticateChallenge, promptOpts ...mfa.PromptOpt) (*proto.MFAAuthenticateResponse, error) { - if c.promptMFAErr != nil { - return nil, c.promptMFAErr - } - - return c.challengeResponse, nil -} diff --git a/api/mfa/prompt.go b/api/mfa/prompt.go index 3d430e20f0ecb..e139ff561fa64 100644 --- a/api/mfa/prompt.go +++ b/api/mfa/prompt.go @@ -40,7 +40,7 @@ func (f PromptFunc) Run(ctx context.Context, chal *proto.MFAAuthenticateChalleng // PromptConstructor is a function that creates a new MFA prompt. type PromptConstructor func(...PromptOpt) Prompt -// PromptConfig contains common mfa prompt config options. +// PromptConfig contains universal mfa prompt config options. type PromptConfig struct { // PromptReason is an optional message to share with the user before an MFA Prompt. // It is intended to provide context about why the user is being prompted where it may diff --git a/api/proto/teleport/accesslist/v1/accesslist.proto b/api/proto/teleport/accesslist/v1/accesslist.proto index fabe0525bab0f..b83034160a9e7 100644 --- a/api/proto/teleport/accesslist/v1/accesslist.proto +++ b/api/proto/teleport/accesslist/v1/accesslist.proto @@ -30,50 +30,50 @@ message AccessList { // header is the header for the resource. teleport.header.v1.ResourceHeader header = 1; - // spec is the specification for the access list. + // spec is the specification for the Access List. AccessListSpec spec = 2; // status contains dynamically calculated fields. AccessListStatus status = 3; } -// AccessListSpec is the specification for an access list. +// AccessListSpec is the specification for an Access List. message AccessListSpec { reserved 7, 9, 10; reserved "members", "membership", "ownership"; - // description is an optional plaintext description of the access list. + // description is an optional plaintext description of the Access List. string description = 1; - // owners is a list of owners of the access list. + // owners is a list of owners of the Access List. repeated AccessListOwner owners = 2; - // audit describes the frequency that this access list must be audited. + // audit describes the frequency that this Access List must be audited. AccessListAudit audit = 3; // membership_requires describes the requirements for a user to be a member of - // the access list. For a membership to an access list to be effective, the + // the Access List. For a membership to an Access List to be effective, the // user must meet the requirements of Membership_requires and must be in the // members list. AccessListRequires membership_requires = 4; // ownership_requires describes the requirements for a user to be an owner of - // the access list. For ownership of an access list to be effective, the user + // the Access List. For ownership of an Access List to be effective, the user // must meet the requirements of ownership_requires and must be in the owners // list. AccessListRequires ownership_requires = 5; - // grants describes the access granted by membership to this access list. + // grants describes the access granted by membership to this Access List. AccessListGrants grants = 6; - // title is a plaintext short description of the access list. + // title is a plaintext short description of the Access List. string title = 8; - // owner_grants describes the access granted by owners to this access list. + // owner_grants describes the access granted by owners to this Access List. AccessListGrants owner_grants = 11; } -// AccessListOwner is an owner of an access list. +// AccessListOwner is an owner of an Access List. message AccessListOwner { // name is the username of the owner. string name = 1; @@ -87,7 +87,7 @@ message AccessListOwner { IneligibleStatus ineligible_status = 3; } -// AccessListAudit describes the audit configuration for an access list. +// AccessListAudit describes the audit configuration for an Access List. message AccessListAudit { reserved 1; reserved "frequency"; @@ -139,7 +139,7 @@ message Notifications { google.protobuf.Duration start = 1; } -// AccessListRequires describes a requirement section for an access list. A user +// AccessListRequires describes a requirement section for an Access List. A user // must meet the following criteria to obtain the specific access to the list. message AccessListRequires { // roles are the user roles that must be present for the user to obtain @@ -150,48 +150,48 @@ message AccessListRequires { repeated teleport.trait.v1.Trait traits = 2; } -// AccessListGrants describes what access is granted by membership to the access -// list. +// AccessListGrants describes what access is granted by membership to the Access +// List. message AccessListGrants { - // roles are the roles that are granted to users who are members of the access - // list. + // roles are the roles that are granted to users who are members of the Access + // List. repeated string roles = 1; // traits are the traits that are granted to users who are members of the - // access list. + // Access List. repeated teleport.trait.v1.Trait traits = 2; } -// Member describes a member of an access list. +// Member describes a member of an Access List. message Member { // header is the header for the resource. teleport.header.v1.ResourceHeader header = 1; - // spec is the specification for the access list member. + // spec is the specification for the Access List member. MemberSpec spec = 2; } -// MemberSpec is the specification for an access list member. +// MemberSpec is the specification for an Access List member. message MemberSpec { reserved 8; reserved "membership"; - // associated access list + // associated Access List string access_list = 1; - // name is the name of the member of the access list. + // name is the name of the member of the Access List. string name = 2; - // joined is when the user joined the access list. + // joined is when the user joined the Access List. google.protobuf.Timestamp joined = 3; - // expires is when the user's membership to the access list expires. + // expires is when the user's membership to the Access List expires. google.protobuf.Timestamp expires = 4; - // reason is the reason this user was added to the access list. + // reason is the reason this user was added to the Access List. string reason = 5; - // added_by is the user that added this user to the access list. + // added_by is the user that added this user to the Access List. string added_by = 6; // ineligible_status describes if this member is eligible or not @@ -217,18 +217,18 @@ enum IneligibleStatus { INELIGIBLE_STATUS_EXPIRED = 4; } -// Review is a review of an access list. +// Review is a review of an Access List. message Review { // header is the header for the resource. teleport.header.v1.ResourceHeader header = 1; - // spec is the specification for the access list review. + // spec is the specification for the Access List review. ReviewSpec spec = 2; } -// ReviewSpec is the specification for an access list review. +// ReviewSpec is the specification for an Access List review. message ReviewSpec { - // access_list is the name of the access list that this review is for. + // access_list is the name of the Access List that this review is for. string access_list = 1; // reviewers are the users who performed the review. @@ -268,6 +268,6 @@ message ReviewChanges { // AccessListStatus contains dynamic fields calculated during retrieval. message AccessListStatus { - // member_count is the number of members in the in the access list. + // member_count is the number of members in the in the Access List. optional uint32 member_count = 1; } diff --git a/api/proto/teleport/legacy/client/proto/authservice.proto b/api/proto/teleport/legacy/client/proto/authservice.proto index 9463cd12fbd92..bfafb1e8f7ff6 100644 --- a/api/proto/teleport/legacy/client/proto/authservice.proto +++ b/api/proto/teleport/legacy/client/proto/authservice.proto @@ -438,6 +438,12 @@ message PingResponse { reserved 6; // LicenseWarnings, jsontag "license_warnings" reserved "LicenseWarnings"; + + // LicenseExpiry is the expiry date of the enterprise license, if applicable. + google.protobuf.Timestamp LicenseExpiry = 10 [ + (gogoproto.stdtime) = true, + (gogoproto.jsontag) = "licenseExpiry" + ]; } // ProductType is the type of product. diff --git a/api/proto/teleport/legacy/types/events/events.proto b/api/proto/teleport/legacy/types/events/events.proto index 592037eda9072..a200ef2626c90 100644 --- a/api/proto/teleport/legacy/types/events/events.proto +++ b/api/proto/teleport/legacy/types/events/events.proto @@ -3041,6 +3041,10 @@ message DatabaseSessionStart { (gogoproto.embed) = true, (gogoproto.jsontag) = "" ]; + // PostgresPID is the Postgres backend PID that was created for a Postgres + // connection. This can be useful for backend process cancellation or + // termination and it is not a sensitive or secret value. + uint32 PostgresPID = 8 [(gogoproto.jsontag) = "postgres_pid,omitempty"]; } // DatabaseSessionQuery is emitted when a user executes a database query. diff --git a/api/proto/teleport/legacy/types/types.proto b/api/proto/teleport/legacy/types/types.proto index c0749227b1be1..54d3c95a30509 100644 --- a/api/proto/teleport/legacy/types/types.proto +++ b/api/proto/teleport/legacy/types/types.proto @@ -503,6 +503,8 @@ message RDS { repeated string Subnets = 5 [(gogoproto.jsontag) = "subnets,omitempty"]; // VPCID is the VPC where the RDS is running. string VPCID = 6 [(gogoproto.jsontag) = "vpc_id,omitempty"]; + // SecurityGroups is a list of attached security groups for the RDS instance. + repeated string SecurityGroups = 7 [(gogoproto.jsontag) = "security_groups,omitempty"]; } // RDSProxy contains AWS RDS Proxy specific database metadata. @@ -685,10 +687,10 @@ message InstanceSpecV1 { // Hostname is the hostname this instance most recently advertised. string Hostname = 3 [(gogoproto.jsontag) = "hostname,omitempty"]; - // AuthID is the ID of the auth server that most recently observed this instance. + // AuthID is the ID of the Auth Service that most recently observed this instance. string AuthID = 4 [(gogoproto.jsontag) = "auth_id,omitempty"]; - // LastSeen is the last time an auth server reported observing this instance. + // LastSeen is the last time an Auth Service server reported observing this instance. google.protobuf.Timestamp LastSeen = 5 [ (gogoproto.stdtime) = true, (gogoproto.nullable) = false, @@ -712,10 +714,10 @@ message InstanceSpecV1 { // InstanceControlLogEntry represents an entry in a given instance's control log. The control log of // an instance is protected by CompareAndSwap semantics, allowing entries to function as a means of -// synchronization as well as recordkeeping. For example, an auth server intending to trigger an upgrade +// synchronization as well as recordkeeping. For example, an Auth Service instance intending to trigger an upgrade // for a given instance can check its control log for 'upgrade-attempt' entries. If no such entry exists, // it can attempt to write an 'upgrade-attempt' entry of its own. If that entry successfully writes without -// hitting a CompareFailed, the auth server knows that no other auth servers will make concurrent upgrade +// hitting a CompareFailed, the Auth Service instance knows that no other Auth Service instances will make concurrent upgrade // attempts while that entry persists. // // NOTE: Due to resource size and backend throughput limitations, care should be taken to minimize the @@ -782,7 +784,7 @@ message InstanceFilter { string NewerThanVersion = 7; } -// ServerV2 represents a Node, App, Database, Proxy or Auth server in a Teleport cluster. +// ServerV2 represents a Node, App, Database, Proxy or Auth Service instance in a Teleport cluster. message ServerV2 { option (gogoproto.goproto_stringer) = false; option (gogoproto.stringer) = false; @@ -1247,7 +1249,7 @@ message TokenRule { // node is allowed to join from. repeated string AWSRegions = 2 [(gogoproto.jsontag) = "aws_regions,omitempty"]; // AWSRole is used for the EC2 join method and is the ARN of the AWS - // role that the auth server will assume in order to call the ec2 API. + // role that the Auth Service will assume in order to call the ec2 API. string AWSRole = 3 [(gogoproto.jsontag) = "aws_role,omitempty"]; // AWSARN is used for the IAM join method, the AWS identity of joining nodes // must match this ARN. Supports wildcards "*" and "?". @@ -1392,7 +1394,7 @@ message ProvisionTokenSpecV2GitHub { // // This value should be the hostname of the GHES instance, and should not // include the scheme or a path. The instance must be accessible over HTTPS - // at this hostname and the certificate must be trusted by the Auth Server. + // at this hostname and the certificate must be trusted by the Auth Service. string EnterpriseServerHost = 2 [(gogoproto.jsontag) = "enterprise_server_host,omitempty"]; // EnterpriseSlug allows the slug of a GitHub Enterprise organisation to be // included in the expected issuer of the OIDC tokens. This is for @@ -1415,14 +1417,14 @@ message ProvisionTokenSpecV2GitLab { // `project_path:mygroup/my-project:ref_type:branch:ref:main` // project_path:GROUP/PROJECT:ref_type:TYPE:ref:BRANCH_NAME // - // This field supports simple "glob-style" matching: + // This field supports "glob-style" matching: // - Use '*' to match zero or more characters. // - Use '?' to match any single character. string Sub = 1 [(gogoproto.jsontag) = "sub,omitempty"]; // Ref allows access to be limited to jobs triggered by a specific git ref. // Ensure this is used in combination with ref_type. // - // This field supports simple "glob-style" matching: + // This field supports "glob-style" matching: // - Use '*' to match zero or more characters. // - Use '?' to match any single character. string Ref = 2 [(gogoproto.jsontag) = "ref,omitempty"]; @@ -1435,7 +1437,7 @@ message ProvisionTokenSpecV2GitLab { // Example: // `mygroup` // - // This field supports simple "glob-style" matching: + // This field supports "glob-style" matching: // - Use '*' to match zero or more characters. // - Use '?' to match any single character. string NamespacePath = 4 [(gogoproto.jsontag) = "namespace_path,omitempty"]; @@ -1443,7 +1445,7 @@ message ProvisionTokenSpecV2GitLab { // project. Example: // `mygroup/myproject` // - // This field supports simple "glob-style" matching: + // This field supports "glob-style" matching: // - Use '*' to match zero or more characters. // - Use '?' to match any single character. string ProjectPath = 5 [(gogoproto.jsontag) = "project_path,omitempty"]; @@ -1718,7 +1720,7 @@ message ClusterNameSpecV2 { string ClusterName = 1 [(gogoproto.jsontag) = "cluster_name"]; // ClusterID is the unique cluster ID that is set once during the first - // auth server startup. + // Auth Service startup. string ClusterID = 2 [(gogoproto.jsontag) = "cluster_id"]; } @@ -1993,7 +1995,7 @@ message AuthPreferenceSpecV2 { // Type is the type of authentication. string Type = 1 [(gogoproto.jsontag) = "type"]; - // SecondFactor is the type of second factor. + // SecondFactor is the type of mult-factor. string SecondFactor = 2 [ (gogoproto.jsontag) = "second_factor,omitempty", (gogoproto.casttype) = "github.com/gravitational/teleport/api/constants.SecondFactorType" @@ -2097,10 +2099,10 @@ message AuthPreferenceSpecV2 { // Deprecated: U2F is transparently converted to WebAuthn by Teleport. Prefer // using WebAuthn instead. message U2F { - // AppID returns the application ID for universal second factor. + // AppID returns the application ID for universal mult-factor. string AppID = 1 [(gogoproto.jsontag) = "app_id,omitempty"]; - // Facets returns the facets for universal second factor. + // Facets returns the facets for universal mult-factor. // Deprecated: Kept for backwards compatibility reasons, but Facets have no // effect since Teleport v10, when Webauthn replaced the U2F implementation. repeated string Facets = 2 [(gogoproto.jsontag) = "facets,omitempty"]; @@ -2119,7 +2121,7 @@ message Webauthn { // IMPORTANT: RPID must never change in the lifetime of the cluster, because // it's recorded in the registration data on the WebAuthn device. If the // RPID changes, all existing WebAuthn key registrations will become invalid - // and all users who use WebAuthn as the second factor will need to + // and all users who use WebAuthn as the multi-factor will need to // re-register. string RPID = 1 [(gogoproto.jsontag) = "rp_id,omitempty"]; // Allow list of device attestation CAs in PEM format. @@ -2312,7 +2314,7 @@ message UserTokenSecretsSpecV3 { ]; } -// AccessRequest represents an access request resource specification +// AccessRequest represents an Access Request resource specification message AccessRequestV3 { option (gogoproto.goproto_stringer) = false; option (gogoproto.stringer) = false; @@ -2352,7 +2354,7 @@ message AccessReviewThreshold { } // PromotedAccessList is a minimal access list representation used for -// promoting access requests to access lists. +// promoting Access Requests to access lists. message PromotedAccessList { // Name is the name of the access list. string Name = 1 [(gogoproto.jsontag) = "name"]; @@ -2360,7 +2362,7 @@ message PromotedAccessList { string Title = 2 [(gogoproto.jsontag) = "title"]; } -// AccessReview is a review to be applied to an access request. +// AccessReview is a review to be applied to an Access Request. message AccessReview { // Author is the teleport username of the review author. string Author = 1 [(gogoproto.jsontag) = "author"]; @@ -2457,7 +2459,7 @@ message AccessRequestSpecV3 { string User = 1 [(gogoproto.jsontag) = "user"]; // Roles is the name of the roles being requested. repeated string Roles = 2 [(gogoproto.jsontag) = "roles"]; - // State is the current state of this access request. + // State is the current state of this Access Request. RequestState State = 3 [(gogoproto.jsontag) = "state,omitempty"]; // Created encodes the time at which the request was registered with the auth // server. @@ -2492,10 +2494,10 @@ message AccessRequestSpecV3 { ]; // SystemAnnotations is a set of programmatically generated annotations attached - // to pending access requests by teleport. These annotations are generated by + // to pending Access Requests by teleport. These annotations are generated by // applying variable interpolation to the RoleConditions.Request.Annotations block // of a user's role(s). These annotations serve as a mechanism for administrators - // to pass extra information to plugins when they process pending access requests. + // to pass extra information to plugins when they process pending Access Requests. wrappers.LabelValues SystemAnnotations = 9 [ (gogoproto.nullable) = false, (gogoproto.jsontag) = "system_annotations,omitempty", @@ -2538,12 +2540,12 @@ message AccessRequestSpecV3 { (gogoproto.nullable) = false ]; - // LoginHint is used as a hint for search-based access requests to select + // LoginHint is used as a hint for search-based Access Requests to select // roles based on the login the user is attempting. string LoginHint = 15 [(gogoproto.jsontag) = "login_hint,omitempty"]; // DryRun indicates that the request should not actually be created, the - // auth server should only validate the access request. + // Auth Service should only validate the Access Request. bool DryRun = 16 [(gogoproto.jsontag) = "dry_run,omitempty"]; // MaxDuration indicates how long the access should be granted for. @@ -2590,7 +2592,7 @@ enum AccessRequestScope { REVIEWED = 3; } -// AccessRequestFilter encodes filter params for access requests. +// AccessRequestFilter encodes filter params for Access Requests. message AccessRequestFilter { // ID specifies a request ID if set. string ID = 1 [(gogoproto.jsontag) = "id,omitempty"]; @@ -2606,7 +2608,7 @@ message AccessRequestFilter { repeated string SearchKeywords = 4 [(gogoproto.jsontag) = "search,omitempty"]; // Scope is an aditional filter to view requests based on needs review, reviewed, my requests AccessRequestScope Scope = 5 [(gogoproto.jsontag) = "scope,omitempty"]; - // Requester is the requester of the api call. This is set by the auth server + // Requester is the requester of the api call. This is set by the Auth Service // Use User for the requester of the request. string Requester = 6 [(gogoproto.jsontag) = "requester,omitempty"]; } @@ -2931,7 +2933,7 @@ message RoleOptions { (gogoproto.customtype) = "BoolOption" ]; - // CreateHostUser allows users to be automatically created on a host + // Deprecated: use CreateHostUserMode instead. BoolValue CreateHostUser = 20 [ (gogoproto.nullable) = true, (gogoproto.jsontag) = "create_host_user,omitempty", @@ -3348,7 +3350,7 @@ message AccessRequestConditions { ]; // Annotations is a collection of annotations to be programmatically - // appended to pending access requests at the time of their creation. + // appended to pending Access Requests at the time of their creation. // These annotations serve as a mechanism to propagate extra information // to plugins. Since these annotations support variable interpolation // syntax, they also offer a mechanism for forwarding claims from an @@ -3409,7 +3411,7 @@ message AccessReviewConditions { repeated string PreviewAsRoles = 4 [(gogoproto.jsontag) = "preview_as_roles,omitempty"]; } -// AccessRequestAllowedPromotion describes an allowed promotion to an access list. +// AccessRequestAllowedPromotion describes an allowed promotion to an Access List. message AccessRequestAllowedPromotion { // associated access list string accessListName = 1; @@ -3687,7 +3689,7 @@ message LocalAuthSecrets { repeated MFADevice MFA = 5 [(gogoproto.jsontag) = "mfa,omitempty"]; // Webauthn holds settings necessary for webauthn local auth. // May be null for legacy users or users that haven't yet used webauthn as - // their second factor. + // their multi-factor. WebauthnLocalAuth Webauthn = 6 [(gogoproto.jsontag) = "webauthn,omitempty"]; } @@ -4480,7 +4482,7 @@ message OIDCConnectorSpecV3 { // IssuerURL is the endpoint of the provider, e.g. https://accounts.google.com. string IssuerURL = 1 [(gogoproto.jsontag) = "issuer_url"]; - // ClientID is the id of the authentication client (Teleport Auth server). + // ClientID is the id of the authentication client (Teleport Auth Service). string ClientID = 2 [(gogoproto.jsontag) = "client_id"]; // ClientSecret is used to authenticate the client. string ClientSecret = 3 [(gogoproto.jsontag) = "client_secret"]; @@ -4552,7 +4554,7 @@ message SSOClientRedirectSettings { } // OIDCAuthRequest is a request to authenticate with OIDC -// provider, the state about request is managed by auth server +// provider, the state about request is managed by Auth Service message OIDCAuthRequest { // ConnectorID is ID of OIDC connector this request uses string ConnectorID = 1 [(gogoproto.jsontag) = "connector_id"]; @@ -4575,7 +4577,7 @@ message OIDCAuthRequest { string RedirectURL = 6 [(gogoproto.jsontag) = "redirect_url"]; // PublicKey is an optional public key, users want these - // keys to be signed by auth servers user CA in case + // keys to be signed by Auth Service's user CA in case // of successful auth bytes PublicKey = 7 [(gogoproto.jsontag) = "public_key"]; @@ -4706,7 +4708,7 @@ message SAMLConnectorSpecV2 { } // SAMLAuthRequest is a request to authenticate with SAML -// provider, the state about request is managed by auth server. +// provider, the state about request is managed by the Auth Service message SAMLAuthRequest { // ID is a unique request ID. string ID = 1 [(gogoproto.jsontag) = "id"]; @@ -4724,7 +4726,7 @@ message SAMLAuthRequest { string RedirectURL = 5 [(gogoproto.jsontag) = "redirect_url"]; // PublicKey is an optional public key, users want these - // keys to be signed by auth servers user CA in case + // keys to be signed by Auth Service's user CA in case // of successful auth. bytes PublicKey = 6 [(gogoproto.jsontag) = "public_key"]; @@ -5212,7 +5214,7 @@ message LockTarget { string Login = 3 [(gogoproto.jsontag) = "login,omitempty"]; // Node specifies the UUID of a Teleport node. - // A matching node is also prevented from heartbeating to the auth server. + // A matching node is also prevented from heartbeating to the Auth Service. // DEPRECATED: use ServerID instead. string Node = 4 [ deprecated = true, @@ -5352,7 +5354,7 @@ message Resolution { uint32 Height = 2 [(gogoproto.jsontag) = "height,omitempty"]; } -// RegisterUsingTokenRequest is a request to register with the auth server using +// RegisterUsingTokenRequest is a request to register with the Auth Service using // an authentication token message RegisterUsingTokenRequest { // HostID is a unique host ID, usually a UUID @@ -5406,7 +5408,7 @@ message RegisterUsingTokenRequest { } // RecoveryCodes holds a user's recovery code information. Recovery codes allows users to regain -// access to their account by restoring their lost password or second factor. Once a recovery code +// access to their account by restoring their lost password or multi-factor. Once a recovery code // is successfully verified, the code is mark used (which invalidates it), and lets the user begin // the recovery flow. When a user successfully finishes the recovery flow, users will get a new set // of codes that will replace all the previous ones. @@ -6214,8 +6216,28 @@ message PluginEntraIDSyncSettings { // DefaultOwners are the default owners for all imported access lists. repeated string default_owners = 1; - // SSOConnectorID is the name of the Teleport SSO connector created and used by the Entra ID plugin + // SSOConnectorID is the name of the Teleport SSO connector created and used by the Entra ID plugin. string sso_connector_id = 2; + + // credentials_source specifies the source of the credentials used for authentication with Azure. + EntraIDCredentialsSource credentials_source = 3; + + // tenant_id refers to the Azure Directory that this plugin synchronizes with. + // This field is populated on a best-effort basis for legacy plugins but mandatory for plugins created after its introduction. + // For existing plugins, it is filled in using the Entra integration when utilized. + string tenant_id = 4; +} + +// EntraIDCredentialsSource defines the credentials source for Entra ID. +enum EntraIDCredentialsSource { + // ENTRAID_CREDENTIALS_SOURCE_UNKNOWN is used when the credentials source is not specified. + // Due to legacy reasons, UNKNOWN is handled as OIDC. + ENTRAID_CREDENTIALS_SOURCE_UNKNOWN = 0; + // ENTRAID_CREDENTIALS_SOURCE_OIDC indicates that the plugin will authenticate with Azure/Entra ID using OIDC. + ENTRAID_CREDENTIALS_SOURCE_OIDC = 1; + // ENTRAID_CREDENTIALS_SOURCE_SYSTEM_CREDENTIALS means the plugin will rely on system-provided credentials + // for authentication with Azure Entra ID, especially for clusters with no internet access. + ENTRAID_CREDENTIALS_SOURCE_SYSTEM_CREDENTIALS = 2; } // AccessGraphSettings controls settings for syncing access graph specific data. diff --git a/api/proto/teleport/usageevents/v1/usageevents.proto b/api/proto/teleport/usageevents/v1/usageevents.proto index 36cd45d111551..8962e740b9a71 100644 --- a/api/proto/teleport/usageevents/v1/usageevents.proto +++ b/api/proto/teleport/usageevents/v1/usageevents.proto @@ -242,6 +242,7 @@ enum CTA { CTA_EXTERNAL_AUDIT_STORAGE = 10; CTA_OKTA_USER_SYNC = 11; CTA_ENTRA_ID = 12; + CTA_OKTA_SCIM = 13; } // UIDiscoverDeployServiceEvent is emitted after the user installs a Teleport Agent. @@ -551,6 +552,10 @@ message AccessListReviewDelete { // IntegrationEnrollKind represents the types of integration that // can be enrolled. +// +// Note: IntegrationEnrollKind enum must be kept in sync with the values defined +// in proto/prehog/v1alpha/teleport.proto. Values 18-25 have become out of sync +// and are manually mapped to each other. enum IntegrationEnrollKind { INTEGRATION_ENROLL_KIND_UNSPECIFIED = 0; INTEGRATION_ENROLL_KIND_SLACK = 1; @@ -573,6 +578,11 @@ enum IntegrationEnrollKind { INTEGRATION_ENROLL_KIND_SERVICENOW = 18; INTEGRATION_ENROLL_KIND_ENTRA_ID = 19; INTEGRATION_ENROLL_KIND_DATADOG_INCIDENT_MANAGEMENT = 20; + INTEGRATION_ENROLL_KIND_MACHINE_ID_AWS = 21; + INTEGRATION_ENROLL_KIND_MACHINE_ID_GCP = 22; + INTEGRATION_ENROLL_KIND_MACHINE_ID_AZURE = 23; + INTEGRATION_ENROLL_KIND_MACHINE_ID_SPACELIFT = 24; + INTEGRATION_ENROLL_KIND_MACHINE_ID_KUBERNETES = 25; } // IntegrationEnrollMetadata contains common metadata @@ -723,6 +733,38 @@ message DiscoveryFetchEvent { string resource_type = 2; } +// UserTaskStateEvent is emitted when a UserTask state changes. +// This can happen when the Task is created, when it's manually +// resolved by the user or when it changes back to being open +// when the issue happens again. +// +// PostHog event: tp.usertask.state +message UserTaskStateEvent { + // task_type is the identifier for the type of task. + // Eg, discover-ec2 + // + // PostHog property: tp.usertask.task_type + string task_type = 1; + + // issue_type is the identifier for the type of issue that occurred. + // + // PostHog property: tp.usertask.issue_type + string issue_type = 2; + + // state identifies the new state for this task. + // One of: OPEN, RESOLVED + // + // PostHog property: tp.usertask.state + string state = 3; + + // instances_count contains the number of instances that were affected by the issue + // This field is only present for the following task_types: + // - discover-ec2 + // + // PostHog property: tp.usertask.discover_ec2.instances_count + int32 instances_count = 4; +} + // UsageEventOneOf is a message that can accept a oneof of any supported // external usage event. message UsageEventOneOf { @@ -785,6 +827,7 @@ message UsageEventOneOf { UIDiscoverCreateAppServerEvent ui_discover_create_app_server_event = 57; AccessGraphAWSScanEvent access_graph_aws_scan_event = 58; UIAccessGraphCrownJewelDiffViewEvent ui_access_graph_crown_jewel_diff_view = 59; + UserTaskStateEvent user_task_state_event = 60; } reserved 2; //UIOnboardGetStartedClickEvent reserved "ui_onboard_get_started_click"; diff --git a/api/proto/teleport/usertasks/v1/user_tasks.proto b/api/proto/teleport/usertasks/v1/user_tasks.proto index 81d8d52d17b63..d4a7a75e714fa 100644 --- a/api/proto/teleport/usertasks/v1/user_tasks.proto +++ b/api/proto/teleport/usertasks/v1/user_tasks.proto @@ -67,6 +67,12 @@ message DiscoverEC2 { string account_id = 2; // Region is the AWS Region where Teleport failed to enroll EC2 instances. string region = 3; + // SSMDocument is the Amazon Systems Manager SSM Document name that was used to install teleport on the instance. + // In Amazon console, the document is at: + // https://REGION.console.aws.amazon.com/systems-manager/documents/SSM_DOCUMENT/description + string ssm_document = 4; + // InstallerScript is the Teleport installer script that was used to install teleport on the instance. + string installer_script = 5; } // DiscoverEC2Instance contains the result of enrolling an AWS EC2 Instance. diff --git a/api/proto/teleport/usertasks/v1/user_tasks_service.proto b/api/proto/teleport/usertasks/v1/user_tasks_service.proto index 14e80a9123f69..5bd281cea9296 100644 --- a/api/proto/teleport/usertasks/v1/user_tasks_service.proto +++ b/api/proto/teleport/usertasks/v1/user_tasks_service.proto @@ -31,6 +31,8 @@ service UserTaskService { rpc GetUserTask(GetUserTaskRequest) returns (teleport.usertasks.v1.UserTask); // ListUserTasks returns a list of UserTasks. It supports pagination and filters. rpc ListUserTasks(ListUserTasksRequest) returns (ListUserTasksResponse); + // ListUserTasksByIntegration returns a list of UserTasks filtered by an integration and other optional fields. It supports pagination. + rpc ListUserTasksByIntegration(ListUserTasksByIntegrationRequest) returns (ListUserTasksResponse); // UpdateUserTask updates an existing User Task. rpc UpdateUserTask(UpdateUserTaskRequest) returns (teleport.usertasks.v1.UserTask); // DeleteUserTask deletes a User Task. @@ -62,6 +64,17 @@ message ListUserTasksRequest { string page_token = 2; } +// ListUserTasksByIntegrationRequest is a request to get a list of User Tasks filtered by an Integration. +message ListUserTasksByIntegrationRequest { + // page_size is the maximum number of items to return. + // The server may impose a different page size at its discretion. + int64 page_size = 1; + // page_token is the next_page_token value returned from a previous List request, if any. + string page_token = 2; + // integration is the integration name that will be used to filter the returned list. + string integration = 3; +} + // ListUserTasksResponse is a response to ListUserTasks. message ListUserTasksResponse { repeated teleport.usertasks.v1.UserTask user_tasks = 1; diff --git a/api/types/constants.go b/api/types/constants.go index edbc133e98172..3f51e6e54f54c 100644 --- a/api/types/constants.go +++ b/api/types/constants.go @@ -40,6 +40,8 @@ const ( PackageNameOSS = "teleport" // PackageNameEnt is the teleport package name for the Enterprise version. PackageNameEnt = "teleport-ent" + // PackageNameEntFIPS is the teleport package name for the Enterprise with FIPS enabled version. + PackageNameEntFIPS = "teleport-ent-fips" // ActionRead grants read access (get, list) ActionRead = "read" @@ -116,7 +118,10 @@ const ( // KindSession is a recorded SSH session. KindSession = "session" - // KindSSHSession is an active SSH session. + // KindSSHSession represents an active SSH session in early versions of Teleport + // prior to the introduction of moderated sessions. Note that ssh_session is not + // a "real" resource, and it is never used as the "session kind" value in the + // session_tracker resource. KindSSHSession = "ssh_session" // KindWebSession is a web session resource @@ -583,7 +588,7 @@ const ( ) // PackageNameKinds is the list of valid teleport package names. -var PackageNameKinds = []string{PackageNameOSS, PackageNameEnt} +var PackageNameKinds = []string{PackageNameOSS, PackageNameEnt, PackageNameEntFIPS} // WebSessionSubKinds lists subkinds of web session resources var WebSessionSubKinds = []string{KindAppSession, KindWebSession, KindSnowflakeSession, KindSAMLIdPSession} diff --git a/api/types/derived.gen.go b/api/types/derived.gen.go index aabfee5b87965..6f2cd5467ee9d 100644 --- a/api/types/derived.gen.go +++ b/api/types/derived.gen.go @@ -205,7 +205,8 @@ func deriveTeleportEqual_1(this, that *RDS) bool { this.ResourceID == that.ResourceID && this.IAMAuth == that.IAMAuth && deriveTeleportEqual_20(this.Subnets, that.Subnets) && - this.VPCID == that.VPCID + this.VPCID == that.VPCID && + deriveTeleportEqual_20(this.SecurityGroups, that.SecurityGroups) } // deriveTeleportEqual_2 returns whether this and that are equal. diff --git a/api/types/events/events.pb.go b/api/types/events/events.pb.go index 6d3aa26c6dea7..b4b68bf4562df 100644 --- a/api/types/events/events.pb.go +++ b/api/types/events/events.pb.go @@ -5175,7 +5175,11 @@ type DatabaseSessionStart struct { // Status indicates whether the connection was successful or denied. Status `protobuf:"bytes,6,opt,name=Status,proto3,embedded=Status" json:""` // Database contains database related metadata. - DatabaseMetadata `protobuf:"bytes,7,opt,name=Database,proto3,embedded=Database" json:""` + DatabaseMetadata `protobuf:"bytes,7,opt,name=Database,proto3,embedded=Database" json:""` + // PostgresPID is the Postgres backend PID that was created for a Postgres + // connection. This can be useful for backend process cancellation or + // termination and it is not a sensitive or secret value. + PostgresPID uint32 `protobuf:"varint,8,opt,name=PostgresPID,proto3" json:"postgres_pid,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -14758,15 +14762,15 @@ func init() { } var fileDescriptor_007ba1c3d6266d56 = []byte{ - // 16381 bytes of a gzipped FileDescriptorProto + // 16403 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x5b, 0x74, 0x24, 0x49, 0x76, 0x18, 0x86, 0x7a, 0xa0, 0x00, 0x5c, 0xbc, 0xa3, 0x5f, 0x39, 0x3d, 0x3d, 0x8d, 0x99, 0x9c, 0xdd, 0xde, 0xee, 0xd9, 0x99, 0xee, 0x9d, 0x9e, 0x9e, 0x99, 0x9d, 0xd7, 0xce, 0x16, 0x50, 0x40, 0xa3, 0xba, 0xf1, 0x9a, 0x2c, 0xa0, 0x7b, 0x67, 0xc9, 0xdd, 0x62, 0xa2, 0x32, 0x00, 0xe4, 0x74, - 0x55, 0x66, 0x31, 0x33, 0xab, 0xd1, 0x18, 0xbf, 0xb8, 0x32, 0x45, 0x91, 0xd2, 0xee, 0x6a, 0xbd, + 0x55, 0x66, 0x31, 0x33, 0xab, 0xd1, 0x18, 0xbf, 0xb8, 0x32, 0x45, 0x91, 0xe2, 0xee, 0x6a, 0xbd, 0x34, 0x1f, 0x12, 0x65, 0x8b, 0xd4, 0xc3, 0xa6, 0x68, 0x8a, 0x14, 0x25, 0x9a, 0x0f, 0xc9, 0x3c, - 0x96, 0xbc, 0x7e, 0xac, 0xc4, 0x23, 0x1e, 0x49, 0xb6, 0x75, 0x74, 0x6c, 0x19, 0x2b, 0xd3, 0xd6, - 0x0f, 0x8e, 0x7d, 0x0e, 0x6d, 0xf3, 0x58, 0x6b, 0x59, 0xf6, 0xd1, 0x89, 0x1b, 0x91, 0x99, 0x91, + 0x96, 0xbc, 0x7e, 0xac, 0xc4, 0x63, 0x1e, 0x49, 0xb6, 0x75, 0x74, 0x6c, 0x19, 0x2b, 0xd3, 0xd6, + 0x0f, 0x8e, 0x7d, 0x0e, 0x6d, 0xf3, 0x58, 0x6b, 0x59, 0xf6, 0xf1, 0x89, 0x1b, 0x91, 0x99, 0x91, 0xaf, 0xc2, 0x73, 0x88, 0xc1, 0x00, 0x3f, 0xdd, 0xa8, 0x7b, 0x6f, 0xdc, 0x88, 0xbc, 0x71, 0x23, 0xe2, 0x46, 0xc4, 0x8d, 0x7b, 0xe1, 0x86, 0x47, 0x9b, 0xb4, 0x6d, 0x3b, 0xde, 0xad, 0x26, 0x5d, 0xd7, 0x1b, 0x5b, 0xb7, 0xbc, 0xad, 0x36, 0x75, 0x6f, 0xd1, 0xc7, 0xd4, 0xf2, 0xfc, 0xff, 0x6e, @@ -14786,13 +14790,13 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{ 0xdd, 0x9e, 0xe8, 0xd9, 0xd9, 0x9e, 0x28, 0x32, 0x49, 0x7e, 0xeb, 0x7b, 0x13, 0x39, 0x0d, 0x4b, 0x92, 0xb7, 0x61, 0x70, 0xaa, 0xd9, 0x71, 0x3d, 0xea, 0x2c, 0xe8, 0x2d, 0xaa, 0x94, 0xb0, 0xc2, 0xcb, 0x3b, 0xdb, 0x13, 0x17, 0x1b, 0x1c, 0x5c, 0xb7, 0xf4, 0x96, 0x5c, 0xb1, 0x4c, 0xae, 0xfe, - 0x56, 0x0e, 0x46, 0x6b, 0xd4, 0x75, 0x4d, 0xdb, 0x0a, 0x64, 0xf3, 0x69, 0x18, 0x10, 0xa0, 0x6a, + 0x76, 0x0e, 0x46, 0x6b, 0xd4, 0x75, 0x4d, 0xdb, 0x0a, 0x64, 0xf3, 0x69, 0x18, 0x10, 0xa0, 0x6a, 0x05, 0xe5, 0x33, 0x30, 0xd9, 0xb7, 0xb3, 0x3d, 0x51, 0x70, 0x4d, 0x43, 0x0b, 0x31, 0xe4, 0x73, 0xd0, 0xf7, 0xd0, 0xf4, 0x36, 0xe6, 0x67, 0xca, 0x42, 0x4e, 0x17, 0x77, 0xb6, 0x27, 0xc8, 0xa6, 0xe9, 0x6d, 0xd4, 0x5b, 0x6b, 0xba, 0x54, 0xa1, 0x4f, 0x46, 0xe6, 0x60, 0x6c, 0xc9, 0x31, 0x1f, 0xeb, 0x1e, 0xbd, 0x4f, 0xb7, 0x96, 0xec, 0xa6, 0xd9, 0xd8, 0x12, 0x52, 0x7c, 0x76, 0x67, 0x7b, 0xe2, 0x4a, 0x9b, 0xe3, 0xea, 0x8f, 0xe8, 0x56, 0xbd, 0x8d, 0x58, 0x89, 0x49, 0xa2, 0xa4, 0xfa, - 0x37, 0x4b, 0x30, 0xb4, 0xe2, 0x52, 0x27, 0x68, 0xf7, 0x35, 0x28, 0xb2, 0xdf, 0xa2, 0xc9, 0x28, + 0xb7, 0x4a, 0x30, 0xb4, 0xe2, 0x52, 0x27, 0x68, 0xf7, 0x35, 0x28, 0xb2, 0xdf, 0xa2, 0xc9, 0x28, 0xf3, 0x8e, 0x4b, 0x1d, 0x59, 0xe6, 0x0c, 0x4f, 0x6e, 0x40, 0xef, 0x9c, 0xbd, 0x6e, 0x5a, 0xa2, 0xd9, 0xe7, 0x76, 0xb6, 0x27, 0x46, 0x9b, 0x0c, 0x20, 0x51, 0x72, 0x0a, 0xf2, 0x05, 0x18, 0xaa, 0xb6, 0x98, 0x0e, 0xd9, 0x96, 0xee, 0xd9, 0x8e, 0x68, 0x2d, 0x4a, 0xd7, 0x94, 0xe0, 0x52, 0xc1, @@ -14834,7 +14838,7 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{ 0x25, 0x2b, 0x40, 0x48, 0x4c, 0x6e, 0x41, 0xff, 0x12, 0x5b, 0x67, 0x1b, 0x76, 0x53, 0x28, 0x1f, 0x2e, 0x05, 0xb8, 0xf6, 0xca, 0x63, 0xd5, 0x27, 0x52, 0x67, 0x61, 0x64, 0xaa, 0x69, 0x52, 0xcb, 0x93, 0x5b, 0xcd, 0x46, 0x72, 0x79, 0x9d, 0x5a, 0x9e, 0xdc, 0x6a, 0x1c, 0xf3, 0x3a, 0x83, 0xca, - 0xad, 0x0e, 0x48, 0xd5, 0xdf, 0x2b, 0xc0, 0x53, 0xf7, 0x3b, 0xab, 0xd4, 0xb1, 0xa8, 0x47, 0x5d, + 0xad, 0x0e, 0x48, 0xd5, 0xdf, 0x2f, 0xc0, 0x53, 0xf7, 0x3b, 0xab, 0xd4, 0xb1, 0xa8, 0x47, 0x5d, 0xb1, 0x20, 0x07, 0x5c, 0x17, 0x60, 0x3c, 0x81, 0x14, 0xdc, 0x71, 0xa1, 0x7c, 0x14, 0x20, 0xeb, 0x62, 0x8d, 0x97, 0x67, 0xdb, 0x44, 0x51, 0x32, 0x0b, 0xa3, 0x21, 0x90, 0x35, 0xc2, 0x55, 0xf2, 0xb8, 0x94, 0x5c, 0xdd, 0xd9, 0x9e, 0xb8, 0x2c, 0x71, 0x63, 0xcd, 0x96, 0x35, 0x38, 0x5e, 0x8c, @@ -14850,7 +14854,7 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{ 0x0c, 0x50, 0x52, 0x50, 0xd5, 0x96, 0xbe, 0xee, 0x5b, 0xcc, 0xd7, 0x77, 0xb6, 0x27, 0x3e, 0x95, 0x5a, 0x87, 0xc9, 0xa8, 0xe4, 0x15, 0x3a, 0x8b, 0x13, 0xd1, 0x80, 0x84, 0xb8, 0x05, 0xdb, 0xa0, 0xf8, 0x0d, 0xbd, 0xc8, 0x5f, 0xdd, 0xd9, 0x9e, 0xb8, 0x2a, 0xf1, 0xb7, 0x6c, 0x83, 0xc6, 0x9b, - 0x9f, 0x52, 0x5a, 0xfd, 0xad, 0x02, 0x5c, 0xad, 0x95, 0xe7, 0xe7, 0xaa, 0x86, 0x6f, 0xd2, 0x2c, + 0x9f, 0x52, 0x5a, 0xfd, 0xed, 0x02, 0x5c, 0xad, 0x95, 0xe7, 0xe7, 0xaa, 0x86, 0x6f, 0xd2, 0x2c, 0x39, 0xf6, 0x63, 0xd3, 0x90, 0x46, 0xef, 0x2a, 0x5c, 0x8a, 0xa1, 0xa6, 0xd1, 0x8a, 0x0a, 0x8c, 0x69, 0xfc, 0x36, 0xdf, 0x5c, 0x6a, 0x0b, 0x9a, 0x3a, 0x37, 0xb5, 0xa2, 0x8b, 0x76, 0x16, 0x23, 0xd6, 0x47, 0x31, 0x54, 0x6d, 0xc3, 0x76, 0xbc, 0x46, 0xc7, 0x13, 0x4a, 0x80, 0x7d, 0x94, 0xa8, @@ -14868,16 +14872,16 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{ 0x45, 0xb3, 0x43, 0xc6, 0xa5, 0xdd, 0x18, 0x8b, 0x2f, 0x96, 0x19, 0xc7, 0x99, 0xa8, 0xef, 0xc3, 0x90, 0x5c, 0x90, 0x5c, 0xc4, 0xad, 0x35, 0x1f, 0x27, 0xb8, 0x29, 0x37, 0x0d, 0xdc, 0x4f, 0xbf, 0x0c, 0x83, 0x15, 0xea, 0x36, 0x1c, 0xb3, 0xcd, 0xac, 0x06, 0xa1, 0xe4, 0xa3, 0x3b, 0xdb, 0x13, - 0x83, 0x46, 0x08, 0xd6, 0x64, 0x1a, 0xf5, 0xff, 0xce, 0xc1, 0x45, 0xc6, 0xbb, 0xec, 0xba, 0xe6, + 0x83, 0x46, 0x08, 0xd6, 0x64, 0x1a, 0xf5, 0xff, 0xca, 0xc1, 0x45, 0xc6, 0xbb, 0xec, 0xba, 0xe6, 0xba, 0xd5, 0x92, 0x97, 0xed, 0x17, 0xa1, 0x54, 0xc3, 0xfa, 0x44, 0x4d, 0xe7, 0x77, 0xb6, 0x27, 0xc6, 0x78, 0x0b, 0x24, 0x3d, 0x14, 0x34, 0xc1, 0xbe, 0x32, 0xbf, 0xcb, 0xbe, 0x92, 0x99, 0xb4, 0x9e, 0xee, 0x78, 0xa6, 0xb5, 0x5e, 0xf3, 0x74, 0xaf, 0xe3, 0x46, 0x4c, 0x5a, 0x81, 0xa9, 0xbb, 0x88, 0x8a, 0x98, 0xb4, 0x91, 0x42, 0xe4, 0x5d, 0x18, 0x9a, 0xb6, 0x8c, 0x90, 0x09, 0x9f, 0x10, - 0x9f, 0x66, 0x96, 0x26, 0x45, 0x78, 0x92, 0x45, 0xa4, 0x80, 0xfa, 0x57, 0x73, 0xa0, 0xf0, 0x4d, + 0x9f, 0x66, 0x96, 0x26, 0x45, 0x78, 0x92, 0x45, 0xa4, 0x80, 0xfa, 0xd7, 0x72, 0xa0, 0xf0, 0x4d, 0xe0, 0x9c, 0xe9, 0x7a, 0xf3, 0xb4, 0xb5, 0x2a, 0xcd, 0x4e, 0x33, 0xfe, 0xae, 0x92, 0xe1, 0xa4, 0xb5, 0x08, 0x4d, 0x01, 0xb1, 0xab, 0x6c, 0x9a, 0x6e, 0x62, 0xfb, 0x11, 0x2b, 0x45, 0xaa, 0xd0, 0xc7, 0x39, 0x73, 0x5b, 0x62, 0xf0, 0xb6, 0xe2, 0x2b, 0x42, 0xbc, 0x6a, 0xae, 0x0c, 0x2d, 0x4e, - 0x2c, 0x6f, 0x68, 0x44, 0x79, 0xf5, 0xaf, 0xe5, 0x61, 0x2c, 0x5e, 0x88, 0x3c, 0x84, 0xfe, 0x7b, + 0x2c, 0x6f, 0x68, 0x44, 0x79, 0xf5, 0xaf, 0xe7, 0x61, 0x2c, 0x5e, 0x88, 0x3c, 0x84, 0xfe, 0x7b, 0xb6, 0x69, 0x51, 0x63, 0xd1, 0xc2, 0x16, 0x76, 0x3f, 0x1c, 0xf1, 0x6d, 0xf1, 0x73, 0x1f, 0x60, 0x99, 0xba, 0x6c, 0xc1, 0xe2, 0x59, 0x49, 0xc0, 0x8c, 0x7c, 0x19, 0x06, 0x98, 0x0d, 0xf8, 0x18, 0x39, 0xe7, 0x77, 0xe5, 0xfc, 0xac, 0xe0, 0x7c, 0xde, 0xe1, 0x85, 0x92, 0xac, 0x43, 0x76, 0x4c, @@ -14888,9 +14892,9 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{ 0x52, 0x57, 0xc9, 0xa1, 0xb9, 0x86, 0xd3, 0x89, 0xc3, 0x00, 0xf2, 0xa1, 0x07, 0x52, 0x10, 0x1b, 0x4a, 0xcb, 0x8e, 0x6e, 0x7a, 0x7e, 0xcf, 0x96, 0x93, 0x3d, 0xbb, 0x87, 0x1a, 0x6f, 0x72, 0x1e, 0x7c, 0xce, 0x47, 0x41, 0x78, 0x08, 0x90, 0x05, 0xc1, 0x49, 0x2e, 0xbf, 0x01, 0x83, 0x12, 0xf1, - 0xbe, 0x26, 0xf5, 0xdf, 0x2e, 0xca, 0xba, 0xee, 0x37, 0x4b, 0xe8, 0xfa, 0x2d, 0xa6, 0xa3, 0xae, + 0xbe, 0x26, 0xf5, 0xdf, 0x29, 0xca, 0xba, 0xee, 0x37, 0x4b, 0xe8, 0xfa, 0x2d, 0xa6, 0xa3, 0xae, 0xcb, 0xac, 0x0a, 0xae, 0xe4, 0x42, 0x13, 0x11, 0x14, 0xd5, 0x44, 0x04, 0x91, 0x57, 0xa0, 0x9f, - 0xb3, 0x08, 0xf6, 0xaf, 0xb8, 0xf7, 0x75, 0x10, 0x16, 0x5d, 0x9a, 0x03, 0x42, 0xf2, 0x4b, 0x39, + 0xb3, 0x08, 0xf6, 0xaf, 0xb8, 0xf7, 0x75, 0x10, 0x16, 0x5d, 0x9a, 0x03, 0x42, 0xf2, 0xcb, 0x39, 0x78, 0xa6, 0xab, 0x24, 0x50, 0x19, 0x06, 0x6f, 0xbf, 0x7a, 0x20, 0x31, 0x4e, 0xbe, 0xb4, 0xb3, 0x3d, 0x71, 0xa3, 0x15, 0x90, 0xd4, 0x1d, 0x89, 0xa6, 0xde, 0xe0, 0x44, 0x52, 0xbb, 0xba, 0x37, 0x85, 0x19, 0x8f, 0xbc, 0xd2, 0x19, 0x3c, 0x3a, 0xb2, 0x1a, 0x5b, 0x7e, 0x23, 0x8b, 0xa1, 0xf1, @@ -14914,7 +14918,7 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{ 0xa1, 0x0c, 0x84, 0x9a, 0x6c, 0x72, 0x4c, 0xbd, 0xc1, 0x51, 0xb2, 0x26, 0x47, 0x0b, 0xb1, 0x6d, 0xb9, 0xe8, 0x43, 0x8d, 0x36, 0x6c, 0x87, 0xd9, 0x02, 0x78, 0x26, 0x29, 0xb6, 0xe5, 0x2e, 0xc7, 0xd5, 0x1d, 0x1f, 0x29, 0x1b, 0xdb, 0xf1, 0x82, 0xf7, 0x8a, 0xfd, 0x83, 0x63, 0x43, 0xf1, 0x63, - 0x64, 0xf5, 0xaf, 0x14, 0x60, 0x50, 0x90, 0xb2, 0xa5, 0xf4, 0x4c, 0xc1, 0x0f, 0xa3, 0xe0, 0xa9, + 0x64, 0xf5, 0xaf, 0x16, 0x60, 0x50, 0x90, 0xb2, 0xa5, 0xf4, 0x4c, 0xc1, 0x0f, 0xa3, 0xe0, 0xa9, 0x8a, 0x5a, 0x3a, 0x2a, 0x45, 0x55, 0xbf, 0x9e, 0x0f, 0x66, 0xa3, 0x25, 0xc7, 0xb4, 0x0e, 0x37, 0x1b, 0x5d, 0x03, 0x98, 0xda, 0xe8, 0x58, 0x8f, 0xf8, 0x75, 0x59, 0x3e, 0xbc, 0x2e, 0x6b, 0x98, 0x9a, 0x84, 0x21, 0xcf, 0x40, 0xb1, 0xc2, 0xf8, 0xb3, 0x9e, 0x19, 0x9a, 0x1c, 0xf8, 0x2e, 0xe7, @@ -14922,14 +14926,14 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{ 0x5a, 0x65, 0x00, 0x8d, 0xc3, 0xc9, 0x1d, 0x18, 0xaf, 0xd0, 0xa6, 0xbe, 0x35, 0x6f, 0x36, 0x9b, 0xa6, 0x4b, 0x1b, 0xb6, 0x65, 0xb8, 0x28, 0x64, 0x51, 0x5d, 0xcb, 0xd5, 0x92, 0x04, 0x44, 0x85, 0xd2, 0xe2, 0xda, 0x9a, 0x4b, 0x3d, 0x14, 0x5f, 0x61, 0x12, 0xd8, 0xe4, 0x6c, 0x23, 0x44, 0x13, - 0x18, 0xf5, 0x57, 0x73, 0x6c, 0xf7, 0xe2, 0x3e, 0xf2, 0xec, 0x76, 0xa0, 0xe5, 0x87, 0x12, 0xc9, + 0x18, 0xf5, 0xd7, 0x72, 0x6c, 0xf7, 0xe2, 0x3e, 0xf2, 0xec, 0x76, 0xa0, 0xe5, 0x87, 0x12, 0xc9, 0x8d, 0xd0, 0xae, 0xc8, 0xe3, 0xd7, 0x8e, 0x8a, 0xaf, 0xed, 0x13, 0xb6, 0x45, 0x68, 0x51, 0xa4, - 0x7e, 0x55, 0x61, 0x97, 0xaf, 0x52, 0xff, 0x20, 0x0f, 0x97, 0x44, 0x8b, 0xa7, 0x9a, 0x66, 0x7b, + 0x7e, 0x55, 0x61, 0x97, 0xaf, 0x52, 0xff, 0x30, 0x0f, 0x97, 0x44, 0x8b, 0xa7, 0x9a, 0x66, 0x7b, 0xd5, 0xd6, 0x1d, 0x43, 0xa3, 0x0d, 0x6a, 0x3e, 0xa6, 0x27, 0x73, 0xe0, 0x45, 0x87, 0x4e, 0xf1, 0x10, 0x43, 0xe7, 0x36, 0x6e, 0x04, 0x99, 0x64, 0xf0, 0xc0, 0x97, 0x1b, 0x15, 0x63, 0x3b, 0xdb, 0x13, 0x43, 0x06, 0x07, 0xe3, 0x91, 0xbf, 0x26, 0x13, 0x31, 0x25, 0x99, 0xa3, 0xd6, 0xba, 0xb7, - 0x81, 0x4a, 0xd2, 0xcb, 0x95, 0xa4, 0x89, 0x10, 0x4d, 0x60, 0xd4, 0xff, 0x3d, 0x0f, 0xe7, 0xe3, - 0x22, 0xaf, 0x51, 0xcb, 0x38, 0x93, 0xf7, 0x47, 0x23, 0xef, 0x3f, 0x2c, 0xc0, 0xd3, 0xa2, 0x4c, + 0x81, 0x4a, 0xd2, 0xcb, 0x95, 0xa4, 0x89, 0x10, 0x4d, 0x60, 0xd4, 0xff, 0x2d, 0x0f, 0xe7, 0xe3, + 0x22, 0xaf, 0x51, 0xcb, 0x38, 0x93, 0xf7, 0x47, 0x23, 0xef, 0x3f, 0x2a, 0xc0, 0xd3, 0xa2, 0x4c, 0x6d, 0x43, 0x77, 0xa8, 0x51, 0x31, 0x1d, 0xda, 0xf0, 0x6c, 0x67, 0xeb, 0x04, 0x1b, 0x50, 0x47, 0x27, 0xf6, 0x3b, 0x50, 0x12, 0xdb, 0x7f, 0xbe, 0xce, 0x8c, 0x04, 0x2d, 0x41, 0x68, 0x62, 0x85, 0xe2, 0x47, 0x07, 0xb1, 0xce, 0x2a, 0xed, 0xa5, 0xb3, 0x3e, 0x0f, 0xc3, 0x81, 0xe8, 0x71, 0x23, @@ -14942,16 +14946,16 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{ 0x1d, 0x52, 0xc3, 0xfe, 0x51, 0x1e, 0x86, 0x83, 0x4d, 0xd3, 0x07, 0xb4, 0x71, 0x3c, 0x6b, 0x55, 0xb8, 0x95, 0x29, 0x1c, 0x7a, 0x2b, 0x73, 0x18, 0x85, 0x52, 0x83, 0x23, 0x4f, 0x6e, 0x1a, 0xa0, 0xc4, 0xf8, 0x91, 0x67, 0x70, 0xd0, 0xf9, 0x1c, 0xf4, 0xcd, 0xeb, 0x4f, 0xcc, 0x56, 0xa7, 0x25, - 0xac, 0x74, 0x74, 0x27, 0x6b, 0xe9, 0x4f, 0x34, 0x1f, 0xae, 0xfe, 0x77, 0x39, 0x18, 0x11, 0x42, + 0xac, 0x74, 0x74, 0x27, 0x6b, 0xe9, 0x4f, 0x34, 0x1f, 0xae, 0xfe, 0xb7, 0x39, 0x18, 0x11, 0x42, 0x15, 0xcc, 0x0f, 0x25, 0xd5, 0x50, 0x3a, 0xf9, 0x43, 0x4b, 0xa7, 0x70, 0x70, 0xe9, 0xa8, 0x7f, - 0xae, 0x00, 0xca, 0x8c, 0xd9, 0xa4, 0xcb, 0x8e, 0x6e, 0xb9, 0x6b, 0xd4, 0x11, 0xdb, 0xe9, 0x69, + 0xbe, 0x00, 0xca, 0x8c, 0xd9, 0xa4, 0xcb, 0x8e, 0x6e, 0xb9, 0x6b, 0xd4, 0x11, 0xdb, 0xe9, 0x69, 0xc6, 0xea, 0x50, 0x1f, 0x28, 0x4d, 0x29, 0xf9, 0x03, 0x4d, 0x29, 0x9f, 0x85, 0x01, 0xd1, 0x98, 0xc0, 0x95, 0x11, 0x47, 0x8d, 0xe3, 0x03, 0xb5, 0x10, 0xcf, 0x88, 0xcb, 0xed, 0xb6, 0x63, 0x3f, 0xa6, 0x0e, 0xbf, 0xa5, 0x12, 0xc4, 0xba, 0x0f, 0xd4, 0x42, 0xbc, 0xc4, 0x99, 0xfa, 0xf6, 0xa2, 0xcc, 0x99, 0x3a, 0x5a, 0x88, 0x27, 0xd7, 0xa1, 0x7f, 0xce, 0x6e, 0xe8, 0x28, 0x68, 0x3e, 0xad, 0x0c, 0xed, 0x6c, 0x4f, 0xf4, 0x37, 0x05, 0x4c, 0x0b, 0xb0, 0x8c, 0xb2, 0x62, 0x6f, 0x5a, 0x4d, 0x5b, 0xe7, 0xce, 0x2f, 0xfd, 0x9c, 0xd2, 0x10, 0x30, 0x2d, 0xc0, 0x32, 0x4a, 0x26, 0x73, 0x74, - 0x2a, 0xea, 0x0f, 0x79, 0xae, 0x09, 0x98, 0x16, 0x60, 0xd5, 0x5f, 0x2d, 0x32, 0xed, 0x75, 0xcd, + 0x2a, 0xea, 0x0f, 0x79, 0xae, 0x09, 0x98, 0x16, 0x60, 0xd5, 0x5f, 0x2b, 0x32, 0xed, 0x75, 0xcd, 0x0f, 0x4f, 0xfd, 0xba, 0x10, 0x0e, 0x98, 0xde, 0x03, 0x0c, 0x98, 0x53, 0x73, 0x60, 0xa7, 0xfe, 0x8b, 0x3e, 0x00, 0x21, 0xfd, 0xe9, 0xb3, 0xcd, 0xe1, 0xe1, 0xb4, 0xa6, 0x02, 0xe3, 0xd3, 0xd6, 0x86, 0x6e, 0x35, 0xa8, 0x11, 0x1e, 0x5b, 0x96, 0x70, 0x68, 0xa3, 0x13, 0x24, 0x15, 0xc8, 0xf0, @@ -14966,7 +14970,7 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{ 0x53, 0x50, 0x58, 0x12, 0x9e, 0x0a, 0x45, 0x6e, 0xcf, 0xb4, 0x4d, 0x43, 0x63, 0x30, 0x72, 0x03, 0xfa, 0xa7, 0xd0, 0xfd, 0x4d, 0xdc, 0x22, 0x16, 0xf9, 0xfa, 0xd7, 0x40, 0x18, 0x7a, 0xc1, 0xfa, 0x68, 0xf2, 0x69, 0xe8, 0x5b, 0x72, 0xec, 0x75, 0x47, 0x6f, 0x89, 0x35, 0x18, 0x5d, 0x45, 0xda, - 0x1c, 0xa4, 0xf9, 0x38, 0xf5, 0x27, 0x73, 0xbe, 0xd9, 0xce, 0x4a, 0xd4, 0x3a, 0x78, 0x34, 0x8f, + 0x1c, 0xa4, 0xf9, 0x38, 0xf5, 0xa7, 0x72, 0xbe, 0xd9, 0xce, 0x4a, 0xd4, 0x3a, 0x78, 0x34, 0x8f, 0x75, 0xf7, 0xf3, 0x12, 0x2e, 0x07, 0x69, 0x3e, 0x8e, 0xdc, 0x80, 0xde, 0x69, 0xc7, 0xb1, 0x1d, 0xd9, 0xc7, 0x9d, 0x32, 0x80, 0x7c, 0xdd, 0x8b, 0x14, 0xe4, 0x75, 0x18, 0xe4, 0x73, 0x0e, 0x3f, 0xd1, 0x2c, 0x74, 0xbb, 0x29, 0x95, 0x29, 0xd5, 0xef, 0x14, 0x24, 0x9b, 0x8d, 0x4b, 0xfc, 0x14, @@ -14975,10 +14979,10 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{ 0x14, 0xdb, 0x4c, 0x7f, 0x10, 0x8a, 0x58, 0xb6, 0x99, 0xe1, 0x3b, 0x26, 0x8e, 0x0d, 0xf7, 0x31, 0x57, 0xa0, 0x58, 0x76, 0xd6, 0x1f, 0x8b, 0x59, 0x0b, 0xb1, 0xba, 0xb3, 0xfe, 0x58, 0x43, 0x28, 0xb9, 0x05, 0xa0, 0x51, 0xaf, 0xe3, 0x58, 0xf8, 0xfc, 0x64, 0x00, 0xcf, 0xdf, 0x70, 0x36, 0x74, - 0x10, 0x5a, 0x6f, 0xd8, 0x06, 0xd5, 0x24, 0x12, 0xf5, 0x2f, 0x87, 0x17, 0x3b, 0x15, 0xd3, 0x7d, + 0x10, 0x5a, 0x6f, 0xd8, 0x06, 0xd5, 0x24, 0x12, 0xf5, 0xaf, 0x84, 0x17, 0x3b, 0x15, 0xd3, 0x7d, 0x74, 0xd6, 0x85, 0xfb, 0xe8, 0x42, 0x5d, 0x1c, 0x71, 0x26, 0x3b, 0x69, 0x02, 0x7a, 0x67, 0x9a, 0xfa, 0xba, 0x8b, 0x7d, 0x28, 0x7c, 0xc9, 0xd6, 0x18, 0x40, 0xe3, 0xf0, 0x58, 0x3f, 0xf5, 0xef, - 0xde, 0x4f, 0x3f, 0xd3, 0x1b, 0x8c, 0xb6, 0x05, 0xea, 0x6d, 0xda, 0xce, 0x59, 0x57, 0xed, 0xb5, + 0xde, 0x4f, 0x3f, 0xdb, 0x1b, 0x8c, 0xb6, 0x05, 0xea, 0x6d, 0xda, 0xce, 0x59, 0x57, 0xed, 0xb5, 0xab, 0xae, 0x41, 0x5f, 0xcd, 0x69, 0x48, 0x47, 0x17, 0xb8, 0x1f, 0x70, 0x9d, 0x06, 0x3f, 0xb6, 0xf0, 0x91, 0x8c, 0xae, 0xe2, 0x7a, 0x48, 0xd7, 0x17, 0xd2, 0x19, 0xae, 0x27, 0xe8, 0x04, 0x52, 0xd0, 0x2d, 0xd9, 0x8e, 0x27, 0x3a, 0x2e, 0xa0, 0x6b, 0xdb, 0x8e, 0xa7, 0xf9, 0x48, 0xf2, 0x59, @@ -14987,11 +14991,11 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{ 0xfb, 0x4d, 0xf1, 0x7f, 0x40, 0xce, 0xd7, 0x17, 0xdb, 0xff, 0xa9, 0x85, 0x8c, 0xc8, 0xeb, 0x50, 0x2a, 0x73, 0x3b, 0x6f, 0x10, 0x59, 0x06, 0x22, 0xc3, 0x2d, 0x28, 0x47, 0xf1, 0x3d, 0xbb, 0x8e, 0x7f, 0x6b, 0x82, 0x5c, 0xbd, 0x01, 0x63, 0xf1, 0x6a, 0xc8, 0x20, 0xf4, 0x4d, 0x2d, 0x2e, 0x2c, - 0x4c, 0x4f, 0x2d, 0x8f, 0xf5, 0x90, 0x7e, 0x28, 0xd6, 0xa6, 0x17, 0x2a, 0x63, 0x39, 0xf5, 0x97, - 0xa5, 0x19, 0x84, 0xa9, 0xd6, 0xd9, 0xd5, 0xf0, 0xa1, 0xee, 0x5b, 0xc6, 0xf0, 0x3e, 0x14, 0x4f, + 0x4c, 0x4f, 0x2d, 0x8f, 0xf5, 0x90, 0x7e, 0x28, 0xd6, 0xa6, 0x17, 0x2a, 0x63, 0x39, 0xf5, 0x57, + 0xa4, 0x19, 0x84, 0xa9, 0xd6, 0xd9, 0xd5, 0xf0, 0xa1, 0xee, 0x5b, 0xc6, 0xf0, 0x3e, 0x14, 0x4f, 0x0c, 0x5a, 0xa6, 0xe7, 0x51, 0x43, 0xac, 0x12, 0x78, 0x5f, 0xe8, 0x3d, 0xd1, 0x12, 0x78, 0xf2, 0x22, 0x0c, 0x23, 0x4c, 0x5c, 0x11, 0xf2, 0xfd, 0xb1, 0x28, 0xe0, 0x3c, 0xd1, 0xa2, 0x48, 0xf5, - 0x77, 0xc3, 0xdb, 0xe1, 0x39, 0xaa, 0x9f, 0xd4, 0x1b, 0xc5, 0x8f, 0x49, 0x7f, 0xa9, 0xff, 0xaa, + 0xf7, 0xc2, 0xdb, 0xe1, 0x39, 0xaa, 0x9f, 0xd4, 0x1b, 0xc5, 0x8f, 0x49, 0x7f, 0xa9, 0xff, 0xaa, 0xc8, 0x9f, 0x80, 0xf0, 0xf7, 0x82, 0xc7, 0x21, 0xca, 0xf0, 0x48, 0xb7, 0xb0, 0x8f, 0x23, 0xdd, 0x17, 0xa1, 0x34, 0x4f, 0xbd, 0x0d, 0xdb, 0x77, 0xfc, 0x42, 0x0f, 0xbd, 0x16, 0x42, 0x64, 0x0f, 0x3d, 0x4e, 0x43, 0x1e, 0x01, 0xf1, 0x1f, 0x03, 0x06, 0x8e, 0xd8, 0xfe, 0x11, 0xf2, 0xa5, 0xc4, @@ -15001,14 +15005,14 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{ 0xdf, 0x05, 0x86, 0x5c, 0x98, 0xb6, 0xf0, 0x97, 0x3b, 0xe2, 0x74, 0x21, 0xd0, 0x96, 0xe8, 0x7b, 0x9e, 0xb8, 0xac, 0x38, 0x36, 0xa6, 0x2d, 0xfd, 0x87, 0x18, 0xdd, 0x8b, 0x30, 0x5e, 0x6e, 0xb7, 0x9b, 0x26, 0x35, 0x50, 0x5f, 0xb4, 0x4e, 0x93, 0xba, 0xc2, 0xe5, 0x07, 0x1f, 0x83, 0xe8, 0x1c, - 0x59, 0xc7, 0xe7, 0xa8, 0x75, 0xa7, 0x13, 0xf5, 0xcf, 0x4c, 0x96, 0x55, 0x7f, 0x3a, 0x0f, 0x17, + 0x59, 0xc7, 0xe7, 0xa8, 0x75, 0xa7, 0x13, 0xf5, 0xcf, 0x4c, 0x96, 0x55, 0x7f, 0x26, 0x0f, 0x17, 0xa7, 0x1c, 0xaa, 0x7b, 0x74, 0x7e, 0xa6, 0x5c, 0xee, 0xa0, 0x8f, 0x5c, 0xb3, 0x49, 0xad, 0xf5, 0xe3, 0x19, 0xd6, 0x6f, 0xc1, 0x48, 0xd0, 0x80, 0x5a, 0xc3, 0x6e, 0x53, 0xf9, 0x61, 0x55, 0xc3, 0xc7, 0xd4, 0x5d, 0x86, 0xd2, 0x62, 0xa4, 0xe4, 0x3e, 0x9c, 0x0b, 0x20, 0xe5, 0x66, 0xd3, 0xde, 0xd4, 0x68, 0xc7, 0xe5, 0x8e, 0xb1, 0xfd, 0xdc, 0x31, 0x36, 0xe4, 0xa0, 0x33, 0x7c, 0xdd, 0x61, - 0x04, 0x5a, 0x5a, 0x29, 0xf5, 0xe7, 0x0b, 0x70, 0xe9, 0x81, 0xde, 0x34, 0x8d, 0x50, 0x34, 0x1a, + 0x04, 0x5a, 0x5a, 0x29, 0xf5, 0x17, 0x0a, 0x70, 0xe9, 0x81, 0xde, 0x34, 0x8d, 0x50, 0x34, 0x1a, 0x75, 0xdb, 0xb6, 0xe5, 0xd2, 0x13, 0x34, 0x4a, 0x23, 0x43, 0xa1, 0x78, 0x24, 0x43, 0x21, 0xd9, - 0x45, 0xbd, 0x87, 0xee, 0xa2, 0xd2, 0x81, 0xba, 0xe8, 0x7f, 0xcb, 0xc1, 0x98, 0xef, 0xf8, 0x2f, + 0x45, 0xbd, 0x87, 0xee, 0xa2, 0xd2, 0x81, 0xba, 0xe8, 0x7f, 0xcd, 0xc1, 0x98, 0xef, 0xf8, 0x2f, 0x3f, 0xe2, 0x96, 0xbc, 0xd2, 0xf1, 0x08, 0x31, 0xe6, 0x07, 0x8d, 0x78, 0x52, 0x83, 0xbe, 0xe9, 0x27, 0x6d, 0xd3, 0xa1, 0xee, 0x1e, 0x9c, 0xb8, 0x9f, 0x11, 0xc7, 0x25, 0xe3, 0x94, 0x17, 0x49, 0x9c, 0x94, 0x70, 0x30, 0x3e, 0xe7, 0xe3, 0x4f, 0x1f, 0x26, 0xfd, 0x97, 0xe9, 0xfc, 0x39, 0x9f, @@ -15037,32 +15041,32 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{ 0x0a, 0x2f, 0x83, 0x0d, 0x69, 0xc1, 0x68, 0xd9, 0x75, 0x3b, 0x2d, 0x1a, 0xde, 0x50, 0x8d, 0xed, 0xfa, 0x19, 0x9f, 0x11, 0x5e, 0xcb, 0x4f, 0xeb, 0x58, 0x94, 0x5f, 0x50, 0xd5, 0x3d, 0x53, 0xae, 0x11, 0xbf, 0x25, 0xce, 0xfb, 0x5e, 0xb1, 0x7f, 0x64, 0x6c, 0x54, 0xbb, 0x94, 0x6c, 0xcc, 0xb2, - 0xe9, 0x35, 0xa9, 0xfa, 0x3b, 0x39, 0x80, 0x50, 0xc0, 0xe4, 0xa5, 0x68, 0x84, 0xa2, 0x5c, 0x78, + 0xe9, 0x35, 0xa9, 0xfa, 0xbb, 0x39, 0x80, 0x50, 0xc0, 0xe4, 0xa5, 0x68, 0x84, 0xa2, 0x5c, 0x78, 0xd1, 0x21, 0xa2, 0x17, 0x44, 0x42, 0x12, 0x91, 0x2b, 0x50, 0xc4, 0x08, 0x17, 0xf9, 0xf0, 0x60, 0xf5, 0x91, 0x69, 0x19, 0x1a, 0x42, 0x19, 0x56, 0x7a, 0x8a, 0x8e, 0x58, 0xbc, 0xd4, 0xe7, 0x56, 0x61, 0x05, 0x46, 0x6b, 0x9d, 0x55, 0xbf, 0x6e, 0xe9, 0x5d, 0x1d, 0x06, 0xda, 0x70, 0x3b, 0xab, - 0xc1, 0x63, 0xd4, 0x48, 0x18, 0x93, 0x68, 0x11, 0xf5, 0x57, 0x73, 0xb1, 0x59, 0xf0, 0x18, 0x17, - 0xbd, 0x4f, 0x25, 0xfd, 0x34, 0x92, 0xd3, 0x92, 0xfa, 0xe7, 0xf3, 0x30, 0xb8, 0x64, 0x3b, 0x9e, + 0xc1, 0x63, 0xd4, 0x48, 0x18, 0x93, 0x68, 0x11, 0xf5, 0xd7, 0x72, 0xb1, 0x59, 0xf0, 0x18, 0x17, + 0xbd, 0x4f, 0x25, 0xfd, 0x34, 0x92, 0xd3, 0x92, 0xfa, 0x17, 0xf2, 0x30, 0xb8, 0x64, 0x3b, 0x9e, 0x08, 0x19, 0x72, 0xb2, 0x57, 0x21, 0x69, 0xaf, 0x54, 0xdc, 0xc7, 0x5e, 0xe9, 0x0a, 0x14, 0x25, 0x17, 0x65, 0x7e, 0x2f, 0x62, 0x18, 0x8e, 0x86, 0x50, 0xf5, 0x47, 0xf2, 0x00, 0x5f, 0x7a, 0xf9, - 0xe5, 0x53, 0x2c, 0x20, 0xf5, 0xe7, 0x72, 0x30, 0x2a, 0x2e, 0xea, 0xa4, 0x58, 0x5f, 0x7d, 0xfe, + 0xe5, 0x53, 0x2c, 0x20, 0xf5, 0xe7, 0x73, 0x30, 0x2a, 0x2e, 0xea, 0xa4, 0x58, 0x5f, 0x7d, 0xfe, 0x15, 0xab, 0x3c, 0x2e, 0x39, 0x48, 0xf3, 0x71, 0x6c, 0x09, 0x98, 0x7e, 0x62, 0x7a, 0x78, 0x57, 0x21, 0x05, 0xfb, 0xa2, 0x02, 0x26, 0x2f, 0x01, 0x3e, 0x1d, 0x79, 0xc9, 0xbf, 0x82, 0x2c, 0x84, - 0xeb, 0x1e, 0x2b, 0x30, 0x9d, 0x7a, 0x0d, 0xa9, 0xfe, 0x46, 0x11, 0x8a, 0xd3, 0x4f, 0x68, 0xe3, + 0xeb, 0x1e, 0x2b, 0x30, 0x9d, 0x7a, 0x0d, 0xa9, 0xfe, 0x66, 0x11, 0x8a, 0xd3, 0x4f, 0x68, 0xe3, 0x84, 0x77, 0x8d, 0x74, 0xb0, 0x59, 0x3c, 0xe4, 0xc1, 0xe6, 0x41, 0x7c, 0x2a, 0xde, 0x0d, 0xfb, - 0xb3, 0x14, 0xad, 0x3e, 0xd6, 0xf3, 0xf1, 0xea, 0xfd, 0x9e, 0x3e, 0x79, 0x2e, 0x39, 0xff, 0x55, + 0xb3, 0x14, 0xad, 0x3e, 0xd6, 0xf3, 0xf1, 0xea, 0xfd, 0x9e, 0x3e, 0x79, 0x2e, 0x39, 0xff, 0x45, 0x01, 0x0a, 0xb5, 0xa9, 0xa5, 0x33, 0xbd, 0x39, 0x56, 0xbd, 0xe9, 0x7e, 0x67, 0xad, 0x06, 0xd7, - 0x50, 0xfd, 0xa1, 0x97, 0x68, 0xec, 0xc6, 0xe9, 0x0f, 0x0b, 0x30, 0x52, 0x9b, 0x59, 0x5e, 0x92, + 0x50, 0xfd, 0xa1, 0x97, 0x68, 0xec, 0xc6, 0xe9, 0x8f, 0x0a, 0x30, 0x52, 0x9b, 0x59, 0x5e, 0x92, 0x4e, 0x82, 0xef, 0x73, 0x4f, 0x3e, 0xf4, 0x29, 0xe3, 0x5d, 0x7a, 0x25, 0x61, 0xcf, 0xac, 0x54, 0x2d, 0xef, 0xb5, 0x3b, 0x0f, 0xf4, 0x66, 0x87, 0xe2, 0xd1, 0x0b, 0xf7, 0xfb, 0x75, 0xcd, 0x0f, - 0xe9, 0xcf, 0xe3, 0xc3, 0x7f, 0x9f, 0x01, 0x79, 0x0b, 0x0a, 0x2b, 0xc2, 0x23, 0x23, 0x8b, 0xcf, + 0xe9, 0x2f, 0xe0, 0xc3, 0x7f, 0x9f, 0x01, 0x79, 0x0b, 0x0a, 0x2b, 0xc2, 0x23, 0x23, 0x8b, 0xcf, 0x2b, 0xb7, 0x39, 0x1f, 0x36, 0x09, 0x16, 0x3a, 0xa6, 0x81, 0x1c, 0x58, 0x29, 0x56, 0xf8, 0xae, 0x58, 0x80, 0xf7, 0x54, 0x78, 0xdd, 0x2f, 0x7c, 0xb7, 0x5a, 0x21, 0x35, 0x18, 0x5c, 0xa2, 0x4e, 0xcb, 0xc4, 0x8e, 0xf2, 0xe7, 0xec, 0xee, 0x4c, 0xd8, 0x4e, 0x65, 0xb0, 0x1d, 0x16, 0x42, 0x66, 0x32, 0x17, 0xf2, 0x3e, 0x00, 0xb7, 0x51, 0xf6, 0x18, 0x3f, 0xf2, 0x19, 0xb4, 0xfb, 0xb9, 0x69, 0x99, 0x62, 0xe3, 0x49, 0xcc, 0xc8, 0x23, 0x18, 0x9b, 0xb7, 0x0d, 0x73, 0xcd, 0xe4, 0xae, 0x97, 0x58, 0x41, 0x69, 0x77, 0x87, 0x27, 0x66, 0x4a, 0xb6, 0xa4, 0x72, 0x69, 0xd5, 0x24, 0x18, 0xab, - 0xff, 0x79, 0x2f, 0x14, 0x59, 0xb7, 0x9f, 0x8d, 0xdf, 0xc3, 0x8c, 0xdf, 0x32, 0x8c, 0x3d, 0xb4, + 0xff, 0x69, 0x2f, 0x14, 0x59, 0xb7, 0x9f, 0x8d, 0xdf, 0xc3, 0x8c, 0xdf, 0x32, 0x8c, 0x3d, 0xb4, 0x9d, 0x47, 0xa6, 0xb5, 0x1e, 0x78, 0xc5, 0x8b, 0xbd, 0x29, 0x7a, 0xf2, 0x6c, 0x72, 0x5c, 0x3d, 0x70, 0xa0, 0xd7, 0x12, 0xe4, 0xbb, 0x8c, 0xe0, 0x37, 0x00, 0xf8, 0x5b, 0x77, 0xa4, 0xe9, 0x0f, 0x83, 0x55, 0xf0, 0x97, 0xf0, 0xe8, 0x68, 0x2f, 0x07, 0xab, 0x08, 0x89, 0xd9, 0x26, 0x9c, 0xfb, @@ -15071,718 +15075,720 @@ var fileDescriptor_007ba1c3d6266d56 = []byte{ 0x78, 0x90, 0xd7, 0x62, 0x17, 0xe0, 0x24, 0xc2, 0x2d, 0xf3, 0xfe, 0x3b, 0x74, 0xa0, 0x1a, 0xda, 0xcd, 0x81, 0x4a, 0xfd, 0x7a, 0x1e, 0x06, 0x6a, 0x9d, 0x55, 0x77, 0xcb, 0xf5, 0x68, 0xeb, 0x84, 0xab, 0xb1, 0xbf, 0xbd, 0x2a, 0xa6, 0x6e, 0xaf, 0x9e, 0xf7, 0x85, 0x22, 0x9d, 0x3b, 0x06, 0x26, - 0x9d, 0x2f, 0x8e, 0xbf, 0x9e, 0x87, 0x31, 0x7e, 0x71, 0x56, 0x31, 0xdd, 0xc6, 0x11, 0x38, 0xf3, + 0x9d, 0x2f, 0x8e, 0xbf, 0x91, 0x87, 0x31, 0x7e, 0x71, 0x56, 0x31, 0xdd, 0xc6, 0x11, 0x38, 0xf3, 0x1f, 0xbf, 0x54, 0x0e, 0x77, 0xd9, 0xbc, 0x87, 0x27, 0x12, 0xea, 0xd7, 0xf2, 0x30, 0x58, 0xee, - 0x78, 0x1b, 0x65, 0x0f, 0x75, 0xeb, 0x54, 0xee, 0x4f, 0xfe, 0x6e, 0x0e, 0x46, 0x59, 0x43, 0x96, + 0x78, 0x1b, 0x65, 0x0f, 0x75, 0xeb, 0x54, 0xee, 0x4f, 0xfe, 0x5e, 0x0e, 0x46, 0x59, 0x43, 0x96, 0xed, 0x47, 0xd4, 0x3a, 0x82, 0x83, 0x47, 0xf9, 0x00, 0x31, 0x7f, 0xc0, 0x03, 0x44, 0x5f, 0x96, 0x85, 0xfd, 0xc9, 0x12, 0x8f, 0xcb, 0x35, 0xbb, 0x49, 0x4f, 0xf6, 0x67, 0x1c, 0xe1, 0x71, 0xb9, 0x2f, 0x90, 0x23, 0xb8, 0x9e, 0xf9, 0x64, 0x09, 0xe4, 0x08, 0xce, 0x96, 0x3e, 0x19, 0x02, 0xf9, 0x4e, 0x0e, 0x06, 0x26, 0x6d, 0xef, 0x84, 0x0f, 0x7c, 0xf1, 0x15, 0x27, 0x5b, 0xcd, 0xfd, 0xaf, - 0x38, 0xd9, 0xba, 0xa9, 0xfe, 0x6c, 0x1e, 0xce, 0x8b, 0xd8, 0xe0, 0xe2, 0xfc, 0xe1, 0x6c, 0x3a, - 0x16, 0x83, 0x2d, 0x29, 0x9a, 0xb3, 0x79, 0x48, 0x88, 0xe6, 0x17, 0x0b, 0x70, 0x1e, 0x43, 0x99, + 0x38, 0xd9, 0xba, 0xa9, 0xfe, 0x5c, 0x1e, 0xce, 0x8b, 0xd8, 0xe0, 0xe2, 0xfc, 0xe1, 0x6c, 0x3a, + 0x16, 0x83, 0x2d, 0x29, 0x9a, 0xb3, 0x79, 0x48, 0x88, 0xe6, 0x97, 0x0a, 0x70, 0x1e, 0x43, 0x99, 0xb2, 0x6d, 0xd9, 0x27, 0xc0, 0x16, 0x21, 0x8d, 0xe8, 0x25, 0xe8, 0x7c, 0xca, 0x25, 0xe8, 0xbf, 0xdc, 0x9e, 0x78, 0x6d, 0xdd, 0xf4, 0x36, 0x3a, 0xab, 0x37, 0x1b, 0x76, 0xeb, 0xd6, 0xba, 0xa3, 0x3f, 0x36, 0xf9, 0xf5, 0x9f, 0xde, 0xbc, 0x15, 0xa4, 0xd9, 0xd0, 0xdb, 0xa6, 0x48, 0xc0, 0x51, 0xc3, 0xbd, 0x0e, 0xe3, 0xea, 0x5f, 0x9f, 0xba, 0x00, 0xf7, 0x6c, 0xd3, 0x12, 0x3e, 0x85, 0xdc, 0xd0, 0xad, 0xb1, 0xfd, 0xe1, 0x07, 0xb6, 0x69, 0xd5, 0xe3, 0x8e, 0x85, 0xfb, 0xad, 0x2f, 0x64, - 0xad, 0x49, 0xd5, 0xa8, 0xff, 0x6d, 0x0e, 0x9e, 0x8a, 0x6a, 0xf1, 0x27, 0xc1, 0x76, 0xfc, 0x33, + 0xad, 0x49, 0xd5, 0xa8, 0xff, 0x4d, 0x0e, 0x9e, 0x8a, 0x6a, 0xf1, 0x27, 0xc1, 0x76, 0xfc, 0xb3, 0x79, 0xb8, 0x70, 0x17, 0x85, 0x13, 0x38, 0x72, 0x9c, 0xcd, 0x5b, 0x62, 0x70, 0xa6, 0xc8, 0xe6, - 0xcc, 0xa2, 0xcc, 0x96, 0xcd, 0xd9, 0xa4, 0x2e, 0x64, 0xf3, 0xf7, 0x73, 0x70, 0x6e, 0xb1, 0x5a, - 0x99, 0xfa, 0x84, 0x8c, 0xa8, 0xe4, 0xf7, 0x9c, 0x70, 0x83, 0x33, 0xf1, 0x3d, 0x27, 0xdc, 0xf4, - 0xfc, 0x76, 0x1e, 0xce, 0xd5, 0xca, 0xf3, 0x73, 0x9f, 0x94, 0x19, 0x7c, 0x4a, 0xf6, 0x3a, 0xf4, - 0x0f, 0xc1, 0x84, 0x2d, 0x20, 0x7f, 0xe6, 0x83, 0xdb, 0xd9, 0xde, 0x88, 0x49, 0xa1, 0x9c, 0xf0, - 0xa9, 0xfb, 0x48, 0x84, 0xc2, 0x34, 0x3f, 0x42, 0x7d, 0xc2, 0x35, 0xff, 0xbf, 0x2c, 0xc1, 0xe0, - 0xfd, 0xce, 0x2a, 0x15, 0xce, 0x29, 0xa7, 0xfa, 0xe4, 0xf7, 0x36, 0x0c, 0x0a, 0x31, 0xe0, 0xad, - 0x89, 0x14, 0x3c, 0x4f, 0x04, 0x43, 0xe1, 0xf1, 0x89, 0x64, 0x22, 0x72, 0x05, 0x8a, 0x0f, 0xa8, - 0xb3, 0x2a, 0xbf, 0x2b, 0x7d, 0x4c, 0x9d, 0x55, 0x0d, 0xa1, 0x64, 0x2e, 0x74, 0x99, 0x2f, 0x2f, - 0x55, 0x31, 0x91, 0x8a, 0xb8, 0xb0, 0xc1, 0xcc, 0x30, 0x81, 0xdf, 0x9b, 0xde, 0x36, 0x79, 0x0a, - 0x16, 0xf9, 0x4d, 0x7b, 0xbc, 0x24, 0x59, 0x80, 0x71, 0xd9, 0xf1, 0x89, 0x67, 0x11, 0xe9, 0x4f, - 0x61, 0x97, 0x96, 0x3f, 0x24, 0x59, 0x94, 0xbc, 0x0b, 0x43, 0x3e, 0x10, 0x5d, 0xb8, 0x06, 0xc2, - 0xd0, 0xf5, 0x01, 0xab, 0x58, 0x8a, 0xa2, 0x48, 0x01, 0x99, 0x01, 0x5e, 0x43, 0x40, 0x0a, 0x83, - 0x98, 0x4b, 0x5c, 0xa4, 0x00, 0x79, 0x15, 0x19, 0xe0, 0x33, 0x0f, 0x74, 0x56, 0x19, 0xc4, 0x47, - 0x97, 0xe8, 0x92, 0xef, 0x08, 0x38, 0x7f, 0x5a, 0x1b, 0x21, 0x23, 0x8b, 0x00, 0xa1, 0x53, 0x81, - 0x08, 0x60, 0xb0, 0x6f, 0x77, 0x07, 0x89, 0x85, 0x7c, 0x1d, 0x38, 0x7c, 0x90, 0xeb, 0x40, 0xf5, - 0x1f, 0xe6, 0x61, 0xb0, 0xdc, 0x6e, 0x07, 0x43, 0xe1, 0x25, 0x28, 0x95, 0xdb, 0xed, 0x15, 0xad, - 0x2a, 0x87, 0x32, 0xd7, 0xdb, 0xed, 0x7a, 0xc7, 0x31, 0x65, 0x9f, 0x50, 0x4e, 0x44, 0xa6, 0x60, - 0xb8, 0xdc, 0x6e, 0x2f, 0x75, 0x56, 0x9b, 0x66, 0x43, 0xca, 0x8c, 0xc4, 0x73, 0xc7, 0xb5, 0xdb, - 0xf5, 0x36, 0x62, 0xe2, 0xe9, 0xb1, 0xa2, 0x65, 0xc8, 0x57, 0x31, 0xec, 0x8f, 0x48, 0xcc, 0xc3, - 0x53, 0x7f, 0xa8, 0x41, 0x10, 0xf3, 0xb0, 0x6d, 0x37, 0x03, 0x22, 0x1e, 0xec, 0xfd, 0x8a, 0x1f, - 0x32, 0x9f, 0x55, 0x94, 0x48, 0xc0, 0x13, 0xb2, 0x24, 0x9f, 0x83, 0xbe, 0x72, 0xbb, 0x2d, 0xdd, - 0x37, 0xa1, 0x53, 0x11, 0x2b, 0x15, 0xcf, 0x7d, 0x26, 0xc8, 0x2e, 0xbf, 0x0d, 0x23, 0xd1, 0xca, - 0xf6, 0x15, 0x2c, 0xfe, 0xfb, 0x39, 0xfc, 0xa0, 0x13, 0xee, 0xd3, 0xfc, 0x0a, 0x14, 0xca, 0xed, - 0xb6, 0x98, 0x8f, 0xce, 0xa5, 0xf4, 0x47, 0xfc, 0x09, 0x74, 0xb9, 0xdd, 0xf6, 0x3f, 0xfd, 0x84, - 0x3f, 0x8e, 0x38, 0xd0, 0xa7, 0x7f, 0x87, 0x7f, 0xfa, 0xc9, 0x7e, 0xb8, 0xa0, 0xfe, 0x46, 0x01, - 0x46, 0xcb, 0xed, 0xf6, 0x59, 0x90, 0xf9, 0xa3, 0x7a, 0x68, 0xfd, 0x32, 0x80, 0x34, 0x3d, 0xf6, - 0x05, 0x4f, 0xb7, 0x06, 0xa5, 0xa9, 0x51, 0xc9, 0x69, 0x12, 0x91, 0xaf, 0x7e, 0xfd, 0xfb, 0x52, - 0xbf, 0xaf, 0x15, 0x70, 0x2a, 0x3e, 0xe9, 0x41, 0xa3, 0x3e, 0x2e, 0xdd, 0x26, 0xfa, 0xa0, 0xb4, - 0xaf, 0x3e, 0xf8, 0x3b, 0x91, 0xc1, 0x83, 0x41, 0xcb, 0xcf, 0x7a, 0xa1, 0xf7, 0x50, 0x66, 0xf1, - 0x88, 0x2c, 0x4c, 0x11, 0xc9, 0xc6, 0x4f, 0xa4, 0x24, 0xe2, 0x2a, 0x35, 0x18, 0xaa, 0x6e, 0x1a, - 0x5a, 0x8c, 0xd6, 0xef, 0xc3, 0xbe, 0x7d, 0xf5, 0xe1, 0x76, 0x1e, 0xdf, 0x4e, 0x07, 0x71, 0x99, - 0x0e, 0xbf, 0xbb, 0xb8, 0x05, 0xc0, 0x3d, 0x0f, 0x02, 0xb7, 0xe6, 0x61, 0x1e, 0x82, 0x85, 0xe7, - 0x57, 0x12, 0x21, 0x58, 0x42, 0x92, 0xc0, 0x43, 0xaa, 0x90, 0xea, 0x21, 0x75, 0x03, 0xfa, 0x35, - 0x7d, 0xf3, 0xbd, 0x0e, 0x75, 0xb6, 0x84, 0x39, 0xc3, 0xc3, 0x1e, 0xea, 0x9b, 0xf5, 0x1f, 0x66, - 0x40, 0x2d, 0x40, 0x13, 0x35, 0x78, 0x7c, 0x2f, 0x79, 0x84, 0xf0, 0x33, 0xf2, 0xe0, 0xc9, 0xfd, - 0x41, 0x14, 0x9d, 0xbc, 0x09, 0x85, 0xf2, 0xc3, 0x9a, 0x90, 0x6c, 0xd0, 0xb5, 0xe5, 0x87, 0x35, - 0x21, 0xaf, 0xcc, 0xb2, 0x0f, 0x6b, 0xea, 0xd7, 0xf2, 0x40, 0x92, 0x94, 0xe4, 0x35, 0x18, 0x40, - 0xe8, 0x3a, 0xd3, 0x19, 0x39, 0x31, 0xe7, 0xa6, 0x5b, 0x77, 0x10, 0x1a, 0x31, 0xee, 0x7c, 0x52, - 0xf2, 0x06, 0xa6, 0x3e, 0x16, 0xa9, 0xe1, 0x22, 0x89, 0x39, 0x37, 0x5d, 0x3f, 0x59, 0x70, 0x2c, - 0xf3, 0xb1, 0x20, 0x46, 0xbb, 0xf0, 0x61, 0x6d, 0xd6, 0x76, 0x3d, 0x21, 0x6a, 0x6e, 0x17, 0x6e, - 0xba, 0x98, 0x11, 0x36, 0x62, 0x17, 0x72, 0x32, 0xcc, 0x6a, 0xf5, 0xb0, 0xc6, 0x9f, 0xa9, 0x18, - 0x9a, 0xdd, 0xf4, 0x0d, 0x4a, 0x9e, 0xd5, 0x6a, 0xd3, 0xad, 0xf3, 0x27, 0x2e, 0x06, 0xe6, 0x5c, - 0x8e, 0x64, 0xb5, 0x8a, 0x94, 0x52, 0xbf, 0xd1, 0x0f, 0x63, 0x15, 0xdd, 0xd3, 0x57, 0x75, 0x97, - 0x4a, 0xbb, 0xe9, 0x51, 0x1f, 0xe6, 0x7f, 0x8e, 0x24, 0x07, 0x63, 0x35, 0xe5, 0x6b, 0xe2, 0x05, - 0xc8, 0x5b, 0x21, 0xdf, 0x20, 0xe7, 0xa8, 0x9c, 0xc4, 0x6c, 0xb5, 0xde, 0x16, 0x60, 0x2d, 0x41, - 0x48, 0x5e, 0x84, 0x41, 0x1f, 0xc6, 0x36, 0x00, 0x85, 0x50, 0x67, 0x8c, 0x55, 0x66, 0xff, 0x6b, - 0x32, 0x9a, 0xbc, 0x01, 0x43, 0xfe, 0x4f, 0xc9, 0xb4, 0xe6, 0x19, 0xd9, 0x56, 0x13, 0xbb, 0x27, - 0x99, 0x54, 0x2e, 0x8a, 0xf3, 0x5b, 0x6f, 0xa4, 0x68, 0x2c, 0xe9, 0x59, 0x84, 0x94, 0xfc, 0x30, - 0x8c, 0xf8, 0xbf, 0xc5, 0x86, 0x81, 0xe7, 0x87, 0x7b, 0x31, 0x48, 0xe9, 0x1c, 0x13, 0xeb, 0xcd, - 0x28, 0x39, 0xdf, 0x3a, 0x3c, 0xed, 0xe7, 0xf1, 0x32, 0x56, 0x93, 0x3b, 0x87, 0x58, 0x05, 0xa4, - 0x0a, 0xe3, 0x3e, 0x24, 0xd4, 0xd0, 0xbe, 0x70, 0xc7, 0x68, 0xac, 0xd6, 0x53, 0x95, 0x34, 0x59, - 0x8a, 0x34, 0xe1, 0x4a, 0x04, 0x68, 0xb8, 0x1b, 0xe6, 0x9a, 0x27, 0xb6, 0x7b, 0x22, 0x06, 0xb1, - 0x48, 0xdc, 0x18, 0x70, 0xe5, 0x34, 0x7e, 0x06, 0xd6, 0x68, 0x76, 0xa8, 0xae, 0xdc, 0x48, 0x0d, - 0xce, 0xfb, 0xf8, 0xbb, 0x53, 0x4b, 0x4b, 0x8e, 0xfd, 0x01, 0x6d, 0x78, 0xd5, 0x8a, 0xd8, 0x2e, - 0x63, 0x6c, 0x3a, 0x63, 0xb5, 0xbe, 0xde, 0x68, 0x33, 0xa5, 0x60, 0xb8, 0x28, 0xf3, 0xd4, 0xc2, - 0xe4, 0x01, 0x5c, 0x90, 0xe0, 0x52, 0x7a, 0x68, 0x08, 0xf7, 0xf3, 0x82, 0x6b, 0x7a, 0x86, 0xe8, - 0xf4, 0xe2, 0xe4, 0x6d, 0x18, 0xf6, 0x11, 0xfc, 0x16, 0x71, 0x10, 0x6f, 0x11, 0x71, 0x48, 0x1a, - 0xab, 0xf5, 0xf8, 0x6b, 0xca, 0x28, 0xb1, 0xac, 0x51, 0x98, 0x51, 0x7f, 0x28, 0xa2, 0x51, 0xde, - 0x56, 0x3b, 0x55, 0x19, 0x31, 0xcb, 0xfe, 0xbb, 0xa1, 0x46, 0x2d, 0x3a, 0xe6, 0xba, 0xc9, 0x77, - 0xd2, 0xfe, 0x03, 0xca, 0xd5, 0xba, 0x8d, 0xc0, 0x34, 0xfd, 0xe0, 0xe4, 0x97, 0xcb, 0x70, 0x2e, - 0x45, 0xc7, 0xf6, 0xb5, 0x63, 0xfc, 0x7a, 0x3e, 0x6c, 0xc4, 0x09, 0xdf, 0x36, 0x4e, 0x42, 0xbf, - 0xff, 0x25, 0xc2, 0x78, 0x50, 0xb2, 0x86, 0x66, 0x9c, 0x87, 0x8f, 0x8f, 0x88, 0xe3, 0x84, 0x6f, - 0x25, 0x8f, 0x42, 0x1c, 0xdf, 0xcd, 0x85, 0xe2, 0x38, 0xe1, 0xdb, 0xcb, 0xbf, 0x5f, 0x08, 0xe7, + 0xcc, 0xa2, 0xcc, 0x96, 0xcd, 0xd9, 0xa4, 0x2e, 0x64, 0xf3, 0x5f, 0xe7, 0xe0, 0xdc, 0x62, 0xb5, + 0x32, 0xf5, 0x09, 0x19, 0x51, 0xc9, 0xef, 0x39, 0xe1, 0x06, 0x67, 0xe2, 0x7b, 0x4e, 0xb8, 0xe9, + 0xf9, 0xed, 0x3c, 0x9c, 0xab, 0x95, 0xe7, 0xe7, 0x3e, 0x29, 0x33, 0xf8, 0x94, 0xec, 0x75, 0xe8, + 0x1f, 0x82, 0x09, 0x5b, 0x40, 0xfe, 0xcc, 0x07, 0xb7, 0xb3, 0xbd, 0x11, 0x93, 0x42, 0x39, 0xe1, + 0x53, 0xf7, 0x91, 0x08, 0x85, 0x69, 0x7e, 0x84, 0xfa, 0x84, 0x6b, 0xfe, 0x7f, 0x5e, 0x82, 0xc1, + 0xfb, 0x9d, 0x55, 0x2a, 0x9c, 0x53, 0x4e, 0xf5, 0xc9, 0xef, 0x6d, 0x18, 0x14, 0x62, 0xc0, 0x5b, + 0x13, 0x29, 0x78, 0x9e, 0x08, 0x86, 0xc2, 0xe3, 0x13, 0xc9, 0x44, 0xe4, 0x0a, 0x14, 0x1f, 0x50, + 0x67, 0x55, 0x7e, 0x57, 0xfa, 0x98, 0x3a, 0xab, 0x1a, 0x42, 0xc9, 0x5c, 0xe8, 0x32, 0x5f, 0x5e, + 0xaa, 0x62, 0x22, 0x15, 0x71, 0x61, 0x83, 0x99, 0x61, 0x02, 0xbf, 0x37, 0xbd, 0x6d, 0xf2, 0x14, + 0x2c, 0xf2, 0x9b, 0xf6, 0x78, 0x49, 0xb2, 0x00, 0xe3, 0xb2, 0xe3, 0x13, 0xcf, 0x22, 0xd2, 0x9f, + 0xc2, 0x2e, 0x2d, 0x7f, 0x48, 0xb2, 0x28, 0x79, 0x17, 0x86, 0x7c, 0x20, 0xba, 0x70, 0x0d, 0x84, + 0xa1, 0xeb, 0x03, 0x56, 0xb1, 0x14, 0x45, 0x91, 0x02, 0x32, 0x03, 0xbc, 0x86, 0x80, 0x14, 0x06, + 0x31, 0x97, 0xb8, 0x48, 0x01, 0xf2, 0x2a, 0x32, 0xc0, 0x67, 0x1e, 0xe8, 0xac, 0x32, 0x88, 0x8f, + 0x2e, 0xd1, 0x25, 0xdf, 0x11, 0x70, 0xfe, 0xb4, 0x36, 0x42, 0x46, 0x16, 0x01, 0x42, 0xa7, 0x02, + 0x11, 0xc0, 0x60, 0xdf, 0xee, 0x0e, 0x12, 0x0b, 0xf9, 0x3a, 0x70, 0xf8, 0x20, 0xd7, 0x81, 0xea, + 0x3f, 0xcc, 0xc3, 0x60, 0xb9, 0xdd, 0x0e, 0x86, 0xc2, 0x4b, 0x50, 0x2a, 0xb7, 0xdb, 0x2b, 0x5a, + 0x55, 0x0e, 0x65, 0xae, 0xb7, 0xdb, 0xf5, 0x8e, 0x63, 0xca, 0x3e, 0xa1, 0x9c, 0x88, 0x4c, 0xc1, + 0x70, 0xb9, 0xdd, 0x5e, 0xea, 0xac, 0x36, 0xcd, 0x86, 0x94, 0x19, 0x89, 0xe7, 0x8e, 0x6b, 0xb7, + 0xeb, 0x6d, 0xc4, 0xc4, 0xd3, 0x63, 0x45, 0xcb, 0x90, 0xaf, 0x62, 0xd8, 0x1f, 0x91, 0x98, 0x87, + 0xa7, 0xfe, 0x50, 0x83, 0x20, 0xe6, 0x61, 0xdb, 0x6e, 0x06, 0x44, 0x3c, 0xd8, 0xfb, 0x15, 0x3f, + 0x64, 0x3e, 0xab, 0x28, 0x91, 0x80, 0x27, 0x64, 0x49, 0x3e, 0x07, 0x7d, 0xe5, 0x76, 0x5b, 0xba, + 0x6f, 0x42, 0xa7, 0x22, 0x56, 0x2a, 0x9e, 0xfb, 0x4c, 0x90, 0x5d, 0x7e, 0x1b, 0x46, 0xa2, 0x95, + 0xed, 0x2b, 0x58, 0xfc, 0xf7, 0x73, 0xf8, 0x41, 0x27, 0xdc, 0xa7, 0xf9, 0x15, 0x28, 0x94, 0xdb, + 0x6d, 0x31, 0x1f, 0x9d, 0x4b, 0xe9, 0x8f, 0xf8, 0x13, 0xe8, 0x72, 0xbb, 0xed, 0x7f, 0xfa, 0x09, + 0x7f, 0x1c, 0x71, 0xa0, 0x4f, 0xff, 0x0e, 0xff, 0xf4, 0x93, 0xfd, 0x70, 0x41, 0xfd, 0xcd, 0x02, + 0x8c, 0x96, 0xdb, 0xed, 0xb3, 0x20, 0xf3, 0x47, 0xf5, 0xd0, 0xfa, 0x65, 0x00, 0x69, 0x7a, 0xec, + 0x0b, 0x9e, 0x6e, 0x0d, 0x4a, 0x53, 0xa3, 0x92, 0xd3, 0x24, 0x22, 0x5f, 0xfd, 0xfa, 0xf7, 0xa5, + 0x7e, 0x5f, 0x2b, 0xe0, 0x54, 0x7c, 0xd2, 0x83, 0x46, 0x7d, 0x5c, 0xba, 0x4d, 0xf4, 0x41, 0x69, + 0x5f, 0x7d, 0xf0, 0x77, 0x23, 0x83, 0x07, 0x83, 0x96, 0x9f, 0xf5, 0x42, 0xef, 0xa1, 0xcc, 0xe2, + 0x11, 0x59, 0x98, 0x22, 0x92, 0x8d, 0x9f, 0x48, 0x49, 0xc4, 0x55, 0x6a, 0x30, 0x54, 0xdd, 0x34, + 0xb4, 0x18, 0xad, 0xdf, 0x87, 0x7d, 0xfb, 0xea, 0xc3, 0xed, 0x3c, 0xbe, 0x9d, 0x0e, 0xe2, 0x32, + 0x1d, 0x7e, 0x77, 0x71, 0x0b, 0x80, 0x7b, 0x1e, 0x04, 0x6e, 0xcd, 0xc3, 0x3c, 0x04, 0x0b, 0xcf, + 0xaf, 0x24, 0x42, 0xb0, 0x84, 0x24, 0x81, 0x87, 0x54, 0x21, 0xd5, 0x43, 0xea, 0x06, 0xf4, 0x6b, + 0xfa, 0xe6, 0x7b, 0x1d, 0xea, 0x6c, 0x09, 0x73, 0x86, 0x87, 0x3d, 0xd4, 0x37, 0xeb, 0x3f, 0xcc, + 0x80, 0x5a, 0x80, 0x26, 0x6a, 0xf0, 0xf8, 0x5e, 0xf2, 0x08, 0xe1, 0x67, 0xe4, 0xc1, 0x93, 0xfb, + 0x83, 0x28, 0x3a, 0x79, 0x13, 0x0a, 0xe5, 0x87, 0x35, 0x21, 0xd9, 0xa0, 0x6b, 0xcb, 0x0f, 0x6b, + 0x42, 0x5e, 0x99, 0x65, 0x1f, 0xd6, 0xd4, 0xaf, 0xe5, 0x81, 0x24, 0x29, 0xc9, 0x6b, 0x30, 0x80, + 0xd0, 0x75, 0xa6, 0x33, 0x72, 0x62, 0xce, 0x4d, 0xb7, 0xee, 0x20, 0x34, 0x62, 0xdc, 0xf9, 0xa4, + 0xe4, 0x0d, 0x4c, 0x7d, 0x2c, 0x52, 0xc3, 0x45, 0x12, 0x73, 0x6e, 0xba, 0x7e, 0xb2, 0xe0, 0x58, + 0xe6, 0x63, 0x41, 0x8c, 0x76, 0xe1, 0xc3, 0xda, 0xac, 0xed, 0x7a, 0x42, 0xd4, 0xdc, 0x2e, 0xdc, + 0x74, 0x31, 0x23, 0x6c, 0xc4, 0x2e, 0xe4, 0x64, 0x98, 0xd5, 0xea, 0x61, 0x8d, 0x3f, 0x53, 0x31, + 0x34, 0xbb, 0xe9, 0x1b, 0x94, 0x3c, 0xab, 0xd5, 0xa6, 0x5b, 0xe7, 0x4f, 0x5c, 0x0c, 0xcc, 0xb9, + 0x1c, 0xc9, 0x6a, 0x15, 0x29, 0xa5, 0x7e, 0xa3, 0x1f, 0xc6, 0x2a, 0xba, 0xa7, 0xaf, 0xea, 0x2e, + 0x95, 0x76, 0xd3, 0xa3, 0x3e, 0xcc, 0xff, 0x1c, 0x49, 0x0e, 0xc6, 0x6a, 0xca, 0xd7, 0xc4, 0x0b, + 0x90, 0xb7, 0x42, 0xbe, 0x41, 0xce, 0x51, 0x39, 0x89, 0xd9, 0x6a, 0xbd, 0x2d, 0xc0, 0x5a, 0x82, + 0x90, 0xbc, 0x08, 0x83, 0x3e, 0x8c, 0x6d, 0x00, 0x0a, 0xa1, 0xce, 0x18, 0xab, 0xcc, 0xfe, 0xd7, + 0x64, 0x34, 0x79, 0x03, 0x86, 0xfc, 0x9f, 0x92, 0x69, 0xcd, 0x33, 0xb2, 0xad, 0x26, 0x76, 0x4f, + 0x32, 0xa9, 0x5c, 0x14, 0xe7, 0xb7, 0xde, 0x48, 0xd1, 0x58, 0xd2, 0xb3, 0x08, 0x29, 0xf9, 0x61, + 0x18, 0xf1, 0x7f, 0x8b, 0x0d, 0x03, 0xcf, 0x0f, 0xf7, 0x62, 0x90, 0xd2, 0x39, 0x26, 0xd6, 0x9b, + 0x51, 0x72, 0xbe, 0x75, 0x78, 0xda, 0xcf, 0xe3, 0x65, 0xac, 0x26, 0x77, 0x0e, 0xb1, 0x0a, 0x48, + 0x15, 0xc6, 0x7d, 0x48, 0xa8, 0xa1, 0x7d, 0xe1, 0x8e, 0xd1, 0x58, 0xad, 0xa7, 0x2a, 0x69, 0xb2, + 0x14, 0x69, 0xc2, 0x95, 0x08, 0xd0, 0x70, 0x37, 0xcc, 0x35, 0x4f, 0x6c, 0xf7, 0x44, 0x0c, 0x62, + 0x91, 0xb8, 0x31, 0xe0, 0xca, 0x69, 0xfc, 0x0c, 0xac, 0xd1, 0xec, 0x50, 0x5d, 0xb9, 0x91, 0x1a, + 0x9c, 0xf7, 0xf1, 0x77, 0xa7, 0x96, 0x96, 0x1c, 0xfb, 0x03, 0xda, 0xf0, 0xaa, 0x15, 0xb1, 0x5d, + 0xc6, 0xd8, 0x74, 0xc6, 0x6a, 0x7d, 0xbd, 0xd1, 0x66, 0x4a, 0xc1, 0x70, 0x51, 0xe6, 0xa9, 0x85, + 0xc9, 0x03, 0xb8, 0x20, 0xc1, 0xa5, 0xf4, 0xd0, 0x10, 0xee, 0xe7, 0x05, 0xd7, 0xf4, 0x0c, 0xd1, + 0xe9, 0xc5, 0xc9, 0xdb, 0x30, 0xec, 0x23, 0xf8, 0x2d, 0xe2, 0x20, 0xde, 0x22, 0xe2, 0x90, 0x34, + 0x56, 0xeb, 0xf1, 0xd7, 0x94, 0x51, 0x62, 0x59, 0xa3, 0x30, 0xa3, 0xfe, 0x50, 0x44, 0xa3, 0xbc, + 0xad, 0x76, 0xaa, 0x32, 0x62, 0x96, 0xfd, 0x77, 0x43, 0x8d, 0x5a, 0x74, 0xcc, 0x75, 0x93, 0xef, + 0xa4, 0xfd, 0x07, 0x94, 0xab, 0x75, 0x1b, 0x81, 0x69, 0xfa, 0xc1, 0xc9, 0x2f, 0x97, 0xe1, 0x5c, + 0x8a, 0x8e, 0xed, 0x6b, 0xc7, 0xf8, 0xf5, 0x7c, 0xd8, 0x88, 0x13, 0xbe, 0x6d, 0x9c, 0x84, 0x7e, + 0xff, 0x4b, 0x84, 0xf1, 0xa0, 0x64, 0x0d, 0xcd, 0x38, 0x0f, 0x1f, 0x1f, 0x11, 0xc7, 0x09, 0xdf, + 0x4a, 0x1e, 0x85, 0x38, 0xbe, 0x9b, 0x0b, 0xc5, 0x71, 0xc2, 0xb7, 0x97, 0x3f, 0x59, 0x0c, 0xe7, 0xa4, 0xb3, 0x3d, 0xe6, 0x51, 0x99, 0xc9, 0xa1, 0x1f, 0x6c, 0x69, 0x1f, 0x0f, 0x19, 0x65, 0xd5, - 0xec, 0x3b, 0xa0, 0x6a, 0xfe, 0xe3, 0x64, 0x7f, 0x72, 0xd3, 0xf3, 0x44, 0xf6, 0xe7, 0x11, 0x0c, - 0x56, 0x72, 0x3b, 0x5c, 0xc7, 0xb8, 0x8d, 0xde, 0x2b, 0x85, 0xf8, 0x5b, 0x15, 0x26, 0x7a, 0x94, - 0x84, 0xfc, 0x00, 0x5c, 0x8a, 0x00, 0x96, 0x74, 0x47, 0x6f, 0x51, 0x2f, 0xcc, 0x38, 0x88, 0x41, - 0x9b, 0xfc, 0xd2, 0xf5, 0x76, 0x80, 0x96, 0xb3, 0x18, 0x66, 0x70, 0x90, 0x94, 0xa3, 0x6f, 0x1f, - 0x4e, 0xd2, 0x3f, 0x53, 0x08, 0x4d, 0x95, 0x68, 0xf0, 0x55, 0x8d, 0xba, 0x9d, 0xa6, 0x77, 0x7a, - 0x3b, 0xf8, 0x60, 0xa9, 0x2d, 0x66, 0x61, 0xb4, 0xbc, 0xb6, 0x46, 0x1b, 0x9e, 0x1f, 0x53, 0xda, - 0x15, 0xe1, 0xf6, 0xf8, 0xd6, 0x41, 0xa0, 0x44, 0x8c, 0xe0, 0x48, 0x6e, 0xfc, 0x58, 0x31, 0xf5, - 0x9f, 0x14, 0x41, 0x09, 0x4c, 0xf7, 0xe0, 0xa1, 0xd6, 0x31, 0x2e, 0x93, 0x1f, 0x8b, 0x5e, 0x31, - 0x61, 0x3c, 0x14, 0x46, 0xad, 0xd3, 0x6a, 0xe9, 0x38, 0xf4, 0xd8, 0xd6, 0x60, 0x22, 0xce, 0x2c, - 0x24, 0xe4, 0xbb, 0x81, 0xcb, 0x62, 0x37, 0x40, 0xc2, 0x87, 0x70, 0x75, 0x97, 0xb3, 0xd0, 0x92, - 0x5c, 0xc9, 0x37, 0x73, 0x70, 0xde, 0xef, 0x94, 0xc5, 0x55, 0x66, 0x16, 0x4f, 0xd9, 0x1d, 0xcb, - 0xf3, 0x77, 0x22, 0x6f, 0x66, 0x57, 0xc7, 0x3b, 0xe9, 0x66, 0x5a, 0x61, 0xde, 0x92, 0x20, 0xb0, - 0x44, 0xa0, 0x10, 0x36, 0xd2, 0xd4, 0x1b, 0x48, 0xa4, 0xa5, 0xd6, 0x7b, 0xf9, 0x2e, 0x3c, 0x95, - 0xc9, 0x72, 0x37, 0x33, 0xb4, 0x57, 0x36, 0x43, 0xff, 0xfb, 0x5c, 0x38, 0x11, 0xc5, 0x84, 0x44, - 0x6e, 0x02, 0x84, 0x20, 0xb1, 0x31, 0x1d, 0xd9, 0xd9, 0x9e, 0x80, 0x50, 0x68, 0x9a, 0x44, 0x41, - 0x16, 0xa1, 0x24, 0xc4, 0xc2, 0xb3, 0xfb, 0x7e, 0x76, 0x97, 0x5e, 0xb8, 0x29, 0xcb, 0x01, 0x37, - 0x9d, 0xe2, 0x9b, 0x05, 0x9b, 0xcb, 0x6f, 0xc0, 0xe0, 0x41, 0xbf, 0xeb, 0x9b, 0x05, 0x20, 0xf2, - 0x2e, 0xf2, 0x18, 0x4d, 0xec, 0x13, 0x3c, 0x85, 0x5d, 0x87, 0x7e, 0xf6, 0x09, 0x98, 0xef, 0x42, - 0x8a, 0x6f, 0xdb, 0x11, 0x30, 0x2d, 0xc0, 0x86, 0xc1, 0xa5, 0xfa, 0xd2, 0x83, 0x4b, 0xa9, 0x3f, - 0x55, 0x80, 0x8b, 0x72, 0x87, 0x54, 0x28, 0x86, 0xcc, 0x3f, 0xeb, 0x94, 0x8f, 0xb0, 0x53, 0x54, - 0x28, 0xf1, 0xcd, 0x83, 0xc8, 0x5d, 0xc0, 0x0f, 0x76, 0x10, 0xa2, 0x09, 0x8c, 0xfa, 0xbf, 0xe4, - 0x61, 0x78, 0xc9, 0x76, 0xbd, 0x75, 0x87, 0xba, 0x4b, 0xba, 0xe3, 0x9e, 0xe2, 0xee, 0xf8, 0x3c, - 0x0c, 0x63, 0x78, 0xa0, 0x16, 0xb5, 0x78, 0x08, 0x9d, 0x5e, 0x29, 0xd9, 0x88, 0x8f, 0x10, 0x79, - 0xa5, 0x22, 0x84, 0x4c, 0xfb, 0xb9, 0xe5, 0x27, 0x05, 0x6d, 0xe2, 0x66, 0x1f, 0x87, 0xab, 0x7f, - 0xa1, 0x00, 0x43, 0xbe, 0x94, 0x27, 0xcd, 0x93, 0x7a, 0x53, 0x73, 0xbc, 0x42, 0xbe, 0x05, 0xb0, - 0x64, 0x3b, 0x9e, 0xde, 0x5c, 0x08, 0x35, 0x1f, 0x8f, 0x38, 0xdb, 0x08, 0xe5, 0x65, 0x24, 0x12, - 0x5c, 0xbf, 0x42, 0xb3, 0x9a, 0x4f, 0x4c, 0x7c, 0xfd, 0x0a, 0xa0, 0x9a, 0x44, 0xa1, 0xfe, 0xad, - 0x3c, 0x8c, 0xfa, 0x9d, 0x34, 0xfd, 0x84, 0x36, 0x3a, 0xa7, 0x79, 0x6e, 0x8a, 0x4a, 0xbb, 0x77, - 0x57, 0x69, 0xab, 0xff, 0x97, 0x34, 0x91, 0x4c, 0x35, 0xed, 0xb3, 0x89, 0xe4, 0x8f, 0x42, 0xc7, - 0xd5, 0x1f, 0x2d, 0xc0, 0x79, 0x5f, 0xea, 0x33, 0x1d, 0x0b, 0x0f, 0x07, 0xa6, 0xf4, 0x66, 0xf3, - 0x34, 0xef, 0xc6, 0x07, 0x7d, 0x41, 0x2c, 0x8a, 0x78, 0x7b, 0x22, 0xc7, 0xdf, 0x9a, 0x00, 0xd7, - 0x6d, 0xd3, 0xd0, 0x64, 0x22, 0xf2, 0x2e, 0x0c, 0xf9, 0x3f, 0xcb, 0xce, 0xba, 0xbf, 0x05, 0xc7, - 0xa3, 0xfe, 0xa0, 0x90, 0xee, 0x44, 0xc2, 0x0a, 0x44, 0x0a, 0xa8, 0x5f, 0xeb, 0x83, 0xcb, 0x0f, - 0x4d, 0xcb, 0xb0, 0x37, 0x5d, 0x3f, 0x45, 0xe4, 0x89, 0x3f, 0xea, 0x3a, 0xee, 0xd4, 0x90, 0xef, - 0xc1, 0x85, 0xb8, 0x48, 0x9d, 0x20, 0x70, 0xb7, 0xe8, 0x9d, 0x4d, 0x4e, 0x50, 0xf7, 0x93, 0x45, - 0x8a, 0xfb, 0x32, 0x2d, 0xbd, 0x64, 0x3c, 0xdb, 0x64, 0xdf, 0x5e, 0xb2, 0x4d, 0xbe, 0x00, 0xa5, - 0x8a, 0xdd, 0xd2, 0x4d, 0x3f, 0xc0, 0x0c, 0x8e, 0xe2, 0xa0, 0x5e, 0xc4, 0x68, 0x82, 0x82, 0xf1, - 0x17, 0x15, 0x63, 0x97, 0x0d, 0x84, 0xfc, 0xfd, 0x02, 0xcc, 0x4a, 0xd3, 0x64, 0x22, 0x62, 0xc3, - 0xb0, 0xa8, 0x4e, 0xdc, 0x6e, 0x01, 0x6e, 0x9e, 0x5e, 0xf5, 0x65, 0x94, 0xad, 0x56, 0x37, 0x23, - 0xe5, 0xf8, 0x36, 0x8a, 0x27, 0xc1, 0x14, 0x1f, 0xc3, 0xef, 0xb9, 0xb4, 0x28, 0x7f, 0x49, 0x08, - 0x38, 0xc9, 0x0c, 0x26, 0x85, 0x80, 0xb3, 0x8c, 0x4c, 0x44, 0xa6, 0x61, 0x1c, 0xc3, 0x2b, 0x07, - 0x5b, 0x29, 0xa6, 0x12, 0x43, 0x68, 0x54, 0xe2, 0xa5, 0x09, 0x8f, 0xc8, 0xcc, 0x3e, 0xae, 0xde, - 0x10, 0x68, 0x2d, 0x59, 0x82, 0x3c, 0x05, 0x85, 0x85, 0xb9, 0x32, 0xde, 0xb6, 0xf4, 0xf3, 0xd4, - 0x46, 0x56, 0x53, 0xd7, 0x18, 0xec, 0xf2, 0x17, 0x81, 0x24, 0x3f, 0x67, 0x5f, 0x37, 0x2a, 0xff, - 0xb5, 0xb4, 0xe5, 0x3b, 0xe9, 0x3e, 0x31, 0x47, 0x31, 0x11, 0x46, 0xb2, 0x8a, 0xf5, 0x7e, 0x94, - 0x59, 0xc5, 0x4a, 0x47, 0x9a, 0x55, 0x4c, 0xfd, 0x95, 0x1c, 0x8c, 0x27, 0x42, 0x90, 0x93, 0x57, - 0x00, 0x38, 0x44, 0x0a, 0xf5, 0x88, 0xb1, 0x53, 0xc2, 0xb0, 0xe4, 0x62, 0x79, 0x0c, 0xc9, 0xc8, - 0x2d, 0xe8, 0xe7, 0xbf, 0x44, 0x78, 0xa6, 0x64, 0x91, 0x4e, 0xc7, 0x34, 0xb4, 0x80, 0x28, 0xac, - 0x05, 0xef, 0x14, 0x0b, 0xa9, 0x45, 0xbc, 0xad, 0x76, 0x50, 0x0b, 0x23, 0x53, 0xbf, 0x91, 0x87, - 0xa1, 0xa0, 0xc1, 0x65, 0xe3, 0xb8, 0x74, 0xae, 0x24, 0xa2, 0xb9, 0x17, 0x76, 0x8b, 0xe6, 0x1e, - 0x9b, 0x6f, 0x45, 0xf8, 0xf6, 0xa3, 0x7b, 0x12, 0xf5, 0xad, 0x3c, 0x8c, 0x06, 0xb5, 0x1e, 0xe3, - 0xf5, 0xd5, 0xc7, 0x48, 0x24, 0xdf, 0xcc, 0x81, 0x32, 0x69, 0x36, 0x9b, 0xa6, 0xb5, 0x5e, 0xb5, - 0xd6, 0x6c, 0xa7, 0x85, 0x13, 0xe2, 0xf1, 0x1d, 0xe1, 0xaa, 0x7f, 0x22, 0x07, 0xe3, 0xa2, 0x41, - 0x53, 0xba, 0x63, 0x1c, 0xdf, 0xf9, 0x58, 0xbc, 0x25, 0xc7, 0xa7, 0x2f, 0xea, 0x6f, 0xe7, 0x01, - 0xe6, 0xec, 0xc6, 0xa3, 0x13, 0xfe, 0xa2, 0xea, 0x2d, 0x28, 0xf1, 0x18, 0x59, 0x42, 0x63, 0xc7, - 0xc5, 0xcb, 0x21, 0xf6, 0x69, 0x1c, 0x31, 0x39, 0x26, 0xe6, 0xe3, 0x12, 0x8f, 0xb1, 0xa5, 0xe4, - 0x34, 0x51, 0x84, 0x55, 0xca, 0xe8, 0xc4, 0x82, 0x11, 0x54, 0xca, 0x60, 0xd1, 0x4a, 0x77, 0xb6, - 0x27, 0x8a, 0x4d, 0xbb, 0xf1, 0x48, 0x43, 0x7a, 0xf5, 0x5f, 0xe5, 0xb8, 0xec, 0x4e, 0xf8, 0xbb, - 0x50, 0xff, 0xf3, 0x8b, 0xfb, 0xfc, 0xfc, 0x3f, 0x99, 0x83, 0xf3, 0x1a, 0x6d, 0xd8, 0x8f, 0xa9, - 0xb3, 0x35, 0x65, 0x1b, 0xf4, 0x2e, 0xb5, 0xa8, 0x73, 0x5c, 0x23, 0xea, 0x3f, 0xc3, 0xf4, 0x17, - 0x61, 0x63, 0x56, 0x5c, 0x6a, 0x9c, 0x9c, 0xd4, 0x24, 0xea, 0xaf, 0xf7, 0x81, 0x92, 0x6a, 0xf5, - 0x9e, 0x58, 0x73, 0x2e, 0x73, 0x2b, 0x53, 0x3c, 0xaa, 0xad, 0x4c, 0xef, 0xfe, 0xb6, 0x32, 0xa5, - 0xfd, 0x6e, 0x65, 0xfa, 0xf6, 0xb2, 0x95, 0x69, 0xc5, 0xb7, 0x32, 0xfd, 0xb8, 0x95, 0x79, 0xa5, - 0xeb, 0x56, 0x66, 0xda, 0x32, 0x0e, 0xb8, 0x91, 0x39, 0xb1, 0x69, 0x73, 0x0f, 0xb2, 0x03, 0xbb, - 0xce, 0x26, 0xc5, 0x86, 0xed, 0x18, 0xd4, 0x10, 0x1b, 0x2f, 0x3c, 0xf5, 0x77, 0x04, 0x4c, 0x0b, - 0xb0, 0x89, 0x1c, 0xc4, 0xc3, 0x7b, 0xc9, 0x41, 0x7c, 0x04, 0xfb, 0xaf, 0xaf, 0xe7, 0x61, 0x7c, - 0x8a, 0x3a, 0x1e, 0x0f, 0xc2, 0x79, 0x14, 0x4e, 0x6d, 0x65, 0x18, 0x95, 0x18, 0xa2, 0x45, 0x9e, - 0x0f, 0x1d, 0xf5, 0x1a, 0xd4, 0xf1, 0xe2, 0x7e, 0x7e, 0x71, 0x7a, 0x56, 0xbd, 0x9f, 0x07, 0x4c, - 0x8c, 0xdd, 0xa0, 0x7a, 0x1f, 0xce, 0x05, 0x69, 0x8a, 0x5f, 0x5a, 0x40, 0x2f, 0xa5, 0xf6, 0x2a, - 0xee, 0x3f, 0xb5, 0x97, 0xfa, 0xcb, 0x39, 0xb8, 0xa6, 0x51, 0x8b, 0x6e, 0xea, 0xab, 0x4d, 0x2a, - 0x35, 0x4b, 0xac, 0x0c, 0x6c, 0xd6, 0x30, 0xdd, 0x96, 0xee, 0x35, 0x36, 0x0e, 0x25, 0xa3, 0x19, - 0x18, 0x92, 0xe7, 0xaf, 0x7d, 0xcc, 0x6d, 0x91, 0x72, 0xea, 0xaf, 0x17, 0xa1, 0x6f, 0xd2, 0xf6, - 0xee, 0xd9, 0x87, 0xcc, 0x35, 0x17, 0x4e, 0xf9, 0xf9, 0x7d, 0x9c, 0xf5, 0x7c, 0x0e, 0x2b, 0x97, - 0xc2, 0xef, 0xa3, 0x13, 0xe8, 0xaa, 0x9d, 0x48, 0x53, 0xe0, 0x93, 0xed, 0x33, 0xcb, 0xdc, 0x6b, - 0x30, 0x80, 0xf1, 0x5b, 0xa4, 0xd3, 0x58, 0x74, 0xb1, 0xf6, 0x18, 0x30, 0x5e, 0x47, 0x48, 0x4a, - 0x7e, 0x20, 0x12, 0x35, 0xb4, 0x74, 0xf8, 0xac, 0x74, 0x72, 0x00, 0xd1, 0x57, 0xf8, 0x45, 0x1e, - 0xb6, 0x49, 0xca, 0xe0, 0x81, 0xa7, 0x28, 0xb1, 0x26, 0x05, 0x84, 0x47, 0x98, 0x31, 0x6e, 0x0a, - 0x86, 0x27, 0x6d, 0x4f, 0x72, 0xe7, 0x1d, 0x08, 0x1f, 0x72, 0x32, 0xc9, 0xa7, 0xfb, 0xf2, 0x46, - 0xcb, 0xa8, 0x7f, 0x58, 0x84, 0x21, 0xff, 0xe7, 0x31, 0xe9, 0xce, 0x4b, 0x50, 0x9a, 0xb5, 0xa5, - 0x24, 0x06, 0xe8, 0x02, 0xbc, 0x61, 0xbb, 0x31, 0xdf, 0x66, 0x41, 0xc4, 0xa4, 0xbe, 0x60, 0x1b, - 0xb2, 0x03, 0x3b, 0x4a, 0xdd, 0xb2, 0x8d, 0xc4, 0x03, 0xe0, 0x80, 0x90, 0x5c, 0x83, 0x22, 0xfa, - 0xfe, 0x4b, 0x07, 0xf9, 0x31, 0x7f, 0x7f, 0xc4, 0x4b, 0x5a, 0x59, 0xda, 0xaf, 0x56, 0xf6, 0x1d, - 0x54, 0x2b, 0xfb, 0x8f, 0x56, 0x2b, 0xdf, 0x87, 0x21, 0xac, 0xc9, 0xcf, 0x81, 0xb6, 0xfb, 0xc2, - 0xfa, 0x94, 0x58, 0xfb, 0x86, 0x79, 0xbb, 0x45, 0x26, 0x34, 0x5c, 0xf2, 0x22, 0xac, 0x62, 0xba, - 0x0b, 0x87, 0xd8, 0x4e, 0xff, 0xe3, 0x1c, 0xf4, 0xad, 0x58, 0x8f, 0x2c, 0x7b, 0xf3, 0x70, 0x1a, - 0xf7, 0x0a, 0x0c, 0x0a, 0x36, 0xd2, 0xea, 0x82, 0x6f, 0xba, 0x3b, 0x1c, 0x5c, 0x47, 0x4e, 0x9a, - 0x4c, 0x45, 0xde, 0x0e, 0x0a, 0xe1, 0xf3, 0x9e, 0x42, 0x98, 0x06, 0xc4, 0x2f, 0xd4, 0x88, 0x66, - 0x2e, 0x90, 0xc9, 0xc9, 0x15, 0x28, 0x56, 0x58, 0x53, 0xa5, 0x38, 0xb8, 0xac, 0x29, 0x1a, 0x42, - 0xd5, 0xaf, 0x17, 0x61, 0x24, 0x76, 0xf0, 0xf5, 0x02, 0x0c, 0x88, 0x83, 0x27, 0xd3, 0x4f, 0xa5, - 0x80, 0xcf, 0x7f, 0x02, 0xa0, 0xd6, 0xcf, 0xff, 0xac, 0x1a, 0xe4, 0x0b, 0xd0, 0x67, 0xbb, 0xb8, - 0x28, 0xe2, 0xb7, 0x8c, 0x84, 0x43, 0x68, 0xb1, 0xc6, 0xda, 0xce, 0x07, 0x87, 0x20, 0x91, 0x35, - 0xd2, 0x76, 0xf1, 0xd3, 0xee, 0xc0, 0x80, 0xee, 0xba, 0xd4, 0xab, 0x7b, 0xfa, 0xba, 0x9c, 0x5d, - 0x21, 0x00, 0xca, 0xa3, 0x03, 0x81, 0xcb, 0xfa, 0x3a, 0xf9, 0x22, 0x0c, 0x37, 0x1c, 0x8a, 0xcb, - 0xa6, 0xde, 0x64, 0xad, 0x94, 0xcc, 0xda, 0x08, 0x42, 0xbe, 0x3f, 0x09, 0x11, 0x55, 0x83, 0x3c, - 0x80, 0x61, 0xf1, 0x39, 0xdc, 0xf7, 0x1e, 0x07, 0xda, 0x48, 0xb8, 0x8c, 0x71, 0x91, 0x70, 0xef, - 0x7b, 0xf1, 0x04, 0x43, 0x26, 0x97, 0xf9, 0x1a, 0x12, 0x29, 0x59, 0x04, 0xb2, 0x49, 0x57, 0xeb, - 0x7a, 0xc7, 0xdb, 0x60, 0x75, 0xf1, 0xe0, 0xe0, 0x22, 0xa9, 0x20, 0xbe, 0x5b, 0x48, 0x62, 0xe5, - 0xe7, 0x1c, 0x9b, 0x74, 0xb5, 0x1c, 0x41, 0x92, 0x87, 0x70, 0x21, 0x59, 0x84, 0x7d, 0x32, 0xbf, - 0x1c, 0x78, 0x7e, 0x67, 0x7b, 0x62, 0x22, 0x95, 0x40, 0x62, 0x7b, 0x2e, 0xc1, 0xb6, 0x6a, 0xdc, - 0x2b, 0xf6, 0xf7, 0x8d, 0xf5, 0x6b, 0x23, 0xac, 0xac, 0x6f, 0x42, 0x9a, 0x86, 0xfa, 0xbb, 0x39, - 0x66, 0x2a, 0xb2, 0x0f, 0xc2, 0xac, 0xca, 0x4c, 0xd7, 0x5b, 0xfb, 0xd4, 0xf5, 0x56, 0x98, 0xff, - 0xb0, 0xe4, 0x76, 0x99, 0x5d, 0x35, 0x81, 0x25, 0x37, 0xa1, 0x64, 0xc8, 0xa7, 0x66, 0x17, 0xa3, - 0x9d, 0xe0, 0xd7, 0xa3, 0x09, 0x2a, 0x72, 0x1d, 0x8a, 0x6c, 0xc9, 0x8a, 0x6f, 0x99, 0x65, 0xeb, - 0x42, 0x43, 0x0a, 0xf5, 0x47, 0xf2, 0x30, 0x24, 0x7d, 0xcd, 0xed, 0x43, 0x7d, 0xce, 0x9b, 0x7b, - 0x6b, 0xa6, 0xef, 0xf4, 0x82, 0x7b, 0x29, 0xbf, 0xc9, 0x77, 0x02, 0x51, 0xec, 0xe9, 0x42, 0x4a, - 0x08, 0xe6, 0x35, 0xf1, 0xa1, 0xa5, 0xbd, 0x6f, 0x1f, 0x19, 0xfd, 0xbd, 0x62, 0x7f, 0x7e, 0xac, - 0x70, 0xaf, 0xd8, 0x5f, 0x1c, 0xeb, 0xc5, 0x48, 0x5a, 0x18, 0xbc, 0x9a, 0xef, 0xcd, 0xad, 0x35, - 0x73, 0xfd, 0x84, 0xbf, 0xfe, 0x38, 0xda, 0x28, 0x63, 0x31, 0xd9, 0x9c, 0xf0, 0xa7, 0x20, 0x1f, - 0xa9, 0x6c, 0xce, 0xf2, 0x25, 0x0a, 0xd9, 0xfc, 0x93, 0x1c, 0x28, 0xa9, 0xb2, 0x29, 0x1f, 0x93, - 0x1f, 0xc4, 0xd1, 0x65, 0x4d, 0xfc, 0xfd, 0x3c, 0x8c, 0x57, 0x2d, 0x8f, 0xae, 0xf3, 0x1d, 0xe3, - 0x09, 0x9f, 0x2a, 0xee, 0xc3, 0xa0, 0xf4, 0x31, 0xa2, 0xcf, 0x9f, 0x0e, 0xf6, 0xe3, 0x21, 0x2a, - 0x83, 0x93, 0x5c, 0xfa, 0x08, 0x13, 0xad, 0xc7, 0x84, 0x7c, 0xc2, 0xe7, 0x9c, 0x93, 0x21, 0xe4, - 0x13, 0x3e, 0x79, 0x7d, 0x4c, 0x85, 0xfc, 0x7f, 0xe4, 0xe0, 0x5c, 0x4a, 0xe5, 0xe4, 0x1a, 0xf4, - 0xd5, 0x3a, 0xab, 0x18, 0x38, 0x2b, 0x17, 0x7a, 0x0c, 0xbb, 0x9d, 0x55, 0x8c, 0x99, 0xa5, 0xf9, - 0x48, 0xb2, 0x8c, 0xcf, 0xe3, 0x17, 0xab, 0x95, 0x29, 0x21, 0x55, 0x55, 0x7a, 0xe8, 0xcf, 0xc0, - 0x69, 0x5f, 0x16, 0x3c, 0xa1, 0xb7, 0x4d, 0xa3, 0x11, 0x7b, 0x42, 0xcf, 0xca, 0x90, 0x1f, 0x84, - 0x81, 0xf2, 0x87, 0x1d, 0x87, 0x22, 0x5f, 0x2e, 0xf1, 0x4f, 0x05, 0x7c, 0x7d, 0x44, 0x1a, 0x67, - 0x1e, 0x0d, 0x80, 0x51, 0xc4, 0x79, 0x87, 0x0c, 0xd5, 0x6f, 0xe4, 0xe0, 0x72, 0x76, 0xeb, 0xc8, - 0xe7, 0xa0, 0x8f, 0xed, 0xcc, 0xcb, 0xda, 0x82, 0xf8, 0x74, 0x9e, 0x61, 0xd4, 0x6e, 0xd2, 0xba, - 0xee, 0xc8, 0xc6, 0xbe, 0x4f, 0x46, 0xde, 0x81, 0xc1, 0xaa, 0xeb, 0x76, 0xa8, 0x53, 0x7b, 0x65, - 0x45, 0xab, 0x8a, 0x3d, 0x21, 0xee, 0x39, 0x4c, 0x04, 0xd7, 0xdd, 0x57, 0x62, 0xa1, 0xb1, 0x64, - 0x7a, 0xf5, 0xc7, 0x73, 0x70, 0xa5, 0xdb, 0x57, 0x91, 0x57, 0xa0, 0x7f, 0x99, 0x5a, 0xba, 0xe5, - 0x55, 0x2b, 0xa2, 0x49, 0xb8, 0xc5, 0xf2, 0x10, 0x16, 0xdd, 0x29, 0x04, 0x84, 0xac, 0x10, 0x3f, - 0x57, 0x0c, 0x1c, 0x19, 0xf8, 0x19, 0x28, 0xc2, 0x62, 0x85, 0x7c, 0x42, 0xf5, 0xf7, 0xf2, 0x30, - 0xb4, 0xd4, 0xec, 0xac, 0x9b, 0xd2, 0xc2, 0x71, 0x60, 0x7b, 0xdb, 0xb7, 0x7e, 0xf3, 0xfb, 0xb3, - 0x7e, 0xd9, 0x70, 0x73, 0x0e, 0x38, 0xdc, 0xfc, 0x72, 0xe4, 0x6d, 0x28, 0xb5, 0xf1, 0x3b, 0xe2, - 0x27, 0xb1, 0xfc, 0xeb, 0xb2, 0x4e, 0x62, 0x79, 0x19, 0x36, 0xbe, 0x1a, 0x87, 0x18, 0x5f, 0x61, - 0x59, 0x49, 0xa0, 0xe1, 0x22, 0x71, 0x26, 0xd0, 0x23, 0x11, 0x68, 0xb8, 0x20, 0x9c, 0x09, 0xf4, - 0x10, 0x02, 0xfd, 0xf5, 0x3c, 0x8c, 0x44, 0xab, 0x24, 0x9f, 0x83, 0x41, 0x5e, 0x0d, 0x3f, 0x17, - 0xca, 0x49, 0x4e, 0xc5, 0x21, 0x58, 0x03, 0xfe, 0x43, 0x1c, 0x70, 0x8d, 0x6e, 0xe8, 0x6e, 0x3d, - 0x3c, 0xa1, 0xe1, 0xf7, 0xb7, 0xfd, 0xdc, 0x13, 0x2a, 0x86, 0xd2, 0x46, 0x36, 0x74, 0x77, 0x2a, - 0xfc, 0x4d, 0xa6, 0x81, 0x38, 0xb4, 0xe3, 0xd2, 0x28, 0x83, 0x22, 0x32, 0x10, 0xe9, 0x9d, 0xe3, - 0x58, 0x6d, 0x9c, 0xc3, 0x64, 0x36, 0x5f, 0x09, 0x9a, 0x8d, 0xca, 0xd0, 0xbb, 0x87, 0xdc, 0xd3, - 0x12, 0x7d, 0xfa, 0x31, 0x27, 0x27, 0xa8, 0xe8, 0x9e, 0xce, 0x37, 0xe5, 0x7e, 0x07, 0xa8, 0x3f, - 0xdd, 0x82, 0xde, 0x45, 0x8b, 0x2e, 0xae, 0x91, 0x97, 0x61, 0x80, 0x29, 0xcc, 0x9c, 0xcd, 0xfa, - 0x32, 0x27, 0xfc, 0x27, 0x24, 0x4d, 0x42, 0xc4, 0x6c, 0x8f, 0x16, 0x52, 0x91, 0x3b, 0x3c, 0x7f, - 0x3d, 0x9f, 0x63, 0x85, 0xf6, 0x11, 0xb9, 0x0c, 0xc7, 0xcc, 0xf6, 0x68, 0x12, 0x9d, 0x5f, 0x4a, - 0x3c, 0xd0, 0x29, 0x24, 0x4b, 0x71, 0x8c, 0x5f, 0x4a, 0x8c, 0x8f, 0xb9, 0xb4, 0xd4, 0xf0, 0xf1, - 0xdd, 0x53, 0x92, 0x62, 0xb6, 0x47, 0x4b, 0x4f, 0x29, 0x3f, 0x24, 0x3b, 0x94, 0xc6, 0x9d, 0x3e, - 0x64, 0xdc, 0x6c, 0x8f, 0x16, 0xa1, 0x25, 0xaf, 0xc3, 0xa0, 0xf8, 0x7d, 0xcf, 0x16, 0x37, 0xca, - 0x52, 0x34, 0x21, 0x09, 0x35, 0xdb, 0xa3, 0xc9, 0x94, 0x52, 0xa5, 0x4b, 0x8e, 0x69, 0x79, 0xe2, - 0x8d, 0x72, 0xbc, 0x52, 0xc4, 0x49, 0x95, 0xe2, 0x6f, 0xf2, 0x0e, 0x0c, 0x07, 0x61, 0x9a, 0x3e, - 0xa0, 0x0d, 0x4f, 0x1c, 0x7e, 0x5f, 0x88, 0x15, 0xe6, 0xc8, 0xd9, 0x1e, 0x2d, 0x4a, 0x4d, 0xae, - 0x43, 0x49, 0xa3, 0xae, 0xf9, 0xa1, 0x7f, 0x5d, 0x3c, 0x22, 0x8d, 0x73, 0xf3, 0x43, 0x26, 0x25, - 0x81, 0x67, 0xbd, 0x13, 0xde, 0x4f, 0x8b, 0xa3, 0x6a, 0x12, 0xab, 0x65, 0xda, 0x32, 0x58, 0xef, - 0x48, 0xce, 0x09, 0x5f, 0x0c, 0x83, 0x57, 0x89, 0x94, 0x97, 0x83, 0xf1, 0x28, 0x01, 0x32, 0x76, - 0xb6, 0x47, 0x8b, 0xd1, 0x4b, 0x52, 0xad, 0x98, 0xee, 0x23, 0x11, 0x2f, 0x34, 0x2e, 0x55, 0x86, - 0x92, 0xa4, 0xca, 0x7e, 0x4a, 0x55, 0x2f, 0x50, 0x6f, 0xd3, 0x76, 0x1e, 0x89, 0xe8, 0xa0, 0xf1, - 0xaa, 0x05, 0x56, 0xaa, 0x5a, 0x40, 0xe4, 0xaa, 0xd9, 0x80, 0x1b, 0x49, 0xaf, 0x5a, 0xf7, 0x74, - 0xb9, 0x6a, 0x7e, 0x12, 0xe7, 0x77, 0xd2, 0x1c, 0xd5, 0x1f, 0xf3, 0xcc, 0xe3, 0xc9, 0x0e, 0x45, - 0x9c, 0xd4, 0xa1, 0xf8, 0x9b, 0x55, 0x2a, 0x65, 0x97, 0x16, 0xa9, 0xc5, 0x83, 0x4a, 0x25, 0x14, - 0xab, 0x54, 0xce, 0x43, 0x7d, 0x47, 0x4e, 0xba, 0xac, 0x8c, 0x47, 0x3b, 0x28, 0xc4, 0xb0, 0x0e, - 0x92, 0x92, 0x33, 0x4f, 0x60, 0x42, 0x57, 0x85, 0x20, 0xf9, 0x60, 0xd0, 0xc2, 0xa9, 0xa5, 0xd9, - 0x1e, 0x0d, 0x53, 0xbd, 0xaa, 0x3c, 0x55, 0xb0, 0x72, 0x0e, 0x29, 0x86, 0x7c, 0x0a, 0x06, 0x9b, - 0xed, 0xd1, 0x78, 0x1a, 0xe1, 0x97, 0xa5, 0xa4, 0x7c, 0xca, 0xf9, 0xe8, 0x14, 0x11, 0x20, 0xd8, - 0x14, 0x11, 0xa6, 0xee, 0x9b, 0x49, 0x26, 0xae, 0x53, 0x2e, 0x44, 0x97, 0x9a, 0x38, 0x7e, 0xb6, - 0x47, 0x4b, 0x26, 0xbb, 0x7b, 0x3d, 0x92, 0xcb, 0x4d, 0xb9, 0x18, 0x0b, 0xe1, 0x15, 0xa2, 0x98, - 0xb8, 0xe4, 0xac, 0x6f, 0x8b, 0xb1, 0xbc, 0xe3, 0x62, 0xb2, 0xba, 0x14, 0xdd, 0xb8, 0xa4, 0x90, - 0xcc, 0xf6, 0x68, 0x69, 0x25, 0xc9, 0x54, 0x22, 0xa3, 0x9a, 0xa2, 0x44, 0x7d, 0x63, 0x62, 0xe8, - 0xd9, 0x1e, 0x2d, 0x91, 0x83, 0xed, 0x8e, 0x9c, 0xca, 0x4c, 0x79, 0x2a, 0xda, 0x89, 0x21, 0x86, - 0x75, 0xa2, 0x94, 0xf2, 0xec, 0x8e, 0x9c, 0xde, 0x4a, 0xb9, 0x9c, 0x2c, 0x15, 0xce, 0x9c, 0x52, - 0x1a, 0x2c, 0x2d, 0x3d, 0x63, 0x8f, 0xf2, 0xb4, 0xc8, 0x99, 0x2a, 0xca, 0xa7, 0xd1, 0xcc, 0xf6, - 0x68, 0xe9, 0xd9, 0x7e, 0xb4, 0xf4, 0x54, 0x37, 0xca, 0x95, 0x6e, 0x3c, 0x83, 0xd6, 0xa5, 0xa7, - 0xc9, 0xd1, 0xbb, 0x24, 0x1e, 0x51, 0x9e, 0x89, 0xc6, 0x0f, 0xce, 0x24, 0x9c, 0xed, 0xd1, 0xba, - 0xa4, 0x2f, 0x59, 0xc9, 0xc8, 0x02, 0xa2, 0x5c, 0x8d, 0xa6, 0x4c, 0x4e, 0x25, 0x9a, 0xed, 0xd1, - 0x32, 0x72, 0x88, 0xac, 0x64, 0x24, 0x89, 0x50, 0x26, 0xba, 0xb2, 0x0d, 0xe4, 0x91, 0x91, 0x62, - 0x62, 0x31, 0x35, 0xbf, 0x82, 0xf2, 0x6c, 0x54, 0x75, 0x53, 0x48, 0x98, 0xea, 0xa6, 0x65, 0x66, - 0x58, 0x4c, 0x4d, 0x08, 0xa0, 0x3c, 0xd7, 0x85, 0x61, 0xd0, 0xc6, 0xd4, 0x54, 0x02, 0x8b, 0xa9, - 0x11, 0xf9, 0x15, 0x35, 0xca, 0x30, 0x85, 0x84, 0x31, 0x4c, 0x8b, 0xe5, 0xbf, 0x98, 0x1a, 0xb8, - 0x5d, 0x79, 0xbe, 0x0b, 0xc3, 0xb0, 0x85, 0x69, 0x21, 0xdf, 0x5f, 0x8f, 0x44, 0x4e, 0x57, 0x3e, - 0x15, 0x9d, 0x37, 0x24, 0x14, 0x9b, 0x37, 0xe4, 0x18, 0xeb, 0x53, 0x89, 0xd8, 0xb0, 0xca, 0xa7, - 0xa3, 0xc3, 0x3c, 0x86, 0x66, 0xc3, 0x3c, 0x1e, 0x4d, 0x76, 0x2a, 0x11, 0x23, 0x53, 0xb9, 0x96, - 0xc5, 0x04, 0xd1, 0x51, 0x26, 0x3c, 0xaa, 0x66, 0x35, 0x25, 0x48, 0xa3, 0xf2, 0x99, 0xa8, 0x5f, - 0x77, 0x82, 0x60, 0xb6, 0x47, 0x4b, 0x09, 0xed, 0xa8, 0xa5, 0x47, 0x24, 0x52, 0xae, 0x47, 0x87, - 0x6d, 0x1a, 0x0d, 0x1b, 0xb6, 0xa9, 0xd1, 0x8c, 0xe6, 0xd2, 0x1e, 0x9f, 0x28, 0x37, 0xa2, 0x86, - 0x59, 0x92, 0x82, 0x19, 0x66, 0x29, 0x8f, 0x56, 0xb4, 0xf4, 0x18, 0x3b, 0xca, 0x0b, 0x5d, 0x5b, - 0x88, 0x34, 0x29, 0x2d, 0xe4, 0x21, 0x67, 0x42, 0xdb, 0x69, 0xa5, 0xdd, 0xb4, 0x75, 0x43, 0xf9, - 0x6c, 0xaa, 0xed, 0xc4, 0x91, 0x92, 0xed, 0xc4, 0x01, 0x6c, 0x95, 0x97, 0xdf, 0x38, 0x28, 0x2f, - 0x46, 0x57, 0x79, 0x19, 0xc7, 0x56, 0xf9, 0xc8, 0x7b, 0x88, 0xa9, 0xc4, 0x7b, 0x00, 0xe5, 0xa5, - 0xa8, 0x02, 0xc4, 0xd0, 0x4c, 0x01, 0xe2, 0x2f, 0x08, 0xbe, 0x9a, 0xed, 0x41, 0xaf, 0xdc, 0x44, - 0x6e, 0xcf, 0xfa, 0xdc, 0xb2, 0xe8, 0x66, 0x7b, 0xb4, 0x6c, 0x2f, 0xfc, 0x6a, 0x8a, 0x43, 0xbc, - 0x72, 0x2b, 0xaa, 0x60, 0x09, 0x02, 0xa6, 0x60, 0x49, 0x37, 0xfa, 0x6a, 0x8a, 0x47, 0xbb, 0xf2, - 0xb9, 0x4c, 0x56, 0xc1, 0x37, 0xa7, 0xf8, 0xc1, 0xdf, 0x91, 0x5d, 0xd2, 0x95, 0x97, 0xa3, 0x8b, - 0x5d, 0x88, 0x61, 0x8b, 0x9d, 0xe4, 0xba, 0x7e, 0x47, 0x76, 0xc6, 0x56, 0x6e, 0x27, 0x4b, 0x85, - 0x4b, 0xa4, 0xe4, 0xb4, 0xad, 0xa5, 0xfb, 0x30, 0x2b, 0xaf, 0x44, 0xb5, 0x2e, 0x8d, 0x86, 0x69, - 0x5d, 0xaa, 0xff, 0xf3, 0x4c, 0xd2, 0x15, 0x59, 0xb9, 0x13, 0xdf, 0x64, 0x47, 0xf1, 0xcc, 0xf2, - 0x49, 0xb8, 0x2f, 0x7f, 0x31, 0x1e, 0x2e, 0x4f, 0x79, 0x35, 0x76, 0xed, 0x1b, 0xc1, 0x32, 0xfb, - 0x36, 0x16, 0x5e, 0xef, 0x8b, 0xf1, 0x08, 0x73, 0xca, 0x6b, 0xe9, 0x1c, 0x02, 0x5d, 0x89, 0x47, - 0xa4, 0xfb, 0x62, 0x3c, 0x28, 0x9b, 0xf2, 0x7a, 0x3a, 0x87, 0x40, 0xba, 0xf1, 0x20, 0x6e, 0x2f, - 0x4b, 0x61, 0xe2, 0x95, 0xcf, 0x47, 0x4d, 0xc7, 0x00, 0xc1, 0x4c, 0xc7, 0x30, 0x98, 0xfc, 0xcb, - 0x52, 0x78, 0x75, 0xe5, 0x8d, 0x44, 0x91, 0xa0, 0xb1, 0x52, 0x10, 0xf6, 0x97, 0xa5, 0xb0, 0xe4, - 0xca, 0x9b, 0x89, 0x22, 0x41, 0xeb, 0xa4, 0xe0, 0xe5, 0x46, 0xb7, 0xf7, 0xab, 0xca, 0x5b, 0xd1, - 0xc3, 0xe0, 0x6c, 0xca, 0xd9, 0x1e, 0xad, 0xdb, 0x3b, 0xd8, 0xaf, 0x66, 0x3b, 0x76, 0x2b, 0x6f, - 0x47, 0x87, 0x70, 0x16, 0x1d, 0x1b, 0xc2, 0x99, 0xce, 0xe1, 0xef, 0xc4, 0x62, 0x59, 0x28, 0xef, - 0x44, 0xa7, 0xb8, 0x08, 0x92, 0x4d, 0x71, 0xf1, 0xc8, 0x17, 0x91, 0x20, 0x0d, 0xca, 0x17, 0xa2, - 0x53, 0x9c, 0x8c, 0x63, 0x53, 0x5c, 0x24, 0xa0, 0xc3, 0x54, 0x22, 0x76, 0x80, 0xf2, 0x6e, 0x74, - 0x8a, 0x8b, 0xa1, 0xd9, 0x14, 0x17, 0x8f, 0x36, 0xf0, 0x4e, 0xec, 0x09, 0xbd, 0xf2, 0xc5, 0xf4, - 0xf6, 0x23, 0x52, 0x6e, 0x3f, 0x7f, 0x70, 0xaf, 0xa5, 0xbf, 0x05, 0x57, 0xca, 0xd1, 0xf1, 0x9b, - 0x46, 0xc3, 0xc6, 0x6f, 0xea, 0x3b, 0xf2, 0xf8, 0xc6, 0x41, 0x68, 0xd5, 0x64, 0x97, 0x8d, 0x43, - 0x68, 0x8a, 0xa4, 0x80, 0x23, 0x7b, 0x64, 0xbe, 0x11, 0x9a, 0xca, 0xd8, 0x23, 0xfb, 0xdb, 0xa0, - 0x18, 0x3d, 0x9b, 0x5d, 0x13, 0x7e, 0xc6, 0x4a, 0x25, 0x3a, 0xbb, 0x26, 0x08, 0xd8, 0xec, 0x9a, - 0xf4, 0x4e, 0x9e, 0x81, 0x31, 0xa1, 0x45, 0xdc, 0x7d, 0xda, 0xb4, 0xd6, 0x95, 0xe9, 0xd8, 0x7b, - 0xcb, 0x18, 0x9e, 0xcd, 0x4e, 0x71, 0x18, 0xae, 0xd7, 0x1c, 0x36, 0xd5, 0x34, 0xdb, 0xab, 0xb6, - 0xee, 0x18, 0x35, 0x6a, 0x19, 0xca, 0x4c, 0x6c, 0xbd, 0x4e, 0xa1, 0xc1, 0xf5, 0x3a, 0x05, 0x8e, - 0x21, 0xe2, 0x62, 0x70, 0x8d, 0x36, 0xa8, 0xf9, 0x98, 0x2a, 0x77, 0x91, 0xed, 0x44, 0x16, 0x5b, - 0x41, 0x36, 0xdb, 0xa3, 0x65, 0x71, 0x60, 0xb6, 0xfa, 0xfc, 0x56, 0xed, 0xbd, 0xb9, 0x20, 0xfc, - 0xc0, 0x92, 0x43, 0xdb, 0xba, 0x43, 0x95, 0xd9, 0xa8, 0xad, 0x9e, 0x4a, 0xc4, 0x6c, 0xf5, 0x54, - 0x44, 0x92, 0xad, 0x3f, 0x16, 0xaa, 0xdd, 0xd8, 0x86, 0x23, 0x22, 0xbd, 0x34, 0x9b, 0x9d, 0xa2, - 0x08, 0x26, 0xa0, 0x39, 0xdb, 0x5a, 0xc7, 0x93, 0x8a, 0x7b, 0xd1, 0xd9, 0x29, 0x9b, 0x92, 0xcd, - 0x4e, 0xd9, 0x58, 0xa6, 0xea, 0x51, 0x2c, 0x1f, 0x83, 0xf7, 0xa3, 0xaa, 0x9e, 0x42, 0xc2, 0x54, - 0x3d, 0x05, 0x9c, 0x64, 0xa8, 0x51, 0x97, 0x7a, 0xca, 0x5c, 0x37, 0x86, 0x48, 0x92, 0x64, 0x88, - 0xe0, 0x24, 0xc3, 0x19, 0xea, 0x35, 0x36, 0x94, 0xf9, 0x6e, 0x0c, 0x91, 0x24, 0xc9, 0x10, 0xc1, - 0x6c, 0xb3, 0x19, 0x05, 0x4f, 0x76, 0x9a, 0x8f, 0xfc, 0x3e, 0x5b, 0x88, 0x6e, 0x36, 0x33, 0x09, - 0xd9, 0x66, 0x33, 0x13, 0x49, 0x7e, 0x7c, 0xcf, 0x7e, 0xf0, 0xca, 0x22, 0x56, 0x78, 0x33, 0xb4, - 0x0b, 0xf6, 0x52, 0x6a, 0xb6, 0x47, 0xdb, 0xab, 0x9f, 0xfd, 0x67, 0x03, 0xa7, 0x51, 0x65, 0x09, - 0xab, 0x1a, 0x0d, 0xce, 0x2a, 0x38, 0x78, 0xb6, 0x47, 0x0b, 0xdc, 0x4a, 0x5f, 0x87, 0x41, 0xfc, - 0xa8, 0xaa, 0x65, 0x7a, 0x95, 0x49, 0xe5, 0xbd, 0xe8, 0x96, 0x49, 0x42, 0xb1, 0x2d, 0x93, 0xf4, - 0x93, 0x4d, 0xe2, 0xf8, 0x93, 0x4f, 0x31, 0x95, 0x49, 0x45, 0x8b, 0x4e, 0xe2, 0x11, 0x24, 0x9b, - 0xc4, 0x23, 0x80, 0xa0, 0xde, 0x8a, 0x63, 0xb7, 0x2b, 0x93, 0x4a, 0x2d, 0xa5, 0x5e, 0x8e, 0x0a, - 0xea, 0xe5, 0x3f, 0x83, 0x7a, 0x6b, 0x1b, 0x1d, 0xaf, 0xc2, 0xbe, 0x71, 0x39, 0xa5, 0x5e, 0x1f, - 0x19, 0xd4, 0xeb, 0x03, 0xd8, 0x54, 0x88, 0x80, 0x25, 0xc7, 0x66, 0x93, 0xf6, 0x7d, 0xb3, 0xd9, - 0x54, 0x56, 0xa2, 0x53, 0x61, 0x1c, 0xcf, 0xa6, 0xc2, 0x38, 0x8c, 0x99, 0x9e, 0xbc, 0x55, 0x74, - 0xb5, 0xb3, 0xae, 0x3c, 0x88, 0x9a, 0x9e, 0x21, 0x86, 0x99, 0x9e, 0xe1, 0x2f, 0xdc, 0x5d, 0xb0, - 0x5f, 0x1a, 0x5d, 0x73, 0xa8, 0xbb, 0xa1, 0x3c, 0x8c, 0xed, 0x2e, 0x24, 0x1c, 0xee, 0x2e, 0xa4, - 0xdf, 0x64, 0x1d, 0x9e, 0x8e, 0x2c, 0x34, 0xfe, 0xa5, 0x4d, 0x8d, 0xea, 0x4e, 0x63, 0x43, 0xf9, - 0x12, 0xb2, 0x7a, 0x3e, 0x75, 0xa9, 0x8a, 0x92, 0xce, 0xf6, 0x68, 0xdd, 0x38, 0xe1, 0xb6, 0xfc, - 0xbd, 0x39, 0x1e, 0xcb, 0x55, 0x5b, 0x9a, 0xf2, 0x37, 0xa1, 0xef, 0xc7, 0xb6, 0xe5, 0x49, 0x12, - 0xdc, 0x96, 0x27, 0xc1, 0xa4, 0x0d, 0x57, 0x63, 0x5b, 0xb5, 0x79, 0xbd, 0xc9, 0xf6, 0x25, 0xd4, - 0x58, 0xd2, 0x1b, 0x8f, 0xa8, 0xa7, 0x7c, 0x19, 0x79, 0x5f, 0xcb, 0xd8, 0xf0, 0xc5, 0xa8, 0x67, - 0x7b, 0xb4, 0x5d, 0xf8, 0x11, 0x15, 0x8a, 0xb5, 0x99, 0xe5, 0x25, 0xe5, 0x07, 0xa2, 0xe7, 0x9b, - 0x0c, 0x36, 0xdb, 0xa3, 0x21, 0x8e, 0x59, 0x69, 0x2b, 0xed, 0x75, 0x47, 0x37, 0x28, 0x37, 0xb4, - 0xd0, 0x76, 0x13, 0x06, 0xe8, 0x0f, 0x46, 0xad, 0xb4, 0x2c, 0x3a, 0x66, 0xa5, 0x65, 0xe1, 0x98, - 0xa2, 0x46, 0xd2, 0x96, 0x28, 0x5f, 0x89, 0x2a, 0x6a, 0x04, 0xc9, 0x14, 0x35, 0x9a, 0xe4, 0xe4, - 0x4b, 0x70, 0x31, 0xd8, 0xcf, 0x8b, 0xf5, 0x97, 0x77, 0x9a, 0xf2, 0x55, 0xe4, 0x73, 0x35, 0x71, - 0x19, 0x10, 0xa1, 0x9a, 0xed, 0xd1, 0x32, 0xca, 0xb3, 0x15, 0x37, 0x91, 0x91, 0x4b, 0x98, 0x17, - 0x3f, 0x14, 0x5d, 0x71, 0x33, 0xc8, 0xd8, 0x8a, 0x9b, 0x81, 0x4a, 0x65, 0x2e, 0x84, 0xaa, 0xef, - 0xc2, 0x3c, 0x90, 0x69, 0x16, 0x87, 0x54, 0xe6, 0xc2, 0x52, 0x5b, 0xdd, 0x85, 0x79, 0x60, 0xad, - 0x65, 0x71, 0x20, 0xd7, 0xa1, 0x54, 0xab, 0xcd, 0x6b, 0x1d, 0x4b, 0x69, 0xc4, 0xbc, 0x65, 0x11, - 0x3a, 0xdb, 0xa3, 0x09, 0x3c, 0x33, 0x83, 0xa6, 0x9b, 0xba, 0xeb, 0x99, 0x0d, 0x17, 0x47, 0x8c, - 0x3f, 0x42, 0x8c, 0xa8, 0x19, 0x94, 0x46, 0xc3, 0xcc, 0xa0, 0x34, 0x38, 0xb3, 0x17, 0xa7, 0x74, - 0xd7, 0xd5, 0x2d, 0xc3, 0xd1, 0x27, 0x71, 0x99, 0xa0, 0xb1, 0xd7, 0x58, 0x11, 0x2c, 0xb3, 0x17, - 0xa3, 0x10, 0x3c, 0x7c, 0xf7, 0x21, 0xbe, 0x99, 0xb3, 0x16, 0x3b, 0x7c, 0x8f, 0xe1, 0xf1, 0xf0, - 0x3d, 0x06, 0x43, 0xbb, 0xd3, 0x87, 0x69, 0x74, 0xdd, 0x64, 0x22, 0x52, 0xd6, 0x63, 0x76, 0x67, - 0x9c, 0x00, 0xed, 0xce, 0x38, 0x30, 0xd2, 0x24, 0x7f, 0xb9, 0xdd, 0xc8, 0x68, 0x52, 0xb8, 0xca, - 0x26, 0xca, 0xb0, 0xf5, 0x3b, 0x1c, 0x1c, 0x95, 0x2d, 0x4b, 0x6f, 0xd9, 0x95, 0x49, 0x5f, 0xea, - 0x66, 0x74, 0xfd, 0xce, 0x24, 0x64, 0xeb, 0x77, 0x26, 0x92, 0xcd, 0xae, 0xfe, 0x46, 0x6b, 0x43, - 0x77, 0xa8, 0x51, 0x31, 0x1d, 0x3c, 0x59, 0xdc, 0xe2, 0x5b, 0xc3, 0x0f, 0xa2, 0xb3, 0x6b, 0x17, - 0x52, 0x36, 0xbb, 0x76, 0x41, 0x33, 0x23, 0x2f, 0x1d, 0xad, 0x51, 0xdd, 0x50, 0x1e, 0x45, 0x8d, - 0xbc, 0x6c, 0x4a, 0x66, 0xe4, 0x65, 0x63, 0xb3, 0x3f, 0xe7, 0xa1, 0x63, 0x7a, 0x54, 0x69, 0xee, - 0xe5, 0x73, 0x90, 0x34, 0xfb, 0x73, 0x10, 0xcd, 0x36, 0x84, 0xf1, 0x0e, 0x69, 0x45, 0x37, 0x84, - 0xc9, 0x6e, 0x88, 0x97, 0x60, 0x16, 0x8b, 0x78, 0x94, 0xa7, 0x58, 0x51, 0x8b, 0x45, 0x80, 0x99, - 0xc5, 0x12, 0x3e, 0xdb, 0x8b, 0x3c, 0xc5, 0x52, 0xec, 0xe8, 0x1a, 0x2a, 0xe3, 0xd8, 0x1a, 0x1a, - 0x79, 0xb6, 0xf5, 0x7a, 0xe4, 0x9d, 0x81, 0xd2, 0x8e, 0x5a, 0x1d, 0x12, 0x8a, 0x59, 0x1d, 0xf2, - 0x8b, 0x84, 0x29, 0x18, 0xc5, 0x5b, 0x70, 0xad, 0x13, 0xdc, 0xe3, 0xfc, 0x70, 0xf4, 0x33, 0x63, - 0x68, 0xf6, 0x99, 0x31, 0x50, 0x84, 0x89, 0x98, 0xb6, 0x9c, 0x0c, 0x26, 0xe1, 0xf9, 0x60, 0x0c, - 0x44, 0xe6, 0x80, 0xd4, 0xca, 0xf3, 0x73, 0x55, 0x63, 0x49, 0xbe, 0x22, 0x73, 0xa3, 0x27, 0xb0, - 0x49, 0x8a, 0xd9, 0x1e, 0x2d, 0xa5, 0x1c, 0xf9, 0x00, 0xae, 0x08, 0xa8, 0x78, 0x71, 0x8d, 0x89, - 0xfb, 0x8d, 0x60, 0x41, 0xf0, 0xa2, 0x7e, 0x6c, 0xdd, 0x68, 0x67, 0x7b, 0xb4, 0xae, 0xbc, 0xb2, - 0xeb, 0x12, 0xeb, 0x43, 0x67, 0x2f, 0x75, 0x05, 0x8b, 0x44, 0x57, 0x5e, 0xd9, 0x75, 0x09, 0xb9, - 0x3f, 0xde, 0x4b, 0x5d, 0x41, 0x27, 0x74, 0xe5, 0x45, 0x5c, 0x98, 0xe8, 0x86, 0x2f, 0x37, 0x9b, - 0xca, 0x26, 0x56, 0xf7, 0x99, 0xbd, 0x54, 0x57, 0x46, 0x83, 0x73, 0x37, 0x8e, 0x6c, 0x96, 0x5e, - 0x6c, 0x53, 0xab, 0x16, 0x59, 0x80, 0x9e, 0x44, 0x67, 0xe9, 0x04, 0x01, 0x9b, 0xa5, 0x13, 0x40, - 0x36, 0xa0, 0xe4, 0xe7, 0x2a, 0xca, 0x56, 0x74, 0x40, 0xc9, 0x38, 0x36, 0xa0, 0x22, 0x4f, 0x5b, - 0x16, 0xe1, 0xdc, 0xe2, 0x23, 0x4f, 0xf7, 0x2d, 0x48, 0x57, 0x74, 0xe5, 0x87, 0xb1, 0x4b, 0xa6, - 0x24, 0x09, 0x5e, 0x32, 0x25, 0xc1, 0x6c, 0x8c, 0x30, 0x70, 0x6d, 0xcb, 0x6a, 0xcc, 0xe8, 0x66, - 0xb3, 0xe3, 0x50, 0xe5, 0xdf, 0x88, 0x8e, 0x91, 0x18, 0x9a, 0x8d, 0x91, 0x18, 0x88, 0x2d, 0xd0, - 0x0c, 0x54, 0x76, 0x5d, 0x73, 0xdd, 0x12, 0xfb, 0xca, 0x4e, 0xd3, 0x53, 0xfe, 0xcd, 0xe8, 0x02, - 0x9d, 0x46, 0xc3, 0x16, 0xe8, 0x34, 0x38, 0x9e, 0x3a, 0xb1, 0x5e, 0x60, 0x8b, 0x87, 0x7c, 0x57, - 0xf9, 0x6f, 0xc5, 0x4e, 0x9d, 0x52, 0x68, 0xf0, 0xd4, 0x29, 0x05, 0xce, 0xd6, 0x47, 0x6e, 0x93, - 0xcd, 0x99, 0xc1, 0x5d, 0xf5, 0xbf, 0x1d, 0x5d, 0x1f, 0xe3, 0x78, 0xb6, 0x3e, 0xc6, 0x61, 0x51, - 0x3e, 0xa2, 0x0b, 0xfe, 0x9d, 0x2c, 0x3e, 0x81, 0xfc, 0x13, 0x65, 0xc8, 0x5d, 0x99, 0x8f, 0x18, - 0x29, 0x3f, 0x92, 0xcb, 0x62, 0x14, 0x0c, 0x8f, 0x44, 0xa1, 0x28, 0x23, 0x8d, 0x3e, 0x36, 0xe9, - 0xa6, 0xf2, 0xb5, 0x4c, 0x46, 0x9c, 0x20, 0xca, 0x88, 0xc3, 0xc8, 0xfb, 0x70, 0x31, 0x84, 0xcd, - 0xd3, 0xd6, 0x6a, 0x30, 0x33, 0xfd, 0xb1, 0x5c, 0xd4, 0x0c, 0x4e, 0x27, 0x63, 0x66, 0x70, 0x3a, - 0x26, 0x8d, 0xb5, 0x10, 0xdd, 0xbf, 0xbb, 0x0b, 0xeb, 0x40, 0x82, 0x19, 0x0c, 0xd2, 0x58, 0x0b, - 0x69, 0xfe, 0xe8, 0x2e, 0xac, 0x03, 0x99, 0x66, 0x30, 0x20, 0x3f, 0x91, 0x83, 0x6b, 0xe9, 0xa8, - 0x72, 0xb3, 0x39, 0x63, 0x3b, 0x21, 0x4e, 0xf9, 0xe3, 0xb9, 0xe8, 0x41, 0xc3, 0xde, 0x8a, 0xcd, - 0xf6, 0x68, 0x7b, 0xac, 0x80, 0x7c, 0x01, 0x86, 0xcb, 0x1d, 0xc3, 0xf4, 0xf0, 0xe2, 0x8d, 0x19, - 0xce, 0x3f, 0x96, 0x8b, 0x6d, 0x71, 0x64, 0x2c, 0x6e, 0x71, 0x64, 0x00, 0xb9, 0x07, 0xe3, 0x35, - 0xda, 0xe8, 0x38, 0xa6, 0xb7, 0xa5, 0xd1, 0xb6, 0xed, 0x78, 0x8c, 0xc7, 0x9f, 0xc8, 0x45, 0x27, - 0xb1, 0x04, 0x05, 0x9b, 0xc4, 0x12, 0x40, 0xf2, 0x20, 0x71, 0x2b, 0x2f, 0x3a, 0xf3, 0xc7, 0x73, - 0x5d, 0xaf, 0xe5, 0x83, 0xbe, 0x4c, 0x2f, 0x4e, 0x96, 0x62, 0xb7, 0xe8, 0x82, 0xeb, 0x4f, 0xe4, - 0xba, 0x5c, 0xa3, 0x4b, 0x33, 0x5c, 0x12, 0xcc, 0x38, 0xa6, 0xe4, 0x70, 0x57, 0xfe, 0x64, 0xae, - 0xcb, 0xb5, 0x77, 0xc8, 0x31, 0x2d, 0xfd, 0xfb, 0xab, 0xdc, 0x53, 0x44, 0x30, 0xfa, 0x53, 0xb9, - 0xa4, 0xab, 0x48, 0x50, 0x5e, 0x22, 0x64, 0xc5, 0x56, 0xdc, 0x40, 0xe9, 0xbf, 0x9e, 0x4b, 0xfa, - 0xe6, 0x85, 0xc5, 0xc2, 0x5f, 0x84, 0xc2, 0xe5, 0xe9, 0x27, 0x1e, 0x75, 0x2c, 0xbd, 0x89, 0xdd, - 0x59, 0xf3, 0x6c, 0x47, 0x5f, 0xa7, 0xd3, 0x96, 0xbe, 0xda, 0xa4, 0xca, 0x37, 0x72, 0x51, 0x0b, - 0x36, 0x9b, 0x94, 0x59, 0xb0, 0xd9, 0x58, 0xb2, 0x01, 0x4f, 0xa7, 0x61, 0x2b, 0xa6, 0x8b, 0xf5, - 0x7c, 0x33, 0x17, 0x35, 0x61, 0xbb, 0xd0, 0x32, 0x13, 0xb6, 0x0b, 0x9a, 0xdc, 0x86, 0x81, 0x49, - 0xdb, 0x9f, 0x7e, 0xff, 0x74, 0xcc, 0x19, 0x32, 0xc0, 0xcc, 0xf6, 0x68, 0x21, 0x99, 0x28, 0x23, - 0x06, 0xf5, 0xb7, 0x92, 0x65, 0xc2, 0xcb, 0xa7, 0xe0, 0x87, 0x28, 0x23, 0xc4, 0xfd, 0xef, 0x25, - 0xcb, 0x84, 0x77, 0x5c, 0xc1, 0x0f, 0x36, 0x93, 0xf0, 0x1a, 0xe7, 0x67, 0xca, 0xcc, 0x6e, 0x9b, - 0xda, 0xd0, 0x9b, 0x4d, 0x6a, 0xad, 0x53, 0xe5, 0xdb, 0xb1, 0x99, 0x24, 0x9d, 0x8c, 0xcd, 0x24, - 0xe9, 0x18, 0xf2, 0x83, 0x70, 0xe9, 0x81, 0xde, 0x34, 0x8d, 0x10, 0xe7, 0x67, 0xf4, 0x56, 0x7e, - 0x32, 0x17, 0xdd, 0x4d, 0x67, 0xd0, 0xb1, 0xdd, 0x74, 0x06, 0x8a, 0xcc, 0x03, 0xc1, 0x65, 0x34, - 0x98, 0x2d, 0xd8, 0xfa, 0xac, 0xfc, 0xfb, 0xb9, 0xa8, 0x9d, 0x9a, 0x24, 0x61, 0x76, 0x6a, 0x12, - 0x4a, 0xea, 0xd9, 0xa9, 0x41, 0x94, 0x9f, 0xca, 0x45, 0x4f, 0x6b, 0xb2, 0x08, 0x67, 0x7b, 0xb4, - 0xec, 0xfc, 0x22, 0x77, 0x61, 0xac, 0xb6, 0x54, 0x9d, 0x99, 0x99, 0xae, 0x3d, 0xa8, 0x56, 0xf0, - 0xa1, 0x83, 0xa1, 0xfc, 0x74, 0x6c, 0xc5, 0x8a, 0x13, 0xb0, 0x15, 0x2b, 0x0e, 0x23, 0x6f, 0xc1, - 0x10, 0x6b, 0x3f, 0x1b, 0x30, 0xf8, 0xc9, 0x3f, 0x93, 0x8b, 0x9a, 0x53, 0x32, 0x92, 0x99, 0x53, - 0xf2, 0x6f, 0x52, 0x83, 0xf3, 0x4c, 0x8a, 0x4b, 0x0e, 0x5d, 0xa3, 0x0e, 0xb5, 0x1a, 0xfe, 0x98, - 0xfe, 0xd9, 0x5c, 0xd4, 0xca, 0x48, 0x23, 0x62, 0x56, 0x46, 0x1a, 0x9c, 0x3c, 0x82, 0x2b, 0xf1, - 0x93, 0x20, 0xf9, 0xd9, 0xa9, 0xf2, 0x67, 0x72, 0x31, 0x63, 0xb8, 0x0b, 0x31, 0x1a, 0xc3, 0x5d, - 0xf0, 0xc4, 0x82, 0x67, 0xc4, 0xb1, 0x8a, 0x70, 0xb8, 0x8c, 0xd7, 0xf6, 0x67, 0x79, 0x6d, 0x9f, - 0x0e, 0x1d, 0x02, 0xbb, 0x50, 0xcf, 0xf6, 0x68, 0xdd, 0xd9, 0x31, 0x3d, 0x4b, 0x26, 0xc0, 0x50, - 0x7e, 0x2e, 0x97, 0xee, 0x91, 0x12, 0x71, 0x53, 0x4e, 0xcb, 0x9c, 0xf1, 0x7e, 0x56, 0xfa, 0x06, - 0xe5, 0xcf, 0xc5, 0xc6, 0x5b, 0x3a, 0x19, 0x1b, 0x6f, 0x19, 0xf9, 0x1f, 0xee, 0xc1, 0x38, 0x57, - 0xea, 0x25, 0x1d, 0x87, 0xa1, 0xb5, 0x4e, 0x0d, 0xe5, 0x3f, 0x88, 0xad, 0x76, 0x09, 0x0a, 0x74, - 0xed, 0x89, 0x03, 0xd9, 0xd4, 0x5d, 0x6b, 0xeb, 0x96, 0x85, 0xc7, 0xac, 0xca, 0x7f, 0x18, 0x9b, - 0xba, 0x43, 0x14, 0x3a, 0xee, 0x06, 0xbf, 0x98, 0x26, 0x74, 0x4b, 0x7d, 0xa4, 0xfc, 0xf9, 0x98, - 0x26, 0x74, 0x23, 0x66, 0x9a, 0xd0, 0x35, 0x8f, 0xd2, 0x83, 0x8c, 0x27, 0xe0, 0xca, 0xcf, 0xc7, - 0x56, 0xe4, 0x54, 0x2a, 0xb6, 0x22, 0xa7, 0xbf, 0x20, 0x7f, 0x90, 0xf1, 0x7c, 0x5a, 0xf9, 0x85, - 0xee, 0x7c, 0xc3, 0x95, 0x3e, 0xfd, 0xf5, 0xf5, 0x83, 0x8c, 0xa7, 0xc7, 0xca, 0x5f, 0xe8, 0xce, - 0x37, 0x74, 0xec, 0x4b, 0x7f, 0xb9, 0x5c, 0xcf, 0x7e, 0xb6, 0xab, 0xfc, 0xc5, 0xf8, 0xd4, 0x95, - 0x41, 0x88, 0x53, 0x57, 0xd6, 0xdb, 0xdf, 0x55, 0x78, 0x8a, 0x6b, 0xc8, 0x5d, 0x47, 0x6f, 0x6f, - 0xd4, 0xa8, 0xe7, 0x99, 0xd6, 0xba, 0xbf, 0x13, 0xfb, 0x4b, 0xb9, 0xd8, 0xf1, 0x58, 0x16, 0x25, - 0x1e, 0x8f, 0x65, 0x21, 0x99, 0xf2, 0x26, 0x1e, 0xe8, 0x2a, 0x7f, 0x39, 0xa6, 0xbc, 0x09, 0x0a, - 0xa6, 0xbc, 0xc9, 0x77, 0xbd, 0xf7, 0x52, 0xde, 0xa1, 0x2a, 0xff, 0x51, 0x36, 0xaf, 0xa0, 0x7d, - 0x29, 0xcf, 0x57, 0xef, 0xa5, 0x3c, 0xb7, 0x54, 0xfe, 0xe3, 0x6c, 0x5e, 0xa1, 0x0f, 0x52, 0xf2, - 0x95, 0xe6, 0xfb, 0x70, 0x91, 0xcf, 0xe6, 0x33, 0xd4, 0xa0, 0x91, 0x0f, 0xfd, 0xc5, 0xd8, 0xd8, - 0x4f, 0x27, 0xc3, 0x23, 0xf7, 0x54, 0x4c, 0x1a, 0x6b, 0xd1, 0xd6, 0xbf, 0xb2, 0x0b, 0xeb, 0x70, - 0x43, 0x90, 0x8e, 0x61, 0xeb, 0x8d, 0xfc, 0xf8, 0x4d, 0xf9, 0xa5, 0xd8, 0x7a, 0x23, 0x23, 0xd1, - 0x9d, 0x43, 0x7e, 0x29, 0xf7, 0x56, 0xf4, 0xa1, 0x97, 0xf2, 0x9f, 0xa4, 0x16, 0x0e, 0x3a, 0x20, - 0xfa, 0x2a, 0xec, 0xad, 0xe8, 0xa3, 0x26, 0xe5, 0x97, 0x53, 0x0b, 0x07, 0x1f, 0x10, 0x7d, 0x01, - 0xc5, 0xb6, 0x48, 0x1d, 0xcf, 0xe6, 0xac, 0x22, 0xd3, 0xc3, 0x5f, 0x8d, 0x6f, 0x91, 0x52, 0xc9, - 0x70, 0x8b, 0x94, 0x8a, 0x49, 0x63, 0x2d, 0x3e, 0xef, 0x57, 0x76, 0x61, 0x2d, 0x6d, 0xec, 0x52, - 0x31, 0x69, 0xac, 0xc5, 0xc7, 0xff, 0xea, 0x2e, 0xac, 0xa5, 0x8d, 0x5d, 0x2a, 0x86, 0x99, 0x63, - 0x21, 0xe6, 0x01, 0x75, 0xdc, 0x50, 0xfd, 0xfe, 0x5a, 0xcc, 0x1c, 0xcb, 0xa0, 0x63, 0xe6, 0x58, - 0x06, 0x2a, 0x95, 0xbb, 0x10, 0xca, 0xaf, 0xed, 0xc6, 0x3d, 0xbc, 0x97, 0xc9, 0x40, 0xa5, 0x72, - 0x17, 0x72, 0xf9, 0xeb, 0xbb, 0x71, 0x0f, 0x2f, 0x66, 0x32, 0x50, 0xcc, 0x28, 0xaa, 0x79, 0xba, - 0x67, 0x36, 0x66, 0x6d, 0xd7, 0x93, 0x16, 0xf9, 0xbf, 0x11, 0x33, 0x8a, 0xd2, 0x88, 0x98, 0x51, - 0x94, 0x06, 0x4f, 0x32, 0x15, 0xd2, 0xf8, 0xf5, 0xae, 0x4c, 0x43, 0x4b, 0x2b, 0x0d, 0x9e, 0x64, - 0x2a, 0x84, 0xf0, 0x9f, 0x76, 0x65, 0x1a, 0x7a, 0xca, 0xa7, 0xc1, 0x99, 0x65, 0x3a, 0xe5, 0xd8, - 0x9b, 0xd6, 0x3d, 0xba, 0x49, 0x9b, 0xe2, 0xd3, 0x7f, 0x23, 0x66, 0x99, 0xc6, 0x09, 0xf0, 0x16, - 0x25, 0x06, 0x8b, 0x32, 0x12, 0x9f, 0xfb, 0x9b, 0x99, 0x8c, 0xc2, 0x63, 0xa2, 0x38, 0x2c, 0xca, - 0x48, 0x7c, 0xe2, 0x6f, 0x65, 0x32, 0x0a, 0x8f, 0x89, 0xe2, 0xb0, 0xc9, 0x3e, 0xe8, 0xc5, 0x73, - 0x44, 0xf5, 0xe7, 0x73, 0x30, 0x54, 0xf3, 0x1c, 0xaa, 0xb7, 0x44, 0xb4, 0xb3, 0xcb, 0xd0, 0xcf, - 0x1d, 0x72, 0xfd, 0xd7, 0xc3, 0x5a, 0xf0, 0x9b, 0x5c, 0x83, 0x91, 0x39, 0xdd, 0xf5, 0xb0, 0x64, - 0xd5, 0x32, 0xe8, 0x13, 0x7c, 0x8c, 0x56, 0xd0, 0x62, 0x50, 0x32, 0xc7, 0xe9, 0x78, 0x39, 0x0c, - 0x70, 0x59, 0xd8, 0x35, 0xc8, 0x57, 0xff, 0x77, 0xb7, 0x27, 0x7a, 0x30, 0xa6, 0x57, 0xac, 0xac, - 0xfa, 0xbb, 0x39, 0x48, 0xb8, 0x0a, 0x1f, 0xfc, 0x55, 0xff, 0x22, 0x8c, 0xc6, 0x82, 0xaa, 0x8a, - 0x17, 0x75, 0x7b, 0x8c, 0xb9, 0x1a, 0x2f, 0x4d, 0x3e, 0x13, 0xbc, 0xe4, 0x5a, 0xd1, 0xe6, 0x44, - 0x00, 0x37, 0x4c, 0x3d, 0xd0, 0x71, 0x9a, 0x9a, 0x84, 0x12, 0x01, 0x7a, 0xbe, 0x3f, 0x16, 0x46, - 0x8c, 0x24, 0xd7, 0x44, 0x88, 0x81, 0x5c, 0x18, 0xf6, 0x2d, 0x96, 0xaa, 0x9c, 0x87, 0x14, 0xf8, - 0x02, 0x0c, 0x55, 0x5b, 0x6d, 0xea, 0xb8, 0xb6, 0xa5, 0x7b, 0xb6, 0x23, 0x5e, 0x68, 0x63, 0x48, - 0x30, 0x53, 0x82, 0xcb, 0x61, 0xaa, 0x64, 0x7a, 0x72, 0xc3, 0xcf, 0x9e, 0x56, 0xc0, 0x58, 0x9d, - 0xf8, 0xcc, 0x32, 0x9e, 0xfe, 0x9a, 0x53, 0x30, 0xd2, 0x15, 0x57, 0xc7, 0x37, 0x7f, 0x01, 0x69, - 0x87, 0x01, 0x64, 0x52, 0xa4, 0x20, 0x2f, 0x42, 0x09, 0xef, 0x48, 0x5c, 0xcc, 0x8a, 0x28, 0x82, - 0xd1, 0x35, 0x11, 0x22, 0x87, 0xfe, 0xe2, 0x34, 0xe4, 0x3e, 0x8c, 0x85, 0x17, 0xc0, 0x77, 0x1d, - 0xbb, 0xd3, 0xf6, 0xf3, 0xa0, 0x60, 0xda, 0xf0, 0x47, 0x01, 0xae, 0xbe, 0x8e, 0x48, 0x89, 0x45, - 0xa2, 0x20, 0x99, 0x85, 0xd1, 0x10, 0xc6, 0x44, 0xe4, 0xe7, 0x5f, 0xc2, 0xdc, 0x97, 0x12, 0x2f, - 0x26, 0xce, 0x48, 0xee, 0xcb, 0x58, 0x31, 0x52, 0x85, 0x3e, 0x3f, 0x12, 0x5d, 0xff, 0xae, 0x4a, - 0x7a, 0x4e, 0x44, 0xa2, 0xeb, 0x93, 0x63, 0xd0, 0xf9, 0xe5, 0xc9, 0x0c, 0x8c, 0x68, 0x76, 0xc7, - 0xa3, 0xcb, 0xb6, 0xd8, 0x39, 0x89, 0x88, 0x87, 0xd8, 0x26, 0x87, 0x61, 0xea, 0x9e, 0xed, 0x67, - 0x5d, 0x97, 0xb3, 0x7f, 0x47, 0x4b, 0x91, 0x05, 0x18, 0x4f, 0x5c, 0x95, 0xcb, 0xb9, 0xd0, 0xa5, - 0xcf, 0x4b, 0x32, 0x4b, 0x16, 0x25, 0x3f, 0x96, 0x83, 0xd2, 0xb2, 0xa3, 0x9b, 0x9e, 0x2b, 0x9e, - 0x0b, 0x5e, 0xb8, 0xb9, 0xe9, 0xe8, 0x6d, 0xa6, 0x1f, 0x37, 0x31, 0x18, 0xeb, 0x03, 0xbd, 0xd9, - 0xa1, 0xee, 0xe4, 0x43, 0xf6, 0x75, 0xff, 0xc3, 0xf6, 0xc4, 0x5b, 0xeb, 0x78, 0x20, 0x77, 0xb3, - 0x61, 0xb7, 0x6e, 0xad, 0x3b, 0xfa, 0x63, 0xd3, 0x43, 0xb3, 0x47, 0x6f, 0xde, 0xf2, 0x68, 0x13, - 0xcf, 0xfd, 0x6e, 0xe9, 0x6d, 0xf3, 0x16, 0x06, 0xfd, 0xbe, 0x15, 0x70, 0xe2, 0x35, 0x30, 0x15, - 0xf0, 0xf0, 0x2f, 0x59, 0x05, 0x38, 0x8e, 0x2c, 0x00, 0x88, 0x4f, 0x2d, 0xb7, 0xdb, 0xe2, 0xed, - 0xa1, 0x74, 0x5a, 0xe6, 0x63, 0xb8, 0x62, 0x07, 0x02, 0xd3, 0xdb, 0x52, 0xa0, 0x5b, 0x4d, 0xe2, - 0xc0, 0xb4, 0x60, 0x59, 0xb4, 0xc8, 0x17, 0xd3, 0x70, 0x28, 0x71, 0xbf, 0xb1, 0x29, 0x42, 0x8a, - 0x17, 0x23, 0xab, 0x30, 0x2a, 0xf8, 0x06, 0x69, 0x31, 0x46, 0xa2, 0xb3, 0x42, 0x0c, 0xcd, 0x95, - 0x36, 0x68, 0xa3, 0x21, 0xc0, 0x72, 0x1d, 0xb1, 0x12, 0x64, 0x32, 0x4c, 0xe3, 0xbb, 0xa0, 0xb7, - 0xa8, 0xab, 0x8c, 0xa2, 0xc6, 0x5e, 0xd9, 0xd9, 0x9e, 0x50, 0xfc, 0xf2, 0x18, 0x94, 0x31, 0x35, - 0x29, 0x3d, 0x16, 0x91, 0x79, 0x70, 0xad, 0x1f, 0x4b, 0xe1, 0x11, 0xd7, 0xf9, 0x68, 0x11, 0x32, - 0x05, 0xc3, 0xc1, 0xd3, 0x87, 0x95, 0x95, 0x6a, 0x05, 0x1f, 0x37, 0x8a, 0xb8, 0x9c, 0xb1, 0xc4, - 0x15, 0x32, 0x93, 0x48, 0x19, 0x29, 0x5e, 0x04, 0x7f, 0xed, 0x18, 0x8b, 0x17, 0xd1, 0x4e, 0x89, - 0x17, 0xb1, 0x44, 0xde, 0x81, 0xc1, 0xf2, 0xc3, 0x9a, 0x88, 0x83, 0xe1, 0x2a, 0xe7, 0xc2, 0x2c, - 0x48, 0xfa, 0xa6, 0x5b, 0xf7, 0x63, 0x66, 0xc8, 0x4d, 0x97, 0xe9, 0xc9, 0x34, 0x8c, 0x44, 0xbc, - 0xa7, 0x5c, 0xe5, 0x3c, 0x72, 0xc0, 0x96, 0xeb, 0x88, 0xa9, 0x3b, 0x02, 0x25, 0x0f, 0xaf, 0x68, - 0x21, 0xa6, 0x35, 0x15, 0xd3, 0xc5, 0x8c, 0x32, 0x1a, 0xc5, 0x90, 0x1b, 0xf8, 0x54, 0xb2, 0x9f, - 0x6b, 0x8d, 0x21, 0x50, 0x75, 0x87, 0xe3, 0xe4, 0x1e, 0x8d, 0x15, 0x23, 0x1f, 0x00, 0xc1, 0x1c, - 0x34, 0xd4, 0xf0, 0x2f, 0xd3, 0xaa, 0x15, 0x57, 0xb9, 0x88, 0x41, 0xa9, 0x49, 0xfc, 0x89, 0x7f, - 0xb5, 0x32, 0x79, 0x4d, 0x4c, 0x1f, 0x57, 0x75, 0x5e, 0xaa, 0xee, 0x3f, 0xef, 0xaf, 0x9b, 0x91, - 0x04, 0xbd, 0x29, 0x5c, 0xc9, 0x26, 0x5c, 0x5a, 0x72, 0xe8, 0x63, 0xd3, 0xee, 0xb8, 0xfe, 0xf2, - 0xe1, 0xcf, 0x5b, 0x97, 0x76, 0x9d, 0xb7, 0x9e, 0x13, 0x15, 0x5f, 0x68, 0x3b, 0xf4, 0x71, 0xdd, - 0x0f, 0x45, 0x1c, 0x89, 0xa4, 0x99, 0xc5, 0x1d, 0xd3, 0x0c, 0x7f, 0xd8, 0x71, 0xa8, 0x80, 0x9b, - 0xd4, 0x55, 0x94, 0x70, 0xaa, 0xe5, 0xd1, 0x53, 0xcc, 0x00, 0x17, 0x49, 0x33, 0x1c, 0x2d, 0x46, - 0x34, 0x20, 0x77, 0xa7, 0xfc, 0x8b, 0xd5, 0x72, 0x83, 0x27, 0x63, 0x55, 0x9e, 0x42, 0x66, 0x2a, - 0x13, 0xcb, 0x7a, 0x23, 0x08, 0x4b, 0x5e, 0xd7, 0x05, 0x5e, 0x16, 0x4b, 0xb2, 0x34, 0x99, 0x83, - 0xb1, 0x25, 0x07, 0x8f, 0x79, 0xee, 0xd3, 0xad, 0x25, 0xbb, 0x69, 0x36, 0xb6, 0xf0, 0xc5, 0xa6, - 0x98, 0x2a, 0xdb, 0x1c, 0x57, 0x7f, 0x44, 0xb7, 0xea, 0x6d, 0xc4, 0xca, 0xcb, 0x4a, 0xbc, 0xa4, - 0x1c, 0x26, 0xf8, 0xe9, 0xbd, 0x85, 0x09, 0xa6, 0x30, 0x26, 0xae, 0x65, 0x9f, 0x78, 0xd4, 0x62, - 0x4b, 0xbd, 0x2b, 0x5e, 0x67, 0x2a, 0xb1, 0x6b, 0xdc, 0x00, 0xcf, 0xa7, 0x0e, 0x31, 0xca, 0x68, - 0x00, 0x96, 0x1b, 0x16, 0x2f, 0x92, 0x8c, 0xa5, 0xfb, 0xcc, 0x01, 0x62, 0xe9, 0xfe, 0x8d, 0x82, - 0x3c, 0xff, 0x92, 0x2b, 0x50, 0x94, 0x52, 0xdd, 0x60, 0xa0, 0x50, 0x0c, 0x0b, 0x5e, 0x14, 0xf1, - 0x8f, 0x07, 0x84, 0xed, 0x12, 0x44, 0x84, 0xc1, 0xdc, 0x86, 0x61, 0xf0, 0x48, 0x2d, 0x24, 0xc0, - 0xbc, 0x72, 0x9d, 0xd5, 0xa6, 0xd9, 0xc0, 0x60, 0xf1, 0x05, 0x29, 0x04, 0x04, 0x42, 0x79, 0xac, - 0x78, 0x89, 0x84, 0xdc, 0x86, 0x41, 0xff, 0x78, 0x31, 0x0c, 0x94, 0x8b, 0x31, 0xc4, 0xc5, 0x6c, - 0x2d, 0x42, 0x94, 0x4b, 0x44, 0xe4, 0x4d, 0x80, 0x70, 0x3a, 0x10, 0x96, 0x16, 0x2e, 0x15, 0xf2, - 0xec, 0x21, 0x2f, 0x15, 0x21, 0x35, 0x9b, 0x38, 0x65, 0x75, 0xf4, 0x33, 0x69, 0xe2, 0xc4, 0x19, - 0xd1, 0x61, 0x59, 0x41, 0xa2, 0x45, 0xc8, 0x22, 0x8c, 0x27, 0x34, 0x50, 0x84, 0xd5, 0xc5, 0x6c, - 0xea, 0x29, 0xea, 0x2b, 0x2f, 0xcc, 0x89, 0xb2, 0xe4, 0x79, 0x28, 0xac, 0x68, 0x55, 0x11, 0xda, - 0x93, 0x47, 0x85, 0x8d, 0xc4, 0xfd, 0x61, 0x58, 0xf5, 0x8f, 0xe5, 0x13, 0x6b, 0x13, 0x93, 0x9e, - 0x60, 0x25, 0xf5, 0x20, 0x4a, 0xcf, 0xaf, 0x9f, 0x4b, 0x4f, 0x22, 0x22, 0xd7, 0xa1, 0x7f, 0x89, - 0xcd, 0x0c, 0x0d, 0xbb, 0x29, 0xfa, 0x13, 0x83, 0x34, 0xb5, 0x05, 0x4c, 0x0b, 0xb0, 0xe4, 0xb6, - 0x94, 0x00, 0x56, 0x8a, 0x96, 0xed, 0x27, 0x80, 0x8d, 0x87, 0x8d, 0xc6, 0x54, 0xb0, 0xb7, 0x63, - 0x09, 0xa5, 0x44, 0x99, 0x94, 0x75, 0x31, 0x4c, 0x20, 0x15, 0x58, 0xa5, 0xbd, 0xbb, 0x59, 0xa5, - 0xea, 0xdf, 0xce, 0x25, 0xc7, 0x19, 0xb9, 0x93, 0x0c, 0x5c, 0x8b, 0x8b, 0x50, 0x00, 0x94, 0x6b, - 0x0d, 0x42, 0xd8, 0x46, 0x42, 0xd0, 0xe6, 0x0f, 0x1c, 0x82, 0xb6, 0xb0, 0xcf, 0x10, 0xb4, 0xea, - 0xff, 0x5b, 0xec, 0xea, 0x46, 0x7c, 0x2c, 0xa1, 0xca, 0xde, 0x60, 0x3b, 0x2b, 0x56, 0x7b, 0xd9, - 0x4d, 0xec, 0x0f, 0xb8, 0x97, 0x64, 0x5d, 0xe7, 0x43, 0xcb, 0xd5, 0xa2, 0x94, 0xe4, 0x5d, 0x18, - 0xf2, 0x3f, 0x00, 0x43, 0x1b, 0x4b, 0x21, 0x79, 0x83, 0x55, 0x2d, 0x16, 0x04, 0x38, 0x52, 0x80, - 0xbc, 0x0a, 0x03, 0x68, 0xd3, 0xb4, 0xf5, 0x86, 0x1f, 0xf7, 0x9a, 0x07, 0xca, 0xf6, 0x81, 0x72, - 0x38, 0xae, 0x80, 0x92, 0x7c, 0x05, 0x4a, 0x22, 0xf9, 0x03, 0xcf, 0x8d, 0x7e, 0x6b, 0x0f, 0x7e, - 0xd7, 0x37, 0xe5, 0xc4, 0x0f, 0x7c, 0x97, 0x82, 0x80, 0xc8, 0x2e, 0x85, 0xe7, 0x7c, 0x58, 0x86, - 0x73, 0x4b, 0x0e, 0x35, 0xd0, 0xc3, 0x7f, 0xfa, 0x49, 0xdb, 0x11, 0x69, 0x39, 0xf8, 0x28, 0xc7, - 0x45, 0xaa, 0xed, 0xa3, 0xd9, 0xf2, 0x29, 0xf0, 0x72, 0xf0, 0xdd, 0x94, 0xe2, 0xcc, 0x72, 0xe1, - 0x2d, 0xb9, 0x4f, 0xb7, 0x36, 0x31, 0x53, 0x7f, 0x7f, 0x68, 0xb9, 0x08, 0x41, 0x3f, 0x12, 0x28, - 0xd9, 0x72, 0x89, 0x16, 0xba, 0xfc, 0x06, 0x0c, 0x1e, 0x34, 0x79, 0xc2, 0xaf, 0xe5, 0x33, 0x1e, - 0xe4, 0x9c, 0xde, 0xfc, 0x75, 0x41, 0x52, 0xe5, 0xde, 0x8c, 0xa4, 0xca, 0x7f, 0x98, 0xcf, 0x78, - 0x6d, 0x74, 0xaa, 0x93, 0x9f, 0x06, 0xc2, 0x88, 0x26, 0x3f, 0x0d, 0xf3, 0xce, 0x9a, 0x86, 0x26, - 0x13, 0xc5, 0xd2, 0x24, 0x97, 0x76, 0x4d, 0x93, 0xfc, 0x8b, 0x85, 0x6e, 0xaf, 0xb1, 0xce, 0x64, - 0xbf, 0x1f, 0xd9, 0xdf, 0x86, 0xc1, 0x40, 0xb2, 0xd5, 0x0a, 0x1a, 0x3d, 0xc3, 0x41, 0xaa, 0x16, - 0x0e, 0xc6, 0x32, 0x12, 0x11, 0xb9, 0xc1, 0xdb, 0x5a, 0x33, 0x3f, 0xe4, 0x49, 0x03, 0x86, 0x45, - 0x38, 0x78, 0xdd, 0xd3, 0xeb, 0xae, 0xf9, 0x21, 0xd5, 0x02, 0xb4, 0xfa, 0x5f, 0xe4, 0x53, 0x9f, - 0xb4, 0x9d, 0xf5, 0xd1, 0x3e, 0xfa, 0x28, 0x45, 0x88, 0xfc, 0x31, 0xde, 0x99, 0x10, 0xf7, 0x21, - 0xc4, 0x3f, 0xc8, 0xa7, 0x3e, 0x5d, 0x3c, 0x13, 0xe2, 0x7e, 0x66, 0x8b, 0x17, 0x61, 0x40, 0xb3, - 0x37, 0xdd, 0x29, 0xdc, 0xd8, 0xf0, 0xb9, 0x02, 0x27, 0x6a, 0xc7, 0xde, 0x74, 0xeb, 0xb8, 0x65, - 0xd1, 0x42, 0x02, 0xf5, 0xfb, 0xf9, 0x2e, 0x8f, 0x3b, 0xcf, 0x04, 0xff, 0x51, 0x2e, 0x91, 0xbf, - 0x99, 0x8f, 0x3c, 0x1e, 0x3d, 0xbd, 0xc2, 0xbe, 0x05, 0x50, 0x6b, 0x6c, 0xd0, 0x96, 0x2e, 0x25, - 0x5e, 0xc2, 0x73, 0x07, 0x17, 0xa1, 0x22, 0x61, 0x6f, 0x48, 0xa2, 0xfe, 0x76, 0x3e, 0xf6, 0x7a, - 0xf6, 0x4c, 0x76, 0x7b, 0x96, 0x5d, 0xa0, 0x75, 0xe2, 0x41, 0xf0, 0x99, 0xe4, 0xf6, 0x2a, 0xb9, - 0x1f, 0xcf, 0xc7, 0xde, 0x4e, 0x9f, 0x5a, 0xd9, 0xb1, 0x01, 0x98, 0x7c, 0xd3, 0x7d, 0x6a, 0x35, - 0xe9, 0x45, 0x18, 0x10, 0x72, 0x08, 0x96, 0x0a, 0x3e, 0xef, 0x73, 0x20, 0x9e, 0xb2, 0x06, 0x04, - 0xea, 0x1f, 0xcf, 0x43, 0xf4, 0x4d, 0xfb, 0x29, 0xd5, 0xa1, 0xdf, 0xcc, 0x47, 0x5f, 0xf3, 0x9f, - 0x5e, 0xfd, 0xb9, 0x09, 0x50, 0xeb, 0xac, 0x36, 0x44, 0x30, 0xd8, 0x5e, 0xe9, 0x98, 0x3e, 0x80, - 0x6a, 0x12, 0x85, 0xfa, 0xff, 0xe5, 0x53, 0x43, 0x0c, 0x9c, 0x5e, 0x01, 0xbe, 0x82, 0xa7, 0xe2, - 0x0d, 0x2b, 0x9c, 0xc8, 0xf1, 0x10, 0x92, 0x8d, 0xbf, 0x44, 0xb6, 0x3e, 0x9f, 0x90, 0x7c, 0x3e, - 0xc5, 0x5c, 0xc3, 0x5c, 0x02, 0xa1, 0xb9, 0x26, 0x5f, 0x43, 0x48, 0x86, 0xdb, 0xdf, 0xcb, 0xef, - 0x16, 0x91, 0xe1, 0x34, 0xaf, 0xaa, 0x7d, 0x4b, 0xfa, 0x16, 0x46, 0x0e, 0x64, 0x3d, 0x31, 0xc4, - 0x73, 0xc9, 0xb5, 0x39, 0x48, 0xbe, 0x7b, 0x13, 0x54, 0xea, 0x3f, 0xef, 0x4d, 0x0f, 0x07, 0x70, - 0x7a, 0x45, 0x78, 0x05, 0x8a, 0x4b, 0xba, 0xb7, 0x21, 0x34, 0x19, 0xaf, 0xf4, 0xda, 0xba, 0xb7, - 0xa1, 0x21, 0x94, 0xdc, 0x80, 0x7e, 0x4d, 0xdf, 0xe4, 0x67, 0x9e, 0xa5, 0x30, 0xcf, 0x9f, 0xa3, - 0x6f, 0xd6, 0xf9, 0xb9, 0x67, 0x80, 0x26, 0x6a, 0x90, 0x67, 0x92, 0x9f, 0x7c, 0x63, 0x92, 0x33, - 0x9e, 0x67, 0x32, 0xc8, 0x2e, 0x79, 0x05, 0x8a, 0x93, 0xb6, 0xb1, 0x85, 0xd7, 0x57, 0x43, 0xbc, - 0xb2, 0x55, 0xdb, 0xd8, 0xd2, 0x10, 0x4a, 0x7e, 0x22, 0x07, 0x7d, 0xb3, 0x54, 0x37, 0xd8, 0x08, - 0x19, 0xe8, 0xe6, 0x75, 0xf2, 0xa5, 0xa3, 0xf1, 0x3a, 0x19, 0xdf, 0xe0, 0x95, 0xc9, 0x8a, 0x22, - 0xea, 0x27, 0x77, 0xa1, 0x7f, 0x4a, 0xf7, 0xe8, 0xba, 0xed, 0x6c, 0xa1, 0x1f, 0xcd, 0x48, 0xe8, - 0x52, 0x1e, 0xd1, 0x1f, 0x9f, 0x88, 0xdf, 0x8c, 0x35, 0xc4, 0x2f, 0x2d, 0x28, 0xcc, 0xc4, 0x22, - 0x32, 0xdf, 0x0f, 0x86, 0x62, 0xe1, 0x29, 0xee, 0x83, 0x04, 0xf7, 0xc1, 0xb1, 0xf2, 0x50, 0xfa, - 0xb1, 0x32, 0x5a, 0x8f, 0xe8, 0x6b, 0x87, 0xd9, 0x1d, 0x87, 0x71, 0xd1, 0xe7, 0xd6, 0x23, 0x42, - 0x31, 0xb9, 0xa3, 0x26, 0x91, 0xa8, 0xdf, 0xeb, 0x85, 0xd4, 0xc7, 0xc3, 0x67, 0x4a, 0x7e, 0xa6, - 0xe4, 0xa1, 0x92, 0x57, 0x12, 0x4a, 0x7e, 0x39, 0xf9, 0x1c, 0xfd, 0x63, 0xaa, 0xe1, 0x3f, 0x53, - 0x4c, 0x04, 0xb3, 0x38, 0xdd, 0xbb, 0xcb, 0x50, 0x7a, 0xbd, 0xbb, 0x4a, 0x2f, 0x18, 0x10, 0xa5, - 0x5d, 0x07, 0x44, 0xdf, 0x5e, 0x07, 0x44, 0x7f, 0xe6, 0x80, 0x08, 0x15, 0x64, 0x20, 0x53, 0x41, - 0xaa, 0x62, 0xd0, 0x40, 0xf7, 0x9c, 0x1a, 0x57, 0x76, 0xb6, 0x27, 0x46, 0xd8, 0x68, 0x4a, 0x4d, - 0xa6, 0x81, 0x2c, 0xd4, 0xdf, 0x2d, 0x76, 0x89, 0x40, 0x73, 0x2c, 0x3a, 0xf2, 0x0a, 0x14, 0xca, - 0xed, 0xb6, 0xd0, 0x8f, 0x73, 0x52, 0xf0, 0x9b, 0x8c, 0x52, 0x8c, 0x9a, 0xbc, 0x09, 0x85, 0xf2, - 0xc3, 0x5a, 0x3c, 0x8f, 0x46, 0xf9, 0x61, 0x4d, 0x7c, 0x49, 0x66, 0xd9, 0x87, 0x35, 0xf2, 0x76, - 0x18, 0xd0, 0x72, 0xa3, 0x63, 0x3d, 0x12, 0x1b, 0x45, 0xe1, 0x6e, 0xeb, 0xbb, 0xe3, 0x34, 0x18, - 0x8a, 0x6d, 0x17, 0x63, 0xb4, 0x31, 0x6d, 0x2a, 0xed, 0x5d, 0x9b, 0xfa, 0x76, 0xd5, 0xa6, 0xfe, - 0xbd, 0x6a, 0xd3, 0xc0, 0x1e, 0xb4, 0x09, 0x76, 0xd5, 0xa6, 0xc1, 0xc3, 0x6b, 0x53, 0x1b, 0x2e, - 0x27, 0xa3, 0x86, 0x05, 0x1a, 0xa1, 0x01, 0x49, 0x62, 0x85, 0x63, 0x09, 0x5e, 0xfd, 0x77, 0x38, - 0xb6, 0xbe, 0x89, 0xe8, 0xba, 0xcb, 0xf0, 0xb2, 0x7f, 0x5a, 0xb2, 0xb4, 0xfa, 0x6b, 0xf9, 0xec, - 0x60, 0x67, 0x27, 0x73, 0x8a, 0xfb, 0xa1, 0x54, 0x29, 0x15, 0xa3, 0x8f, 0xcf, 0xb3, 0xa5, 0x1c, - 0x63, 0x9b, 0x26, 0xb3, 0xef, 0xe4, 0xb2, 0x22, 0xb0, 0x1d, 0x4a, 0x62, 0x9f, 0x4e, 0x7a, 0xb4, - 0xa1, 0x9f, 0xbe, 0x1b, 0x75, 0x65, 0x9b, 0x81, 0x21, 0x59, 0x88, 0x42, 0x4a, 0x7b, 0x11, 0x70, - 0xa4, 0x9c, 0xfa, 0xb7, 0x73, 0x70, 0xee, 0x7e, 0x67, 0x95, 0x0a, 0x0f, 0xb6, 0xa0, 0x19, 0x1f, - 0x00, 0x30, 0xb0, 0x70, 0x62, 0xc9, 0xa1, 0x13, 0xcb, 0x67, 0xe5, 0xe8, 0x69, 0xb1, 0x02, 0x37, - 0x43, 0x6a, 0xee, 0xc0, 0xf2, 0x8c, 0xef, 0xcc, 0xf9, 0xa8, 0xb3, 0x4a, 0xeb, 0x09, 0x4f, 0x16, - 0x89, 0xfb, 0xe5, 0x77, 0xb8, 0x9b, 0xfc, 0x41, 0x9d, 0x46, 0x7e, 0x25, 0x9f, 0x19, 0xb0, 0xee, - 0xc4, 0x66, 0x56, 0xfc, 0x81, 0xd4, 0x5e, 0x89, 0x67, 0x58, 0x4c, 0x21, 0x89, 0x71, 0x4c, 0xe3, - 0x92, 0x2e, 0xb0, 0x13, 0x9e, 0xef, 0xf3, 0x23, 0x15, 0xd8, 0x3f, 0xcc, 0x65, 0x06, 0x16, 0x3c, - 0xa9, 0x02, 0x53, 0xff, 0xd7, 0x82, 0x1f, 0xcf, 0xf0, 0x50, 0x9f, 0xf0, 0x22, 0x0c, 0x88, 0x67, - 0xdd, 0x51, 0x07, 0x5c, 0x71, 0x94, 0x87, 0x47, 0xc3, 0x01, 0x01, 0x5b, 0xe6, 0x25, 0xef, 0x60, - 0xc9, 0x01, 0x57, 0xf2, 0x0c, 0xd6, 0x24, 0x12, 0xb6, 0x90, 0x4f, 0x3f, 0x31, 0x3d, 0xb4, 0x0a, - 0x58, 0x5f, 0x16, 0xf8, 0x42, 0x4e, 0x9f, 0x98, 0x1e, 0xb7, 0x09, 0x02, 0x34, 0x5b, 0xa4, 0x6b, - 0x61, 0x36, 0x73, 0xb1, 0x48, 0xbb, 0x22, 0xa9, 0xbb, 0x78, 0x36, 0xf6, 0x22, 0x0c, 0x08, 0xaf, - 0x56, 0xe1, 0x66, 0x22, 0x5a, 0x2b, 0xfc, 0x60, 0xb1, 0xb5, 0x01, 0x01, 0xe3, 0xa8, 0xd1, 0xf5, - 0xd0, 0xb1, 0x0e, 0x39, 0x3a, 0x08, 0xd1, 0x04, 0x86, 0xdc, 0x86, 0x91, 0x9a, 0xa7, 0x5b, 0x86, - 0xee, 0x18, 0x8b, 0x1d, 0xaf, 0xdd, 0xf1, 0x64, 0xa3, 0xd4, 0xf5, 0x0c, 0xbb, 0xe3, 0x69, 0x31, - 0x0a, 0xf2, 0x39, 0x18, 0xf6, 0x21, 0xd3, 0x8e, 0x63, 0x3b, 0xb2, 0xe5, 0xe1, 0x7a, 0x06, 0x75, - 0x1c, 0x2d, 0x4a, 0x40, 0x3e, 0x0f, 0xc3, 0x55, 0xeb, 0xb1, 0xcd, 0xd3, 0xe4, 0xaf, 0x68, 0x73, - 0xc2, 0x0e, 0xc1, 0xa7, 0x58, 0x66, 0x80, 0xa8, 0x77, 0x9c, 0xa6, 0x16, 0x25, 0x54, 0x77, 0xf2, - 0xc9, 0xb0, 0x8f, 0xa7, 0x77, 0xd3, 0x72, 0x23, 0xea, 0x4c, 0x87, 0x1e, 0xa4, 0x68, 0x10, 0xca, - 0xbe, 0xbc, 0xdc, 0x2e, 0xbc, 0x0d, 0xfd, 0xf7, 0xe9, 0x16, 0xf7, 0xfb, 0x2c, 0x85, 0xae, 0xc2, - 0x8f, 0x04, 0x4c, 0x3e, 0x71, 0xf5, 0xe9, 0xd4, 0xdf, 0xc9, 0x27, 0x03, 0x5a, 0x9e, 0x5e, 0x61, - 0x7f, 0x0e, 0xfa, 0x50, 0x94, 0x55, 0xff, 0xc8, 0x1f, 0x05, 0x88, 0xe2, 0x8e, 0x7a, 0x20, 0xfb, - 0x64, 0xea, 0x2f, 0x94, 0xe2, 0x51, 0x4e, 0x4f, 0xaf, 0xf4, 0xde, 0x82, 0xc1, 0x29, 0xdb, 0x72, - 0x4d, 0xd7, 0xa3, 0x56, 0xc3, 0x57, 0xd8, 0xa7, 0x98, 0x41, 0xd5, 0x08, 0xc1, 0xf2, 0x1b, 0x24, - 0x89, 0xfa, 0x20, 0xca, 0x4b, 0x5e, 0x83, 0x01, 0x14, 0x39, 0xfa, 0x49, 0xf3, 0x09, 0x0f, 0x6f, - 0x0b, 0x56, 0x19, 0x30, 0xee, 0x24, 0x1d, 0x92, 0x92, 0x15, 0xe8, 0x9f, 0xda, 0x30, 0x9b, 0x86, - 0x43, 0x2d, 0xf4, 0x17, 0x96, 0x82, 0x49, 0x44, 0xfb, 0xf2, 0x26, 0xfe, 0x8b, 0xb4, 0xbc, 0x39, - 0x0d, 0x51, 0x2c, 0xf2, 0x0a, 0x4b, 0xc0, 0x2e, 0xff, 0x54, 0x1e, 0x20, 0x2c, 0x40, 0x9e, 0x85, - 0x7c, 0x90, 0x28, 0x18, 0xdd, 0x54, 0x22, 0x1a, 0x94, 0xc7, 0xa5, 0x42, 0x8c, 0xed, 0xfc, 0xae, - 0x63, 0x7b, 0x05, 0x4a, 0xfc, 0xc4, 0x0b, 0x3d, 0xc9, 0xa5, 0xc0, 0x8b, 0x99, 0x0d, 0xbe, 0x89, - 0xf4, 0x7c, 0x33, 0x8b, 0x96, 0x67, 0xc4, 0x2b, 0x9b, 0x33, 0xbb, 0xdc, 0x80, 0x5e, 0xfc, 0x8b, - 0x5c, 0x83, 0xe2, 0xb2, 0x9f, 0x64, 0x74, 0x98, 0xcf, 0xd2, 0x31, 0xf9, 0x21, 0x9e, 0x75, 0xd3, - 0x94, 0x6d, 0x79, 0xac, 0x6a, 0x6c, 0xf5, 0x90, 0x90, 0x8b, 0x80, 0x45, 0xe4, 0x22, 0x60, 0xea, - 0x7f, 0x93, 0x4f, 0x89, 0xbf, 0x7b, 0x7a, 0x87, 0xc9, 0x1b, 0x00, 0xf8, 0xa4, 0x9b, 0xc9, 0xd3, - 0x7f, 0xa2, 0x81, 0xa3, 0x04, 0x19, 0xa1, 0xda, 0x46, 0xb6, 0x1d, 0x21, 0xb1, 0xfa, 0x77, 0x73, - 0x89, 0xa0, 0xad, 0x87, 0x92, 0xa3, 0x6c, 0x95, 0xe5, 0x0f, 0x68, 0xc6, 0xfa, 0x7d, 0x51, 0xd8, - 0x5f, 0x5f, 0x44, 0xbf, 0xe5, 0x08, 0x2c, 0xd3, 0xe3, 0xfc, 0x96, 0xef, 0xe5, 0xd3, 0x42, 0xd8, - 0x9e, 0x4c, 0x15, 0xbf, 0x13, 0x18, 0xa5, 0xc5, 0x58, 0xd0, 0x70, 0x84, 0xc6, 0x13, 0x21, 0x0b, - 0x33, 0xf5, 0xab, 0x30, 0x1a, 0x0b, 0xec, 0x2a, 0x72, 0xd2, 0x5e, 0xeb, 0x1e, 0x21, 0x36, 0x3b, - 0x18, 0x40, 0x84, 0x4c, 0xfd, 0xff, 0x73, 0xdd, 0xc3, 0xfa, 0x1e, 0xbb, 0xea, 0xa4, 0x08, 0xa0, - 0xf0, 0x47, 0x23, 0x80, 0x23, 0xd8, 0x06, 0x9f, 0x6c, 0x01, 0x7c, 0x4c, 0x26, 0x8f, 0x8f, 0x5a, - 0x00, 0xbf, 0x90, 0xdb, 0x35, 0x2a, 0xf3, 0x71, 0xcb, 0x40, 0xfd, 0x9f, 0x72, 0xa9, 0xd1, 0x93, - 0x0f, 0xd5, 0xae, 0xb7, 0xa1, 0xc4, 0xdd, 0x6a, 0x44, 0xab, 0xa4, 0x7c, 0x53, 0x0c, 0x9a, 0x95, - 0xa1, 0x9d, 0x63, 0xc9, 0x1c, 0xf4, 0xf1, 0x36, 0x18, 0xa2, 0x37, 0x3e, 0xd5, 0x25, 0x84, 0xb3, - 0x91, 0x35, 0x39, 0x0a, 0xb4, 0xfa, 0x77, 0x72, 0x89, 0x60, 0xce, 0xc7, 0xf8, 0x6d, 0xe1, 0x54, - 0x5d, 0xd8, 0xfb, 0x54, 0xad, 0xfe, 0xb3, 0x7c, 0x7a, 0x2c, 0xe9, 0x63, 0xfc, 0x90, 0xa3, 0x38, - 0x4e, 0x3b, 0xd8, 0xba, 0xb5, 0x0c, 0x23, 0x51, 0x59, 0x88, 0x65, 0xeb, 0x6a, 0x7a, 0x44, 0xed, - 0x8c, 0x56, 0xc4, 0x78, 0xa8, 0xdf, 0xcd, 0x25, 0xc3, 0x60, 0x1f, 0xfb, 0xfc, 0x74, 0x30, 0x6d, - 0x89, 0x7e, 0xca, 0xc7, 0x64, 0xad, 0x39, 0x8a, 0x4f, 0xf9, 0x98, 0xac, 0x1a, 0x07, 0xfb, 0x94, - 0x5f, 0xca, 0x67, 0x45, 0x11, 0x3f, 0xf6, 0x0f, 0xfa, 0xb2, 0x2c, 0x64, 0xde, 0x32, 0xf1, 0x69, - 0xcf, 0x66, 0x85, 0xed, 0xce, 0xe0, 0x99, 0xe0, 0x73, 0xb0, 0x31, 0x9e, 0x2a, 0xac, 0x8f, 0x89, - 0x22, 0x9f, 0x0c, 0x61, 0x7d, 0x4c, 0x86, 0xca, 0xc7, 0x4f, 0x58, 0x7f, 0x33, 0xbf, 0xd7, 0xd0, - 0xf5, 0x67, 0xc2, 0x4b, 0x08, 0xef, 0x5b, 0xf9, 0x64, 0x4a, 0x85, 0x63, 0x17, 0xd3, 0x0c, 0x94, - 0x44, 0x72, 0x87, 0x4c, 0xe1, 0x70, 0x7c, 0x96, 0x45, 0x23, 0xbe, 0xe3, 0x0e, 0x88, 0x8b, 0x9c, - 0xbd, 0x89, 0x84, 0xd3, 0xaa, 0xdf, 0xcf, 0xc5, 0xf2, 0x0f, 0x1c, 0xcb, 0x11, 0xc2, 0x81, 0x96, - 0x24, 0xf2, 0x8e, 0x7f, 0x98, 0x59, 0x8c, 0xc5, 0x7f, 0x0e, 0xbe, 0xa7, 0x42, 0x3d, 0xdd, 0x6c, - 0xc6, 0xcb, 0x8b, 0x98, 0x00, 0xbf, 0x93, 0x87, 0xf1, 0x04, 0x29, 0xb9, 0x16, 0x09, 0xa5, 0x83, - 0xc7, 0x92, 0x31, 0xe7, 0x71, 0x1e, 0x54, 0x67, 0x1f, 0x27, 0xa9, 0xd7, 0xa0, 0x58, 0xd1, 0xb7, - 0xf8, 0xb7, 0xf5, 0x72, 0x96, 0x86, 0xbe, 0x25, 0x9f, 0xb8, 0x21, 0x9e, 0xac, 0xc2, 0x05, 0x7e, - 0x1f, 0x62, 0xda, 0xd6, 0xb2, 0xd9, 0xa2, 0x55, 0x6b, 0xde, 0x6c, 0x36, 0x4d, 0x57, 0x5c, 0xea, - 0xbd, 0xb8, 0xb3, 0x3d, 0x71, 0xdd, 0xb3, 0x3d, 0xbd, 0x59, 0xa7, 0x3e, 0x59, 0xdd, 0x33, 0x5b, - 0xb4, 0x6e, 0x5a, 0xf5, 0x16, 0x52, 0x4a, 0x2c, 0xd3, 0x59, 0x91, 0x2a, 0x0f, 0xf5, 0x5d, 0x6b, - 0xe8, 0x96, 0x45, 0x8d, 0xaa, 0x35, 0xb9, 0xe5, 0x51, 0x7e, 0x19, 0x58, 0xe0, 0x47, 0x82, 0xfc, - 0x6d, 0x38, 0x47, 0x33, 0xc6, 0xab, 0x8c, 0x40, 0x4b, 0x29, 0xa4, 0xfe, 0xad, 0x62, 0x4a, 0xea, - 0x89, 0x13, 0xa4, 0x3e, 0x7e, 0x4f, 0x17, 0x77, 0xe9, 0xe9, 0x5b, 0xd0, 0x27, 0x62, 0xa9, 0x8a, - 0x0b, 0x06, 0x74, 0x66, 0x7f, 0xcc, 0x41, 0xf2, 0x0d, 0x8d, 0xa0, 0x22, 0x4d, 0xb8, 0xbc, 0xcc, - 0xba, 0x29, 0xbd, 0x33, 0x4b, 0x07, 0xe8, 0xcc, 0x2e, 0xfc, 0xc8, 0xfb, 0x70, 0x09, 0xb1, 0x29, - 0xdd, 0xda, 0x87, 0x55, 0x61, 0x8c, 0x2a, 0x5e, 0x55, 0x7a, 0xe7, 0x66, 0x95, 0x27, 0x5f, 0x86, - 0xa1, 0x60, 0x80, 0x98, 0xd4, 0x15, 0x37, 0x17, 0x5d, 0xc6, 0x19, 0x0f, 0x00, 0xc7, 0xc0, 0xe8, - 0x42, 0x16, 0x0d, 0x22, 0x16, 0xe1, 0xa5, 0xfe, 0x8f, 0xb9, 0x6e, 0x29, 0x30, 0x8e, 0x7d, 0x56, - 0x7e, 0x07, 0xfa, 0x0c, 0xfe, 0x51, 0x42, 0xa7, 0xba, 0x27, 0xc9, 0xe0, 0xa4, 0x9a, 0x5f, 0x46, - 0xfd, 0xa7, 0xb9, 0xae, 0x99, 0x37, 0x4e, 0xfa, 0xe7, 0x7d, 0xab, 0x90, 0xf1, 0x79, 0x62, 0x12, - 0xbd, 0x01, 0x63, 0x66, 0x18, 0x1a, 0xbc, 0x1e, 0x86, 0x9f, 0xd2, 0x46, 0x25, 0x38, 0x8e, 0xae, - 0x3b, 0x70, 0xd1, 0x77, 0x7c, 0x74, 0x7c, 0x0f, 0x31, 0xb7, 0xde, 0x71, 0x4c, 0x3e, 0x2e, 0xb5, - 0xf3, 0x6e, 0xcc, 0x7d, 0xcc, 0x5d, 0x71, 0x4c, 0x56, 0x81, 0xee, 0x6d, 0x50, 0x4b, 0xaf, 0x6f, - 0xda, 0xce, 0x23, 0x8c, 0x32, 0xca, 0x07, 0xa7, 0x36, 0xca, 0xe1, 0x0f, 0x7d, 0x30, 0x79, 0x1e, - 0x86, 0xd7, 0x9b, 0x1d, 0x1a, 0xc4, 0x75, 0xe4, 0x77, 0x7d, 0xda, 0x10, 0x03, 0x06, 0x37, 0x24, - 0xcf, 0x00, 0x20, 0x91, 0x87, 0x79, 0x51, 0xf0, 0x62, 0x4f, 0x1b, 0x60, 0x90, 0x65, 0xd1, 0x5d, - 0x97, 0xb9, 0x56, 0x73, 0x21, 0xd5, 0x9b, 0xb6, 0xb5, 0x5e, 0xf7, 0xa8, 0xd3, 0xc2, 0x86, 0xa2, - 0x33, 0x83, 0x76, 0x11, 0x29, 0xf0, 0xea, 0xc4, 0x9d, 0xb3, 0xad, 0xf5, 0x65, 0xea, 0xb4, 0x58, - 0x53, 0x5f, 0x04, 0x22, 0x9a, 0xea, 0xe0, 0xa1, 0x07, 0xff, 0x38, 0xf4, 0x66, 0xd0, 0xc4, 0x47, - 0xf0, 0xd3, 0x10, 0xfc, 0xb0, 0x09, 0x18, 0xe4, 0xc1, 0xed, 0xb8, 0xd0, 0xd0, 0x85, 0x41, 0x03, - 0x0e, 0x42, 0x79, 0x5d, 0x04, 0xe1, 0x5d, 0xc1, 0xbd, 0xba, 0x35, 0xf1, 0x4b, 0xfd, 0x7a, 0x21, - 0x2d, 0x59, 0xc8, 0xa1, 0x14, 0x2d, 0x9c, 0x56, 0xf3, 0xfb, 0x9a, 0x56, 0x47, 0xad, 0x4e, 0xab, - 0xae, 0xb7, 0xdb, 0xf5, 0x35, 0xb3, 0x89, 0xcf, 0xaa, 0x70, 0xe1, 0xd3, 0x86, 0xad, 0x4e, 0xab, - 0xdc, 0x6e, 0xcf, 0x70, 0x20, 0x79, 0x01, 0xc6, 0x19, 0x1d, 0x76, 0x52, 0x40, 0x59, 0x44, 0x4a, - 0xc6, 0x00, 0xa3, 0xc3, 0xfa, 0xb4, 0x4f, 0x41, 0xbf, 0xe0, 0xc9, 0xd7, 0xaa, 0x5e, 0xad, 0x8f, - 0x33, 0x73, 0x59, 0xcf, 0x05, 0x6c, 0xf8, 0xe4, 0xda, 0xab, 0x0d, 0xf8, 0xe5, 0x31, 0x06, 0xb2, - 0xd5, 0x69, 0xf1, 0x88, 0x58, 0x7d, 0x88, 0x0c, 0x7e, 0x93, 0x6b, 0x30, 0xc2, 0xb8, 0x04, 0x02, - 0xe3, 0x61, 0x63, 0x7b, 0xb5, 0x18, 0x94, 0xdc, 0x86, 0xf3, 0x11, 0x08, 0xb7, 0x41, 0xf9, 0x33, - 0x81, 0x5e, 0x2d, 0x15, 0xa7, 0xfe, 0x76, 0x21, 0x9a, 0xc2, 0xe4, 0x18, 0x3a, 0xe2, 0x12, 0xf4, - 0xd9, 0xce, 0x7a, 0xbd, 0xe3, 0x34, 0xc5, 0xd8, 0x2b, 0xd9, 0xce, 0xfa, 0x8a, 0xd3, 0x24, 0x17, - 0xa0, 0xc4, 0x7a, 0xc7, 0x34, 0xc4, 0x10, 0xeb, 0xd5, 0xdb, 0xed, 0xaa, 0x41, 0xca, 0xbc, 0x43, - 0x30, 0xe4, 0x68, 0xbd, 0x81, 0x5b, 0x7b, 0xee, 0x94, 0xd0, 0xcb, 0x57, 0xbc, 0x04, 0x12, 0xfb, - 0x09, 0x03, 0x91, 0xf2, 0x83, 0x80, 0x18, 0x0b, 0x03, 0xb7, 0x25, 0x06, 0xef, 0x93, 0x38, 0x0b, - 0x81, 0x0c, 0x59, 0xf0, 0x4d, 0x8c, 0x41, 0x2a, 0x40, 0x42, 0xaa, 0x96, 0x6d, 0x98, 0x6b, 0x26, - 0xe5, 0xaf, 0x3a, 0x7a, 0xf9, 0xc5, 0x6f, 0x12, 0xab, 0x8d, 0xf9, 0x4c, 0xe6, 0x05, 0x84, 0xbc, - 0xc5, 0x95, 0x90, 0xd3, 0xe1, 0xda, 0xc7, 0xfb, 0x96, 0xdb, 0x69, 0x31, 0x14, 0x6a, 0x26, 0x96, - 0xc7, 0x85, 0x50, 0xfd, 0x4b, 0xc5, 0x64, 0x1e, 0x9b, 0x63, 0xb1, 0x6b, 0x66, 0x01, 0x44, 0x9a, - 0xaa, 0xf0, 0x72, 0x2d, 0xf0, 0x38, 0x0f, 0x31, 0x19, 0x3c, 0xa4, 0xb2, 0xe4, 0x06, 0xf4, 0xf3, - 0x2f, 0xaa, 0x56, 0x84, 0xbd, 0x83, 0x2e, 0x62, 0x6e, 0xdb, 0x5c, 0x5b, 0x43, 0x7f, 0xb2, 0x00, - 0x4d, 0xae, 0x41, 0x5f, 0x65, 0xa1, 0x56, 0x2b, 0x2f, 0xf8, 0x37, 0xc5, 0xf8, 0xbe, 0xc4, 0xb0, - 0xdc, 0xba, 0xab, 0x5b, 0xae, 0xe6, 0x23, 0xc9, 0xf3, 0x50, 0xaa, 0x2e, 0x21, 0x19, 0x7f, 0x35, - 0x39, 0xb8, 0xb3, 0x3d, 0xd1, 0x67, 0xb6, 0x39, 0x95, 0x40, 0x61, 0xbd, 0x0f, 0xaa, 0x15, 0xc9, - 0x5d, 0x82, 0xd7, 0xfb, 0xd8, 0x34, 0xf0, 0xda, 0x59, 0x0b, 0xd0, 0xe4, 0x55, 0x18, 0xaa, 0x51, - 0xc7, 0xd4, 0x9b, 0x0b, 0x1d, 0xdc, 0x2a, 0x4a, 0xa1, 0x14, 0x5d, 0x84, 0xd7, 0x2d, 0x44, 0x68, - 0x11, 0x32, 0x72, 0x05, 0x8a, 0xb3, 0xa6, 0xe5, 0x3f, 0x61, 0x40, 0x1f, 0xf7, 0x0d, 0xd3, 0xf2, - 0x34, 0x84, 0x92, 0xe7, 0xa1, 0x70, 0x6f, 0xb9, 0x2a, 0x3c, 0xc1, 0x90, 0xd7, 0x07, 0x5e, 0x24, - 0x2c, 0xe3, 0xbd, 0xe5, 0x2a, 0x79, 0x15, 0x06, 0xd8, 0x22, 0x46, 0xad, 0x06, 0x75, 0x95, 0x41, - 0xfc, 0x18, 0x1e, 0x46, 0xd0, 0x07, 0xca, 0x3e, 0x1d, 0x01, 0xa5, 0xfa, 0x7f, 0xe6, 0xd3, 0x13, - 0x0d, 0x1d, 0xc3, 0x50, 0x3f, 0xe0, 0x2d, 0x72, 0x4c, 0xc1, 0x8a, 0x87, 0x50, 0xb0, 0x35, 0x18, - 0x2d, 0x1b, 0x2d, 0xd3, 0x2a, 0xe3, 0x4f, 0x77, 0x7e, 0xa6, 0x8c, 0x53, 0x87, 0xf4, 0x3c, 0x2f, - 0x86, 0x16, 0xdf, 0xc3, 0x03, 0xfe, 0x32, 0x54, 0x5d, 0xe7, 0xb8, 0x7a, 0x6b, 0x4d, 0xaf, 0x37, - 0x78, 0x8e, 0x1e, 0x2d, 0xce, 0x54, 0xfd, 0xc9, 0xfc, 0x2e, 0xb9, 0x91, 0x4e, 0xa3, 0xf4, 0xd5, - 0x6f, 0xe7, 0xbb, 0xa7, 0xa7, 0x3a, 0x95, 0x42, 0xf9, 0x83, 0x7c, 0x4a, 0xb2, 0xa8, 0x43, 0x49, - 0xe2, 0x06, 0xf4, 0x73, 0x36, 0x81, 0x1b, 0x2f, 0xce, 0x66, 0x5c, 0x59, 0x71, 0x16, 0xf5, 0xd1, - 0x64, 0x01, 0xce, 0x97, 0xd7, 0xd6, 0x68, 0xc3, 0x0b, 0x43, 0x3f, 0x2f, 0x84, 0x41, 0x58, 0x79, - 0xa8, 0x5b, 0x81, 0x0f, 0x43, 0x47, 0x63, 0xb0, 0x91, 0xd4, 0x72, 0x64, 0x19, 0x2e, 0xc6, 0xe1, - 0x35, 0xbe, 0x05, 0x28, 0x4a, 0xd1, 0x6f, 0x13, 0x1c, 0xf9, 0x7f, 0x5a, 0x46, 0xd9, 0xb4, 0x56, - 0xe2, 0x54, 0xdd, 0xdb, 0xad, 0x95, 0x38, 0x6f, 0xa7, 0x96, 0x53, 0x7f, 0xa7, 0x20, 0xe7, 0xd4, - 0x3a, 0xbd, 0x0e, 0x57, 0x77, 0x22, 0x6e, 0xd6, 0x7b, 0x1d, 0x32, 0xaf, 0x8a, 0x08, 0x22, 0x46, - 0xc7, 0xf1, 0x3d, 0x12, 0x83, 0x08, 0x06, 0x08, 0x94, 0xd7, 0xa1, 0x80, 0x92, 0x54, 0xa1, 0x58, - 0x76, 0xd6, 0xb9, 0x79, 0xbb, 0xdb, 0xa3, 0x2a, 0xdd, 0x59, 0x77, 0xd3, 0x1f, 0x55, 0x31, 0x16, - 0xea, 0x9f, 0xce, 0x77, 0x49, 0x83, 0x75, 0x2a, 0x27, 0x91, 0x3f, 0x9b, 0xcf, 0x4a, 0x68, 0x75, - 0x52, 0x5d, 0xc7, 0x3e, 0x62, 0xe1, 0x9c, 0x6c, 0xbf, 0xba, 0x23, 0x16, 0x4e, 0x46, 0x72, 0xad, - 0x33, 0xe1, 0x7c, 0x3d, 0x9f, 0x95, 0x5f, 0xec, 0xd4, 0xce, 0x32, 0x19, 0x29, 0xcd, 0xce, 0x74, - 0xe5, 0xe7, 0xf2, 0x99, 0x59, 0xdd, 0xce, 0xa4, 0xa3, 0x7e, 0x23, 0x9f, 0x99, 0x95, 0xee, 0x54, - 0x0e, 0xa5, 0x54, 0x6d, 0x39, 0x1b, 0x4b, 0x42, 0x3a, 0xbf, 0x97, 0x4f, 0xcf, 0x03, 0x78, 0x0c, - 0xaa, 0x72, 0x14, 0x1e, 0x78, 0xbe, 0x40, 0x8b, 0x87, 0x12, 0x68, 0xef, 0x91, 0x0a, 0xf4, 0xd8, - 0xc6, 0xde, 0x27, 0x55, 0xa0, 0x47, 0x30, 0x78, 0x4f, 0xb3, 0x40, 0xff, 0x54, 0x21, 0x99, 0xfb, - 0xf2, 0x54, 0x1e, 0x51, 0x4e, 0x42, 0xbf, 0x7f, 0x86, 0x21, 0x04, 0xba, 0xe7, 0xee, 0xf4, 0xcb, - 0x91, 0x77, 0x61, 0x34, 0x94, 0xa5, 0x1c, 0x99, 0x0a, 0xaf, 0x37, 0x1a, 0x0c, 0x55, 0xff, 0x80, - 0xe1, 0x44, 0x08, 0x95, 0x38, 0xb5, 0xfa, 0xfd, 0x42, 0x32, 0x81, 0xe8, 0x59, 0x6f, 0x1c, 0xb0, - 0x37, 0x56, 0xe0, 0xe2, 0x54, 0xc7, 0x71, 0xa8, 0xe5, 0xa5, 0x77, 0x0a, 0x1e, 0x2e, 0x37, 0x38, - 0x45, 0x3d, 0xd9, 0x39, 0x19, 0x85, 0x19, 0x5b, 0xe1, 0x7d, 0x1f, 0x67, 0xdb, 0x17, 0xb2, 0xed, - 0x70, 0x8a, 0x34, 0xb6, 0xe9, 0x85, 0xd5, 0xbf, 0x97, 0x4f, 0xa6, 0x7c, 0x3d, 0xeb, 0xfa, 0x83, - 0x75, 0xfd, 0x0b, 0xf3, 0x3c, 0xb1, 0xd5, 0x7d, 0xd3, 0x32, 0xc8, 0x53, 0x70, 0x61, 0xa5, 0x36, - 0xad, 0xd5, 0xef, 0x57, 0x17, 0x2a, 0xf5, 0x95, 0x85, 0xda, 0xd2, 0xf4, 0x54, 0x75, 0xa6, 0x3a, - 0x5d, 0x19, 0xeb, 0x21, 0xe7, 0x60, 0x34, 0x44, 0xcd, 0xae, 0xcc, 0x97, 0x17, 0xc6, 0x72, 0x64, - 0x1c, 0x86, 0x43, 0xe0, 0xe4, 0xe2, 0xf2, 0x58, 0xfe, 0x85, 0xcf, 0xc0, 0x20, 0xde, 0xdc, 0xf3, - 0x9b, 0x06, 0x32, 0x04, 0xfd, 0x8b, 0x93, 0xb5, 0x69, 0xed, 0x01, 0x32, 0x01, 0x28, 0x55, 0xa6, - 0x17, 0x18, 0xc3, 0xdc, 0x0b, 0xff, 0x4f, 0x0e, 0xa0, 0x36, 0xb3, 0xbc, 0x24, 0x08, 0x07, 0xa1, - 0xaf, 0xba, 0xf0, 0xa0, 0x3c, 0x57, 0x65, 0x74, 0xfd, 0x50, 0x5c, 0x5c, 0x9a, 0x66, 0x35, 0x0c, - 0x40, 0xef, 0xd4, 0xdc, 0x62, 0x6d, 0x7a, 0x2c, 0xcf, 0x80, 0xda, 0x74, 0xb9, 0x32, 0x56, 0x60, - 0xc0, 0x87, 0x5a, 0x75, 0x79, 0x7a, 0xac, 0xc8, 0xfe, 0x9c, 0xab, 0x2d, 0x97, 0x97, 0xc7, 0x7a, - 0xd9, 0x9f, 0x33, 0xf8, 0x67, 0x89, 0x31, 0xab, 0x4d, 0x2f, 0xe3, 0x8f, 0x3e, 0xd6, 0x84, 0x19, - 0xff, 0x57, 0x3f, 0x43, 0x31, 0xd6, 0x95, 0xaa, 0x36, 0x36, 0xc0, 0x7e, 0x30, 0x96, 0xec, 0x07, - 0xb0, 0xc6, 0x69, 0xd3, 0xf3, 0x8b, 0x0f, 0xa6, 0xc7, 0x06, 0x19, 0xaf, 0xf9, 0xfb, 0x0c, 0x3c, - 0xc4, 0xfe, 0xd4, 0xe6, 0xd9, 0x9f, 0xc3, 0x8c, 0x93, 0x36, 0x5d, 0x9e, 0x5b, 0x2a, 0x2f, 0xcf, - 0x8e, 0x8d, 0xb0, 0xf6, 0x20, 0xcf, 0x51, 0x5e, 0x72, 0xa1, 0x3c, 0x3f, 0x3d, 0x36, 0x26, 0x68, - 0x2a, 0x73, 0xd5, 0x85, 0xfb, 0x63, 0xe3, 0xd8, 0x90, 0xf7, 0xe7, 0xf1, 0x07, 0x61, 0x05, 0xf0, - 0xaf, 0x73, 0x2f, 0xfc, 0x20, 0x94, 0x16, 0x6b, 0x78, 0x57, 0x77, 0x09, 0xce, 0x2d, 0xd6, 0xea, - 0xcb, 0xef, 0x2f, 0x4d, 0xc7, 0xe4, 0x3d, 0x0e, 0xc3, 0x3e, 0x62, 0xae, 0xba, 0xb0, 0xf2, 0x25, - 0x2e, 0x6d, 0x1f, 0x34, 0x5f, 0x9e, 0x5a, 0xac, 0x8d, 0xe5, 0x59, 0xaf, 0xf8, 0xa0, 0x87, 0xd5, - 0x85, 0xca, 0xe2, 0xc3, 0xda, 0x58, 0xe1, 0x85, 0xc7, 0x30, 0xc4, 0xd3, 0x82, 0x2d, 0x3a, 0xe6, - 0xba, 0x69, 0x91, 0x67, 0xe0, 0xa9, 0xca, 0xf4, 0x83, 0xea, 0xd4, 0x74, 0x7d, 0x51, 0xab, 0xde, - 0xad, 0x2e, 0xc4, 0x6a, 0xba, 0x00, 0xe3, 0x51, 0x74, 0x79, 0xa9, 0x3a, 0x96, 0x23, 0x17, 0x81, - 0x44, 0xc1, 0xf7, 0xca, 0xf3, 0x33, 0x63, 0x79, 0xa2, 0xc0, 0xf9, 0x28, 0xbc, 0xba, 0xb0, 0xbc, - 0xb2, 0x30, 0x3d, 0x56, 0x78, 0xe1, 0x2f, 0xe6, 0xe0, 0x42, 0x6a, 0xe8, 0x48, 0xa2, 0xc2, 0xd5, - 0xe9, 0xb9, 0x72, 0x6d, 0xb9, 0x3a, 0x55, 0x9b, 0x2e, 0x6b, 0x53, 0xb3, 0xf5, 0xa9, 0xf2, 0xf2, - 0xf4, 0xdd, 0x45, 0xed, 0xfd, 0xfa, 0xdd, 0xe9, 0x85, 0x69, 0xad, 0x3c, 0x37, 0xd6, 0x43, 0x9e, - 0x87, 0x89, 0x0c, 0x9a, 0xda, 0xf4, 0xd4, 0x8a, 0x56, 0x5d, 0x7e, 0x7f, 0x2c, 0x47, 0x9e, 0x83, - 0x67, 0x32, 0x89, 0xd8, 0xef, 0xb1, 0x3c, 0xb9, 0x0a, 0x97, 0xb3, 0x48, 0xde, 0x9b, 0x1b, 0x2b, - 0xbc, 0xf0, 0xb3, 0x39, 0x20, 0xc9, 0xd8, 0x7f, 0xe4, 0x59, 0xb8, 0xc2, 0xf4, 0xa2, 0x9e, 0xdd, - 0xc0, 0xe7, 0xe0, 0x99, 0x54, 0x0a, 0xa9, 0x79, 0x13, 0xf0, 0x74, 0x06, 0x89, 0x68, 0xdc, 0x15, - 0x50, 0xd2, 0x09, 0xb0, 0x69, 0xbf, 0x91, 0x83, 0x0b, 0xa9, 0x97, 0x7b, 0xe4, 0x3a, 0x7c, 0xaa, - 0x5c, 0x99, 0x67, 0x7d, 0x33, 0xb5, 0x5c, 0x5d, 0x5c, 0xa8, 0xd5, 0xe7, 0x67, 0xca, 0x75, 0xa6, - 0x7d, 0x2b, 0xb5, 0x58, 0x6f, 0x5e, 0x03, 0xb5, 0x0b, 0xe5, 0xd4, 0x6c, 0x79, 0xe1, 0x2e, 0x1b, - 0x7e, 0xe4, 0x53, 0xf0, 0x6c, 0x26, 0xdd, 0xf4, 0x42, 0x79, 0x72, 0x6e, 0xba, 0x32, 0x96, 0x27, - 0x9f, 0x86, 0xe7, 0x32, 0xa9, 0x2a, 0xd5, 0x1a, 0x27, 0x2b, 0x4c, 0x56, 0xbe, 0xfb, 0x3f, 0x5f, - 0xed, 0xf9, 0xee, 0xef, 0x5f, 0xcd, 0xfd, 0x83, 0xdf, 0xbf, 0x9a, 0xfb, 0x67, 0xbf, 0x7f, 0x35, - 0xf7, 0xe5, 0xdb, 0xfb, 0x89, 0xe9, 0xc8, 0xa7, 0xac, 0xd5, 0x12, 0x1e, 0xb4, 0xbf, 0xf2, 0xaf, - 0x03, 0x00, 0x00, 0xff, 0xff, 0xd8, 0xa8, 0xff, 0x0f, 0xd4, 0x74, 0x01, 0x00, + 0xec, 0x3b, 0x98, 0x6a, 0x92, 0xb7, 0x61, 0x70, 0xc9, 0x76, 0xbd, 0x75, 0x87, 0xba, 0x4b, 0x41, + 0x0c, 0x7d, 0x7c, 0x04, 0xdb, 0x16, 0xe0, 0x7a, 0x3b, 0x32, 0xfb, 0xcb, 0xe4, 0xea, 0x3f, 0x2e, + 0x24, 0xb4, 0x81, 0x1b, 0xae, 0x27, 0x52, 0x1b, 0x8e, 0x60, 0xa8, 0x93, 0xdb, 0xe1, 0x2a, 0xc8, + 0x2d, 0xfc, 0x5e, 0x29, 0x40, 0xe0, 0xaa, 0x30, 0xf0, 0xa3, 0x24, 0xe4, 0x07, 0xe0, 0x52, 0x04, + 0xb0, 0xa4, 0x3b, 0x7a, 0x8b, 0x7a, 0x61, 0xbe, 0x42, 0x0c, 0xf9, 0xe4, 0x97, 0xae, 0xb7, 0x03, + 0xb4, 0x9c, 0x03, 0x31, 0x83, 0x83, 0xa4, 0x5a, 0x7d, 0xfb, 0x70, 0xb1, 0xfe, 0xd9, 0x42, 0x68, + 0xe8, 0x44, 0x43, 0xb7, 0x6a, 0xd4, 0xed, 0x34, 0xbd, 0xd3, 0xdb, 0xc1, 0x07, 0x4b, 0x8c, 0x31, + 0x0b, 0xa3, 0xe5, 0xb5, 0x35, 0xda, 0xf0, 0xfc, 0x88, 0xd4, 0xae, 0x08, 0xd6, 0xc7, 0x37, 0x1e, + 0x02, 0x25, 0x22, 0x0c, 0x47, 0x32, 0xeb, 0xc7, 0x8a, 0xa9, 0xff, 0xa4, 0x08, 0x4a, 0x60, 0xf8, + 0x07, 0xcf, 0xbc, 0x8e, 0x71, 0x91, 0xfd, 0x58, 0xf4, 0x8a, 0x09, 0xe3, 0xa1, 0x30, 0x6a, 0x9d, + 0x56, 0x4b, 0xc7, 0xa1, 0xc7, 0x36, 0x16, 0x13, 0x71, 0x66, 0x21, 0x21, 0xdf, 0x4b, 0x5c, 0x16, + 0x7b, 0x09, 0x12, 0x3e, 0xa3, 0xab, 0xbb, 0x9c, 0x85, 0x96, 0xe4, 0x4a, 0xbe, 0x99, 0x83, 0xf3, + 0x7e, 0xa7, 0x2c, 0xae, 0x32, 0xa3, 0x7a, 0xca, 0xee, 0x58, 0x9e, 0xbf, 0x8f, 0x79, 0x33, 0xbb, + 0x3a, 0xde, 0x49, 0x37, 0xd3, 0x0a, 0xf3, 0x96, 0x04, 0x61, 0x29, 0x02, 0x85, 0xb0, 0x91, 0xa6, + 0xde, 0x40, 0x22, 0x2d, 0xb5, 0xde, 0xcb, 0x77, 0xe1, 0xa9, 0x4c, 0x96, 0xbb, 0x19, 0xb1, 0xbd, + 0xb2, 0x11, 0xfb, 0xdf, 0xe5, 0xc2, 0x89, 0x28, 0x26, 0x24, 0x72, 0x13, 0x20, 0x04, 0x89, 0x6d, + 0xed, 0xc8, 0xce, 0xf6, 0x04, 0x84, 0x42, 0xd3, 0x24, 0x0a, 0xb2, 0x08, 0x25, 0x21, 0x16, 0x9e, + 0x1b, 0xf8, 0xb3, 0xbb, 0xf4, 0xc2, 0x4d, 0x59, 0x0e, 0xb8, 0x65, 0x15, 0xdf, 0x2c, 0xd8, 0x5c, + 0x7e, 0x03, 0x06, 0x0f, 0xfa, 0x5d, 0xdf, 0x2c, 0x00, 0x91, 0xf7, 0xa0, 0xc7, 0x68, 0xa0, 0x9f, + 0xe0, 0x29, 0xec, 0x3a, 0xf4, 0xb3, 0x4f, 0xc0, 0x6c, 0x19, 0x52, 0x74, 0xdc, 0x8e, 0x80, 0x69, + 0x01, 0x36, 0x0c, 0x4d, 0xd5, 0x97, 0x1e, 0x9a, 0x4a, 0xfd, 0xe9, 0x02, 0x5c, 0x94, 0x3b, 0xa4, + 0x42, 0x31, 0xe0, 0xfe, 0x59, 0xa7, 0x7c, 0x84, 0x9d, 0xa2, 0x42, 0x89, 0x6f, 0x3d, 0x44, 0xe6, + 0x03, 0x7e, 0x2c, 0x84, 0x10, 0x4d, 0x60, 0xd4, 0xff, 0x39, 0x0f, 0xc3, 0x81, 0x79, 0xa7, 0x3b, + 0xee, 0x29, 0xee, 0x8e, 0xcf, 0xc3, 0x30, 0x06, 0x17, 0x6a, 0x51, 0x8b, 0x07, 0xe0, 0xe9, 0x95, + 0x52, 0x95, 0xf8, 0x08, 0x91, 0x95, 0x2a, 0x42, 0xc8, 0xb4, 0x9f, 0x5b, 0x7e, 0x52, 0xc8, 0x27, + 0x6e, 0xf6, 0x71, 0xb8, 0xfa, 0x17, 0x0b, 0x30, 0xe4, 0x4b, 0x79, 0xd2, 0x3c, 0xa9, 0xf7, 0x3c, + 0xc7, 0x2b, 0xe4, 0x5b, 0x00, 0x4b, 0xb6, 0xe3, 0xe9, 0xcd, 0x85, 0x50, 0xf3, 0xf1, 0x80, 0xb4, + 0x8d, 0x50, 0x5e, 0x46, 0x22, 0xc1, 0xf5, 0x2b, 0x34, 0xab, 0xf9, 0xc4, 0xc4, 0xd7, 0xaf, 0x00, + 0xaa, 0x49, 0x14, 0xea, 0xdf, 0xce, 0xc3, 0xa8, 0xdf, 0x49, 0xd3, 0x4f, 0x68, 0xa3, 0x73, 0x9a, + 0xe7, 0xa6, 0xa8, 0xb4, 0x7b, 0x77, 0x95, 0xb6, 0xfa, 0x7f, 0x4a, 0x13, 0xc9, 0x54, 0xd3, 0x3e, + 0x9b, 0x48, 0xfe, 0x38, 0x74, 0x5c, 0xfd, 0xd1, 0x02, 0x9c, 0xf7, 0xa5, 0x3e, 0xd3, 0xb1, 0xf0, + 0x68, 0x61, 0x4a, 0x6f, 0x36, 0x4f, 0xf3, 0x6e, 0x7c, 0xd0, 0x17, 0xc4, 0xa2, 0x88, 0xd6, 0x27, + 0x32, 0x04, 0xae, 0x09, 0x70, 0xdd, 0x36, 0x0d, 0x4d, 0x26, 0x22, 0xef, 0xc2, 0x90, 0xff, 0xb3, + 0xec, 0xac, 0xfb, 0x5b, 0x70, 0xbc, 0x28, 0x08, 0x0a, 0xe9, 0x4e, 0x24, 0x28, 0x41, 0xa4, 0x80, + 0xfa, 0xb5, 0x3e, 0xb8, 0xfc, 0xd0, 0xb4, 0x0c, 0x7b, 0xd3, 0xf5, 0x13, 0x4c, 0x9e, 0xf8, 0x83, + 0xb2, 0xe3, 0x4e, 0x2c, 0xf9, 0x1e, 0x5c, 0x88, 0x8b, 0xd4, 0x09, 0xc2, 0x7e, 0x8b, 0xde, 0xd9, + 0xe4, 0x04, 0x75, 0x3f, 0xd5, 0xa4, 0xb8, 0x6d, 0xd3, 0xd2, 0x4b, 0xc6, 0x73, 0x55, 0xf6, 0xed, + 0x25, 0x57, 0xe5, 0x0b, 0x50, 0xaa, 0xd8, 0x2d, 0xdd, 0xf4, 0xc3, 0xd3, 0xe0, 0x28, 0x0e, 0xea, + 0x45, 0x8c, 0x26, 0x28, 0x18, 0x7f, 0x51, 0x31, 0x76, 0xd9, 0x40, 0xc8, 0xdf, 0x2f, 0xc0, 0xac, + 0x34, 0x4d, 0x26, 0x22, 0x36, 0x0c, 0x8b, 0xea, 0xc4, 0xdd, 0x18, 0xe0, 0xe6, 0xe9, 0x55, 0x5f, + 0x46, 0xd9, 0x6a, 0x75, 0x33, 0x52, 0x8e, 0x6f, 0xa3, 0x78, 0x0a, 0x4d, 0xf1, 0x31, 0xfc, 0x96, + 0x4c, 0x8b, 0xf2, 0x97, 0x84, 0x80, 0x93, 0xcc, 0x60, 0x52, 0x08, 0x38, 0xcb, 0xc8, 0x44, 0x64, + 0x1a, 0xc6, 0x31, 0x38, 0x73, 0xb0, 0x95, 0x62, 0x2a, 0x31, 0x84, 0x46, 0x25, 0x5e, 0xb9, 0xf0, + 0x78, 0xce, 0xec, 0xe3, 0xea, 0x0d, 0x81, 0xd6, 0x92, 0x25, 0xc8, 0x53, 0x50, 0x58, 0x98, 0x2b, + 0xe3, 0x5d, 0x4d, 0x3f, 0x4f, 0x8c, 0x64, 0x35, 0x75, 0x8d, 0xc1, 0x2e, 0x7f, 0x11, 0x48, 0xf2, + 0x73, 0xf6, 0x75, 0x1f, 0xf3, 0x5f, 0x4a, 0x5b, 0xbe, 0x93, 0xee, 0x51, 0x73, 0x14, 0x13, 0x61, + 0x24, 0x27, 0x59, 0xef, 0x47, 0x99, 0x93, 0xac, 0x74, 0xa4, 0x39, 0xc9, 0xd4, 0x5f, 0xcd, 0xc1, + 0x78, 0x22, 0x80, 0x39, 0x79, 0x05, 0x80, 0x43, 0xa4, 0x40, 0x91, 0x18, 0x79, 0x25, 0x0c, 0x6a, + 0x2e, 0x96, 0xc7, 0x90, 0x8c, 0xdc, 0x82, 0x7e, 0xfe, 0x4b, 0x04, 0x77, 0x4a, 0x16, 0xe9, 0x74, + 0x4c, 0x43, 0x0b, 0x88, 0xc2, 0x5a, 0xf0, 0x46, 0xb2, 0x90, 0x5a, 0xc4, 0xdb, 0x6a, 0x07, 0xb5, + 0x30, 0x32, 0xf5, 0x1b, 0x79, 0x18, 0x0a, 0x1a, 0x5c, 0x36, 0x8e, 0x4b, 0xe7, 0x4a, 0x22, 0x16, + 0x7c, 0x61, 0xb7, 0x58, 0xf0, 0xb1, 0xf9, 0x56, 0x04, 0x7f, 0x3f, 0xba, 0x07, 0x55, 0xdf, 0xca, + 0xc3, 0x68, 0x50, 0xeb, 0x31, 0x5e, 0x7e, 0x7d, 0x8c, 0x44, 0xf2, 0xcd, 0x1c, 0x28, 0x93, 0x66, + 0xb3, 0x69, 0x5a, 0xeb, 0x55, 0x6b, 0xcd, 0x76, 0x5a, 0x38, 0x21, 0x1e, 0xdf, 0x11, 0xae, 0xfa, + 0xa7, 0x72, 0x30, 0x2e, 0x1a, 0x34, 0xa5, 0x3b, 0xc6, 0xf1, 0x9d, 0x8f, 0xc5, 0x5b, 0x72, 0x7c, + 0xfa, 0xa2, 0xfe, 0x4e, 0x1e, 0x60, 0xce, 0x6e, 0x3c, 0x3a, 0xe1, 0xef, 0xb1, 0xde, 0x82, 0x12, + 0x8f, 0xb0, 0x25, 0x34, 0x76, 0x5c, 0xbc, 0x3b, 0x62, 0x9f, 0xc6, 0x11, 0x93, 0x63, 0x62, 0x3e, + 0x2e, 0xf1, 0x08, 0x5d, 0x4a, 0x4e, 0x13, 0x45, 0x58, 0xa5, 0x8c, 0x4e, 0x2c, 0x18, 0x41, 0xa5, + 0x0c, 0x16, 0xad, 0x74, 0x67, 0x7b, 0xa2, 0xd8, 0xb4, 0x1b, 0x8f, 0x34, 0xa4, 0x57, 0xff, 0x55, + 0x8e, 0xcb, 0xee, 0x84, 0xbf, 0x2a, 0xf5, 0x3f, 0xbf, 0xb8, 0xcf, 0xcf, 0xff, 0xd3, 0x39, 0x38, + 0xaf, 0xd1, 0x86, 0xfd, 0x98, 0x3a, 0x5b, 0x53, 0xb6, 0x41, 0xef, 0x52, 0x8b, 0x3a, 0xc7, 0x35, + 0xa2, 0xfe, 0x13, 0x4c, 0x9e, 0x11, 0x36, 0x66, 0xc5, 0xa5, 0xc6, 0xc9, 0x49, 0x6c, 0xa2, 0xfe, + 0x46, 0x1f, 0x28, 0xa9, 0x56, 0xef, 0x89, 0x35, 0xe7, 0x32, 0xb7, 0x32, 0xc5, 0xa3, 0xda, 0xca, + 0xf4, 0xee, 0x6f, 0x2b, 0x53, 0xda, 0xef, 0x56, 0xa6, 0x6f, 0x2f, 0x5b, 0x99, 0x56, 0x7c, 0x2b, + 0xd3, 0x8f, 0x5b, 0x99, 0x57, 0xba, 0x6e, 0x65, 0xa6, 0x2d, 0xe3, 0x80, 0x1b, 0x99, 0x13, 0x9b, + 0x74, 0xf7, 0x20, 0x3b, 0xb0, 0xeb, 0x6c, 0x52, 0x6c, 0xd8, 0x8e, 0x41, 0x0d, 0xb1, 0xf1, 0xc2, + 0x53, 0x7f, 0x47, 0xc0, 0xb4, 0x00, 0x9b, 0xc8, 0x60, 0x3c, 0xbc, 0x97, 0x0c, 0xc6, 0x47, 0xb0, + 0xff, 0xfa, 0x7a, 0x1e, 0xc6, 0xa7, 0xa8, 0xe3, 0xf1, 0x10, 0x9e, 0x47, 0xe1, 0x12, 0x57, 0x86, + 0x51, 0x89, 0x21, 0x5a, 0xe4, 0xf9, 0xd0, 0xcd, 0xaf, 0x41, 0x1d, 0x2f, 0xee, 0x25, 0x18, 0xa7, + 0x67, 0xd5, 0xfb, 0x59, 0xc4, 0xc4, 0xd8, 0x0d, 0xaa, 0xf7, 0xe1, 0x5c, 0x90, 0xa6, 0xf8, 0xa5, + 0x05, 0xf4, 0x52, 0x62, 0xb0, 0xe2, 0xfe, 0x13, 0x83, 0xa9, 0xbf, 0x92, 0x83, 0x6b, 0x1a, 0xb5, + 0xe8, 0xa6, 0xbe, 0xda, 0xa4, 0x52, 0xb3, 0xc4, 0xca, 0xc0, 0x66, 0x0d, 0xd3, 0x6d, 0xe9, 0x5e, + 0x63, 0xe3, 0x50, 0x32, 0x9a, 0x81, 0x21, 0x79, 0xfe, 0xda, 0xc7, 0xdc, 0x16, 0x29, 0xa7, 0xfe, + 0x46, 0x11, 0xfa, 0x26, 0x6d, 0xef, 0x9e, 0x7d, 0xc8, 0x4c, 0x75, 0xe1, 0x94, 0x9f, 0xdf, 0xc7, + 0x59, 0xcf, 0xe7, 0xb0, 0x72, 0x29, 0x78, 0x3f, 0xba, 0x90, 0xae, 0xda, 0x89, 0x24, 0x07, 0x3e, + 0xd9, 0x3e, 0x73, 0xd4, 0xbd, 0x06, 0x03, 0x18, 0xfd, 0x45, 0x3a, 0x8d, 0x45, 0x07, 0x6d, 0x8f, + 0x01, 0xe3, 0x75, 0x84, 0xa4, 0xe4, 0x07, 0x22, 0x31, 0x47, 0x4b, 0x87, 0xcf, 0x69, 0x27, 0x87, + 0x1f, 0x7d, 0x85, 0x5f, 0xe4, 0x61, 0x9b, 0xa4, 0xfc, 0x1f, 0x78, 0x8a, 0x12, 0x6b, 0x52, 0x40, + 0x78, 0x84, 0xf9, 0xe6, 0xa6, 0x60, 0x78, 0xd2, 0xf6, 0x24, 0x67, 0xe0, 0x81, 0xf0, 0x19, 0x28, + 0x93, 0x7c, 0xba, 0x27, 0x70, 0xb4, 0x8c, 0xfa, 0x47, 0x45, 0x18, 0xf2, 0x7f, 0x1e, 0x93, 0xee, + 0xbc, 0x04, 0xa5, 0x59, 0x5b, 0x4a, 0x81, 0x80, 0x0e, 0xc4, 0x1b, 0xb6, 0x1b, 0xf3, 0x8c, 0x16, + 0x44, 0x4c, 0xea, 0x0b, 0xb6, 0x21, 0xbb, 0xbf, 0xa3, 0xd4, 0x2d, 0xdb, 0x48, 0x3c, 0x1f, 0x0e, + 0x08, 0xc9, 0x35, 0x28, 0xe2, 0xcb, 0x01, 0xe9, 0x20, 0x3f, 0xf6, 0x5a, 0x00, 0xf1, 0x92, 0x56, + 0x96, 0xf6, 0xab, 0x95, 0x7d, 0x07, 0xd5, 0xca, 0xfe, 0xa3, 0xd5, 0xca, 0xf7, 0x61, 0x08, 0x6b, + 0xf2, 0x33, 0xa8, 0xed, 0xbe, 0xb0, 0x3e, 0x25, 0xd6, 0xbe, 0x61, 0xde, 0x6e, 0x91, 0x47, 0x0d, + 0x97, 0xbc, 0x08, 0xab, 0x98, 0xee, 0xc2, 0x21, 0xb6, 0xd3, 0xff, 0x38, 0x07, 0x7d, 0x2b, 0xd6, + 0x23, 0xcb, 0xde, 0x3c, 0x9c, 0xc6, 0xbd, 0x02, 0x83, 0x82, 0x8d, 0xb4, 0xba, 0xe0, 0x8b, 0xf0, + 0x0e, 0x07, 0xd7, 0x91, 0x93, 0x26, 0x53, 0x91, 0xb7, 0x83, 0x42, 0xf8, 0x38, 0xa8, 0x10, 0x26, + 0x11, 0xf1, 0x0b, 0x35, 0xa2, 0x79, 0x0f, 0x64, 0x72, 0x72, 0x05, 0x8a, 0x15, 0xd6, 0x54, 0x29, + 0x8a, 0x2e, 0x6b, 0x8a, 0x86, 0x50, 0xf5, 0xeb, 0x45, 0x18, 0x89, 0x1d, 0x7c, 0xbd, 0x00, 0x03, + 0xe2, 0xe0, 0xc9, 0xf4, 0x13, 0x31, 0xe0, 0xe3, 0xa1, 0x00, 0xa8, 0xf5, 0xf3, 0x3f, 0xab, 0x06, + 0xf9, 0x02, 0xf4, 0xd9, 0x2e, 0x2e, 0x8a, 0xf8, 0x2d, 0x23, 0xe1, 0x10, 0x5a, 0xac, 0xb1, 0xb6, + 0xf3, 0xc1, 0x21, 0x48, 0x64, 0x8d, 0xb4, 0x5d, 0xfc, 0xb4, 0x3b, 0x30, 0xa0, 0xbb, 0x2e, 0xf5, + 0xea, 0x9e, 0xbe, 0x2e, 0xe7, 0x66, 0x08, 0x80, 0xf2, 0xe8, 0x40, 0xe0, 0xb2, 0xbe, 0x4e, 0xbe, + 0x08, 0xc3, 0x0d, 0x87, 0xe2, 0xb2, 0xa9, 0x37, 0x59, 0x2b, 0x25, 0xb3, 0x36, 0x82, 0x90, 0xef, + 0x4f, 0x42, 0x44, 0xd5, 0x20, 0x0f, 0x60, 0x58, 0x7c, 0x0e, 0xf7, 0xdc, 0xc7, 0x81, 0x36, 0x12, + 0x2e, 0x63, 0x5c, 0x24, 0xdc, 0x77, 0x5f, 0x3c, 0xe0, 0x90, 0xc9, 0x65, 0xbe, 0x86, 0x44, 0x4a, + 0x16, 0x81, 0x6c, 0xd2, 0xd5, 0xba, 0xde, 0xf1, 0x36, 0x58, 0x5d, 0x3c, 0xb4, 0xb8, 0x48, 0x49, + 0x88, 0xaf, 0x1e, 0x92, 0x58, 0xf9, 0x31, 0xc8, 0x26, 0x5d, 0x2d, 0x47, 0x90, 0xe4, 0x21, 0x5c, + 0x48, 0x16, 0x61, 0x9f, 0xcc, 0x2f, 0x07, 0x9e, 0xdf, 0xd9, 0x9e, 0x98, 0x48, 0x25, 0x90, 0xd8, + 0x9e, 0x4b, 0xb0, 0xad, 0x1a, 0xf7, 0x8a, 0xfd, 0x7d, 0x63, 0xfd, 0xda, 0x08, 0x2b, 0xeb, 0x9b, + 0x90, 0xa6, 0xa1, 0xfe, 0x5e, 0x8e, 0x99, 0x8a, 0xec, 0x83, 0x30, 0x27, 0x33, 0xd3, 0xf5, 0xd6, + 0x3e, 0x75, 0xbd, 0x15, 0x66, 0x4f, 0x2c, 0xb9, 0x5d, 0x66, 0x57, 0x4d, 0x60, 0xc9, 0x4d, 0x28, + 0x19, 0xf2, 0xa9, 0xd9, 0xc5, 0x68, 0x27, 0xf8, 0xf5, 0x68, 0x82, 0x8a, 0x5c, 0x87, 0x22, 0x5b, + 0xb2, 0xe2, 0x5b, 0x66, 0xd9, 0xba, 0xd0, 0x90, 0x42, 0xfd, 0x91, 0x3c, 0x0c, 0x49, 0x5f, 0x73, + 0xfb, 0x50, 0x9f, 0xf3, 0xe6, 0xde, 0x9a, 0xe9, 0x3b, 0xbd, 0xe0, 0x5e, 0xca, 0x6f, 0xf2, 0x9d, + 0x40, 0x14, 0x7b, 0xba, 0x90, 0x12, 0x82, 0x79, 0x4d, 0x7c, 0x68, 0x69, 0xef, 0xdb, 0x47, 0x46, + 0x7f, 0xaf, 0xd8, 0x9f, 0x1f, 0x2b, 0xdc, 0x2b, 0xf6, 0x17, 0xc7, 0x7a, 0x31, 0x0e, 0x17, 0x86, + 0xbe, 0xe6, 0x7b, 0x73, 0x6b, 0xcd, 0x5c, 0x3f, 0xe1, 0x6f, 0x47, 0x8e, 0x36, 0x46, 0x59, 0x4c, + 0x36, 0x27, 0xfc, 0x21, 0xc9, 0x47, 0x2a, 0x9b, 0xb3, 0x6c, 0x8b, 0x42, 0x36, 0xff, 0x24, 0x07, + 0x4a, 0xaa, 0x6c, 0xca, 0xc7, 0xe4, 0x07, 0x71, 0x74, 0x39, 0x17, 0xff, 0x20, 0x0f, 0xe3, 0x55, + 0xcb, 0xa3, 0xeb, 0x7c, 0xc7, 0x78, 0xc2, 0xa7, 0x8a, 0xfb, 0x30, 0x28, 0x7d, 0x8c, 0xe8, 0xf3, + 0xa7, 0x83, 0xfd, 0x78, 0x88, 0xca, 0xe0, 0x24, 0x97, 0x3e, 0xc2, 0x34, 0xed, 0x31, 0x21, 0x9f, + 0xf0, 0x39, 0xe7, 0x64, 0x08, 0xf9, 0x84, 0x4f, 0x5e, 0x1f, 0x53, 0x21, 0xff, 0xef, 0x39, 0x38, + 0x97, 0x52, 0x39, 0xb9, 0x06, 0x7d, 0xb5, 0xce, 0x2a, 0x86, 0xdd, 0xca, 0x85, 0x1e, 0xc3, 0x6e, + 0x67, 0x15, 0x23, 0x6e, 0x69, 0x3e, 0x92, 0x2c, 0xe3, 0xe3, 0xfa, 0xc5, 0x6a, 0x65, 0x4a, 0x48, + 0x55, 0x95, 0xc2, 0x04, 0x30, 0x70, 0xda, 0x97, 0x05, 0x0f, 0xf0, 0x6d, 0xd3, 0x68, 0xc4, 0x1e, + 0xe0, 0xb3, 0x32, 0xe4, 0x07, 0x61, 0xa0, 0xfc, 0x61, 0xc7, 0xa1, 0xc8, 0x97, 0x4b, 0xfc, 0x53, + 0x01, 0x5f, 0x1f, 0x91, 0xc6, 0x99, 0xc7, 0x12, 0x60, 0x14, 0x71, 0xde, 0x21, 0x43, 0xf5, 0x1b, + 0x39, 0xb8, 0x9c, 0xdd, 0x3a, 0xf2, 0x39, 0xe8, 0x63, 0x3b, 0xf3, 0xb2, 0xb6, 0x20, 0x3e, 0x9d, + 0xe7, 0x27, 0xb5, 0x9b, 0xb4, 0xae, 0x3b, 0xb2, 0xb1, 0xef, 0x93, 0x91, 0x77, 0x60, 0xb0, 0xea, + 0xba, 0x1d, 0xea, 0xd4, 0x5e, 0x59, 0xd1, 0xaa, 0x62, 0x4f, 0x88, 0x7b, 0x0e, 0x13, 0xc1, 0x75, + 0xf7, 0x95, 0x58, 0x60, 0x2d, 0x99, 0x5e, 0xfd, 0xf1, 0x1c, 0x5c, 0xe9, 0xf6, 0x55, 0xe4, 0x15, + 0xe8, 0x5f, 0xa6, 0x96, 0x6e, 0x79, 0xd5, 0x8a, 0x68, 0x12, 0x6e, 0xb1, 0x3c, 0x84, 0x45, 0x77, + 0x0a, 0x01, 0x21, 0x2b, 0xc4, 0xcf, 0x15, 0x03, 0x47, 0x06, 0x7e, 0x06, 0x8a, 0xb0, 0x58, 0x21, + 0x9f, 0x50, 0xfd, 0xfd, 0x3c, 0x0c, 0x2d, 0x35, 0x3b, 0xeb, 0xa6, 0xb4, 0x70, 0x1c, 0xd8, 0xde, + 0xf6, 0xad, 0xdf, 0xfc, 0xfe, 0xac, 0x5f, 0x36, 0xdc, 0x9c, 0x03, 0x0e, 0x37, 0xbf, 0x1c, 0x79, + 0x1b, 0x4a, 0x6d, 0xfc, 0x8e, 0xf8, 0x49, 0x2c, 0xff, 0xba, 0xac, 0x93, 0x58, 0x5e, 0x86, 0x8d, + 0xaf, 0xc6, 0x21, 0xc6, 0x57, 0x58, 0x56, 0x12, 0x68, 0xb8, 0x48, 0x9c, 0x09, 0xf4, 0x48, 0x04, + 0x1a, 0x2e, 0x08, 0x67, 0x02, 0x3d, 0x84, 0x40, 0x7f, 0x23, 0x0f, 0x23, 0xd1, 0x2a, 0xc9, 0xe7, + 0x60, 0x90, 0x57, 0xc3, 0xcf, 0x85, 0x72, 0x92, 0x53, 0x71, 0x08, 0xd6, 0x80, 0xff, 0x10, 0x07, + 0x5c, 0xa3, 0x1b, 0xba, 0x5b, 0x0f, 0x4f, 0x68, 0xf8, 0xfd, 0x6d, 0x3f, 0xf7, 0x84, 0x8a, 0xa1, + 0xb4, 0x91, 0x0d, 0xdd, 0x9d, 0x0a, 0x7f, 0x93, 0x69, 0x20, 0x0e, 0xed, 0xb8, 0x34, 0xca, 0xa0, + 0x88, 0x0c, 0x44, 0x72, 0xe8, 0x38, 0x56, 0x1b, 0xe7, 0x30, 0x99, 0xcd, 0x57, 0x82, 0x66, 0xa3, + 0x32, 0xf4, 0xee, 0x21, 0x73, 0xb5, 0x44, 0x9f, 0x7e, 0xcc, 0xc9, 0x09, 0x2a, 0xba, 0xa7, 0xf3, + 0x4d, 0xb9, 0xdf, 0x01, 0xea, 0xcf, 0xb4, 0xa0, 0x77, 0xd1, 0xa2, 0x8b, 0x6b, 0xe4, 0x65, 0x18, + 0x60, 0x0a, 0x33, 0x67, 0xb3, 0xbe, 0xcc, 0x09, 0xff, 0x09, 0x49, 0x93, 0x10, 0x31, 0xdb, 0xa3, + 0x85, 0x54, 0xe4, 0x0e, 0xcf, 0x7e, 0xcf, 0xe7, 0x58, 0xa1, 0x7d, 0x44, 0x2e, 0xc3, 0x31, 0xb3, + 0x3d, 0x9a, 0x44, 0xe7, 0x97, 0x12, 0x0f, 0x74, 0x0a, 0xc9, 0x52, 0x1c, 0xe3, 0x97, 0x12, 0xe3, + 0x63, 0x2e, 0x2d, 0xb1, 0x7c, 0x7c, 0xf7, 0x94, 0xa4, 0x98, 0xed, 0xd1, 0xd2, 0x13, 0xd2, 0x0f, + 0xc9, 0x0e, 0xa5, 0x71, 0xa7, 0x0f, 0x19, 0x37, 0xdb, 0xa3, 0x45, 0x68, 0xc9, 0xeb, 0x30, 0x28, + 0x7e, 0xdf, 0xb3, 0xc5, 0x8d, 0xb2, 0x14, 0x8b, 0x48, 0x42, 0xcd, 0xf6, 0x68, 0x32, 0xa5, 0x54, + 0xe9, 0x92, 0x63, 0x5a, 0x9e, 0x78, 0xa3, 0x1c, 0xaf, 0x14, 0x71, 0x52, 0xa5, 0xf8, 0x9b, 0xbc, + 0x03, 0xc3, 0x41, 0x90, 0xa7, 0x0f, 0x68, 0xc3, 0x13, 0x87, 0xdf, 0x17, 0x62, 0x85, 0x39, 0x72, + 0xb6, 0x47, 0x8b, 0x52, 0x93, 0xeb, 0x50, 0xd2, 0xa8, 0x6b, 0x7e, 0xe8, 0x5f, 0x17, 0x8f, 0x48, + 0xe3, 0xdc, 0xfc, 0x90, 0x49, 0x49, 0xe0, 0x59, 0xef, 0x84, 0xf7, 0xd3, 0xe2, 0xa8, 0x9a, 0xc4, + 0x6a, 0x99, 0xb6, 0x0c, 0xd6, 0x3b, 0x92, 0x73, 0xc2, 0x17, 0xc3, 0xd0, 0x57, 0x22, 0x61, 0xe6, + 0x60, 0x3c, 0xc6, 0x80, 0x8c, 0x9d, 0xed, 0xd1, 0x62, 0xf4, 0x92, 0x54, 0x2b, 0xa6, 0xfb, 0x48, + 0x44, 0x1b, 0x8d, 0x4b, 0x95, 0xa1, 0x24, 0xa9, 0xb2, 0x9f, 0x52, 0xd5, 0x0b, 0xd4, 0xdb, 0xb4, + 0x9d, 0x47, 0x22, 0xb6, 0x68, 0xbc, 0x6a, 0x81, 0x95, 0xaa, 0x16, 0x10, 0xb9, 0x6a, 0x36, 0xe0, + 0x46, 0xd2, 0xab, 0xd6, 0x3d, 0x5d, 0xae, 0x9a, 0x9f, 0xc4, 0xf9, 0x9d, 0x34, 0x47, 0xf5, 0xc7, + 0x3c, 0x6f, 0x79, 0xb2, 0x43, 0x11, 0x27, 0x75, 0x28, 0xfe, 0x66, 0x95, 0x4a, 0xb9, 0xa9, 0x45, + 0x62, 0xf2, 0xa0, 0x52, 0x09, 0xc5, 0x2a, 0x95, 0xb3, 0x58, 0xdf, 0x91, 0x53, 0x36, 0x2b, 0xe3, + 0xd1, 0x0e, 0x0a, 0x31, 0xac, 0x83, 0xa4, 0xd4, 0xce, 0x13, 0x98, 0x0e, 0x56, 0x21, 0x48, 0x3e, + 0x18, 0xb4, 0x70, 0x6a, 0x69, 0xb6, 0x47, 0xc3, 0x44, 0xb1, 0x2a, 0x4f, 0x34, 0xac, 0x9c, 0x43, + 0x8a, 0x21, 0x9f, 0x82, 0xc1, 0x66, 0x7b, 0x34, 0x9e, 0x84, 0xf8, 0x65, 0x29, 0xa5, 0x9f, 0x72, + 0x3e, 0x3a, 0x45, 0x04, 0x08, 0x36, 0x45, 0x84, 0x89, 0xff, 0x66, 0x92, 0x69, 0xef, 0x94, 0x0b, + 0xd1, 0xa5, 0x26, 0x8e, 0x9f, 0xed, 0xd1, 0x92, 0xa9, 0xf2, 0x5e, 0x8f, 0x64, 0x82, 0x53, 0x2e, + 0xc6, 0x02, 0x80, 0x85, 0x28, 0x26, 0x2e, 0x39, 0x67, 0xdc, 0x62, 0x2c, 0x6b, 0xb9, 0x98, 0xac, + 0x2e, 0x45, 0x37, 0x2e, 0x29, 0x24, 0xb3, 0x3d, 0x5a, 0x5a, 0x49, 0x32, 0x95, 0xc8, 0xc7, 0xa6, + 0x28, 0x51, 0xdf, 0x98, 0x18, 0x7a, 0xb6, 0x47, 0x4b, 0x64, 0x70, 0xbb, 0x23, 0x27, 0x42, 0x53, + 0x9e, 0x8a, 0x76, 0x62, 0x88, 0x61, 0x9d, 0x28, 0x25, 0x4c, 0xbb, 0x23, 0x27, 0xc7, 0x52, 0x2e, + 0x27, 0x4b, 0x85, 0x33, 0xa7, 0x94, 0x44, 0x4b, 0x4b, 0xcf, 0xf7, 0xa3, 0x3c, 0x2d, 0x32, 0xae, + 0x8a, 0xf2, 0x69, 0x34, 0xb3, 0x3d, 0x5a, 0x7a, 0xae, 0x20, 0x2d, 0x3d, 0x51, 0x8e, 0x72, 0xa5, + 0x1b, 0xcf, 0xa0, 0x75, 0xe9, 0x49, 0x76, 0xf4, 0x2e, 0x69, 0x4b, 0x94, 0x67, 0xa2, 0xd1, 0x87, + 0x33, 0x09, 0x67, 0x7b, 0xb4, 0x2e, 0xc9, 0x4f, 0x56, 0x32, 0x72, 0x88, 0x28, 0x57, 0xa3, 0x09, + 0x97, 0x53, 0x89, 0x66, 0x7b, 0xb4, 0x8c, 0x0c, 0x24, 0x2b, 0x19, 0x29, 0x26, 0x94, 0x89, 0xae, + 0x6c, 0x03, 0x79, 0x64, 0x24, 0xa8, 0x58, 0x4c, 0xcd, 0xce, 0xa0, 0x3c, 0x1b, 0x55, 0xdd, 0x14, + 0x12, 0xa6, 0xba, 0x69, 0x79, 0x1d, 0x16, 0x53, 0xd3, 0x09, 0x28, 0xcf, 0x75, 0x61, 0x18, 0xb4, + 0x31, 0x35, 0x11, 0xc1, 0x62, 0x6a, 0x3c, 0x7f, 0x45, 0x8d, 0x32, 0x4c, 0x21, 0x61, 0x0c, 0xd3, + 0x32, 0x01, 0x2c, 0xa6, 0x86, 0x7d, 0x57, 0x9e, 0xef, 0xc2, 0x30, 0x6c, 0x61, 0x5a, 0xc0, 0xf8, + 0xd7, 0x23, 0x71, 0xd7, 0x95, 0x4f, 0x45, 0xe7, 0x0d, 0x09, 0xc5, 0xe6, 0x0d, 0x39, 0x42, 0xfb, + 0x54, 0x22, 0xb2, 0xac, 0xf2, 0xe9, 0xe8, 0x30, 0x8f, 0xa1, 0xd9, 0x30, 0x8f, 0xc7, 0xa2, 0x9d, + 0x4a, 0x44, 0xd8, 0x54, 0xae, 0x65, 0x31, 0x41, 0x74, 0x94, 0x09, 0x8f, 0xc9, 0x59, 0x4d, 0x09, + 0xf1, 0xa8, 0x7c, 0x26, 0xea, 0xd7, 0x9d, 0x20, 0x98, 0xed, 0xd1, 0x52, 0x02, 0x43, 0x6a, 0xe9, + 0xf1, 0x8c, 0x94, 0xeb, 0xd1, 0x61, 0x9b, 0x46, 0xc3, 0x86, 0x6d, 0x6a, 0x2c, 0xa4, 0xb9, 0xb4, + 0xc7, 0x27, 0xca, 0x8d, 0xa8, 0x61, 0x96, 0xa4, 0x60, 0x86, 0x59, 0xca, 0xa3, 0x15, 0x2d, 0x3d, + 0xc6, 0x8e, 0xf2, 0x42, 0xd7, 0x16, 0x22, 0x4d, 0x4a, 0x0b, 0x79, 0xc8, 0x99, 0xd0, 0x76, 0x5a, + 0x69, 0x37, 0x6d, 0xdd, 0x50, 0x3e, 0x9b, 0x6a, 0x3b, 0x71, 0xa4, 0x64, 0x3b, 0x71, 0x00, 0x5b, + 0xe5, 0xe5, 0x37, 0x0e, 0xca, 0x8b, 0xd1, 0x55, 0x5e, 0xc6, 0xb1, 0x55, 0x3e, 0xf2, 0x1e, 0x62, + 0x2a, 0xf1, 0x1e, 0x40, 0x79, 0x29, 0xaa, 0x00, 0x31, 0x34, 0x53, 0x80, 0xf8, 0x0b, 0x82, 0xaf, + 0x66, 0x7b, 0xd0, 0x2b, 0x37, 0x91, 0xdb, 0xb3, 0x3e, 0xb7, 0x2c, 0xba, 0xd9, 0x1e, 0x2d, 0xdb, + 0x0b, 0xbf, 0x9a, 0xe2, 0x10, 0xaf, 0xdc, 0x8a, 0x2a, 0x58, 0x82, 0x80, 0x29, 0x58, 0xd2, 0x8d, + 0xbe, 0x9a, 0xe2, 0xd1, 0xae, 0x7c, 0x2e, 0x93, 0x55, 0xf0, 0xcd, 0x29, 0x7e, 0xf0, 0x77, 0x64, + 0x97, 0x74, 0xe5, 0xe5, 0xe8, 0x62, 0x17, 0x62, 0xd8, 0x62, 0x27, 0xb9, 0xae, 0xdf, 0x91, 0x9d, + 0xb1, 0x95, 0xdb, 0xc9, 0x52, 0xe1, 0x12, 0x29, 0x39, 0x6d, 0x6b, 0xe9, 0x3e, 0xcc, 0xca, 0x2b, + 0x51, 0xad, 0x4b, 0xa3, 0x61, 0x5a, 0x97, 0xea, 0xff, 0x3c, 0x93, 0x74, 0x45, 0x56, 0xee, 0xc4, + 0x37, 0xd9, 0x51, 0x3c, 0xb3, 0x7c, 0x12, 0xee, 0xcb, 0x5f, 0x8c, 0x07, 0xdb, 0x53, 0x5e, 0x8d, + 0x5d, 0xfb, 0x46, 0xb0, 0xcc, 0xbe, 0x8d, 0x05, 0xe7, 0xfb, 0x62, 0x3c, 0x3e, 0x9d, 0xf2, 0x5a, + 0x3a, 0x87, 0x40, 0x57, 0xe2, 0xf1, 0xec, 0xbe, 0x18, 0x0f, 0xe9, 0xa6, 0xbc, 0x9e, 0xce, 0x21, + 0x90, 0x6e, 0x3c, 0x04, 0xdc, 0xcb, 0x52, 0x90, 0x79, 0xe5, 0xf3, 0x51, 0xd3, 0x31, 0x40, 0x30, + 0xd3, 0x31, 0x0c, 0x45, 0xff, 0xb2, 0x14, 0x9c, 0x5d, 0x79, 0x23, 0x51, 0x24, 0x68, 0xac, 0x14, + 0xc2, 0xfd, 0x65, 0x29, 0xa8, 0xb9, 0xf2, 0x66, 0xa2, 0x48, 0xd0, 0x3a, 0x29, 0xf4, 0xb9, 0xd1, + 0xed, 0xfd, 0xaa, 0xf2, 0x56, 0xf4, 0x30, 0x38, 0x9b, 0x72, 0xb6, 0x47, 0xeb, 0xf6, 0x0e, 0xf6, + 0xab, 0xd9, 0x8e, 0xdd, 0xca, 0xdb, 0xd1, 0x21, 0x9c, 0x45, 0xc7, 0x86, 0x70, 0xa6, 0x73, 0xf8, + 0x3b, 0xb1, 0x58, 0x16, 0xca, 0x3b, 0xd1, 0x29, 0x2e, 0x82, 0x64, 0x53, 0x5c, 0x3c, 0xf2, 0x45, + 0x24, 0x48, 0x83, 0xf2, 0x85, 0xe8, 0x14, 0x27, 0xe3, 0xd8, 0x14, 0x17, 0x09, 0xe8, 0x30, 0x95, + 0x88, 0x1d, 0xa0, 0xbc, 0x1b, 0x9d, 0xe2, 0x62, 0x68, 0x36, 0xc5, 0xc5, 0xa3, 0x0d, 0xbc, 0x13, + 0x7b, 0x42, 0xaf, 0x7c, 0x31, 0xbd, 0xfd, 0x88, 0x94, 0xdb, 0xcf, 0x1f, 0xdc, 0x6b, 0xe9, 0x6f, + 0xc1, 0x95, 0x72, 0x74, 0xfc, 0xa6, 0xd1, 0xb0, 0xf1, 0x9b, 0xfa, 0x8e, 0x3c, 0xbe, 0x71, 0x10, + 0x5a, 0x35, 0xd9, 0x65, 0xe3, 0x10, 0x9a, 0x22, 0x29, 0xe0, 0xc8, 0x1e, 0x99, 0x6f, 0x84, 0xa6, + 0x32, 0xf6, 0xc8, 0xfe, 0x36, 0x28, 0x46, 0xcf, 0x66, 0xd7, 0x84, 0x9f, 0xb1, 0x52, 0x89, 0xce, + 0xae, 0x09, 0x02, 0x36, 0xbb, 0x26, 0xbd, 0x93, 0x67, 0x60, 0x4c, 0x68, 0x11, 0x77, 0x9f, 0x36, + 0xad, 0x75, 0x65, 0x3a, 0xf6, 0xde, 0x32, 0x86, 0x67, 0xb3, 0x53, 0x1c, 0x86, 0xeb, 0x35, 0x87, + 0x4d, 0x35, 0xcd, 0xf6, 0xaa, 0xad, 0x3b, 0x46, 0x8d, 0x5a, 0x86, 0x32, 0x13, 0x5b, 0xaf, 0x53, + 0x68, 0x70, 0xbd, 0x4e, 0x81, 0x63, 0x88, 0xb8, 0x18, 0x5c, 0xa3, 0x0d, 0x6a, 0x3e, 0xa6, 0xca, + 0x5d, 0x64, 0x3b, 0x91, 0xc5, 0x56, 0x90, 0xcd, 0xf6, 0x68, 0x59, 0x1c, 0x98, 0xad, 0x3e, 0xbf, + 0x55, 0x7b, 0x6f, 0x2e, 0x08, 0x3f, 0xb0, 0xe4, 0xd0, 0xb6, 0xee, 0x50, 0x65, 0x36, 0x6a, 0xab, + 0xa7, 0x12, 0x31, 0x5b, 0x3d, 0x15, 0x91, 0x64, 0xeb, 0x8f, 0x85, 0x6a, 0x37, 0xb6, 0xe1, 0x88, + 0x48, 0x2f, 0xcd, 0x66, 0xa7, 0x28, 0x82, 0x09, 0x68, 0xce, 0xb6, 0xd6, 0xf1, 0xa4, 0xe2, 0x5e, + 0x74, 0x76, 0xca, 0xa6, 0x64, 0xb3, 0x53, 0x36, 0x96, 0xa9, 0x7a, 0x14, 0xcb, 0xc7, 0xe0, 0xfd, + 0xa8, 0xaa, 0xa7, 0x90, 0x30, 0x55, 0x4f, 0x01, 0x27, 0x19, 0x6a, 0xd4, 0xa5, 0x9e, 0x32, 0xd7, + 0x8d, 0x21, 0x92, 0x24, 0x19, 0x22, 0x38, 0xc9, 0x70, 0x86, 0x7a, 0x8d, 0x0d, 0x65, 0xbe, 0x1b, + 0x43, 0x24, 0x49, 0x32, 0x44, 0x30, 0xdb, 0x6c, 0x46, 0xc1, 0x93, 0x9d, 0xe6, 0x23, 0xbf, 0xcf, + 0x16, 0xa2, 0x9b, 0xcd, 0x4c, 0x42, 0xb6, 0xd9, 0xcc, 0x44, 0x92, 0x1f, 0xdf, 0xb3, 0x1f, 0xbc, + 0xb2, 0x88, 0x15, 0xde, 0x0c, 0xed, 0x82, 0xbd, 0x94, 0x9a, 0xed, 0xd1, 0xf6, 0xea, 0x67, 0xff, + 0xd9, 0xc0, 0x69, 0x54, 0x59, 0xc2, 0xaa, 0x46, 0x83, 0xb3, 0x0a, 0x0e, 0x9e, 0xed, 0xd1, 0x02, + 0xb7, 0xd2, 0xd7, 0x61, 0x10, 0x3f, 0xaa, 0x6a, 0x99, 0x5e, 0x65, 0x52, 0x79, 0x2f, 0xba, 0x65, + 0x92, 0x50, 0x6c, 0xcb, 0x24, 0xfd, 0x64, 0x93, 0x38, 0xfe, 0xe4, 0x53, 0x4c, 0x65, 0x52, 0xd1, + 0xa2, 0x93, 0x78, 0x04, 0xc9, 0x26, 0xf1, 0x08, 0x20, 0xa8, 0xb7, 0xe2, 0xd8, 0xed, 0xca, 0xa4, + 0x52, 0x4b, 0xa9, 0x97, 0xa3, 0x82, 0x7a, 0xf9, 0xcf, 0xa0, 0xde, 0xda, 0x46, 0xc7, 0xab, 0xb0, + 0x6f, 0x5c, 0x4e, 0xa9, 0xd7, 0x47, 0x06, 0xf5, 0xfa, 0x00, 0x36, 0x15, 0x22, 0x60, 0xc9, 0xb1, + 0xd9, 0xa4, 0x7d, 0xdf, 0x6c, 0x36, 0x95, 0x95, 0xe8, 0x54, 0x18, 0xc7, 0xb3, 0xa9, 0x30, 0x0e, + 0x63, 0xa6, 0x27, 0x6f, 0x15, 0x5d, 0xed, 0xac, 0x2b, 0x0f, 0xa2, 0xa6, 0x67, 0x88, 0x61, 0xa6, + 0x67, 0xf8, 0x0b, 0x77, 0x17, 0xec, 0x97, 0x46, 0xd7, 0x1c, 0xea, 0x6e, 0x28, 0x0f, 0x63, 0xbb, + 0x0b, 0x09, 0x87, 0xbb, 0x0b, 0xe9, 0x37, 0x59, 0x87, 0xa7, 0x23, 0x0b, 0x8d, 0x7f, 0x69, 0x53, + 0xa3, 0xba, 0xd3, 0xd8, 0x50, 0xbe, 0x84, 0xac, 0x9e, 0x4f, 0x5d, 0xaa, 0xa2, 0xa4, 0xb3, 0x3d, + 0x5a, 0x37, 0x4e, 0xb8, 0x2d, 0x7f, 0x6f, 0x8e, 0x47, 0x82, 0xd5, 0x96, 0xa6, 0xfc, 0x4d, 0xe8, + 0xfb, 0xb1, 0x6d, 0x79, 0x92, 0x04, 0xb7, 0xe5, 0x49, 0x30, 0x69, 0xc3, 0xd5, 0xd8, 0x56, 0x6d, + 0x5e, 0x6f, 0xb2, 0x7d, 0x09, 0x35, 0x96, 0xf4, 0xc6, 0x23, 0xea, 0x29, 0x5f, 0x46, 0xde, 0xd7, + 0x32, 0x36, 0x7c, 0x31, 0xea, 0xd9, 0x1e, 0x6d, 0x17, 0x7e, 0x44, 0x85, 0x62, 0x6d, 0x66, 0x79, + 0x49, 0xf9, 0x81, 0xe8, 0xf9, 0x26, 0x83, 0xcd, 0xf6, 0x68, 0x88, 0x63, 0x56, 0xda, 0x4a, 0x7b, + 0xdd, 0xd1, 0x0d, 0xca, 0x0d, 0x2d, 0xb4, 0xdd, 0x84, 0x01, 0xfa, 0x83, 0x51, 0x2b, 0x2d, 0x8b, + 0x8e, 0x59, 0x69, 0x59, 0x38, 0xa6, 0xa8, 0x91, 0xa4, 0x27, 0xca, 0x57, 0xa2, 0x8a, 0x1a, 0x41, + 0x32, 0x45, 0x8d, 0xa6, 0x48, 0xf9, 0x12, 0x5c, 0x0c, 0xf6, 0xf3, 0x62, 0xfd, 0xe5, 0x9d, 0xa6, + 0x7c, 0x15, 0xf9, 0x5c, 0x4d, 0x5c, 0x06, 0x44, 0xa8, 0x66, 0x7b, 0xb4, 0x8c, 0xf2, 0x6c, 0xc5, + 0x4d, 0xe4, 0xf3, 0x12, 0xe6, 0xc5, 0x0f, 0x45, 0x57, 0xdc, 0x0c, 0x32, 0xb6, 0xe2, 0x66, 0xa0, + 0x52, 0x99, 0x0b, 0xa1, 0xea, 0xbb, 0x30, 0x0f, 0x64, 0x9a, 0xc5, 0x21, 0x95, 0xb9, 0xb0, 0xd4, + 0x56, 0x77, 0x61, 0x1e, 0x58, 0x6b, 0x59, 0x1c, 0xc8, 0x75, 0x28, 0xd5, 0x6a, 0xf3, 0x5a, 0xc7, + 0x52, 0x1a, 0x31, 0x6f, 0x59, 0x84, 0xce, 0xf6, 0x68, 0x02, 0xcf, 0xcc, 0xa0, 0xe9, 0xa6, 0xee, + 0x7a, 0x66, 0xc3, 0xc5, 0x11, 0xe3, 0x8f, 0x10, 0x23, 0x6a, 0x06, 0xa5, 0xd1, 0x30, 0x33, 0x28, + 0x0d, 0xce, 0xec, 0xc5, 0x29, 0xdd, 0x75, 0x75, 0xcb, 0x70, 0xf4, 0x49, 0x5c, 0x26, 0x68, 0xec, + 0x35, 0x56, 0x04, 0xcb, 0xec, 0xc5, 0x28, 0x04, 0x0f, 0xdf, 0x7d, 0x88, 0x6f, 0xe6, 0xac, 0xc5, + 0x0e, 0xdf, 0x63, 0x78, 0x3c, 0x7c, 0x8f, 0xc1, 0xd0, 0xee, 0xf4, 0x61, 0x1a, 0x5d, 0x37, 0x99, + 0x88, 0x94, 0xf5, 0x98, 0xdd, 0x19, 0x27, 0x40, 0xbb, 0x33, 0x0e, 0x8c, 0x34, 0xc9, 0x5f, 0x6e, + 0x37, 0x32, 0x9a, 0x14, 0xae, 0xb2, 0x89, 0x32, 0x6c, 0xfd, 0x0e, 0x07, 0x47, 0x65, 0xcb, 0xd2, + 0x5b, 0x76, 0x65, 0xd2, 0x97, 0xba, 0x19, 0x5d, 0xbf, 0x33, 0x09, 0xd9, 0xfa, 0x9d, 0x89, 0x64, + 0xb3, 0xab, 0xbf, 0xd1, 0xda, 0xd0, 0x1d, 0x6a, 0x54, 0x4c, 0x07, 0x4f, 0x16, 0xb7, 0xf8, 0xd6, + 0xf0, 0x83, 0xe8, 0xec, 0xda, 0x85, 0x94, 0xcd, 0xae, 0x5d, 0xd0, 0xcc, 0xc8, 0x4b, 0x47, 0x6b, + 0x54, 0x37, 0x94, 0x47, 0x51, 0x23, 0x2f, 0x9b, 0x92, 0x19, 0x79, 0xd9, 0xd8, 0xec, 0xcf, 0x79, + 0xe8, 0x98, 0x1e, 0x55, 0x9a, 0x7b, 0xf9, 0x1c, 0x24, 0xcd, 0xfe, 0x1c, 0x44, 0xb3, 0x0d, 0x61, + 0xbc, 0x43, 0x5a, 0xd1, 0x0d, 0x61, 0xb2, 0x1b, 0xe2, 0x25, 0x98, 0xc5, 0x22, 0x1e, 0xe5, 0x29, + 0x56, 0xd4, 0x62, 0x11, 0x60, 0x66, 0xb1, 0x84, 0xcf, 0xf6, 0x22, 0x4f, 0xb1, 0x14, 0x3b, 0xba, + 0x86, 0xca, 0x38, 0xb6, 0x86, 0x46, 0x9e, 0x6d, 0xbd, 0x1e, 0x79, 0x67, 0xa0, 0xb4, 0xa3, 0x56, + 0x87, 0x84, 0x62, 0x56, 0x87, 0xfc, 0x22, 0x61, 0x0a, 0x46, 0xf1, 0x16, 0x5c, 0xeb, 0x04, 0xf7, + 0x38, 0x3f, 0x1c, 0xfd, 0xcc, 0x18, 0x9a, 0x7d, 0x66, 0x0c, 0x14, 0x61, 0x22, 0xa6, 0x2d, 0x27, + 0x83, 0x49, 0x78, 0x3e, 0x18, 0x03, 0x91, 0x39, 0x20, 0xb5, 0xf2, 0xfc, 0x5c, 0xd5, 0x58, 0x92, + 0xaf, 0xc8, 0xdc, 0xe8, 0x09, 0x6c, 0x92, 0x62, 0xb6, 0x47, 0x4b, 0x29, 0x47, 0x3e, 0x80, 0x2b, + 0x02, 0x2a, 0x5e, 0x5c, 0x63, 0xda, 0x7f, 0x23, 0x58, 0x10, 0xbc, 0xa8, 0x1f, 0x5b, 0x37, 0xda, + 0xd9, 0x1e, 0xad, 0x2b, 0xaf, 0xec, 0xba, 0xc4, 0xfa, 0xd0, 0xd9, 0x4b, 0x5d, 0xc1, 0x22, 0xd1, + 0x95, 0x57, 0x76, 0x5d, 0x42, 0xee, 0x8f, 0xf7, 0x52, 0x57, 0xd0, 0x09, 0x5d, 0x79, 0x11, 0x17, + 0x26, 0xba, 0xe1, 0xcb, 0xcd, 0xa6, 0xb2, 0x89, 0xd5, 0x7d, 0x66, 0x2f, 0xd5, 0x95, 0xd1, 0xe0, + 0xdc, 0x8d, 0x23, 0x9b, 0xa5, 0x17, 0xdb, 0xd4, 0xaa, 0x45, 0x16, 0xa0, 0x27, 0xd1, 0x59, 0x3a, + 0x41, 0xc0, 0x66, 0xe9, 0x04, 0x90, 0x0d, 0x28, 0xf9, 0xb9, 0x8a, 0xb2, 0x15, 0x1d, 0x50, 0x32, + 0x8e, 0x0d, 0xa8, 0xc8, 0xd3, 0x96, 0x45, 0x38, 0xb7, 0xf8, 0xc8, 0xd3, 0x7d, 0x0b, 0xd2, 0x15, + 0x5d, 0xf9, 0x61, 0xec, 0x92, 0x29, 0x49, 0x82, 0x97, 0x4c, 0x49, 0x30, 0x1b, 0x23, 0x0c, 0x5c, + 0xdb, 0xb2, 0x1a, 0x33, 0xba, 0xd9, 0xec, 0x38, 0x54, 0xf9, 0xd7, 0xa2, 0x63, 0x24, 0x86, 0x66, + 0x63, 0x24, 0x06, 0x62, 0x0b, 0x34, 0x03, 0x95, 0x5d, 0xd7, 0x5c, 0xb7, 0xc4, 0xbe, 0xb2, 0xd3, + 0xf4, 0x94, 0x7f, 0x3d, 0xba, 0x40, 0xa7, 0xd1, 0xb0, 0x05, 0x3a, 0x0d, 0x8e, 0xa7, 0x4e, 0xac, + 0x17, 0xd8, 0xe2, 0x21, 0xdf, 0x55, 0xfe, 0x1b, 0xb1, 0x53, 0xa7, 0x14, 0x1a, 0x3c, 0x75, 0x4a, + 0x81, 0xb3, 0xf5, 0x91, 0xdb, 0x64, 0x73, 0x66, 0x70, 0x57, 0xfd, 0x6f, 0x46, 0xd7, 0xc7, 0x38, + 0x9e, 0xad, 0x8f, 0x71, 0x58, 0x94, 0x8f, 0xe8, 0x82, 0x7f, 0x2b, 0x8b, 0x4f, 0x20, 0xff, 0x44, + 0x19, 0x72, 0x57, 0xe6, 0x23, 0x46, 0xca, 0x8f, 0xe4, 0xb2, 0x18, 0x05, 0xc3, 0x23, 0x51, 0x28, + 0xca, 0x48, 0xa3, 0x8f, 0x4d, 0xba, 0xa9, 0x7c, 0x2d, 0x93, 0x11, 0x27, 0x88, 0x32, 0xe2, 0x30, + 0xf2, 0x3e, 0x5c, 0x0c, 0x61, 0xf3, 0xb4, 0xb5, 0x1a, 0xcc, 0x4c, 0x7f, 0x22, 0x17, 0x35, 0x83, + 0xd3, 0xc9, 0x98, 0x19, 0x9c, 0x8e, 0x49, 0x63, 0x2d, 0x44, 0xf7, 0x6f, 0xef, 0xc2, 0x3a, 0x90, + 0x60, 0x06, 0x83, 0x34, 0xd6, 0x42, 0x9a, 0x3f, 0xba, 0x0b, 0xeb, 0x40, 0xa6, 0x19, 0x0c, 0xc8, + 0x4f, 0xe4, 0xe0, 0x5a, 0x3a, 0xaa, 0xdc, 0x6c, 0xce, 0xd8, 0x4e, 0x88, 0x53, 0xfe, 0x64, 0x2e, + 0x7a, 0xd0, 0xb0, 0xb7, 0x62, 0xb3, 0x3d, 0xda, 0x1e, 0x2b, 0x20, 0x5f, 0x80, 0xe1, 0x72, 0xc7, + 0x30, 0x3d, 0xbc, 0x78, 0x63, 0x86, 0xf3, 0x8f, 0xe5, 0x62, 0x5b, 0x1c, 0x19, 0x8b, 0x5b, 0x1c, + 0x19, 0x40, 0xee, 0xc1, 0x78, 0x8d, 0x36, 0x3a, 0x8e, 0xe9, 0x6d, 0x69, 0xb4, 0x6d, 0x3b, 0x1e, + 0xe3, 0xf1, 0xa7, 0x72, 0xd1, 0x49, 0x2c, 0x41, 0xc1, 0x26, 0xb1, 0x04, 0x90, 0x3c, 0x48, 0xdc, + 0xca, 0x8b, 0xce, 0xfc, 0xf1, 0x5c, 0xd7, 0x6b, 0xf9, 0xa0, 0x2f, 0xd3, 0x8b, 0x93, 0xa5, 0xd8, + 0x2d, 0xba, 0xe0, 0xfa, 0x13, 0xb9, 0x2e, 0xd7, 0xe8, 0xd2, 0x0c, 0x97, 0x04, 0x33, 0x8e, 0x29, + 0x19, 0xe0, 0x95, 0x3f, 0x9d, 0xeb, 0x72, 0xed, 0x1d, 0x72, 0x4c, 0x4b, 0x1e, 0xff, 0x2a, 0xf7, + 0x14, 0x11, 0x8c, 0x7e, 0x32, 0x97, 0x74, 0x15, 0x09, 0xca, 0x4b, 0x84, 0xac, 0xd8, 0x8a, 0x1b, + 0x28, 0xfd, 0xd7, 0x73, 0x49, 0xdf, 0xbc, 0xb0, 0x58, 0xf8, 0x8b, 0x50, 0xb8, 0x3c, 0xfd, 0xc4, + 0xa3, 0x8e, 0xa5, 0x37, 0xb1, 0x3b, 0x6b, 0x9e, 0xed, 0xe8, 0xeb, 0x74, 0xda, 0xd2, 0x57, 0x9b, + 0x54, 0xf9, 0x46, 0x2e, 0x6a, 0xc1, 0x66, 0x93, 0x32, 0x0b, 0x36, 0x1b, 0x4b, 0x36, 0xe0, 0xe9, + 0x34, 0x6c, 0xc5, 0x74, 0xb1, 0x9e, 0x6f, 0xe6, 0xa2, 0x26, 0x6c, 0x17, 0x5a, 0x66, 0xc2, 0x76, + 0x41, 0x93, 0xdb, 0x30, 0x30, 0x69, 0xfb, 0xd3, 0xef, 0x9f, 0x89, 0x39, 0x43, 0x06, 0x98, 0xd9, + 0x1e, 0x2d, 0x24, 0x13, 0x65, 0xc4, 0xa0, 0xfe, 0x56, 0xb2, 0x4c, 0x78, 0xf9, 0x14, 0xfc, 0x10, + 0x65, 0x84, 0xb8, 0xff, 0x9d, 0x64, 0x99, 0xf0, 0x8e, 0x2b, 0xf8, 0xc1, 0x66, 0x12, 0x5e, 0xe3, + 0xfc, 0x4c, 0x99, 0xd9, 0x6d, 0x53, 0x1b, 0x7a, 0xb3, 0x49, 0xad, 0x75, 0xaa, 0x7c, 0x3b, 0x36, + 0x93, 0xa4, 0x93, 0xb1, 0x99, 0x24, 0x1d, 0x43, 0x7e, 0x10, 0x2e, 0x3d, 0xd0, 0x9b, 0xa6, 0x11, + 0xe2, 0xfc, 0x7c, 0xe0, 0xca, 0x4f, 0xe5, 0xa2, 0xbb, 0xe9, 0x0c, 0x3a, 0xb6, 0x9b, 0xce, 0x40, + 0x91, 0x79, 0x20, 0xb8, 0x8c, 0x06, 0xb3, 0x05, 0x5b, 0x9f, 0x95, 0x7f, 0x37, 0x17, 0xb5, 0x53, + 0x93, 0x24, 0xcc, 0x4e, 0x4d, 0x42, 0x49, 0x3d, 0x3b, 0x35, 0x88, 0xf2, 0xd3, 0xb9, 0xe8, 0x69, + 0x4d, 0x16, 0xe1, 0x6c, 0x8f, 0x96, 0x9d, 0x5f, 0xe4, 0x2e, 0x8c, 0xd5, 0x96, 0xaa, 0x33, 0x33, + 0xd3, 0xb5, 0x07, 0xd5, 0x0a, 0x3e, 0x74, 0x30, 0x94, 0x9f, 0x89, 0xad, 0x58, 0x71, 0x02, 0xb6, + 0x62, 0xc5, 0x61, 0xe4, 0x2d, 0x18, 0x62, 0xed, 0x67, 0x03, 0x06, 0x3f, 0xf9, 0x67, 0x73, 0x51, + 0x73, 0x4a, 0x46, 0x32, 0x73, 0x4a, 0xfe, 0x4d, 0x6a, 0x70, 0x9e, 0x49, 0x71, 0xc9, 0xa1, 0x6b, + 0xd4, 0xa1, 0x56, 0xc3, 0x1f, 0xd3, 0x3f, 0x97, 0x8b, 0x5a, 0x19, 0x69, 0x44, 0xcc, 0xca, 0x48, + 0x83, 0x93, 0x47, 0x70, 0x25, 0x7e, 0x12, 0x24, 0x3f, 0x3b, 0x55, 0xfe, 0x6c, 0x2e, 0x66, 0x0c, + 0x77, 0x21, 0x46, 0x63, 0xb8, 0x0b, 0x9e, 0x58, 0xf0, 0x8c, 0x38, 0x56, 0x11, 0x0e, 0x97, 0xf1, + 0xda, 0xfe, 0x1c, 0xaf, 0xed, 0xd3, 0xa1, 0x43, 0x60, 0x17, 0xea, 0xd9, 0x1e, 0xad, 0x3b, 0x3b, + 0xa6, 0x67, 0xc9, 0x04, 0x18, 0xca, 0xcf, 0xe7, 0xd2, 0x3d, 0x52, 0x22, 0x6e, 0xca, 0x69, 0x99, + 0x33, 0xde, 0xcf, 0x4a, 0xdf, 0xa0, 0xfc, 0xf9, 0xd8, 0x78, 0x4b, 0x27, 0x63, 0xe3, 0x2d, 0x23, + 0xff, 0xc3, 0x3d, 0x18, 0xe7, 0x4a, 0xbd, 0xa4, 0xe3, 0x30, 0xb4, 0xd6, 0xa9, 0xa1, 0xfc, 0x7b, + 0xb1, 0xd5, 0x2e, 0x41, 0x81, 0xae, 0x3d, 0x71, 0x20, 0x9b, 0xba, 0x6b, 0x6d, 0xdd, 0xb2, 0xf0, + 0x98, 0x55, 0xf9, 0xf7, 0x63, 0x53, 0x77, 0x88, 0x42, 0xc7, 0xdd, 0xe0, 0x17, 0xd3, 0x84, 0x6e, + 0xa9, 0x8f, 0x94, 0xbf, 0x10, 0xd3, 0x84, 0x6e, 0xc4, 0x4c, 0x13, 0xba, 0xe6, 0x51, 0x7a, 0x90, + 0xf1, 0x04, 0x5c, 0xf9, 0x85, 0xd8, 0x8a, 0x9c, 0x4a, 0xc5, 0x56, 0xe4, 0xf4, 0x17, 0xe4, 0x0f, + 0x32, 0x9e, 0x4f, 0x2b, 0xbf, 0xd8, 0x9d, 0x6f, 0xb8, 0xd2, 0xa7, 0xbf, 0xbe, 0x7e, 0x90, 0xf1, + 0xf4, 0x58, 0xf9, 0x8b, 0xdd, 0xf9, 0x86, 0x8e, 0x7d, 0xe9, 0x2f, 0x97, 0xeb, 0xd9, 0xcf, 0x76, + 0x95, 0xbf, 0x14, 0x9f, 0xba, 0x32, 0x08, 0x71, 0xea, 0xca, 0x7a, 0xfb, 0xbb, 0x0a, 0x4f, 0x71, + 0x0d, 0xb9, 0xeb, 0xe8, 0xed, 0x8d, 0x1a, 0xf5, 0x3c, 0xd3, 0x5a, 0xf7, 0x77, 0x62, 0x7f, 0x39, + 0x17, 0x3b, 0x1e, 0xcb, 0xa2, 0xc4, 0xe3, 0xb1, 0x2c, 0x24, 0x53, 0xde, 0xc4, 0x03, 0x5d, 0xe5, + 0xaf, 0xc4, 0x94, 0x37, 0x41, 0xc1, 0x94, 0x37, 0xf9, 0xae, 0xf7, 0x5e, 0xca, 0x3b, 0x54, 0xe5, + 0x3f, 0xc8, 0xe6, 0x15, 0xb4, 0x2f, 0xe5, 0xf9, 0xea, 0xbd, 0x94, 0xe7, 0x96, 0xca, 0x7f, 0x98, + 0xcd, 0x2b, 0xf4, 0x41, 0x4a, 0xbe, 0xd2, 0x7c, 0x1f, 0x2e, 0xf2, 0xd9, 0x7c, 0x86, 0x1a, 0x34, + 0xf2, 0xa1, 0xbf, 0x14, 0x1b, 0xfb, 0xe9, 0x64, 0x78, 0xe4, 0x9e, 0x8a, 0x49, 0x63, 0x2d, 0xda, + 0xfa, 0x57, 0x77, 0x61, 0x1d, 0x6e, 0x08, 0xd2, 0x31, 0x6c, 0xbd, 0x91, 0x1f, 0xbf, 0x29, 0xbf, + 0x1c, 0x5b, 0x6f, 0x64, 0x24, 0xba, 0x73, 0xc8, 0x2f, 0xe5, 0xde, 0x8a, 0x3e, 0xf4, 0x52, 0xfe, + 0xa3, 0xd4, 0xc2, 0x41, 0x07, 0x44, 0x5f, 0x85, 0xbd, 0x15, 0x7d, 0xd4, 0xa4, 0xfc, 0x4a, 0x6a, + 0xe1, 0xe0, 0x03, 0xa2, 0x2f, 0xa0, 0xd8, 0x16, 0xa9, 0xe3, 0xd9, 0x9c, 0x55, 0x64, 0x7a, 0xf8, + 0x6b, 0xf1, 0x2d, 0x52, 0x2a, 0x19, 0x6e, 0x91, 0x52, 0x31, 0x69, 0xac, 0xc5, 0xe7, 0xfd, 0xea, + 0x2e, 0xac, 0xa5, 0x8d, 0x5d, 0x2a, 0x26, 0x8d, 0xb5, 0xf8, 0xf8, 0x5f, 0xdb, 0x85, 0xb5, 0xb4, + 0xb1, 0x4b, 0xc5, 0x30, 0x73, 0x2c, 0xc4, 0x3c, 0xa0, 0x8e, 0x1b, 0xaa, 0xdf, 0x5f, 0x8f, 0x99, + 0x63, 0x19, 0x74, 0xcc, 0x1c, 0xcb, 0x40, 0xa5, 0x72, 0x17, 0x42, 0xf9, 0xf5, 0xdd, 0xb8, 0x87, + 0xf7, 0x32, 0x19, 0xa8, 0x54, 0xee, 0x42, 0x2e, 0x7f, 0x63, 0x37, 0xee, 0xe1, 0xc5, 0x4c, 0x06, + 0x8a, 0x19, 0x45, 0x35, 0x4f, 0xf7, 0xcc, 0xc6, 0xac, 0xed, 0x7a, 0xd2, 0x22, 0xff, 0x37, 0x63, + 0x46, 0x51, 0x1a, 0x11, 0x33, 0x8a, 0xd2, 0xe0, 0x49, 0xa6, 0x42, 0x1a, 0xbf, 0xd1, 0x95, 0x69, + 0x68, 0x69, 0xa5, 0xc1, 0x93, 0x4c, 0x85, 0x10, 0xfe, 0xe3, 0xae, 0x4c, 0x43, 0x4f, 0xf9, 0x34, + 0x38, 0xb3, 0x4c, 0xa7, 0x1c, 0x7b, 0xd3, 0xba, 0x47, 0x37, 0x69, 0x53, 0x7c, 0xfa, 0x6f, 0xc6, + 0x2c, 0xd3, 0x38, 0x01, 0xde, 0xa2, 0xc4, 0x60, 0x51, 0x46, 0xe2, 0x73, 0x7f, 0x2b, 0x93, 0x51, + 0x78, 0x4c, 0x14, 0x87, 0x45, 0x19, 0x89, 0x4f, 0xfc, 0xed, 0x4c, 0x46, 0xe1, 0x31, 0x51, 0x1c, + 0x36, 0xd9, 0x07, 0xbd, 0x78, 0x8e, 0xa8, 0xfe, 0x42, 0x0e, 0x86, 0x6a, 0x9e, 0x43, 0xf5, 0x96, + 0x88, 0x76, 0x76, 0x19, 0xfa, 0xb9, 0x43, 0xae, 0xff, 0x7a, 0x58, 0x0b, 0x7e, 0x93, 0x6b, 0x30, + 0x32, 0xa7, 0xbb, 0x1e, 0x96, 0xac, 0x5a, 0x06, 0x7d, 0x82, 0x8f, 0xd1, 0x0a, 0x5a, 0x0c, 0x4a, + 0xe6, 0x38, 0x1d, 0x2f, 0x87, 0x01, 0x2e, 0x0b, 0xbb, 0x06, 0xf9, 0xea, 0xff, 0xee, 0xf6, 0x44, + 0x0f, 0xc6, 0xf4, 0x8a, 0x95, 0x55, 0x7f, 0x2f, 0x07, 0x09, 0x57, 0xe1, 0x83, 0xbf, 0xea, 0x5f, + 0x84, 0xd1, 0x58, 0x50, 0x55, 0xf1, 0xa2, 0x6e, 0x8f, 0x31, 0x57, 0xe3, 0xa5, 0xc9, 0x67, 0x82, + 0x97, 0x5c, 0x2b, 0xda, 0x9c, 0x08, 0xe0, 0x86, 0xa9, 0x07, 0x3a, 0x4e, 0x53, 0x93, 0x50, 0x22, + 0x40, 0xcf, 0xf7, 0xc7, 0xc2, 0x88, 0x91, 0xe4, 0x9a, 0x08, 0x31, 0x90, 0x0b, 0xc3, 0xbe, 0xc5, + 0x12, 0x9d, 0xf3, 0x90, 0x02, 0x5f, 0x80, 0xa1, 0x6a, 0xab, 0x4d, 0x1d, 0xd7, 0xb6, 0x74, 0xcf, + 0x76, 0xc4, 0x0b, 0x6d, 0x0c, 0x09, 0x66, 0x4a, 0x70, 0x39, 0x4c, 0x95, 0x4c, 0x4f, 0x6e, 0xf8, + 0xd9, 0xd3, 0x0a, 0x18, 0xab, 0x13, 0x9f, 0x59, 0xc6, 0x93, 0x67, 0x73, 0x0a, 0x46, 0xba, 0xe2, + 0xea, 0xf8, 0xe6, 0x2f, 0x20, 0xed, 0x30, 0x80, 0x4c, 0x8a, 0x14, 0xe4, 0x45, 0x28, 0xe1, 0x1d, + 0x89, 0x8b, 0x59, 0x11, 0x45, 0x30, 0xba, 0x26, 0x42, 0xe4, 0xd0, 0x5f, 0x9c, 0x86, 0xdc, 0x87, + 0xb1, 0xf0, 0x02, 0xf8, 0xae, 0x63, 0x77, 0xda, 0x7e, 0x1e, 0x14, 0x4c, 0x3a, 0xfe, 0x28, 0xc0, + 0xd5, 0xd7, 0x11, 0x29, 0xb1, 0x48, 0x14, 0x24, 0xb3, 0x30, 0x1a, 0xc2, 0x98, 0x88, 0xfc, 0xfc, + 0x4b, 0x98, 0xfb, 0x52, 0xe2, 0xc5, 0xc4, 0x19, 0xc9, 0x7d, 0x19, 0x2b, 0x46, 0xaa, 0xd0, 0xe7, + 0x47, 0xa2, 0xeb, 0xdf, 0x55, 0x49, 0xcf, 0x89, 0x48, 0x74, 0x7d, 0x72, 0x0c, 0x3a, 0xbf, 0x3c, + 0x99, 0x81, 0x11, 0xcd, 0xee, 0x78, 0x74, 0xd9, 0x16, 0x3b, 0x27, 0x11, 0xf1, 0x10, 0xdb, 0xe4, + 0x30, 0x4c, 0xdd, 0xb3, 0xfd, 0x9c, 0xed, 0x72, 0xee, 0xf0, 0x68, 0x29, 0xb2, 0x00, 0xe3, 0x89, + 0xab, 0x72, 0x39, 0x93, 0xba, 0xf4, 0x79, 0x49, 0x66, 0xc9, 0xa2, 0xe4, 0xc7, 0x72, 0x50, 0x5a, + 0x76, 0x74, 0xd3, 0x73, 0xc5, 0x73, 0xc1, 0x0b, 0x37, 0x37, 0x1d, 0xbd, 0xcd, 0xf4, 0xe3, 0x26, + 0x06, 0x63, 0x7d, 0xa0, 0x37, 0x3b, 0xd4, 0x9d, 0x7c, 0xc8, 0xbe, 0xee, 0xbf, 0xdf, 0x9e, 0x78, + 0x6b, 0x1d, 0x0f, 0xe4, 0x6e, 0x36, 0xec, 0xd6, 0xad, 0x75, 0x47, 0x7f, 0x6c, 0x7a, 0x68, 0xf6, + 0xe8, 0xcd, 0x5b, 0x1e, 0x6d, 0xe2, 0xb9, 0xdf, 0x2d, 0xbd, 0x6d, 0xde, 0xc2, 0xa0, 0xdf, 0xb7, + 0x02, 0x4e, 0xbc, 0x06, 0xa6, 0x02, 0x1e, 0xfe, 0x25, 0xab, 0x00, 0xc7, 0x91, 0x05, 0x00, 0xf1, + 0xa9, 0xe5, 0x76, 0x5b, 0xbc, 0x3d, 0x94, 0x4e, 0xcb, 0x7c, 0x0c, 0x57, 0xec, 0x40, 0x60, 0x7a, + 0x5b, 0x0a, 0x74, 0xab, 0x49, 0x1c, 0x98, 0x16, 0x2c, 0x8b, 0x16, 0xf9, 0x62, 0x1a, 0x0e, 0x25, + 0xee, 0x37, 0x36, 0x45, 0x48, 0xf1, 0x62, 0x64, 0x15, 0x46, 0x05, 0xdf, 0x20, 0x2d, 0xc6, 0x48, + 0x74, 0x56, 0x88, 0xa1, 0xb9, 0xd2, 0x06, 0x6d, 0x34, 0x04, 0x58, 0xae, 0x23, 0x56, 0x82, 0x4c, + 0x86, 0x69, 0x7c, 0x17, 0xf4, 0x16, 0x75, 0x95, 0x51, 0xd4, 0xd8, 0x2b, 0x3b, 0xdb, 0x13, 0x8a, + 0x5f, 0x1e, 0x83, 0x32, 0xa6, 0xa6, 0xb4, 0xc7, 0x22, 0x32, 0x0f, 0xae, 0xf5, 0x63, 0x29, 0x3c, + 0xe2, 0x3a, 0x1f, 0x2d, 0x42, 0xa6, 0x60, 0x38, 0x78, 0xfa, 0xb0, 0xb2, 0x52, 0xad, 0xe0, 0xe3, + 0x46, 0x11, 0x97, 0x33, 0x96, 0xb8, 0x42, 0x66, 0x12, 0x29, 0x23, 0xc5, 0x8b, 0xe0, 0xaf, 0x1d, + 0x63, 0xf1, 0x22, 0xda, 0x29, 0xf1, 0x22, 0x96, 0xc8, 0x3b, 0x30, 0x58, 0x7e, 0x58, 0x13, 0x71, + 0x30, 0x5c, 0xe5, 0x5c, 0x98, 0x05, 0x49, 0xdf, 0x74, 0xeb, 0x7e, 0xcc, 0x0c, 0xb9, 0xe9, 0x32, + 0x3d, 0x99, 0x86, 0x91, 0x88, 0xf7, 0x94, 0xab, 0x9c, 0x47, 0x0e, 0xd8, 0x72, 0x1d, 0x31, 0x75, + 0x47, 0xa0, 0xe4, 0xe1, 0x15, 0x2d, 0xc4, 0xb4, 0xa6, 0x62, 0xba, 0x98, 0x51, 0x46, 0xa3, 0x18, + 0x72, 0x03, 0x9f, 0x4a, 0xf6, 0x73, 0xad, 0x31, 0x04, 0xaa, 0xee, 0x70, 0x9c, 0xdc, 0xa3, 0xb1, + 0x62, 0xe4, 0x03, 0x20, 0x98, 0x83, 0x86, 0x1a, 0xfe, 0x65, 0x5a, 0xb5, 0xe2, 0x2a, 0x17, 0x31, + 0x28, 0x35, 0x89, 0x3f, 0xf1, 0xaf, 0x56, 0x26, 0xaf, 0x89, 0xe9, 0xe3, 0xaa, 0xce, 0x4b, 0xd5, + 0xfd, 0xe7, 0xfd, 0x75, 0x33, 0x92, 0xa0, 0x37, 0x85, 0x2b, 0xd9, 0x84, 0x4b, 0x4b, 0x0e, 0x7d, + 0x6c, 0xda, 0x1d, 0xd7, 0x5f, 0x3e, 0xfc, 0x79, 0xeb, 0xd2, 0xae, 0xf3, 0xd6, 0x73, 0xa2, 0xe2, + 0x0b, 0x6d, 0x87, 0x3e, 0xae, 0xfb, 0xa1, 0x88, 0x23, 0x91, 0x34, 0xb3, 0xb8, 0x63, 0x9a, 0xe1, + 0x0f, 0x3b, 0x0e, 0x15, 0x70, 0x93, 0xba, 0x8a, 0x12, 0x4e, 0xb5, 0x3c, 0x7a, 0x8a, 0x19, 0xe0, + 0x22, 0x69, 0x86, 0xa3, 0xc5, 0x88, 0x06, 0xe4, 0xee, 0x94, 0x7f, 0xb1, 0x5a, 0x6e, 0xf0, 0x64, + 0xac, 0xca, 0x53, 0xc8, 0x4c, 0x65, 0x62, 0x59, 0x6f, 0x04, 0x61, 0xc9, 0xeb, 0xba, 0xc0, 0xcb, + 0x62, 0x49, 0x96, 0x26, 0x73, 0x30, 0xb6, 0xe4, 0xe0, 0x31, 0xcf, 0x7d, 0xba, 0xb5, 0x64, 0x37, + 0xcd, 0xc6, 0x16, 0xbe, 0xd8, 0x14, 0x53, 0x65, 0x9b, 0xe3, 0xea, 0x8f, 0xe8, 0x56, 0xbd, 0x8d, + 0x58, 0x79, 0x59, 0x89, 0x97, 0x94, 0xc3, 0x04, 0x3f, 0xbd, 0xb7, 0x30, 0xc1, 0x14, 0xc6, 0xc4, + 0xb5, 0xec, 0x13, 0x8f, 0x5a, 0x6c, 0xa9, 0x77, 0xc5, 0xeb, 0x4c, 0x25, 0x76, 0x8d, 0x1b, 0xe0, + 0xf9, 0xd4, 0x21, 0x46, 0x19, 0x0d, 0xc0, 0x72, 0xc3, 0xe2, 0x45, 0x92, 0xb1, 0x74, 0x9f, 0x39, + 0x40, 0x2c, 0xdd, 0xbf, 0x59, 0x90, 0xe7, 0x5f, 0x72, 0x05, 0x8a, 0x52, 0xaa, 0x1b, 0x0c, 0x14, + 0x8a, 0x61, 0xc1, 0x8b, 0x22, 0xfe, 0xf1, 0x80, 0xb0, 0x5d, 0x82, 0x88, 0x30, 0x98, 0xdb, 0x30, + 0x0c, 0x1e, 0xa9, 0x85, 0x04, 0x98, 0x57, 0xae, 0xb3, 0xda, 0x34, 0x1b, 0x18, 0x2c, 0xbe, 0x20, + 0x85, 0x80, 0x40, 0x28, 0x8f, 0x15, 0x2f, 0x91, 0x90, 0xdb, 0x30, 0xe8, 0x1f, 0x2f, 0x86, 0x81, + 0x72, 0x31, 0x86, 0xb8, 0x98, 0xad, 0x45, 0x88, 0x72, 0x89, 0x88, 0xbc, 0x09, 0x10, 0x4e, 0x07, + 0xc2, 0xd2, 0xc2, 0xa5, 0x42, 0x9e, 0x3d, 0xe4, 0xa5, 0x22, 0xa4, 0x66, 0x13, 0xa7, 0xac, 0x8e, + 0x7e, 0x26, 0x4d, 0x9c, 0x38, 0x23, 0x3a, 0x2c, 0x2b, 0x48, 0xb4, 0x08, 0x59, 0x84, 0xf1, 0x84, + 0x06, 0x8a, 0xb0, 0xba, 0x98, 0x4d, 0x3d, 0x45, 0x7d, 0xe5, 0x85, 0x39, 0x51, 0x96, 0x3c, 0x0f, + 0x85, 0x15, 0xad, 0x2a, 0x42, 0x7b, 0xf2, 0xa8, 0xb0, 0x91, 0xb8, 0x3f, 0x0c, 0xab, 0xfe, 0x89, + 0x7c, 0x62, 0x6d, 0x62, 0xd2, 0x13, 0xac, 0xa4, 0x1e, 0x44, 0xe9, 0xf9, 0xf5, 0x73, 0xe9, 0x49, + 0x44, 0xe4, 0x3a, 0xf4, 0x2f, 0xb1, 0x99, 0xa1, 0x61, 0x37, 0x45, 0x7f, 0x62, 0x90, 0xa6, 0xb6, + 0x80, 0x69, 0x01, 0x96, 0xdc, 0x96, 0x12, 0xc0, 0x4a, 0xd1, 0xb2, 0xfd, 0x04, 0xb0, 0xf1, 0xb0, + 0xd1, 0x98, 0x0a, 0xf6, 0x76, 0x2c, 0xa1, 0x94, 0x28, 0x93, 0xb2, 0x2e, 0x86, 0x09, 0xa4, 0x02, + 0xab, 0xb4, 0x77, 0x37, 0xab, 0x54, 0xfd, 0x3b, 0xb9, 0xe4, 0x38, 0x23, 0x77, 0x92, 0x81, 0x6b, + 0x71, 0x11, 0x0a, 0x80, 0x72, 0xad, 0x41, 0x08, 0xdb, 0x48, 0x08, 0xda, 0xfc, 0x81, 0x43, 0xd0, + 0x16, 0xf6, 0x19, 0x82, 0x56, 0xfd, 0x7f, 0x8a, 0x5d, 0xdd, 0x88, 0x8f, 0x25, 0x54, 0xd9, 0x1b, + 0x6c, 0x67, 0xc5, 0x6a, 0x2f, 0xbb, 0x89, 0xfd, 0x01, 0xf7, 0x92, 0xac, 0xeb, 0x7c, 0x68, 0xb9, + 0x5a, 0x94, 0x92, 0xbc, 0x0b, 0x43, 0xfe, 0x07, 0x60, 0x68, 0x63, 0x29, 0x24, 0x6f, 0xb0, 0xaa, + 0xc5, 0x82, 0x00, 0x47, 0x0a, 0x90, 0x57, 0x61, 0x00, 0x6d, 0x9a, 0xb6, 0xde, 0xf0, 0xe3, 0x5e, + 0xf3, 0x40, 0xd9, 0x3e, 0x50, 0x0e, 0xc7, 0x15, 0x50, 0x92, 0xaf, 0x40, 0x49, 0x24, 0x7f, 0xe0, + 0xb9, 0xd1, 0x6f, 0xed, 0xc1, 0xef, 0xfa, 0xa6, 0x9c, 0xf8, 0x81, 0xef, 0x52, 0x10, 0x10, 0xd9, + 0xa5, 0xf0, 0x9c, 0x0f, 0xcb, 0x70, 0x6e, 0xc9, 0xa1, 0x06, 0x7a, 0xf8, 0x4f, 0x3f, 0x69, 0x3b, + 0x22, 0x2d, 0x07, 0x1f, 0xe5, 0xb8, 0x48, 0xb5, 0x7d, 0x34, 0x5b, 0x3e, 0x05, 0x5e, 0x0e, 0xbe, + 0x9b, 0x52, 0x9c, 0x59, 0x2e, 0xbc, 0x25, 0xf7, 0xe9, 0xd6, 0x26, 0x66, 0xea, 0xef, 0x0f, 0x2d, + 0x17, 0x21, 0xe8, 0x47, 0x02, 0x25, 0x5b, 0x2e, 0xd1, 0x42, 0x97, 0xdf, 0x80, 0xc1, 0x83, 0x26, + 0x4f, 0xf8, 0xf5, 0x7c, 0xc6, 0x83, 0x9c, 0xd3, 0x9b, 0xbf, 0x2e, 0x48, 0xaa, 0xdc, 0x9b, 0x91, + 0x54, 0xf9, 0x8f, 0xf2, 0x19, 0xaf, 0x8d, 0x4e, 0x75, 0xf2, 0xd3, 0x40, 0x18, 0xd1, 0xe4, 0xa7, + 0x61, 0xde, 0x59, 0xd3, 0xd0, 0x64, 0xa2, 0x58, 0x9a, 0xe4, 0xd2, 0xae, 0x69, 0x92, 0x7f, 0xa9, + 0xd0, 0xed, 0x35, 0xd6, 0x99, 0xec, 0xf7, 0x23, 0xfb, 0xdb, 0x30, 0x18, 0x48, 0xb6, 0x5a, 0x41, + 0xa3, 0x67, 0x38, 0x48, 0xd5, 0xc2, 0xc1, 0x58, 0x46, 0x22, 0x22, 0x37, 0x78, 0x5b, 0x6b, 0xe6, + 0x87, 0x3c, 0x69, 0xc0, 0xb0, 0x08, 0x07, 0xaf, 0x7b, 0x7a, 0xdd, 0x35, 0x3f, 0xa4, 0x5a, 0x80, + 0x56, 0xff, 0xb3, 0x7c, 0xea, 0x93, 0xb6, 0xb3, 0x3e, 0xda, 0x47, 0x1f, 0xa5, 0x08, 0x91, 0x3f, + 0xc6, 0x3b, 0x13, 0xe2, 0x3e, 0x84, 0xf8, 0x87, 0xf9, 0xd4, 0xa7, 0x8b, 0x67, 0x42, 0xdc, 0xcf, + 0x6c, 0xf1, 0x22, 0x0c, 0x68, 0xf6, 0xa6, 0x3b, 0x85, 0x1b, 0x1b, 0x3e, 0x57, 0xe0, 0x44, 0xed, + 0xd8, 0x9b, 0x6e, 0x1d, 0xb7, 0x2c, 0x5a, 0x48, 0xa0, 0x7e, 0x3f, 0xdf, 0xe5, 0x71, 0xe7, 0x99, + 0xe0, 0x3f, 0xca, 0x25, 0xf2, 0xb7, 0xf2, 0x91, 0xc7, 0xa3, 0xa7, 0x57, 0xd8, 0xb7, 0x00, 0x6a, + 0x8d, 0x0d, 0xda, 0xd2, 0xa5, 0xc4, 0x4b, 0x78, 0xee, 0xe0, 0x22, 0x54, 0x24, 0xec, 0x0d, 0x49, + 0xd4, 0xdf, 0xc9, 0xc7, 0x5e, 0xcf, 0x9e, 0xc9, 0x6e, 0xcf, 0xb2, 0x0b, 0xb4, 0x4e, 0x3c, 0x08, + 0x3e, 0x93, 0xdc, 0x5e, 0x25, 0xf7, 0xe3, 0xf9, 0xd8, 0xdb, 0xe9, 0x53, 0x2b, 0x3b, 0x36, 0x00, + 0x93, 0x6f, 0xba, 0x4f, 0xad, 0x26, 0xbd, 0x08, 0x03, 0x42, 0x0e, 0xc1, 0x52, 0xc1, 0xe7, 0x7d, + 0x0e, 0xc4, 0x53, 0xd6, 0x80, 0x40, 0xfd, 0x93, 0x79, 0x88, 0xbe, 0x69, 0x3f, 0xa5, 0x3a, 0xf4, + 0x5b, 0xf9, 0xe8, 0x6b, 0xfe, 0xd3, 0xab, 0x3f, 0x37, 0x01, 0x6a, 0x9d, 0xd5, 0x86, 0x08, 0x06, + 0xdb, 0x2b, 0x1d, 0xd3, 0x07, 0x50, 0x4d, 0xa2, 0x50, 0xff, 0xdf, 0x7c, 0x6a, 0x88, 0x81, 0xd3, + 0x2b, 0xc0, 0x57, 0xf0, 0x54, 0xbc, 0x61, 0x85, 0x13, 0x39, 0x1e, 0x42, 0xb2, 0xf1, 0x97, 0xc8, + 0xd6, 0xe7, 0x13, 0x92, 0xcf, 0xa7, 0x98, 0x6b, 0x98, 0x4b, 0x20, 0x34, 0xd7, 0xe4, 0x6b, 0x08, + 0xc9, 0x70, 0xfb, 0xfb, 0xf9, 0xdd, 0x22, 0x32, 0x9c, 0xe6, 0x55, 0xb5, 0x6f, 0x49, 0xdf, 0xc2, + 0xc8, 0x81, 0xac, 0x27, 0x86, 0x78, 0x2e, 0xb9, 0x36, 0x07, 0xc9, 0x77, 0x6f, 0x82, 0x4a, 0xfd, + 0xe7, 0xbd, 0xe9, 0xe1, 0x00, 0x4e, 0xaf, 0x08, 0xaf, 0x40, 0x71, 0x49, 0xf7, 0x36, 0x84, 0x26, + 0xe3, 0x95, 0x5e, 0x5b, 0xf7, 0x36, 0x34, 0x84, 0x92, 0x1b, 0xd0, 0xaf, 0xe9, 0x9b, 0xfc, 0xcc, + 0xb3, 0x14, 0xe6, 0xf9, 0x73, 0xf4, 0xcd, 0x3a, 0x3f, 0xf7, 0x0c, 0xd0, 0x44, 0x0d, 0xf2, 0x4c, + 0xf2, 0x93, 0x6f, 0x4c, 0x72, 0xc6, 0xf3, 0x4c, 0x06, 0xd9, 0x25, 0xaf, 0x40, 0x71, 0xd2, 0x36, + 0xb6, 0xf0, 0xfa, 0x6a, 0x88, 0x57, 0xb6, 0x6a, 0x1b, 0x5b, 0x1a, 0x42, 0xc9, 0x4f, 0xe4, 0xa0, + 0x6f, 0x96, 0xea, 0x06, 0x1b, 0x21, 0x03, 0xdd, 0xbc, 0x4e, 0xbe, 0x74, 0x34, 0x5e, 0x27, 0xe3, + 0x1b, 0xbc, 0x32, 0x59, 0x51, 0x44, 0xfd, 0xe4, 0x2e, 0xf4, 0x4f, 0xe9, 0x1e, 0x5d, 0xb7, 0x9d, + 0x2d, 0xf4, 0xa3, 0x19, 0x09, 0x5d, 0xca, 0x23, 0xfa, 0xe3, 0x13, 0xf1, 0x9b, 0xb1, 0x86, 0xf8, + 0xa5, 0x05, 0x85, 0x99, 0x58, 0x44, 0xe6, 0xfb, 0xc1, 0x50, 0x2c, 0x3c, 0xc5, 0x7d, 0x90, 0xe0, + 0x3e, 0x38, 0x56, 0x1e, 0x4a, 0x3f, 0x56, 0x46, 0xeb, 0x11, 0x7d, 0xed, 0x30, 0xbb, 0xe3, 0x30, + 0x2e, 0xfa, 0xdc, 0x7a, 0x44, 0x28, 0x26, 0x77, 0xd4, 0x24, 0x12, 0xf5, 0x7b, 0xbd, 0x90, 0xfa, + 0x78, 0xf8, 0x4c, 0xc9, 0xcf, 0x94, 0x3c, 0x54, 0xf2, 0x4a, 0x42, 0xc9, 0x2f, 0x27, 0x9f, 0xa3, + 0x7f, 0x4c, 0x35, 0xfc, 0x67, 0x8b, 0x89, 0x60, 0x16, 0xa7, 0x7b, 0x77, 0x19, 0x4a, 0xaf, 0x77, + 0x57, 0xe9, 0x05, 0x03, 0xa2, 0xb4, 0xeb, 0x80, 0xe8, 0xdb, 0xeb, 0x80, 0xe8, 0xcf, 0x1c, 0x10, + 0xa1, 0x82, 0x0c, 0x64, 0x2a, 0x48, 0x55, 0x0c, 0x1a, 0xe8, 0x9e, 0x53, 0xe3, 0xca, 0xce, 0xf6, + 0xc4, 0x08, 0x1b, 0x4d, 0xa9, 0xc9, 0x34, 0x90, 0x85, 0xfa, 0x7b, 0xc5, 0x2e, 0x11, 0x68, 0x8e, + 0x45, 0x47, 0x5e, 0x81, 0x42, 0xb9, 0xdd, 0x16, 0xfa, 0x71, 0x4e, 0x0a, 0x7e, 0x93, 0x51, 0x8a, + 0x51, 0x93, 0x37, 0xa1, 0x50, 0x7e, 0x58, 0x8b, 0xe7, 0xd1, 0x28, 0x3f, 0xac, 0x89, 0x2f, 0xc9, + 0x2c, 0xfb, 0xb0, 0x46, 0xde, 0x0e, 0x03, 0x5a, 0x6e, 0x74, 0xac, 0x47, 0x62, 0xa3, 0x28, 0xdc, + 0x6d, 0x7d, 0x77, 0x9c, 0x06, 0x43, 0xb1, 0xed, 0x62, 0x8c, 0x36, 0xa6, 0x4d, 0xa5, 0xbd, 0x6b, + 0x53, 0xdf, 0xae, 0xda, 0xd4, 0xbf, 0x57, 0x6d, 0x1a, 0xd8, 0x83, 0x36, 0xc1, 0xae, 0xda, 0x34, + 0x78, 0x78, 0x6d, 0x6a, 0xc3, 0xe5, 0x64, 0xd4, 0xb0, 0x40, 0x23, 0x34, 0x20, 0x49, 0xac, 0x70, + 0x2c, 0xc1, 0xab, 0xff, 0x0e, 0xc7, 0xd6, 0x37, 0x11, 0x5d, 0x77, 0x19, 0x5e, 0xf6, 0x4f, 0x4b, + 0x96, 0x56, 0x7f, 0x3d, 0x9f, 0x1d, 0xec, 0xec, 0x64, 0x4e, 0x71, 0x3f, 0x94, 0x2a, 0xa5, 0x62, + 0xf4, 0xf1, 0x79, 0xb6, 0x94, 0x63, 0x6c, 0xd3, 0x64, 0xf6, 0x9d, 0x5c, 0x56, 0x04, 0xb6, 0x43, + 0x49, 0xec, 0xd3, 0x49, 0x8f, 0x36, 0xf4, 0xd3, 0x77, 0xa3, 0xae, 0x6c, 0x33, 0x30, 0x24, 0x0b, + 0x51, 0x48, 0x69, 0x2f, 0x02, 0x8e, 0x94, 0x53, 0xff, 0x4e, 0x0e, 0xce, 0xdd, 0xef, 0xac, 0x52, + 0xe1, 0xc1, 0x16, 0x34, 0xe3, 0x03, 0x00, 0x06, 0x16, 0x4e, 0x2c, 0x39, 0x74, 0x62, 0xf9, 0xac, + 0x1c, 0x3d, 0x2d, 0x56, 0xe0, 0x66, 0x48, 0xcd, 0x1d, 0x58, 0x9e, 0xf1, 0x9d, 0x39, 0x1f, 0x75, + 0x56, 0x69, 0x3d, 0xe1, 0xc9, 0x22, 0x71, 0xbf, 0xfc, 0x0e, 0x77, 0x93, 0x3f, 0xa8, 0xd3, 0xc8, + 0xaf, 0xe6, 0x33, 0x03, 0xd6, 0x9d, 0xd8, 0xcc, 0x8a, 0x3f, 0x90, 0xda, 0x2b, 0xf1, 0x0c, 0x8b, + 0x29, 0x24, 0x31, 0x8e, 0x69, 0x5c, 0xd2, 0x05, 0x76, 0xc2, 0xf3, 0x7d, 0x7e, 0xa4, 0x02, 0xfb, + 0x87, 0xb9, 0xcc, 0xc0, 0x82, 0x27, 0x55, 0x60, 0xea, 0xff, 0x52, 0xf0, 0xe3, 0x19, 0x1e, 0xea, + 0x13, 0x5e, 0x84, 0x01, 0xf1, 0xac, 0x3b, 0xea, 0x80, 0x2b, 0x8e, 0xf2, 0xf0, 0x68, 0x38, 0x20, + 0x60, 0xcb, 0xbc, 0xe4, 0x1d, 0x2c, 0x39, 0xe0, 0x4a, 0x9e, 0xc1, 0x9a, 0x44, 0xc2, 0x16, 0xf2, + 0xe9, 0x27, 0xa6, 0x87, 0x56, 0x01, 0xeb, 0xcb, 0x02, 0x5f, 0xc8, 0xe9, 0x13, 0xd3, 0xe3, 0x36, + 0x41, 0x80, 0x66, 0x8b, 0x74, 0x2d, 0xcc, 0x66, 0x2e, 0x16, 0x69, 0x57, 0x24, 0x75, 0x17, 0xcf, + 0xc6, 0x5e, 0x84, 0x01, 0xe1, 0xd5, 0x2a, 0xdc, 0x4c, 0x44, 0x6b, 0x85, 0x1f, 0x2c, 0xb6, 0x36, + 0x20, 0x60, 0x1c, 0x35, 0xba, 0x1e, 0x3a, 0xd6, 0x21, 0x47, 0x07, 0x21, 0x9a, 0xc0, 0x90, 0xdb, + 0x30, 0x52, 0xf3, 0x74, 0xcb, 0xd0, 0x1d, 0x63, 0xb1, 0xe3, 0xb5, 0x3b, 0x9e, 0x6c, 0x94, 0xba, + 0x9e, 0x61, 0x77, 0x3c, 0x2d, 0x46, 0x41, 0x3e, 0x07, 0xc3, 0x3e, 0x64, 0xda, 0x71, 0x6c, 0x47, + 0xb6, 0x3c, 0x5c, 0xcf, 0xa0, 0x8e, 0xa3, 0x45, 0x09, 0xc8, 0xe7, 0x61, 0xb8, 0x6a, 0x3d, 0xb6, + 0x79, 0x9a, 0xfc, 0x15, 0x6d, 0x4e, 0xd8, 0x21, 0xf8, 0x14, 0xcb, 0x0c, 0x10, 0xf5, 0x8e, 0xd3, + 0xd4, 0xa2, 0x84, 0xea, 0x4e, 0x3e, 0x19, 0xf6, 0xf1, 0xf4, 0x6e, 0x5a, 0x6e, 0x44, 0x9d, 0xe9, + 0xd0, 0x83, 0x14, 0x0d, 0x42, 0xd9, 0x97, 0x97, 0xdb, 0x85, 0xb7, 0xa1, 0xff, 0x3e, 0xdd, 0xe2, + 0x7e, 0x9f, 0xa5, 0xd0, 0x55, 0xf8, 0x91, 0x80, 0xc9, 0x27, 0xae, 0x3e, 0x9d, 0xfa, 0xbb, 0xf9, + 0x64, 0x40, 0xcb, 0xd3, 0x2b, 0xec, 0xcf, 0x41, 0x1f, 0x8a, 0xb2, 0xea, 0x1f, 0xf9, 0xa3, 0x00, + 0x51, 0xdc, 0x51, 0x0f, 0x64, 0x9f, 0x4c, 0xfd, 0xc5, 0x52, 0x3c, 0xca, 0xe9, 0xe9, 0x95, 0xde, + 0x5b, 0x30, 0x38, 0x65, 0x5b, 0xae, 0xe9, 0x7a, 0xd4, 0x6a, 0xf8, 0x0a, 0xfb, 0x14, 0x33, 0xa8, + 0x1a, 0x21, 0x58, 0x7e, 0x83, 0x24, 0x51, 0x1f, 0x44, 0x79, 0xc9, 0x6b, 0x30, 0x80, 0x22, 0x47, + 0x3f, 0x69, 0x3e, 0xe1, 0xe1, 0x6d, 0xc1, 0x2a, 0x03, 0xc6, 0x9d, 0xa4, 0x43, 0x52, 0xb2, 0x02, + 0xfd, 0x53, 0x1b, 0x66, 0xd3, 0x70, 0xa8, 0x85, 0xfe, 0xc2, 0x52, 0x30, 0x89, 0x68, 0x5f, 0xde, + 0xc4, 0x7f, 0x91, 0x96, 0x37, 0xa7, 0x21, 0x8a, 0x45, 0x5e, 0x61, 0x09, 0xd8, 0xe5, 0x9f, 0xce, + 0x03, 0x84, 0x05, 0xc8, 0xb3, 0x90, 0x0f, 0x12, 0x05, 0xa3, 0x9b, 0x4a, 0x44, 0x83, 0xf2, 0xb8, + 0x54, 0x88, 0xb1, 0x9d, 0xdf, 0x75, 0x6c, 0xaf, 0x40, 0x89, 0x9f, 0x78, 0xa1, 0x27, 0xb9, 0x14, + 0x78, 0x31, 0xb3, 0xc1, 0x37, 0x91, 0x9e, 0x6f, 0x66, 0xd1, 0xf2, 0x8c, 0x78, 0x65, 0x73, 0x66, + 0x97, 0x1b, 0xd0, 0x8b, 0x7f, 0x91, 0x6b, 0x50, 0x5c, 0xf6, 0x93, 0x8c, 0x0e, 0xf3, 0x59, 0x3a, + 0x26, 0x3f, 0xc4, 0xb3, 0x6e, 0x9a, 0xb2, 0x2d, 0x8f, 0x55, 0x8d, 0xad, 0x1e, 0x12, 0x72, 0x11, + 0xb0, 0x88, 0x5c, 0x04, 0x4c, 0xfd, 0xaf, 0xf2, 0x29, 0xf1, 0x77, 0x4f, 0xef, 0x30, 0x79, 0x03, + 0x00, 0x9f, 0x74, 0x33, 0x79, 0xfa, 0x4f, 0x34, 0x70, 0x94, 0x20, 0x23, 0x54, 0xdb, 0xc8, 0xb6, + 0x23, 0x24, 0x56, 0xff, 0x5e, 0x2e, 0x11, 0xb4, 0xf5, 0x50, 0x72, 0x94, 0xad, 0xb2, 0xfc, 0x01, + 0xcd, 0x58, 0xbf, 0x2f, 0x0a, 0xfb, 0xeb, 0x8b, 0xe8, 0xb7, 0x1c, 0x81, 0x65, 0x7a, 0x9c, 0xdf, + 0xf2, 0xbd, 0x7c, 0x5a, 0x08, 0xdb, 0x93, 0xa9, 0xe2, 0x77, 0x02, 0xa3, 0xb4, 0x18, 0x0b, 0x1a, + 0x8e, 0xd0, 0x78, 0x22, 0x64, 0x61, 0xa6, 0x7e, 0x15, 0x46, 0x63, 0x81, 0x5d, 0x45, 0x4e, 0xda, + 0x6b, 0xdd, 0x23, 0xc4, 0x66, 0x07, 0x03, 0x88, 0x90, 0xa9, 0xff, 0x5f, 0xae, 0x7b, 0x58, 0xdf, + 0x63, 0x57, 0x9d, 0x14, 0x01, 0x14, 0xfe, 0x78, 0x04, 0x70, 0x04, 0xdb, 0xe0, 0x93, 0x2d, 0x80, + 0x8f, 0xc9, 0xe4, 0xf1, 0x51, 0x0b, 0xe0, 0x17, 0x73, 0xbb, 0x46, 0x65, 0x3e, 0x6e, 0x19, 0xa8, + 0xff, 0x63, 0x2e, 0x35, 0x7a, 0xf2, 0xa1, 0xda, 0xf5, 0x36, 0x94, 0xb8, 0x5b, 0x8d, 0x68, 0x95, + 0x94, 0x6f, 0x8a, 0x41, 0xb3, 0x32, 0xb4, 0x73, 0x2c, 0x99, 0x83, 0x3e, 0xde, 0x06, 0x43, 0xf4, + 0xc6, 0xa7, 0xba, 0x84, 0x70, 0x36, 0xb2, 0x26, 0x47, 0x81, 0x56, 0xff, 0x6e, 0x2e, 0x11, 0xcc, + 0xf9, 0x18, 0xbf, 0x2d, 0x9c, 0xaa, 0x0b, 0x7b, 0x9f, 0xaa, 0xd5, 0x7f, 0x96, 0x4f, 0x8f, 0x25, + 0x7d, 0x8c, 0x1f, 0x72, 0x14, 0xc7, 0x69, 0x07, 0x5b, 0xb7, 0x96, 0x61, 0x24, 0x2a, 0x0b, 0xb1, + 0x6c, 0x5d, 0x4d, 0x8f, 0xa8, 0x9d, 0xd1, 0x8a, 0x18, 0x0f, 0xf5, 0xbb, 0xb9, 0x64, 0x18, 0xec, + 0x63, 0x9f, 0x9f, 0x0e, 0xa6, 0x2d, 0xd1, 0x4f, 0xf9, 0x98, 0xac, 0x35, 0x47, 0xf1, 0x29, 0x1f, + 0x93, 0x55, 0xe3, 0x60, 0x9f, 0xf2, 0xcb, 0xf9, 0xac, 0x28, 0xe2, 0xc7, 0xfe, 0x41, 0x5f, 0x96, + 0x85, 0xcc, 0x5b, 0x26, 0x3e, 0xed, 0xd9, 0xac, 0xb0, 0xdd, 0x19, 0x3c, 0x13, 0x7c, 0x0e, 0x36, + 0xc6, 0x53, 0x85, 0xf5, 0x31, 0x51, 0xe4, 0x93, 0x21, 0xac, 0x8f, 0xc9, 0x50, 0xf9, 0xf8, 0x09, + 0xeb, 0x6f, 0xe5, 0xf7, 0x1a, 0xba, 0xfe, 0x4c, 0x78, 0x09, 0xe1, 0x7d, 0x2b, 0x9f, 0x4c, 0xa9, + 0x70, 0xec, 0x62, 0x9a, 0x81, 0x92, 0x48, 0xee, 0x90, 0x29, 0x1c, 0x8e, 0xcf, 0xb2, 0x68, 0xc4, + 0x77, 0xdc, 0x01, 0x71, 0x91, 0xb3, 0x37, 0x91, 0x70, 0x5a, 0xf5, 0xfb, 0xb9, 0x58, 0xfe, 0x81, + 0x63, 0x39, 0x42, 0x38, 0xd0, 0x92, 0x44, 0xde, 0xf1, 0x0f, 0x33, 0x8b, 0xb1, 0xf8, 0xcf, 0xc1, + 0xf7, 0x54, 0xa8, 0xa7, 0x9b, 0xcd, 0x78, 0x79, 0x11, 0x13, 0xe0, 0x77, 0xf3, 0x30, 0x9e, 0x20, + 0x25, 0xd7, 0x22, 0xa1, 0x74, 0xf0, 0x58, 0x32, 0xe6, 0x3c, 0xce, 0x83, 0xea, 0xec, 0xe3, 0x24, + 0xf5, 0x1a, 0x14, 0x2b, 0xfa, 0x16, 0xff, 0xb6, 0x5e, 0xce, 0xd2, 0xd0, 0xb7, 0xe4, 0x13, 0x37, + 0xc4, 0x93, 0x55, 0xb8, 0xc0, 0xef, 0x43, 0x4c, 0xdb, 0x5a, 0x36, 0x5b, 0xb4, 0x6a, 0xcd, 0x9b, + 0xcd, 0xa6, 0xe9, 0x8a, 0x4b, 0xbd, 0x17, 0x77, 0xb6, 0x27, 0xae, 0x7b, 0xb6, 0xa7, 0x37, 0xeb, + 0xd4, 0x27, 0xab, 0x7b, 0x66, 0x8b, 0xd6, 0x4d, 0xab, 0xde, 0x42, 0x4a, 0x89, 0x65, 0x3a, 0x2b, + 0x52, 0xe5, 0xa1, 0xbe, 0x6b, 0x0d, 0xdd, 0xb2, 0xa8, 0x51, 0xb5, 0x26, 0xb7, 0x3c, 0xca, 0x2f, + 0x03, 0x0b, 0xfc, 0x48, 0x90, 0xbf, 0x0d, 0xe7, 0x68, 0xc6, 0x78, 0x95, 0x11, 0x68, 0x29, 0x85, + 0xd4, 0xbf, 0x5d, 0x4c, 0x49, 0x3d, 0x71, 0x82, 0xd4, 0xc7, 0xef, 0xe9, 0xe2, 0x2e, 0x3d, 0x7d, + 0x0b, 0xfa, 0x44, 0x2c, 0x55, 0x71, 0xc1, 0x80, 0xce, 0xec, 0x8f, 0x39, 0x48, 0xbe, 0xa1, 0x11, + 0x54, 0xa4, 0x09, 0x97, 0x97, 0x59, 0x37, 0xa5, 0x77, 0x66, 0xe9, 0x00, 0x9d, 0xd9, 0x85, 0x1f, + 0x79, 0x1f, 0x2e, 0x21, 0x36, 0xa5, 0x5b, 0xfb, 0xb0, 0x2a, 0x8c, 0x51, 0xc5, 0xab, 0x4a, 0xef, + 0xdc, 0xac, 0xf2, 0xe4, 0xcb, 0x30, 0x14, 0x0c, 0x10, 0x93, 0xba, 0xe2, 0xe6, 0xa2, 0xcb, 0x38, + 0xe3, 0x01, 0xe0, 0x18, 0x18, 0x5d, 0xc8, 0xa2, 0x41, 0xc4, 0x22, 0xbc, 0xd4, 0xff, 0x21, 0xd7, + 0x2d, 0x05, 0xc6, 0xb1, 0xcf, 0xca, 0xef, 0x40, 0x9f, 0xc1, 0x3f, 0x4a, 0xe8, 0x54, 0xf7, 0x24, + 0x19, 0x9c, 0x54, 0xf3, 0xcb, 0xa8, 0xff, 0x34, 0xd7, 0x35, 0xf3, 0xc6, 0x49, 0xff, 0xbc, 0x6f, + 0x15, 0x32, 0x3e, 0x4f, 0x4c, 0xa2, 0x37, 0x60, 0xcc, 0x0c, 0x43, 0x83, 0xd7, 0xc3, 0xf0, 0x53, + 0xda, 0xa8, 0x04, 0xc7, 0xd1, 0x75, 0x07, 0x2e, 0xfa, 0x8e, 0x8f, 0x8e, 0xef, 0x21, 0xe6, 0xd6, + 0x3b, 0x8e, 0xc9, 0xc7, 0xa5, 0x76, 0xde, 0x8d, 0xb9, 0x8f, 0xb9, 0x2b, 0x8e, 0xc9, 0x2a, 0xd0, + 0xbd, 0x0d, 0x6a, 0xe9, 0xf5, 0x4d, 0xdb, 0x79, 0x84, 0x51, 0x46, 0xf9, 0xe0, 0xd4, 0x46, 0x39, + 0xfc, 0xa1, 0x0f, 0x26, 0xcf, 0xc3, 0xf0, 0x7a, 0xb3, 0x43, 0x83, 0xb8, 0x8e, 0xfc, 0xae, 0x4f, + 0x1b, 0x62, 0xc0, 0xe0, 0x86, 0xe4, 0x19, 0x00, 0x24, 0xf2, 0x30, 0x2f, 0x0a, 0x5e, 0xec, 0x69, + 0x03, 0x0c, 0xb2, 0x2c, 0xba, 0xeb, 0x32, 0xd7, 0x6a, 0x2e, 0xa4, 0x7a, 0xd3, 0xb6, 0xd6, 0xeb, + 0x1e, 0x75, 0x5a, 0xd8, 0x50, 0x74, 0x66, 0xd0, 0x2e, 0x22, 0x05, 0x5e, 0x9d, 0xb8, 0x73, 0xb6, + 0xb5, 0xbe, 0x4c, 0x9d, 0x16, 0x6b, 0xea, 0x8b, 0x40, 0x44, 0x53, 0x1d, 0x3c, 0xf4, 0xe0, 0x1f, + 0x87, 0xde, 0x0c, 0x9a, 0xf8, 0x08, 0x7e, 0x1a, 0x82, 0x1f, 0x36, 0x01, 0x83, 0x3c, 0xb8, 0x1d, + 0x17, 0x1a, 0xba, 0x30, 0x68, 0xc0, 0x41, 0x28, 0xaf, 0x8b, 0x20, 0xbc, 0x2b, 0xb8, 0x57, 0xb7, + 0x26, 0x7e, 0xa9, 0x5f, 0x2f, 0xa4, 0x25, 0x0b, 0x39, 0x94, 0xa2, 0x85, 0xd3, 0x6a, 0x7e, 0x5f, + 0xd3, 0xea, 0xa8, 0xd5, 0x69, 0xd5, 0xf5, 0x76, 0xbb, 0xbe, 0x66, 0x36, 0xf1, 0x59, 0x15, 0x2e, + 0x7c, 0xda, 0xb0, 0xd5, 0x69, 0x95, 0xdb, 0xed, 0x19, 0x0e, 0x24, 0x2f, 0xc0, 0x38, 0xa3, 0xc3, + 0x4e, 0x0a, 0x28, 0x8b, 0x48, 0xc9, 0x18, 0x60, 0x74, 0x58, 0x9f, 0xf6, 0x29, 0xe8, 0x17, 0x3c, + 0xf9, 0x5a, 0xd5, 0xab, 0xf5, 0x71, 0x66, 0x2e, 0xeb, 0xb9, 0x80, 0x0d, 0x9f, 0x5c, 0x7b, 0xb5, + 0x01, 0xbf, 0x3c, 0xc6, 0x40, 0xb6, 0x3a, 0x2d, 0x1e, 0x11, 0xab, 0x0f, 0x91, 0xc1, 0x6f, 0x72, + 0x0d, 0x46, 0x18, 0x97, 0x40, 0x60, 0x3c, 0x6c, 0x6c, 0xaf, 0x16, 0x83, 0x92, 0xdb, 0x70, 0x3e, + 0x02, 0xe1, 0x36, 0x28, 0x7f, 0x26, 0xd0, 0xab, 0xa5, 0xe2, 0xd4, 0xdf, 0x29, 0x44, 0x53, 0x98, + 0x1c, 0x43, 0x47, 0x5c, 0x82, 0x3e, 0xdb, 0x59, 0xaf, 0x77, 0x9c, 0xa6, 0x18, 0x7b, 0x25, 0xdb, + 0x59, 0x5f, 0x71, 0x9a, 0xe4, 0x02, 0x94, 0x58, 0xef, 0x98, 0x86, 0x18, 0x62, 0xbd, 0x7a, 0xbb, + 0x5d, 0x35, 0x48, 0x99, 0x77, 0x08, 0x86, 0x1c, 0xad, 0x37, 0x70, 0x6b, 0xcf, 0x9d, 0x12, 0x7a, + 0xf9, 0x8a, 0x97, 0x40, 0x62, 0x3f, 0x61, 0x20, 0x52, 0x7e, 0x10, 0x10, 0x63, 0x61, 0xe0, 0xb6, + 0xc4, 0xe0, 0x7d, 0x12, 0x67, 0x21, 0x90, 0x21, 0x0b, 0xbe, 0x89, 0x31, 0x48, 0x05, 0x48, 0x48, + 0xd5, 0xb2, 0x0d, 0x73, 0xcd, 0xa4, 0xfc, 0x55, 0x47, 0x2f, 0xbf, 0xf8, 0x4d, 0x62, 0xb5, 0x31, + 0x9f, 0xc9, 0xbc, 0x80, 0x90, 0xb7, 0xb8, 0x12, 0x72, 0x3a, 0x5c, 0xfb, 0x78, 0xdf, 0x72, 0x3b, + 0x2d, 0x86, 0x42, 0xcd, 0xc4, 0xf2, 0xb8, 0x10, 0xaa, 0x7f, 0xb9, 0x98, 0xcc, 0x63, 0x73, 0x2c, + 0x76, 0xcd, 0x2c, 0x80, 0x48, 0x53, 0x15, 0x5e, 0xae, 0x05, 0x1e, 0xe7, 0x21, 0x26, 0x83, 0x87, + 0x54, 0x96, 0xdc, 0x80, 0x7e, 0xfe, 0x45, 0xd5, 0x8a, 0xb0, 0x77, 0xd0, 0x45, 0xcc, 0x6d, 0x9b, + 0x6b, 0x6b, 0xe8, 0x4f, 0x16, 0xa0, 0xc9, 0x35, 0xe8, 0xab, 0x2c, 0xd4, 0x6a, 0xe5, 0x05, 0xff, + 0xa6, 0x18, 0xdf, 0x97, 0x18, 0x96, 0x5b, 0x77, 0x75, 0xcb, 0xd5, 0x7c, 0x24, 0x79, 0x1e, 0x4a, + 0xd5, 0x25, 0x24, 0xe3, 0xaf, 0x26, 0x07, 0x77, 0xb6, 0x27, 0xfa, 0xcc, 0x36, 0xa7, 0x12, 0x28, + 0xac, 0xf7, 0x41, 0xb5, 0x22, 0xb9, 0x4b, 0xf0, 0x7a, 0x1f, 0x9b, 0x06, 0x5e, 0x3b, 0x6b, 0x01, + 0x9a, 0xbc, 0x0a, 0x43, 0x35, 0xea, 0x98, 0x7a, 0x73, 0xa1, 0x83, 0x5b, 0x45, 0x29, 0x94, 0xa2, + 0x8b, 0xf0, 0xba, 0x85, 0x08, 0x2d, 0x42, 0x46, 0xae, 0x40, 0x71, 0xd6, 0xb4, 0xfc, 0x27, 0x0c, + 0xe8, 0xe3, 0xbe, 0x61, 0x5a, 0x9e, 0x86, 0x50, 0xf2, 0x3c, 0x14, 0xee, 0x2d, 0x57, 0x85, 0x27, + 0x18, 0xf2, 0xfa, 0xc0, 0x8b, 0x84, 0x65, 0xbc, 0xb7, 0x5c, 0x25, 0xaf, 0xc2, 0x00, 0x5b, 0xc4, + 0xa8, 0xd5, 0xa0, 0xae, 0x32, 0x88, 0x1f, 0xc3, 0xc3, 0x08, 0xfa, 0x40, 0xd9, 0xa7, 0x23, 0xa0, + 0x54, 0xff, 0x8f, 0x7c, 0x7a, 0xa2, 0xa1, 0x63, 0x18, 0xea, 0x07, 0xbc, 0x45, 0x8e, 0x29, 0x58, + 0xf1, 0x10, 0x0a, 0xb6, 0x06, 0xa3, 0x65, 0xa3, 0x65, 0x5a, 0x65, 0xfc, 0xe9, 0xce, 0xcf, 0x94, + 0x71, 0xea, 0x90, 0x9e, 0xe7, 0xc5, 0xd0, 0xe2, 0x7b, 0x78, 0xc0, 0x5f, 0x86, 0xaa, 0xeb, 0x1c, + 0x57, 0x6f, 0xad, 0xe9, 0xf5, 0x06, 0xcf, 0xd1, 0xa3, 0xc5, 0x99, 0xaa, 0x3f, 0x95, 0xdf, 0x25, + 0x37, 0xd2, 0x69, 0x94, 0xbe, 0xfa, 0xed, 0x7c, 0xf7, 0xf4, 0x54, 0xa7, 0x52, 0x28, 0x7f, 0x98, + 0x4f, 0x49, 0x16, 0x75, 0x28, 0x49, 0xdc, 0x80, 0x7e, 0xce, 0x26, 0x70, 0xe3, 0xc5, 0xd9, 0x8c, + 0x2b, 0x2b, 0xce, 0xa2, 0x3e, 0x9a, 0x2c, 0xc0, 0xf9, 0xf2, 0xda, 0x1a, 0x6d, 0x78, 0x61, 0xe8, + 0xe7, 0x85, 0x30, 0x08, 0x2b, 0x0f, 0x75, 0x2b, 0xf0, 0x61, 0xe8, 0x68, 0x0c, 0x36, 0x92, 0x5a, + 0x8e, 0x2c, 0xc3, 0xc5, 0x38, 0xbc, 0xc6, 0xb7, 0x00, 0x45, 0x29, 0xfa, 0x6d, 0x82, 0x23, 0xff, + 0x4f, 0xcb, 0x28, 0x9b, 0xd6, 0x4a, 0x9c, 0xaa, 0x7b, 0xbb, 0xb5, 0x12, 0xe7, 0xed, 0xd4, 0x72, + 0xea, 0xef, 0x16, 0xe4, 0x9c, 0x5a, 0xa7, 0xd7, 0xe1, 0xea, 0x4e, 0xc4, 0xcd, 0x7a, 0xaf, 0x43, + 0xe6, 0x55, 0x11, 0x41, 0xc4, 0xe8, 0x38, 0xbe, 0x47, 0x62, 0x10, 0xc1, 0x00, 0x81, 0xf2, 0x3a, + 0x14, 0x50, 0x92, 0x2a, 0x14, 0xcb, 0xce, 0x3a, 0x37, 0x6f, 0x77, 0x7b, 0x54, 0xa5, 0x3b, 0xeb, + 0x6e, 0xfa, 0xa3, 0x2a, 0xc6, 0x42, 0xfd, 0x33, 0xf9, 0x2e, 0x69, 0xb0, 0x4e, 0xe5, 0x24, 0xf2, + 0xe7, 0xf2, 0x59, 0x09, 0xad, 0x4e, 0xaa, 0xeb, 0xd8, 0x47, 0x2c, 0x9c, 0x93, 0xed, 0x57, 0x77, + 0xc4, 0xc2, 0xc9, 0x48, 0xae, 0x75, 0x26, 0x9c, 0xaf, 0xe7, 0xb3, 0xf2, 0x8b, 0x9d, 0xda, 0x59, + 0x26, 0x23, 0xa5, 0xd9, 0x99, 0xae, 0xfc, 0x7c, 0x3e, 0x33, 0xab, 0xdb, 0x99, 0x74, 0xd4, 0x6f, + 0xe4, 0x33, 0xb3, 0xd2, 0x9d, 0xca, 0xa1, 0x94, 0xaa, 0x2d, 0x67, 0x63, 0x49, 0x48, 0xe7, 0xf7, + 0xf3, 0xe9, 0x79, 0x00, 0x8f, 0x41, 0x55, 0x8e, 0xc2, 0x03, 0xcf, 0x17, 0x68, 0xf1, 0x50, 0x02, + 0xed, 0x3d, 0x52, 0x81, 0x1e, 0xdb, 0xd8, 0xfb, 0xa4, 0x0a, 0xf4, 0x08, 0x06, 0xef, 0x69, 0x16, + 0xe8, 0x4f, 0x16, 0x92, 0xb9, 0x2f, 0x4f, 0xe5, 0x11, 0xe5, 0x24, 0xf4, 0xfb, 0x67, 0x18, 0x42, + 0xa0, 0x7b, 0xee, 0x4e, 0xbf, 0x1c, 0x79, 0x17, 0x46, 0x43, 0x59, 0xca, 0x91, 0xa9, 0xf0, 0x7a, + 0xa3, 0xc1, 0x50, 0xf5, 0x0f, 0x18, 0x4e, 0x84, 0x50, 0x89, 0x53, 0xab, 0xdf, 0x2f, 0x24, 0x13, + 0x88, 0x9e, 0xf5, 0xc6, 0x01, 0x7b, 0x63, 0x05, 0x2e, 0x4e, 0x75, 0x1c, 0x87, 0x5a, 0x5e, 0x7a, + 0xa7, 0xe0, 0xe1, 0x72, 0x83, 0x53, 0xd4, 0x93, 0x9d, 0x93, 0x51, 0x98, 0xb1, 0x15, 0xde, 0xf7, + 0x71, 0xb6, 0x7d, 0x21, 0xdb, 0x0e, 0xa7, 0x48, 0x63, 0x9b, 0x5e, 0x58, 0xfd, 0xfb, 0xf9, 0x64, + 0xca, 0xd7, 0xb3, 0xae, 0x3f, 0x58, 0xd7, 0xbf, 0x30, 0xcf, 0x13, 0x5b, 0xdd, 0x37, 0x2d, 0x83, + 0x3c, 0x05, 0x17, 0x56, 0x6a, 0xd3, 0x5a, 0xfd, 0x7e, 0x75, 0xa1, 0x52, 0x5f, 0x59, 0xa8, 0x2d, + 0x4d, 0x4f, 0x55, 0x67, 0xaa, 0xd3, 0x95, 0xb1, 0x1e, 0x72, 0x0e, 0x46, 0x43, 0xd4, 0xec, 0xca, + 0x7c, 0x79, 0x61, 0x2c, 0x47, 0xc6, 0x61, 0x38, 0x04, 0x4e, 0x2e, 0x2e, 0x8f, 0xe5, 0x5f, 0xf8, + 0x0c, 0x0c, 0xe2, 0xcd, 0x3d, 0xbf, 0x69, 0x20, 0x43, 0xd0, 0xbf, 0x38, 0x59, 0x9b, 0xd6, 0x1e, + 0x20, 0x13, 0x80, 0x52, 0x65, 0x7a, 0x81, 0x31, 0xcc, 0xbd, 0xf0, 0x7f, 0xe7, 0x00, 0x6a, 0x33, + 0xcb, 0x4b, 0x82, 0x70, 0x10, 0xfa, 0xaa, 0x0b, 0x0f, 0xca, 0x73, 0x55, 0x46, 0xd7, 0x0f, 0xc5, + 0xc5, 0xa5, 0x69, 0x56, 0xc3, 0x00, 0xf4, 0x4e, 0xcd, 0x2d, 0xd6, 0xa6, 0xc7, 0xf2, 0x0c, 0xa8, + 0x4d, 0x97, 0x2b, 0x63, 0x05, 0x06, 0x7c, 0xa8, 0x55, 0x97, 0xa7, 0xc7, 0x8a, 0xec, 0xcf, 0xb9, + 0xda, 0x72, 0x79, 0x79, 0xac, 0x97, 0xfd, 0x39, 0x83, 0x7f, 0x96, 0x18, 0xb3, 0xda, 0xf4, 0x32, + 0xfe, 0xe8, 0x63, 0x4d, 0x98, 0xf1, 0x7f, 0xf5, 0x33, 0x14, 0x63, 0x5d, 0xa9, 0x6a, 0x63, 0x03, + 0xec, 0x07, 0x63, 0xc9, 0x7e, 0x00, 0x6b, 0x9c, 0x36, 0x3d, 0xbf, 0xf8, 0x60, 0x7a, 0x6c, 0x90, + 0xf1, 0x9a, 0xbf, 0xcf, 0xc0, 0x43, 0xec, 0x4f, 0x6d, 0x9e, 0xfd, 0x39, 0xcc, 0x38, 0x69, 0xd3, + 0xe5, 0xb9, 0xa5, 0xf2, 0xf2, 0xec, 0xd8, 0x08, 0x6b, 0x0f, 0xf2, 0x1c, 0xe5, 0x25, 0x17, 0xca, + 0xf3, 0xd3, 0x63, 0x63, 0x82, 0xa6, 0x32, 0x57, 0x5d, 0xb8, 0x3f, 0x36, 0x8e, 0x0d, 0x79, 0x7f, + 0x1e, 0x7f, 0x10, 0x56, 0x00, 0xff, 0x3a, 0xf7, 0xc2, 0x0f, 0x42, 0x69, 0xb1, 0x86, 0x77, 0x75, + 0x97, 0xe0, 0xdc, 0x62, 0xad, 0xbe, 0xfc, 0xfe, 0xd2, 0x74, 0x4c, 0xde, 0xe3, 0x30, 0xec, 0x23, + 0xe6, 0xaa, 0x0b, 0x2b, 0x5f, 0xe2, 0xd2, 0xf6, 0x41, 0xf3, 0xe5, 0xa9, 0xc5, 0xda, 0x58, 0x9e, + 0xf5, 0x8a, 0x0f, 0x7a, 0x58, 0x5d, 0xa8, 0x2c, 0x3e, 0xac, 0x8d, 0x15, 0x5e, 0x78, 0x0c, 0x43, + 0x3c, 0x2d, 0xd8, 0xa2, 0x63, 0xae, 0x9b, 0x16, 0x79, 0x06, 0x9e, 0xaa, 0x4c, 0x3f, 0xa8, 0x4e, + 0x4d, 0xd7, 0x17, 0xb5, 0xea, 0xdd, 0xea, 0x42, 0xac, 0xa6, 0x0b, 0x30, 0x1e, 0x45, 0x97, 0x97, + 0xaa, 0x63, 0x39, 0x72, 0x11, 0x48, 0x14, 0x7c, 0xaf, 0x3c, 0x3f, 0x33, 0x96, 0x27, 0x0a, 0x9c, + 0x8f, 0xc2, 0xab, 0x0b, 0xcb, 0x2b, 0x0b, 0xd3, 0x63, 0x85, 0x17, 0xfe, 0x52, 0x0e, 0x2e, 0xa4, + 0x86, 0x8e, 0x24, 0x2a, 0x5c, 0x9d, 0x9e, 0x2b, 0xd7, 0x96, 0xab, 0x53, 0xb5, 0xe9, 0xb2, 0x36, + 0x35, 0x5b, 0x9f, 0x2a, 0x2f, 0x4f, 0xdf, 0x5d, 0xd4, 0xde, 0xaf, 0xdf, 0x9d, 0x5e, 0x98, 0xd6, + 0xca, 0x73, 0x63, 0x3d, 0xe4, 0x79, 0x98, 0xc8, 0xa0, 0xa9, 0x4d, 0x4f, 0xad, 0x68, 0xd5, 0xe5, + 0xf7, 0xc7, 0x72, 0xe4, 0x39, 0x78, 0x26, 0x93, 0x88, 0xfd, 0x1e, 0xcb, 0x93, 0xab, 0x70, 0x39, + 0x8b, 0xe4, 0xbd, 0xb9, 0xb1, 0xc2, 0x0b, 0x3f, 0x97, 0x03, 0x92, 0x8c, 0xfd, 0x47, 0x9e, 0x85, + 0x2b, 0x4c, 0x2f, 0xea, 0xd9, 0x0d, 0x7c, 0x0e, 0x9e, 0x49, 0xa5, 0x90, 0x9a, 0x37, 0x01, 0x4f, + 0x67, 0x90, 0x88, 0xc6, 0x5d, 0x01, 0x25, 0x9d, 0x00, 0x9b, 0xf6, 0x9b, 0x39, 0xb8, 0x90, 0x7a, + 0xb9, 0x47, 0xae, 0xc3, 0xa7, 0xca, 0x95, 0x79, 0xd6, 0x37, 0x53, 0xcb, 0xd5, 0xc5, 0x85, 0x5a, + 0x7d, 0x7e, 0xa6, 0x5c, 0x67, 0xda, 0xb7, 0x52, 0x8b, 0xf5, 0xe6, 0x35, 0x50, 0xbb, 0x50, 0x4e, + 0xcd, 0x96, 0x17, 0xee, 0xb2, 0xe1, 0x47, 0x3e, 0x05, 0xcf, 0x66, 0xd2, 0x4d, 0x2f, 0x94, 0x27, + 0xe7, 0xa6, 0x2b, 0x63, 0x79, 0xf2, 0x69, 0x78, 0x2e, 0x93, 0xaa, 0x52, 0xad, 0x71, 0xb2, 0xc2, + 0x64, 0xe5, 0xbb, 0xff, 0xd3, 0xd5, 0x9e, 0xef, 0xfe, 0xc1, 0xd5, 0xdc, 0x3f, 0xf8, 0x83, 0xab, + 0xb9, 0x7f, 0xf6, 0x07, 0x57, 0x73, 0x5f, 0xbe, 0xbd, 0x9f, 0x98, 0x8e, 0x7c, 0xca, 0x5a, 0x2d, + 0xe1, 0x41, 0xfb, 0x2b, 0xff, 0x7f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x04, 0xc3, 0x8a, 0x39, 0x12, + 0x75, 0x01, 0x00, } func (m *Metadata) Marshal() (dAtA []byte, err error) { @@ -22817,6 +22823,11 @@ func (m *DatabaseSessionStart) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.PostgresPID != 0 { + i = encodeVarintEvents(dAtA, i, uint64(m.PostgresPID)) + i-- + dAtA[i] = 0x40 + } { size, err := m.DatabaseMetadata.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -39711,6 +39722,9 @@ func (m *DatabaseSessionStart) Size() (n int) { n += 1 + l + sovEvents(uint64(l)) l = m.DatabaseMetadata.Size() n += 1 + l + sovEvents(uint64(l)) + if m.PostgresPID != 0 { + n += 1 + sovEvents(uint64(m.PostgresPID)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -66964,6 +66978,25 @@ func (m *DatabaseSessionStart) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 8: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field PostgresPID", wireType) + } + m.PostgresPID = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEvents + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.PostgresPID |= uint32(b&0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipEvents(dAtA[iNdEx:]) diff --git a/api/types/matchers_gcp.go b/api/types/matchers_gcp.go index 8bc3c27a69b3f..e60fc8c73b7ab 100644 --- a/api/types/matchers_gcp.go +++ b/api/types/matchers_gcp.go @@ -102,8 +102,8 @@ func (m *GCPMatcher) CheckAndSetDefaults() error { m.Locations = []string{Wildcard} } - if slices.Contains(m.ProjectIDs, Wildcard) { - return trace.BadParameter("GCP discovery service project_ids does not support wildcards; please specify at least one value in project_ids.") + if slices.Contains(m.ProjectIDs, Wildcard) && len(m.ProjectIDs) > 1 { + return trace.BadParameter("GCP discovery service either supports wildcard project_ids or multiple values, but not both.") } if len(m.ProjectIDs) == 0 { return trace.BadParameter("GCP discovery service project_ids does cannot be empty; please specify at least one value in project_ids.") diff --git a/api/types/matchers_gcp_test.go b/api/types/matchers_gcp_test.go index 46eb18fe248d3..f56c93172b654 100644 --- a/api/types/matchers_gcp_test.go +++ b/api/types/matchers_gcp_test.go @@ -92,12 +92,12 @@ func TestGCPMatcherCheckAndSetDefaults(t *testing.T) { errCheck: isBadParameterErr, }, { - name: "wildcard is invalid for project ids", + name: "wildcard is valid for project ids", in: &GCPMatcher{ Types: []string{"gce"}, ProjectIDs: []string{"*"}, }, - errCheck: isBadParameterErr, + errCheck: require.NoError, }, { name: "invalid type", diff --git a/api/types/plugin.go b/api/types/plugin.go index 5f582a249b92d..4956503083523 100644 --- a/api/types/plugin.go +++ b/api/types/plugin.go @@ -318,6 +318,11 @@ func (p *PluginV1) CheckAndSetDefaults() error { if err := settings.EntraId.Validate(); err != nil { return trace.Wrap(err) } + // backfill the credentials source if it's not set. + if settings.EntraId.SyncSettings.CredentialsSource == EntraIDCredentialsSource_ENTRAID_CREDENTIALS_SOURCE_UNKNOWN { + settings.EntraId.SyncSettings.CredentialsSource = EntraIDCredentialsSource_ENTRAID_CREDENTIALS_SOURCE_OIDC + } + case *PluginSpecV1_Scim: if settings.Scim == nil { return trace.BadParameter("Must be used with SCIM settings") diff --git a/api/types/plugin_test.go b/api/types/plugin_test.go index e535591a48512..c94232e69bc79 100644 --- a/api/types/plugin_test.go +++ b/api/types/plugin_test.go @@ -855,8 +855,9 @@ func TestPluginEntraIDValidation(t *testing.T) { return &PluginSpecV1_EntraId{ EntraId: &PluginEntraIDSettings{ SyncSettings: &PluginEntraIDSyncSettings{ - DefaultOwners: []string{"admin"}, - SsoConnectorId: "myconnector", + DefaultOwners: []string{"admin"}, + SsoConnectorId: "myconnector", + CredentialsSource: EntraIDCredentialsSource_ENTRAID_CREDENTIALS_SOURCE_OIDC, }, }, } diff --git a/api/types/session_tracker.go b/api/types/session_tracker.go index 9456e1ad3691b..db07ea2578db5 100644 --- a/api/types/session_tracker.go +++ b/api/types/session_tracker.go @@ -28,7 +28,12 @@ import ( // SessionKind is a type of session. type SessionKind string +// These represent the possible values for the kind field in session trackers. const ( + // SSHSessionKind is the kind used for session tracking with the + // session_tracker resource used in Teleport 9+. Note that it is + // different from the legacy [types.KindSSHSession] value that was + // used prior to the introduction of moderated sessions. SSHSessionKind SessionKind = "ssh" KubernetesSessionKind SessionKind = "k8s" DatabaseSessionKind SessionKind = "db" diff --git a/api/types/types.pb.go b/api/types/types.pb.go index 97861fbd3d2c7..5ae6b27827f52 100644 --- a/api/types/types.pb.go +++ b/api/types/types.pb.go @@ -678,6 +678,40 @@ func (RequireMFAType) EnumDescriptor() ([]byte, []int) { return fileDescriptor_9198ee693835762e, []int{17} } +// EntraIDCredentialsSource defines the credentials source for Entra ID. +type EntraIDCredentialsSource int32 + +const ( + // ENTRAID_CREDENTIALS_SOURCE_UNKNOWN is used when the credentials source is not specified. + // Due to legacy reasons, UNKNOWN is handled as OIDC. + EntraIDCredentialsSource_ENTRAID_CREDENTIALS_SOURCE_UNKNOWN EntraIDCredentialsSource = 0 + // ENTRAID_CREDENTIALS_SOURCE_OIDC indicates that the plugin will authenticate with Azure/Entra ID using OIDC. + EntraIDCredentialsSource_ENTRAID_CREDENTIALS_SOURCE_OIDC EntraIDCredentialsSource = 1 + // ENTRAID_CREDENTIALS_SOURCE_SYSTEM_CREDENTIALS means the plugin will rely on system-provided credentials + // for authentication with Azure Entra ID, especially for clusters with no internet access. + EntraIDCredentialsSource_ENTRAID_CREDENTIALS_SOURCE_SYSTEM_CREDENTIALS EntraIDCredentialsSource = 2 +) + +var EntraIDCredentialsSource_name = map[int32]string{ + 0: "ENTRAID_CREDENTIALS_SOURCE_UNKNOWN", + 1: "ENTRAID_CREDENTIALS_SOURCE_OIDC", + 2: "ENTRAID_CREDENTIALS_SOURCE_SYSTEM_CREDENTIALS", +} + +var EntraIDCredentialsSource_value = map[string]int32{ + "ENTRAID_CREDENTIALS_SOURCE_UNKNOWN": 0, + "ENTRAID_CREDENTIALS_SOURCE_OIDC": 1, + "ENTRAID_CREDENTIALS_SOURCE_SYSTEM_CREDENTIALS": 2, +} + +func (x EntraIDCredentialsSource) String() string { + return proto.EnumName(EntraIDCredentialsSource_name, int32(x)) +} + +func (EntraIDCredentialsSource) EnumDescriptor() ([]byte, []int) { + return fileDescriptor_9198ee693835762e, []int{18} +} + type PluginStatusCode int32 const ( @@ -716,7 +750,7 @@ func (x PluginStatusCode) String() string { } func (PluginStatusCode) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_9198ee693835762e, []int{18} + return fileDescriptor_9198ee693835762e, []int{19} } // OktaPluginSyncStatusCode indicates the possible states of an Okta @@ -752,7 +786,7 @@ func (x OktaPluginSyncStatusCode) String() string { } func (OktaPluginSyncStatusCode) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_9198ee693835762e, []int{19} + return fileDescriptor_9198ee693835762e, []int{20} } // HeadlessAuthenticationState is a headless authentication state. @@ -787,7 +821,7 @@ func (x HeadlessAuthenticationState) String() string { } func (HeadlessAuthenticationState) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_9198ee693835762e, []int{20} + return fileDescriptor_9198ee693835762e, []int{21} } // InstallParamEnrollMode is the mode used to enroll the node into the cluster. @@ -820,7 +854,7 @@ func (x InstallParamEnrollMode) String() string { } func (InstallParamEnrollMode) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_9198ee693835762e, []int{21} + return fileDescriptor_9198ee693835762e, []int{22} } // The type of a KeepAlive. When adding a new type, please double-check @@ -1951,7 +1985,9 @@ type RDS struct { // Subnets is a list of subnets for the RDS instance. Subnets []string `protobuf:"bytes,5,rep,name=Subnets,proto3" json:"subnets,omitempty"` // VPCID is the VPC where the RDS is running. - VPCID string `protobuf:"bytes,6,opt,name=VPCID,proto3" json:"vpc_id,omitempty"` + VPCID string `protobuf:"bytes,6,opt,name=VPCID,proto3" json:"vpc_id,omitempty"` + // SecurityGroups is a list of attached security groups for the RDS instance. + SecurityGroups []string `protobuf:"bytes,7,rep,name=SecurityGroups,proto3" json:"security_groups,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -2647,9 +2683,9 @@ type InstanceSpecV1 struct { Services []SystemRole `protobuf:"bytes,2,rep,name=Services,proto3,casttype=SystemRole" json:"services,omitempty"` // Hostname is the hostname this instance most recently advertised. Hostname string `protobuf:"bytes,3,opt,name=Hostname,proto3" json:"hostname,omitempty"` - // AuthID is the ID of the auth server that most recently observed this instance. + // AuthID is the ID of the Auth Service that most recently observed this instance. AuthID string `protobuf:"bytes,4,opt,name=AuthID,proto3" json:"auth_id,omitempty"` - // LastSeen is the last time an auth server reported observing this instance. + // LastSeen is the last time an Auth Service server reported observing this instance. LastSeen time.Time `protobuf:"bytes,5,opt,name=LastSeen,proto3,stdtime" json:"last_seen,omitempty"` // ControlLog is the log of recent important instance control events related to this instance. See comments // on the InstanceControlLogEntry type for details. @@ -2699,10 +2735,10 @@ var xxx_messageInfo_InstanceSpecV1 proto.InternalMessageInfo // InstanceControlLogEntry represents an entry in a given instance's control log. The control log of // an instance is protected by CompareAndSwap semantics, allowing entries to function as a means of -// synchronization as well as recordkeeping. For example, an auth server intending to trigger an upgrade +// synchronization as well as recordkeeping. For example, an Auth Service instance intending to trigger an upgrade // for a given instance can check its control log for 'upgrade-attempt' entries. If no such entry exists, // it can attempt to write an 'upgrade-attempt' entry of its own. If that entry successfully writes without -// hitting a CompareFailed, the auth server knows that no other auth servers will make concurrent upgrade +// hitting a CompareFailed, the Auth Service instance knows that no other Auth Service instances will make concurrent upgrade // attempts while that entry persists. // // NOTE: Due to resource size and backend throughput limitations, care should be taken to minimize the @@ -2823,7 +2859,7 @@ func (m *InstanceFilter) XXX_DiscardUnknown() { var xxx_messageInfo_InstanceFilter proto.InternalMessageInfo -// ServerV2 represents a Node, App, Database, Proxy or Auth server in a Teleport cluster. +// ServerV2 represents a Node, App, Database, Proxy or Auth Service instance in a Teleport cluster. type ServerV2 struct { // Kind is a resource kind Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"` @@ -4111,7 +4147,7 @@ type TokenRule struct { // node is allowed to join from. AWSRegions []string `protobuf:"bytes,2,rep,name=AWSRegions,proto3" json:"aws_regions,omitempty"` // AWSRole is used for the EC2 join method and is the ARN of the AWS - // role that the auth server will assume in order to call the ec2 API. + // role that the Auth Service will assume in order to call the ec2 API. AWSRole string `protobuf:"bytes,3,opt,name=AWSRole,proto3" json:"aws_role,omitempty"` // AWSARN is used for the IAM join method, the AWS identity of joining nodes // must match this ARN. Supports wildcards "*" and "?". @@ -4357,7 +4393,7 @@ type ProvisionTokenSpecV2GitHub struct { // // This value should be the hostname of the GHES instance, and should not // include the scheme or a path. The instance must be accessible over HTTPS - // at this hostname and the certificate must be trusted by the Auth Server. + // at this hostname and the certificate must be trusted by the Auth Service. EnterpriseServerHost string `protobuf:"bytes,2,opt,name=EnterpriseServerHost,proto3" json:"enterprise_server_host,omitempty"` // EnterpriseSlug allows the slug of a GitHub Enterprise organisation to be // included in the expected issuer of the OIDC tokens. This is for @@ -4523,14 +4559,14 @@ type ProvisionTokenSpecV2GitLab_Rule struct { // `project_path:mygroup/my-project:ref_type:branch:ref:main` // project_path:GROUP/PROJECT:ref_type:TYPE:ref:BRANCH_NAME // - // This field supports simple "glob-style" matching: + // This field supports "glob-style" matching: // - Use '*' to match zero or more characters. // - Use '?' to match any single character. Sub string `protobuf:"bytes,1,opt,name=Sub,proto3" json:"sub,omitempty"` // Ref allows access to be limited to jobs triggered by a specific git ref. // Ensure this is used in combination with ref_type. // - // This field supports simple "glob-style" matching: + // This field supports "glob-style" matching: // - Use '*' to match zero or more characters. // - Use '?' to match any single character. Ref string `protobuf:"bytes,2,opt,name=Ref,proto3" json:"ref,omitempty"` @@ -4543,7 +4579,7 @@ type ProvisionTokenSpecV2GitLab_Rule struct { // Example: // `mygroup` // - // This field supports simple "glob-style" matching: + // This field supports "glob-style" matching: // - Use '*' to match zero or more characters. // - Use '?' to match any single character. NamespacePath string `protobuf:"bytes,4,opt,name=NamespacePath,proto3" json:"namespace_path,omitempty"` @@ -4551,7 +4587,7 @@ type ProvisionTokenSpecV2GitLab_Rule struct { // project. Example: // `mygroup/myproject` // - // This field supports simple "glob-style" matching: + // This field supports "glob-style" matching: // - Use '*' to match zero or more characters. // - Use '?' to match any single character. ProjectPath string `protobuf:"bytes,5,opt,name=ProjectPath,proto3" json:"project_path,omitempty"` @@ -5399,7 +5435,7 @@ type ClusterNameSpecV2 struct { // cluster is setup can and will cause catastrophic problems. ClusterName string `protobuf:"bytes,1,opt,name=ClusterName,proto3" json:"cluster_name"` // ClusterID is the unique cluster ID that is set once during the first - // auth server startup. + // Auth Service startup. ClusterID string `protobuf:"bytes,2,opt,name=ClusterID,proto3" json:"cluster_id"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` @@ -6011,7 +6047,7 @@ var xxx_messageInfo_AuthPreferenceV2 proto.InternalMessageInfo type AuthPreferenceSpecV2 struct { // Type is the type of authentication. Type string `protobuf:"bytes,1,opt,name=Type,proto3" json:"type"` - // SecondFactor is the type of second factor. + // SecondFactor is the type of mult-factor. SecondFactor github_com_gravitational_teleport_api_constants.SecondFactorType `protobuf:"bytes,2,opt,name=SecondFactor,proto3,casttype=github.com/gravitational/teleport/api/constants.SecondFactorType" json:"second_factor,omitempty"` // ConnectorName is the name of the OIDC or SAML connector. If this value is // not set the first connector in the backend will be used. @@ -6101,9 +6137,9 @@ var xxx_messageInfo_AuthPreferenceSpecV2 proto.InternalMessageInfo // Deprecated: U2F is transparently converted to WebAuthn by Teleport. Prefer // using WebAuthn instead. type U2F struct { - // AppID returns the application ID for universal second factor. + // AppID returns the application ID for universal mult-factor. AppID string `protobuf:"bytes,1,opt,name=AppID,proto3" json:"app_id,omitempty"` - // Facets returns the facets for universal second factor. + // Facets returns the facets for universal mult-factor. // Deprecated: Kept for backwards compatibility reasons, but Facets have no // effect since Teleport v10, when Webauthn replaced the U2F implementation. Facets []string `protobuf:"bytes,2,rep,name=Facets,proto3" json:"facets,omitempty"` @@ -6157,7 +6193,7 @@ type Webauthn struct { // IMPORTANT: RPID must never change in the lifetime of the cluster, because // it's recorded in the registration data on the WebAuthn device. If the // RPID changes, all existing WebAuthn key registrations will become invalid - // and all users who use WebAuthn as the second factor will need to + // and all users who use WebAuthn as the multi-factor will need to // re-register. RPID string `protobuf:"bytes,1,opt,name=RPID,proto3" json:"rp_id,omitempty"` // Allow list of device attestation CAs in PEM format. @@ -6659,7 +6695,7 @@ func (m *UserTokenSecretsSpecV3) XXX_DiscardUnknown() { var xxx_messageInfo_UserTokenSecretsSpecV3 proto.InternalMessageInfo -// AccessRequest represents an access request resource specification +// AccessRequest represents an Access Request resource specification type AccessRequestV3 struct { // Kind is a resource kind Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"` @@ -6761,7 +6797,7 @@ func (m *AccessReviewThreshold) XXX_DiscardUnknown() { var xxx_messageInfo_AccessReviewThreshold proto.InternalMessageInfo // PromotedAccessList is a minimal access list representation used for -// promoting access requests to access lists. +// promoting Access Requests to access lists. type PromotedAccessList struct { // Name is the name of the access list. Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"` @@ -6805,7 +6841,7 @@ func (m *PromotedAccessList) XXX_DiscardUnknown() { var xxx_messageInfo_PromotedAccessList proto.InternalMessageInfo -// AccessReview is a review to be applied to an access request. +// AccessReview is a review to be applied to an Access Request. type AccessReview struct { // Author is the teleport username of the review author. Author string `protobuf:"bytes,1,opt,name=Author,proto3" json:"author"` @@ -7003,7 +7039,7 @@ type AccessRequestSpecV3 struct { User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"` // Roles is the name of the roles being requested. Roles []string `protobuf:"bytes,2,rep,name=Roles,proto3" json:"roles"` - // State is the current state of this access request. + // State is the current state of this Access Request. State RequestState `protobuf:"varint,3,opt,name=State,proto3,enum=types.RequestState" json:"state,omitempty"` // Created encodes the time at which the request was registered with the auth // server. @@ -7022,10 +7058,10 @@ type AccessRequestSpecV3 struct { // arbitrary structured data to the audit log. ResolveAnnotations github_com_gravitational_teleport_api_types_wrappers.Traits `protobuf:"bytes,8,opt,name=ResolveAnnotations,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Traits" json:"resolve_annotations,omitempty"` // SystemAnnotations is a set of programmatically generated annotations attached - // to pending access requests by teleport. These annotations are generated by + // to pending Access Requests by teleport. These annotations are generated by // applying variable interpolation to the RoleConditions.Request.Annotations block // of a user's role(s). These annotations serve as a mechanism for administrators - // to pass extra information to plugins when they process pending access requests. + // to pass extra information to plugins when they process pending Access Requests. SystemAnnotations github_com_gravitational_teleport_api_types_wrappers.Traits `protobuf:"bytes,9,opt,name=SystemAnnotations,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Traits" json:"system_annotations,omitempty"` // Thresholds is a list of review thresholds relevant to this request. Order must be // preserved, as thresholds are referenced by index (internal use only). @@ -7046,11 +7082,11 @@ type AccessRequestSpecV3 struct { SuggestedReviewers []string `protobuf:"bytes,13,rep,name=SuggestedReviewers,proto3" json:"suggested_reviewers,omitempty"` // RequestedResourceIDs is a set of resources to which access is being requested. RequestedResourceIDs []ResourceID `protobuf:"bytes,14,rep,name=RequestedResourceIDs,proto3" json:"resource_ids,omitempty"` - // LoginHint is used as a hint for search-based access requests to select + // LoginHint is used as a hint for search-based Access Requests to select // roles based on the login the user is attempting. LoginHint string `protobuf:"bytes,15,opt,name=LoginHint,proto3" json:"login_hint,omitempty"` // DryRun indicates that the request should not actually be created, the - // auth server should only validate the access request. + // Auth Service should only validate the Access Request. DryRun bool `protobuf:"varint,16,opt,name=DryRun,proto3" json:"dry_run,omitempty"` // MaxDuration indicates how long the access should be granted for. MaxDuration time.Time `protobuf:"bytes,17,opt,name=MaxDuration,proto3,stdtime" json:"max_duration,omitempty"` @@ -7100,7 +7136,7 @@ func (m *AccessRequestSpecV3) XXX_DiscardUnknown() { var xxx_messageInfo_AccessRequestSpecV3 proto.InternalMessageInfo -// AccessRequestFilter encodes filter params for access requests. +// AccessRequestFilter encodes filter params for Access Requests. type AccessRequestFilter struct { // ID specifies a request ID if set. ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"id,omitempty"` @@ -7116,7 +7152,7 @@ type AccessRequestFilter struct { SearchKeywords []string `protobuf:"bytes,4,rep,name=SearchKeywords,proto3" json:"search,omitempty"` // Scope is an aditional filter to view requests based on needs review, reviewed, my requests Scope AccessRequestScope `protobuf:"varint,5,opt,name=Scope,proto3,enum=types.AccessRequestScope" json:"scope,omitempty"` - // Requester is the requester of the api call. This is set by the auth server + // Requester is the requester of the api call. This is set by the Auth Service // Use User for the requester of the request. Requester string `protobuf:"bytes,6,opt,name=Requester,proto3" json:"requester,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` @@ -7750,7 +7786,7 @@ type RoleOptions struct { // workstation and the remote desktop. It defaults to false unless explicitly set to // true. DesktopDirectorySharing *BoolOption `protobuf:"bytes,19,opt,name=DesktopDirectorySharing,proto3,customtype=BoolOption" json:"desktop_directory_sharing"` - // CreateHostUser allows users to be automatically created on a host + // Deprecated: use CreateHostUserMode instead. CreateHostUser *BoolOption `protobuf:"bytes,20,opt,name=CreateHostUser,proto3,customtype=BoolOption" json:"create_host_user,omitempty"` // PinSourceIP forces the same client IP for certificate generation and usage PinSourceIP Bool `protobuf:"varint,21,opt,name=PinSourceIP,proto3,casttype=Bool" json:"pin_source_ip"` @@ -8341,7 +8377,7 @@ type AccessRequestConditions struct { // ClaimsToRoles specifies a mapping from claims (traits) to teleport roles. ClaimsToRoles []ClaimMapping `protobuf:"bytes,2,rep,name=ClaimsToRoles,proto3" json:"claims_to_roles,omitempty"` // Annotations is a collection of annotations to be programmatically - // appended to pending access requests at the time of their creation. + // appended to pending Access Requests at the time of their creation. // These annotations serve as a mechanism to propagate extra information // to plugins. Since these annotations support variable interpolation // syntax, they also offer a mechanism for forwarding claims from an @@ -8454,7 +8490,7 @@ func (m *AccessReviewConditions) XXX_DiscardUnknown() { var xxx_messageInfo_AccessReviewConditions proto.InternalMessageInfo -// AccessRequestAllowedPromotion describes an allowed promotion to an access list. +// AccessRequestAllowedPromotion describes an allowed promotion to an Access List. type AccessRequestAllowedPromotion struct { // associated access list AccessListName string `protobuf:"bytes,1,opt,name=accessListName,proto3" json:"accessListName,omitempty"` @@ -9135,7 +9171,7 @@ type LocalAuthSecrets struct { MFA []*MFADevice `protobuf:"bytes,5,rep,name=MFA,proto3" json:"mfa,omitempty"` // Webauthn holds settings necessary for webauthn local auth. // May be null for legacy users or users that haven't yet used webauthn as - // their second factor. + // their multi-factor. Webauthn *WebauthnLocalAuth `protobuf:"bytes,6,opt,name=Webauthn,proto3" json:"webauthn,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` @@ -11605,7 +11641,7 @@ var xxx_messageInfo_OIDCConnectorV3List proto.InternalMessageInfo type OIDCConnectorSpecV3 struct { // IssuerURL is the endpoint of the provider, e.g. https://accounts.google.com. IssuerURL string `protobuf:"bytes,1,opt,name=IssuerURL,proto3" json:"issuer_url"` - // ClientID is the id of the authentication client (Teleport Auth server). + // ClientID is the id of the authentication client (Teleport Auth Service). ClientID string `protobuf:"bytes,2,opt,name=ClientID,proto3" json:"client_id"` // ClientSecret is used to authenticate the client. ClientSecret string `protobuf:"bytes,3,opt,name=ClientSecret,proto3" json:"client_secret"` @@ -11772,7 +11808,7 @@ func (m *SSOClientRedirectSettings) XXX_DiscardUnknown() { var xxx_messageInfo_SSOClientRedirectSettings proto.InternalMessageInfo // OIDCAuthRequest is a request to authenticate with OIDC -// provider, the state about request is managed by auth server +// provider, the state about request is managed by Auth Service type OIDCAuthRequest struct { // ConnectorID is ID of OIDC connector this request uses ConnectorID string `protobuf:"bytes,1,opt,name=ConnectorID,proto3" json:"connector_id"` @@ -11789,7 +11825,7 @@ type OIDCAuthRequest struct { // Teleport Proxy after the oidc login attempt in the browser. RedirectURL string `protobuf:"bytes,6,opt,name=RedirectURL,proto3" json:"redirect_url"` // PublicKey is an optional public key, users want these - // keys to be signed by auth servers user CA in case + // keys to be signed by Auth Service's user CA in case // of successful auth PublicKey []byte `protobuf:"bytes,7,opt,name=PublicKey,proto3" json:"public_key"` // CertTTL is the TTL of the certificate user wants to get @@ -12031,7 +12067,7 @@ func (m *SAMLConnectorSpecV2) XXX_DiscardUnknown() { var xxx_messageInfo_SAMLConnectorSpecV2 proto.InternalMessageInfo // SAMLAuthRequest is a request to authenticate with SAML -// provider, the state about request is managed by auth server. +// provider, the state about request is managed by the Auth Service type SAMLAuthRequest struct { // ID is a unique request ID. ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"id"` @@ -12044,7 +12080,7 @@ type SAMLAuthRequest struct { // RedirectURL will be used by browser. RedirectURL string `protobuf:"bytes,5,opt,name=RedirectURL,proto3" json:"redirect_url"` // PublicKey is an optional public key, users want these - // keys to be signed by auth servers user CA in case + // keys to be signed by Auth Service's user CA in case // of successful auth. PublicKey []byte `protobuf:"bytes,6,opt,name=PublicKey,proto3" json:"public_key"` // CertTTL is the TTL of the certificate user wants to get. @@ -13073,7 +13109,7 @@ type LockTarget struct { // Login specifies the name of a local UNIX user. Login string `protobuf:"bytes,3,opt,name=Login,proto3" json:"login,omitempty"` // Node specifies the UUID of a Teleport node. - // A matching node is also prevented from heartbeating to the auth server. + // A matching node is also prevented from heartbeating to the Auth Service. // DEPRECATED: use ServerID instead. Node string `protobuf:"bytes,4,opt,name=Node,proto3" json:"node,omitempty"` // Deprecated: Do not use. // MFADevice specifies the UUID of a user MFA device. @@ -13538,7 +13574,7 @@ func (m *Resolution) XXX_DiscardUnknown() { var xxx_messageInfo_Resolution proto.InternalMessageInfo -// RegisterUsingTokenRequest is a request to register with the auth server using +// RegisterUsingTokenRequest is a request to register with the Auth Service using // an authentication token type RegisterUsingTokenRequest struct { // HostID is a unique host ID, usually a UUID @@ -13622,7 +13658,7 @@ func (m *RegisterUsingTokenRequest) XXX_DiscardUnknown() { var xxx_messageInfo_RegisterUsingTokenRequest proto.InternalMessageInfo // RecoveryCodes holds a user's recovery code information. Recovery codes allows users to regain -// access to their account by restoring their lost password or second factor. Once a recovery code +// access to their account by restoring their lost password or multi-factor. Once a recovery code // is successfully verified, the code is mark used (which invalidates it), and lets the user begin // the recovery flow. When a user successfully finishes the recovery flow, users will get a new set // of codes that will replace all the previous ones. @@ -15944,8 +15980,14 @@ var xxx_messageInfo_PluginEntraIDSettings proto.InternalMessageInfo type PluginEntraIDSyncSettings struct { // DefaultOwners are the default owners for all imported access lists. DefaultOwners []string `protobuf:"bytes,1,rep,name=default_owners,json=defaultOwners,proto3" json:"default_owners,omitempty"` - // SSOConnectorID is the name of the Teleport SSO connector created and used by the Entra ID plugin - SsoConnectorId string `protobuf:"bytes,2,opt,name=sso_connector_id,json=ssoConnectorId,proto3" json:"sso_connector_id,omitempty"` + // SSOConnectorID is the name of the Teleport SSO connector created and used by the Entra ID plugin. + SsoConnectorId string `protobuf:"bytes,2,opt,name=sso_connector_id,json=ssoConnectorId,proto3" json:"sso_connector_id,omitempty"` + // credentials_source specifies the source of the credentials used for authentication with Azure. + CredentialsSource EntraIDCredentialsSource `protobuf:"varint,3,opt,name=credentials_source,json=credentialsSource,proto3,enum=types.EntraIDCredentialsSource" json:"credentials_source,omitempty"` + // tenant_id refers to the Azure Directory that this plugin synchronizes with. + // This field is populated on a best-effort basis for legacy plugins but mandatory for plugins created after its introduction. + // For existing plugins, it is filled in using the Entra integration when utilized. + TenantId string `protobuf:"bytes,4,opt,name=tenant_id,json=tenantId,proto3" json:"tenant_id,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -19639,6 +19681,7 @@ func init() { proto.RegisterEnum("types.SessionState", SessionState_name, SessionState_value) proto.RegisterEnum("types.AlertSeverity", AlertSeverity_name, AlertSeverity_value) proto.RegisterEnum("types.RequireMFAType", RequireMFAType_name, RequireMFAType_value) + proto.RegisterEnum("types.EntraIDCredentialsSource", EntraIDCredentialsSource_name, EntraIDCredentialsSource_value) proto.RegisterEnum("types.PluginStatusCode", PluginStatusCode_name, PluginStatusCode_value) proto.RegisterEnum("types.OktaPluginSyncStatusCode", OktaPluginSyncStatusCode_name, OktaPluginSyncStatusCode_value) proto.RegisterEnum("types.HeadlessAuthenticationState", HeadlessAuthenticationState_name, HeadlessAuthenticationState_value) @@ -20028,1737 +20071,1745 @@ func init() { func init() { proto.RegisterFile("teleport/legacy/types/types.proto", fileDescriptor_9198ee693835762e) } var fileDescriptor_9198ee693835762e = []byte{ - // 27675 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x6b, 0x8c, 0x5c, 0x59, - 0x7a, 0x18, 0x36, 0x55, 0xd5, 0x8f, 0xea, 0xaf, 0x5f, 0xd5, 0xa7, 0xf9, 0x68, 0x72, 0x86, 0x2c, - 0xce, 0xe5, 0x0c, 0x87, 0x9c, 0x07, 0xb9, 0x6c, 0xee, 0x70, 0x77, 0x76, 0x9e, 0xd5, 0x0f, 0xb2, - 0x8b, 0x6c, 0x76, 0xf7, 0xde, 0x6a, 0x92, 0x3b, 0xda, 0xc7, 0xdd, 0xdb, 0x55, 0xa7, 0xbb, 0xef, - 0xb0, 0xaa, 0x6e, 0xed, 0xbd, 0xb7, 0xd8, 0xec, 0x95, 0x1d, 0x4b, 0xb2, 0xd7, 0x1b, 0xc3, 0x91, - 0x65, 0xc5, 0x52, 0x24, 0x07, 0xb2, 0x20, 0xc8, 0xb1, 0xa3, 0x38, 0xb1, 0x90, 0x48, 0x36, 0xe2, - 0x40, 0x88, 0x2c, 0x05, 0x82, 0xb2, 0x91, 0x81, 0x58, 0x40, 0x9c, 0xd7, 0x46, 0x68, 0x45, 0x91, - 0x11, 0x04, 0x8d, 0x04, 0x90, 0x63, 0xc0, 0x49, 0x26, 0x90, 0x13, 0x9c, 0xef, 0x3c, 0xee, 0x39, - 0xf7, 0xde, 0xaa, 0xae, 0x9e, 0xe1, 0xd8, 0xe2, 0x42, 0x7f, 0xc8, 0xae, 0xef, 0x7c, 0xdf, 0x77, - 0xee, 0x79, 0x7f, 0xe7, 0x3b, 0xdf, 0x03, 0x5e, 0x8c, 0x68, 0x93, 0x76, 0xfc, 0x20, 0xba, 0xd6, - 0xa4, 0x3b, 0x6e, 0x7d, 0xff, 0x5a, 0xb4, 0xdf, 0xa1, 0x21, 0xff, 0xf7, 0x6a, 0x27, 0xf0, 0x23, - 0x9f, 0x0c, 0xe3, 0x8f, 0xb3, 0x27, 0x76, 0xfc, 0x1d, 0x1f, 0x21, 0xd7, 0xd8, 0x5f, 0xbc, 0xf0, - 0xec, 0xf9, 0x1d, 0xdf, 0xdf, 0x69, 0xd2, 0x6b, 0xf8, 0x6b, 0xab, 0xbb, 0x7d, 0xad, 0xd1, 0x0d, - 0xdc, 0xc8, 0xf3, 0xdb, 0xa2, 0xbc, 0x9c, 0x2c, 0x8f, 0xbc, 0x16, 0x0d, 0x23, 0xb7, 0xd5, 0x11, - 0x08, 0x57, 0xd4, 0x07, 0xb8, 0x51, 0xc4, 0x4a, 0x18, 0xf1, 0xb5, 0xc7, 0xd7, 0xf5, 0x9f, 0x02, - 0xf5, 0x8d, 0xec, 0x6f, 0xdd, 0x0b, 0xdc, 0x4e, 0x87, 0x06, 0xf1, 0x1f, 0x1c, 0xdd, 0xfa, 0xf9, - 0x02, 0x8c, 0xdd, 0xa5, 0xb4, 0x53, 0x69, 0x7a, 0x8f, 0x29, 0xb9, 0x08, 0x43, 0x6b, 0x6e, 0x8b, - 0xce, 0xe5, 0x2e, 0xe4, 0x2e, 0x8f, 0x2d, 0x4c, 0x1f, 0x1e, 0x94, 0xc7, 0x43, 0x1a, 0x3c, 0xa6, - 0x81, 0xd3, 0x76, 0x5b, 0xd4, 0xc6, 0x42, 0xf2, 0x1a, 0x8c, 0xb1, 0xff, 0xc3, 0x8e, 0x5b, 0xa7, - 0x73, 0x79, 0xc4, 0x9c, 0x3c, 0x3c, 0x28, 0x8f, 0xb5, 0x25, 0xd0, 0x8e, 0xcb, 0x49, 0x15, 0x46, - 0x97, 0x9f, 0x74, 0xbc, 0x80, 0x86, 0x73, 0x43, 0x17, 0x72, 0x97, 0xc7, 0xe7, 0xcf, 0x5e, 0xe5, - 0x8d, 0xbd, 0x2a, 0x1b, 0x7b, 0x75, 0x53, 0x36, 0x76, 0x61, 0xf6, 0x7b, 0x07, 0xe5, 0xe7, 0x0e, - 0x0f, 0xca, 0xa3, 0x94, 0x93, 0xfc, 0xd5, 0xdf, 0x2f, 0xe7, 0x6c, 0x49, 0x4f, 0xde, 0x81, 0xa1, - 0xcd, 0xfd, 0x0e, 0x9d, 0x1b, 0xbb, 0x90, 0xbb, 0x3c, 0x35, 0x7f, 0xfe, 0x2a, 0xef, 0x7e, 0xf5, - 0xf1, 0xf1, 0x5f, 0x0c, 0x6b, 0xa1, 0x78, 0x78, 0x50, 0x1e, 0x62, 0x28, 0x36, 0x52, 0x91, 0x37, - 0x60, 0x64, 0xc5, 0x0f, 0xa3, 0xea, 0xd2, 0x1c, 0xe0, 0x27, 0x9f, 0x3c, 0x3c, 0x28, 0xcf, 0xec, - 0xfa, 0x61, 0xe4, 0x78, 0x8d, 0xd7, 0xfd, 0x96, 0x17, 0xd1, 0x56, 0x27, 0xda, 0xb7, 0x05, 0x92, - 0xf5, 0x04, 0x26, 0x0d, 0x7e, 0x64, 0x1c, 0x46, 0xef, 0xaf, 0xdd, 0x5d, 0x5b, 0x7f, 0xb8, 0x56, - 0x7a, 0x8e, 0x14, 0x61, 0x68, 0x6d, 0x7d, 0x69, 0xb9, 0x94, 0x23, 0xa3, 0x50, 0xa8, 0x6c, 0x6c, - 0x94, 0xf2, 0x64, 0x02, 0x8a, 0x4b, 0x95, 0xcd, 0xca, 0x42, 0xa5, 0xb6, 0x5c, 0x2a, 0x90, 0x59, - 0x98, 0x7e, 0x58, 0x5d, 0x5b, 0x5a, 0x7f, 0x58, 0x73, 0x96, 0x96, 0x6b, 0x77, 0x37, 0xd7, 0x37, - 0x4a, 0x43, 0x64, 0x0a, 0xe0, 0xee, 0xfd, 0x85, 0x65, 0x7b, 0x6d, 0x79, 0x73, 0xb9, 0x56, 0x1a, - 0x26, 0x27, 0xa0, 0x24, 0x49, 0x9c, 0xda, 0xb2, 0xfd, 0xa0, 0xba, 0xb8, 0x5c, 0x1a, 0xb9, 0x33, - 0x54, 0x2c, 0x94, 0x86, 0xec, 0xd1, 0x55, 0xea, 0x86, 0xb4, 0xba, 0x64, 0xfd, 0xcd, 0x02, 0x14, - 0xef, 0xd1, 0xc8, 0x6d, 0xb8, 0x91, 0x4b, 0x5e, 0x30, 0xc6, 0x07, 0x9b, 0xa8, 0x0d, 0xcc, 0xc5, - 0xf4, 0xc0, 0x0c, 0x1f, 0x1e, 0x94, 0x73, 0x6f, 0xe8, 0x03, 0xf2, 0x36, 0x8c, 0x2f, 0xd1, 0xb0, - 0x1e, 0x78, 0x1d, 0x36, 0x69, 0xe6, 0x0a, 0x88, 0x76, 0xe6, 0xf0, 0xa0, 0x7c, 0xb2, 0x11, 0x83, - 0xb5, 0x0e, 0xd1, 0xb1, 0x49, 0x15, 0x46, 0x56, 0xdd, 0x2d, 0xda, 0x0c, 0xe7, 0x86, 0x2f, 0x14, - 0x2e, 0x8f, 0xcf, 0x3f, 0x2f, 0x06, 0x41, 0x7e, 0xe0, 0x55, 0x5e, 0xba, 0xdc, 0x8e, 0x82, 0xfd, - 0x85, 0x13, 0x87, 0x07, 0xe5, 0x52, 0x13, 0x01, 0x7a, 0x07, 0x73, 0x14, 0x52, 0x8b, 0x27, 0xc6, - 0xc8, 0x91, 0x13, 0xe3, 0xdc, 0xf7, 0x0e, 0xca, 0x39, 0x36, 0x60, 0x62, 0x62, 0xc4, 0xfc, 0xcc, - 0x29, 0x32, 0x0f, 0x45, 0x9b, 0x3e, 0xf6, 0x42, 0xd6, 0xb2, 0x22, 0xb6, 0xec, 0xd4, 0xe1, 0x41, - 0x99, 0x04, 0x02, 0xa6, 0x7d, 0x86, 0xc2, 0x3b, 0xfb, 0x16, 0x8c, 0x6b, 0x5f, 0x4d, 0x4a, 0x50, - 0x78, 0x44, 0xf7, 0x79, 0x0f, 0xdb, 0xec, 0x4f, 0x72, 0x02, 0x86, 0x1f, 0xbb, 0xcd, 0xae, 0xe8, - 0x52, 0x9b, 0xff, 0xf8, 0x52, 0xfe, 0x8b, 0xb9, 0x3b, 0x43, 0xc5, 0xd1, 0x52, 0xd1, 0xce, 0x57, - 0x97, 0xac, 0x7f, 0x7b, 0x08, 0x8a, 0xb6, 0xcf, 0x17, 0x22, 0xb9, 0x02, 0xc3, 0xb5, 0xc8, 0x8d, - 0xe4, 0x30, 0xcd, 0x1e, 0x1e, 0x94, 0xa7, 0xd9, 0x22, 0xa5, 0x5a, 0xfd, 0x1c, 0x83, 0xa1, 0x6e, - 0xec, 0xba, 0xa1, 0x1c, 0x2e, 0x44, 0xed, 0x30, 0x80, 0x8e, 0x8a, 0x18, 0xe4, 0x12, 0x0c, 0xdd, - 0xf3, 0x1b, 0x54, 0x8c, 0x18, 0x39, 0x3c, 0x28, 0x4f, 0xb5, 0xfc, 0x86, 0x8e, 0x88, 0xe5, 0xe4, - 0x75, 0x18, 0x5b, 0xec, 0x06, 0x01, 0x6d, 0xb3, 0xb9, 0x3e, 0x84, 0xc8, 0x53, 0x87, 0x07, 0x65, - 0xa8, 0x73, 0xa0, 0xe3, 0x35, 0xec, 0x18, 0x81, 0x0d, 0x43, 0x2d, 0x72, 0x83, 0x88, 0x36, 0xe6, - 0x86, 0x07, 0x1a, 0x06, 0xb6, 0x3e, 0x67, 0x42, 0x4e, 0x92, 0x1c, 0x06, 0xc1, 0x89, 0xac, 0xc0, - 0xf8, 0xed, 0xc0, 0xad, 0xd3, 0x0d, 0x1a, 0x78, 0x7e, 0x03, 0xc7, 0xb7, 0xb0, 0x70, 0xe9, 0xf0, - 0xa0, 0x7c, 0x6a, 0x87, 0x81, 0x9d, 0x0e, 0xc2, 0x63, 0xea, 0x8f, 0x0f, 0xca, 0xc5, 0x25, 0xb1, - 0x25, 0xda, 0x3a, 0x29, 0xf9, 0x26, 0x1b, 0x9c, 0x30, 0xc2, 0xae, 0xa5, 0x8d, 0xb9, 0xd1, 0x23, - 0x3f, 0xd1, 0x12, 0x9f, 0x78, 0xaa, 0xe9, 0x86, 0x91, 0x13, 0x70, 0xba, 0xc4, 0x77, 0xea, 0x2c, - 0xc9, 0x3a, 0x14, 0x6b, 0xf5, 0x5d, 0xda, 0xe8, 0x36, 0x29, 0x4e, 0x99, 0xf1, 0xf9, 0xd3, 0x62, - 0x52, 0xcb, 0xf1, 0x94, 0xc5, 0x0b, 0x67, 0x05, 0x6f, 0x12, 0x0a, 0x88, 0x3e, 0x9f, 0x24, 0xd6, - 0x97, 0x8a, 0x3f, 0xfb, 0x0b, 0xe5, 0xe7, 0x7e, 0xe4, 0xf7, 0x2e, 0x3c, 0x67, 0xfd, 0xa7, 0x79, - 0x28, 0x25, 0x99, 0x90, 0x6d, 0x98, 0xbc, 0xdf, 0x69, 0xb8, 0x11, 0x5d, 0x6c, 0x7a, 0xb4, 0x1d, - 0x85, 0x38, 0x49, 0xfa, 0xb7, 0xe9, 0x25, 0x51, 0xef, 0x5c, 0x17, 0x09, 0x9d, 0x3a, 0xa7, 0x4c, - 0xb4, 0xca, 0x64, 0x1b, 0xd7, 0x53, 0xc3, 0x0d, 0x3c, 0xc4, 0x19, 0x76, 0xbc, 0x7a, 0xf8, 0xd6, - 0xdf, 0xa3, 0x1e, 0xc1, 0x56, 0x4c, 0xa0, 0x76, 0x63, 0x6b, 0x1f, 0x67, 0xe6, 0xe0, 0x13, 0x88, - 0x91, 0x64, 0x4c, 0x20, 0x06, 0xb6, 0xfe, 0x69, 0x0e, 0xa6, 0x6c, 0x1a, 0xfa, 0xdd, 0xa0, 0x4e, - 0x57, 0xa8, 0xdb, 0xa0, 0x01, 0x9b, 0xfe, 0x77, 0xbd, 0x76, 0x43, 0xac, 0x29, 0x9c, 0xfe, 0x8f, - 0xbc, 0xb6, 0xbe, 0x75, 0x63, 0x39, 0xf9, 0x1c, 0x8c, 0xd6, 0xba, 0x5b, 0x88, 0x9a, 0x8f, 0x77, - 0x80, 0xb0, 0xbb, 0xe5, 0x24, 0xd0, 0x25, 0x1a, 0xb9, 0x06, 0xa3, 0x0f, 0x68, 0x10, 0xc6, 0xbb, - 0x21, 0x1e, 0x0d, 0x8f, 0x39, 0x48, 0x27, 0x10, 0x58, 0xe4, 0x76, 0xbc, 0x23, 0x8b, 0x43, 0x6d, - 0x3a, 0xb1, 0x0f, 0xc6, 0x53, 0xa5, 0x25, 0x20, 0xfa, 0x54, 0x91, 0x58, 0xd6, 0x4f, 0xe6, 0xa1, - 0xb4, 0xe4, 0x46, 0xee, 0x96, 0x1b, 0x8a, 0xfe, 0x7c, 0x70, 0x83, 0xed, 0xf1, 0x5a, 0x43, 0x71, - 0x8f, 0x67, 0x5f, 0xfe, 0x89, 0x9b, 0xf7, 0x72, 0xb2, 0x79, 0xe3, 0xec, 0x84, 0x15, 0xcd, 0x8b, - 0x1b, 0xf5, 0xee, 0xd1, 0x8d, 0x2a, 0x89, 0x46, 0x15, 0x65, 0xa3, 0xe2, 0xa6, 0x90, 0x77, 0x61, - 0xa8, 0xd6, 0xa1, 0x75, 0xb1, 0x89, 0xc8, 0x73, 0xc1, 0x6c, 0x1c, 0x43, 0x78, 0x70, 0x63, 0x61, - 0x42, 0xb0, 0x19, 0x0a, 0x3b, 0xb4, 0x6e, 0x23, 0x99, 0xb6, 0x68, 0xfe, 0x41, 0x01, 0x4e, 0x64, - 0x91, 0xe9, 0xed, 0x18, 0xe9, 0xd3, 0x8e, 0xcb, 0x50, 0x64, 0x47, 0x38, 0x3b, 0x16, 0x71, 0xbb, - 0x18, 0x5b, 0x98, 0x60, 0x9f, 0xbc, 0x2b, 0x60, 0xb6, 0x2a, 0x25, 0x17, 0x95, 0x44, 0x50, 0x8c, - 0xf9, 0x09, 0x89, 0x40, 0xca, 0x01, 0x6c, 0xac, 0xe5, 0x12, 0x46, 0xc1, 0x21, 0xee, 0x16, 0x09, - 0x8e, 0xc7, 0x3a, 0x10, 0x10, 0xe3, 0x98, 0x91, 0x87, 0xc2, 0x32, 0x14, 0x65, 0xb3, 0xe6, 0x26, - 0x90, 0xd1, 0x4c, 0xa2, 0x93, 0x1e, 0xdc, 0xe0, 0x83, 0xd9, 0x10, 0xbf, 0x75, 0x36, 0x12, 0x87, - 0xdc, 0x80, 0xe2, 0x46, 0xe0, 0x3f, 0xd9, 0xaf, 0x2e, 0x85, 0x73, 0x93, 0x17, 0x0a, 0x97, 0xc7, - 0x16, 0x4e, 0x1f, 0x1e, 0x94, 0x67, 0x3b, 0x0c, 0xe6, 0x78, 0x0d, 0xfd, 0xa4, 0x55, 0x88, 0x77, - 0x86, 0x8a, 0xb9, 0x52, 0xfe, 0xce, 0x50, 0x31, 0x5f, 0x2a, 0x70, 0xf1, 0xe2, 0xce, 0x50, 0x71, - 0xa8, 0x34, 0x7c, 0x67, 0xa8, 0x38, 0x8c, 0x02, 0xc7, 0x58, 0x09, 0xee, 0x0c, 0x15, 0xc7, 0x4b, - 0x13, 0xc6, 0x69, 0x8f, 0x0c, 0x22, 0xbf, 0xee, 0x37, 0xed, 0xc2, 0x7d, 0xbb, 0x6a, 0x8f, 0x2c, - 0x56, 0x16, 0x69, 0x10, 0xd9, 0x85, 0xca, 0xc3, 0x9a, 0x3d, 0xb9, 0xb4, 0xdf, 0x76, 0x5b, 0x5e, - 0x9d, 0x1f, 0x9d, 0x76, 0xe1, 0xf6, 0xe2, 0x86, 0x55, 0x81, 0xa9, 0xb8, 0x2d, 0xab, 0x5e, 0x18, - 0x91, 0x6b, 0x30, 0x26, 0x21, 0x6c, 0xa3, 0x2b, 0x64, 0xb6, 0xda, 0x8e, 0x71, 0xac, 0xdf, 0xce, - 0x03, 0xc4, 0x25, 0xcf, 0xe8, 0x5a, 0xf8, 0x82, 0xb1, 0x16, 0x4e, 0x26, 0xd7, 0x42, 0xcf, 0x55, - 0x40, 0xde, 0x87, 0x11, 0x26, 0x16, 0x74, 0xa5, 0x48, 0x74, 0x3a, 0x49, 0x8a, 0x85, 0x0f, 0x6e, - 0x2c, 0x4c, 0x09, 0xe2, 0x91, 0x10, 0x21, 0xb6, 0x20, 0xd3, 0x96, 0xd1, 0xcf, 0x8f, 0xc6, 0x83, - 0x21, 0x16, 0xd0, 0x65, 0x50, 0x03, 0x2a, 0x3a, 0x14, 0x57, 0x46, 0x47, 0x0e, 0xb2, 0x2a, 0x25, - 0x67, 0x80, 0x0d, 0xb8, 0xe8, 0xd4, 0xd1, 0xc3, 0x83, 0x72, 0xa1, 0x1b, 0x78, 0x38, 0x09, 0xc8, - 0x35, 0x10, 0xd3, 0x40, 0x74, 0x20, 0x9b, 0x7d, 0x33, 0x75, 0xd7, 0xa9, 0xd3, 0x20, 0x8a, 0x7b, - 0x7c, 0x2e, 0x27, 0x67, 0x0b, 0xe9, 0x80, 0x39, 0x55, 0xe6, 0x86, 0x70, 0x1a, 0x5c, 0xce, 0xec, - 0x95, 0xab, 0x06, 0x2a, 0x17, 0x23, 0x2f, 0xc8, 0x53, 0xa9, 0xc1, 0xcb, 0x9c, 0x94, 0x48, 0x69, - 0x56, 0x40, 0x6e, 0x00, 0x9b, 0xa1, 0xa2, 0xf7, 0x41, 0xd4, 0x53, 0x79, 0x58, 0x5b, 0x38, 0x29, - 0x38, 0x4d, 0xba, 0x7b, 0x3a, 0x39, 0xc3, 0x26, 0x6f, 0x03, 0x9b, 0xc2, 0xa2, 0xdf, 0x89, 0x20, - 0xba, 0xbd, 0xb8, 0xb1, 0xd8, 0xf4, 0xbb, 0x8d, 0xda, 0x97, 0x57, 0x63, 0xe2, 0x9d, 0x7a, 0x47, - 0x27, 0xbe, 0xbd, 0xb8, 0x41, 0xde, 0x86, 0xe1, 0xca, 0xb7, 0xbb, 0x01, 0x15, 0xf2, 0xc9, 0x84, - 0xac, 0x93, 0xc1, 0x16, 0x4e, 0x0b, 0xc2, 0x69, 0x97, 0xfd, 0xd4, 0xe5, 0x3a, 0x2c, 0x67, 0x35, - 0x6f, 0xae, 0xd6, 0x84, 0xec, 0x41, 0x12, 0xdd, 0xb2, 0xb9, 0xaa, 0x7d, 0x76, 0x64, 0xb4, 0x9a, - 0x51, 0x91, 0x6b, 0x90, 0xaf, 0x2c, 0xe1, 0x8d, 0x68, 0x7c, 0x7e, 0x4c, 0x56, 0xbb, 0xb4, 0x70, - 0x42, 0x90, 0x4c, 0xb8, 0xfa, 0x32, 0xc8, 0x57, 0x96, 0xc8, 0x02, 0x0c, 0xdf, 0xdb, 0xaf, 0x7d, - 0x79, 0x55, 0x6c, 0x66, 0xb3, 0x72, 0x5e, 0x33, 0xd8, 0x3a, 0x2e, 0xfb, 0x30, 0xfe, 0xe2, 0xd6, - 0x7e, 0xf8, 0xad, 0xa6, 0xfe, 0xc5, 0x88, 0x46, 0x36, 0x60, 0xac, 0xd2, 0x68, 0x79, 0xed, 0xfb, - 0x21, 0x0d, 0xe6, 0xc6, 0x91, 0xcf, 0x5c, 0xe2, 0xbb, 0x55, 0xf9, 0xc2, 0xdc, 0xe1, 0x41, 0xf9, - 0x84, 0xcb, 0x7e, 0x3a, 0xdd, 0x90, 0x06, 0x1a, 0xb7, 0x98, 0x09, 0xd9, 0x00, 0xb8, 0xe7, 0xb7, - 0x77, 0xfc, 0x4a, 0xd4, 0x74, 0xc3, 0xc4, 0xf6, 0x18, 0x17, 0x28, 0xf1, 0xe1, 0x64, 0x8b, 0xc1, - 0x1c, 0x97, 0x01, 0x35, 0x86, 0x1a, 0x0f, 0x72, 0x0b, 0x46, 0xd6, 0x03, 0xb7, 0xde, 0xa4, 0x73, - 0x93, 0xc8, 0xed, 0x84, 0xe0, 0xc6, 0x81, 0xb2, 0xa5, 0x73, 0x82, 0x61, 0xc9, 0x47, 0xb0, 0x7e, - 0x4d, 0xe1, 0x88, 0x67, 0x1f, 0x02, 0x49, 0xcf, 0xc9, 0x8c, 0x4b, 0xc2, 0x6b, 0xfa, 0x25, 0x21, - 0x5e, 0xf4, 0x8b, 0x7e, 0xab, 0xe5, 0xb6, 0x1b, 0x48, 0xfb, 0x60, 0x5e, 0xbb, 0x3b, 0x58, 0xdf, - 0x82, 0x99, 0x54, 0x67, 0x1d, 0x71, 0xbf, 0x7b, 0x0f, 0xa6, 0x97, 0xe8, 0xb6, 0xdb, 0x6d, 0x46, - 0xea, 0x24, 0xe1, 0x4b, 0x14, 0x6f, 0x5a, 0x0d, 0x5e, 0xe4, 0xc8, 0xe3, 0xc3, 0x4e, 0x22, 0x5b, - 0xef, 0xc2, 0xa4, 0xd1, 0x7c, 0x76, 0x55, 0xa8, 0x74, 0x1b, 0x5e, 0x84, 0x03, 0x99, 0x8b, 0xaf, - 0x0a, 0x2e, 0x03, 0xe2, 0x70, 0xd9, 0x31, 0x82, 0xf5, 0xef, 0xe9, 0xd2, 0x8a, 0xd8, 0x89, 0xd8, - 0xb5, 0x5a, 0xec, 0x07, 0xb9, 0x58, 0x76, 0x4a, 0xed, 0x07, 0x6a, 0x37, 0xb8, 0xc2, 0xd7, 0x66, - 0x3e, 0xb5, 0x36, 0xc7, 0xc5, 0x48, 0x14, 0xdc, 0xbd, 0x90, 0xaf, 0x48, 0x35, 0x53, 0x0b, 0x9f, - 0x7c, 0xa6, 0xbe, 0x0f, 0x13, 0xf7, 0xdc, 0xb6, 0xbb, 0x43, 0x1b, 0xac, 0x05, 0x7c, 0xef, 0x19, - 0x5b, 0x78, 0xfe, 0xf0, 0xa0, 0x7c, 0xba, 0xc5, 0xe1, 0xd8, 0x4a, 0x7d, 0x12, 0x19, 0x04, 0xe4, - 0xba, 0x5c, 0xd9, 0xc3, 0x19, 0x2b, 0x7b, 0x52, 0xd4, 0x3e, 0x8c, 0x2b, 0x5b, 0xac, 0x67, 0xeb, - 0x37, 0xc6, 0xb0, 0x8d, 0xe4, 0x75, 0x18, 0xb1, 0xe9, 0x0e, 0x3b, 0x6a, 0x72, 0xf1, 0x20, 0x05, - 0x08, 0xd1, 0x3b, 0x86, 0xe3, 0xa0, 0x9c, 0x41, 0x1b, 0xe1, 0xae, 0xb7, 0x1d, 0x89, 0xde, 0x51, - 0x72, 0x86, 0x00, 0x6b, 0x72, 0x86, 0x80, 0x98, 0xd7, 0x59, 0x0e, 0x63, 0xbb, 0x9f, 0xbd, 0x54, - 0x13, 0x9d, 0x26, 0x7b, 0xd8, 0x5e, 0xd2, 0xb6, 0x91, 0xc0, 0x90, 0x12, 0x18, 0x36, 0xb9, 0x09, - 0x63, 0x95, 0x7a, 0xdd, 0xef, 0x6a, 0x77, 0x46, 0xbe, 0x6e, 0x39, 0xd0, 0x54, 0x91, 0xc4, 0xa8, - 0xa4, 0x06, 0xe3, 0xcb, 0xec, 0xa2, 0xe5, 0x2d, 0xba, 0xf5, 0x5d, 0xd9, 0x49, 0x72, 0x0f, 0xd3, - 0x4a, 0xe2, 0x95, 0x4b, 0x11, 0x58, 0x67, 0x40, 0x5d, 0xc9, 0xa0, 0xe1, 0x92, 0x4d, 0x18, 0xaf, - 0xd1, 0x7a, 0x40, 0xa3, 0x5a, 0xe4, 0x07, 0x34, 0xb1, 0x25, 0x6b, 0x25, 0x0b, 0xe7, 0xe5, 0x5d, - 0x2f, 0x44, 0xa0, 0x13, 0x32, 0xa8, 0xce, 0x55, 0x43, 0xe6, 0x42, 0x7b, 0xcb, 0x0f, 0xf6, 0x97, - 0x16, 0xc4, 0x36, 0x1d, 0x9f, 0xe9, 0x1c, 0xac, 0x0b, 0xed, 0x0c, 0xd2, 0xd8, 0x32, 0x85, 0x76, - 0x8e, 0x85, 0x23, 0xb5, 0x54, 0x43, 0xd9, 0x4a, 0x6c, 0xda, 0xd3, 0x71, 0x2f, 0x23, 0x58, 0x1b, - 0xa9, 0x46, 0x88, 0x92, 0x99, 0x31, 0x52, 0x02, 0x8b, 0x74, 0x80, 0xc8, 0x51, 0xe3, 0x82, 0x6e, - 0x93, 0x86, 0xa1, 0xd8, 0xcb, 0xcf, 0x24, 0x06, 0x3f, 0x46, 0x58, 0x78, 0x59, 0x30, 0x3f, 0x27, - 0xa7, 0x81, 0xb8, 0xa7, 0xb1, 0x42, 0xad, 0x9e, 0x0c, 0xde, 0xe4, 0x2d, 0x80, 0xe5, 0x27, 0x11, - 0x0d, 0xda, 0x6e, 0x53, 0xe9, 0xc1, 0x50, 0xf5, 0x43, 0x05, 0xd4, 0x1c, 0x68, 0x0d, 0x99, 0x2c, - 0xc2, 0x64, 0x25, 0x0c, 0xbb, 0x2d, 0x6a, 0xfb, 0x4d, 0x5a, 0xb1, 0xd7, 0x70, 0xdf, 0x1f, 0x5b, - 0x38, 0x77, 0x78, 0x50, 0x3e, 0xe3, 0x62, 0x81, 0x13, 0xf8, 0x4d, 0xea, 0xb8, 0x81, 0x3e, 0xbb, - 0x4d, 0x1a, 0xb2, 0x0e, 0xb0, 0xde, 0xa1, 0xed, 0x1a, 0x75, 0x83, 0xfa, 0x6e, 0x62, 0x9b, 0x8f, - 0x0b, 0x16, 0x5e, 0x10, 0x2d, 0x3c, 0xe1, 0x77, 0x68, 0x3b, 0x44, 0x98, 0xfe, 0x55, 0x31, 0x26, - 0x79, 0x08, 0xd3, 0xd5, 0xca, 0xbd, 0x0d, 0xbf, 0xe9, 0xd5, 0xf7, 0x85, 0xe4, 0x34, 0x85, 0xda, - 0xc1, 0x53, 0x82, 0x6b, 0xa2, 0x94, 0x6f, 0x4f, 0x9e, 0xdb, 0x72, 0x3a, 0x08, 0x75, 0x84, 0xfc, - 0x94, 0xe4, 0x42, 0x3e, 0x64, 0x73, 0x30, 0x64, 0xc2, 0xe0, 0xa6, 0xbb, 0x13, 0xce, 0x4d, 0x1b, - 0xda, 0xae, 0xca, 0xc3, 0xda, 0x55, 0xad, 0x94, 0x8b, 0x29, 0x67, 0xf9, 0x44, 0x44, 0xa8, 0x13, - 0xb9, 0x3b, 0xa1, 0x39, 0x11, 0x15, 0x36, 0xb9, 0x03, 0xb0, 0xe4, 0xd7, 0xbb, 0x2d, 0xda, 0x8e, - 0x96, 0x16, 0xe6, 0x4a, 0xe6, 0x55, 0x40, 0x15, 0xc4, 0x5b, 0x5b, 0xc3, 0xaf, 0x1b, 0x33, 0x51, - 0xa3, 0x3e, 0xfb, 0x1e, 0x94, 0x92, 0x1f, 0x72, 0x4c, 0x05, 0xd6, 0x64, 0x69, 0x4a, 0x6b, 0xfd, - 0xf2, 0x13, 0x2f, 0x8c, 0x42, 0xeb, 0x87, 0x8d, 0x15, 0xc8, 0x76, 0x87, 0xbb, 0x74, 0x7f, 0x23, - 0xa0, 0xdb, 0xde, 0x13, 0xb1, 0x99, 0xe1, 0xee, 0xf0, 0x88, 0xee, 0x3b, 0x1d, 0x84, 0xea, 0xbb, - 0x83, 0x42, 0x25, 0x9f, 0x87, 0xe2, 0xdd, 0x7b, 0xb5, 0xbb, 0x74, 0xbf, 0xba, 0x24, 0x0e, 0x2a, - 0x4e, 0xd6, 0x0a, 0x1d, 0x46, 0x6a, 0xcc, 0x35, 0x85, 0x69, 0x2d, 0xc4, 0x3b, 0x21, 0xab, 0x79, - 0xb1, 0xd9, 0x0d, 0x23, 0x1a, 0x54, 0x97, 0xf4, 0x9a, 0xeb, 0x1c, 0x98, 0xd8, 0x97, 0x14, 0xaa, - 0xf5, 0x0f, 0xf2, 0xb8, 0x0b, 0xb2, 0x09, 0x5f, 0x6d, 0x87, 0x91, 0xdb, 0xae, 0x53, 0xc5, 0x00, - 0x27, 0xbc, 0x27, 0xa0, 0x89, 0x09, 0x1f, 0x23, 0x9b, 0x55, 0xe7, 0x07, 0xae, 0x9a, 0x55, 0x29, - 0x35, 0x17, 0xd5, 0x25, 0x5d, 0xbd, 0x1a, 0x08, 0x68, 0xa2, 0xca, 0x18, 0x99, 0x5c, 0x82, 0xd1, - 0x6a, 0xe5, 0x5e, 0xa5, 0x1b, 0xed, 0xe2, 0x1e, 0x5c, 0xe4, 0xf2, 0x39, 0x9b, 0xad, 0x6e, 0x37, - 0xda, 0xb5, 0x65, 0x21, 0xb9, 0x86, 0xf7, 0x9e, 0x36, 0x8d, 0xb8, 0x1a, 0x56, 0x1c, 0xba, 0x21, - 0x07, 0x25, 0xae, 0x3d, 0x0c, 0x44, 0x5e, 0x85, 0xe1, 0x07, 0x1b, 0x8b, 0xd5, 0x25, 0x71, 0x71, - 0xc6, 0x93, 0xe8, 0x71, 0xa7, 0x6e, 0x7e, 0x09, 0x47, 0xb1, 0x7e, 0x33, 0x17, 0xef, 0x6f, 0xe4, - 0x92, 0x21, 0x8f, 0xa0, 0xd2, 0x85, 0xc9, 0x23, 0xba, 0xd2, 0x05, 0x25, 0x13, 0x1b, 0xc8, 0x62, - 0x37, 0x8c, 0xfc, 0xd6, 0x72, 0xbb, 0xd1, 0xf1, 0xbd, 0x76, 0x84, 0x54, 0xbc, 0xd7, 0xac, 0xc3, - 0x83, 0xf2, 0xf9, 0x3a, 0x96, 0x3a, 0x54, 0x14, 0x3b, 0x09, 0x2e, 0x19, 0xd4, 0x9f, 0xa2, 0x23, - 0xad, 0xdf, 0xc9, 0x1b, 0xe7, 0x12, 0xfb, 0x3c, 0x9b, 0x76, 0x9a, 0x5e, 0x1d, 0xaf, 0xe2, 0xb7, - 0x03, 0xbf, 0xdb, 0x51, 0xd3, 0x01, 0x3f, 0x2f, 0x88, 0x4b, 0x9d, 0x1d, 0x56, 0x6c, 0xf2, 0xce, - 0xa0, 0x26, 0x1f, 0xc0, 0x04, 0x13, 0x11, 0xc4, 0xcf, 0x70, 0x2e, 0x8f, 0x23, 0xf1, 0x02, 0xaa, - 0xcf, 0x42, 0x1a, 0x28, 0x36, 0x86, 0x6c, 0xa1, 0x53, 0x90, 0x06, 0xcc, 0x6d, 0x06, 0x6e, 0x3b, - 0xf4, 0xa2, 0xe5, 0x76, 0x3d, 0xd8, 0x47, 0x91, 0x66, 0xb9, 0xed, 0x6e, 0x35, 0x69, 0x03, 0x9b, - 0x5b, 0x5c, 0xb8, 0x7c, 0x78, 0x50, 0x7e, 0x29, 0xe2, 0x38, 0x0e, 0x55, 0x48, 0x0e, 0xe5, 0x58, - 0x1a, 0xe7, 0x9e, 0x9c, 0x98, 0x08, 0x24, 0xbb, 0x15, 0x5f, 0x4f, 0xf8, 0xe9, 0x8e, 0x22, 0x90, - 0x1a, 0x0d, 0xb6, 0xf9, 0xe8, 0x9f, 0xa9, 0x13, 0x58, 0xff, 0x22, 0x17, 0x9f, 0x9c, 0xe4, 0x1d, - 0x18, 0x17, 0x53, 0x5d, 0x9b, 0x17, 0xb8, 0xf5, 0xc9, 0x75, 0x91, 0x18, 0x59, 0x1d, 0x9d, 0x5d, - 0xd8, 0x2b, 0x8b, 0xab, 0xda, 0xdc, 0xc0, 0x0b, 0xbb, 0x5b, 0x6f, 0x26, 0xa9, 0x24, 0x1a, 0x9b, - 0x04, 0x9b, 0xab, 0x35, 0xb3, 0x57, 0x70, 0x12, 0x44, 0xcd, 0x30, 0xa3, 0x1b, 0x34, 0xe4, 0x4f, - 0xdf, 0xf0, 0xff, 0x3e, 0x97, 0x75, 0x40, 0x93, 0x05, 0x98, 0x7c, 0xe8, 0x07, 0x8f, 0x70, 0x7c, - 0xb5, 0x4e, 0xc0, 0x91, 0xdf, 0x93, 0x05, 0xc9, 0x06, 0x99, 0x24, 0xfa, 0xb7, 0x69, 0xbd, 0x61, - 0x7e, 0x5b, 0x82, 0x83, 0x41, 0xc0, 0xc6, 0x41, 0x71, 0x54, 0xab, 0x03, 0xc7, 0x21, 0xfe, 0x04, - 0x63, 0x0a, 0xeb, 0xe8, 0xd6, 0x7f, 0x9e, 0xd3, 0x0f, 0x62, 0xd6, 0xc9, 0x4b, 0x7e, 0xcb, 0xf5, - 0xda, 0x5a, 0x73, 0xf8, 0x8b, 0x10, 0x42, 0x93, 0x5f, 0xa2, 0x21, 0x93, 0x1b, 0x50, 0xe4, 0xbf, - 0xd4, 0x26, 0x89, 0xea, 0x28, 0x41, 0x68, 0xee, 0xf0, 0x12, 0x31, 0x35, 0x32, 0x85, 0xe3, 0x8e, - 0xcc, 0x6f, 0xe4, 0xf4, 0x33, 0xf4, 0x93, 0x9e, 0x12, 0x89, 0xd3, 0x21, 0x7f, 0x9c, 0xd3, 0xe1, - 0x53, 0x37, 0xe1, 0x47, 0x72, 0x30, 0xae, 0xa9, 0x17, 0x58, 0x1b, 0x36, 0x02, 0xff, 0x23, 0x5a, - 0x8f, 0xcc, 0x36, 0x74, 0x38, 0x30, 0xd1, 0x06, 0x85, 0xfa, 0x29, 0xda, 0x60, 0xfd, 0xb3, 0x9c, - 0xb8, 0xdc, 0x0c, 0xbc, 0xcd, 0x9b, 0x5b, 0x72, 0xfe, 0x38, 0x67, 0xdb, 0x07, 0x30, 0x6c, 0xd3, - 0x86, 0x17, 0x8a, 0x8b, 0xc9, 0x8c, 0x7e, 0x91, 0xc2, 0x82, 0x58, 0xe0, 0x09, 0xd8, 0x4f, 0xfd, - 0x60, 0xc2, 0x72, 0x26, 0x81, 0x56, 0xc3, 0x5b, 0x4d, 0xfa, 0xc4, 0xe3, 0x8b, 0x51, 0x9c, 0x91, - 0x28, 0x81, 0x7a, 0xa1, 0xb3, 0xcd, 0x4a, 0x84, 0x28, 0xac, 0x2f, 0x3c, 0x83, 0xc6, 0xfa, 0x10, - 0x20, 0xae, 0x92, 0xdc, 0x85, 0x92, 0x98, 0x0d, 0x5e, 0x7b, 0x87, 0x4b, 0x40, 0xa2, 0x0f, 0xca, - 0x87, 0x07, 0xe5, 0xe7, 0xeb, 0xaa, 0x4c, 0x88, 0x8b, 0x1a, 0xdf, 0x14, 0xa1, 0xf5, 0xef, 0xe7, - 0x21, 0x5f, 0xc1, 0x01, 0xb9, 0x4b, 0xf7, 0x23, 0x77, 0xeb, 0x96, 0xd7, 0x34, 0x16, 0xd3, 0x23, - 0x84, 0x3a, 0xdb, 0x9e, 0xa1, 0x67, 0xd0, 0x90, 0xd9, 0x62, 0xba, 0x1b, 0x6c, 0xbd, 0x89, 0x84, - 0xda, 0x62, 0x7a, 0x14, 0x6c, 0xbd, 0x99, 0x24, 0x53, 0x88, 0xc4, 0x82, 0x11, 0xbe, 0xb0, 0xc4, - 0x1c, 0x84, 0xc3, 0x83, 0xf2, 0x08, 0x5f, 0x7f, 0xb6, 0x28, 0x21, 0x67, 0xa0, 0x50, 0xdb, 0x58, - 0x13, 0x3b, 0x20, 0xea, 0xf3, 0xc2, 0x4e, 0xdb, 0x66, 0x30, 0x56, 0xe7, 0xea, 0x52, 0x65, 0x03, - 0x6f, 0xf0, 0xc3, 0x71, 0x9d, 0xcd, 0x86, 0xdb, 0x49, 0xde, 0xe1, 0x15, 0x22, 0x79, 0x17, 0xc6, - 0xef, 0x2e, 0x2d, 0xae, 0xf8, 0x21, 0xdf, 0xbd, 0x46, 0xe2, 0xc9, 0xff, 0xa8, 0x51, 0x77, 0x50, - 0x85, 0x9e, 0x3c, 0x06, 0x34, 0x7c, 0xeb, 0x3b, 0x79, 0x18, 0xd7, 0x14, 0x5c, 0xe4, 0xf3, 0xe2, - 0x65, 0x33, 0x67, 0x88, 0xee, 0x1a, 0x06, 0x2b, 0xe5, 0xda, 0x90, 0x96, 0xdf, 0xa0, 0xe2, 0x9d, - 0x33, 0xd6, 0x3c, 0xe4, 0x07, 0xd1, 0x3c, 0xbc, 0x05, 0xc0, 0xe7, 0x00, 0x7e, 0xb2, 0x26, 0x4e, - 0x68, 0x06, 0x0e, 0xfa, 0xb8, 0xc4, 0xc8, 0xe4, 0x01, 0xcc, 0x6e, 0x06, 0xdd, 0x30, 0xaa, 0xed, - 0x87, 0x11, 0x6d, 0x31, 0x6e, 0x1b, 0xbe, 0xdf, 0x14, 0xf3, 0xef, 0xa5, 0xc3, 0x83, 0xf2, 0x85, - 0x88, 0x15, 0x3b, 0x21, 0x96, 0xe3, 0x07, 0x38, 0x1d, 0xdf, 0xd7, 0xf5, 0x11, 0x59, 0x0c, 0x2c, - 0x1b, 0x26, 0x74, 0x6d, 0x06, 0x3b, 0x59, 0xc4, 0x2b, 0x90, 0xd0, 0x51, 0x6b, 0x27, 0x8b, 0xf8, - 0xca, 0xf4, 0xab, 0x94, 0x49, 0x62, 0x7d, 0x5e, 0xd7, 0xa4, 0x0d, 0xba, 0xb0, 0xad, 0x1f, 0xcb, - 0xc5, 0xdb, 0xc8, 0x83, 0xeb, 0xe4, 0x6d, 0x18, 0xe1, 0xaf, 0x6e, 0xe2, 0x71, 0xf2, 0xa4, 0xba, - 0x8d, 0xea, 0x4f, 0x72, 0x5c, 0x85, 0xfd, 0xbb, 0xfc, 0x65, 0xfe, 0x39, 0x5b, 0x90, 0x28, 0xed, - 0xb7, 0xa9, 0x08, 0x93, 0xdc, 0x51, 0xcf, 0x7b, 0x3d, 0x4b, 0xfb, 0x6d, 0xfd, 0xd6, 0x10, 0x4c, - 0x99, 0x68, 0xfa, 0xd3, 0x5c, 0x6e, 0xa0, 0xa7, 0xb9, 0x0f, 0xa0, 0xc8, 0xfa, 0xc3, 0xab, 0x53, - 0x29, 0x91, 0xbd, 0x84, 0x6f, 0x02, 0x02, 0x66, 0x3c, 0x39, 0x03, 0x1f, 0x0e, 0x76, 0x39, 0xb5, - 0x15, 0x15, 0x99, 0xd7, 0xde, 0x8f, 0x0a, 0xb1, 0x90, 0x22, 0xdf, 0x8f, 0xf4, 0xf5, 0xa0, 0x5e, - 0x92, 0xde, 0x80, 0x11, 0x26, 0x98, 0x2b, 0xdd, 0x09, 0x7e, 0x25, 0x93, 0xd9, 0x13, 0xb6, 0x25, - 0x1c, 0x89, 0x3c, 0x84, 0xe2, 0xaa, 0x1b, 0x46, 0x35, 0x4a, 0xdb, 0x03, 0x3c, 0xba, 0x97, 0x45, - 0x57, 0xcd, 0xe2, 0x8b, 0x76, 0x48, 0x69, 0x3b, 0xf1, 0x6a, 0xaa, 0x98, 0x91, 0xaf, 0x03, 0x2c, - 0xfa, 0xed, 0x28, 0xf0, 0x9b, 0xab, 0xfe, 0xce, 0xdc, 0x08, 0x5e, 0x5a, 0xcf, 0x27, 0x06, 0x20, - 0x46, 0xe0, 0xf7, 0x56, 0xa5, 0x99, 0xa9, 0xf3, 0x02, 0xa7, 0xe9, 0xef, 0xe8, 0xeb, 0x20, 0xc6, - 0x27, 0xb7, 0xa0, 0x24, 0x35, 0x02, 0xf7, 0x3b, 0x3b, 0x01, 0x4e, 0x90, 0xd1, 0x58, 0xf2, 0xa0, - 0x4f, 0x22, 0xa7, 0x2b, 0xe0, 0xfa, 0x4e, 0x99, 0xa4, 0x21, 0x5f, 0x83, 0xd3, 0x49, 0x98, 0x1c, - 0xe5, 0x62, 0x2c, 0x93, 0xeb, 0xec, 0x32, 0xe6, 0x7d, 0x2f, 0x16, 0xd6, 0xc7, 0x79, 0x38, 0xdd, - 0xa3, 0xb1, 0x6c, 0x3d, 0xe0, 0x71, 0xad, 0xad, 0x87, 0xc4, 0x29, 0xcd, 0x8d, 0x85, 0x2e, 0x40, - 0x5e, 0x1c, 0x70, 0x43, 0x0b, 0xa5, 0xc3, 0x83, 0xf2, 0x84, 0x31, 0x8e, 0xf9, 0xea, 0x12, 0xb9, - 0x03, 0x43, 0x6c, 0x88, 0x06, 0x78, 0xf3, 0x96, 0xca, 0xa0, 0xa9, 0xc8, 0xd3, 0xa7, 0x0f, 0x0e, - 0x1d, 0xf2, 0x20, 0x9f, 0x87, 0xc2, 0xe6, 0xe6, 0x2a, 0xce, 0x9d, 0x02, 0xb6, 0x7d, 0x32, 0x8a, - 0x9a, 0xc6, 0x54, 0x9d, 0x64, 0xb4, 0x57, 0x95, 0x89, 0x04, 0x43, 0x27, 0x5f, 0x49, 0xd8, 0xe2, - 0xbc, 0xda, 0x7f, 0xa0, 0x07, 0x37, 0xcd, 0xf9, 0x14, 0x16, 0x31, 0xd6, 0xcf, 0xe5, 0xe3, 0x35, - 0x7c, 0xcb, 0x6b, 0x46, 0x34, 0x20, 0x67, 0xf9, 0x92, 0x8c, 0x85, 0x33, 0x5b, 0xfd, 0x26, 0x73, - 0xf1, 0xfa, 0xe6, 0xac, 0xd4, 0x42, 0x7e, 0x55, 0x5b, 0xc8, 0x05, 0x5c, 0xc8, 0x53, 0x3d, 0x97, - 0xec, 0xab, 0x19, 0xf3, 0x12, 0x17, 0x62, 0xc6, 0xdc, 0x7b, 0x09, 0x26, 0xd7, 0xfc, 0xe5, 0x27, - 0x91, 0x42, 0x64, 0x0b, 0xb0, 0x68, 0x9b, 0x40, 0xc6, 0x71, 0xbd, 0xd9, 0xa0, 0xc1, 0xe6, 0xae, - 0xdb, 0x36, 0x1e, 0x9d, 0xed, 0x14, 0x9c, 0xe1, 0xae, 0xd1, 0x3d, 0x13, 0x77, 0x94, 0xe3, 0x26, - 0xe1, 0xd6, 0x8f, 0xe6, 0x65, 0x67, 0x3c, 0x98, 0x7f, 0x46, 0x1f, 0x37, 0xdf, 0x34, 0x1e, 0x37, - 0x67, 0x95, 0x5a, 0x56, 0xbd, 0xd4, 0xcf, 0x1f, 0xf1, 0xc0, 0xff, 0x3f, 0x0c, 0xc3, 0x84, 0x8e, - 0xce, 0xfa, 0xa1, 0xd2, 0x68, 0x04, 0x7a, 0x3f, 0xb8, 0x8d, 0x46, 0x60, 0x23, 0xd4, 0x78, 0xcf, - 0x2f, 0xf4, 0x7d, 0xcf, 0xff, 0x06, 0x8c, 0x2d, 0xb6, 0x1a, 0xc6, 0x2b, 0xa3, 0x95, 0xf1, 0x79, - 0x57, 0x15, 0x12, 0x5f, 0x0b, 0x4a, 0xdb, 0x58, 0x6f, 0x35, 0xd2, 0x6f, 0x8b, 0x31, 0x4b, 0xc3, - 0x14, 0x60, 0xf8, 0xd3, 0x98, 0x02, 0xdc, 0x84, 0xb1, 0xfb, 0x21, 0xdd, 0xec, 0xb6, 0xdb, 0xb4, - 0x89, 0xd3, 0xaa, 0xc8, 0x65, 0xfd, 0x6e, 0x48, 0x9d, 0x08, 0xa1, 0xfa, 0x07, 0x28, 0x54, 0x7d, - 0x80, 0x47, 0xfb, 0x0c, 0xf0, 0x0d, 0x28, 0x6e, 0x50, 0x1a, 0x60, 0x9f, 0x8e, 0xc7, 0x22, 0x5d, - 0x87, 0xd2, 0xc0, 0x61, 0x1d, 0x6b, 0x98, 0x08, 0x08, 0x44, 0xc3, 0xae, 0x60, 0x62, 0x40, 0xbb, - 0x02, 0xf2, 0x22, 0x4c, 0x74, 0xba, 0x5b, 0x4d, 0xaf, 0x8e, 0x7c, 0x85, 0x41, 0x82, 0x3d, 0xce, - 0x61, 0x8c, 0x6d, 0x48, 0xbe, 0x02, 0x93, 0x78, 0xc7, 0x51, 0x53, 0x6e, 0xca, 0x78, 0x8e, 0x33, - 0xca, 0xb8, 0xa4, 0x53, 0x67, 0x20, 0x27, 0xc3, 0x6e, 0xc6, 0x64, 0x74, 0xb6, 0x06, 0x53, 0xe6, - 0x48, 0x3e, 0x85, 0x57, 0x39, 0x65, 0x23, 0x51, 0x2c, 0x8d, 0xdd, 0x19, 0x2a, 0x42, 0x69, 0x9c, - 0x5b, 0x47, 0xd8, 0xb0, 0xa1, 0xda, 0x64, 0x93, 0xbb, 0xdd, 0x2d, 0x1a, 0xb4, 0x69, 0x44, 0x43, - 0x71, 0x09, 0x08, 0xed, 0xa1, 0x4a, 0xa7, 0x13, 0x5a, 0x7f, 0x2f, 0x0f, 0xa3, 0x95, 0x87, 0xb5, - 0x6a, 0x7b, 0xdb, 0xc7, 0xb7, 0x35, 0xf5, 0xa4, 0xa2, 0xbf, 0xad, 0xa9, 0x27, 0x15, 0xfd, 0x21, - 0xe5, 0x5a, 0xc6, 0x35, 0x0e, 0xcd, 0x6f, 0xb5, 0x6b, 0x9c, 0x71, 0x01, 0x8d, 0x5f, 0x97, 0x0a, - 0x03, 0xbc, 0x2e, 0x29, 0x05, 0xe0, 0xd0, 0x91, 0x0a, 0x40, 0xf2, 0x36, 0x8c, 0x57, 0xdb, 0x11, - 0xdd, 0x09, 0xe2, 0x99, 0xae, 0xae, 0x94, 0x0a, 0xac, 0x8b, 0xf6, 0x1a, 0x36, 0x9b, 0x46, 0x5c, - 0xe9, 0xa8, 0x94, 0x8d, 0x38, 0x8d, 0xb8, 0x6e, 0x32, 0xa1, 0x0f, 0x90, 0x88, 0xd6, 0x52, 0x62, - 0x8e, 0xc8, 0x17, 0x7c, 0x2e, 0x7c, 0x4e, 0xc5, 0x5a, 0x77, 0xd6, 0xb1, 0x0b, 0x33, 0xd9, 0x2f, - 0xf8, 0xd6, 0x77, 0xf3, 0x30, 0x5e, 0xe9, 0x74, 0x9e, 0x71, 0x3b, 0xaa, 0x2f, 0x1a, 0xdb, 0xab, - 0xbc, 0x0b, 0xa9, 0x76, 0x0d, 0x64, 0x42, 0xf5, 0xcb, 0x79, 0x98, 0x4e, 0x50, 0xe8, 0x5f, 0x9f, - 0x1b, 0xd0, 0x7a, 0x2a, 0x3f, 0xa0, 0xf5, 0x54, 0x61, 0x30, 0xeb, 0xa9, 0xa1, 0x4f, 0xb3, 0x65, - 0xbe, 0x02, 0x85, 0x4a, 0xa7, 0x93, 0x7c, 0x85, 0xed, 0x74, 0x1e, 0xdc, 0xe0, 0xf7, 0x59, 0xb7, - 0xd3, 0xb1, 0x19, 0x86, 0xb1, 0x8f, 0x8d, 0x0c, 0xb8, 0x8f, 0x59, 0x6f, 0xc0, 0x18, 0xf2, 0x42, - 0x9b, 0xa5, 0x0b, 0x80, 0x8b, 0x59, 0x98, 0x2b, 0x19, 0x75, 0x89, 0x65, 0xfe, 0xff, 0xe6, 0x60, - 0x18, 0x7f, 0x3f, 0xa3, 0x73, 0x6c, 0xde, 0x98, 0x63, 0x25, 0x6d, 0x8e, 0x0d, 0x32, 0xbb, 0xfe, - 0x4e, 0x01, 0x60, 0x71, 0xdd, 0xae, 0x71, 0xb5, 0x07, 0xb9, 0x05, 0xd3, 0x6e, 0xb3, 0xe9, 0xef, - 0xd1, 0x86, 0xe3, 0x07, 0xde, 0x8e, 0xd7, 0xe6, 0x3d, 0x27, 0x9f, 0x06, 0xcd, 0x22, 0xad, 0xcd, - 0x53, 0xa2, 0x68, 0x9d, 0x97, 0xe8, 0x7c, 0x5a, 0x34, 0xda, 0xf5, 0x1b, 0xf2, 0x02, 0x67, 0xf0, - 0x11, 0x45, 0x19, 0x7c, 0xee, 0xf1, 0x12, 0x9d, 0xcf, 0x2e, 0x5e, 0x48, 0xa5, 0xfc, 0x68, 0xf0, - 0x11, 0x45, 0x19, 0x7c, 0xf8, 0x2d, 0x36, 0x24, 0xab, 0x30, 0x83, 0x10, 0xa7, 0x1e, 0xd0, 0x06, - 0x6d, 0x47, 0x9e, 0xdb, 0x0c, 0xc5, 0x95, 0x1f, 0x95, 0x43, 0xa9, 0x42, 0xfd, 0xca, 0x83, 0x85, - 0x8b, 0x71, 0x19, 0xb9, 0x0a, 0xa3, 0x2d, 0xf7, 0x89, 0xe3, 0xee, 0xf0, 0x47, 0xf2, 0x49, 0x7e, - 0x45, 0x14, 0x20, 0x7d, 0xc3, 0x6e, 0xb9, 0x4f, 0x2a, 0x3b, 0x94, 0xb5, 0x82, 0x3e, 0xe9, 0xf8, - 0xa1, 0xd6, 0x8a, 0x91, 0xb8, 0x15, 0x89, 0x22, 0xbd, 0x15, 0xa2, 0x48, 0xb4, 0xc2, 0xfa, 0xbf, - 0x86, 0x71, 0x6a, 0x8b, 0x4d, 0x40, 0xd8, 0x75, 0xe5, 0x32, 0xec, 0xba, 0xde, 0x02, 0xed, 0x88, - 0xd3, 0x55, 0x7b, 0xda, 0x01, 0xaf, 0x5f, 0x0b, 0x63, 0x64, 0xf2, 0x28, 0x69, 0xe1, 0x55, 0xc0, - 0x95, 0x73, 0x31, 0x39, 0xaf, 0x9e, 0x8a, 0x71, 0xd7, 0x0a, 0x90, 0x6a, 0x3b, 0xa4, 0xf5, 0x6e, - 0x40, 0x6b, 0x8f, 0xbc, 0xce, 0x03, 0x1a, 0x78, 0xdb, 0xfb, 0x62, 0x5c, 0x50, 0x88, 0xf2, 0x44, - 0xa9, 0x13, 0x3e, 0xf2, 0x3a, 0xec, 0xde, 0xe8, 0x6d, 0xef, 0xdb, 0x19, 0x34, 0xe4, 0x7d, 0x18, - 0xb5, 0xe9, 0x5e, 0xe0, 0x45, 0xd2, 0x6e, 0x61, 0x4a, 0x69, 0x39, 0x10, 0xca, 0x87, 0x28, 0xe0, - 0x3f, 0xf4, 0xc5, 0x2a, 0xca, 0xc9, 0x3c, 0x3f, 0xa5, 0xb8, 0x7d, 0xc2, 0x64, 0xdc, 0xda, 0xca, - 0xc3, 0x5a, 0xaf, 0x43, 0x8a, 0x5c, 0x81, 0x61, 0x3c, 0xea, 0x84, 0x00, 0x87, 0xf6, 0xfe, 0x28, - 0xf0, 0xe8, 0xe7, 0x30, 0x62, 0x90, 0xf3, 0x00, 0xea, 0xb9, 0x28, 0x9c, 0x2b, 0xa2, 0x68, 0xa5, - 0x41, 0x92, 0xe7, 0xf4, 0xd8, 0xb1, 0xce, 0xe9, 0x55, 0x28, 0xd9, 0xf4, 0x5b, 0x5d, 0x2f, 0xa0, - 0x8d, 0x4a, 0x07, 0xdf, 0x24, 0xc2, 0x39, 0xc0, 0x09, 0x76, 0xe1, 0xf0, 0xa0, 0xfc, 0x42, 0x20, - 0xca, 0x1c, 0xb7, 0xc3, 0x9f, 0x32, 0x8c, 0xd9, 0x9d, 0xa4, 0x24, 0x6f, 0xc1, 0x10, 0xdb, 0x11, - 0x84, 0x2d, 0x98, 0xd4, 0xed, 0xc6, 0x9b, 0x04, 0xbf, 0x69, 0xd7, 0x7d, 0x63, 0xaa, 0x22, 0xc9, - 0x67, 0x67, 0x5f, 0xf5, 0xcb, 0x79, 0xb8, 0xa8, 0x0e, 0xc1, 0xf5, 0xa0, 0x56, 0xb9, 0xb7, 0x5a, - 0x6d, 0x6c, 0x88, 0x3b, 0xe3, 0x46, 0xe0, 0x3f, 0xf6, 0x1a, 0x34, 0x78, 0x70, 0xfd, 0x88, 0x2d, - 0x7c, 0x95, 0x2f, 0x1f, 0xae, 0x70, 0xce, 0x1b, 0x96, 0x28, 0x9a, 0xac, 0x21, 0x8c, 0x65, 0x3a, - 0x9d, 0x94, 0xfe, 0x79, 0xe5, 0x39, 0x3b, 0x66, 0x40, 0x7e, 0x2c, 0x07, 0xa7, 0xb2, 0x3f, 0x44, - 0xe8, 0x11, 0xca, 0xf2, 0xbe, 0xd2, 0xe3, 0x6b, 0x17, 0x5e, 0x39, 0x3c, 0x28, 0x5f, 0x0c, 0xdd, - 0x56, 0xd3, 0xf1, 0x1a, 0xbc, 0x36, 0xaf, 0x4e, 0x9d, 0x8e, 0x40, 0x30, 0xea, 0xed, 0x51, 0xd3, - 0x97, 0x40, 0xee, 0xe4, 0x73, 0xb9, 0x05, 0x80, 0xa2, 0xd4, 0xe9, 0x59, 0x7f, 0x3f, 0x07, 0xda, - 0xd4, 0x2e, 0xda, 0xb4, 0xe1, 0x05, 0xb4, 0x1e, 0x89, 0xdd, 0x5c, 0xf8, 0xd1, 0x70, 0x58, 0xc2, - 0xf0, 0x08, 0x61, 0xe4, 0x3d, 0x18, 0x15, 0xbb, 0x0e, 0x6e, 0xdc, 0xf1, 0x92, 0x10, 0xda, 0x42, - 0xee, 0x70, 0x95, 0xda, 0xb1, 0x24, 0x11, 0xbb, 0x15, 0xdd, 0x79, 0xb8, 0xb9, 0xd8, 0x74, 0xbd, - 0x56, 0x28, 0x4e, 0x3f, 0xec, 0xd6, 0x8f, 0xf6, 0x22, 0xa7, 0x8e, 0x50, 0xfd, 0x56, 0xa4, 0x50, - 0xad, 0xdb, 0x52, 0x59, 0x79, 0x84, 0xf5, 0x5c, 0x19, 0x86, 0x1f, 0xc4, 0x4a, 0x8b, 0x85, 0xb1, - 0xc3, 0x83, 0x32, 0x9f, 0x2e, 0x36, 0x87, 0x5b, 0x7f, 0x39, 0x07, 0x53, 0xe6, 0x7c, 0x22, 0x57, - 0x61, 0x44, 0xf8, 0xb0, 0xe4, 0x50, 0x39, 0xc3, 0x7a, 0x61, 0x84, 0x7b, 0xaf, 0x18, 0x3e, 0x2b, - 0x02, 0x8b, 0x9d, 0xdf, 0x82, 0x83, 0x38, 0xbc, 0xf0, 0xfc, 0xae, 0x73, 0x90, 0x2d, 0xcb, 0x88, - 0xc5, 0x84, 0xf7, 0xb0, 0xdb, 0x8c, 0x74, 0x9d, 0x7d, 0x80, 0x10, 0x5b, 0x94, 0x58, 0x8b, 0x30, - 0xc2, 0xf7, 0x92, 0x84, 0xd5, 0x4e, 0xee, 0x18, 0x56, 0x3b, 0xd6, 0x41, 0x0e, 0xa0, 0x56, 0x5b, - 0xb9, 0x4b, 0xf7, 0x37, 0x5c, 0x2f, 0xc0, 0x47, 0x26, 0xdc, 0xb7, 0xef, 0x8a, 0xc5, 0x35, 0x21, - 0x1e, 0x99, 0xf8, 0x1e, 0xff, 0x88, 0xee, 0x1b, 0x8f, 0x4c, 0x12, 0x15, 0x0f, 0x87, 0xc0, 0x7b, - 0xec, 0x46, 0x94, 0x11, 0xe6, 0x91, 0x90, 0x1f, 0x0e, 0x1c, 0x9a, 0xa0, 0xd4, 0x90, 0xc9, 0xd7, - 0x61, 0x2a, 0xfe, 0xa5, 0x9e, 0xca, 0xa6, 0xd4, 0x02, 0x36, 0x0b, 0x17, 0xce, 0x1f, 0x1e, 0x94, - 0xcf, 0x6a, 0x5c, 0x93, 0x8f, 0x68, 0x09, 0x66, 0xd6, 0x2f, 0xe6, 0xf0, 0x81, 0x58, 0x36, 0xf0, - 0x12, 0x0c, 0x29, 0x5b, 0xc4, 0x09, 0xb1, 0xeb, 0x98, 0xcf, 0x01, 0x58, 0x4e, 0x2e, 0x42, 0x21, - 0x6e, 0x09, 0xee, 0xd5, 0x66, 0x0b, 0x58, 0x29, 0xb9, 0x0d, 0xa3, 0x03, 0x7d, 0x33, 0x2e, 0x8d, - 0x8c, 0x6f, 0x95, 0xd4, 0x38, 0x0a, 0x77, 0x1e, 0x6e, 0xfe, 0xe0, 0x8e, 0xc2, 0x4f, 0xe4, 0x61, - 0x9a, 0xf5, 0x6b, 0xa5, 0x1b, 0xed, 0xfa, 0x81, 0x17, 0xed, 0x3f, 0xb3, 0xda, 0xad, 0x77, 0x0c, - 0xd1, 0xf8, 0xac, 0x3c, 0x65, 0xf4, 0xb6, 0x0d, 0xa4, 0xe4, 0xfa, 0xed, 0x61, 0x98, 0xcd, 0xa0, - 0x22, 0xaf, 0x1b, 0x0a, 0xe8, 0x39, 0xe9, 0xa3, 0xfa, 0xf1, 0x41, 0x79, 0x42, 0xa2, 0x6f, 0xc6, - 0x3e, 0xab, 0xf3, 0xa6, 0xb5, 0x05, 0xef, 0x29, 0xd4, 0x47, 0xeb, 0xd6, 0x16, 0xa6, 0x8d, 0xc5, - 0x15, 0x18, 0xb6, 0xfd, 0x26, 0x95, 0xa6, 0x41, 0x28, 0x61, 0x04, 0x0c, 0x60, 0xbc, 0xa8, 0x32, - 0x00, 0x59, 0x81, 0x51, 0xf6, 0xc7, 0x3d, 0xb7, 0x23, 0xde, 0x0a, 0x88, 0xba, 0x9c, 0x21, 0xb4, - 0xe3, 0xb5, 0x77, 0xf4, 0xfb, 0x59, 0x93, 0x3a, 0x2d, 0xb7, 0x63, 0x88, 0x42, 0x1c, 0xd1, 0xb8, - 0xe7, 0x15, 0x7b, 0xdf, 0xf3, 0x72, 0x47, 0xde, 0xf3, 0x1a, 0x00, 0x35, 0x6f, 0xa7, 0xed, 0xb5, - 0x77, 0x2a, 0xcd, 0x1d, 0xe1, 0xe9, 0x7b, 0xa5, 0xf7, 0x28, 0x5c, 0x8d, 0x91, 0x71, 0xe2, 0xf2, - 0x07, 0x3d, 0x0e, 0x73, 0xdc, 0xa6, 0xf1, 0x90, 0x11, 0xa3, 0x92, 0x35, 0x80, 0x4a, 0x3d, 0xf2, - 0x1e, 0xb3, 0x09, 0x1c, 0x0a, 0xa9, 0x45, 0x7e, 0xf0, 0x62, 0xe5, 0x2e, 0xdd, 0xaf, 0xd1, 0x28, - 0x7e, 0x18, 0x71, 0x11, 0x95, 0xad, 0x03, 0xc3, 0xd8, 0x3c, 0xe6, 0x40, 0x3a, 0x70, 0xb2, 0xd2, - 0x68, 0x78, 0xac, 0x05, 0x6e, 0x13, 0x5f, 0xfa, 0x68, 0x03, 0x59, 0x4f, 0x64, 0xb3, 0xbe, 0x22, - 0x58, 0xbf, 0xe8, 0x2a, 0x2a, 0x27, 0xe2, 0x64, 0xc9, 0x6a, 0xb2, 0x19, 0x5b, 0xeb, 0x30, 0x65, - 0x36, 0xdd, 0xf4, 0x4f, 0x9e, 0x80, 0xa2, 0x5d, 0xab, 0x38, 0xb5, 0x95, 0xca, 0xf5, 0x52, 0x8e, - 0x94, 0x60, 0x42, 0xfc, 0x9a, 0x77, 0xe6, 0xdf, 0xbc, 0x59, 0xca, 0x1b, 0x90, 0x37, 0xaf, 0xcf, - 0xa7, 0xdc, 0x82, 0x46, 0x4b, 0x45, 0xae, 0xfe, 0xb2, 0x7e, 0x25, 0x07, 0x45, 0xf9, 0xdd, 0xe4, - 0x26, 0x14, 0x6a, 0xb5, 0x95, 0x84, 0x23, 0x4f, 0x7c, 0xbe, 0xf0, 0x9d, 0x34, 0x0c, 0x75, 0x6b, - 0x4d, 0x46, 0xc0, 0xe8, 0x36, 0x57, 0x6b, 0x42, 0x2c, 0x90, 0x74, 0xf1, 0xb6, 0xcd, 0xe9, 0x32, - 0xbc, 0x1b, 0x6e, 0x42, 0xe1, 0xce, 0xc3, 0x4d, 0x71, 0x9f, 0x90, 0x74, 0xf1, 0x4e, 0xca, 0xe9, - 0x3e, 0xda, 0xd3, 0xf7, 0x77, 0x46, 0x60, 0xd9, 0x30, 0xae, 0x4d, 0x61, 0x7e, 0xdc, 0xb6, 0x7c, - 0xe5, 0x90, 0x2b, 0x8e, 0x5b, 0x06, 0xb1, 0x45, 0x09, 0x93, 0x0e, 0x56, 0xfd, 0xba, 0xdb, 0x14, - 0xe7, 0x36, 0x4a, 0x07, 0x4d, 0x06, 0xb0, 0x39, 0xdc, 0xfa, 0xcd, 0x1c, 0x94, 0x50, 0x86, 0x42, - 0x6b, 0x4b, 0xff, 0x11, 0x6d, 0x3f, 0xb8, 0x4e, 0xde, 0x90, 0x8b, 0x2d, 0xa7, 0x54, 0x0d, 0xc3, - 0xb8, 0xd8, 0x12, 0x6f, 0x15, 0x62, 0xc1, 0x69, 0x3e, 0xcf, 0xf9, 0xc1, 0x7d, 0x25, 0x8f, 0xf0, - 0x79, 0x2e, 0xc3, 0x30, 0x7e, 0x8e, 0xd8, 0x16, 0xf1, 0xcb, 0x23, 0x06, 0xb0, 0x39, 0x5c, 0xdb, - 0x95, 0x7e, 0x32, 0x9f, 0x6a, 0xc3, 0xfc, 0x0f, 0x94, 0xbf, 0xa1, 0xd9, 0xb8, 0x81, 0x76, 0xea, - 0x0f, 0xe1, 0x44, 0xb2, 0x4b, 0x50, 0x0d, 0x54, 0x81, 0x69, 0x13, 0x2e, 0x35, 0x42, 0xa7, 0x33, - 0xeb, 0x7a, 0x30, 0x6f, 0x27, 0xf1, 0xad, 0xff, 0x25, 0x07, 0x63, 0xf8, 0xa7, 0xdd, 0x6d, 0xa2, - 0xf1, 0x4c, 0xe5, 0x61, 0x4d, 0xa8, 0x7c, 0x75, 0x31, 0xce, 0xdd, 0x0b, 0x1d, 0xa1, 0x15, 0x36, - 0xf6, 0x17, 0x85, 0x2c, 0x48, 0xb9, 0x2e, 0x57, 0xaa, 0x45, 0x14, 0x29, 0x57, 0xfa, 0x86, 0x09, - 0x52, 0x81, 0x8c, 0x26, 0x77, 0x0f, 0x6b, 0x6c, 0xfa, 0xe9, 0xaf, 0xd9, 0x48, 0xe7, 0x37, 0x4d, - 0x93, 0x3b, 0x8e, 0x86, 0x8f, 0xd9, 0x0f, 0x6b, 0x15, 0x7b, 0xcd, 0x78, 0xcc, 0x66, 0xdf, 0x68, - 0x98, 0x76, 0x0b, 0x24, 0xeb, 0x1f, 0x42, 0xb2, 0x03, 0xc5, 0x51, 0x77, 0xcc, 0xb5, 0xf1, 0x36, - 0x0c, 0x57, 0x9a, 0x4d, 0x7f, 0x4f, 0xec, 0x12, 0x52, 0x2b, 0xa5, 0xfa, 0x8f, 0x9f, 0x64, 0xa8, - 0x58, 0x31, 0x7c, 0xa8, 0x18, 0x80, 0x2c, 0xc2, 0x58, 0xe5, 0x61, 0xad, 0x5a, 0x5d, 0xda, 0xdc, - 0xe4, 0xfe, 0x22, 0x85, 0x85, 0x97, 0x65, 0xff, 0x78, 0x5e, 0xc3, 0x49, 0xbe, 0xa7, 0xc6, 0x92, - 0x7b, 0x4c, 0x47, 0xde, 0x05, 0xb8, 0xe3, 0x7b, 0x6d, 0xae, 0x48, 0x12, 0x8d, 0x3f, 0x77, 0x78, - 0x50, 0x1e, 0xff, 0xc8, 0xf7, 0xda, 0x42, 0xf3, 0xc4, 0xbe, 0x3d, 0x46, 0xb2, 0xb5, 0xbf, 0x59, - 0x4f, 0x2f, 0xf8, 0xdc, 0x20, 0x66, 0x38, 0xee, 0xe9, 0x2d, 0x3f, 0x65, 0x0b, 0x23, 0xd1, 0x48, - 0x0b, 0xa6, 0x6b, 0xdd, 0x9d, 0x1d, 0xca, 0x76, 0x75, 0xa1, 0x3a, 0x19, 0x11, 0xb7, 0x5b, 0x15, - 0xa5, 0x83, 0xdf, 0x44, 0xd8, 0xfd, 0x24, 0x5c, 0x78, 0x9d, 0x4d, 0xe4, 0xef, 0x1f, 0x94, 0xc5, - 0x3b, 0x2d, 0x13, 0xd2, 0x42, 0x49, 0x9f, 0x56, 0x9c, 0x24, 0x79, 0x93, 0x75, 0x18, 0xb9, 0xed, - 0x45, 0x2b, 0xdd, 0x2d, 0xe1, 0xff, 0xf0, 0x62, 0x9f, 0x45, 0xc3, 0x11, 0xf9, 0x43, 0xc1, 0x8e, - 0x17, 0xed, 0x76, 0x75, 0x0b, 0x74, 0xc1, 0x86, 0x3c, 0x84, 0xe2, 0xa2, 0x17, 0xd4, 0x9b, 0x74, - 0xb1, 0x2a, 0x4e, 0xfd, 0x8b, 0x7d, 0x58, 0x4a, 0x54, 0xde, 0x2f, 0x75, 0xfc, 0x55, 0xf7, 0x74, - 0x29, 0x40, 0x62, 0x90, 0xbf, 0x96, 0x83, 0xe7, 0xd5, 0xd7, 0x57, 0x76, 0x68, 0x3b, 0xba, 0xe7, - 0x46, 0xf5, 0x5d, 0x1a, 0x88, 0x5e, 0x1a, 0xeb, 0xd7, 0x4b, 0x5f, 0x4a, 0xf5, 0xd2, 0xe5, 0xb8, - 0x97, 0x5c, 0xc6, 0xcc, 0x69, 0x71, 0x6e, 0xe9, 0x3e, 0xeb, 0x57, 0x2b, 0x71, 0x00, 0xe2, 0x97, - 0x1f, 0xe1, 0x3f, 0xf7, 0x72, 0x9f, 0x06, 0xc7, 0xc8, 0xc2, 0xee, 0x5d, 0xfd, 0x36, 0xec, 0xbf, - 0x14, 0x94, 0xdc, 0x95, 0xce, 0x46, 0x5c, 0x22, 0xb9, 0xd0, 0x87, 0x37, 0x77, 0x40, 0x9a, 0xed, - 0xe3, 0x56, 0xc8, 0x47, 0x7b, 0xd5, 0xdd, 0x12, 0x42, 0xc8, 0x11, 0xa3, 0xbd, 0xea, 0xc6, 0xa3, - 0xdd, 0x74, 0x93, 0xa3, 0xbd, 0xea, 0x6e, 0x91, 0x45, 0xee, 0x21, 0xc9, 0xdd, 0xe9, 0xce, 0xf7, - 0xe3, 0xb6, 0xb8, 0xc1, 0x4f, 0xe6, 0x0c, 0x4f, 0xc9, 0xaf, 0xc2, 0x58, 0xad, 0xe3, 0xd6, 0x69, - 0xd3, 0xdb, 0x8e, 0xc4, 0x53, 0xe0, 0x4b, 0x7d, 0x58, 0x29, 0x5c, 0xf1, 0x8c, 0x24, 0x7f, 0xea, - 0x17, 0x24, 0x85, 0xc3, 0xbe, 0x70, 0x73, 0xe3, 0xde, 0xdc, 0xf4, 0x91, 0x5f, 0xb8, 0xb9, 0x71, - 0x4f, 0xc8, 0x1c, 0x9d, 0x96, 0x21, 0x73, 0x6c, 0xdc, 0x23, 0x1d, 0x98, 0xda, 0xa4, 0x41, 0xe0, - 0x6e, 0xfb, 0x41, 0x8b, 0xab, 0xea, 0xb8, 0x8b, 0xc6, 0x95, 0x7e, 0xfc, 0x0c, 0x02, 0xae, 0xa3, - 0x8d, 0x24, 0xcc, 0x49, 0xea, 0xf7, 0x12, 0xfc, 0xad, 0x5f, 0x2b, 0xc0, 0xe9, 0x1e, 0x5f, 0x49, - 0xd6, 0xe4, 0xae, 0x98, 0x33, 0x74, 0xaa, 0x3d, 0xd0, 0xaf, 0x1e, 0xb9, 0x51, 0xae, 0x42, 0x69, - 0xf9, 0x2e, 0x0a, 0xd2, 0x5c, 0xdb, 0xbd, 0x58, 0x91, 0xe7, 0x09, 0xea, 0xfd, 0xe8, 0x23, 0x34, - 0x5e, 0x93, 0x5a, 0xf2, 0xba, 0xe1, 0x5e, 0x99, 0xa2, 0x3c, 0xfb, 0xa3, 0x79, 0x18, 0xc2, 0xb3, - 0x2d, 0x11, 0x54, 0x26, 0x77, 0xac, 0xa0, 0x32, 0x1f, 0xc0, 0xc4, 0xf2, 0x5d, 0x7e, 0xcd, 0x5d, - 0x71, 0xc3, 0x5d, 0xb1, 0xf3, 0xe2, 0x5b, 0x30, 0x7d, 0xe4, 0x88, 0x5b, 0xf1, 0xae, 0x6b, 0x88, - 0x95, 0x06, 0x05, 0xb9, 0x0f, 0xb3, 0xfc, 0xdb, 0xbc, 0x6d, 0xaf, 0xce, 0x63, 0x53, 0x78, 0x6e, - 0x53, 0x6c, 0xc3, 0x17, 0x0f, 0x0f, 0xca, 0x65, 0xfa, 0x08, 0xcd, 0xf2, 0x44, 0xb9, 0x13, 0x22, - 0x82, 0x6e, 0x9f, 0x97, 0x41, 0xaf, 0x3b, 0xcc, 0xdb, 0x63, 0x58, 0x21, 0xab, 0x8d, 0xd5, 0xcd, - 0x70, 0x39, 0x92, 0xf5, 0xf7, 0x87, 0xe1, 0x6c, 0xef, 0x1d, 0x94, 0x7c, 0xd9, 0x1c, 0xc0, 0x4b, - 0x47, 0xee, 0xb9, 0x47, 0x8f, 0xe1, 0x57, 0xe0, 0xc4, 0x72, 0x3b, 0xa2, 0x41, 0x27, 0xf0, 0x64, - 0x88, 0x84, 0x15, 0x3f, 0x94, 0x66, 0x90, 0x68, 0x8f, 0x48, 0x55, 0xb9, 0xd0, 0x48, 0xa2, 0x51, - 0xa6, 0xc6, 0x2a, 0x93, 0x03, 0x59, 0x86, 0x29, 0x0d, 0xde, 0xec, 0xee, 0x08, 0x99, 0x81, 0x3f, - 0x3a, 0x68, 0x3c, 0x9b, 0x5d, 0xfd, 0x6a, 0x95, 0x20, 0x3a, 0xfb, 0x8b, 0x05, 0x31, 0x2d, 0x2e, - 0x42, 0xa1, 0xd6, 0xdd, 0x12, 0xd3, 0x81, 0x5f, 0x0e, 0x8c, 0x83, 0x84, 0x95, 0x92, 0x2f, 0x02, - 0xd8, 0xb4, 0xe3, 0x87, 0x5e, 0xe4, 0x07, 0xfb, 0xba, 0xa7, 0x4d, 0xa0, 0xa0, 0xa6, 0x4d, 0xb1, - 0x84, 0x92, 0x15, 0x98, 0x8e, 0x7f, 0xad, 0xef, 0xb5, 0x85, 0x1a, 0x75, 0x8c, 0xeb, 0x2f, 0x62, - 0x72, 0xc7, 0x67, 0x65, 0xfa, 0xd1, 0x98, 0x20, 0x23, 0xf3, 0x50, 0x7c, 0xe8, 0x07, 0x8f, 0xb6, - 0xd9, 0x40, 0x0d, 0xc5, 0x87, 0xf7, 0x9e, 0x80, 0xe9, 0x87, 0x94, 0xc4, 0x63, 0x73, 0x7e, 0xb9, - 0xfd, 0xd8, 0x0b, 0xfc, 0x76, 0x8b, 0xb6, 0x23, 0xfd, 0x9d, 0x9c, 0xc6, 0x60, 0xc3, 0xc7, 0x31, - 0x06, 0xb3, 0x5b, 0x7a, 0xa5, 0x1e, 0xf9, 0x81, 0x78, 0x24, 0xe7, 0xc3, 0xcd, 0x00, 0xc6, 0x70, - 0x33, 0x00, 0xeb, 0x44, 0x9b, 0x6e, 0x8b, 0x07, 0x03, 0xec, 0xc4, 0x80, 0x6e, 0x1b, 0x0e, 0x9c, - 0x74, 0x9b, 0x09, 0x1f, 0x36, 0xdd, 0x46, 0xd5, 0x82, 0x11, 0xf7, 0x68, 0x3b, 0xa5, 0x94, 0x12, - 0x68, 0xd6, 0xf7, 0xc6, 0x7a, 0xce, 0x5b, 0xb6, 0xdb, 0x1f, 0x6f, 0xde, 0xae, 0xba, 0x03, 0xcc, - 0xdb, 0xd7, 0x95, 0xa5, 0xb2, 0xee, 0xb5, 0x8c, 0x10, 0xfd, 0xb8, 0xe1, 0x38, 0x67, 0x7f, 0xa9, - 0x78, 0x9c, 0x49, 0x24, 0x3a, 0x29, 0x3f, 0x68, 0x27, 0x15, 0x06, 0xea, 0x24, 0xb2, 0x00, 0x93, - 0x2a, 0x72, 0xd6, 0x86, 0x1b, 0x19, 0x7b, 0x93, 0x0a, 0x77, 0xe6, 0x74, 0xdc, 0x48, 0xdf, 0x9b, - 0x4c, 0x12, 0xf2, 0x0e, 0x8c, 0x0b, 0x73, 0x7d, 0xe4, 0x30, 0x1c, 0x1b, 0x4c, 0x4a, 0xdb, 0xfe, - 0x04, 0xbd, 0x8e, 0xce, 0x96, 0xe4, 0x86, 0xd7, 0xa1, 0x4d, 0xaf, 0x4d, 0x6b, 0xa8, 0xa7, 0x17, - 0x33, 0x06, 0x97, 0x64, 0x47, 0x94, 0x38, 0x5c, 0x85, 0x6f, 0x68, 0xe8, 0x0c, 0xa2, 0xe4, 0x64, - 0x1d, 0x3d, 0xd6, 0x64, 0xe5, 0xf6, 0x4a, 0xc1, 0xaa, 0xbf, 0xe3, 0x49, 0x0b, 0x4d, 0x69, 0xaf, - 0x14, 0x38, 0x4d, 0x06, 0x4d, 0xd8, 0x2b, 0x71, 0x54, 0x76, 0x93, 0x60, 0x3f, 0xaa, 0x4b, 0xe2, - 0x71, 0x0a, 0x6f, 0x12, 0x48, 0x64, 0x9a, 0xc5, 0x72, 0x24, 0x59, 0xcd, 0x72, 0xcb, 0xf5, 0x9a, - 0xc2, 0x39, 0x35, 0xae, 0x86, 0x32, 0x68, 0xb2, 0x1a, 0x44, 0x25, 0x75, 0x98, 0xb0, 0xe9, 0xf6, - 0x46, 0xe0, 0x47, 0xb4, 0x1e, 0xd1, 0x86, 0x90, 0x9e, 0xe4, 0x05, 0x62, 0xc1, 0xf7, 0xb9, 0x64, - 0xb8, 0xf0, 0xc6, 0xf7, 0x0e, 0xca, 0xb9, 0xef, 0x1f, 0x94, 0x81, 0x81, 0xb8, 0xcd, 0xf5, 0xe1, - 0x41, 0xf9, 0x34, 0x1b, 0xff, 0x8e, 0x24, 0xd6, 0x8f, 0x18, 0x9d, 0x29, 0xf9, 0x61, 0xb6, 0xe9, - 0xaa, 0x2e, 0x89, 0x2b, 0x9b, 0xe8, 0x51, 0xd9, 0x9b, 0x99, 0x95, 0x95, 0xb5, 0xde, 0xce, 0xac, - 0x34, 0xb3, 0x12, 0xf2, 0x2e, 0x8c, 0x2f, 0x56, 0x17, 0xfd, 0xf6, 0xb6, 0xb7, 0x53, 0x5b, 0xa9, - 0xa0, 0x08, 0x26, 0xec, 0xed, 0xeb, 0x9e, 0x53, 0x47, 0xb8, 0x13, 0xee, 0xba, 0x86, 0xdb, 0x55, - 0x8c, 0x4f, 0x6e, 0xc3, 0x94, 0xfc, 0x69, 0xd3, 0xed, 0xfb, 0x76, 0x15, 0x25, 0x2f, 0xe9, 0xe4, - 0xa0, 0x38, 0xb0, 0x8e, 0xe8, 0x06, 0xba, 0x44, 0x9e, 0x20, 0x63, 0x93, 0x71, 0x89, 0x76, 0x9a, - 0xfe, 0x3e, 0xfb, 0xbc, 0x4d, 0x8f, 0x06, 0x28, 0x6b, 0x89, 0xc9, 0xd8, 0x50, 0x25, 0x4e, 0xe4, - 0x19, 0xdb, 0x6d, 0x82, 0x88, 0xac, 0xc1, 0x8c, 0x98, 0xe2, 0x0f, 0xbc, 0xd0, 0xdb, 0xf2, 0x9a, - 0x5e, 0xb4, 0x8f, 0x52, 0x96, 0x90, 0x42, 0xe4, 0xba, 0x78, 0xac, 0x4a, 0x35, 0x66, 0x69, 0x52, - 0xeb, 0x57, 0xf2, 0xf0, 0x42, 0xbf, 0x1b, 0x07, 0xa9, 0x99, 0x9b, 0xd9, 0xe5, 0x01, 0x6e, 0x29, - 0x47, 0x6f, 0x67, 0xcb, 0x30, 0xb5, 0x1e, 0xec, 0xb8, 0x6d, 0xef, 0xdb, 0x78, 0x93, 0x54, 0x66, - 0x5b, 0xd8, 0x19, 0xbe, 0x56, 0x62, 0xce, 0xf6, 0x04, 0xd1, 0xd9, 0xc7, 0x62, 0x9b, 0xfb, 0xa4, - 0x0e, 0x40, 0x37, 0x61, 0x6c, 0xd1, 0x6f, 0x47, 0xf4, 0x49, 0x94, 0xf0, 0x53, 0xe5, 0xc0, 0xa4, - 0xf3, 0x93, 0x44, 0xb5, 0xfe, 0xbf, 0x3c, 0x9c, 0xeb, 0x2b, 0x72, 0x93, 0x4d, 0xb3, 0xd7, 0xae, - 0x0c, 0x22, 0xa7, 0x1f, 0xdd, 0x6d, 0xf3, 0x29, 0x0b, 0xa3, 0x23, 0xed, 0xeb, 0xcf, 0xfe, 0x37, - 0x39, 0xd1, 0x49, 0x9f, 0x83, 0x51, 0xac, 0x4a, 0x75, 0x11, 0xd7, 0x46, 0xe1, 0x2e, 0xec, 0x99, - 0xda, 0x28, 0x8e, 0x46, 0x6e, 0x40, 0x71, 0xd1, 0x6d, 0x36, 0x35, 0x2f, 0x5e, 0xbc, 0x49, 0xd4, - 0x11, 0x96, 0x30, 0x48, 0x93, 0x88, 0xe4, 0x2d, 0x00, 0xfe, 0xb7, 0x76, 0x56, 0xe0, 0x66, 0x29, - 0xc8, 0x12, 0xc7, 0x85, 0x86, 0x8c, 0xb1, 0xff, 0xea, 0xbe, 0x72, 0x37, 0xe4, 0xb1, 0xff, 0x18, - 0xc0, 0x88, 0xfd, 0xc7, 0x00, 0xd6, 0xaf, 0x16, 0xe0, 0x7c, 0xff, 0x7b, 0x23, 0xb9, 0x6f, 0x0e, - 0xc1, 0xab, 0x03, 0xdd, 0x36, 0x8f, 0x1e, 0x03, 0x19, 0x49, 0x93, 0x77, 0xc8, 0xe5, 0xb4, 0x19, - 0xfc, 0xc7, 0x07, 0x65, 0xcd, 0xca, 0xf1, 0x8e, 0xef, 0xb5, 0xb5, 0x57, 0x89, 0x6f, 0x01, 0xd4, - 0x22, 0x37, 0xf2, 0xea, 0x77, 0x1e, 0xde, 0x95, 0x81, 0x26, 0x6e, 0x0e, 0xf6, 0x65, 0x31, 0x1d, - 0xdf, 0x57, 0x84, 0xc2, 0x1e, 0xa1, 0xce, 0x47, 0x7b, 0x8f, 0x8c, 0x9b, 0x71, 0x8c, 0x7c, 0xf6, - 0x4b, 0x50, 0x4a, 0x92, 0x92, 0x4b, 0x30, 0x84, 0x1f, 0xa0, 0xd9, 0xf2, 0x27, 0x38, 0x60, 0xf9, - 0xd9, 0x7b, 0x62, 0xee, 0x2c, 0xc3, 0x94, 0x78, 0x0a, 0x37, 0x75, 0x70, 0xb8, 0x5e, 0xe5, 0x4b, - 0x7a, 0x5a, 0x0f, 0x97, 0x20, 0xb2, 0xfe, 0x38, 0x07, 0x67, 0x7a, 0xde, 0xc8, 0xc9, 0x86, 0x39, - 0x60, 0x2f, 0x1f, 0x75, 0x85, 0x3f, 0x72, 0xac, 0xce, 0xfe, 0xb8, 0x9c, 0xfb, 0xef, 0xc1, 0x44, - 0xad, 0xbb, 0x95, 0xbc, 0x64, 0xf1, 0xb0, 0x03, 0x1a, 0x5c, 0x3f, 0xc1, 0x74, 0x7c, 0xd6, 0x7e, - 0xf9, 0xd6, 0x2f, 0x6c, 0x4a, 0x34, 0xfb, 0x2a, 0xe5, 0xc0, 0x87, 0x2e, 0xa2, 0x86, 0x45, 0x91, - 0x49, 0x64, 0xfd, 0x72, 0x3e, 0xfb, 0xb6, 0xca, 0x6e, 0xf7, 0xc7, 0xb8, 0xad, 0xde, 0x5e, 0xdc, - 0x38, 0xba, 0xed, 0xff, 0x85, 0x6c, 0x3b, 0x3e, 0x7d, 0x8a, 0x1d, 0x4f, 0x2a, 0x14, 0xc5, 0xd3, - 0xa7, 0xdc, 0x1d, 0x43, 0xf3, 0xe9, 0x53, 0x22, 0x93, 0x37, 0x61, 0x6c, 0xd5, 0xe7, 0xae, 0xdb, - 0xb2, 0xc5, 0xdc, 0xc3, 0x4d, 0x02, 0xf5, 0xed, 0x51, 0x61, 0xb2, 0xbb, 0x85, 0x39, 0xf0, 0xd2, - 0x8c, 0x0c, 0xef, 0x16, 0x89, 0xe9, 0x62, 0xaa, 0xdd, 0x4c, 0x32, 0xeb, 0x3f, 0x19, 0x06, 0xeb, - 0x68, 0xa5, 0x01, 0xf9, 0xd0, 0xec, 0xbb, 0xab, 0x03, 0xab, 0x1b, 0x06, 0xda, 0x72, 0x2b, 0xdd, - 0x86, 0x47, 0xdb, 0x75, 0xd3, 0xef, 0x5a, 0xc0, 0xf4, 0x2d, 0x50, 0xe2, 0x7d, 0x12, 0x37, 0xa8, - 0xb3, 0xff, 0x65, 0x21, 0x5e, 0x6a, 0x89, 0xa3, 0x31, 0xf7, 0x09, 0x8e, 0x46, 0x72, 0x17, 0x4a, - 0x3a, 0x44, 0x7b, 0x03, 0x45, 0xc9, 0xc5, 0x60, 0x94, 0xf8, 0xa8, 0x14, 0xa1, 0x79, 0xbe, 0x16, - 0x06, 0x3f, 0x5f, 0x63, 0xf1, 0x1d, 0xeb, 0x1f, 0x4a, 0x8b, 0xef, 0x49, 0x57, 0x47, 0x0d, 0x5d, - 0xfa, 0x69, 0x87, 0xe2, 0xd0, 0x1a, 0x36, 0xfd, 0xb4, 0x33, 0x0e, 0x2e, 0x1d, 0x5d, 0xba, 0x9a, - 0xe3, 0x4f, 0xcd, 0xd3, 0x52, 0xb9, 0x9a, 0x73, 0xfa, 0x2c, 0x57, 0x73, 0x45, 0xc2, 0x0e, 0x40, - 0xbb, 0xdb, 0xe6, 0x41, 0x66, 0x47, 0xe3, 0x03, 0x30, 0xe8, 0xb6, 0x9d, 0x64, 0xa0, 0x59, 0x85, - 0x68, 0xfd, 0x78, 0x1e, 0xa6, 0xf8, 0x86, 0xcb, 0x9f, 0x32, 0x9e, 0xd9, 0x67, 0xa2, 0xb7, 0x8d, - 0x67, 0x22, 0x19, 0x55, 0x47, 0x6f, 0xda, 0x40, 0x8f, 0x44, 0xbb, 0x40, 0xd2, 0x34, 0xc4, 0x86, - 0x09, 0x1d, 0xda, 0xff, 0x7d, 0xe8, 0x7a, 0x1c, 0x80, 0x49, 0x9c, 0x77, 0xf8, 0x48, 0x17, 0xda, - 0x06, 0x0f, 0xeb, 0x2f, 0xe7, 0x61, 0x52, 0x7b, 0xce, 0x7f, 0x66, 0x3b, 0xfe, 0x4b, 0x46, 0xc7, - 0xcf, 0x29, 0x77, 0x0f, 0xd5, 0xb2, 0x81, 0xfa, 0xbd, 0x0b, 0x33, 0x29, 0x92, 0xa4, 0x55, 0x44, - 0x6e, 0x10, 0xab, 0x88, 0xd7, 0xd3, 0xd1, 0x5c, 0x78, 0x50, 0x64, 0x15, 0x22, 0x40, 0x0f, 0x1f, - 0xf3, 0x13, 0x79, 0x38, 0x21, 0x7e, 0x61, 0xf8, 0x33, 0x2e, 0x71, 0x3c, 0xb3, 0x63, 0x51, 0x31, - 0xc6, 0xa2, 0x6c, 0x8e, 0x85, 0xd6, 0xc0, 0xde, 0x43, 0x62, 0xfd, 0x05, 0x80, 0xb9, 0x5e, 0x04, - 0x03, 0x7b, 0x55, 0xc6, 0x3e, 0x2b, 0xf9, 0x01, 0x7c, 0x56, 0x56, 0xa1, 0x84, 0x55, 0x89, 0x00, - 0x47, 0x21, 0xbb, 0xb7, 0x16, 0xe2, 0x4b, 0x22, 0x8f, 0x51, 0x27, 0x02, 0x2e, 0x85, 0x89, 0x8b, - 0x6b, 0x8a, 0x92, 0xfc, 0x62, 0x0e, 0xa6, 0x10, 0xb8, 0xfc, 0x98, 0xb6, 0x23, 0x64, 0x36, 0x24, - 0x5c, 0x2c, 0xd4, 0x2b, 0x52, 0x2d, 0x0a, 0xbc, 0xf6, 0x8e, 0x78, 0x46, 0xda, 0x12, 0xcf, 0x48, - 0xef, 0xf0, 0xe7, 0xaf, 0xab, 0x75, 0xbf, 0x75, 0x6d, 0x27, 0x70, 0x1f, 0x7b, 0xdc, 0x52, 0xc5, - 0x6d, 0x5e, 0x8b, 0x63, 0xf2, 0x77, 0xbc, 0x44, 0x94, 0x7d, 0xc1, 0x0a, 0x9f, 0xe8, 0xf8, 0x87, - 0x52, 0xac, 0x36, 0x79, 0xbf, 0x36, 0xbf, 0x88, 0xfc, 0x10, 0x9c, 0xe6, 0xd1, 0x4b, 0xd8, 0x35, - 0xcd, 0x6b, 0x77, 0xfd, 0x6e, 0xb8, 0xe0, 0xd6, 0x1f, 0x31, 0x59, 0x8d, 0xbb, 0x89, 0x61, 0xcb, - 0xeb, 0xaa, 0xd0, 0xd9, 0xe2, 0xa5, 0x86, 0x5b, 0x6c, 0x36, 0x03, 0xb2, 0x02, 0x33, 0xbc, 0xa8, - 0xd2, 0x8d, 0xfc, 0x5a, 0xdd, 0x6d, 0x7a, 0xed, 0x1d, 0x3c, 0x10, 0x8a, 0xfc, 0x3c, 0x72, 0xbb, - 0x91, 0xef, 0x84, 0x1c, 0xae, 0x5f, 0xb7, 0x53, 0x44, 0xa4, 0x0a, 0xd3, 0x36, 0x75, 0x1b, 0xf7, - 0xdc, 0x27, 0x8b, 0x6e, 0xc7, 0xad, 0xb3, 0xcb, 0x7b, 0x11, 0x9f, 0x5c, 0xf1, 0x54, 0x0e, 0xa8, - 0xdb, 0x70, 0x5a, 0xee, 0x13, 0xa7, 0x2e, 0x0a, 0x4d, 0xbd, 0xab, 0x41, 0xa7, 0x58, 0x79, 0x6d, - 0xc5, 0x6a, 0x2c, 0xc9, 0xca, 0x6b, 0xf7, 0x66, 0x15, 0xd3, 0x49, 0x56, 0x9b, 0x6e, 0xb0, 0x43, - 0x23, 0x6e, 0xe8, 0x09, 0x17, 0x72, 0x97, 0x73, 0x1a, 0xab, 0x08, 0xcb, 0x1c, 0x34, 0xfa, 0x4c, - 0xb2, 0xd2, 0xe8, 0xd8, 0xcc, 0x7b, 0x18, 0x78, 0x11, 0xd5, 0x5b, 0x38, 0x8e, 0x9f, 0x85, 0xfd, - 0x8f, 0x26, 0xb2, 0xbd, 0x9a, 0x98, 0xa2, 0x8c, 0xb9, 0x69, 0x8d, 0x9c, 0x48, 0x71, 0xcb, 0x6e, - 0x65, 0x8a, 0x52, 0x71, 0xd3, 0xdb, 0x39, 0x89, 0xed, 0xd4, 0xb8, 0xf5, 0x68, 0x68, 0x8a, 0x92, - 0xac, 0xb1, 0x4e, 0x8b, 0x68, 0x9b, 0xcd, 0x68, 0x61, 0xe8, 0x3a, 0x85, 0x9f, 0xf6, 0x92, 0xb0, - 0xd6, 0x2a, 0x05, 0xb2, 0xd8, 0xc9, 0x30, 0x7b, 0x4d, 0x12, 0x93, 0x3f, 0x03, 0xd3, 0xf7, 0x43, - 0x7a, 0xab, 0xba, 0x51, 0x93, 0xc1, 0x4e, 0x50, 0x43, 0x34, 0x35, 0x7f, 0xfd, 0x88, 0x4d, 0xe7, - 0xaa, 0x4e, 0x83, 0xa1, 0xf1, 0xf9, 0xb8, 0x75, 0x43, 0xea, 0x6c, 0x7b, 0x9d, 0x50, 0x45, 0x8e, - 0xd2, 0xc7, 0x2d, 0x51, 0x95, 0xb5, 0x02, 0x33, 0x29, 0x36, 0x64, 0x0a, 0x80, 0x01, 0x9d, 0xfb, - 0x6b, 0xb5, 0xe5, 0xcd, 0xd2, 0x73, 0xa4, 0x04, 0x13, 0xf8, 0x7b, 0x79, 0xad, 0xb2, 0xb0, 0xba, - 0xbc, 0x54, 0xca, 0x91, 0x19, 0x98, 0x44, 0xc8, 0x52, 0xb5, 0xc6, 0x41, 0x79, 0x1e, 0x18, 0xd9, - 0x2e, 0xf1, 0xa5, 0x1b, 0xb1, 0x05, 0x80, 0x67, 0x8a, 0xf5, 0xd7, 0xf3, 0x70, 0x46, 0x1e, 0x2b, - 0x34, 0x62, 0x22, 0x98, 0xd7, 0xde, 0x79, 0xc6, 0x4f, 0x87, 0x5b, 0xc6, 0xe9, 0xf0, 0x52, 0xe2, - 0xa4, 0x4e, 0xb4, 0xb2, 0xcf, 0x11, 0xf1, 0x1b, 0x63, 0x70, 0xae, 0x2f, 0x15, 0xf9, 0x32, 0x3b, - 0xcd, 0x3d, 0xda, 0x8e, 0xaa, 0x8d, 0x26, 0xdd, 0xf4, 0x5a, 0xd4, 0xef, 0x46, 0xc2, 0xb0, 0xfa, - 0x22, 0x2a, 0x65, 0xb0, 0xd0, 0xf1, 0x1a, 0x4d, 0xea, 0x44, 0xbc, 0xd8, 0x98, 0x6e, 0x69, 0x6a, - 0xc6, 0x52, 0xa5, 0xe9, 0xa8, 0xb6, 0x23, 0x1a, 0x3c, 0x46, 0x13, 0x2e, 0xc5, 0xf2, 0x11, 0xa5, - 0x1d, 0xc7, 0x65, 0xa5, 0x8e, 0x27, 0x8a, 0x4d, 0x96, 0x29, 0x6a, 0x72, 0x4b, 0x63, 0xb9, 0xc8, - 0xae, 0x70, 0xf7, 0xdc, 0x27, 0xc2, 0xa6, 0x44, 0x44, 0xbd, 0x53, 0x2c, 0xb9, 0x27, 0x67, 0xcb, - 0x7d, 0x62, 0xa7, 0x49, 0xc8, 0xd7, 0xe1, 0xa4, 0x38, 0x80, 0x84, 0x27, 0xbe, 0x6c, 0x31, 0xf7, - 0xf3, 0x7f, 0xe5, 0xf0, 0xa0, 0x7c, 0x5a, 0xc6, 0x0b, 0x94, 0xb1, 0x17, 0xb2, 0x5a, 0x9d, 0xcd, - 0x85, 0x6c, 0xb2, 0x03, 0x39, 0xd1, 0x1d, 0xf7, 0x68, 0x18, 0x4a, 0x17, 0x23, 0x71, 0xbd, 0xd1, - 0x3b, 0xd3, 0x69, 0xf1, 0x72, 0xbb, 0x27, 0x25, 0x59, 0x81, 0xa9, 0x87, 0x74, 0x4b, 0x1f, 0x9f, - 0x11, 0xb5, 0x55, 0x95, 0xf6, 0xe8, 0x56, 0xef, 0xc1, 0x49, 0xd0, 0x11, 0x0f, 0x95, 0xbc, 0x4f, - 0xf6, 0x57, 0xbd, 0x30, 0xa2, 0x6d, 0x1a, 0x60, 0x84, 0x97, 0x51, 0xdc, 0x0c, 0xe6, 0x62, 0x09, - 0xd9, 0x2c, 0x5f, 0x78, 0xf1, 0xf0, 0xa0, 0x7c, 0x8e, 0xfb, 0xea, 0x35, 0x05, 0xdc, 0x49, 0x24, - 0xb9, 0x48, 0x73, 0x25, 0xdf, 0x84, 0x69, 0xdb, 0xef, 0x46, 0x5e, 0x7b, 0xa7, 0x16, 0x05, 0x6e, - 0x44, 0x77, 0xf8, 0x81, 0x14, 0x87, 0x92, 0x49, 0x94, 0x8a, 0xf7, 0x41, 0x0e, 0x74, 0x42, 0x01, - 0x35, 0x4e, 0x04, 0x93, 0x80, 0x7c, 0x03, 0xa6, 0xb8, 0x0f, 0xb6, 0xaa, 0x60, 0xcc, 0x08, 0xd0, - 0x6d, 0x16, 0x3e, 0xb8, 0x2e, 0x4c, 0x00, 0x10, 0x9a, 0x55, 0x41, 0x82, 0x1b, 0xf9, 0xaa, 0xe8, - 0xac, 0x0d, 0xaf, 0xbd, 0xa3, 0xa6, 0x31, 0x60, 0xcf, 0xbf, 0x11, 0x77, 0x49, 0x87, 0x7d, 0xae, - 0x9c, 0xc6, 0x3d, 0xec, 0x99, 0xd2, 0x7c, 0x48, 0x04, 0xe7, 0x2a, 0x61, 0xe8, 0x85, 0x91, 0x70, - 0x3f, 0x58, 0x7e, 0x42, 0xeb, 0x5d, 0x86, 0xcc, 0x2e, 0x8a, 0x34, 0xe0, 0x06, 0xb0, 0xc3, 0x0b, - 0x57, 0x0f, 0x0f, 0xca, 0xaf, 0xba, 0x88, 0xe8, 0x08, 0x8f, 0x05, 0x87, 0x4a, 0x54, 0x67, 0x8f, - 0xe3, 0x6a, 0x6d, 0xe8, 0xcf, 0x94, 0x7c, 0x03, 0x4e, 0x2d, 0xba, 0x21, 0xad, 0xb6, 0x43, 0xda, - 0x0e, 0xbd, 0xc8, 0x7b, 0x4c, 0x45, 0xa7, 0xe2, 0xe1, 0x57, 0xc4, 0x74, 0x20, 0x56, 0xdd, 0x0d, - 0xd9, 0xc2, 0x54, 0x28, 0x8e, 0x18, 0x14, 0xad, 0x9a, 0x1e, 0x5c, 0x88, 0x0d, 0x53, 0xb5, 0xda, - 0xca, 0x92, 0xe7, 0xaa, 0x75, 0x35, 0x89, 0xfd, 0xf5, 0x2a, 0xea, 0x67, 0xc2, 0x5d, 0xa7, 0xe1, - 0xb9, 0x6a, 0x41, 0xf5, 0xe8, 0xac, 0x04, 0x07, 0xeb, 0x20, 0x07, 0xa5, 0xe4, 0x50, 0x92, 0xaf, - 0xc0, 0x18, 0x37, 0x06, 0xa2, 0xe1, 0xae, 0x70, 0x49, 0x96, 0xb6, 0x25, 0x0a, 0x6e, 0x12, 0x09, - 0x77, 0x20, 0x6e, 0x6a, 0x44, 0x75, 0xbb, 0x05, 0x74, 0x07, 0x92, 0x44, 0xa4, 0x01, 0x13, 0x7c, - 0xb4, 0x28, 0xc6, 0x91, 0x12, 0x36, 0xa1, 0x2f, 0xea, 0xab, 0x43, 0x14, 0x25, 0xf8, 0xe3, 0xd3, - 0x8f, 0x98, 0x13, 0x1c, 0xc1, 0xa8, 0xc2, 0xe0, 0xba, 0x00, 0x50, 0x94, 0x84, 0xd6, 0x19, 0x38, - 0xdd, 0xe3, 0x9b, 0xad, 0xc7, 0xf8, 0x1c, 0xdc, 0xa3, 0x46, 0xf2, 0x15, 0x38, 0x81, 0x84, 0x8b, - 0x7e, 0xbb, 0x4d, 0xeb, 0x11, 0x6e, 0x47, 0x52, 0x85, 0x5a, 0xe0, 0x36, 0x07, 0xbc, 0xbd, 0x75, - 0x85, 0xe0, 0x24, 0x35, 0xa9, 0x99, 0x1c, 0xac, 0x9f, 0xc9, 0xc3, 0x9c, 0xd8, 0xe1, 0x6c, 0x5a, - 0xf7, 0x83, 0xc6, 0xb3, 0x7f, 0xa2, 0x2e, 0x1b, 0x27, 0xea, 0x45, 0x15, 0x83, 0x22, 0xab, 0x91, - 0x7d, 0x0e, 0xd4, 0x5f, 0xce, 0xc1, 0x0b, 0xfd, 0x88, 0x58, 0xef, 0xa8, 0xb8, 0x59, 0x63, 0xa9, - 0xf8, 0x58, 0x1d, 0x98, 0xc5, 0x01, 0x5d, 0xdc, 0xa5, 0xf5, 0x47, 0xe1, 0x8a, 0x1f, 0x46, 0x68, - 0x92, 0x9e, 0xef, 0xf1, 0x60, 0xf9, 0x7a, 0xe6, 0x83, 0xe5, 0x29, 0x3e, 0xcb, 0xea, 0xc8, 0x83, - 0x47, 0xf6, 0x7a, 0x44, 0xf7, 0x43, 0x3b, 0x8b, 0x35, 0x9a, 0x17, 0x57, 0xba, 0xd1, 0xee, 0x46, - 0x40, 0xb7, 0x69, 0x40, 0xdb, 0x75, 0xfa, 0x03, 0x66, 0x5e, 0x6c, 0x36, 0x6e, 0x20, 0x0d, 0xc6, - 0x2f, 0x4f, 0xc0, 0x89, 0x2c, 0x32, 0xd6, 0x2f, 0xda, 0xa5, 0x39, 0x99, 0xad, 0xec, 0xcf, 0xe7, - 0x60, 0xa2, 0x46, 0xeb, 0x7e, 0xbb, 0x71, 0x0b, 0xcd, 0x42, 0x44, 0xef, 0x38, 0x5c, 0x68, 0x60, - 0x70, 0x67, 0x3b, 0x61, 0x2f, 0xf2, 0xf1, 0x41, 0xf9, 0x83, 0xc1, 0xee, 0xaa, 0x75, 0x1f, 0xe3, - 0x48, 0x44, 0x18, 0x4d, 0x5b, 0x55, 0x81, 0x2f, 0x3c, 0x46, 0xa5, 0x64, 0x01, 0x26, 0xc5, 0x72, - 0xf5, 0xf5, 0xb0, 0x69, 0x3c, 0x4c, 0x87, 0x2c, 0x48, 0xe9, 0x1f, 0x0d, 0x12, 0x72, 0x03, 0x0a, - 0xf7, 0xe7, 0x6f, 0x89, 0x31, 0x90, 0xf1, 0xc8, 0xef, 0xcf, 0xdf, 0x42, 0x75, 0x18, 0xbb, 0x62, - 0x4c, 0x76, 0xe7, 0x0d, 0x4b, 0x8d, 0xfb, 0xf3, 0xb7, 0xc8, 0x9f, 0x83, 0x93, 0x4b, 0x5e, 0x28, - 0xaa, 0xe0, 0x86, 0xee, 0x0d, 0x74, 0xec, 0x1a, 0xe9, 0x31, 0x7b, 0xbf, 0x90, 0x39, 0x7b, 0x5f, - 0x6c, 0x28, 0x26, 0x0e, 0xb7, 0xa2, 0x6f, 0x24, 0xc3, 0xc3, 0x65, 0xd7, 0x43, 0x3e, 0x82, 0x29, - 0xd4, 0x9d, 0xa3, 0xed, 0x3f, 0x46, 0xe4, 0x1d, 0xed, 0x51, 0xf3, 0xe7, 0x32, 0x6b, 0x3e, 0xcb, - 0xdd, 0xc3, 0xd1, 0x83, 0x00, 0xa3, 0xf7, 0x1a, 0xb7, 0x7e, 0x83, 0x33, 0xb9, 0x03, 0xd3, 0x42, - 0xfc, 0x5a, 0xdf, 0xde, 0xdc, 0xa5, 0x4b, 0xee, 0xbe, 0x30, 0xb2, 0xc0, 0x1b, 0x9d, 0x90, 0xd9, - 0x1c, 0x7f, 0xdb, 0x89, 0x76, 0xa9, 0xd3, 0x70, 0x0d, 0x41, 0x25, 0x41, 0x48, 0x7e, 0x18, 0xc6, - 0x57, 0xfd, 0x3a, 0x93, 0xbc, 0x71, 0x67, 0xe0, 0x76, 0x17, 0x1f, 0x62, 0x3e, 0x2c, 0x0e, 0x4e, - 0x88, 0x53, 0x1f, 0x1f, 0x94, 0xdf, 0x3e, 0xee, 0xa4, 0xd1, 0x2a, 0xb0, 0xf5, 0xda, 0xc8, 0x22, - 0x14, 0x1f, 0xd2, 0x2d, 0xd6, 0xda, 0x64, 0xae, 0x1c, 0x09, 0x16, 0x66, 0x55, 0xe2, 0x97, 0x61, - 0x56, 0x25, 0x60, 0x24, 0x80, 0x19, 0xec, 0x9f, 0x0d, 0x37, 0x0c, 0xf7, 0xfc, 0xa0, 0x81, 0x41, - 0xd1, 0x7b, 0x99, 0x74, 0xcc, 0x67, 0x76, 0xfe, 0x0b, 0xbc, 0xf3, 0x3b, 0x1a, 0x07, 0x5d, 0x80, - 0x4c, 0xb1, 0x27, 0xdf, 0x84, 0x29, 0xe1, 0xd3, 0x7c, 0xef, 0x56, 0x05, 0x57, 0xe5, 0x84, 0xe1, - 0x1e, 0x67, 0x16, 0x72, 0x29, 0x55, 0xb8, 0x48, 0x4b, 0x0d, 0x94, 0xd3, 0xda, 0x76, 0xcd, 0x57, - 0x33, 0x9d, 0x84, 0x6c, 0xc0, 0xf8, 0x12, 0x7d, 0xec, 0xd5, 0x29, 0x3a, 0xf1, 0x08, 0x23, 0x5a, - 0x95, 0xec, 0x23, 0x2e, 0xe1, 0xba, 0x98, 0x06, 0x02, 0xb8, 0x4b, 0x90, 0x69, 0x35, 0xa9, 0x10, - 0xc9, 0x4d, 0x28, 0x54, 0x97, 0x36, 0x84, 0x0d, 0xad, 0xf4, 0x8d, 0xa9, 0x36, 0x36, 0x64, 0x6a, - 0x04, 0x34, 0x82, 0xf2, 0x1a, 0x86, 0x05, 0x6e, 0x75, 0x69, 0x83, 0x6c, 0xc3, 0x24, 0x76, 0xc0, - 0x0a, 0x75, 0x79, 0xdf, 0x4e, 0xf7, 0xe8, 0xdb, 0xab, 0x99, 0x7d, 0x3b, 0xc7, 0xfb, 0x76, 0x57, - 0x50, 0x1b, 0xb1, 0xde, 0x75, 0xb6, 0x4c, 0xa4, 0x15, 0xf9, 0x27, 0x64, 0x84, 0xf2, 0xcd, 0x55, - 0x34, 0xf2, 0x10, 0x22, 0xad, 0x4c, 0x57, 0xa1, 0x42, 0xa6, 0xf7, 0x34, 0xd1, 0x4f, 0xf3, 0x21, - 0x5f, 0x82, 0xa1, 0xf5, 0x47, 0x91, 0x3b, 0x37, 0x63, 0xf4, 0x23, 0x03, 0xc9, 0xe6, 0xa3, 0x16, - 0xd2, 0x7f, 0x64, 0x04, 0x10, 0x42, 0x1a, 0x32, 0x0f, 0xa3, 0x1b, 0xd5, 0x07, 0xb5, 0xa6, 0x1f, - 0xcd, 0x11, 0x75, 0x4f, 0x22, 0x1d, 0xef, 0xb1, 0x13, 0x36, 0x7d, 0x33, 0x87, 0x8d, 0x44, 0x64, - 0xc3, 0xb7, 0xe2, 0x06, 0x8d, 0x3d, 0x37, 0x40, 0xdf, 0xcb, 0x59, 0xa3, 0x5a, 0xad, 0x84, 0x0f, - 0xdf, 0xae, 0x00, 0x24, 0x1c, 0x32, 0x75, 0x16, 0x42, 0xc3, 0x30, 0x23, 0xa6, 0x89, 0x68, 0xda, - 0xbd, 0x5b, 0x15, 0xeb, 0x3f, 0xcb, 0xe1, 0x86, 0x49, 0x5e, 0xc5, 0x18, 0x23, 0xea, 0xe9, 0x0c, - 0x75, 0xa5, 0x6e, 0x27, 0x11, 0xd5, 0x97, 0xa3, 0x90, 0xd7, 0x61, 0xe4, 0x96, 0x5b, 0xa7, 0x91, - 0x7c, 0xe0, 0x44, 0xe4, 0x6d, 0x84, 0xe8, 0x8a, 0x55, 0x8e, 0xc3, 0x64, 0x39, 0x3e, 0x91, 0x2a, - 0x71, 0xf2, 0xd0, 0xc5, 0x8a, 0x7c, 0xdf, 0x44, 0x59, 0x4e, 0x4c, 0x40, 0x2d, 0xbb, 0x68, 0xc2, - 0x16, 0x38, 0x93, 0x83, 0xf5, 0x47, 0xb9, 0x78, 0x07, 0x20, 0xaf, 0xc0, 0x90, 0xbd, 0xa1, 0xbe, - 0x9f, 0xfb, 0x21, 0x26, 0x3e, 0x1f, 0x11, 0xc8, 0x57, 0xe1, 0xa4, 0xc6, 0x27, 0x65, 0x98, 0xfc, - 0x32, 0x3a, 0xca, 0x69, 0x5f, 0x92, 0x6d, 0x9d, 0x9c, 0xcd, 0x03, 0x05, 0xd7, 0xb8, 0x60, 0x89, - 0xb6, 0x3d, 0xce, 0x5b, 0x6b, 0xac, 0xce, 0xbb, 0x81, 0x08, 0xc9, 0xc6, 0x66, 0x71, 0xe0, 0xbe, - 0x72, 0xd6, 0xaf, 0xe7, 0x8c, 0x95, 0xad, 0xb2, 0x34, 0xe6, 0x8e, 0xc8, 0xd2, 0xf8, 0x16, 0x40, - 0xa5, 0x1b, 0xf9, 0xcb, 0xed, 0xc0, 0x6f, 0x72, 0x8d, 0x85, 0x08, 0x6c, 0x8d, 0x7a, 0x58, 0x8a, - 0x60, 0xc3, 0xa5, 0x47, 0x21, 0x67, 0xda, 0x70, 0x17, 0x3e, 0xa9, 0x0d, 0xb7, 0xf5, 0x3b, 0x39, - 0x63, 0x6e, 0x33, 0x89, 0x4c, 0x2e, 0x0f, 0xcd, 0xc4, 0x26, 0xbd, 0x3c, 0xe2, 0xc5, 0xf1, 0x6f, - 0xe6, 0xe0, 0x14, 0x37, 0x86, 0x5e, 0xeb, 0xb6, 0xb6, 0x68, 0xf0, 0xc0, 0x6d, 0x7a, 0x0d, 0xee, - 0x0b, 0xca, 0x85, 0xcd, 0xcb, 0xe9, 0x85, 0x92, 0x8d, 0xcf, 0x2f, 0x85, 0xdc, 0x38, 0xdb, 0x69, - 0x63, 0xa1, 0xf3, 0x58, 0x95, 0xea, 0x97, 0xc2, 0x6c, 0x7a, 0xeb, 0x57, 0x72, 0xf0, 0xe2, 0x91, - 0xb5, 0x90, 0x6b, 0x30, 0x2a, 0x23, 0x8a, 0xe7, 0xb0, 0xe3, 0xd1, 0x30, 0x31, 0x1d, 0x4d, 0x5c, - 0x62, 0x91, 0xaf, 0xc1, 0x49, 0x9d, 0xd5, 0x66, 0xe0, 0x7a, 0x7a, 0xdc, 0xee, 0x8c, 0xaf, 0x8e, - 0x18, 0x4a, 0x52, 0x32, 0xca, 0x66, 0x62, 0xfd, 0x3f, 0x39, 0x2d, 0x6f, 0xeb, 0x33, 0x2a, 0x2f, - 0xdf, 0x34, 0xe4, 0x65, 0x19, 0xdd, 0x4d, 0xb5, 0x8a, 0x95, 0x65, 0xde, 0x71, 0xa6, 0x35, 0x03, - 0x5b, 0x04, 0x7c, 0x37, 0x0f, 0xe3, 0xf7, 0x43, 0x1a, 0xf0, 0x47, 0xd3, 0x1f, 0xac, 0x28, 0x5e, - 0xaa, 0x5d, 0x03, 0xc5, 0x59, 0xfa, 0x83, 0x1c, 0x2a, 0xd3, 0x75, 0x0a, 0xd6, 0x1b, 0x5a, 0xae, - 0x26, 0xec, 0x0d, 0xcc, 0xd2, 0x84, 0x50, 0x1e, 0xde, 0x67, 0xd5, 0x4c, 0xdb, 0x86, 0xb9, 0xfb, - 0x56, 0xc9, 0x07, 0x30, 0x7c, 0x1f, 0x55, 0x83, 0xa6, 0xdf, 0xbf, 0xe2, 0x8f, 0x85, 0x7c, 0x93, - 0xee, 0x86, 0x66, 0x48, 0x22, 0x4e, 0x48, 0x6a, 0x30, 0xba, 0x18, 0x50, 0xcc, 0xc2, 0x3a, 0x34, - 0xb8, 0xef, 0x6a, 0x9d, 0x93, 0x24, 0x7d, 0x57, 0x05, 0x27, 0xeb, 0xa7, 0xf3, 0x40, 0xe2, 0x36, - 0x62, 0xca, 0x91, 0xf0, 0x99, 0x1d, 0xf4, 0xf7, 0x8d, 0x41, 0x3f, 0x97, 0x1a, 0x74, 0xde, 0xbc, - 0x81, 0xc6, 0xfe, 0x37, 0x73, 0x70, 0x2a, 0x9b, 0x90, 0x5c, 0x84, 0x91, 0xf5, 0xcd, 0x0d, 0x19, - 0x3a, 0x42, 0x34, 0xc5, 0xef, 0xe0, 0xbd, 0xdc, 0x16, 0x45, 0xe4, 0x0d, 0x18, 0xf9, 0xb2, 0xbd, - 0xc8, 0xce, 0x21, 0x2d, 0x36, 0xf6, 0xb7, 0x02, 0xa7, 0x6e, 0x1e, 0x45, 0x02, 0x49, 0x1f, 0xdb, - 0xc2, 0x53, 0x1b, 0xdb, 0x9f, 0xc8, 0xc3, 0x74, 0xa5, 0x5e, 0xa7, 0x61, 0xc8, 0x84, 0x1c, 0x1a, - 0x46, 0xcf, 0xec, 0xc0, 0x66, 0x07, 0x85, 0x30, 0xda, 0x36, 0xd0, 0xa8, 0xfe, 0x76, 0x0e, 0x4e, - 0x4a, 0xaa, 0xc7, 0x1e, 0xdd, 0xdb, 0xdc, 0x0d, 0x68, 0xb8, 0xeb, 0x37, 0x1b, 0x03, 0x07, 0xe0, - 0x67, 0x82, 0x1e, 0x46, 0xd5, 0xd5, 0x5f, 0xd0, 0xb7, 0x11, 0x62, 0x08, 0x7a, 0x3c, 0xf2, 0xee, - 0x35, 0x18, 0xad, 0x74, 0x3a, 0x81, 0xff, 0x98, 0x2f, 0x7b, 0x11, 0x74, 0xcc, 0xe5, 0x20, 0xc3, - 0xf5, 0x97, 0x83, 0xd8, 0x67, 0x2c, 0xd1, 0x36, 0x0f, 0xa7, 0x35, 0xc9, 0x3f, 0xa3, 0x41, 0xdb, - 0xba, 0x0c, 0x8b, 0xe5, 0x56, 0x0d, 0xc8, 0x46, 0xe0, 0xb7, 0xfc, 0x88, 0x36, 0x78, 0x7b, 0xd0, - 0x63, 0xfa, 0xc8, 0xf0, 0x3b, 0x9b, 0x5e, 0xd4, 0x34, 0xc2, 0xef, 0x44, 0x0c, 0x60, 0x73, 0xb8, - 0xf5, 0x7f, 0x0e, 0xc3, 0x84, 0xde, 0x3b, 0xc4, 0xe2, 0x51, 0xb5, 0xfd, 0x40, 0x77, 0xdb, 0x77, - 0x11, 0x62, 0x8b, 0x92, 0x38, 0xda, 0x45, 0xfe, 0xc8, 0x68, 0x17, 0x0f, 0x61, 0x72, 0x23, 0xf0, - 0x31, 0x3a, 0x1a, 0xcf, 0xce, 0xcd, 0xb7, 0xc2, 0x59, 0xed, 0x8e, 0xc7, 0x06, 0x12, 0xdf, 0x1e, - 0x51, 0xc3, 0xd1, 0x11, 0xd8, 0x4e, 0x32, 0x77, 0xb7, 0xc9, 0x87, 0x9b, 0x35, 0xb8, 0xa1, 0x08, - 0x71, 0xa8, 0xcc, 0x1a, 0x18, 0xc4, 0x34, 0x6b, 0x60, 0x10, 0x7d, 0xad, 0x0d, 0x3f, 0xad, 0xb5, - 0x46, 0x7e, 0x3a, 0x07, 0xe3, 0x95, 0x76, 0x5b, 0x44, 0xd1, 0x38, 0xc2, 0x8d, 0xf8, 0x6b, 0xc2, - 0xb2, 0xe1, 0xed, 0x4f, 0x64, 0xd9, 0x80, 0x72, 0x4b, 0x88, 0x92, 0x6a, 0x5c, 0xa1, 0x7e, 0xcb, - 0xd1, 0xbe, 0x83, 0xbc, 0x0d, 0x25, 0x35, 0xc9, 0xab, 0xed, 0x06, 0x7d, 0x42, 0xc3, 0xb9, 0xd1, - 0x0b, 0x85, 0xcb, 0x93, 0x22, 0xb8, 0xa9, 0x2e, 0x99, 0x26, 0x11, 0xc9, 0x26, 0x80, 0xab, 0x66, - 0x57, 0x22, 0x2f, 0x5a, 0x7a, 0xfa, 0x09, 0xe9, 0x19, 0x7f, 0xe3, 0xe3, 0x91, 0x2e, 0x3d, 0xc7, - 0x7c, 0x48, 0x0b, 0xa6, 0x79, 0x52, 0x32, 0x4c, 0x56, 0x8e, 0x31, 0xbc, 0xe1, 0xc8, 0x71, 0x78, - 0x45, 0xe8, 0xaa, 0x9e, 0x17, 0xa9, 0xce, 0x30, 0xff, 0xb9, 0x93, 0x11, 0xd0, 0x3b, 0xc9, 0x9b, - 0x87, 0x92, 0xb5, 0x4f, 0xa7, 0xbf, 0x97, 0x4f, 0xfa, 0x9f, 0xc8, 0xc1, 0x29, 0x7d, 0xd2, 0xd7, - 0xba, 0x5b, 0x2d, 0x0f, 0xef, 0x82, 0xe4, 0x2a, 0x8c, 0x89, 0x39, 0xa9, 0x2e, 0x51, 0xe9, 0x50, - 0xe4, 0x31, 0x0a, 0x59, 0x66, 0xd3, 0x90, 0xf1, 0x10, 0x52, 0xf7, 0x6c, 0x62, 0x9f, 0x62, 0x45, - 0x71, 0xc2, 0xcb, 0x00, 0x7f, 0x9b, 0xf3, 0x93, 0x41, 0xac, 0xf7, 0x60, 0xc6, 0x1c, 0x89, 0x1a, - 0x8d, 0xc8, 0x15, 0x18, 0x95, 0xc3, 0x97, 0xcb, 0x1e, 0x3e, 0x59, 0x6e, 0x3d, 0x04, 0x92, 0xa2, - 0x0f, 0xd1, 0x04, 0x89, 0x46, 0xd2, 0x44, 0x4e, 0x3e, 0x00, 0xa6, 0x10, 0x17, 0x66, 0xc5, 0xf7, - 0x8d, 0x1b, 0x76, 0xdc, 0x8c, 0xd4, 0xfa, 0xa3, 0x29, 0x98, 0xcd, 0xd8, 0x73, 0x8f, 0x90, 0x89, - 0xca, 0xe6, 0x06, 0x31, 0xa6, 0xa2, 0x10, 0xc8, 0x6d, 0xe1, 0x3d, 0x99, 0xac, 0xbf, 0xcf, 0x76, - 0xd0, 0x2f, 0x83, 0xff, 0x67, 0x21, 0x17, 0xe9, 0x81, 0x42, 0x86, 0x9f, 0x5a, 0xa0, 0x90, 0x05, - 0x98, 0x14, 0xad, 0x12, 0xdb, 0x95, 0x66, 0x4d, 0x1a, 0xf0, 0x02, 0x27, 0xb5, 0x6d, 0x99, 0x24, - 0x9c, 0x47, 0xe8, 0x37, 0x1f, 0x53, 0xc1, 0x63, 0x54, 0xe7, 0x81, 0x05, 0x99, 0x3c, 0x34, 0x12, - 0xf2, 0x1f, 0x62, 0x5e, 0x25, 0x84, 0xe8, 0x7b, 0x56, 0xb1, 0xdf, 0x9e, 0xd5, 0x78, 0x3a, 0x7b, - 0xd6, 0x39, 0xf9, 0x8d, 0xd9, 0x7b, 0x57, 0xc6, 0x67, 0x91, 0x5f, 0xca, 0xc1, 0x0c, 0x8f, 0x56, - 0xa1, 0x7f, 0x6c, 0xdf, 0x08, 0x04, 0xf5, 0xa7, 0xf3, 0xb1, 0x2f, 0x88, 0x7c, 0x22, 0xd9, 0xdf, - 0x9a, 0xfe, 0x28, 0xf2, 0x43, 0x00, 0x6a, 0x45, 0xf1, 0x70, 0x8e, 0xe3, 0xf3, 0x2f, 0x64, 0xec, - 0x02, 0x0a, 0x29, 0x8e, 0x7d, 0x1e, 0x29, 0x3a, 0x23, 0x9b, 0x96, 0x82, 0x92, 0x3f, 0x07, 0x27, - 0xd8, 0x7a, 0x51, 0x10, 0x11, 0x5b, 0x67, 0x6e, 0x1c, 0x6b, 0xf9, 0x7c, 0x6f, 0x99, 0xe8, 0x6a, - 0x16, 0x19, 0x0f, 0xfe, 0x19, 0x67, 0x24, 0x8d, 0x74, 0x37, 0xfc, 0xcc, 0x8a, 0x30, 0x58, 0x15, - 0x7e, 0x3d, 0x8f, 0x4f, 0xde, 0x63, 0x7f, 0x3b, 0x23, 0xd7, 0x02, 0xdf, 0xdf, 0x42, 0xd3, 0xa9, - 0x13, 0x41, 0xe4, 0xcb, 0x40, 0x54, 0x98, 0x07, 0x0e, 0xa3, 0x32, 0x76, 0x39, 0x57, 0xed, 0xc6, - 0xe1, 0x22, 0x02, 0x59, 0xac, 0x4f, 0x92, 0x34, 0x31, 0xa1, 0x70, 0x42, 0x34, 0x9a, 0x41, 0x65, - 0xd2, 0xa3, 0x70, 0x6e, 0xca, 0x88, 0x5c, 0x14, 0x97, 0xc4, 0xa9, 0x4b, 0xb5, 0xcc, 0x49, 0x86, - 0xca, 0x29, 0x8b, 0x1d, 0xb9, 0x09, 0x63, 0xe8, 0x59, 0xb9, 0x22, 0x0d, 0xab, 0x84, 0x91, 0x07, - 0xfa, 0x60, 0x3a, 0xbb, 0xa6, 0x79, 0x54, 0x8c, 0xca, 0xae, 0x03, 0x4b, 0xc1, 0xbe, 0xdd, 0x6d, - 0xa3, 0x02, 0x56, 0xe8, 0x3b, 0x1a, 0xc1, 0xbe, 0x13, 0x74, 0x4d, 0xd7, 0x5b, 0x44, 0x22, 0xdf, - 0x84, 0xf1, 0x7b, 0xee, 0x13, 0xa9, 0x7f, 0x15, 0x4a, 0xd6, 0x7e, 0x3b, 0x90, 0x25, 0x5b, 0xd3, - 0x72, 0x9f, 0x38, 0x8d, 0x6e, 0x32, 0xf4, 0x28, 0x6e, 0x43, 0x3a, 0x4b, 0xf2, 0x75, 0x00, 0x4d, - 0x2b, 0x4c, 0x8e, 0xac, 0xe0, 0x45, 0x19, 0x8b, 0x2b, 0x53, 0x5b, 0x8c, 0xfc, 0x35, 0x86, 0x09, - 0xc9, 0xe1, 0xc4, 0x67, 0x27, 0x39, 0x9c, 0xfc, 0xec, 0x24, 0x87, 0xb3, 0x5b, 0x70, 0xa6, 0xe7, - 0xd2, 0xc9, 0x08, 0x90, 0x7a, 0xcd, 0x0c, 0x90, 0x7a, 0xa6, 0xd7, 0x11, 0x1b, 0x9a, 0xe1, 0xee, - 0x67, 0x4b, 0x27, 0x7a, 0x4b, 0x27, 0xdf, 0xcf, 0x27, 0x8e, 0x5c, 0x71, 0xb1, 0xe0, 0xe9, 0x51, - 0x7a, 0xc9, 0x24, 0x79, 0x4c, 0x65, 0xc9, 0x0f, 0xe5, 0x7c, 0x7c, 0xa1, 0x49, 0x64, 0xff, 0xe6, - 0xc7, 0xf3, 0xa7, 0x3d, 0x7d, 0xdf, 0x81, 0x29, 0x9e, 0xc4, 0xee, 0x2e, 0xdd, 0xdf, 0xf3, 0x83, - 0x86, 0x4c, 0xf1, 0x8c, 0x32, 0x78, 0x2a, 0x75, 0x6c, 0x02, 0x97, 0x2c, 0x49, 0x67, 0xbd, 0x61, - 0xac, 0xfd, 0x4c, 0xe6, 0x2e, 0xc6, 0x10, 0xfa, 0xf9, 0xf1, 0x91, 0x37, 0x95, 0xa0, 0x46, 0x03, - 0x3d, 0xe8, 0x7d, 0x20, 0x81, 0x19, 0xf2, 0x1a, 0x0d, 0xac, 0xdf, 0x2b, 0x00, 0xe1, 0x35, 0x2d, - 0xba, 0x1d, 0x17, 0x5d, 0x59, 0x3d, 0x0c, 0x02, 0x53, 0x12, 0x38, 0xee, 0x56, 0x93, 0xea, 0x11, - 0x94, 0x84, 0x21, 0xab, 0x2a, 0x73, 0x92, 0x17, 0x9d, 0x14, 0x61, 0x8f, 0xad, 0x2e, 0xff, 0x69, - 0xb6, 0xba, 0x6f, 0xc2, 0xf3, 0x95, 0x0e, 0x66, 0xc3, 0x94, 0xb5, 0xdc, 0xf2, 0x03, 0xb9, 0x49, - 0x19, 0x4e, 0x52, 0xae, 0x42, 0x4b, 0x7d, 0x69, 0x3f, 0x16, 0x9a, 0x9c, 0xc2, 0xe6, 0x65, 0x27, - 0xd2, 0x9d, 0xee, 0xa5, 0x9c, 0xd2, 0xc1, 0x92, 0x0c, 0x39, 0x85, 0x93, 0x48, 0x1e, 0x5e, 0x20, - 0xe5, 0x14, 0x4c, 0xf3, 0x12, 0xf3, 0xf0, 0x02, 0xda, 0x43, 0xd6, 0x51, 0x24, 0xe4, 0x1d, 0x18, - 0xaf, 0x74, 0x23, 0x5f, 0x30, 0x16, 0x16, 0xd8, 0xb1, 0xad, 0xb4, 0xf8, 0x14, 0xe3, 0xea, 0x13, - 0xa3, 0x5b, 0x7f, 0x58, 0x80, 0x33, 0xe9, 0xe1, 0x15, 0xa5, 0x6a, 0x7d, 0xe4, 0x8e, 0x58, 0x1f, - 0x59, 0xb3, 0x21, 0x1f, 0x07, 0x21, 0x7f, 0x1a, 0xb3, 0x81, 0x27, 0xd5, 0xfc, 0x84, 0xb3, 0xa1, - 0x06, 0xe3, 0xfa, 0x79, 0x37, 0xf4, 0x49, 0xcf, 0x3b, 0x9d, 0x0b, 0xbb, 0xd4, 0xf3, 0x58, 0x03, - 0xc3, 0xf1, 0xd3, 0x51, 0x32, 0xcc, 0x00, 0xc7, 0x20, 0xff, 0x06, 0x5c, 0xe0, 0x7b, 0x52, 0xb2, - 0xb1, 0x0b, 0xfb, 0x92, 0xa3, 0x18, 0xb8, 0xf9, 0xc3, 0x83, 0xf2, 0x55, 0xae, 0x2a, 0x71, 0x52, - 0xdd, 0xe6, 0x6c, 0xed, 0x3b, 0xf2, 0xcb, 0xb4, 0x4a, 0x8e, 0xe4, 0x8d, 0x99, 0x34, 0xb5, 0x2c, - 0x87, 0x6f, 0x64, 0xb9, 0xa6, 0xf0, 0x18, 0xc0, 0x1c, 0x6c, 0x7a, 0xa5, 0x48, 0x75, 0x58, 0x3e, - 0x53, 0x1d, 0x26, 0xf5, 0x29, 0x85, 0x4c, 0x7d, 0xca, 0x12, 0x4c, 0xd7, 0xba, 0x5b, 0xb2, 0xee, - 0xa4, 0x6f, 0x5a, 0xd8, 0xdd, 0xca, 0x6a, 0x50, 0x92, 0xc4, 0xfa, 0x4b, 0x79, 0x98, 0xd8, 0x68, - 0x76, 0x77, 0xbc, 0xf6, 0x92, 0x1b, 0xb9, 0xcf, 0xac, 0x86, 0xee, 0x2d, 0x43, 0x43, 0xa7, 0x3c, - 0xb0, 0x54, 0xc3, 0x06, 0x52, 0xcf, 0xfd, 0x54, 0x0e, 0xa6, 0x63, 0x12, 0x7e, 0xce, 0xae, 0xc0, - 0x10, 0xfb, 0x21, 0xee, 0xad, 0x17, 0x52, 0x8c, 0x79, 0x6a, 0x2d, 0xf5, 0x97, 0xd0, 0x99, 0x99, - 0x79, 0x6b, 0x90, 0xc3, 0xd9, 0x2f, 0xc0, 0x58, 0xcc, 0xf6, 0x38, 0x29, 0xb5, 0x7e, 0x35, 0x07, - 0xa5, 0x64, 0x4b, 0xc8, 0x5d, 0x18, 0x65, 0x9c, 0x3c, 0x2a, 0xaf, 0xd4, 0x2f, 0xf5, 0x68, 0xf3, - 0x55, 0x81, 0xc6, 0x3f, 0x0f, 0x3b, 0x9f, 0x72, 0x88, 0x2d, 0x39, 0x9c, 0xb5, 0x61, 0x42, 0xc7, - 0xca, 0xf8, 0xba, 0xd7, 0x4d, 0xe1, 0xe2, 0x54, 0x76, 0x3f, 0x18, 0x89, 0xc0, 0x8c, 0xaf, 0x16, - 0x72, 0xc3, 0x25, 0x63, 0x72, 0x61, 0x5f, 0x25, 0xe6, 0x0d, 0x9f, 0x66, 0xf3, 0x71, 0x58, 0x72, - 0x7d, 0x9e, 0x65, 0x4c, 0x68, 0x85, 0x47, 0x5e, 0x87, 0x11, 0x5e, 0x9f, 0x9e, 0x10, 0xa7, 0x83, - 0x10, 0x5d, 0xc4, 0xe5, 0x38, 0xd6, 0xdf, 0x28, 0xc0, 0xa9, 0xf8, 0xf3, 0xee, 0x77, 0x1a, 0x6e, - 0x44, 0x37, 0xdc, 0xc0, 0x6d, 0x85, 0x47, 0xac, 0x80, 0xcb, 0xa9, 0x4f, 0xc3, 0x04, 0x29, 0xf2, - 0xd3, 0xb4, 0x0f, 0xb2, 0x12, 0x1f, 0x84, 0xea, 0x4b, 0xfe, 0x41, 0xf2, 0x33, 0xc8, 0x5d, 0x28, - 0xd4, 0x68, 0x24, 0xb6, 0xcd, 0x4b, 0xa9, 0x5e, 0xd5, 0xbf, 0xeb, 0x6a, 0x8d, 0x46, 0x7c, 0x10, - 0x79, 0x0c, 0x1c, 0x6a, 0x44, 0x3d, 0xad, 0xd1, 0x88, 0x3c, 0x84, 0x91, 0xe5, 0x27, 0x1d, 0x5a, - 0x8f, 0x44, 0x42, 0xb8, 0x2b, 0xfd, 0xf9, 0x71, 0x5c, 0x2d, 0x1f, 0x1c, 0x45, 0x80, 0xde, 0x59, - 0x1c, 0xe5, 0xec, 0x4d, 0x28, 0xca, 0xca, 0x8f, 0x33, 0x73, 0xcf, 0xbe, 0x05, 0xe3, 0x5a, 0x25, - 0xc7, 0x9a, 0xf4, 0x3f, 0xcf, 0xf6, 0x55, 0xbf, 0x29, 0x73, 0xc8, 0x2d, 0xa7, 0xc4, 0x3c, 0x2d, - 0xc7, 0x08, 0x17, 0xf3, 0x9c, 0x47, 0xa2, 0xa8, 0x8f, 0xbc, 0x57, 0x85, 0xe9, 0xda, 0x23, 0xaf, - 0x13, 0x07, 0x9f, 0x34, 0x0e, 0x53, 0x4c, 0x18, 0x21, 0xee, 0xdc, 0xc9, 0xc3, 0x34, 0x49, 0x67, - 0xfd, 0x71, 0x0e, 0x46, 0xd8, 0x5f, 0x0f, 0x6e, 0x3e, 0xa3, 0x5b, 0xe6, 0x0d, 0x63, 0xcb, 0x9c, - 0xd1, 0x22, 0x3f, 0xe3, 0xc6, 0x71, 0xf3, 0x88, 0xcd, 0xf2, 0x40, 0x0c, 0x10, 0x47, 0x26, 0xb7, - 0x61, 0x54, 0x58, 0xde, 0x08, 0x13, 0x69, 0x3d, 0x94, 0xb4, 0xb4, 0xc9, 0x51, 0x97, 0x73, 0xbf, - 0x93, 0xd4, 0x66, 0x48, 0x6a, 0x26, 0x92, 0xcb, 0x30, 0xa0, 0x46, 0xe6, 0x51, 0x1f, 0x7d, 0xda, - 0x78, 0x28, 0x64, 0x2d, 0x57, 0x70, 0x0f, 0x8f, 0xf7, 0x8a, 0x78, 0xc8, 0x28, 0xf4, 0x63, 0x72, - 0x4a, 0x26, 0x66, 0xcc, 0x7c, 0xe3, 0xf8, 0x27, 0x27, 0x79, 0x10, 0x61, 0xf9, 0x61, 0xef, 0xc2, - 0xc4, 0x2d, 0x3f, 0xd8, 0x73, 0x03, 0x1e, 0x1a, 0x52, 0x58, 0x0e, 0xb0, 0xab, 0xe3, 0xe4, 0x36, - 0x87, 0xf3, 0xe0, 0x92, 0x1f, 0x1f, 0x94, 0x87, 0x16, 0x7c, 0xbf, 0x69, 0x1b, 0xe8, 0x64, 0x1d, - 0x26, 0xef, 0xb9, 0x4f, 0xb4, 0x4b, 0x2f, 0x77, 0x52, 0xb9, 0xc2, 0x26, 0x30, 0xbb, 0x35, 0x1f, - 0x6d, 0x06, 0x65, 0xd2, 0x13, 0x0f, 0xa6, 0x36, 0xfc, 0x20, 0x12, 0x95, 0x78, 0xed, 0x1d, 0xd1, - 0xd8, 0xb4, 0x21, 0xd7, 0xb5, 0x4c, 0x43, 0xae, 0x33, 0x1d, 0x3f, 0x88, 0x9c, 0x6d, 0x45, 0x6e, - 0x04, 0x8f, 0x32, 0x18, 0x93, 0x77, 0x61, 0x46, 0x0b, 0x8e, 0x77, 0xcb, 0x0f, 0x5a, 0xae, 0x14, - 0xca, 0x51, 0x0f, 0x8c, 0xf6, 0x26, 0xdb, 0x08, 0xb6, 0xd3, 0x98, 0xe4, 0xab, 0x59, 0x6e, 0x3f, - 0xc3, 0xb1, 0x25, 0x58, 0x86, 0xdb, 0x4f, 0x2f, 0x4b, 0xb0, 0xb4, 0x03, 0xd0, 0x4e, 0x3f, 0x4b, - 0xd1, 0xe2, 0xc2, 0x75, 0x71, 0xfd, 0x3e, 0xda, 0x12, 0x54, 0x8d, 0x5b, 0x0f, 0x8b, 0xd0, 0x79, - 0x28, 0x2c, 0x6c, 0xdc, 0xc2, 0xd7, 0x0b, 0x69, 0x68, 0xd3, 0xde, 0x75, 0xdb, 0x75, 0x14, 0x96, - 0x85, 0x75, 0xb6, 0xbe, 0x23, 0x2f, 0x6c, 0xdc, 0x22, 0x2e, 0xcc, 0x6e, 0xd0, 0xa0, 0xe5, 0x45, - 0x5f, 0xb9, 0x7e, 0x5d, 0x1b, 0xa8, 0x22, 0x7e, 0xda, 0x35, 0xf1, 0x69, 0xe5, 0x0e, 0xa2, 0x38, - 0x4f, 0xae, 0x5f, 0xcf, 0x1c, 0x0e, 0xf5, 0x61, 0x59, 0xbc, 0xd8, 0xce, 0x78, 0xcf, 0x7d, 0x12, - 0x1b, 0xd5, 0x87, 0xc2, 0x81, 0xf2, 0x9c, 0x9c, 0x58, 0xb1, 0x41, 0xbe, 0xb1, 0x33, 0x9a, 0x44, - 0xec, 0xae, 0x13, 0x4f, 0xaf, 0x50, 0xb8, 0x9e, 0x9c, 0x95, 0x2a, 0x1d, 0xe9, 0x65, 0xab, 0x0b, - 0xec, 0x1a, 0x3a, 0xb9, 0xaf, 0x6e, 0x6c, 0xfc, 0xc6, 0x23, 0xd2, 0x0e, 0x5e, 0xd3, 0x6f, 0x6c, - 0x5c, 0x91, 0x62, 0x34, 0x6b, 0x5a, 0x5d, 0xf3, 0xb9, 0x97, 0x81, 0x6d, 0x72, 0x49, 0x5f, 0x04, - 0x27, 0x8e, 0x7f, 0x11, 0xa4, 0x30, 0xb4, 0xea, 0xd7, 0x1f, 0x89, 0x88, 0x57, 0x5f, 0x66, 0xcb, - 0xbd, 0xe9, 0xd7, 0x1f, 0x3d, 0x3d, 0x0b, 0x58, 0x64, 0x4f, 0xd6, 0xd8, 0xa7, 0xb2, 0x59, 0x20, - 0xfa, 0x44, 0x58, 0x55, 0x9e, 0x50, 0x37, 0x21, 0xad, 0x8c, 0x0b, 0x3e, 0x7c, 0xd2, 0xc8, 0xae, - 0xb5, 0x4d, 0x72, 0x42, 0xa1, 0xb4, 0x44, 0xc3, 0x47, 0x91, 0xdf, 0x59, 0x6c, 0x7a, 0x9d, 0x2d, - 0xdf, 0x0d, 0x64, 0x1c, 0xd2, 0xf4, 0xfa, 0x7e, 0x25, 0x73, 0x7d, 0xcf, 0x34, 0x38, 0xbd, 0x53, - 0x97, 0x0c, 0xec, 0x14, 0x4b, 0xf2, 0x55, 0x98, 0x62, 0x93, 0x7b, 0xf9, 0x49, 0x44, 0xdb, 0x7c, - 0xe4, 0x67, 0x50, 0x74, 0x38, 0xa1, 0x85, 0xdc, 0x57, 0x85, 0x7c, 0x4e, 0xe1, 0x62, 0xa7, 0x8a, - 0xc0, 0x88, 0x16, 0x66, 0xb0, 0x22, 0x0d, 0x98, 0xbb, 0xe7, 0x3e, 0xd1, 0x92, 0x25, 0x6a, 0x93, - 0x94, 0xe0, 0x04, 0xbb, 0x7c, 0x78, 0x50, 0x7e, 0x89, 0x4d, 0xb0, 0x38, 0x34, 0x6e, 0x8f, 0xf9, - 0xda, 0x93, 0x13, 0xf9, 0x61, 0x38, 0x2d, 0x9a, 0xb5, 0x84, 0x79, 0x68, 0xfc, 0x60, 0xbf, 0xb6, - 0xeb, 0xa2, 0x3f, 0xcd, 0xec, 0xf1, 0x36, 0x44, 0xd9, 0x61, 0x0d, 0xc9, 0xc7, 0x09, 0x39, 0x23, - 0xbb, 0x57, 0x0d, 0xe4, 0x23, 0x98, 0xe2, 0x4f, 0x36, 0x2b, 0x7e, 0x18, 0xe1, 0x85, 0xfe, 0xc4, - 0xf1, 0xcc, 0xc4, 0xf9, 0x3b, 0x10, 0x77, 0xac, 0x48, 0x28, 0x00, 0x12, 0x9c, 0xc9, 0xdb, 0x30, - 0xbe, 0xe1, 0xb5, 0x79, 0x3c, 0xbf, 0xea, 0x06, 0xaa, 0x1e, 0xc5, 0xf9, 0xd3, 0xf1, 0xda, 0x8e, - 0xbc, 0x55, 0x77, 0xd4, 0x76, 0xa1, 0x63, 0x93, 0x87, 0x30, 0x5e, 0xab, 0xad, 0xdc, 0xf2, 0xd8, - 0x01, 0xd8, 0xd9, 0x9f, 0x3b, 0xd5, 0xe3, 0x2b, 0x2f, 0x66, 0x7e, 0xe5, 0x64, 0x18, 0xee, 0x62, - 0x02, 0x7a, 0xa7, 0xee, 0x77, 0xf6, 0x6d, 0x9d, 0x53, 0x86, 0xe9, 0xf4, 0xe9, 0xa7, 0x6c, 0x3a, - 0x5d, 0x85, 0x69, 0xcd, 0xc0, 0x12, 0x8d, 0x2b, 0xe7, 0xe2, 0x20, 0x30, 0xba, 0xa9, 0x74, 0xd2, - 0x55, 0x30, 0x49, 0x27, 0x6d, 0xa6, 0xcf, 0x1c, 0xd7, 0x66, 0xda, 0x83, 0x19, 0x3e, 0x18, 0x62, - 0x1e, 0xe0, 0x48, 0x9f, 0xed, 0xd1, 0x87, 0x57, 0x32, 0xfb, 0x70, 0x56, 0x8c, 0xb4, 0x9c, 0x64, - 0xf8, 0x44, 0x99, 0xe6, 0x4a, 0xb6, 0x81, 0x08, 0xa0, 0x48, 0x7f, 0x8f, 0x75, 0x3d, 0xdf, 0xa3, - 0xae, 0x97, 0x32, 0xeb, 0x9a, 0x92, 0x75, 0x6d, 0xf1, 0x6a, 0x32, 0x38, 0x92, 0xb6, 0xac, 0x47, - 0xce, 0x2f, 0xec, 0xd8, 0x17, 0x0c, 0x3d, 0x68, 0x1a, 0x81, 0x07, 0xd3, 0x4d, 0x4e, 0xda, 0x64, - 0xbf, 0x67, 0x70, 0x26, 0x4f, 0xe0, 0x54, 0xfa, 0x2b, 0xb0, 0xce, 0x73, 0x58, 0xe7, 0x39, 0xa3, - 0xce, 0x24, 0x12, 0x9f, 0x37, 0x66, 0xb3, 0x92, 0xb5, 0xf6, 0xe0, 0x4f, 0xfe, 0x42, 0x0e, 0x4e, - 0xdf, 0xbb, 0x55, 0xc1, 0xac, 0x6f, 0x1e, 0x0f, 0xef, 0xa4, 0x5c, 0x2c, 0xcf, 0x0b, 0x5d, 0x79, - 0x52, 0x7f, 0x2f, 0x25, 0x0e, 0xdc, 0x2a, 0x98, 0x8c, 0x78, 0xb1, 0xb5, 0xed, 0xf2, 0x64, 0x72, - 0x82, 0x45, 0x86, 0x1f, 0xe6, 0xcf, 0xfe, 0x7e, 0x39, 0x67, 0xf7, 0xaa, 0x8a, 0x34, 0xe1, 0xac, - 0xd9, 0x2d, 0xd2, 0xaa, 0x7d, 0x97, 0x36, 0x9b, 0x73, 0x65, 0x9c, 0xd1, 0xaf, 0x1f, 0x1e, 0x94, - 0x2f, 0xa7, 0x7a, 0x57, 0x59, 0xca, 0x33, 0x4c, 0xad, 0xc1, 0x7d, 0xf8, 0xdd, 0x19, 0x2a, 0x4e, - 0x96, 0xa6, 0xb2, 0xcc, 0xcb, 0x7f, 0x23, 0x9f, 0x38, 0xa9, 0x48, 0x15, 0x46, 0xc5, 0x04, 0x14, - 0xa2, 0x7b, 0x7a, 0x9a, 0x9d, 0xcb, 0x9c, 0x66, 0xa3, 0x62, 0x2e, 0xdb, 0x92, 0x9e, 0xec, 0x31, - 0x56, 0xf8, 0x15, 0xe2, 0xae, 0xf3, 0x75, 0x7e, 0x10, 0x21, 0xc8, 0x38, 0x72, 0x97, 0x8e, 0xef, - 0xa9, 0x64, 0x3a, 0xc2, 0xe1, 0xd9, 0x2b, 0x6b, 0x23, 0x8f, 0x78, 0x62, 0x92, 0x82, 0x72, 0x77, - 0x31, 0xb3, 0x90, 0x3c, 0xb5, 0x0a, 0x59, 0x2d, 0xd6, 0xaf, 0xe7, 0x60, 0xd2, 0x38, 0xea, 0xc8, - 0x4d, 0xcd, 0x97, 0x2b, 0x76, 0x6f, 0x36, 0x70, 0x70, 0xf7, 0x4b, 0x7a, 0x79, 0xdd, 0x14, 0xc6, - 0xe2, 0xf9, 0xde, 0x74, 0x38, 0xfb, 0x93, 0xae, 0x7d, 0xfd, 0x35, 0x83, 0x2a, 0xd1, 0xd9, 0x50, - 0x8f, 0x44, 0x67, 0x7f, 0xef, 0x79, 0x98, 0x32, 0xef, 0x42, 0xe4, 0x75, 0x18, 0x41, 0x85, 0xaa, - 0xbc, 0x58, 0xf3, 0x04, 0xf1, 0x7e, 0x22, 0x67, 0xa7, 0xc0, 0x21, 0x2f, 0x03, 0x28, 0xab, 0x5d, - 0xf9, 0x9c, 0x30, 0x7c, 0x78, 0x50, 0xce, 0xbd, 0x61, 0x6b, 0x05, 0xe4, 0x1b, 0x00, 0x6b, 0x7e, - 0x83, 0xaa, 0xac, 0x90, 0x7d, 0x9e, 0xcc, 0x5f, 0x49, 0x05, 0xed, 0x3f, 0xd9, 0xf6, 0x1b, 0x34, - 0x1d, 0xa1, 0x5f, 0xe3, 0x48, 0xbe, 0x04, 0xc3, 0x76, 0x97, 0x5d, 0xe2, 0xb9, 0xfe, 0x64, 0x5c, - 0x1e, 0x39, 0xdd, 0x26, 0x8d, 0x6f, 0x88, 0x41, 0x37, 0x69, 0x0d, 0xc6, 0x00, 0xe4, 0x7d, 0x1e, - 0xcc, 0x5f, 0x44, 0xc2, 0x1b, 0x8e, 0x1f, 0x58, 0x34, 0x51, 0x24, 0x15, 0x0b, 0x4f, 0x23, 0x21, - 0xeb, 0x30, 0xaa, 0xbf, 0x0c, 0x68, 0x4e, 0xc1, 0xfa, 0xeb, 0x91, 0x76, 0xdd, 0x14, 0xe9, 0x24, - 0x93, 0x8f, 0x06, 0x92, 0x0b, 0x79, 0x07, 0xc6, 0x18, 0x7b, 0xb6, 0x94, 0x43, 0x71, 0xcd, 0xc0, - 0x67, 0x14, 0xed, 0x83, 0xd8, 0x76, 0x60, 0xc4, 0xab, 0x53, 0x04, 0xe4, 0xab, 0x98, 0xa8, 0x50, - 0x74, 0x75, 0x5f, 0x53, 0x8a, 0x4b, 0xa9, 0xae, 0xc6, 0xcc, 0x85, 0xe9, 0xcc, 0xe7, 0x8a, 0x1f, - 0xd9, 0x51, 0x31, 0xa9, 0x06, 0x49, 0xc0, 0xf0, 0x6a, 0xaa, 0x82, 0x39, 0x19, 0x66, 0x29, 0x9d, - 0xdd, 0xd3, 0xe0, 0x4b, 0x3a, 0x50, 0x8a, 0xa5, 0x3c, 0x51, 0x17, 0xf4, 0xab, 0xeb, 0x8d, 0x54, - 0x5d, 0xfa, 0x00, 0xa6, 0xaa, 0x4b, 0x71, 0x27, 0x0d, 0x98, 0x92, 0x27, 0x86, 0xa8, 0x6f, 0xbc, - 0x5f, 0x7d, 0x2f, 0xa7, 0xea, 0x9b, 0x6d, 0x6c, 0xa5, 0xeb, 0x49, 0xf0, 0x24, 0xef, 0xc0, 0xa4, - 0x84, 0xf0, 0x5c, 0x9b, 0x13, 0x71, 0x52, 0xc5, 0xc6, 0x56, 0x2a, 0xc3, 0xa6, 0x89, 0xac, 0x53, - 0xf3, 0xd9, 0x31, 0x69, 0x50, 0x27, 0x67, 0x85, 0x89, 0x4c, 0x3e, 0x84, 0xf1, 0x6a, 0x8b, 0x35, - 0xc4, 0x6f, 0xbb, 0x11, 0x15, 0x0e, 0x63, 0xd2, 0x2c, 0x44, 0x2b, 0xd1, 0xa6, 0x2a, 0xcf, 0x22, - 0x1a, 0x17, 0x19, 0x59, 0x44, 0x63, 0x30, 0xeb, 0x3c, 0xfe, 0x14, 0x24, 0xe6, 0xb0, 0x74, 0x26, - 0x3b, 0x97, 0x61, 0x9a, 0xa1, 0xb1, 0x17, 0x11, 0x27, 0x19, 0x54, 0x3e, 0xc5, 0x24, 0x22, 0x4e, - 0xea, 0x3c, 0xc9, 0xbb, 0x30, 0x2e, 0x72, 0xd3, 0x54, 0xec, 0xb5, 0x70, 0xae, 0x84, 0x8d, 0x47, - 0x17, 0x78, 0x99, 0xc6, 0xc6, 0x71, 0x83, 0x84, 0x0d, 0x62, 0x8c, 0x4f, 0xbe, 0x02, 0x27, 0x1e, - 0x7a, 0xed, 0x86, 0xbf, 0x17, 0x8a, 0x63, 0x4a, 0x6c, 0x74, 0x33, 0xb1, 0x07, 0xd0, 0x1e, 0x2f, - 0x57, 0xc2, 0x59, 0x6a, 0xe3, 0xcb, 0xe4, 0x40, 0xfe, 0x6c, 0x8a, 0x33, 0x9f, 0x41, 0xa4, 0xdf, - 0x0c, 0x9a, 0x4f, 0xcd, 0xa0, 0x74, 0xf5, 0xc9, 0xe9, 0x94, 0x59, 0x0d, 0xf1, 0x81, 0x98, 0xe7, - 0xfb, 0x1d, 0xdf, 0x6b, 0xcf, 0xcd, 0xe2, 0x5e, 0xf8, 0x7c, 0xd2, 0xe9, 0x1c, 0xf1, 0x44, 0x36, - 0x56, 0xeb, 0xf0, 0xa0, 0x7c, 0x3e, 0x29, 0x84, 0x7f, 0xe4, 0x1b, 0x8a, 0xf2, 0x0c, 0xd6, 0xe4, - 0x43, 0x98, 0x60, 0xff, 0x2b, 0x2d, 0xc1, 0x09, 0xc3, 0x98, 0x4f, 0xc3, 0x14, 0xf5, 0xe0, 0x18, - 0x61, 0xf2, 0x9c, 0x0c, 0x05, 0x82, 0xc1, 0x8a, 0xbc, 0x05, 0xc0, 0xe4, 0x18, 0xb1, 0x1d, 0x9f, - 0x8c, 0x03, 0x7c, 0xa2, 0x18, 0x94, 0xde, 0x88, 0x63, 0x64, 0xf2, 0x0e, 0x8c, 0xb3, 0x5f, 0xb5, - 0x6e, 0xc3, 0x67, 0x6b, 0xe3, 0x14, 0xd2, 0x72, 0x3f, 0x3c, 0x46, 0x1b, 0x72, 0xb8, 0xe1, 0x87, - 0x17, 0xa3, 0x93, 0x15, 0x98, 0xc6, 0x40, 0xac, 0x55, 0x4c, 0xd5, 0x1c, 0x79, 0x34, 0x9c, 0x3b, - 0xad, 0x3d, 0x61, 0xb3, 0x22, 0xc7, 0x53, 0x65, 0xfa, 0xe5, 0x22, 0x41, 0x46, 0x42, 0x98, 0x8d, - 0x77, 0x97, 0xf8, 0x41, 0x7c, 0x0e, 0x3b, 0x49, 0x8a, 0xd4, 0x69, 0x0c, 0xbe, 0x1f, 0xb3, 0x11, - 0xd1, 0x36, 0x2e, 0xf9, 0x9c, 0xa0, 0x57, 0x98, 0xc5, 0x9d, 0xd8, 0x40, 0x6e, 0x2f, 0x6e, 0x24, - 0x23, 0x95, 0x9e, 0xc1, 0x16, 0xe0, 0x30, 0xef, 0xd4, 0xe3, 0x34, 0xb1, 0x19, 0xd1, 0x4a, 0x33, - 0xa8, 0xc9, 0xb7, 0xe1, 0xa4, 0xdc, 0x41, 0x44, 0x91, 0x98, 0xd7, 0x67, 0x8f, 0xb9, 0x13, 0x37, - 0xb6, 0x54, 0xd5, 0xa9, 0x29, 0x9d, 0x5d, 0x05, 0x71, 0x61, 0x1c, 0x87, 0x55, 0xd4, 0xf8, 0x7c, - 0xbf, 0x1a, 0x2f, 0xa7, 0x6a, 0x3c, 0x85, 0x13, 0x25, 0x5d, 0x99, 0xce, 0x93, 0x2c, 0xc0, 0xa4, - 0x58, 0x47, 0x62, 0xb6, 0xbd, 0x80, 0xbd, 0x85, 0x5a, 0x25, 0xb9, 0x02, 0x53, 0x13, 0xce, 0x24, - 0xd1, 0x77, 0x64, 0xfe, 0x8c, 0x70, 0xce, 0xd8, 0x91, 0x93, 0xaf, 0x07, 0x26, 0x32, 0xdb, 0x91, - 0x62, 0x29, 0x66, 0xf9, 0x49, 0x27, 0x10, 0x3a, 0xa3, 0xf3, 0x71, 0x02, 0x0f, 0x4d, 0xf8, 0x71, - 0xa8, 0xc2, 0xd0, 0xb7, 0x84, 0x2c, 0x0e, 0xe4, 0x3e, 0xcc, 0xaa, 0x53, 0x5b, 0x63, 0x5c, 0x8e, - 0x13, 0xa1, 0xc4, 0x47, 0x7d, 0x36, 0xdf, 0x2c, 0x7a, 0xe2, 0xc2, 0x69, 0xe3, 0x9c, 0xd6, 0x58, - 0x5f, 0x40, 0xd6, 0x98, 0x96, 0xd8, 0x3c, 0xe4, 0xb3, 0xd9, 0xf7, 0xe2, 0x43, 0x3e, 0x82, 0xb3, - 0xc9, 0xb3, 0x59, 0xab, 0xe5, 0x45, 0xac, 0xe5, 0xd5, 0xc3, 0x83, 0xf2, 0xa5, 0xd4, 0xf1, 0x9e, - 0x5d, 0x51, 0x1f, 0x6e, 0xe4, 0x1b, 0x30, 0x67, 0x9e, 0xcf, 0x5a, 0x4d, 0x16, 0xd6, 0x84, 0x4b, - 0x47, 0x1d, 0xec, 0xd9, 0x35, 0xf4, 0xe4, 0x41, 0x22, 0x28, 0x67, 0xce, 0x6e, 0xad, 0x9a, 0x8b, - 0x71, 0x83, 0x52, 0xab, 0x24, 0xbb, 0xba, 0xa3, 0x58, 0x92, 0x3d, 0x38, 0x9f, 0x75, 0x4c, 0x68, - 0x95, 0xbe, 0xa4, 0xb4, 0xb2, 0xaf, 0x65, 0x1f, 0x39, 0xd9, 0x35, 0x1f, 0xc1, 0x96, 0x7c, 0x15, - 0x4e, 0x6a, 0xeb, 0x4b, 0xab, 0xef, 0x65, 0xac, 0x0f, 0xfd, 0x77, 0xf5, 0x85, 0x99, 0x5d, 0x4b, - 0x36, 0x0f, 0xd2, 0x82, 0x59, 0xd9, 0x70, 0x54, 0x7f, 0x8b, 0xa3, 0xe7, 0x92, 0xb1, 0xab, 0xa6, - 0x31, 0xb4, 0xc4, 0xf2, 0x5b, 0x4e, 0x27, 0x26, 0xd4, 0x67, 0x7a, 0x06, 0x5f, 0xb2, 0x02, 0x23, - 0xb5, 0x8d, 0xea, 0xad, 0x5b, 0xcb, 0x73, 0xaf, 0x60, 0x0d, 0xd2, 0xd9, 0x87, 0x03, 0x8d, 0x4b, - 0x93, 0xb0, 0x31, 0xeb, 0x78, 0xdb, 0xdb, 0x86, 0x4f, 0x15, 0x47, 0xbd, 0x33, 0x54, 0xbc, 0x5c, - 0xba, 0x72, 0x67, 0xa8, 0x78, 0xa5, 0xf4, 0xaa, 0xfd, 0x42, 0x76, 0x2a, 0x6e, 0xde, 0x58, 0xfb, - 0x52, 0xbf, 0xd2, 0xb8, 0x2b, 0xac, 0x9f, 0xcf, 0xc1, 0x6c, 0xc6, 0x77, 0x90, 0x4b, 0x30, 0x84, - 0x99, 0x45, 0xb4, 0x57, 0xf5, 0x44, 0x46, 0x11, 0x2c, 0x27, 0x9f, 0x83, 0xd1, 0xa5, 0xb5, 0x5a, - 0xad, 0xb2, 0x26, 0xaf, 0x6c, 0x7c, 0xbb, 0x6a, 0x87, 0x4e, 0xe8, 0x9a, 0x8f, 0x71, 0x02, 0x8d, - 0xbc, 0x01, 0x23, 0xd5, 0x0d, 0x24, 0xe0, 0x66, 0x5d, 0x78, 0x85, 0xf1, 0x3a, 0x49, 0x7c, 0x81, - 0x64, 0xfd, 0x78, 0x0e, 0x48, 0xba, 0x53, 0xc9, 0x75, 0x18, 0xd7, 0x87, 0x8e, 0x5f, 0x30, 0xf1, - 0xe1, 0x48, 0x1b, 0x18, 0x5b, 0xc7, 0x21, 0x4b, 0x30, 0x8c, 0xb9, 0xd7, 0xd4, 0x2b, 0x60, 0xe6, - 0x01, 0x70, 0x3a, 0x75, 0x00, 0x0c, 0x63, 0x66, 0x37, 0x9b, 0x13, 0x5b, 0xbf, 0x9d, 0x03, 0x92, - 0x3e, 0x34, 0x07, 0xb6, 0x42, 0x78, 0x53, 0x73, 0xcb, 0xd5, 0x73, 0x07, 0xa8, 0xc4, 0x2f, 0xfa, - 0x65, 0x29, 0x76, 0xe0, 0xbd, 0x64, 0x5c, 0xce, 0x7b, 0xfb, 0x72, 0x5d, 0x81, 0xe1, 0x07, 0x34, - 0xd8, 0x92, 0x16, 0x8b, 0x68, 0xe5, 0xf4, 0x98, 0x01, 0xf4, 0xcb, 0x2a, 0x62, 0x58, 0x7f, 0x98, - 0x83, 0x13, 0x59, 0x92, 0xdc, 0x11, 0x2e, 0x57, 0x56, 0xc2, 0x5b, 0x0c, 0x2d, 0x10, 0xb8, 0x09, - 0x94, 0xf2, 0x11, 0x2b, 0xc3, 0x30, 0x6b, 0xac, 0x1c, 0x61, 0x54, 0x16, 0xb0, 0xde, 0x08, 0x6d, - 0x0e, 0x67, 0x08, 0x3c, 0xd4, 0xd3, 0x10, 0x46, 0x09, 0x43, 0x04, 0x14, 0x14, 0x6c, 0x0e, 0x67, - 0x08, 0xf7, 0xfc, 0x86, 0x4a, 0x38, 0x8c, 0x08, 0x2d, 0x06, 0xb0, 0x39, 0x9c, 0x5c, 0x82, 0xd1, - 0xf5, 0xf6, 0x2a, 0x75, 0x1f, 0xcb, 0xf8, 0xd5, 0x68, 0x31, 0xe1, 0xb7, 0x9d, 0x26, 0x83, 0xd9, - 0xb2, 0xd0, 0xfa, 0xa9, 0x1c, 0xcc, 0xa4, 0x84, 0xc8, 0xa3, 0xbd, 0xca, 0xfa, 0xbb, 0x77, 0x0c, - 0xd2, 0x3e, 0xfe, 0xf9, 0x43, 0xd9, 0x9f, 0x6f, 0xfd, 0xdf, 0x43, 0x70, 0xba, 0xc7, 0x9d, 0x3e, - 0x76, 0x3f, 0xcb, 0x1d, 0xe9, 0x7e, 0xf6, 0x35, 0x76, 0x87, 0x76, 0xbd, 0x56, 0xb8, 0xe9, 0xc7, - 0x5f, 0x1c, 0x5b, 0xb1, 0x63, 0x99, 0xcc, 0xb9, 0x2c, 0xcd, 0x9d, 0xcf, 0xf0, 0xbc, 0xf7, 0x4e, - 0xe4, 0xa7, 0x45, 0x0a, 0x83, 0x59, 0xca, 0x01, 0xac, 0xf0, 0x27, 0xc4, 0x01, 0xcc, 0x74, 0x49, - 0x18, 0x7a, 0xaa, 0x2e, 0x09, 0xd9, 0xe6, 0x8c, 0xc3, 0x9f, 0xc6, 0xb8, 0x75, 0x11, 0x26, 0xb9, - 0xc9, 0x48, 0x25, 0xe4, 0x83, 0x34, 0x92, 0x32, 0x33, 0x71, 0xc3, 0xf4, 0x58, 0x18, 0x34, 0x64, - 0xc5, 0x34, 0x9f, 0x1f, 0xc5, 0xa7, 0xae, 0x4b, 0xbd, 0xcd, 0xe3, 0x8d, 0x27, 0x6e, 0x9d, 0xd4, - 0xfa, 0xa9, 0xbc, 0xe9, 0x1d, 0xf6, 0x27, 0x71, 0xe6, 0x5d, 0x81, 0xe1, 0x87, 0xbb, 0x34, 0x90, - 0xfb, 0x1d, 0x7e, 0xc8, 0x1e, 0x03, 0xe8, 0x1f, 0x82, 0x18, 0xe4, 0x16, 0x4c, 0x6d, 0xf0, 0x91, - 0x90, 0xdd, 0x3b, 0x14, 0x5f, 0xb5, 0x3a, 0x42, 0x21, 0x90, 0xd1, 0xbf, 0x09, 0x2a, 0xeb, 0x36, - 0x9c, 0x33, 0x16, 0xa4, 0x88, 0x66, 0xc1, 0xad, 0xd8, 0xf9, 0x89, 0x38, 0x15, 0xdb, 0xed, 0xc7, - 0xbb, 0x87, 0x9d, 0x80, 0x5a, 0xdb, 0x70, 0xbe, 0x2f, 0x23, 0x76, 0x10, 0x41, 0x47, 0xfd, 0x4a, - 0x98, 0xda, 0xf5, 0x25, 0xb5, 0x35, 0x3a, 0xeb, 0x87, 0x61, 0x42, 0xef, 0x65, 0xdc, 0x53, 0xd9, - 0x6f, 0xb1, 0xa9, 0xf1, 0x3d, 0x95, 0x01, 0x6c, 0x0e, 0x8f, 0x55, 0xb8, 0xf9, 0x6c, 0x15, 0x6e, - 0x3c, 0xfc, 0x85, 0xa3, 0x86, 0x9f, 0x55, 0x8e, 0x4b, 0x56, 0xab, 0x1c, 0x7f, 0xeb, 0x95, 0x63, - 0xb8, 0x0a, 0x9b, 0xc3, 0x9f, 0x6a, 0xe5, 0xbf, 0x25, 0x33, 0x78, 0xa0, 0x91, 0xbc, 0xbc, 0x13, - 0xc7, 0x19, 0x81, 0x67, 0xb3, 0x6e, 0xba, 0x31, 0x66, 0x7c, 0x48, 0xe6, 0x8f, 0x3a, 0x24, 0x8f, - 0x33, 0x11, 0xaf, 0xc1, 0x68, 0x45, 0x3c, 0x44, 0x0f, 0xc5, 0x82, 0x8d, 0x9b, 0x7a, 0x75, 0x96, - 0x58, 0xd6, 0xcf, 0xe6, 0xe0, 0x64, 0xa6, 0xaa, 0x8c, 0xd5, 0xca, 0x75, 0x72, 0xda, 0x3a, 0x4c, - 0x2a, 0xe4, 0x38, 0xc6, 0x71, 0x7c, 0x95, 0x07, 0x6f, 0x8b, 0xf5, 0x22, 0x8c, 0xa9, 0x87, 0x1a, - 0x72, 0x42, 0x0e, 0x1d, 0x5a, 0x27, 0x49, 0x7d, 0x7f, 0x0d, 0x80, 0x7d, 0xc1, 0x53, 0xb5, 0xa5, - 0xb3, 0x7e, 0x2b, 0xcf, 0xb3, 0xbb, 0x3d, 0xb3, 0x21, 0xfe, 0xb2, 0x0d, 0xe0, 0x58, 0x93, 0x7a, - 0x07, 0xf6, 0x23, 0xcb, 0x30, 0x52, 0x8b, 0xdc, 0xa8, 0x2b, 0x5d, 0xac, 0x67, 0x75, 0x32, 0x2c, - 0x78, 0x30, 0x1f, 0x3b, 0xd9, 0x86, 0x08, 0x31, 0x2e, 0x07, 0x08, 0xd1, 0xec, 0xe8, 0xfe, 0x71, - 0x0e, 0x26, 0x74, 0x62, 0xf2, 0x21, 0x4c, 0xc9, 0xc0, 0x65, 0xdc, 0xf1, 0x5c, 0xbc, 0x2a, 0x49, - 0x93, 0x0c, 0x19, 0xb8, 0x4c, 0x77, 0x54, 0x37, 0xf0, 0xf5, 0xad, 0xba, 0xa3, 0x23, 0x93, 0x06, - 0x90, 0xd6, 0xb6, 0xeb, 0xec, 0x51, 0xf7, 0x11, 0x0d, 0x23, 0x87, 0x3f, 0x9d, 0x8b, 0xc7, 0x27, - 0xc9, 0xfe, 0xde, 0xad, 0x0a, 0x7f, 0x35, 0x67, 0x23, 0x21, 0x22, 0xd0, 0xa5, 0x68, 0x74, 0x8d, - 0x7a, 0x6b, 0xdb, 0x7d, 0xc8, 0x0b, 0x39, 0x9d, 0xf5, 0x47, 0x23, 0x7c, 0xba, 0x89, 0x38, 0x87, - 0x5b, 0x30, 0xb5, 0x5e, 0x5d, 0x5a, 0xd4, 0xf4, 0x6b, 0x66, 0x9a, 0x8c, 0xe5, 0x27, 0x11, 0x0d, - 0xda, 0x6e, 0x53, 0x20, 0xec, 0xc7, 0x47, 0x90, 0xef, 0x35, 0xea, 0xd9, 0xba, 0xb7, 0x04, 0x47, - 0x56, 0x07, 0xbf, 0x43, 0xa9, 0x3a, 0xf2, 0x03, 0xd6, 0x11, 0xba, 0xad, 0x66, 0x8f, 0x3a, 0x4c, - 0x8e, 0x64, 0x17, 0x4a, 0xb7, 0x51, 0x5c, 0xd2, 0x6a, 0x29, 0xf4, 0xaf, 0xe5, 0xa2, 0xa8, 0xe5, - 0x79, 0x2e, 0x67, 0x65, 0xd7, 0x93, 0xe2, 0x1a, 0xef, 0x13, 0x43, 0x47, 0xee, 0x13, 0x7f, 0x31, - 0x07, 0x23, 0x5c, 0x1e, 0x13, 0xd3, 0xb8, 0x87, 0xc4, 0xf7, 0xf0, 0xe9, 0x48, 0x7c, 0x25, 0x3c, - 0x27, 0x8c, 0x09, 0xcd, 0xcb, 0xc8, 0x52, 0x62, 0x5d, 0x48, 0xf3, 0x4f, 0xd4, 0x94, 0xf3, 0x92, - 0xa3, 0x97, 0x05, 0xa9, 0xc6, 0x6e, 0xcf, 0xa3, 0x47, 0x7a, 0xd6, 0x49, 0x57, 0xf1, 0x51, 0xe1, - 0xf6, 0x6c, 0x3a, 0x3b, 0xaf, 0xc2, 0x98, 0x70, 0xa6, 0x5e, 0xd8, 0x17, 0xef, 0x61, 0x25, 0xc3, - 0xc4, 0xa0, 0xb1, 0xb0, 0x1f, 0xcb, 0x9a, 0xc2, 0x1d, 0xdb, 0xd9, 0xda, 0x37, 0x92, 0xe5, 0x49, - 0x44, 0xb2, 0xce, 0x93, 0x48, 0xf1, 0x48, 0x90, 0x66, 0xe8, 0x67, 0x05, 0x17, 0x61, 0x5a, 0xa4, - 0x47, 0x66, 0x46, 0xe0, 0xc7, 0x98, 0x07, 0x59, 0x85, 0x12, 0x9a, 0xa5, 0xd0, 0x06, 0x5f, 0x35, - 0xd5, 0x25, 0xee, 0xb0, 0x2b, 0x4c, 0x0b, 0x23, 0x5e, 0x26, 0x96, 0x5b, 0xc2, 0x57, 0x26, 0x45, - 0xc9, 0xee, 0x87, 0xa5, 0xe4, 0xec, 0x23, 0xef, 0xc0, 0xb8, 0x8a, 0xc4, 0xa9, 0xbc, 0xf5, 0x50, - 0x2f, 0x1e, 0x87, 0xee, 0x34, 0x53, 0x0f, 0x69, 0xe8, 0x64, 0x1e, 0x8a, 0x6c, 0x11, 0x27, 0xd3, - 0xf4, 0x75, 0x05, 0x4c, 0x37, 0xc1, 0x97, 0x78, 0xa4, 0x06, 0xb3, 0x6c, 0xd1, 0xd4, 0xbc, 0xf6, - 0x4e, 0x93, 0xae, 0xfa, 0x3b, 0x7e, 0x37, 0xba, 0x6f, 0xaf, 0x8a, 0x3d, 0x9c, 0x4b, 0xe4, 0x6e, - 0xab, 0x69, 0x14, 0x07, 0x46, 0x12, 0xe6, 0x0c, 0x6a, 0x6d, 0xab, 0xfc, 0xfd, 0x3c, 0x8c, 0x6b, - 0xf3, 0x89, 0x5c, 0x81, 0x62, 0x35, 0x5c, 0xf5, 0xeb, 0x8f, 0x54, 0x1c, 0xaf, 0xc9, 0xc3, 0x83, - 0xf2, 0x98, 0x17, 0x3a, 0x4d, 0x04, 0xda, 0xaa, 0x98, 0x2c, 0xc0, 0x24, 0xff, 0x4b, 0x46, 0x48, - 0xcf, 0xc7, 0x96, 0x84, 0x1c, 0x59, 0xc6, 0x46, 0xd7, 0x77, 0x4f, 0x83, 0x84, 0x7c, 0x1d, 0x80, - 0x03, 0xd0, 0xf3, 0xb3, 0x30, 0xb8, 0xcf, 0xaa, 0xa8, 0x20, 0xc3, 0xe7, 0x53, 0x63, 0x48, 0xbe, - 0xc9, 0x23, 0x77, 0xca, 0xf9, 0x3f, 0x34, 0xb8, 0xd3, 0x2d, 0xe3, 0xef, 0x64, 0xfb, 0xfe, 0xeb, - 0x2c, 0x45, 0xc8, 0xc1, 0xb3, 0x36, 0xad, 0xfb, 0x8f, 0x69, 0xb0, 0x5f, 0x89, 0x10, 0x51, 0xc3, - 0xb0, 0xfe, 0xc7, 0x9c, 0xb6, 0x6a, 0xc8, 0x1a, 0x66, 0x96, 0xe4, 0x33, 0x42, 0x98, 0x86, 0xa8, - 0x3b, 0x83, 0x84, 0xdb, 0x74, 0x7b, 0xe1, 0x79, 0x61, 0xc8, 0x3a, 0xab, 0xe6, 0x55, 0x22, 0xe3, - 0x24, 0x07, 0x92, 0x0f, 0x60, 0x08, 0xbb, 0x2e, 0x7f, 0x64, 0xd3, 0xe4, 0xb1, 0x3d, 0xc4, 0xfa, - 0x0c, 0x1b, 0x82, 0x94, 0xe4, 0x73, 0xc2, 0x6b, 0x8e, 0x77, 0xfe, 0x94, 0x76, 0xf6, 0xb2, 0xef, - 0x50, 0xe7, 0x75, 0x1c, 0xfe, 0x41, 0x9b, 0x3d, 0xff, 0x4e, 0x1e, 0x4a, 0xc9, 0xb5, 0x4a, 0xde, - 0x87, 0x09, 0x79, 0x9e, 0x62, 0xea, 0x71, 0xd6, 0xca, 0x09, 0x11, 0x5e, 0x5b, 0x1e, 0xaa, 0xc9, - 0xcc, 0xe3, 0x3a, 0x01, 0x13, 0x6e, 0x36, 0x45, 0x38, 0x26, 0x6d, 0x95, 0x44, 0x7e, 0xd4, 0x49, - 0x04, 0x7f, 0x94, 0x68, 0xe4, 0x4d, 0x28, 0xdc, 0xbb, 0x55, 0x11, 0x2e, 0x1a, 0xa5, 0xe4, 0xa9, - 0xcb, 0x4d, 0xd0, 0x4c, 0x83, 0x38, 0x86, 0x4f, 0x56, 0xb5, 0xd8, 0xaa, 0x23, 0x46, 0x4e, 0x25, - 0x09, 0x56, 0x8d, 0x3b, 0x3a, 0xc8, 0x2a, 0xcf, 0x69, 0x2e, 0x22, 0x18, 0xfe, 0x07, 0x05, 0x18, - 0x53, 0xf5, 0x13, 0x02, 0x28, 0xbb, 0x89, 0x0b, 0x13, 0xfe, 0x4d, 0xce, 0x40, 0x51, 0x8a, 0x6b, - 0xc2, 0x53, 0x63, 0x34, 0x14, 0xa2, 0xda, 0x1c, 0x48, 0xb9, 0x8c, 0x2f, 0x73, 0x5b, 0xfe, 0x24, - 0xd7, 0x41, 0x09, 0x5d, 0xbd, 0xa4, 0xb3, 0x21, 0x36, 0x60, 0xb6, 0x42, 0x23, 0x53, 0x90, 0xf7, - 0x78, 0x54, 0x9c, 0x31, 0x3b, 0xef, 0x35, 0xc8, 0xfb, 0x50, 0x74, 0x1b, 0x0d, 0xda, 0x70, 0x5c, - 0x69, 0x63, 0xd1, 0x6f, 0xd2, 0x14, 0x19, 0x37, 0x7e, 0x08, 0x20, 0x55, 0x25, 0x22, 0x15, 0x18, - 0x6b, 0xba, 0xdc, 0x8c, 0xaa, 0x31, 0xc0, 0x89, 0x12, 0x73, 0x28, 0x32, 0xb2, 0xfb, 0x21, 0x6d, - 0x90, 0x57, 0x60, 0x88, 0x8d, 0xa6, 0x38, 0x42, 0xa4, 0x94, 0xc8, 0x06, 0x93, 0x77, 0xd8, 0xca, - 0x73, 0x36, 0x22, 0x90, 0x97, 0xa0, 0xd0, 0x9d, 0xdf, 0x16, 0x87, 0x43, 0x29, 0x8e, 0x73, 0xac, - 0xd0, 0x58, 0x31, 0xb9, 0x01, 0xc5, 0x3d, 0x33, 0x44, 0xee, 0xc9, 0xc4, 0x30, 0x2a, 0x7c, 0x85, - 0xb8, 0x50, 0x84, 0x11, 0x7e, 0x10, 0x58, 0xe7, 0x01, 0xe2, 0xaa, 0xd3, 0x0e, 0x35, 0xd6, 0xd7, - 0x61, 0x4c, 0x55, 0x49, 0xce, 0x01, 0x3c, 0xa2, 0xfb, 0xce, 0xae, 0xdb, 0x6e, 0x34, 0xb9, 0x14, - 0x39, 0x61, 0x8f, 0x3d, 0xa2, 0xfb, 0x2b, 0x08, 0x20, 0xa7, 0x61, 0xb4, 0xc3, 0x46, 0x55, 0x4c, - 0xdd, 0x09, 0x7b, 0xa4, 0xd3, 0xdd, 0x62, 0x33, 0x74, 0x0e, 0x46, 0x51, 0xc1, 0x27, 0x16, 0xda, - 0xa4, 0x2d, 0x7f, 0x5a, 0xff, 0x55, 0x1e, 0xd3, 0x43, 0x68, 0xdf, 0x49, 0x2e, 0xc2, 0x64, 0x3d, - 0xa0, 0x78, 0xe6, 0xb8, 0x4c, 0x92, 0x12, 0xf5, 0x4c, 0xc4, 0xc0, 0x6a, 0x83, 0x5c, 0x82, 0x69, - 0x91, 0xc6, 0x9f, 0x7d, 0x50, 0x7d, 0x4b, 0xc4, 0xb3, 0x9e, 0xb0, 0x27, 0x39, 0xf8, 0x2e, 0xdd, - 0x5f, 0xdc, 0xc2, 0x68, 0x4e, 0x25, 0x3d, 0x18, 0x67, 0xa4, 0xb2, 0xaf, 0xda, 0xd3, 0x1a, 0x1c, - 0x4d, 0xa7, 0x4e, 0xc1, 0x88, 0xeb, 0xee, 0x74, 0x3d, 0x1e, 0x75, 0x65, 0xc2, 0x16, 0xbf, 0xc8, - 0x6b, 0x30, 0x13, 0x7a, 0x3b, 0x6d, 0x37, 0xea, 0x06, 0x22, 0x3f, 0x07, 0x0d, 0x70, 0x4a, 0x4d, - 0xda, 0x25, 0x55, 0xb0, 0xc8, 0xe1, 0xe4, 0x0d, 0x20, 0x7a, 0x7d, 0xfe, 0xd6, 0x47, 0xb4, 0xce, - 0xa7, 0xda, 0x84, 0x3d, 0xa3, 0x95, 0xac, 0x63, 0x01, 0x79, 0x11, 0x26, 0x02, 0x1a, 0xa2, 0x14, - 0x87, 0xdd, 0x86, 0xd9, 0x93, 0xec, 0x71, 0x09, 0x63, 0x7d, 0x77, 0x19, 0x4a, 0x5a, 0x77, 0x60, - 0xbc, 0x53, 0x1e, 0xcc, 0xd9, 0x9e, 0x8a, 0xe1, 0x76, 0xa7, 0xda, 0xb0, 0x16, 0x60, 0x26, 0xb5, - 0x72, 0xb5, 0x8c, 0xd9, 0x7c, 0x27, 0xea, 0x9f, 0x31, 0xdb, 0x6a, 0xc3, 0x84, 0xbe, 0x13, 0x1f, - 0x11, 0x53, 0xfc, 0x14, 0x7a, 0xed, 0xf3, 0x6d, 0x6a, 0xe4, 0xf0, 0xa0, 0x9c, 0xf7, 0x1a, 0xe8, - 0xab, 0x7f, 0x19, 0x8a, 0x52, 0x68, 0x10, 0x67, 0x35, 0x2a, 0x68, 0x85, 0xb4, 0xba, 0x6f, 0xab, - 0x52, 0xeb, 0x15, 0x18, 0x15, 0x9b, 0x6d, 0x7f, 0xb5, 0xac, 0xf5, 0x9d, 0x3c, 0x4c, 0xdb, 0x94, - 0x6d, 0x05, 0x94, 0x27, 0x12, 0x78, 0x66, 0x6f, 0x89, 0xd9, 0xb1, 0xdf, 0x8c, 0xb6, 0xf5, 0x09, - 0xe1, 0xff, 0x77, 0x73, 0x30, 0x9b, 0x81, 0xfb, 0x89, 0x52, 0xd8, 0xdd, 0x84, 0xb1, 0x25, 0xcf, - 0x6d, 0x56, 0x1a, 0x0d, 0xe5, 0xc2, 0x8f, 0xa2, 0x26, 0xe6, 0xb9, 0x70, 0x19, 0x54, 0x3f, 0x76, - 0x15, 0x2a, 0x79, 0x55, 0x4c, 0x8a, 0x38, 0x8b, 0x27, 0x4e, 0x8a, 0x8f, 0x0f, 0xca, 0xc0, 0xbf, - 0x29, 0x4e, 0xed, 0x8b, 0xf1, 0x18, 0x39, 0x30, 0x36, 0xb1, 0x7f, 0x66, 0x87, 0x2e, 0x3b, 0x1e, - 0x63, 0xb2, 0x79, 0x03, 0x45, 0xf1, 0xff, 0x2b, 0x79, 0x38, 0x95, 0x4d, 0xf8, 0x49, 0xb3, 0x11, - 0x62, 0xfe, 0x04, 0x2d, 0x86, 0x2c, 0x66, 0x23, 0xe4, 0xc9, 0x16, 0x10, 0x3f, 0x46, 0x20, 0xdb, - 0x30, 0xb9, 0xea, 0x86, 0xd1, 0x0a, 0x75, 0x83, 0x68, 0x8b, 0xba, 0xd1, 0x00, 0xb2, 0xe7, 0x4b, - 0xf2, 0xf5, 0x13, 0x8f, 0xbf, 0x5d, 0x49, 0x99, 0x90, 0x0e, 0x4d, 0xb6, 0x6a, 0xa2, 0x0c, 0x0d, - 0x30, 0x51, 0xbe, 0x05, 0xd3, 0x35, 0xda, 0x72, 0x3b, 0xbb, 0x7e, 0x20, 0x7d, 0x34, 0xaf, 0xc2, - 0xa4, 0x02, 0x65, 0xce, 0x16, 0xb3, 0xd8, 0xc0, 0xd7, 0x3a, 0x22, 0xde, 0x4a, 0xcc, 0x62, 0xeb, - 0xaf, 0xe7, 0xe1, 0x74, 0xa5, 0x2e, 0x8c, 0x92, 0x44, 0x81, 0xb4, 0x9d, 0xfc, 0x8c, 0xeb, 0x26, - 0xd7, 0x60, 0xec, 0x9e, 0xfb, 0x64, 0x95, 0xba, 0x21, 0x0d, 0x45, 0x2e, 0x28, 0x2e, 0xa8, 0xb9, - 0x4f, 0x62, 0x5b, 0x1d, 0x3b, 0xc6, 0xd1, 0x6f, 0xb2, 0x43, 0x9f, 0xf2, 0x26, 0x6b, 0xc1, 0xc8, - 0x8a, 0xdf, 0x6c, 0x88, 0x63, 0x4c, 0xbc, 0xe2, 0xed, 0x22, 0xc4, 0x16, 0x25, 0xec, 0x02, 0x38, - 0xa5, 0xbe, 0x18, 0x3f, 0xe1, 0x33, 0xef, 0x92, 0x4b, 0x30, 0x8a, 0x15, 0xa9, 0x6c, 0xba, 0x78, - 0x68, 0x34, 0x29, 0x66, 0xf4, 0x69, 0xd8, 0xb2, 0x50, 0xef, 0x89, 0xe1, 0x4f, 0xd7, 0x13, 0xd6, - 0xdf, 0xc1, 0x07, 0x42, 0xbd, 0x95, 0xec, 0x24, 0xd2, 0x3e, 0x24, 0x37, 0xe0, 0x87, 0xe4, 0x9f, - 0xda, 0x90, 0x14, 0x7a, 0x0e, 0xc9, 0x77, 0xf3, 0x30, 0xae, 0x3e, 0xf6, 0x07, 0x2c, 0x90, 0xb1, - 0x6a, 0xd7, 0x40, 0x71, 0x15, 0x6a, 0xda, 0x5e, 0x21, 0xc2, 0x17, 0x7c, 0x00, 0x23, 0x62, 0x31, - 0xe5, 0x12, 0x36, 0x84, 0x89, 0xd1, 0x5d, 0x98, 0x12, 0xac, 0x47, 0x70, 0x40, 0x43, 0x5b, 0xd0, - 0x61, 0xe0, 0x8a, 0x87, 0x74, 0x4b, 0xbc, 0x17, 0x3f, 0xb3, 0x67, 0x54, 0x76, 0xe0, 0x8a, 0xb8, - 0x61, 0x03, 0x9d, 0x4e, 0x3f, 0x57, 0x84, 0x52, 0x92, 0xe4, 0xe8, 0x50, 0xd1, 0x1b, 0xdd, 0x2d, - 0x2e, 0x85, 0xf3, 0x50, 0xd1, 0x9d, 0xee, 0x96, 0xcd, 0x60, 0x68, 0x4e, 0x12, 0x78, 0x8f, 0xb1, - 0xd5, 0x13, 0xc2, 0x9c, 0x24, 0xf0, 0x1e, 0x1b, 0xe6, 0x24, 0x81, 0xf7, 0x18, 0xaf, 0xbe, 0xab, - 0x35, 0xf4, 0xb5, 0x45, 0x11, 0x5c, 0x5c, 0x7d, 0x9b, 0x61, 0x32, 0xc5, 0x8a, 0x44, 0x63, 0x47, - 0xe5, 0x02, 0x75, 0x03, 0x11, 0xd6, 0x58, 0x6c, 0x67, 0x78, 0x54, 0x6e, 0x21, 0x98, 0x67, 0x44, - 0xb6, 0x75, 0x24, 0xd2, 0x04, 0xa2, 0xfd, 0x94, 0x0b, 0xf8, 0xe8, 0xdb, 0xa0, 0xb4, 0xff, 0x39, - 0xa1, 0xb3, 0x76, 0xf4, 0xd5, 0x9c, 0xc1, 0xf7, 0x69, 0x2a, 0x20, 0x37, 0x44, 0xac, 0x36, 0x54, - 0x79, 0x14, 0x8f, 0x64, 0x26, 0x9d, 0xd1, 0x81, 0xc7, 0x72, 0x53, 0x8a, 0x8f, 0x98, 0x09, 0x79, - 0x0f, 0xc6, 0x75, 0x0f, 0x6a, 0xee, 0xe7, 0xfb, 0x02, 0x0f, 0xbf, 0xd5, 0x23, 0x29, 0x9f, 0x4e, - 0x40, 0xb6, 0xe0, 0xf4, 0xa2, 0xdf, 0x0e, 0xbb, 0x2d, 0x19, 0xe8, 0x2b, 0x0e, 0x2f, 0x0a, 0x38, - 0x14, 0xe8, 0x8e, 0x59, 0x17, 0x28, 0xc2, 0x61, 0x57, 0x1a, 0x68, 0x9b, 0x17, 0x90, 0x5e, 0x8c, - 0xc8, 0x26, 0x8c, 0xa3, 0x12, 0x4f, 0x58, 0x80, 0x8d, 0x9b, 0xdb, 0x46, 0x5c, 0xb2, 0xc4, 0x16, - 0x06, 0x8f, 0x54, 0xe3, 0xb6, 0x9a, 0xd2, 0x3e, 0x58, 0x57, 0x46, 0x6a, 0xc8, 0xe4, 0xeb, 0x30, - 0xc5, 0xaf, 0x9b, 0x0f, 0xe9, 0x16, 0x9f, 0x3b, 0x13, 0xc6, 0xdd, 0xd9, 0x2c, 0xe4, 0xef, 0xc9, - 0x42, 0x75, 0xba, 0x47, 0xb7, 0xf8, 0xd8, 0x1b, 0xd6, 0xf9, 0x06, 0x3e, 0xb9, 0x0f, 0xb3, 0x2b, - 0x6e, 0xc8, 0x81, 0x9a, 0x2b, 0xec, 0x24, 0xea, 0x14, 0xd1, 0x6a, 0x72, 0xd7, 0x0d, 0xa5, 0x2e, - 0x36, 0xd3, 0xf5, 0x35, 0x8b, 0x9e, 0x7c, 0x27, 0x07, 0x73, 0x86, 0xaa, 0x56, 0xd8, 0xee, 0xb4, - 0x68, 0x3b, 0x42, 0x33, 0xfc, 0x29, 0x95, 0x8b, 0xb9, 0x17, 0x1a, 0x1f, 0x92, 0x84, 0x36, 0x38, - 0x88, 0xcb, 0x75, 0x73, 0xc4, 0x5e, 0x3c, 0xac, 0x9b, 0xc9, 0xde, 0x13, 0x8a, 0x96, 0x9c, 0x52, - 0xb4, 0x9c, 0x80, 0x61, 0xec, 0x23, 0x19, 0x87, 0x03, 0x7f, 0x58, 0x9f, 0xd3, 0x77, 0x15, 0x21, - 0xe4, 0xf5, 0xdd, 0x55, 0xac, 0xff, 0x76, 0x04, 0xa6, 0x13, 0x83, 0x2c, 0x6e, 0x9d, 0xb9, 0xd4, - 0xad, 0xb3, 0x06, 0xc0, 0x55, 0x8d, 0x03, 0xea, 0x04, 0xa5, 0x43, 0xcf, 0xb8, 0xf0, 0x8f, 0x53, - 0x2b, 0x44, 0x63, 0xc3, 0x98, 0xf2, 0xf5, 0x37, 0xa0, 0x8e, 0x56, 0x31, 0xe5, 0x4b, 0x58, 0x63, - 0x1a, 0xb3, 0x21, 0x65, 0x18, 0xc6, 0xe0, 0x79, 0xba, 0x3f, 0x95, 0xc7, 0x00, 0x36, 0x87, 0x93, - 0x8b, 0x30, 0xc2, 0x44, 0x22, 0x95, 0xdf, 0x1f, 0x4f, 0x0a, 0x26, 0x33, 0x31, 0xf9, 0x43, 0x14, - 0x91, 0x9b, 0x30, 0xc1, 0xff, 0x12, 0xf1, 0x13, 0x46, 0x4c, 0xf3, 0x30, 0xc7, 0x6b, 0xc8, 0x10, - 0x0a, 0x06, 0x1e, 0xbb, 0x2b, 0xd4, 0xba, 0xa8, 0x7f, 0xa8, 0x2e, 0x89, 0x68, 0xab, 0x78, 0x57, - 0x08, 0x39, 0x10, 0x33, 0x97, 0x2b, 0x04, 0x26, 0x99, 0x08, 0xab, 0xe6, 0x22, 0xde, 0x10, 0x51, - 0x32, 0xe1, 0xd6, 0xcc, 0xb6, 0x28, 0x21, 0x57, 0xb8, 0x6a, 0x1f, 0x85, 0x3c, 0x9e, 0x20, 0x0a, - 0xf5, 0xe6, 0xa8, 0x66, 0x40, 0x49, 0x4f, 0x15, 0xb3, 0xca, 0xd9, 0xdf, 0xcb, 0x2d, 0xd7, 0x6b, - 0x8a, 0x4d, 0x02, 0x2b, 0x47, 0x5c, 0xca, 0xa0, 0x76, 0x8c, 0x40, 0xde, 0x81, 0x29, 0xf6, 0x63, - 0xd1, 0x6f, 0xb5, 0xfc, 0x36, 0xb2, 0x1f, 0x8f, 0x43, 0xf1, 0x20, 0x49, 0x1d, 0x8b, 0x78, 0x2d, - 0x09, 0x5c, 0x76, 0x3a, 0xe0, 0xb3, 0x61, 0x97, 0x3f, 0x3a, 0x4c, 0xc4, 0xa7, 0x03, 0x92, 0x86, - 0x1c, 0x6e, 0xeb, 0x48, 0xe4, 0x2d, 0x98, 0x64, 0x3f, 0x6f, 0x7b, 0x8f, 0x29, 0xaf, 0x70, 0x32, - 0x7e, 0x2f, 0x47, 0xaa, 0x1d, 0x56, 0xc2, 0xeb, 0x33, 0x31, 0xc9, 0x97, 0xe1, 0x24, 0x72, 0xaa, - 0xfb, 0x1d, 0xda, 0xa8, 0x6c, 0x6f, 0x7b, 0x4d, 0x8f, 0xdb, 0xeb, 0xf0, 0x48, 0x01, 0xa8, 0x03, - 0xe6, 0x15, 0x23, 0x86, 0xe3, 0xc6, 0x28, 0x76, 0x36, 0x25, 0x79, 0x08, 0xa5, 0xc5, 0x6e, 0x18, - 0xf9, 0xad, 0x4a, 0x14, 0x05, 0xde, 0x56, 0x37, 0xa2, 0xe1, 0xdc, 0xb4, 0xe1, 0x4f, 0xcf, 0x16, - 0x87, 0x2a, 0xe4, 0xda, 0x9d, 0x3a, 0x52, 0x38, 0xae, 0x22, 0xb1, 0x53, 0x4c, 0xac, 0x7f, 0x92, - 0x83, 0x49, 0x83, 0x94, 0xbc, 0x09, 0x13, 0xb7, 0x02, 0x8f, 0xb6, 0x1b, 0xcd, 0x7d, 0xed, 0xda, - 0x89, 0x77, 0x92, 0x6d, 0x01, 0xe7, 0xad, 0x36, 0xd0, 0x94, 0xd6, 0x26, 0x9f, 0x69, 0x4c, 0x77, - 0x8d, 0xbb, 0xf5, 0x89, 0x09, 0x5a, 0x88, 0x03, 0x7c, 0xe0, 0x04, 0x15, 0xb3, 0x53, 0x43, 0x21, - 0xef, 0xc2, 0x08, 0x7f, 0x60, 0x14, 0x96, 0x5d, 0x67, 0xb2, 0x9a, 0xc9, 0x5d, 0x48, 0x71, 0x22, - 0xa2, 0x15, 0x49, 0x68, 0x0b, 0x22, 0xeb, 0xa7, 0x73, 0x40, 0xd2, 0xa8, 0x47, 0x68, 0xb1, 0x8e, - 0xb4, 0x4e, 0xf9, 0x40, 0xad, 0xc6, 0x82, 0xa1, 0xb3, 0x65, 0x35, 0xf1, 0x02, 0xde, 0xf1, 0x62, - 0xd5, 0xe9, 0x6a, 0x35, 0x5e, 0x6c, 0xfd, 0x85, 0x3c, 0x40, 0x8c, 0x4d, 0xbe, 0xc8, 0x73, 0x94, - 0x7c, 0xb9, 0xeb, 0x36, 0xbd, 0x6d, 0xcf, 0x0c, 0xda, 0x87, 0x4c, 0xbe, 0x25, 0x4b, 0x6c, 0x13, - 0x91, 0xbc, 0x0f, 0xd3, 0xb5, 0x0d, 0x93, 0x56, 0xcb, 0xc7, 0x10, 0x76, 0x9c, 0x04, 0x79, 0x12, - 0x1b, 0x2d, 0x38, 0xf5, 0xd1, 0xe0, 0x16, 0x9c, 0x7c, 0x20, 0x44, 0x09, 0xdb, 0x58, 0x6a, 0x1b, - 0xc2, 0x68, 0xb8, 0x51, 0x5d, 0x12, 0xbb, 0x14, 0x7e, 0x5d, 0xd8, 0x71, 0x3a, 0xc2, 0x9a, 0x98, - 0xed, 0x13, 0x06, 0x5e, 0xdc, 0x91, 0xc3, 0x3d, 0xdc, 0x44, 0x7f, 0x06, 0x95, 0x78, 0x2d, 0x3f, - 0xa2, 0x42, 0x77, 0xf1, 0xcc, 0xde, 0x62, 0xe2, 0xd7, 0xe9, 0x61, 0xc3, 0xfb, 0xcd, 0x68, 0x9d, - 0xb0, 0xc0, 0xb8, 0x11, 0x5f, 0x39, 0xf8, 0x3b, 0x75, 0x86, 0xd1, 0xc6, 0xdf, 0xca, 0xc1, 0xc9, - 0x4c, 0x5a, 0x72, 0x15, 0x20, 0xd6, 0x10, 0x89, 0x5e, 0xc2, 0x1d, 0x33, 0x0e, 0x6b, 0x61, 0x6b, - 0x18, 0xe4, 0x6b, 0x49, 0xdd, 0xce, 0xd1, 0x07, 0xe1, 0x59, 0x19, 0xb6, 0xc8, 0xd4, 0xed, 0x64, - 0x68, 0x74, 0xac, 0xbf, 0x5b, 0x80, 0x19, 0x2d, 0x6a, 0x06, 0xff, 0xd6, 0x23, 0x2c, 0x6a, 0x1f, - 0xc1, 0x04, 0x6b, 0x8d, 0x57, 0x17, 0x2e, 0x38, 0xdc, 0x92, 0xe2, 0xd5, 0x94, 0xff, 0x92, 0xe0, - 0x76, 0x55, 0x47, 0xe6, 0xc1, 0xc4, 0x70, 0xeb, 0x44, 0xcd, 0x79, 0x3d, 0xed, 0x8a, 0x63, 0x30, - 0x27, 0x21, 0x4c, 0x2e, 0xed, 0xb7, 0xdd, 0x96, 0xaa, 0x8d, 0x5b, 0x54, 0xbc, 0xd6, 0xb3, 0x36, - 0x03, 0x9b, 0x57, 0x17, 0x5b, 0xfa, 0xf3, 0xb2, 0x0c, 0x27, 0x53, 0x83, 0xea, 0xec, 0xfb, 0x30, - 0x93, 0xfa, 0xe8, 0x63, 0xc5, 0x35, 0x7b, 0x08, 0x24, 0xfd, 0x1d, 0x19, 0x1c, 0x5e, 0x33, 0xa3, - 0xe6, 0x9d, 0x54, 0x8f, 0xa7, 0x98, 0x31, 0x99, 0xdb, 0x67, 0xcc, 0xeb, 0x51, 0xcf, 0x7e, 0x26, - 0xaf, 0xfb, 0x90, 0x3d, 0xeb, 0xab, 0xee, 0x03, 0xe3, 0x6e, 0x7b, 0xbe, 0xd7, 0x98, 0x0e, 0xa4, - 0x43, 0xf8, 0x7e, 0x01, 0x4e, 0xf7, 0xa0, 0x24, 0xfb, 0xc9, 0x49, 0xc4, 0x75, 0x0a, 0xd7, 0xfb, - 0x57, 0xf8, 0x34, 0xa6, 0x12, 0xf9, 0x22, 0xf7, 0x22, 0xaf, 0x63, 0x56, 0x5e, 0x71, 0x9b, 0xe6, - 0x49, 0xe2, 0x15, 0x34, 0xe9, 0x3e, 0xce, 0xa1, 0xe4, 0x7d, 0x18, 0x46, 0x07, 0xc2, 0x44, 0xd4, - 0x2e, 0x86, 0x81, 0x70, 0x2d, 0xc4, 0x19, 0xfb, 0x69, 0x84, 0x38, 0x63, 0x00, 0xf2, 0x05, 0x28, - 0x54, 0x1e, 0xd6, 0xc4, 0xb8, 0x4c, 0xe9, 0xe4, 0x0f, 0x6b, 0x71, 0x64, 0x75, 0xd7, 0x08, 0x81, - 0xce, 0x28, 0x18, 0xe1, 0xed, 0xc5, 0x0d, 0x31, 0x2a, 0x3a, 0xe1, 0xed, 0xc5, 0x8d, 0x98, 0x70, - 0xa7, 0x6e, 0x44, 0x41, 0xb9, 0xbd, 0xb8, 0xf1, 0xd9, 0x4d, 0xfb, 0x7f, 0x2b, 0xcf, 0x5d, 0xdf, - 0x79, 0xc3, 0xde, 0x87, 0x09, 0x23, 0xaa, 0x69, 0x2e, 0x96, 0xc7, 0x54, 0xf0, 0xd8, 0x84, 0x09, - 0x8a, 0x41, 0x20, 0x73, 0x14, 0xb0, 0xdf, 0x28, 0xf1, 0xea, 0xc6, 0x1e, 0x8a, 0x03, 0xca, 0xc4, - 0xc9, 0x1c, 0x05, 0x8a, 0x84, 0xdc, 0x80, 0xe2, 0x26, 0x6d, 0xbb, 0xed, 0x48, 0xa9, 0x37, 0xd1, - 0x5a, 0x35, 0x42, 0x98, 0x29, 0x35, 0x28, 0x44, 0xb4, 0xac, 0xec, 0x6e, 0x85, 0xf5, 0xc0, 0xc3, - 0x10, 0x19, 0xea, 0x2c, 0xe6, 0x96, 0x95, 0x5a, 0x89, 0xc9, 0x20, 0x41, 0x64, 0xfd, 0x4c, 0x0e, - 0x46, 0xc5, 0x40, 0xf2, 0xdc, 0x32, 0x3b, 0xf1, 0x59, 0x22, 0x72, 0xcb, 0xec, 0x78, 0xc9, 0xdc, - 0x32, 0x3b, 0x3c, 0x0e, 0xc5, 0x98, 0xf0, 0xe2, 0x54, 0x0f, 0x7d, 0x3c, 0x15, 0x39, 0x07, 0x9a, - 0xd5, 0xc6, 0xa8, 0x83, 0xba, 0xac, 0x58, 0x7f, 0x43, 0x7c, 0xd9, 0xed, 0xc5, 0x0d, 0x32, 0x0f, - 0xc5, 0x55, 0x9f, 0xc7, 0x38, 0xd1, 0x13, 0x05, 0x36, 0x05, 0x4c, 0xef, 0x20, 0x89, 0xc7, 0xbe, - 0x6f, 0x23, 0xf0, 0xc5, 0x5d, 0x46, 0xfb, 0xbe, 0x0e, 0x07, 0x26, 0xbe, 0x4f, 0xa1, 0x0e, 0xfc, - 0x7d, 0x34, 0x63, 0x93, 0x78, 0x70, 0x03, 0x83, 0xb7, 0xdf, 0xd1, 0x5d, 0x81, 0x44, 0x91, 0xdc, - 0x29, 0xce, 0xf6, 0xda, 0x29, 0x1e, 0xdc, 0xb0, 0x33, 0xa8, 0xf0, 0x95, 0x2c, 0x06, 0xd7, 0x68, - 0xf0, 0xf8, 0x19, 0xde, 0xa5, 0xb3, 0x5f, 0xc9, 0x92, 0xcd, 0x1b, 0x68, 0x93, 0xfe, 0xc7, 0x79, - 0x38, 0x95, 0x4d, 0xa8, 0xb7, 0x25, 0xd7, 0xa7, 0x2d, 0x97, 0xa1, 0xb8, 0xe2, 0x87, 0x91, 0x66, - 0x75, 0x86, 0xca, 0xfc, 0x5d, 0x01, 0xb3, 0x55, 0x29, 0xbb, 0x73, 0xb3, 0xbf, 0xd5, 0xf2, 0x44, - 0x7e, 0xe8, 0xf0, 0xcd, 0xee, 0xdc, 0xbc, 0x88, 0xdc, 0x86, 0xa2, 0x2d, 0x5c, 0x51, 0x12, 0x5d, - 0x23, 0xc1, 0x4a, 0x9a, 0x22, 0x81, 0x80, 0x18, 0xc1, 0x65, 0x05, 0x8c, 0x54, 0x60, 0x54, 0x8c, - 0x7e, 0xe2, 0x21, 0x38, 0x63, 0xca, 0x98, 0xf1, 0x9e, 0x25, 0x1d, 0xdb, 0x51, 0xf0, 0x49, 0xaf, - 0xba, 0x24, 0xbd, 0x4a, 0x70, 0x47, 0xe1, 0x4f, 0x7e, 0xa6, 0x81, 0x9f, 0x42, 0xb4, 0xbe, 0x93, - 0x07, 0x90, 0x5a, 0x9b, 0x67, 0x76, 0x86, 0x7d, 0xc1, 0x98, 0x61, 0x9a, 0xbd, 0xcb, 0xe0, 0xb9, - 0x10, 0xd7, 0xd1, 0xee, 0x64, 0xf0, 0x4c, 0x88, 0x65, 0x18, 0xde, 0x8c, 0x15, 0x5a, 0xc2, 0xc7, - 0x01, 0x95, 0xcb, 0x1c, 0x6e, 0x6d, 0xc1, 0x89, 0xdb, 0x34, 0x8a, 0xd5, 0x5b, 0xf2, 0x21, 0xb1, - 0x3f, 0xdb, 0xd7, 0x61, 0x4c, 0xe0, 0xab, 0xfd, 0x8b, 0xeb, 0x62, 0x44, 0x0c, 0x05, 0xd4, 0xc5, - 0x48, 0x04, 0xb6, 0x1b, 0x2d, 0xd1, 0x26, 0x8d, 0xe8, 0x67, 0x5b, 0x4d, 0x0d, 0x08, 0x6f, 0x0a, - 0xb6, 0x6c, 0xb0, 0x1a, 0x8e, 0xec, 0x9f, 0x07, 0x70, 0x52, 0x7d, 0xfb, 0xd3, 0xe4, 0x7b, 0x8d, - 0x5d, 0x29, 0x45, 0xa8, 0xe4, 0x98, 0x63, 0x1f, 0x4b, 0x92, 0x27, 0x70, 0x56, 0x12, 0x3c, 0xf4, - 0x94, 0xe1, 0xde, 0x40, 0xb4, 0xe4, 0x1d, 0x18, 0xd7, 0x68, 0x44, 0xa8, 0x5f, 0x54, 0x3a, 0xef, - 0x79, 0xd1, 0xae, 0x13, 0x72, 0xb8, 0xae, 0x74, 0xd6, 0xd0, 0xad, 0xaf, 0xc2, 0xf3, 0xca, 0x0f, - 0x25, 0xa3, 0xea, 0x04, 0xf3, 0xdc, 0xf1, 0x98, 0xaf, 0xc5, 0xcd, 0xaa, 0xb6, 0x95, 0xef, 0xa8, - 0xe4, 0x4d, 0xf4, 0x66, 0x89, 0xc6, 0xbc, 0x90, 0xf2, 0x46, 0xd5, 0x9c, 0x4e, 0xad, 0xb7, 0xb5, - 0x8f, 0xcd, 0x60, 0x68, 0x10, 0xe7, 0x92, 0xc4, 0xdf, 0xc9, 0xc3, 0xf4, 0x7a, 0x75, 0x69, 0x51, - 0xd9, 0x12, 0xfd, 0x80, 0x65, 0x6a, 0x34, 0xda, 0xd6, 0x7b, 0xbf, 0xb1, 0xee, 0xc3, 0x6c, 0xa2, - 0x1b, 0x50, 0x74, 0x78, 0x8f, 0x7b, 0x30, 0x28, 0xb0, 0x14, 0x1b, 0x4e, 0x65, 0xb1, 0x7f, 0x70, - 0xc3, 0x4e, 0x60, 0x5b, 0xff, 0x74, 0x2c, 0xc1, 0x57, 0x6c, 0x61, 0xaf, 0xc3, 0x58, 0x35, 0x0c, - 0xbb, 0x34, 0xb8, 0x6f, 0xaf, 0xea, 0xaa, 0x02, 0x0f, 0x81, 0x4e, 0x37, 0x68, 0xda, 0x31, 0x02, - 0xb9, 0x02, 0x45, 0x11, 0xfd, 0x56, 0xee, 0x09, 0xa8, 0xb5, 0x55, 0xc1, 0x73, 0x6d, 0x55, 0x4c, - 0xde, 0x84, 0x09, 0xfe, 0x37, 0x9f, 0x6d, 0xa2, 0xc3, 0x51, 0x39, 0x28, 0xd0, 0xf9, 0xec, 0xb4, - 0x0d, 0x34, 0xf2, 0x2a, 0x14, 0x2a, 0x8b, 0xb6, 0x50, 0x07, 0x09, 0xb9, 0x11, 0xf3, 0x2f, 0x77, - 0xa9, 0x79, 0x89, 0x58, 0xb4, 0x99, 0xf4, 0x27, 0xfd, 0xd4, 0x85, 0x26, 0x9b, 0xa7, 0x89, 0x16, - 0xb0, 0xc4, 0x61, 0x86, 0x30, 0x72, 0x0d, 0x46, 0x97, 0xbc, 0xb0, 0xd3, 0x74, 0xf7, 0x85, 0x1e, - 0x9b, 0xa7, 0x21, 0xe2, 0x20, 0xc3, 0xfd, 0x9c, 0x83, 0xc8, 0x15, 0x99, 0x9e, 0xa5, 0x18, 0x3b, - 0x42, 0xf4, 0xc8, 0xc1, 0xf2, 0x3a, 0x8c, 0x88, 0x18, 0xb1, 0x63, 0x5a, 0xf4, 0xf7, 0x64, 0x6c, - 0x58, 0x81, 0x93, 0xf6, 0x88, 0x84, 0xa7, 0xe9, 0x11, 0xb9, 0x05, 0xa7, 0x6f, 0xa3, 0xf6, 0xc6, - 0x0c, 0xac, 0x72, 0xdf, 0xae, 0x0a, 0x7d, 0x38, 0x3e, 0xea, 0x70, 0x05, 0x4f, 0x32, 0x36, 0x8b, - 0xd3, 0x0d, 0xf4, 0xac, 0x7a, 0xbd, 0x18, 0x91, 0xaf, 0xc0, 0x89, 0xac, 0x22, 0xa1, 0x35, 0xc7, - 0x10, 0x22, 0xd9, 0x15, 0xe8, 0x21, 0x44, 0xb2, 0x38, 0x90, 0x55, 0x28, 0x71, 0x78, 0xa5, 0xd1, - 0xf2, 0xda, 0x5c, 0xf3, 0xcf, 0xb5, 0xea, 0xe8, 0x99, 0x20, 0xb8, 0xba, 0xac, 0x90, 0xbf, 0x00, - 0x18, 0xbe, 0x2c, 0x09, 0x4a, 0xf2, 0x57, 0x73, 0xec, 0x36, 0xc7, 0x23, 0xaa, 0xde, 0xb7, 0x57, - 0x43, 0x11, 0x7e, 0xea, 0x54, 0xec, 0xa6, 0x52, 0x8b, 0x02, 0xaf, 0xbd, 0x23, 0xfc, 0x54, 0x36, - 0x85, 0x9f, 0xca, 0x3b, 0x9f, 0xc8, 0x4f, 0x85, 0xb3, 0x0a, 0x0f, 0x0f, 0xca, 0x13, 0x81, 0xa8, - 0x13, 0x57, 0x91, 0xf1, 0x05, 0x98, 0x11, 0xbe, 0xd9, 0xf4, 0xf7, 0xee, 0xb7, 0x79, 0x3c, 0x47, - 0xda, 0xe0, 0x8d, 0x9c, 0xc6, 0x1d, 0x9c, 0x67, 0x84, 0x67, 0xe5, 0x4e, 0x57, 0x21, 0xa4, 0x1a, - 0x9a, 0xc9, 0x81, 0x5d, 0x3c, 0xa5, 0x2f, 0x04, 0x77, 0xef, 0x2c, 0xc5, 0x17, 0x4f, 0xe9, 0x38, - 0xe1, 0xe0, 0x34, 0xd2, 0x27, 0x8f, 0x41, 0x42, 0xae, 0xc1, 0xc8, 0x3d, 0xf7, 0x49, 0x65, 0x87, - 0x8a, 0xb4, 0x5b, 0x93, 0x72, 0xfb, 0x43, 0xe0, 0x42, 0xf1, 0x77, 0xb9, 0xad, 0xfd, 0x73, 0xb6, - 0x40, 0x23, 0x3f, 0x92, 0x83, 0x53, 0x7c, 0x19, 0xcb, 0x56, 0xd6, 0x68, 0x14, 0xb1, 0x7e, 0x10, - 0x71, 0xa8, 0x64, 0xd2, 0x8a, 0x5a, 0x6d, 0x3d, 0x1b, 0x8f, 0xe7, 0x2f, 0x17, 0x3b, 0x83, 0xea, - 0xb8, 0x50, 0x94, 0x1a, 0x11, 0x36, 0x33, 0xe9, 0x85, 0x1d, 0xf9, 0x17, 0xe4, 0x97, 0x93, 0x37, - 0x74, 0x2f, 0xc4, 0x02, 0xca, 0xb9, 0xa3, 0x2d, 0xf7, 0x89, 0xe3, 0xee, 0x50, 0xe3, 0x75, 0x5a, - 0xe8, 0x99, 0x7f, 0x2a, 0x07, 0x67, 0x7a, 0x7e, 0x1c, 0xb9, 0x09, 0xa7, 0x65, 0x2a, 0xfb, 0xdd, - 0x28, 0xea, 0x84, 0x8e, 0xbc, 0x0c, 0x08, 0xbf, 0x45, 0xfb, 0xa4, 0x28, 0x5e, 0x61, 0xa5, 0xf2, - 0x7e, 0x10, 0x92, 0xf7, 0xe1, 0x05, 0xaf, 0x1d, 0xd2, 0x7a, 0x37, 0xa0, 0x71, 0x2e, 0x7c, 0xaf, - 0x11, 0x38, 0x81, 0xdb, 0xde, 0x91, 0x4e, 0x98, 0xf6, 0x19, 0x89, 0x23, 0x33, 0xe2, 0x7b, 0x8d, - 0xc0, 0x46, 0x04, 0xeb, 0x0f, 0xc6, 0xf8, 0xa9, 0x58, 0xe9, 0x46, 0xbb, 0xf2, 0x1c, 0x9d, 0xcf, - 0xf2, 0xa9, 0xe1, 0xc6, 0x7e, 0x9a, 0x4f, 0x8d, 0xe9, 0x49, 0x23, 0x9f, 0x33, 0xf2, 0x99, 0xcf, - 0x19, 0xaf, 0xc3, 0xd8, 0xe2, 0x2e, 0xad, 0x3f, 0x52, 0x7e, 0x0d, 0x45, 0xa1, 0x2f, 0x66, 0x40, - 0x1e, 0xbe, 0x35, 0x46, 0x20, 0xd7, 0x00, 0xd0, 0x95, 0x8f, 0x0b, 0x59, 0x5a, 0x08, 0x76, 0xf4, - 0xfc, 0x13, 0xf6, 0x13, 0x1a, 0x0a, 0xb2, 0xaf, 0xd9, 0xb7, 0x74, 0x83, 0x0b, 0xce, 0x3e, 0x0c, - 0xb6, 0x05, 0x7a, 0x8c, 0xc0, 0x9a, 0xa7, 0x2d, 0x15, 0xb1, 0xb1, 0x97, 0x52, 0xeb, 0x49, 0x47, - 0x42, 0x5b, 0x46, 0x69, 0xc4, 0x8d, 0xfb, 0xfa, 0x84, 0xb0, 0x65, 0x54, 0x06, 0xdf, 0x76, 0x8c, - 0x40, 0xbe, 0x00, 0xa3, 0x8b, 0x34, 0x88, 0x36, 0x37, 0x57, 0xd1, 0x26, 0x82, 0xc7, 0x29, 0x2f, - 0x62, 0x4c, 0xe9, 0x28, 0x6a, 0x7e, 0x7c, 0x50, 0x9e, 0x8c, 0xbc, 0x16, 0x55, 0xf1, 0x57, 0x6d, - 0x89, 0x4d, 0x16, 0xa0, 0xc4, 0xdf, 0x79, 0x63, 0x61, 0x1a, 0xb7, 0xfa, 0x22, 0x3f, 0x78, 0xc4, - 0xa3, 0xf0, 0x1e, 0xdd, 0x52, 0x11, 0xb5, 0x53, 0xf8, 0x64, 0x59, 0x06, 0xa2, 0xd7, 0x1b, 0x09, - 0xb1, 0x76, 0x27, 0xb9, 0x04, 0x58, 0x5b, 0xd3, 0x14, 0xa4, 0x02, 0x93, 0x8b, 0x7e, 0xab, 0xe3, - 0x46, 0x1e, 0x66, 0x75, 0xda, 0x17, 0xbb, 0x3a, 0x6a, 0xa8, 0xea, 0x7a, 0x81, 0x71, 0x44, 0xe8, - 0x05, 0xe4, 0x16, 0x4c, 0xd9, 0x7e, 0x97, 0x0d, 0x92, 0xbc, 0x56, 0xf2, 0x8d, 0x1b, 0x2d, 0x17, - 0x02, 0x56, 0xc2, 0xce, 0x19, 0x71, 0x87, 0x34, 0x42, 0xe3, 0x19, 0x54, 0x64, 0x2d, 0x43, 0xbf, - 0xaf, 0xef, 0xd6, 0x7a, 0x5c, 0xed, 0x14, 0xb3, 0x8c, 0xa7, 0x81, 0x1b, 0x30, 0x5e, 0xab, 0xad, - 0x6f, 0xd2, 0x30, 0xba, 0xd5, 0xf4, 0xf7, 0x70, 0xb3, 0x2e, 0x8a, 0x7c, 0x23, 0xa1, 0xef, 0x44, - 0x34, 0x8c, 0x9c, 0xed, 0xa6, 0xbf, 0x67, 0xeb, 0x58, 0xe4, 0x1b, 0xac, 0x3f, 0x34, 0xd1, 0x46, - 0x04, 0x01, 0xec, 0x27, 0x7d, 0xe1, 0x96, 0x18, 0x2f, 0x19, 0x26, 0x83, 0x99, 0x9d, 0xa5, 0xa1, - 0xa3, 0x93, 0x0e, 0xbb, 0x10, 0x57, 0x1a, 0x8d, 0x80, 0x86, 0xa1, 0xd8, 0x55, 0xb9, 0x93, 0x0e, - 0xde, 0x9e, 0x5d, 0x5e, 0x60, 0x38, 0xe9, 0x68, 0x04, 0xe4, 0xbb, 0x39, 0x38, 0xa9, 0xdb, 0xf9, - 0xe3, 0x62, 0x41, 0x2b, 0x0c, 0xbe, 0xc7, 0xbe, 0x71, 0x55, 0x9e, 0x2a, 0x57, 0x35, 0xb4, 0xab, - 0x8f, 0xaf, 0x5f, 0xad, 0xc4, 0x3f, 0x6b, 0x92, 0x48, 0xc4, 0xd1, 0xca, 0xe2, 0xa7, 0x9f, 0x10, - 0x6e, 0x06, 0x29, 0x59, 0x64, 0x82, 0x07, 0x9b, 0x4f, 0x68, 0xd5, 0x53, 0xdd, 0xc0, 0x2d, 0x5a, - 0x28, 0x08, 0xc5, 0xec, 0xe3, 0xf6, 0x3f, 0x5e, 0xc7, 0x94, 0x2f, 0x34, 0x1a, 0x52, 0x85, 0x69, - 0x0e, 0x60, 0x5b, 0x02, 0x4f, 0x46, 0x31, 0x1b, 0x07, 0xc4, 0x16, 0x6c, 0xf0, 0xe9, 0x1a, 0x13, - 0x52, 0xe8, 0x31, 0xeb, 0x12, 0x74, 0x28, 0xf9, 0xd7, 0x2a, 0xf7, 0x56, 0x63, 0xf1, 0xf5, 0x07, - 0xcb, 0x4e, 0xdf, 0x68, 0x5b, 0x1f, 0x3b, 0xfd, 0xfb, 0xdc, 0x73, 0x51, 0xeb, 0x06, 0x29, 0xf9, - 0x1b, 0xe0, 0xa4, 0xe4, 0x9f, 0xa0, 0xb1, 0x13, 0xd8, 0xd6, 0xc7, 0xc5, 0x04, 0x5f, 0x61, 0x9b, - 0x67, 0xc1, 0x08, 0x17, 0xec, 0xf5, 0xcc, 0xe6, 0x5c, 0xec, 0xb7, 0x45, 0x09, 0x39, 0x03, 0x85, - 0x5a, 0x6d, 0x5d, 0x74, 0x32, 0x5a, 0xe8, 0x85, 0xa1, 0x6f, 0x33, 0x18, 0x1b, 0x21, 0x34, 0xbb, - 0xd3, 0xc2, 0xff, 0xb2, 0x1d, 0xd4, 0x46, 0x28, 0xeb, 0x6f, 0x29, 0x66, 0x0f, 0xc5, 0xfd, 0x2d, - 0xc4, 0xec, 0x58, 0xb8, 0x5e, 0x84, 0xb9, 0x4a, 0x18, 0xd2, 0x80, 0x4d, 0x50, 0x61, 0xcd, 0x15, - 0x08, 0x51, 0x50, 0x1c, 0x14, 0x58, 0xa9, 0x5b, 0x0f, 0xed, 0x9e, 0x88, 0xe4, 0x32, 0x14, 0x2b, - 0xdd, 0x86, 0x47, 0xdb, 0x75, 0x23, 0xb6, 0x8f, 0x2b, 0x60, 0xb6, 0x2a, 0x25, 0x5f, 0x86, 0x93, - 0x89, 0xf8, 0x56, 0xa2, 0x07, 0x46, 0xe3, 0xd5, 0x2c, 0x45, 0xd5, 0xf8, 0xcd, 0x9a, 0x77, 0x49, - 0x36, 0x25, 0xa9, 0x40, 0x69, 0x19, 0xfd, 0x52, 0x96, 0x28, 0x57, 0x9f, 0xfb, 0x01, 0xf7, 0xb5, - 0xe1, 0x17, 0x0b, 0xee, 0xb3, 0xe2, 0x34, 0x54, 0xa1, 0x9d, 0x42, 0x27, 0x77, 0x61, 0x36, 0x09, - 0x63, 0x67, 0x02, 0xbf, 0x43, 0x60, 0xfc, 0xc9, 0x14, 0x17, 0x3c, 0x15, 0xb2, 0xa8, 0xc8, 0x16, - 0xcc, 0xc4, 0x36, 0x1b, 0xe6, 0xcd, 0x42, 0x1a, 0x76, 0xaa, 0x72, 0x79, 0xbb, 0x78, 0x5e, 0x4c, - 0xc6, 0xd9, 0xd8, 0xfe, 0x43, 0xdd, 0x30, 0xec, 0x34, 0x3b, 0xd2, 0x80, 0xa9, 0x9a, 0xb7, 0xd3, - 0xf6, 0xda, 0x3b, 0x77, 0xe9, 0xfe, 0x86, 0xeb, 0x05, 0xc2, 0xc4, 0x4e, 0x1a, 0xd0, 0x56, 0xc2, - 0xfd, 0x56, 0x8b, 0x46, 0x01, 0x9e, 0xb6, 0xac, 0x1c, 0xdd, 0x44, 0x99, 0xc4, 0x78, 0x36, 0xe4, - 0x74, 0xe8, 0x82, 0xd5, 0x71, 0x3d, 0xe3, 0x58, 0x31, 0x79, 0x1a, 0xb7, 0xbb, 0x89, 0x01, 0x6f, - 0x77, 0x4d, 0x98, 0x59, 0x6e, 0xd7, 0x83, 0x7d, 0x7c, 0xc5, 0x90, 0x1f, 0x37, 0x79, 0xc4, 0xc7, - 0xbd, 0x24, 0x3e, 0xee, 0x05, 0x57, 0xce, 0xb0, 0xac, 0xcf, 0x4b, 0x33, 0x26, 0x35, 0x98, 0x41, - 0x89, 0xad, 0xba, 0xb4, 0x51, 0x6d, 0x7b, 0x91, 0x87, 0xf9, 0xb7, 0xf9, 0x71, 0xf5, 0xb2, 0xe0, - 0x79, 0x8e, 0x4b, 0xf1, 0x5e, 0xa3, 0xe3, 0x78, 0x12, 0x45, 0x67, 0x9a, 0xa2, 0xef, 0x27, 0x4a, - 0x4f, 0xff, 0xab, 0x11, 0xa5, 0x31, 0x43, 0x55, 0xc2, 0x7d, 0xba, 0x14, 0xef, 0xed, 0x21, 0x16, - 0xb1, 0x23, 0xc2, 0xef, 0xa2, 0x78, 0x62, 0x64, 0xa8, 0x32, 0xe9, 0xac, 0xef, 0x8e, 0xf1, 0xbd, - 0x5d, 0x97, 0x5f, 0x7b, 0x19, 0xe3, 0x25, 0xe4, 0xda, 0xfc, 0x71, 0xe4, 0xda, 0xc2, 0xd1, 0x72, - 0xed, 0xd0, 0x51, 0x72, 0x6d, 0x42, 0xf0, 0x1c, 0x3e, 0xb6, 0xe0, 0x39, 0x72, 0x0c, 0xc1, 0x73, - 0xf4, 0x58, 0x82, 0xa7, 0x21, 0x41, 0x17, 0x8f, 0x92, 0xa0, 0xff, 0x54, 0x4c, 0x7d, 0x56, 0xc5, - 0xd4, 0x2c, 0x51, 0xe1, 0x58, 0x62, 0x6a, 0x6f, 0x29, 0xb3, 0xf4, 0xaf, 0x5b, 0xca, 0x9c, 0x79, - 0x3a, 0x52, 0x26, 0xf9, 0x84, 0x52, 0xe6, 0x9f, 0x81, 0x52, 0xf2, 0xe0, 0x3b, 0x3a, 0xac, 0xdf, - 0x53, 0x0b, 0x41, 0xc5, 0x8e, 0xe5, 0xe4, 0xc1, 0xc3, 0x2e, 0xd2, 0x1b, 0x81, 0xf7, 0xd8, 0x8d, - 0xe8, 0x5d, 0x69, 0xbc, 0x20, 0x42, 0x52, 0x72, 0x28, 0x6e, 0x1f, 0x1a, 0x8a, 0x92, 0xb9, 0xf2, - 0x59, 0x32, 0x97, 0xf5, 0x97, 0xf2, 0x30, 0xc3, 0xe3, 0xb8, 0x3c, 0xfb, 0x3a, 0xf4, 0xf7, 0x0c, - 0x49, 0x5a, 0x9a, 0xca, 0x25, 0x5a, 0xd7, 0x47, 0x8b, 0xfe, 0x75, 0x38, 0x99, 0xea, 0x0a, 0x94, - 0xa6, 0x97, 0x64, 0x04, 0x9d, 0x94, 0x3c, 0x3d, 0x97, 0x5d, 0xc9, 0x83, 0x1b, 0x76, 0x8a, 0xc2, - 0xfa, 0x67, 0x43, 0x29, 0xfe, 0x42, 0x9f, 0xae, 0x6b, 0xc8, 0x73, 0xc7, 0xd3, 0x90, 0xe7, 0x07, - 0xd3, 0x90, 0x27, 0x8e, 0xa9, 0xc2, 0x20, 0xc7, 0xd4, 0x97, 0x61, 0x72, 0x93, 0xba, 0xad, 0x70, - 0xd3, 0x17, 0x71, 0xe7, 0xb9, 0xa9, 0xac, 0x0c, 0x90, 0xc3, 0xca, 0xa4, 0x30, 0xa8, 0x4c, 0x7e, - 0x22, 0x46, 0xc0, 0xb6, 0x56, 0x1e, 0x88, 0xde, 0x36, 0x39, 0xe8, 0x12, 0xfe, 0x70, 0x1f, 0x09, - 0xbf, 0x06, 0x13, 0x82, 0x2e, 0x8e, 0x65, 0x18, 0x8b, 0xa2, 0xac, 0x08, 0xe1, 0xb2, 0x76, 0x95, - 0x0e, 0x51, 0xd5, 0xce, 0xa5, 0x50, 0x83, 0x09, 0xeb, 0x82, 0xe5, 0x76, 0xa3, 0xe3, 0x7b, 0x6d, - 0xec, 0x82, 0xd1, 0xb8, 0x0b, 0xa8, 0x00, 0xf3, 0x2e, 0xd0, 0x90, 0xc8, 0x3b, 0x30, 0x55, 0xd9, - 0xa8, 0xea, 0x64, 0xc5, 0x58, 0x49, 0xef, 0x76, 0x3c, 0xc7, 0x20, 0x4d, 0xe0, 0xf6, 0x93, 0xca, - 0xc6, 0xfe, 0xd5, 0x48, 0x65, 0xd6, 0x3f, 0x1a, 0x93, 0xcb, 0xfb, 0xb3, 0x55, 0x06, 0x9a, 0xea, - 0xbd, 0xc2, 0x31, 0xd5, 0x7b, 0x43, 0x47, 0x09, 0x27, 0x86, 0xc4, 0x34, 0x7c, 0x0c, 0x89, 0x69, - 0xe4, 0x53, 0xab, 0xea, 0x46, 0x8f, 0x29, 0x03, 0x25, 0x56, 0x5a, 0x71, 0x90, 0x95, 0x96, 0x29, - 0x37, 0x8d, 0x7d, 0x7a, 0xb9, 0x09, 0x8e, 0x2d, 0x37, 0xd5, 0x62, 0x37, 0xb2, 0xf1, 0x23, 0xed, - 0x79, 0xcf, 0x89, 0xfb, 0xca, 0x4c, 0x76, 0x08, 0x1f, 0xe5, 0x50, 0xf6, 0x03, 0x25, 0x8c, 0x7d, - 0x33, 0x5b, 0x18, 0xeb, 0x7f, 0xda, 0xfc, 0xa9, 0x38, 0xf6, 0x54, 0xc4, 0xb1, 0x00, 0x07, 0xec, - 0xa1, 0x1b, 0xb4, 0xf1, 0xca, 0x79, 0x0d, 0x46, 0x65, 0x54, 0xac, 0x5c, 0xac, 0x3d, 0x49, 0x87, - 0xc3, 0x92, 0x58, 0x64, 0x1e, 0x8a, 0x92, 0x58, 0x0f, 0x24, 0xbe, 0x27, 0x60, 0x46, 0xc0, 0x21, - 0x01, 0xb3, 0xfe, 0xf6, 0x90, 0xdc, 0x14, 0xd8, 0x77, 0x88, 0x4c, 0xdb, 0x0b, 0xda, 0x24, 0xd0, - 0x84, 0xc1, 0xc4, 0x30, 0x27, 0x2c, 0xfd, 0x4c, 0x92, 0x4f, 0x14, 0xa7, 0x2c, 0x4e, 0x76, 0x55, - 0x18, 0x20, 0xd9, 0xd5, 0x5b, 0x46, 0xa6, 0xa8, 0xa1, 0x38, 0x35, 0x09, 0x5b, 0x28, 0xfd, 0x73, - 0x44, 0xdd, 0xd4, 0x53, 0x3a, 0x0d, 0xc7, 0x21, 0x3b, 0x90, 0xb2, 0x4f, 0x32, 0x27, 0x25, 0xdd, - 0x8e, 0x1c, 0x27, 0x02, 0xe0, 0xe8, 0xbf, 0xd6, 0x08, 0x80, 0xcb, 0x00, 0x5a, 0x76, 0x63, 0xfe, - 0xb8, 0xf3, 0x32, 0xeb, 0xa6, 0xa3, 0x33, 0x1b, 0x6b, 0x84, 0xd6, 0xef, 0x10, 0x98, 0xa9, 0xd5, - 0xd6, 0x97, 0x3c, 0x77, 0xa7, 0xed, 0x87, 0x91, 0x57, 0xaf, 0xb6, 0xb7, 0x7d, 0x26, 0xda, 0xa9, - 0x0d, 0x46, 0x0b, 0xf5, 0x16, 0x6f, 0x2e, 0xaa, 0x98, 0x5d, 0x1d, 0x96, 0x83, 0xc0, 0x0f, 0xf4, - 0xab, 0x03, 0x65, 0x00, 0x9b, 0xc3, 0x99, 0xf4, 0x54, 0xeb, 0xf2, 0x34, 0xb5, 0xfc, 0xbd, 0x0d, - 0xa5, 0xa7, 0x90, 0x83, 0x6c, 0x59, 0x46, 0x68, 0x7a, 0xc2, 0x0a, 0x69, 0xfa, 0xb4, 0x11, 0x47, - 0x30, 0x2e, 0xe6, 0xdb, 0xa7, 0x38, 0xde, 0x70, 0x29, 0x76, 0x10, 0xae, 0x3f, 0x90, 0xa7, 0xd6, - 0xc0, 0x3e, 0x9c, 0x34, 0x5c, 0xa0, 0x06, 0x55, 0x1c, 0xbe, 0x2a, 0xa4, 0x35, 0x0b, 0xfd, 0x67, - 0x33, 0xb4, 0x87, 0x7a, 0x6a, 0x85, 0xcc, 0x1a, 0xc8, 0x5f, 0xca, 0xc1, 0xb9, 0xcc, 0x12, 0xb5, - 0xba, 0xc7, 0x8d, 0x58, 0x8e, 0xda, 0xa6, 0xc1, 0x93, 0x48, 0xf4, 0xaa, 0xda, 0xc9, 0xd8, 0x0a, - 0xfa, 0xd7, 0x44, 0x7e, 0x2d, 0x07, 0xa7, 0x0d, 0x0c, 0xb5, 0x7d, 0x86, 0xca, 0xd7, 0x37, 0x73, - 0x5e, 0x7f, 0xf4, 0x74, 0xe6, 0xf5, 0x45, 0xb3, 0x2d, 0xf1, 0xee, 0xae, 0xb7, 0xa1, 0xd7, 0x17, - 0x92, 0xc7, 0x30, 0x83, 0x45, 0x52, 0x89, 0xc9, 0xe6, 0xac, 0xd0, 0x7d, 0x9e, 0x88, 0x3f, 0x9b, - 0xbb, 0xf5, 0x61, 0x22, 0xc0, 0xf9, 0xef, 0x1f, 0x94, 0x27, 0x0d, 0x74, 0x19, 0x1d, 0xd1, 0x89, - 0x35, 0xa1, 0x5e, 0x7b, 0xdb, 0xd7, 0x8f, 0xde, 0x54, 0x15, 0xe4, 0x1f, 0xe6, 0x60, 0x8e, 0x41, - 0x79, 0x33, 0x6e, 0x05, 0x7e, 0x4b, 0x95, 0x4b, 0x4b, 0x8b, 0x1e, 0xdd, 0xd6, 0x7c, 0x3a, 0xdd, - 0xf6, 0x32, 0x7e, 0x32, 0xdf, 0x13, 0x9c, 0xed, 0xc0, 0x6f, 0xc5, 0x9f, 0x6f, 0x64, 0xef, 0xed, - 0xf5, 0x91, 0xe4, 0x47, 0x73, 0x70, 0xc6, 0xd0, 0xbc, 0xe8, 0xa1, 0xaa, 0x85, 0xf3, 0xe4, 0xac, - 0x72, 0x92, 0x8e, 0x8b, 0x16, 0xae, 0x8a, 0xf9, 0x7f, 0x09, 0xbf, 0x20, 0x3e, 0x2d, 0xf0, 0x5b, - 0x9c, 0x16, 0xc7, 0xd2, 0x3e, 0xa1, 0x77, 0x2d, 0xc4, 0x83, 0x19, 0x7c, 0xa3, 0x34, 0x2c, 0x82, - 0x4e, 0xf4, 0xb6, 0x08, 0x52, 0x09, 0x9b, 0x30, 0x40, 0x6d, 0x6f, 0xb3, 0xa0, 0x34, 0x57, 0xf2, - 0x67, 0xe1, 0x4c, 0x0a, 0xa8, 0x56, 0xdb, 0xc9, 0x9e, 0xab, 0xed, 0xb5, 0xc3, 0x83, 0xf2, 0x2b, - 0x59, 0xb5, 0x65, 0xad, 0xb4, 0xde, 0x35, 0x10, 0x17, 0x20, 0x2e, 0x14, 0x49, 0x80, 0xb3, 0x27, - 0xe8, 0x6b, 0x62, 0x7e, 0x68, 0xf8, 0x6c, 0x2f, 0xd7, 0xbe, 0x41, 0x3f, 0xf2, 0x62, 0x24, 0x42, - 0x61, 0x42, 0x0b, 0xce, 0xbb, 0x8f, 0xd9, 0x80, 0x7b, 0x56, 0xf2, 0xfd, 0x83, 0xb2, 0x81, 0xcd, - 0x44, 0x6c, 0x3d, 0xea, 0xaf, 0x2e, 0x62, 0x1b, 0x88, 0xe4, 0x57, 0x73, 0x70, 0x82, 0x01, 0xe2, - 0x49, 0x25, 0x1a, 0x35, 0xd7, 0x6f, 0xd6, 0xef, 0x3e, 0x9d, 0x59, 0xff, 0x22, 0x7e, 0xa3, 0x3e, - 0xeb, 0x53, 0x5d, 0x92, 0xf9, 0x71, 0x38, 0xdb, 0x8d, 0xe7, 0x70, 0x63, 0xb6, 0x9f, 0x19, 0x60, - 0xb6, 0xf3, 0x01, 0x38, 0x7a, 0xb6, 0xf7, 0xac, 0x85, 0x6c, 0xc2, 0x84, 0x90, 0xae, 0x79, 0x87, - 0x9d, 0x37, 0x02, 0x7b, 0xea, 0x45, 0xfc, 0xca, 0x23, 0x62, 0x17, 0xa7, 0x5a, 0x68, 0x70, 0x21, - 0x6d, 0x98, 0xe5, 0xbf, 0x4d, 0x5d, 0x47, 0xb9, 0xa7, 0xae, 0xe3, 0xb2, 0x68, 0xd1, 0x05, 0xc1, - 0x3f, 0xa1, 0xf2, 0xd0, 0x63, 0x2b, 0x64, 0x30, 0x26, 0x1d, 0x20, 0x06, 0x98, 0x2f, 0xda, 0x0b, - 0xfd, 0x35, 0x1c, 0xaf, 0x88, 0x3a, 0xcb, 0xc9, 0x3a, 0x93, 0x2b, 0x37, 0x83, 0x37, 0x71, 0x61, - 0x5a, 0x40, 0xd9, 0x5d, 0x1a, 0x77, 0xf8, 0x17, 0x8d, 0xe8, 0x16, 0x89, 0x52, 0x2e, 0x98, 0xcb, - 0x9a, 0x30, 0xfa, 0x48, 0x62, 0x43, 0x4f, 0xf2, 0x23, 0xeb, 0x30, 0x53, 0xe9, 0x74, 0x9a, 0x1e, - 0x6d, 0x60, 0x2b, 0x79, 0x6e, 0x53, 0x2b, 0xce, 0x67, 0xe1, 0xf2, 0x42, 0x71, 0x5b, 0x48, 0x26, - 0x36, 0x4d, 0xd3, 0x5a, 0xdf, 0xcd, 0xa5, 0x3e, 0x9a, 0xbc, 0x0e, 0x63, 0xf8, 0x43, 0x73, 0xb1, - 0x46, 0x25, 0x00, 0xff, 0x44, 0x54, 0x46, 0xc4, 0x08, 0x4c, 0x58, 0xd2, 0x83, 0x26, 0x15, 0xb8, - 0xb0, 0x24, 0x6e, 0xaa, 0xf1, 0xdd, 0xb4, 0x2c, 0x2d, 0x35, 0x0b, 0xb1, 0xd0, 0x85, 0x96, 0x9a, - 0xc2, 0x3e, 0xd3, 0xfa, 0xd1, 0xbc, 0x39, 0xed, 0xc8, 0x65, 0x4d, 0x6e, 0xd7, 0xc2, 0x36, 0x49, - 0xb9, 0x5d, 0x93, 0xd6, 0xff, 0x56, 0x0e, 0x66, 0xd7, 0x83, 0x1d, 0xb7, 0xed, 0x7d, 0x9b, 0x87, - 0x7f, 0xf4, 0x71, 0x5c, 0xfa, 0xa7, 0x06, 0x7a, 0x5a, 0x29, 0x4e, 0x7c, 0xad, 0x62, 0x36, 0x53, - 0x70, 0xca, 0xd8, 0x59, 0xdf, 0x83, 0xb6, 0xef, 0xf8, 0x61, 0x5a, 0xa6, 0x19, 0x8e, 0xce, 0xe1, - 0xd6, 0x5f, 0xc9, 0xc3, 0xb8, 0xb6, 0x04, 0xc8, 0xe7, 0x61, 0x42, 0xe7, 0xa3, 0x2b, 0x90, 0xf4, - 0x6a, 0x6d, 0x03, 0x0b, 0x35, 0x48, 0xd4, 0x6d, 0x19, 0x1a, 0x24, 0x36, 0xd1, 0x11, 0x7a, 0xcc, - 0xab, 0xcd, 0xfb, 0x19, 0x57, 0x9b, 0x63, 0x25, 0xc1, 0x7d, 0x27, 0x7d, 0xc1, 0x19, 0x3c, 0x67, - 0xad, 0xf5, 0x93, 0x39, 0x28, 0x25, 0x17, 0xe9, 0x67, 0xd2, 0x2b, 0xc7, 0x78, 0x2d, 0xf8, 0xf1, - 0xbc, 0x8a, 0xcc, 0x2d, 0x3d, 0x7a, 0x9e, 0x55, 0x93, 0x98, 0x77, 0x0d, 0x45, 0xfe, 0xf3, 0x66, - 0xa8, 0x19, 0xdd, 0x17, 0x36, 0x3b, 0xbe, 0xd4, 0xd0, 0xcf, 0xfe, 0x42, 0xf9, 0x39, 0xeb, 0x43, - 0x38, 0x91, 0xec, 0x0e, 0x54, 0xe6, 0x57, 0x60, 0xda, 0x84, 0x27, 0xe3, 0xfa, 0x27, 0xa9, 0xec, - 0x24, 0xbe, 0xf5, 0xbb, 0xf9, 0x24, 0x6f, 0x61, 0x1e, 0xc3, 0x36, 0x9d, 0xb6, 0xbb, 0xd5, 0x54, - 0x71, 0xbd, 0xf9, 0xa6, 0xc3, 0x41, 0xb6, 0x2c, 0x3b, 0x4e, 0x3e, 0x0d, 0xe5, 0x97, 0x52, 0xc8, - 0xf6, 0x4b, 0x21, 0x37, 0x13, 0x36, 0x66, 0x5a, 0x10, 0x85, 0x3d, 0xba, 0xe5, 0xc4, 0x76, 0x66, - 0x09, 0xd3, 0xb2, 0x45, 0x38, 0x61, 0xc4, 0xf7, 0x94, 0xf4, 0xc3, 0xb1, 0xee, 0x36, 0xc2, 0x02, - 0x4e, 0x9c, 0x89, 0x4c, 0x56, 0x60, 0x94, 0x7d, 0xe6, 0x3d, 0xb7, 0x23, 0x74, 0xf4, 0x44, 0x79, - 0xa9, 0x35, 0xd5, 0x85, 0x4f, 0x73, 0x54, 0x6b, 0x52, 0x76, 0xe4, 0x1b, 0x39, 0xa4, 0x39, 0xa2, - 0xf5, 0xcf, 0x73, 0x6c, 0xfd, 0xd7, 0x1f, 0xfd, 0x80, 0x25, 0xe5, 0x60, 0x4d, 0xea, 0x63, 0xbd, - 0xf5, 0x07, 0x79, 0x1e, 0x9a, 0x5d, 0x4c, 0x9f, 0xb7, 0x60, 0x64, 0xd3, 0x0d, 0x76, 0x68, 0x24, - 0x82, 0x96, 0xeb, 0x5c, 0x78, 0x41, 0x1c, 0xe2, 0x21, 0xc2, 0xdf, 0xb6, 0x20, 0xd0, 0x75, 0x61, - 0xf9, 0x81, 0x74, 0x61, 0x9a, 0xa6, 0xb7, 0xf0, 0xd4, 0x34, 0xbd, 0x3f, 0xa4, 0xa2, 0xb0, 0x57, - 0xa2, 0x01, 0xc2, 0x47, 0x5e, 0x48, 0x66, 0x31, 0x48, 0x05, 0xfa, 0x8c, 0xd9, 0x91, 0x9b, 0x7a, - 0x5e, 0x04, 0xcd, 0xd5, 0xe3, 0x88, 0x0c, 0x08, 0xd6, 0x1f, 0x14, 0x78, 0x1f, 0x8b, 0x8e, 0xba, - 0x64, 0xb8, 0x81, 0xe1, 0x3a, 0x61, 0x1b, 0xbd, 0xee, 0x91, 0x8b, 0x86, 0x1d, 0x97, 0x60, 0x88, - 0xcd, 0x4d, 0xd1, 0x9b, 0x88, 0xc7, 0xe6, 0xaf, 0x8e, 0xc7, 0xca, 0xd9, 0x5a, 0xc6, 0x33, 0x49, - 0x4f, 0x78, 0x83, 0xc7, 0x96, 0xbe, 0x96, 0x11, 0x83, 0x5c, 0x86, 0xa1, 0x35, 0xbf, 0x21, 0xc3, - 0x94, 0x9e, 0x40, 0x67, 0x60, 0xbf, 0xa1, 0xb1, 0x9c, 0xcb, 0xd9, 0x88, 0xc1, 0xda, 0xaa, 0x02, - 0x9b, 0xeb, 0x6d, 0x6d, 0x6d, 0xbb, 0xe9, 0x44, 0x26, 0x5a, 0x0c, 0xf4, 0x65, 0x98, 0x32, 0x53, - 0x5e, 0x0a, 0xdb, 0x36, 0xd4, 0xd8, 0x26, 0x32, 0x67, 0xea, 0x8a, 0x76, 0x93, 0x88, 0x2c, 0xc0, - 0xa4, 0x11, 0x1e, 0x4d, 0x3c, 0x96, 0xa1, 0x7a, 0xd3, 0x0c, 0xae, 0xa6, 0xab, 0x37, 0x0d, 0x12, - 0x76, 0x9e, 0x8b, 0xef, 0xd7, 0x9e, 0xcc, 0x52, 0xdf, 0x2e, 0x70, 0xc8, 0x0d, 0x28, 0x72, 0xaf, - 0xdb, 0xea, 0x92, 0xfe, 0xf0, 0x11, 0x22, 0x2c, 0xe1, 0xb5, 0x2e, 0x11, 0x35, 0x2f, 0xcb, 0xcf, - 0x41, 0x49, 0x6c, 0x49, 0x71, 0x72, 0xc9, 0x17, 0x60, 0x68, 0xb1, 0xba, 0x64, 0xeb, 0xdb, 0x48, - 0xdd, 0x6b, 0x04, 0x36, 0x42, 0xd1, 0x74, 0x7f, 0x8d, 0x46, 0x7b, 0x7e, 0xf0, 0xc8, 0xa6, 0x61, - 0x14, 0x78, 0x3c, 0x5f, 0x12, 0x2e, 0xc4, 0xcf, 0x93, 0x77, 0x60, 0x18, 0x8d, 0xac, 0x12, 0x27, - 0x43, 0xb2, 0x8e, 0x85, 0x49, 0x31, 0x81, 0x87, 0xd1, 0x62, 0xcb, 0xe6, 0x44, 0xe4, 0x2d, 0x18, - 0x5a, 0xa2, 0xed, 0xfd, 0x44, 0x2a, 0x97, 0x14, 0xb1, 0xda, 0x10, 0x1a, 0xb4, 0xbd, 0x6f, 0x23, - 0x89, 0xf5, 0x93, 0x79, 0x38, 0x99, 0xf1, 0x59, 0x0f, 0x3e, 0xff, 0x8c, 0xee, 0x8a, 0x0b, 0xc6, - 0xae, 0x28, 0xdf, 0x3b, 0x7b, 0x76, 0x7c, 0xe6, 0x26, 0xf9, 0x73, 0x39, 0x38, 0x6d, 0x4e, 0x50, - 0x61, 0x55, 0xf9, 0xe0, 0x06, 0x79, 0x1b, 0x46, 0x56, 0xa8, 0xdb, 0xa0, 0x32, 0xcd, 0xc3, 0x49, - 0x15, 0x1f, 0x87, 0xbb, 0x14, 0xf2, 0x42, 0xce, 0x36, 0x76, 0x40, 0xe1, 0x50, 0xb2, 0x24, 0x3e, - 0x8e, 0xcb, 0xe3, 0x96, 0x74, 0xef, 0xcd, 0xaa, 0xaa, 0x8f, 0xd5, 0xc0, 0xf7, 0x73, 0xf0, 0x7c, - 0x1f, 0x1a, 0x36, 0x70, 0x6c, 0xe8, 0xf5, 0x81, 0xc3, 0x13, 0x15, 0xa1, 0xe4, 0x3d, 0x98, 0xde, - 0x14, 0xf2, 0xbc, 0x1c, 0x8e, 0x7c, 0xbc, 0x5e, 0xa4, 0xa8, 0xef, 0xc8, 0x71, 0x49, 0x22, 0x1b, - 0x7e, 0xe7, 0x85, 0xbe, 0x7e, 0xe7, 0xba, 0x1b, 0xf7, 0xd0, 0xa0, 0x6e, 0xdc, 0x1f, 0x26, 0x13, - 0xc5, 0x8b, 0x68, 0x7a, 0xb1, 0x13, 0x7b, 0xae, 0xb7, 0x13, 0x7b, 0xdf, 0x98, 0x5d, 0xd6, 0x5f, - 0xc9, 0x41, 0xc9, 0xe4, 0xfd, 0x69, 0xc7, 0xf3, 0x5d, 0x63, 0x3c, 0x9f, 0xcf, 0x1e, 0xcf, 0xde, - 0x03, 0xf9, 0x7f, 0xe4, 0x92, 0x8d, 0x1d, 0x68, 0x04, 0x2d, 0x18, 0x59, 0xf2, 0x5b, 0xae, 0xd7, - 0xd6, 0x73, 0x95, 0x36, 0x10, 0x62, 0x8b, 0x92, 0xc1, 0x7c, 0xfe, 0x2f, 0xc0, 0xf0, 0x9a, 0xdf, - 0xae, 0x2c, 0x09, 0xa3, 0x43, 0xe4, 0xd3, 0xf6, 0xdb, 0x8e, 0xdb, 0xb0, 0x79, 0x01, 0x59, 0x05, - 0xa8, 0xd5, 0x03, 0x4a, 0xdb, 0x35, 0xef, 0xdb, 0x34, 0x21, 0x69, 0xb0, 0x1e, 0x6a, 0x76, 0x71, - 0x63, 0xc1, 0x37, 0x9e, 0x10, 0x11, 0x9d, 0xd0, 0xfb, 0xb6, 0xbe, 0xdf, 0x6a, 0xf4, 0x16, 0x05, - 0x88, 0x89, 0x30, 0x71, 0x9b, 0xd7, 0x10, 0xc9, 0x78, 0x27, 0x45, 0xe2, 0x36, 0x06, 0x30, 0x12, - 0xb7, 0x31, 0x00, 0xdb, 0xda, 0x57, 0xa8, 0xb7, 0xb3, 0xcb, 0xad, 0x4f, 0x26, 0xf9, 0x54, 0xdd, - 0x45, 0x88, 0xbe, 0xb5, 0x73, 0x1c, 0xeb, 0x5f, 0x0e, 0xc3, 0x19, 0x9b, 0xee, 0x78, 0x4c, 0x4c, - 0xbe, 0x1f, 0x7a, 0xed, 0x1d, 0xc3, 0x2b, 0xdb, 0x4a, 0x4c, 0x24, 0x11, 0x90, 0x98, 0x41, 0x54, - 0xc7, 0x5c, 0x81, 0x22, 0x3b, 0x15, 0xb5, 0xb9, 0x84, 0x6f, 0x28, 0x98, 0x69, 0x9c, 0x4f, 0x72, - 0x59, 0x4c, 0x5e, 0x15, 0xa7, 0xb6, 0x16, 0x32, 0x9e, 0x9d, 0xda, 0x1f, 0x1f, 0x94, 0xa1, 0xb6, - 0x1f, 0x46, 0x14, 0x6f, 0x6c, 0xe2, 0xe4, 0x56, 0xa2, 0xf5, 0x50, 0x0f, 0xd1, 0xfa, 0x1e, 0x9c, - 0xa8, 0x34, 0xf8, 0x66, 0xed, 0x36, 0x37, 0x02, 0xaf, 0x5d, 0xf7, 0x3a, 0x6e, 0x53, 0x5e, 0x17, - 0xb1, 0x97, 0x5d, 0x55, 0xee, 0x74, 0x14, 0x82, 0x9d, 0x49, 0xc6, 0x9a, 0xb1, 0xb4, 0x56, 0x43, - 0xe7, 0x65, 0xf1, 0x3c, 0x86, 0xcd, 0x68, 0xb4, 0x43, 0x6c, 0x45, 0x68, 0xab, 0x62, 0x14, 0xea, - 0xd1, 0x9c, 0x61, 0x73, 0xb5, 0x16, 0x7b, 0x27, 0xf1, 0x88, 0xb6, 0xdc, 0xe4, 0x21, 0x6a, 0x86, - 0x68, 0xf6, 0x60, 0xe0, 0xc5, 0x74, 0xb5, 0xda, 0x0a, 0xa3, 0x2b, 0xa6, 0xe8, 0xc2, 0x70, 0x57, - 0xa7, 0xe3, 0x78, 0xe4, 0x1a, 0x9b, 0x0a, 0x2d, 0x3f, 0xa2, 0x38, 0xcf, 0xc7, 0xe2, 0x2b, 0x40, - 0x80, 0x50, 0x7e, 0x05, 0xd0, 0x50, 0xc8, 0x3b, 0x30, 0xbb, 0xbc, 0x38, 0x2f, 0x95, 0x9a, 0x4b, - 0x7e, 0xbd, 0x8b, 0x0f, 0xd4, 0x80, 0xf5, 0xe1, 0x18, 0xd2, 0xfa, 0x3c, 0x9b, 0xdc, 0x59, 0x68, - 0xe4, 0x12, 0x8c, 0x56, 0x97, 0x78, 0xdf, 0x8f, 0xeb, 0x69, 0x1b, 0x84, 0xe1, 0x87, 0x2c, 0x24, - 0xeb, 0xb1, 0x8c, 0x3a, 0x71, 0xa4, 0x30, 0x79, 0x66, 0x00, 0xf9, 0xf4, 0x2d, 0x98, 0x5c, 0xf0, - 0xa3, 0x6a, 0x3b, 0x8c, 0xdc, 0x76, 0x9d, 0x56, 0x97, 0xf4, 0xa8, 0x8b, 0x5b, 0x7e, 0xe4, 0x78, - 0xa2, 0x84, 0x7d, 0xb9, 0x89, 0x49, 0xbe, 0x88, 0xa4, 0xb7, 0x69, 0x9b, 0x06, 0x71, 0xb4, 0xc5, - 0x61, 0xde, 0xb7, 0x8c, 0x74, 0x47, 0x95, 0xd8, 0x26, 0xa2, 0x48, 0x29, 0xc1, 0x53, 0x17, 0x2d, - 0xfa, 0x0d, 0x1a, 0x3e, 0xb8, 0xfe, 0x03, 0x96, 0x52, 0x42, 0x6b, 0x1b, 0x6e, 0x99, 0xd7, 0x33, - 0xf7, 0xd7, 0x7f, 0x17, 0x53, 0x4a, 0xa4, 0x70, 0xc9, 0x17, 0x61, 0x18, 0x7f, 0x0a, 0x61, 0x6b, - 0x36, 0x83, 0x6d, 0x2c, 0x68, 0xd5, 0x79, 0x82, 0x63, 0x24, 0x20, 0x55, 0x18, 0x15, 0x72, 0xfe, - 0x71, 0x02, 0xa3, 0x8b, 0x0b, 0x03, 0x9f, 0x19, 0x82, 0xde, 0x6a, 0xc0, 0x84, 0x5e, 0x21, 0x5b, - 0x11, 0x2b, 0x6e, 0xb8, 0x4b, 0x1b, 0xec, 0x97, 0xc8, 0x69, 0x82, 0x2b, 0x62, 0x17, 0xa1, 0x0e, - 0xfb, 0x0e, 0x5b, 0x43, 0x61, 0x5b, 0x7c, 0x35, 0xbc, 0x1f, 0x8a, 0x4f, 0x11, 0x37, 0x7f, 0x0f, - 0xb5, 0x48, 0x0d, 0x5b, 0x14, 0x59, 0x3f, 0x04, 0x27, 0xd6, 0xba, 0xcd, 0xa6, 0xbb, 0xd5, 0xa4, - 0x32, 0xe6, 0x35, 0xe6, 0x37, 0x5c, 0x80, 0xe1, 0x9a, 0x96, 0x31, 0x71, 0x56, 0x05, 0x15, 0x8f, - 0x71, 0xd0, 0xc6, 0x2e, 0x87, 0x8e, 0xe4, 0x89, 0x5c, 0x89, 0x9c, 0xd4, 0xfa, 0x5e, 0x9c, 0x6a, - 0x7b, 0x33, 0x70, 0xeb, 0x8f, 0x54, 0xda, 0xcc, 0x41, 0xb3, 0x86, 0xdf, 0x91, 0x1f, 0x61, 0x9e, - 0x9f, 0x59, 0x1f, 0x7c, 0xd4, 0xc7, 0x90, 0x77, 0x60, 0x5c, 0x9c, 0xa1, 0x5a, 0xf8, 0x23, 0x8c, - 0x31, 0x21, 0xf3, 0xf6, 0x27, 0x6c, 0x1c, 0x74, 0x74, 0x14, 0x0d, 0xcc, 0xa6, 0x3c, 0xb8, 0xfe, - 0x59, 0x88, 0x06, 0x66, 0x1d, 0x7d, 0xa6, 0xee, 0x6f, 0x8c, 0x27, 0xfb, 0x56, 0xcc, 0xdd, 0x9b, - 0x7a, 0xc0, 0x93, 0x5c, 0x7c, 0x51, 0x8b, 0x03, 0x9e, 0xe8, 0x17, 0x35, 0x85, 0xaa, 0xc6, 0x24, - 0x7f, 0xc4, 0x98, 0xbc, 0x27, 0xc7, 0xa4, 0xd0, 0x7b, 0x62, 0xcc, 0xf6, 0x19, 0x87, 0x5a, 0xbc, - 0x42, 0x86, 0x06, 0xba, 0xe5, 0x3f, 0x87, 0x91, 0x5d, 0x39, 0x49, 0x72, 0x17, 0x15, 0x9c, 0x74, - 0xd5, 0xc1, 0xf0, 0xe0, 0x4c, 0x8f, 0xd8, 0x9a, 0xbf, 0x04, 0x13, 0x95, 0x28, 0x72, 0xeb, 0xbb, - 0xb4, 0xb1, 0xc4, 0xb6, 0x27, 0x2d, 0x36, 0x83, 0x2b, 0xe0, 0xfa, 0x1b, 0x8e, 0x8e, 0xcb, 0x63, - 0x8d, 0xb9, 0xa1, 0xb0, 0xd6, 0x53, 0xb1, 0xc6, 0x18, 0xc4, 0x8c, 0x35, 0xc6, 0x20, 0xe4, 0x1a, - 0x8c, 0x56, 0xdb, 0x8f, 0x3d, 0xd6, 0x27, 0xc5, 0x38, 0x87, 0xae, 0xc7, 0x41, 0xfa, 0xe6, 0x2a, - 0xb0, 0xc8, 0x5b, 0x9a, 0x8c, 0x3d, 0x16, 0xdf, 0xa7, 0xb9, 0x06, 0x46, 0x79, 0x75, 0xeb, 0xf2, - 0xb3, 0x12, 0xba, 0x6f, 0xc2, 0xa8, 0x54, 0xac, 0x41, 0x7c, 0x87, 0x16, 0x94, 0x69, 0xef, 0x4f, - 0x89, 0x8c, 0x29, 0x10, 0xb5, 0xdc, 0x2c, 0xe3, 0x5a, 0x0a, 0x44, 0x2d, 0x37, 0x8b, 0x91, 0x02, - 0x51, 0xcb, 0xd2, 0xa2, 0x74, 0x12, 0x13, 0x47, 0xea, 0x24, 0x1e, 0xc0, 0xc4, 0x86, 0x1b, 0x44, - 0x1e, 0x93, 0x51, 0xda, 0x51, 0x38, 0x37, 0x69, 0xa8, 0xf1, 0xb4, 0xa2, 0x85, 0xf3, 0x32, 0x6b, - 0x5f, 0x47, 0xc3, 0x37, 0xd3, 0xcb, 0xc5, 0xf0, 0x6c, 0x5b, 0xbd, 0xa9, 0x4f, 0x63, 0xab, 0x87, - 0x9d, 0x8a, 0xaa, 0x9b, 0xe9, 0x58, 0x41, 0x80, 0x32, 0x74, 0x42, 0x7f, 0xa3, 0x10, 0xc9, 0xd7, - 0x60, 0x82, 0xfd, 0x8d, 0xf9, 0xf8, 0x3d, 0x1a, 0xce, 0x95, 0xb0, 0x71, 0xe7, 0x33, 0x57, 0x3f, - 0x4f, 0xda, 0x5f, 0xa3, 0x11, 0x5f, 0xc0, 0xc8, 0x38, 0xa9, 0x93, 0x35, 0xb8, 0x91, 0xf7, 0x61, - 0x82, 0xcd, 0xbe, 0x2d, 0x37, 0xe4, 0xa2, 0xe9, 0x4c, 0x6c, 0x6d, 0xd9, 0x10, 0xf0, 0x54, 0xb8, - 0x3f, 0x9d, 0x80, 0x1d, 0xf3, 0x95, 0x0e, 0xdf, 0x20, 0x89, 0x36, 0xdb, 0x3b, 0xa9, 0xcd, 0x51, - 0xa2, 0x91, 0x0f, 0x60, 0xa2, 0xd2, 0xe9, 0xc4, 0x3b, 0xce, 0xac, 0xa6, 0x97, 0xe9, 0x74, 0x9c, - 0xcc, 0x5d, 0xc7, 0xa0, 0x48, 0x6e, 0xcc, 0x27, 0x8e, 0xb5, 0x31, 0x93, 0x37, 0x94, 0xb4, 0x7e, - 0x32, 0x56, 0x32, 0x8a, 0x7b, 0x8c, 0x21, 0xfa, 0x73, 0xc1, 0x7d, 0x11, 0x26, 0xb9, 0xd6, 0x4d, - 0x4a, 0x33, 0xa7, 0x52, 0xab, 0x27, 0x43, 0xa8, 0x31, 0x69, 0xc8, 0x32, 0x4c, 0x71, 0x47, 0xb7, - 0xa6, 0x88, 0xc3, 0x38, 0x77, 0x3a, 0xce, 0xfa, 0xcc, 0xfd, 0xe3, 0x9a, 0x18, 0x9e, 0xdb, 0x35, - 0xb8, 0x24, 0x88, 0xac, 0x3f, 0xcc, 0xc1, 0xe9, 0x1e, 0x23, 0xae, 0xa2, 0xf4, 0xe5, 0xfa, 0x47, - 0xe9, 0x63, 0x3b, 0x87, 0x79, 0x49, 0xc7, 0xf6, 0x0b, 0x29, 0x4b, 0x1f, 0x2f, 0x29, 0x6f, 0xf9, - 0x40, 0x44, 0x3c, 0x7b, 0x51, 0xf5, 0x1d, 0x1f, 0x35, 0x85, 0x85, 0xf4, 0x21, 0x24, 0xf0, 0xf8, - 0x47, 0x2d, 0x58, 0x87, 0x07, 0xe5, 0xf3, 0x22, 0x5c, 0xbe, 0x1a, 0xd6, 0x8f, 0x7c, 0x63, 0x05, - 0x67, 0xb0, 0xb6, 0x0e, 0x72, 0x30, 0xae, 0xad, 0x43, 0x72, 0x41, 0x73, 0x9b, 0x2b, 0xf1, 0x84, - 0x0b, 0x1a, 0x87, 0x3c, 0x3f, 0x89, 0x70, 0x51, 0xe5, 0x8f, 0xd6, 0x87, 0xde, 0x63, 0xa2, 0x90, - 0x16, 0xc9, 0xb0, 0x65, 0x28, 0x2f, 0x6d, 0x2c, 0xc7, 0x64, 0xa3, 0x6e, 0x18, 0x55, 0xea, 0x91, - 0xf7, 0x98, 0x0e, 0x70, 0xe8, 0xc4, 0xc9, 0x46, 0xdd, 0x30, 0x72, 0x5c, 0x24, 0x4b, 0x25, 0x1b, - 0x55, 0x0c, 0xad, 0x1f, 0xcb, 0x01, 0xdc, 0xaf, 0x2e, 0x62, 0x28, 0xd2, 0x4f, 0x2b, 0x14, 0x64, - 0x87, 0x77, 0x93, 0xdc, 0xfb, 0x88, 0x03, 0xff, 0x5d, 0x0e, 0xa6, 0x4c, 0x34, 0xf2, 0x1e, 0x4c, - 0xd7, 0xea, 0x81, 0xdf, 0x6c, 0x6e, 0xb9, 0xf5, 0x47, 0xab, 0x5e, 0x9b, 0xf2, 0xc0, 0x5a, 0xc3, - 0xfc, 0x2c, 0x0a, 0x55, 0x91, 0xd3, 0x64, 0x65, 0x76, 0x12, 0x99, 0xfc, 0xf9, 0x1c, 0x4c, 0xd6, - 0x76, 0xfd, 0xbd, 0x38, 0xd5, 0x3c, 0x1f, 0x90, 0xaf, 0xb3, 0xb5, 0x1d, 0xee, 0xfa, 0x7b, 0x4e, - 0x46, 0xbe, 0xf9, 0x8f, 0x0f, 0xca, 0xef, 0x0e, 0xf6, 0x4c, 0x5c, 0xf7, 0xf1, 0x26, 0x13, 0x85, - 0x57, 0x8d, 0x4a, 0x6c, 0xb3, 0x4e, 0xeb, 0x8f, 0x73, 0x30, 0x8e, 0x77, 0x9e, 0x66, 0x13, 0x65, - 0xae, 0x1f, 0xa4, 0xd4, 0x3f, 0xaa, 0x5d, 0x7d, 0x06, 0xf6, 0x4d, 0x98, 0x4e, 0xa0, 0x11, 0x0b, - 0x46, 0x6a, 0xe8, 0x2a, 0xad, 0x2b, 0x28, 0xb8, 0xf3, 0xb4, 0x2d, 0x4a, 0xac, 0x65, 0x8d, 0xec, - 0xc1, 0x75, 0x7c, 0x65, 0x9c, 0x07, 0xf0, 0x24, 0x48, 0xde, 0x6c, 0x48, 0xf2, 0x4b, 0x1e, 0x5c, - 0xb7, 0x35, 0x2c, 0x6b, 0x0d, 0x46, 0x6a, 0x7e, 0x10, 0x2d, 0xec, 0xf3, 0xcb, 0xc4, 0x12, 0x0d, - 0xeb, 0xfa, 0x33, 0xa2, 0x87, 0xaa, 0xfb, 0xba, 0x2d, 0x8a, 0x48, 0x19, 0x86, 0x6f, 0x79, 0xb4, - 0xd9, 0xd0, 0xed, 0x45, 0xb7, 0x19, 0xc0, 0xe6, 0x70, 0x76, 0xe1, 0x3a, 0x15, 0x47, 0xec, 0x8e, - 0x0d, 0x53, 0x3f, 0xed, 0xba, 0x59, 0x34, 0xfa, 0xf7, 0x45, 0x33, 0xb3, 0xae, 0x51, 0x53, 0x9f, - 0xae, 0xfe, 0x8f, 0x73, 0x70, 0xb6, 0x37, 0x89, 0x6e, 0xeb, 0x9a, 0xeb, 0x63, 0xeb, 0xfa, 0x72, - 0xf2, 0xd9, 0x0b, 0xd1, 0xc4, 0xb3, 0x57, 0xfc, 0xd8, 0xb5, 0x84, 0xa6, 0xc6, 0x75, 0x95, 0xf8, - 0xfc, 0x42, 0x9f, 0x6f, 0x46, 0x44, 0x3e, 0xcc, 0x11, 0xd2, 0xd8, 0x82, 0xd6, 0xfa, 0xf5, 0x21, - 0x38, 0xd3, 0x93, 0x82, 0xac, 0x68, 0xc1, 0xff, 0xa7, 0x54, 0xd8, 0xf1, 0x9e, 0xf8, 0x57, 0xf1, - 0x5f, 0xb4, 0x26, 0x4b, 0x3a, 0xd3, 0xac, 0xab, 0xa0, 0xef, 0x3c, 0xc3, 0xfd, 0x6b, 0x47, 0xf2, - 0xe2, 0xe8, 0xc8, 0x0c, 0xd2, 0xf1, 0xdf, 0xd1, 0xed, 0x8a, 0x46, 0xae, 0xd7, 0x0c, 0xf5, 0x65, - 0xd7, 0xe0, 0x20, 0x5b, 0x96, 0xc5, 0x06, 0xc8, 0x43, 0xd9, 0x06, 0xc8, 0xd6, 0xbf, 0xcc, 0xc1, - 0x98, 0xfa, 0x6c, 0x72, 0x16, 0x4e, 0x6d, 0xda, 0x95, 0xc5, 0x65, 0x67, 0xf3, 0xc3, 0x8d, 0x65, - 0xe7, 0xfe, 0x5a, 0x6d, 0x63, 0x79, 0xb1, 0x7a, 0xab, 0xba, 0xbc, 0x54, 0x7a, 0x8e, 0xcc, 0xc0, - 0xe4, 0xfd, 0xb5, 0xbb, 0x6b, 0xeb, 0x0f, 0xd7, 0x9c, 0x65, 0xdb, 0x5e, 0xb7, 0x4b, 0x39, 0x32, - 0x09, 0x63, 0xf6, 0x42, 0x65, 0xd1, 0x59, 0x5b, 0x5f, 0x5a, 0x2e, 0xe5, 0x49, 0x09, 0x26, 0x16, - 0xd7, 0xd7, 0xd6, 0x96, 0x17, 0x37, 0xab, 0x0f, 0xaa, 0x9b, 0x1f, 0x96, 0x0a, 0x84, 0xc0, 0x14, - 0x22, 0x6c, 0xd8, 0xd5, 0xb5, 0xc5, 0xea, 0x46, 0x65, 0xb5, 0x34, 0xc4, 0x60, 0x0c, 0x5f, 0x83, - 0x0d, 0x2b, 0x46, 0x77, 0xef, 0x2f, 0x2c, 0x97, 0x46, 0x18, 0x0a, 0xfb, 0x4b, 0x43, 0x19, 0x65, - 0xd5, 0x23, 0xca, 0x52, 0x65, 0xb3, 0xb2, 0x50, 0xa9, 0x2d, 0x97, 0x8a, 0xe4, 0x34, 0xcc, 0x1a, - 0x20, 0x67, 0x75, 0xfd, 0x76, 0x75, 0xad, 0x34, 0x46, 0x4e, 0x40, 0x49, 0xc1, 0x96, 0x16, 0x9c, - 0xfb, 0xb5, 0x65, 0xbb, 0x04, 0x49, 0xe8, 0x5a, 0xe5, 0xde, 0x72, 0x69, 0xdc, 0x7a, 0x97, 0xbb, - 0x39, 0xf1, 0xae, 0x26, 0xa7, 0x80, 0xd4, 0x36, 0x2b, 0x9b, 0xf7, 0x6b, 0x89, 0xc6, 0x8f, 0xc3, - 0x68, 0xed, 0xfe, 0xe2, 0xe2, 0x72, 0xad, 0x56, 0xca, 0x11, 0x80, 0x91, 0x5b, 0x95, 0xea, 0xea, - 0xf2, 0x52, 0x29, 0x6f, 0xfd, 0xd5, 0x1c, 0xcc, 0x48, 0x09, 0x50, 0xbe, 0x61, 0x7c, 0xca, 0xb5, - 0xf8, 0x9e, 0x71, 0xb1, 0x95, 0x5e, 0x28, 0x89, 0x4a, 0xfa, 0x2c, 0xc3, 0x9f, 0xcb, 0xc1, 0xc9, - 0x4c, 0x6c, 0xf2, 0x21, 0x94, 0xe4, 0x17, 0xdc, 0x73, 0xa3, 0xfa, 0x6e, 0xbc, 0x8f, 0x9d, 0x4f, - 0xd4, 0x92, 0x40, 0xe3, 0x6a, 0xcd, 0x38, 0xb9, 0x60, 0x8a, 0xcd, 0xe0, 0xc1, 0x72, 0xad, 0x9f, - 0xcd, 0xc1, 0xe9, 0x1e, 0xd5, 0x90, 0x45, 0x18, 0x51, 0x61, 0xd3, 0xfb, 0x18, 0x54, 0x9d, 0xf8, - 0xfe, 0x41, 0x59, 0x20, 0x62, 0x36, 0x36, 0xfc, 0xcb, 0x1e, 0x51, 0x71, 0xd0, 0x31, 0x18, 0x39, - 0xef, 0xbe, 0x33, 0x89, 0x9e, 0x17, 0x35, 0x55, 0x1e, 0xd6, 0x16, 0xc6, 0x45, 0xdf, 0x15, 0xdc, - 0xbd, 0x10, 0xa3, 0x91, 0x5b, 0x3f, 0x95, 0x63, 0xc2, 0x5d, 0x12, 0x91, 0xc9, 0xbc, 0x95, 0x30, - 0xec, 0xb6, 0xa8, 0xed, 0x37, 0x69, 0xc5, 0x5e, 0x13, 0xc7, 0x06, 0x4a, 0xab, 0x2e, 0x16, 0xe0, - 0xb5, 0xc2, 0x71, 0x83, 0xb6, 0xf1, 0x78, 0xaa, 0xd3, 0x90, 0xb7, 0x00, 0x54, 0x56, 0x7c, 0x19, - 0xd4, 0x80, 0x07, 0xf5, 0x10, 0x50, 0x53, 0xde, 0xd6, 0x90, 0xad, 0xbf, 0x98, 0x83, 0x09, 0x71, - 0x69, 0xaa, 0x34, 0x69, 0x10, 0x7d, 0xba, 0xe9, 0xf5, 0x96, 0x31, 0xbd, 0x94, 0xff, 0x80, 0xc6, - 0x9f, 0x15, 0x67, 0xce, 0xac, 0xff, 0x3a, 0x07, 0xa5, 0x24, 0x22, 0x79, 0x0f, 0x8a, 0x35, 0xfa, - 0x98, 0x06, 0x5e, 0xb4, 0x2f, 0x36, 0x4a, 0x99, 0x60, 0x86, 0xe3, 0x88, 0x32, 0x3e, 0x1f, 0x42, - 0xf1, 0xcb, 0x56, 0x34, 0x83, 0xee, 0xf7, 0x9a, 0xda, 0xa3, 0xf0, 0xb4, 0xd4, 0x1e, 0xd6, 0xff, - 0x9c, 0x87, 0xd3, 0xb7, 0x69, 0xa4, 0xb7, 0x49, 0xbd, 0x76, 0x7f, 0x6e, 0xb0, 0x76, 0x69, 0x2d, - 0x99, 0x83, 0x51, 0x2c, 0x92, 0xe3, 0x6b, 0xcb, 0x9f, 0x64, 0x41, 0xcd, 0xeb, 0x82, 0x91, 0xc1, - 0xa2, 0x47, 0xdd, 0x57, 0xb5, 0x98, 0xf6, 0x6a, 0x5a, 0x5f, 0x82, 0x29, 0x0c, 0xda, 0xda, 0x65, - 0xcb, 0x81, 0x36, 0x84, 0xfa, 0xa7, 0x68, 0x27, 0xa0, 0xe4, 0x55, 0x28, 0x31, 0x48, 0xa5, 0xfe, - 0xa8, 0xed, 0xef, 0x35, 0x69, 0x63, 0x87, 0xf2, 0x34, 0xe6, 0x45, 0x3b, 0x05, 0x97, 0x3c, 0xef, - 0xb7, 0xf9, 0xd5, 0x8d, 0x36, 0x50, 0x47, 0x23, 0x78, 0xc6, 0xd0, 0xb3, 0x6f, 0xc1, 0xf8, 0x27, - 0xcc, 0x4f, 0x61, 0xfd, 0x4f, 0x39, 0x38, 0x81, 0x8d, 0xd3, 0x2a, 0xc6, 0x17, 0x83, 0xcf, 0xc5, - 0xbd, 0xa5, 0x85, 0x6c, 0x77, 0x19, 0xc8, 0x5c, 0x0a, 0xaa, 0x17, 0x63, 0x9d, 0x50, 0x7e, 0x00, - 0x9d, 0x50, 0xed, 0x38, 0x59, 0x4f, 0x07, 0x54, 0x69, 0xf1, 0x5c, 0xf5, 0xf1, 0x90, 0x5b, 0x7f, - 0x3e, 0x0f, 0xa3, 0x36, 0xc5, 0x74, 0x90, 0xe4, 0x12, 0x8c, 0xae, 0xf9, 0x11, 0x0d, 0xef, 0x19, - 0xb9, 0x3f, 0xdb, 0x0c, 0xe4, 0xb4, 0x1a, 0xb6, 0x2c, 0x64, 0x13, 0x7e, 0x23, 0xf0, 0x1b, 0xdd, - 0x7a, 0xa4, 0x4f, 0xf8, 0x0e, 0x07, 0xd9, 0xb2, 0x8c, 0xbc, 0x0e, 0x63, 0x82, 0xb3, 0x7a, 0x63, - 0x44, 0xdb, 0xd8, 0x80, 0xaa, 0x74, 0xa2, 0x31, 0x02, 0xca, 0xb4, 0x5c, 0xc0, 0x18, 0xd2, 0x64, - 0xda, 0x94, 0xcc, 0x20, 0x45, 0xf5, 0xe1, 0x3e, 0xa2, 0xfa, 0xe7, 0x60, 0xa4, 0x12, 0x86, 0x34, - 0x92, 0x4e, 0xda, 0x13, 0x2a, 0x62, 0x4e, 0x48, 0x23, 0xce, 0xd8, 0xc5, 0x72, 0x5b, 0xe0, 0x59, - 0xff, 0x3c, 0x0f, 0xc3, 0xf8, 0x27, 0xbe, 0xab, 0x06, 0xf5, 0x5d, 0xe3, 0x5d, 0x35, 0xa8, 0xef, - 0xda, 0x08, 0x25, 0xd7, 0x51, 0x53, 0x21, 0xb3, 0x0b, 0x88, 0xd6, 0xa3, 0x0a, 0xbe, 0x11, 0x83, - 0x6d, 0x1d, 0x47, 0x3d, 0x38, 0x17, 0x32, 0x43, 0x33, 0x9c, 0x82, 0xfc, 0x7a, 0x4d, 0xb4, 0x18, - 0x43, 0xc8, 0xf8, 0xa1, 0x9d, 0x5f, 0xaf, 0x61, 0x6f, 0xac, 0x54, 0xe6, 0xdf, 0xbc, 0xa9, 0xa7, - 0xa9, 0x0d, 0x77, 0xdd, 0xf9, 0x37, 0x6f, 0xda, 0xa2, 0x84, 0xf5, 0x2f, 0x7e, 0x33, 0x3e, 0xbc, - 0x72, 0xa7, 0x62, 0xec, 0x5f, 0x6c, 0x1b, 0x3e, 0xb2, 0xda, 0x31, 0x02, 0x99, 0x87, 0x71, 0xe1, - 0xca, 0x8e, 0xf8, 0x9a, 0xab, 0xb9, 0x70, 0x75, 0xe7, 0x14, 0x3a, 0x12, 0x7f, 0x82, 0x13, 0x03, - 0x24, 0x73, 0xa0, 0x89, 0x27, 0x38, 0x39, 0x84, 0xa1, 0xad, 0xa1, 0xc4, 0x3e, 0xd1, 0xb1, 0xb3, - 0xb0, 0xee, 0x13, 0x8d, 0x41, 0x78, 0x15, 0x82, 0xf5, 0x4b, 0x79, 0x28, 0x6e, 0x34, 0xbb, 0x3b, - 0x5e, 0xfb, 0xc1, 0x75, 0x42, 0x00, 0xaf, 0x71, 0x32, 0x4a, 0x33, 0xfb, 0x9b, 0x9c, 0x81, 0xa2, - 0xbc, 0xb9, 0xc9, 0x0d, 0x29, 0x14, 0xb7, 0xb6, 0x39, 0x90, 0xe3, 0x2e, 0x72, 0xda, 0xcb, 0x9f, - 0xe4, 0x3a, 0xa8, 0xfb, 0x57, 0xaf, 0x8b, 0xda, 0x10, 0x5b, 0x2c, 0xb6, 0x42, 0x23, 0x6f, 0x00, - 0x1e, 0x12, 0xe2, 0xf2, 0x20, 0x15, 0xda, 0xfc, 0xd3, 0x84, 0x9c, 0xc2, 0x49, 0x10, 0x8d, 0xdc, - 0x00, 0x31, 0x31, 0x45, 0xe6, 0xcc, 0x93, 0x26, 0x01, 0xcf, 0x5e, 0x24, 0x49, 0x04, 0x2a, 0x79, - 0x07, 0xc6, 0xe3, 0x9c, 0xf5, 0x71, 0x42, 0x4c, 0x9d, 0x72, 0x31, 0x2e, 0x7f, 0x70, 0xdd, 0xd6, - 0xd1, 0xad, 0xef, 0x8c, 0xc2, 0x84, 0xfe, 0x3d, 0xc4, 0x86, 0xd9, 0xb0, 0xc9, 0xee, 0xee, 0xc2, - 0xf6, 0xa9, 0x83, 0x85, 0xe2, 0x38, 0xbd, 0x60, 0x7e, 0x10, 0xc3, 0xe3, 0x86, 0x50, 0xd2, 0x07, - 0x7f, 0xe5, 0x39, 0x7b, 0x26, 0x8c, 0xc1, 0x1c, 0x8f, 0x54, 0xa0, 0xe8, 0x77, 0xc2, 0x1d, 0xda, - 0xf6, 0xe4, 0x7b, 0xcb, 0x45, 0x83, 0xd1, 0xba, 0x28, 0x4c, 0xf1, 0x52, 0x64, 0xe4, 0x4d, 0x18, - 0xf1, 0x3b, 0xb4, 0xed, 0x7a, 0xe2, 0x8c, 0x7b, 0x3e, 0xc1, 0x80, 0xb6, 0x2b, 0x55, 0x8d, 0x50, - 0x20, 0x93, 0x6b, 0x30, 0xe4, 0x3f, 0x52, 0xe3, 0x75, 0xc6, 0x24, 0x7a, 0x14, 0xb9, 0x1a, 0x09, - 0x22, 0x32, 0x82, 0x8f, 0xdc, 0xd6, 0xb6, 0x18, 0x31, 0x93, 0xe0, 0x8e, 0xdb, 0xda, 0xd6, 0x09, - 0x18, 0x22, 0x79, 0x1f, 0xa0, 0xe3, 0xee, 0xd0, 0xc0, 0x69, 0x74, 0xa3, 0x7d, 0x31, 0x6e, 0xe7, - 0x0d, 0xb2, 0x0d, 0x56, 0xbc, 0xd4, 0x8d, 0xf6, 0x35, 0xda, 0xb1, 0x8e, 0x04, 0x92, 0x0a, 0x40, - 0xcb, 0x8d, 0x22, 0x1a, 0xb4, 0x7c, 0x61, 0x7c, 0x36, 0xae, 0x12, 0x4e, 0x72, 0x06, 0xf7, 0x54, - 0xb1, 0xc6, 0x41, 0x23, 0xc2, 0x8f, 0xf6, 0x02, 0x57, 0xe4, 0x2f, 0x4d, 0x7c, 0xb4, 0x17, 0x18, - 0xad, 0x64, 0x88, 0xe4, 0x8b, 0x30, 0xda, 0xf0, 0xc2, 0xba, 0x1f, 0x34, 0x44, 0x70, 0x86, 0x17, - 0x0c, 0x9a, 0x25, 0x5e, 0xa6, 0x91, 0x49, 0x74, 0xf6, 0xb5, 0x22, 0xfe, 0xdb, 0x9a, 0xbf, 0x87, - 0x6a, 0xfe, 0xe4, 0xd7, 0xd6, 0x54, 0xb1, 0xfe, 0xb5, 0x31, 0x11, 0x1b, 0xca, 0x1d, 0x2f, 0x6a, - 0xba, 0x5b, 0xe2, 0x9d, 0xdb, 0x1c, 0xca, 0xdb, 0x58, 0xa4, 0x0f, 0x25, 0x47, 0x26, 0x6f, 0x41, - 0x91, 0xb6, 0xa3, 0xc0, 0x75, 0xbc, 0x86, 0x70, 0xda, 0x33, 0x3f, 0x9a, 0x1d, 0xc0, 0x6e, 0x75, - 0x49, 0xff, 0x68, 0xc4, 0xaf, 0x36, 0x58, 0xff, 0x84, 0x75, 0xaf, 0x25, 0x7c, 0xed, 0xcc, 0xfe, - 0xa9, 0x2d, 0x56, 0xef, 0xe9, 0xfd, 0xc3, 0x10, 0xc9, 0x7b, 0x30, 0xca, 0xd6, 0x6f, 0xc3, 0xdf, - 0x11, 0x1e, 0xef, 0x96, 0xd9, 0x3f, 0xbc, 0x2c, 0x35, 0x5d, 0x25, 0x11, 0x39, 0x0f, 0x10, 0x3f, - 0x91, 0xf3, 0x07, 0x0d, 0x5b, 0x83, 0x7c, 0x69, 0xe8, 0x7f, 0xfb, 0x85, 0x72, 0x6e, 0x01, 0xa0, - 0x28, 0xa3, 0x5b, 0x58, 0xab, 0x70, 0xa6, 0xe7, 0xa2, 0x22, 0x57, 0xa0, 0xb4, 0xed, 0x0a, 0x95, - 0x5a, 0x7d, 0xd7, 0x6d, 0xb7, 0x69, 0x53, 0x6c, 0x67, 0xd3, 0x12, 0xbe, 0xc8, 0xc1, 0x9c, 0xb3, - 0xf5, 0x3e, 0x9c, 0xc8, 0xea, 0x4d, 0xf2, 0x22, 0x4c, 0xe8, 0x81, 0x3c, 0x04, 0x93, 0x71, 0xb7, - 0xe3, 0xc9, 0x50, 0x1e, 0x82, 0xc1, 0xaf, 0xe5, 0xe0, 0x85, 0x7e, 0x6b, 0x93, 0x9c, 0x85, 0x62, - 0x27, 0xf0, 0x7c, 0x94, 0x01, 0xf9, 0x0e, 0xaa, 0x7e, 0x93, 0x73, 0x00, 0x5c, 0x58, 0x89, 0xdc, - 0x1d, 0x61, 0xcc, 0x6f, 0x8f, 0x21, 0x64, 0xd3, 0xdd, 0x09, 0xc9, 0x6b, 0x30, 0xd3, 0xa0, 0xdb, - 0x6e, 0xb7, 0x19, 0x39, 0x61, 0x7d, 0x97, 0x36, 0xd0, 0x7f, 0x06, 0x8d, 0xb4, 0xec, 0x92, 0x28, - 0xa8, 0x49, 0x78, 0xea, 0x8b, 0x87, 0x7b, 0x7c, 0xf1, 0x9d, 0xa1, 0x62, 0xae, 0x94, 0xb7, 0xd1, - 0x56, 0xc9, 0xfa, 0x91, 0x3c, 0xcc, 0xf5, 0x9a, 0x8c, 0xe4, 0xdd, 0xac, 0x3e, 0xe0, 0xaf, 0x02, - 0x3a, 0x5c, 0x7f, 0x15, 0xd0, 0x6a, 0x23, 0xf3, 0xa0, 0xbc, 0x5f, 0x8e, 0xf2, 0x64, 0x97, 0x30, - 0x46, 0xd3, 0x71, 0xc3, 0x70, 0x8f, 0xad, 0xb7, 0x82, 0x16, 0xa8, 0x4f, 0xc0, 0x74, 0x1a, 0x09, - 0x23, 0x5f, 0x00, 0xa8, 0x37, 0xfd, 0x90, 0xe2, 0xe3, 0xbb, 0x38, 0xc8, 0xb9, 0x09, 0xb0, 0x82, - 0xea, 0xaf, 0xad, 0x08, 0x5d, 0xf4, 0x1b, 0x54, 0x0c, 0xa0, 0x0b, 0xa7, 0x7b, 0xec, 0x3e, 0x6c, - 0x78, 0xe2, 0xc4, 0xa0, 0x32, 0xcd, 0x40, 0x57, 0xa5, 0x07, 0x4d, 0xf6, 0x78, 0xbe, 0xd7, 0x1c, - 0xd9, 0x07, 0x92, 0xde, 0x62, 0x18, 0x77, 0x61, 0xc8, 0xda, 0x0d, 0x14, 0x77, 0x0e, 0xb9, 0x1f, - 0x34, 0x49, 0x19, 0xc6, 0x65, 0x1a, 0x21, 0x26, 0x28, 0x73, 0xe6, 0x20, 0x40, 0x77, 0x29, 0x4e, - 0x1e, 0x8c, 0x27, 0x89, 0x3e, 0x4e, 0xe2, 0x08, 0x1e, 0x43, 0xc8, 0xe6, 0x7e, 0x47, 0xb6, 0xee, - 0x05, 0x39, 0xbf, 0xcd, 0x8d, 0x5f, 0x94, 0xfe, 0x74, 0x4e, 0x0e, 0x7f, 0x7a, 0xe7, 0x3c, 0xea, - 0xfb, 0x08, 0xa0, 0x47, 0x8a, 0xf8, 0x30, 0xfc, 0x9b, 0x89, 0x04, 0x72, 0xd5, 0x09, 0x91, 0x40, - 0xfc, 0x24, 0x97, 0x60, 0x3a, 0xe0, 0x36, 0x8b, 0x91, 0x2f, 0xfa, 0x13, 0x47, 0xca, 0x9e, 0xe4, - 0xe0, 0x4d, 0x1f, 0xfb, 0x54, 0x7c, 0xd7, 0x1d, 0xd5, 0x61, 0xda, 0x41, 0x42, 0xae, 0xc2, 0x18, - 0x3b, 0x48, 0x30, 0x4e, 0x46, 0xc2, 0x14, 0x1e, 0xf1, 0xf0, 0x58, 0xb6, 0x8b, 0x1f, 0x89, 0xbf, - 0x05, 0xaf, 0x7f, 0x94, 0x93, 0xcc, 0xf4, 0x63, 0x8c, 0x9c, 0x86, 0x51, 0x3f, 0xd8, 0xd1, 0x9a, - 0x36, 0xe2, 0x07, 0x3b, 0xac, 0x5d, 0x97, 0xa1, 0xc4, 0x3d, 0x33, 0xb8, 0xcb, 0x7b, 0xb8, 0xdf, - 0xe6, 0xf7, 0xdc, 0xa2, 0x3d, 0xc5, 0xe1, 0x98, 0x2b, 0x75, 0xbf, 0x5d, 0x67, 0x98, 0x61, 0xe8, - 0x3b, 0x7a, 0x70, 0x1c, 0xd1, 0xec, 0xa9, 0x30, 0xf4, 0xe3, 0x28, 0x39, 0x0d, 0xb2, 0x00, 0x93, - 0x8c, 0x8f, 0x0a, 0xd1, 0x23, 0x4e, 0xd9, 0x73, 0xe9, 0x53, 0x76, 0xbf, 0x5d, 0x97, 0x9f, 0x68, - 0x4f, 0x84, 0xda, 0x2f, 0xd1, 0x9a, 0x5f, 0xc9, 0xc3, 0xa9, 0x6c, 0x74, 0x1c, 0x2f, 0x56, 0x09, - 0x3a, 0x28, 0x71, 0xf5, 0xa8, 0x3d, 0xc6, 0x20, 0x3c, 0x06, 0x43, 0xd6, 0xd7, 0xe6, 0x33, 0xbf, - 0xf6, 0x55, 0x98, 0x41, 0x46, 0x42, 0xae, 0x69, 0x7a, 0x61, 0x24, 0x42, 0x0b, 0xd8, 0xd3, 0xac, - 0x80, 0x6f, 0x70, 0xab, 0x0c, 0x4c, 0x5e, 0x86, 0x29, 0xb9, 0x45, 0xf9, 0x7b, 0x6d, 0x56, 0x31, - 0xdf, 0x9f, 0x26, 0x05, 0x74, 0x1d, 0x81, 0xe4, 0x24, 0x8c, 0xb8, 0x9d, 0x0e, 0xab, 0x92, 0x6f, - 0x4b, 0xc3, 0x6e, 0xa7, 0x53, 0x6d, 0x90, 0x8b, 0x30, 0x89, 0xee, 0x58, 0xce, 0x36, 0xda, 0xa4, - 0x08, 0x03, 0x38, 0x7b, 0x02, 0x81, 0xdc, 0x4e, 0x25, 0x64, 0x0b, 0x81, 0xd1, 0x4a, 0x94, 0x51, - 0x44, 0x01, 0xb7, 0xa3, 0x10, 0xce, 0x40, 0x51, 0xbe, 0x8e, 0x72, 0xab, 0x72, 0x7b, 0xd4, 0xe5, - 0x2f, 0xa3, 0xa2, 0xd3, 0xbe, 0x08, 0xd3, 0xe2, 0xa0, 0x16, 0x9b, 0x3f, 0x32, 0x15, 0x53, 0x93, - 0x49, 0xd0, 0x22, 0xf2, 0x3a, 0x08, 0x50, 0xb5, 0x21, 0xbb, 0xfb, 0xf7, 0x72, 0x70, 0x32, 0xf3, - 0xa4, 0x27, 0xdf, 0x04, 0xee, 0xb8, 0x12, 0xf9, 0x4e, 0x40, 0xeb, 0x5e, 0xc7, 0x43, 0xd7, 0x7e, - 0xae, 0x09, 0x9b, 0xef, 0x27, 0x23, 0xa0, 0x13, 0xcc, 0xa6, 0x6f, 0x2b, 0x22, 0x7e, 0x45, 0x2f, - 0x05, 0x09, 0xf0, 0xd9, 0xaf, 0xc2, 0xc9, 0x4c, 0xd4, 0x8c, 0xab, 0xf3, 0xeb, 0x66, 0x86, 0x3a, - 0xf9, 0xb6, 0x91, 0x68, 0xb4, 0x76, 0xa5, 0x16, 0xcd, 0xfb, 0x4d, 0xd5, 0xbc, 0x84, 0x4c, 0x40, - 0x96, 0x93, 0x33, 0x36, 0x4b, 0xac, 0x95, 0x44, 0x3d, 0x27, 0x2d, 0xf9, 0x2a, 0x9c, 0x14, 0xb3, - 0x68, 0x27, 0x70, 0x3b, 0xbb, 0x31, 0x3b, 0xfe, 0xa1, 0xaf, 0x64, 0xb1, 0xe3, 0xd3, 0xeb, 0x36, - 0xc3, 0x57, 0x5c, 0x67, 0xdd, 0x34, 0x50, 0xb4, 0x21, 0x90, 0xf2, 0x40, 0xc6, 0xd7, 0x64, 0x4c, - 0xcf, 0x5c, 0xd6, 0xf4, 0x1c, 0x78, 0x6d, 0x88, 0x3a, 0x7f, 0x34, 0x07, 0x17, 0x8e, 0xfa, 0x66, - 0xf2, 0x10, 0x4e, 0xe1, 0xeb, 0x7b, 0xe8, 0xab, 0x66, 0x3b, 0x75, 0xb7, 0xbe, 0x4b, 0xc5, 0x2c, - 0xb1, 0x32, 0x1b, 0xdf, 0xe9, 0xd4, 0x6a, 0xeb, 0x5a, 0xbb, 0x3b, 0x9d, 0x5a, 0xe8, 0xcb, 0xdf, - 0x8b, 0x8c, 0x5c, 0x7c, 0x43, 0x03, 0x9e, 0xef, 0x43, 0xa9, 0xad, 0xb8, 0x9c, 0xbe, 0xe2, 0x2e, - 0x43, 0x69, 0x9b, 0x36, 0x98, 0x74, 0x45, 0x1b, 0xf8, 0x69, 0x8f, 0xe7, 0x79, 0x9a, 0x47, 0x7b, - 0x4a, 0xc1, 0x6b, 0xa1, 0xff, 0x60, 0x5e, 0xd4, 0xd2, 0x92, 0x9b, 0xa7, 0x2e, 0xfd, 0x91, 0xab, - 0x30, 0x9b, 0x08, 0x53, 0x10, 0xfb, 0xbd, 0xda, 0x33, 0xac, 0xc8, 0x0c, 0x6a, 0xf3, 0x22, 0x4c, - 0xc8, 0x61, 0x08, 0x94, 0xf7, 0x8c, 0x3d, 0x2e, 0x60, 0x6c, 0x96, 0x8b, 0xea, 0xba, 0xb2, 0x51, - 0x99, 0x82, 0xe3, 0x00, 0x52, 0x19, 0x79, 0x03, 0x88, 0x92, 0x00, 0xd5, 0xc2, 0x14, 0x15, 0xce, - 0xc8, 0x12, 0xb5, 0xa2, 0x44, 0xb5, 0x7f, 0x3b, 0x2f, 0x85, 0xb8, 0x05, 0xdf, 0x8f, 0xc2, 0x28, - 0x70, 0x3b, 0xc6, 0x4d, 0x90, 0xb4, 0xe0, 0x8c, 0xef, 0x76, 0xa3, 0xdd, 0x79, 0x87, 0xfd, 0xeb, - 0x07, 0xd2, 0x83, 0xb6, 0x2e, 0xcd, 0x00, 0xc7, 0xe7, 0xaf, 0x99, 0x9b, 0x79, 0x85, 0x61, 0x57, - 0x74, 0x64, 0x26, 0x73, 0x68, 0x5c, 0x57, 0x9e, 0xb3, 0x4f, 0x73, 0x9e, 0x29, 0x2c, 0xb2, 0x02, - 0x13, 0x5b, 0xd4, 0x0d, 0x68, 0xe0, 0xc4, 0x69, 0xec, 0x93, 0x57, 0xc1, 0x05, 0x44, 0x40, 0x8b, - 0x58, 0x93, 0xeb, 0xf8, 0x56, 0x5c, 0x42, 0xde, 0x83, 0x31, 0xaf, 0x21, 0x82, 0xff, 0x89, 0x0b, - 0xa1, 0x79, 0x09, 0xa9, 0x36, 0x78, 0x2c, 0xc0, 0x98, 0x07, 0xbb, 0x4d, 0x7a, 0x02, 0xba, 0x30, - 0x69, 0xdc, 0x99, 0xad, 0x05, 0x29, 0x2f, 0xa4, 0xc9, 0x52, 0x49, 0xf8, 0x4f, 0xc1, 0x48, 0xa8, - 0x45, 0x23, 0xb4, 0xc5, 0x2f, 0xeb, 0xcf, 0xc0, 0xe5, 0x41, 0xfb, 0x88, 0x8d, 0x66, 0x8f, 0x0e, - 0x1f, 0xb3, 0x67, 0xdc, 0x54, 0xbf, 0xbd, 0x08, 0x7a, 0x38, 0x35, 0x4f, 0xce, 0x33, 0x09, 0xbb, - 0x1f, 0x78, 0xd6, 0x8f, 0x15, 0x60, 0xca, 0xd4, 0x12, 0x90, 0xd7, 0x60, 0x48, 0xb1, 0x9d, 0x52, - 0xda, 0x6c, 0x1d, 0x89, 0x31, 0xb7, 0x11, 0x89, 0x1d, 0x59, 0xf8, 0xf8, 0xe5, 0xb4, 0x74, 0x85, - 0xb3, 0x3d, 0x81, 0x40, 0xa9, 0x68, 0xbe, 0x03, 0x3c, 0x99, 0x31, 0x6e, 0xa1, 0xd1, 0x60, 0xa9, - 0xfb, 0x8b, 0xdf, 0x3b, 0x28, 0x3f, 0x87, 0x9a, 0xc2, 0x09, 0x46, 0xcb, 0xb6, 0x31, 0xcc, 0xd6, - 0x1f, 0x5f, 0x02, 0x87, 0x7a, 0x5f, 0x02, 0x45, 0x53, 0x7a, 0x5c, 0x02, 0x87, 0xfb, 0x5c, 0x02, - 0x63, 0x4a, 0xfd, 0x12, 0x88, 0xaa, 0x80, 0xd1, 0x5e, 0xaa, 0x80, 0x98, 0x86, 0xab, 0x02, 0x5e, - 0x12, 0xcd, 0x0d, 0xdc, 0x3d, 0x07, 0xfb, 0x81, 0x9b, 0xe9, 0xf1, 0x86, 0xd8, 0xee, 0x1e, 0x3e, - 0x13, 0x2e, 0x8c, 0x81, 0x7c, 0x5b, 0xb4, 0xfe, 0x5a, 0x2e, 0x71, 0xed, 0x92, 0x43, 0xf1, 0x32, - 0x4c, 0x79, 0x2d, 0x26, 0x0f, 0xd2, 0x86, 0x26, 0xc7, 0x4c, 0xda, 0x93, 0x12, 0xca, 0x65, 0x99, - 0x57, 0x60, 0x5a, 0xa1, 0x71, 0x7f, 0x6e, 0xee, 0x73, 0x60, 0x2b, 0x6a, 0xe1, 0xcf, 0xfd, 0x1a, - 0xcc, 0x28, 0x44, 0x21, 0x3a, 0x73, 0x51, 0x66, 0xd2, 0x2e, 0xc9, 0x02, 0x91, 0x96, 0x33, 0xb4, - 0x76, 0x92, 0x87, 0xe1, 0x67, 0xf4, 0x55, 0xd6, 0x6f, 0x16, 0x0c, 0x91, 0x54, 0x56, 0xb3, 0x00, - 0xe3, 0x6c, 0x47, 0x16, 0x9d, 0x24, 0xb6, 0x95, 0x17, 0x7b, 0x74, 0xbf, 0x78, 0x9d, 0xad, 0xd5, - 0xd6, 0x6d, 0x08, 0x43, 0x5f, 0x3e, 0xd6, 0x3a, 0xfc, 0xd0, 0xe1, 0x52, 0x15, 0x4e, 0x3f, 0xc9, - 0x8e, 0xef, 0x21, 0xaf, 0xf6, 0x67, 0x57, 0xe9, 0x74, 0xf0, 0x1b, 0xd9, 0xec, 0xc3, 0xc3, 0x47, - 0xfd, 0x92, 0x15, 0xdc, 0x07, 0xbc, 0xc1, 0x85, 0x26, 0xf3, 0x42, 0xc6, 0x71, 0x9e, 0x62, 0x8e, - 0xbd, 0x84, 0x9c, 0x4b, 0x5d, 0xf9, 0xa7, 0x64, 0xbb, 0x0c, 0x13, 0x61, 0xdd, 0x6b, 0x29, 0x86, - 0x43, 0x19, 0xca, 0x84, 0x74, 0xe3, 0x17, 0xab, 0xf7, 0xec, 0x71, 0x46, 0x27, 0xd9, 0xec, 0xc2, - 0x19, 0x5d, 0x6a, 0x35, 0x3f, 0x72, 0x58, 0xc6, 0xc9, 0xeb, 0xdb, 0x03, 0xb1, 0x70, 0x8b, 0x9f, - 0x7a, 0xca, 0x35, 0x01, 0x02, 0xcd, 0xda, 0x85, 0xb3, 0xbd, 0x87, 0x84, 0x5d, 0x84, 0xa8, 0xee, - 0xf1, 0x6d, 0xcb, 0x9f, 0xda, 0xb9, 0x9c, 0xd7, 0xcf, 0x65, 0x5d, 0x86, 0x2d, 0x18, 0x32, 0xac, - 0xf5, 0x37, 0x0b, 0x70, 0x71, 0x80, 0xe1, 0xea, 0x53, 0xe7, 0x07, 0x30, 0xce, 0x55, 0xa0, 0x7c, - 0xfb, 0xe4, 0xe6, 0x03, 0xf2, 0x18, 0x60, 0x4c, 0xc5, 0x5e, 0xc7, 0x24, 0xa7, 0x78, 0xbf, 0x83, - 0x50, 0xfd, 0x4d, 0xbe, 0x09, 0xd3, 0x7c, 0x43, 0xe3, 0x06, 0x16, 0xdb, 0xdd, 0xe6, 0x00, 0x3b, - 0xda, 0xf3, 0xd2, 0x1a, 0x3c, 0x41, 0x8a, 0x9b, 0x1c, 0xee, 0x18, 0x35, 0x05, 0x23, 0x9b, 0x30, - 0x8e, 0x68, 0xdb, 0xae, 0xd7, 0x1c, 0xc8, 0x2c, 0x59, 0xda, 0x9a, 0xeb, 0x64, 0xdc, 0x2e, 0x8c, - 0x01, 0x6e, 0xe1, 0x6f, 0x76, 0xed, 0x6c, 0x77, 0x5b, 0x8e, 0xdb, 0xe9, 0xf0, 0xb9, 0x20, 0xde, - 0xb1, 0x86, 0xed, 0xc9, 0x76, 0xb7, 0x55, 0xe9, 0x74, 0x70, 0x48, 0xf1, 0xc1, 0x6b, 0x86, 0xe1, - 0xf1, 0x55, 0x2b, 0x31, 0x47, 0x10, 0x93, 0x31, 0xe0, 0xeb, 0x56, 0xe0, 0x9e, 0x00, 0x6e, 0xfe, - 0xc0, 0x15, 0xf8, 0x36, 0xff, 0x61, 0xfd, 0x8b, 0xbc, 0x14, 0x09, 0x7b, 0xcf, 0xfb, 0x3f, 0x1d, - 0xa2, 0x8c, 0x21, 0xba, 0x0c, 0x25, 0xd6, 0xf5, 0xf1, 0xa6, 0xa2, 0xc6, 0x68, 0xaa, 0xdd, 0x6d, - 0xa9, 0xbe, 0xd3, 0x3b, 0x7e, 0x44, 0xef, 0xf8, 0x2f, 0x48, 0x91, 0x31, 0x73, 0x7b, 0xe8, 0xdd, - 0xe5, 0xd6, 0xff, 0x5e, 0x80, 0x4b, 0x83, 0x6d, 0x02, 0x7f, 0x3a, 0x6e, 0x19, 0xe3, 0x96, 0xb8, - 0x96, 0x0f, 0xa7, 0xae, 0xe5, 0x19, 0x6b, 0x6f, 0x24, 0x6b, 0xed, 0xa5, 0x94, 0x00, 0xa3, 0x19, - 0x4a, 0x80, 0xcc, 0x05, 0x5a, 0x3c, 0x62, 0x81, 0x8e, 0xe9, 0xf3, 0xe4, 0x7f, 0xcd, 0xc3, 0x6c, - 0xc6, 0x23, 0x0f, 0xf9, 0x2a, 0xcc, 0x4a, 0xd1, 0x9e, 0x9f, 0x1c, 0x5c, 0xe4, 0xe6, 0xa7, 0xef, - 0x95, 0x2c, 0xa1, 0x1e, 0xd1, 0x32, 0x04, 0xef, 0x19, 0x21, 0xce, 0xc7, 0xe5, 0x7f, 0x72, 0x04, - 0x79, 0xf2, 0x21, 0x9c, 0xc2, 0x40, 0xae, 0x75, 0x47, 0x93, 0xe7, 0x9d, 0x80, 0x6e, 0x8b, 0xf9, - 0xf0, 0x62, 0x4a, 0xec, 0xf5, 0xea, 0xda, 0xe7, 0xd8, 0x74, 0x7b, 0xe5, 0x39, 0xfb, 0x44, 0x98, - 0x01, 0x4f, 0xde, 0x11, 0xfe, 0xa3, 0x1c, 0x58, 0x47, 0xf7, 0x17, 0xde, 0xe5, 0x92, 0x1d, 0xce, - 0xee, 0x72, 0x5a, 0xef, 0x5d, 0x84, 0xc9, 0x80, 0x6e, 0x07, 0x34, 0xdc, 0xd5, 0xba, 0x6f, 0xcc, - 0x9e, 0x10, 0x40, 0xd9, 0x31, 0x32, 0x7c, 0xd3, 0xb1, 0x84, 0x6c, 0x49, 0x64, 0xdd, 0xfa, 0xff, - 0xa9, 0xbb, 0xba, 0xdf, 0x46, 0xae, 0xeb, 0xae, 0x21, 0x29, 0xad, 0x74, 0xa8, 0x8f, 0xd1, 0xb5, - 0xbc, 0x2b, 0x6b, 0xb5, 0x5a, 0x77, 0xbc, 0xd9, 0x78, 0xe9, 0xd8, 0xc9, 0x7a, 0xeb, 0xd8, 0xeb, - 0xd6, 0x75, 0x46, 0xe4, 0x50, 0x1c, 0x8b, 0x1c, 0xd2, 0x33, 0x43, 0x29, 0x6b, 0x27, 0x19, 0xd0, - 0xe4, 0xac, 0x96, 0x0d, 0x35, 0x64, 0xc8, 0xa1, 0x9d, 0xf5, 0x4b, 0x5b, 0x14, 0x48, 0x81, 0xb6, - 0xe9, 0x47, 0xd0, 0x87, 0xa0, 0x2d, 0x50, 0x14, 0xf0, 0x43, 0xff, 0x80, 0xbe, 0xf5, 0x1f, 0x08, - 0x10, 0x04, 0xc8, 0x43, 0x9f, 0x5a, 0xc0, 0x68, 0x0d, 0xb4, 0x0f, 0x7d, 0x2d, 0xda, 0x87, 0x3c, - 0x15, 0xf7, 0xdc, 0x7b, 0x67, 0xee, 0xcc, 0x90, 0xb4, 0xb4, 0xeb, 0x34, 0xc8, 0x93, 0xc4, 0x73, - 0xcf, 0xb9, 0x73, 0x66, 0xee, 0xf7, 0x3d, 0xe7, 0xfc, 0x4e, 0x74, 0xf4, 0x9b, 0xd9, 0x0e, 0xb4, - 0x37, 0xc9, 0x0a, 0xb2, 0x1f, 0xef, 0x14, 0x56, 0x73, 0x6a, 0xde, 0xe6, 0x20, 0x53, 0x0f, 0xfb, - 0x03, 0x5f, 0xfb, 0x47, 0x45, 0xec, 0x08, 0x66, 0x7d, 0x3c, 0xf2, 0xbe, 0xe4, 0x96, 0x94, 0xcf, - 0x6c, 0x43, 0x66, 0x89, 0xc8, 0x1e, 0x1c, 0x1c, 0xf7, 0x08, 0x09, 0x09, 0xdc, 0x23, 0xa4, 0x3c, - 0x8d, 0x6f, 0xc5, 0x7d, 0x61, 0xd5, 0xa4, 0xb3, 0xdd, 0xc9, 0x5d, 0x72, 0x07, 0xae, 0x30, 0x43, - 0xa6, 0x50, 0x74, 0x2b, 0xa1, 0xe8, 0xc9, 0x5d, 0x5b, 0x94, 0x6b, 0x3f, 0x56, 0x22, 0x53, 0x4c, - 0x5a, 0xfd, 0x93, 0xbb, 0xe4, 0xf5, 0x8b, 0x39, 0x18, 0xad, 0x0a, 0x07, 0xa3, 0xc8, 0xb9, 0xe8, - 0x8d, 0x84, 0x73, 0xd1, 0xad, 0xc5, 0xdf, 0x89, 0x5f, 0xfa, 0xa6, 0xf3, 0x6b, 0xff, 0xaf, 0x02, - 0x37, 0x16, 0x4a, 0x90, 0x7d, 0x58, 0xd5, 0x5b, 0xa6, 0x1b, 0xb7, 0x2c, 0x1d, 0x2d, 0x82, 0x42, - 0x8e, 0x60, 0xed, 0xb0, 0x33, 0xe9, 0x77, 0x69, 0x07, 0x9e, 0x79, 0x57, 0x95, 0xa9, 0x36, 0x62, - 0xaf, 0x2d, 0xd9, 0xb1, 0x2c, 0xf1, 0x60, 0x1b, 0x47, 0x41, 0x26, 0x7f, 0x6d, 0xfa, 0xc2, 0x20, - 0x53, 0x61, 0x46, 0x8c, 0xce, 0x30, 0x19, 0x62, 0x7a, 0xf0, 0x7d, 0x28, 0x76, 0x21, 0xf3, 0x15, - 0xbc, 0x04, 0x54, 0xd9, 0x8b, 0xb0, 0xda, 0x12, 0xe6, 0x18, 0xc9, 0x23, 0x4f, 0x98, 0x5e, 0xec, - 0xa8, 0x54, 0xfb, 0x53, 0x45, 0x9c, 0xea, 0x3f, 0xff, 0x45, 0xa4, 0xc4, 0x06, 0xbd, 0xc5, 0x89, - 0x0d, 0x7a, 0x4f, 0x98, 0xd8, 0x40, 0xfb, 0x07, 0x0e, 0x24, 0x6a, 0xf6, 0x5a, 0xa9, 0x5c, 0x5b, - 0x4f, 0xeb, 0x59, 0x69, 0x24, 0x7a, 0xe7, 0x0b, 0x52, 0xb2, 0x95, 0xec, 0xb3, 0xe6, 0x3b, 0x58, - 0x4a, 0x5d, 0xf5, 0x3f, 0x73, 0xb0, 0xbf, 0x48, 0x7c, 0x66, 0x5a, 0x30, 0xe5, 0x72, 0x69, 0xc1, - 0xee, 0xc0, 0x2a, 0xa3, 0x25, 0x73, 0x2d, 0x73, 0x51, 0xfa, 0xc1, 0x45, 0x31, 0x79, 0x01, 0x56, - 0xf4, 0xb2, 0x13, 0x67, 0x83, 0x40, 0xff, 0x9e, 0x4e, 0x77, 0x82, 0x9e, 0x23, 0xbc, 0x88, 0x7c, - 0x27, 0x9b, 0x00, 0x85, 0xa7, 0x81, 0xb8, 0x2e, 0x7d, 0x90, 0x0c, 0xc6, 0x2f, 0xea, 0x1b, 0x63, - 0xd2, 0x72, 0x98, 0x47, 0x3b, 0x9b, 0x4c, 0x45, 0x83, 0x95, 0xd6, 0xd8, 0x9f, 0xf8, 0xa1, 0xec, - 0x7b, 0x33, 0x42, 0x8a, 0xcd, 0x4b, 0xb8, 0x67, 0x4c, 0xe7, 0x31, 0x0b, 0x84, 0x5c, 0x91, 0x83, - 0xd3, 0xd1, 0x95, 0x86, 0x92, 0x6d, 0x89, 0x45, 0xfb, 0x23, 0x05, 0x76, 0x66, 0xa9, 0x45, 0xf6, - 0xa1, 0x10, 0xcc, 0x4c, 0xdd, 0x12, 0xb0, 0x70, 0xac, 0x22, 0xe6, 0xb9, 0x7d, 0x38, 0x1c, 0x9f, - 0x77, 0x42, 0xd9, 0xe1, 0x48, 0x22, 0xdb, 0x40, 0x7f, 0x54, 0xf1, 0x7f, 0x72, 0x53, 0x4c, 0xb6, - 0xf9, 0x4c, 0xb2, 0x17, 0xfc, 0xa3, 0xe9, 0x00, 0x66, 0xaf, 0xd5, 0x1c, 0x31, 0xc8, 0xd8, 0x7b, - 0x50, 0xa0, 0x6a, 0xa5, 0x3a, 0x23, 0xed, 0x0e, 0x7a, 0xa3, 0xce, 0x99, 0x98, 0x56, 0x93, 0xce, - 0xf9, 0xc0, 0x46, 0x66, 0xed, 0x14, 0x36, 0x93, 0x1c, 0xc4, 0x48, 0x82, 0x8c, 0x15, 0x5f, 0x55, - 0x79, 0x4d, 0x87, 0xc3, 0x21, 0x73, 0x7a, 0x3d, 0x7c, 0xee, 0x5f, 0x3e, 0xbd, 0x09, 0xf4, 0x27, - 0x93, 0x99, 0x05, 0x42, 0xa6, 0xfd, 0x79, 0x0e, 0x76, 0xe2, 0x38, 0x3b, 0x31, 0x24, 0x7e, 0x6d, - 0x83, 0x3e, 0xf4, 0x44, 0x50, 0x82, 0xd8, 0x31, 0x65, 0x5f, 0x70, 0x81, 0x2f, 0xf4, 0x11, 0xec, - 0xce, 0xe3, 0x27, 0x2f, 0x65, 0xf2, 0xd0, 0x73, 0x10, 0x8a, 0x28, 0x61, 0xbd, 0x94, 0x96, 0xfe, - 0x67, 0x0a, 0xec, 0x71, 0x57, 0xcd, 0x46, 0xa7, 0x1f, 0x84, 0x7e, 0xd0, 0x09, 0xba, 0xfe, 0x17, - 0x13, 0xb4, 0x74, 0x94, 0x98, 0x96, 0xbe, 0x94, 0xf4, 0xc8, 0xcd, 0x3c, 0x6d, 0xfe, 0xdb, 0x92, - 0x3b, 0x08, 0x37, 0xd2, 0x65, 0x9d, 0xb7, 0xc0, 0x82, 0x44, 0x03, 0x4a, 0x90, 0x83, 0x44, 0x91, - 0x43, 0xfb, 0x3d, 0x38, 0x58, 0xfc, 0x00, 0xf2, 0x6d, 0xd8, 0x40, 0x88, 0xfe, 0xf6, 0xe8, 0x6c, - 0xdc, 0xe9, 0xf9, 0xe2, 0x4e, 0x4b, 0x5c, 0x29, 0xca, 0x65, 0x0c, 0x62, 0x85, 0x07, 0x2d, 0x9e, - 0x21, 0xf8, 0x3f, 0x17, 0x4a, 0xf8, 0x43, 0xcb, 0xb5, 0x69, 0xbf, 0xaf, 0x00, 0xc9, 0xd6, 0x41, - 0xbe, 0x0e, 0xeb, 0x6d, 0xb7, 0xec, 0x84, 0x9d, 0x71, 0x58, 0x1b, 0x4e, 0xc7, 0x1c, 0xba, 0x84, - 0xc5, 0xb0, 0x85, 0x5d, 0x3a, 0x33, 0x8c, 0x43, 0xef, 0xd1, 0x70, 0x3a, 0xb6, 0x13, 0x7c, 0x98, - 0x07, 0xc0, 0xf7, 0xbf, 0xdb, 0xeb, 0x3c, 0x4e, 0xe6, 0x01, 0xe0, 0xb4, 0x44, 0x1e, 0x00, 0x4e, - 0xd3, 0x3e, 0x51, 0xe0, 0xba, 0xf0, 0xc1, 0xe8, 0xcd, 0xd0, 0xa5, 0x8c, 0x91, 0xda, 0x63, 0x01, - 0xdd, 0xb6, 0x68, 0x6f, 0xba, 0x2d, 0xc0, 0x0c, 0x50, 0x41, 0xdc, 0xa4, 0x32, 0x59, 0xf2, 0x0d, - 0x28, 0x38, 0xe1, 0x70, 0x74, 0x01, 0x34, 0x03, 0x35, 0x6a, 0xd1, 0x70, 0x38, 0xc2, 0x2a, 0x50, - 0x52, 0xf3, 0x61, 0x47, 0x56, 0x4e, 0x68, 0x4c, 0x1a, 0x70, 0x85, 0x63, 0xdb, 0xa4, 0x8c, 0x52, - 0x0b, 0xde, 0xe9, 0x70, 0x4b, 0x40, 0x26, 0x70, 0xe8, 0x30, 0x5b, 0xd4, 0xa1, 0xfd, 0x99, 0x02, - 0x45, 0xba, 0x79, 0xc0, 0xe3, 0xd8, 0xd3, 0x76, 0xe9, 0xe4, 0x3e, 0x50, 0xd8, 0x34, 0xa3, 0xea, - 0x2f, 0xb4, 0xb8, 0xbe, 0x06, 0x5b, 0x29, 0x01, 0xa2, 0x61, 0xb0, 0xec, 0xa0, 0xdf, 0xed, 0x30, - 0x58, 0x71, 0x66, 0x10, 0x4c, 0xd0, 0xb4, 0x3f, 0x56, 0x60, 0x87, 0x1e, 0xde, 0x4d, 0xbc, 0xb7, - 0xb5, 0xa7, 0x03, 0x31, 0xde, 0xe9, 0x86, 0x48, 0x38, 0xf3, 0xb0, 0x40, 0x3e, 0xb6, 0x21, 0xe2, - 0x34, 0x3b, 0x2a, 0x25, 0x35, 0x58, 0xe5, 0xeb, 0xcb, 0x84, 0x23, 0x7e, 0x1d, 0x48, 0xb7, 0x02, - 0x71, 0xc5, 0x9c, 0x89, 0xbe, 0x09, 0x4e, 0x61, 0x5c, 0xc6, 0x8e, 0xa4, 0xb5, 0xff, 0x56, 0xe0, - 0xda, 0x1c, 0x19, 0xf2, 0x16, 0x2c, 0x63, 0x90, 0x01, 0x6f, 0xbd, 0xfd, 0x39, 0x8f, 0x08, 0xbb, - 0x8f, 0x4e, 0xee, 0xb2, 0x85, 0xe8, 0x9c, 0xfe, 0xb0, 0x99, 0x14, 0x79, 0x1f, 0xd6, 0xf4, 0x5e, - 0x8f, 0x9f, 0x4b, 0x72, 0x89, 0x73, 0xc9, 0x9c, 0x27, 0xbe, 0x12, 0xf1, 0xb3, 0x73, 0x09, 0x73, - 0x77, 0xed, 0xf5, 0x3c, 0x1e, 0x40, 0x11, 0xd7, 0xb7, 0xf7, 0xdb, 0xb0, 0x99, 0x64, 0xbe, 0xd4, - 0xb9, 0xe4, 0xc7, 0x0a, 0xa8, 0x49, 0x1d, 0x7e, 0x39, 0x60, 0x0f, 0xb3, 0x9a, 0xf9, 0x73, 0x3a, - 0xd5, 0x5f, 0xe6, 0xe0, 0xd9, 0x99, 0x5f, 0x98, 0xbc, 0x0c, 0x2b, 0xfa, 0x68, 0x64, 0x56, 0x78, - 0xaf, 0xe2, 0x1b, 0x1e, 0xbc, 0xee, 0x4d, 0x1c, 0xdb, 0x18, 0x13, 0xb9, 0x07, 0xab, 0xd8, 0x33, - 0xa9, 0x40, 0x2e, 0xc6, 0xde, 0x62, 0xb7, 0x21, 0x29, 0xec, 0x2d, 0xc1, 0x48, 0xaa, 0xb0, 0xc9, - 0xe3, 0xbe, 0x6d, 0xff, 0xcc, 0xff, 0x7e, 0x04, 0x02, 0x8b, 0x38, 0xb5, 0xe2, 0x0e, 0xd9, 0x1b, - 0xb3, 0x32, 0x39, 0xf2, 0x39, 0x29, 0x45, 0xea, 0xa0, 0x62, 0x9d, 0x72, 0x4d, 0x0c, 0x00, 0x0c, - 0x23, 0xf1, 0x99, 0x12, 0x73, 0xea, 0xca, 0x48, 0x46, 0xcd, 0xa5, 0x4f, 0x26, 0xfd, 0xb3, 0xe0, - 0xdc, 0x0f, 0xc2, 0x5f, 0x5e, 0x73, 0xc5, 0xcf, 0xb8, 0x50, 0x73, 0xfd, 0x55, 0x81, 0x0d, 0xe6, - 0xb4, 0x18, 0xdd, 0xd1, 0x48, 0x98, 0x8f, 0xb8, 0xa3, 0xc1, 0x3c, 0x9e, 0x2c, 0xb2, 0xb9, 0x02, - 0x57, 0x58, 0xc4, 0xb9, 0x18, 0x19, 0x37, 0x66, 0xaa, 0xc0, 0x78, 0x4e, 0xee, 0xb2, 0xed, 0x0b, - 0x8b, 0x76, 0x98, 0xd8, 0x42, 0x94, 0x9c, 0x40, 0xb1, 0x3c, 0xf0, 0x3b, 0xc1, 0x74, 0xe4, 0x5e, - 0xcc, 0x0c, 0xb8, 0xcb, 0xdf, 0x65, 0xbd, 0xcb, 0xc4, 0xd0, 0x7c, 0x88, 0x33, 0xb9, 0x5c, 0x11, - 0x71, 0x23, 0x07, 0xe8, 0x02, 0x5e, 0x39, 0x7e, 0x6d, 0xc1, 0xf7, 0x49, 0x13, 0x51, 0x2e, 0xe9, - 0xdd, 0xcf, 0x3d, 0xa4, 0x3d, 0xd8, 0xac, 0x77, 0x26, 0xa1, 0x3b, 0xee, 0x04, 0x13, 0x44, 0xaa, - 0xba, 0x00, 0x92, 0x87, 0xc8, 0xf8, 0xcb, 0xae, 0x22, 0xc3, 0x48, 0x94, 0x5d, 0x45, 0x26, 0xab, - 0xa3, 0xfb, 0xa5, 0x6a, 0x3f, 0xe8, 0x0c, 0xfa, 0x1f, 0x8b, 0x38, 0x11, 0xb6, 0x5f, 0x7a, 0x28, - 0x88, 0x76, 0x5c, 0xae, 0x7d, 0x2b, 0xd3, 0x6e, 0x4c, 0xcb, 0x22, 0x5c, 0xe1, 0x51, 0x84, 0x2c, - 0xaa, 0xae, 0x65, 0x58, 0x15, 0xd3, 0x3a, 0x52, 0x15, 0xb2, 0x09, 0xd0, 0xb2, 0x9b, 0x65, 0xc3, - 0x71, 0xe8, 0xef, 0x1c, 0xfd, 0xcd, 0x43, 0xee, 0xaa, 0xed, 0xba, 0x9a, 0x97, 0xa2, 0xee, 0x0a, - 0xda, 0x4f, 0x15, 0xb8, 0x3a, 0xbb, 0x29, 0x89, 0x0b, 0x18, 0x77, 0xc9, 0x0d, 0xc2, 0x5f, 0x5f, - 0xd8, 0xee, 0x33, 0xc9, 0xe9, 0xf8, 0xcd, 0x90, 0xc5, 0x05, 0xe6, 0x84, 0xd5, 0x27, 0xce, 0x55, - 0xdb, 0xef, 0x69, 0x65, 0xd8, 0x9d, 0x57, 0x47, 0xf2, 0x55, 0xb7, 0xa0, 0xa8, 0xb7, 0x5a, 0x75, - 0xb3, 0xac, 0xbb, 0x66, 0xd3, 0x52, 0x15, 0xb2, 0x06, 0xcb, 0x47, 0x76, 0xb3, 0xdd, 0x52, 0x73, - 0xda, 0x8f, 0x14, 0xd8, 0x30, 0x83, 0xd0, 0x3f, 0x63, 0x7e, 0xb3, 0x4f, 0x3b, 0xf8, 0xde, 0x4c, - 0x0c, 0xbe, 0xdd, 0x28, 0x42, 0x39, 0x7a, 0xc0, 0x85, 0x46, 0xde, 0x3f, 0x2b, 0xb0, 0x9d, 0x91, - 0x21, 0x0e, 0x5c, 0xd1, 0x4f, 0x9d, 0xa6, 0x59, 0x29, 0x73, 0xcd, 0xc4, 0xae, 0x9c, 0x53, 0xb3, - 0x4f, 0x61, 0x51, 0x3d, 0x1f, 0x4d, 0xbc, 0x61, 0xbf, 0x27, 0x65, 0xc8, 0xaa, 0x2d, 0xd9, 0xa2, - 0x26, 0x5c, 0xc9, 0x3e, 0x9e, 0x8e, 0x7d, 0xac, 0x36, 0x97, 0xb8, 0xd1, 0x8c, 0xe8, 0xd9, 0x8a, - 0xd1, 0x4d, 0xb4, 0x43, 0xcb, 0xb3, 0x55, 0xc7, 0xf5, 0x1d, 0x6e, 0x40, 0x91, 0x9f, 0x5a, 0xf0, - 0x40, 0xf0, 0x43, 0x05, 0x76, 0xe7, 0xe9, 0x4a, 0x0f, 0x42, 0xc9, 0x10, 0xbf, 0xab, 0x11, 0xc6, - 0x71, 0x32, 0xb6, 0x4f, 0xb0, 0x91, 0xb7, 0xa1, 0xc8, 0x12, 0x80, 0x3b, 0xf7, 0xda, 0xb6, 0xc9, - 0x3b, 0xc8, 0x8d, 0xff, 0xfa, 0xf4, 0xe6, 0x35, 0x96, 0x2e, 0xdc, 0x9b, 0xdc, 0xf3, 0xa6, 0xe3, - 0x7e, 0x02, 0x0f, 0x56, 0x96, 0xd0, 0x7e, 0xa0, 0xc0, 0xde, 0xfc, 0x97, 0xa4, 0xab, 0x8c, 0x4b, - 0xf7, 0xe6, 0x71, 0x94, 0x14, 0xae, 0x32, 0xb8, 0x5f, 0x4f, 0x85, 0x49, 0x45, 0x8c, 0x54, 0x28, - 0xca, 0x3d, 0x99, 0xcb, 0xa4, 0x9c, 0x4b, 0x0a, 0x09, 0x46, 0xed, 0x6f, 0x72, 0x70, 0x95, 0x76, - 0xa0, 0x81, 0x3f, 0x99, 0xe8, 0xd3, 0xf0, 0x91, 0x1f, 0x84, 0x7c, 0x4b, 0x45, 0x5e, 0x87, 0x95, - 0x47, 0x97, 0xbb, 0x0d, 0x64, 0xec, 0x84, 0x00, 0x4e, 0xca, 0xc2, 0xcd, 0x94, 0xfe, 0x4f, 0x6e, - 0x80, 0x94, 0xe2, 0x0f, 0xe7, 0xd4, 0x75, 0x7b, 0x6d, 0x14, 0x25, 0xfa, 0x7b, 0x03, 0x96, 0xf1, - 0xf4, 0xcf, 0xa7, 0x46, 0xb1, 0xa5, 0x9d, 0xad, 0x19, 0xde, 0x0d, 0xd8, 0x4c, 0x80, 0x7c, 0x15, - 0x20, 0xc6, 0xd2, 0xe5, 0x73, 0x9f, 0x38, 0x46, 0x47, 0x70, 0xba, 0xf6, 0xda, 0xf9, 0xc3, 0x0e, - 0x07, 0xa8, 0x2d, 0xc1, 0xb6, 0xf8, 0x24, 0x23, 0x01, 0xdc, 0xc3, 0xcd, 0x53, 0x5b, 0xac, 0xc0, - 0x1c, 0x71, 0xf0, 0x1e, 0xed, 0x3f, 0x72, 0xb0, 0x76, 0x4a, 0x37, 0x0a, 0x78, 0xfc, 0x5d, 0x7c, - 0x9c, 0x7e, 0x15, 0x8a, 0xf5, 0x61, 0x87, 0xdf, 0xdd, 0x4f, 0x38, 0x76, 0x18, 0x86, 0x0a, 0x0d, - 0x86, 0x1d, 0x61, 0x06, 0x98, 0xd8, 0x32, 0xd3, 0xe7, 0x84, 0x39, 0xbd, 0x03, 0x2b, 0xcc, 0x96, - 0xc2, 0x2f, 0x6a, 0xc4, 0x56, 0x31, 0xd2, 0xe8, 0x15, 0x56, 0x2c, 0x5d, 0x37, 0x33, 0x7b, 0x8c, - 0xbc, 0x6f, 0xe1, 0xd0, 0x61, 0xd2, 0x61, 0x7f, 0xf9, 0x62, 0x87, 0x7d, 0x09, 0x22, 0x65, 0xe5, - 0x22, 0x10, 0x29, 0x7b, 0xf7, 0xa1, 0x28, 0xe9, 0x73, 0xa9, 0x9d, 0xe3, 0x1f, 0xe4, 0x60, 0x03, - 0xdf, 0x2a, 0x72, 0xac, 0xf8, 0xf5, 0xbc, 0xba, 0x78, 0x33, 0x71, 0x75, 0xb1, 0x2b, 0xb7, 0x17, - 0x7b, 0xb3, 0x05, 0x77, 0x16, 0xef, 0xc0, 0x76, 0x86, 0x91, 0xbc, 0x06, 0xcb, 0x54, 0x7d, 0x71, - 0xd4, 0x53, 0xd3, 0x3d, 0x20, 0x86, 0xd3, 0xa3, 0x2f, 0x3e, 0xb1, 0x19, 0xb7, 0xf6, 0x3f, 0x0a, - 0xac, 0x73, 0x70, 0xe5, 0xe0, 0xe1, 0xf0, 0x73, 0x3f, 0xe7, 0xed, 0xf4, 0xe7, 0x64, 0x41, 0xbb, - 0xfc, 0x73, 0xfe, 0x7f, 0x7f, 0xc4, 0xfb, 0x89, 0x8f, 0x78, 0x2d, 0x02, 0xd7, 0x11, 0xaf, 0xb3, - 0xe0, 0x1b, 0xfe, 0x13, 0xc2, 0xcd, 0x25, 0x19, 0xc9, 0x77, 0x60, 0xcd, 0xf2, 0x3f, 0x4a, 0x9c, - 0x98, 0x6e, 0xcf, 0xa9, 0xf4, 0x95, 0x88, 0x91, 0x8d, 0x29, 0x5c, 0x6c, 0x02, 0xff, 0x23, 0x2f, - 0x63, 0xc6, 0x89, 0xab, 0xa4, 0x87, 0xa6, 0xa4, 0xd8, 0x65, 0xba, 0x3e, 0x0f, 0xed, 0xc0, 0x38, - 0xf4, 0xbf, 0x2f, 0x00, 0xc4, 0x5e, 0xf1, 0x74, 0x00, 0x26, 0x2c, 0xd8, 0xe2, 0xee, 0x18, 0x49, - 0x72, 0x1f, 0x17, 0x86, 0xed, 0xdb, 0xfc, 0x52, 0x34, 0x37, 0x1f, 0xfc, 0x08, 0xaf, 0x47, 0xcb, - 0xdc, 0xeb, 0xbc, 0xe7, 0x0f, 0x3a, 0x6c, 0x2e, 0xce, 0x1f, 0xde, 0x42, 0xac, 0xbb, 0x88, 0x3a, - 0x27, 0x4b, 0x1e, 0xfa, 0xa6, 0x57, 0x28, 0x43, 0x26, 0xd2, 0xa4, 0xf0, 0xe4, 0x91, 0x26, 0xcb, - 0x4f, 0x10, 0x69, 0xb2, 0x72, 0xc1, 0x48, 0x93, 0x16, 0xac, 0xf5, 0x83, 0x0f, 0xfd, 0x20, 0x1c, - 0x8e, 0x1f, 0xa3, 0x95, 0x3a, 0xbe, 0xca, 0xa2, 0x9f, 0xda, 0x14, 0x65, 0xac, 0xbd, 0x71, 0xc1, - 0x8c, 0xf8, 0xe5, 0xe6, 0x8e, 0x88, 0xe4, 0x37, 0x21, 0xb6, 0x7a, 0x70, 0x44, 0xf4, 0xf9, 0xeb, - 0x6c, 0x57, 0x18, 0x45, 0xbe, 0x01, 0x49, 0xe3, 0x07, 0x8f, 0xf3, 0x64, 0x19, 0x5d, 0xe5, 0x02, - 0x19, 0xef, 0xab, 0x2b, 0xd9, 0x47, 0xb8, 0xdb, 0xeb, 0x2f, 0x72, 0x40, 0xb2, 0x8a, 0x93, 0x37, - 0xa1, 0xc8, 0xa6, 0x7e, 0x6f, 0x3c, 0xf9, 0x1e, 0x0f, 0x8f, 0x60, 0x38, 0x03, 0x12, 0x59, 0xc6, - 0x19, 0x60, 0x64, 0x7b, 0xf2, 0xbd, 0x01, 0xf9, 0x36, 0x3c, 0x83, 0x0d, 0x3f, 0xf2, 0xc7, 0xfd, - 0x61, 0xcf, 0x43, 0x50, 0xb8, 0xce, 0x80, 0xe7, 0xda, 0x79, 0x19, 0x93, 0xc2, 0x65, 0x8b, 0xe7, - 0x74, 0x10, 0x8c, 0x42, 0x68, 0x21, 0x67, 0x8b, 0x31, 0x12, 0x17, 0x54, 0x59, 0xfe, 0xe1, 0x74, - 0x30, 0xe0, 0x7d, 0xae, 0x44, 0x8f, 0xbf, 0xe9, 0xb2, 0x39, 0x15, 0x6f, 0xc6, 0x15, 0x57, 0xa7, - 0x83, 0x01, 0x79, 0x1d, 0x60, 0x18, 0x78, 0xe7, 0xfd, 0xc9, 0x84, 0x19, 0x32, 0xa2, 0x08, 0xa2, - 0x98, 0x2a, 0x37, 0xdf, 0x30, 0x68, 0x30, 0x22, 0x6d, 0xbe, 0x51, 0xe7, 0xcc, 0xc7, 0xb8, 0x5d, - 0xe6, 0xb4, 0xc2, 0xd1, 0xb3, 0x05, 0x31, 0xd9, 0x8d, 0xce, 0x7c, 0xa7, 0xff, 0xb1, 0x70, 0x75, - 0x7e, 0x0f, 0xb6, 0xb9, 0xbb, 0xe8, 0x69, 0x3f, 0x7c, 0xc4, 0xf7, 0xdd, 0x4f, 0xb3, 0x69, 0x97, - 0x36, 0xde, 0xff, 0x5a, 0x00, 0xd0, 0x4f, 0x1d, 0x01, 0x89, 0x71, 0x07, 0x96, 0xe9, 0x69, 0x42, - 0xdc, 0x4a, 0xe0, 0x9d, 0x2e, 0xd6, 0x2b, 0xdf, 0xe9, 0x22, 0x07, 0x9d, 0x27, 0x6c, 0xff, 0x0c, - 0x2f, 0xc6, 0x72, 0xf1, 0x15, 0xc6, 0x98, 0x91, 0x12, 0xbb, 0x57, 0x46, 0x22, 0x75, 0x80, 0x18, - 0xa4, 0x82, 0x9f, 0x6f, 0xb7, 0xe3, 0x68, 0x6f, 0x5e, 0xc0, 0x61, 0x91, 0x63, 0xa0, 0x0b, 0xb9, - 0xfb, 0xc4, 0x6c, 0xe4, 0x18, 0x0a, 0x6e, 0x27, 0x8a, 0x8f, 0x99, 0x03, 0xdd, 0xf1, 0x3c, 0xcf, - 0x85, 0x14, 0xc3, 0x77, 0x6c, 0x86, 0x9d, 0x44, 0xca, 0x38, 0xac, 0x84, 0x18, 0xb0, 0xc2, 0xf3, - 0x5c, 0xce, 0x81, 0x7c, 0xe2, 0x69, 0x2e, 0x39, 0xd0, 0x23, 0x12, 0xe5, 0xdd, 0x0e, 0xcf, 0x68, - 0xf9, 0x2a, 0xe4, 0x1d, 0xa7, 0xc1, 0x03, 0x56, 0x37, 0xe2, 0xb3, 0x8a, 0xe3, 0x34, 0x44, 0x5a, - 0xe0, 0x73, 0x49, 0x8c, 0x32, 0x93, 0xdf, 0x82, 0xa2, 0xb4, 0x11, 0xe7, 0xa1, 0xde, 0xf8, 0x0d, - 0xfa, 0x31, 0x59, 0x9e, 0xce, 0x24, 0x6e, 0x52, 0x07, 0xf5, 0x78, 0xfa, 0x81, 0xaf, 0x8f, 0x46, - 0x18, 0xc0, 0xf1, 0xa1, 0x3f, 0x66, 0x90, 0xcd, 0xab, 0x31, 0x46, 0xa2, 0xd7, 0x19, 0x8d, 0xbc, - 0x9e, 0x28, 0x95, 0x6f, 0x66, 0xd2, 0x92, 0xa4, 0x05, 0xdb, 0x8e, 0x1f, 0x4e, 0x47, 0xcc, 0x0d, - 0xa3, 0x3a, 0x1c, 0xd3, 0xa3, 0x09, 0x9b, 0x30, 0x10, 0x4e, 0x6e, 0x42, 0x0b, 0x85, 0xef, 0xcb, - 0xc3, 0xe1, 0x38, 0x75, 0x4c, 0xc9, 0x0a, 0x6b, 0xbe, 0xdc, 0xe4, 0x74, 0xbd, 0x4f, 0x1e, 0x78, - 0x70, 0xbd, 0x17, 0x07, 0x9e, 0xf8, 0x98, 0xf3, 0xd5, 0x19, 0xe0, 0x25, 0x68, 0x46, 0x93, 0xc0, - 0x4b, 0x12, 0x90, 0x25, 0x9f, 0x14, 0x24, 0xfc, 0x2c, 0xde, 0x16, 0x6f, 0x01, 0xbc, 0x33, 0xec, - 0x07, 0x0d, 0x3f, 0x7c, 0x34, 0xec, 0x49, 0x18, 0x2a, 0xc5, 0xdf, 0x1d, 0xf6, 0x03, 0xef, 0x1c, - 0xc9, 0xbf, 0xf8, 0xf4, 0xa6, 0xc4, 0x64, 0x4b, 0xff, 0x93, 0xaf, 0xc0, 0x1a, 0xfd, 0xe5, 0xc6, - 0xce, 0x24, 0xec, 0x02, 0x13, 0xa5, 0x79, 0x7a, 0xf1, 0x88, 0x81, 0xdc, 0x47, 0x5c, 0xf5, 0xfe, - 0x28, 0x94, 0xb6, 0xd5, 0x02, 0x44, 0xbd, 0x3f, 0x0a, 0xd3, 0x90, 0x88, 0x12, 0x33, 0xa9, 0x45, - 0xaa, 0x0b, 0x64, 0x7e, 0x0e, 0xdf, 0x8e, 0xb7, 0x74, 0xbc, 0xaf, 0x79, 0x02, 0x8b, 0x4d, 0xce, - 0xa1, 0x96, 0x12, 0x43, 0x25, 0x9c, 0x5a, 0x85, 0x99, 0x55, 0xf8, 0xea, 0xc6, 0x94, 0x98, 0x3c, - 0xea, 0x79, 0x5d, 0x24, 0x27, 0x94, 0x88, 0x98, 0xc9, 0x21, 0x6c, 0xb1, 0x48, 0xff, 0x28, 0xc3, - 0x0f, 0x5f, 0xe9, 0x70, 0x6e, 0x8b, 0x53, 0x00, 0xc9, 0x8f, 0x4f, 0x09, 0x90, 0x2a, 0x2c, 0xe3, - 0xd1, 0x92, 0x3b, 0x83, 0x5f, 0x97, 0xcf, 0xd4, 0xe9, 0x71, 0x84, 0xf3, 0x0a, 0x9e, 0xa6, 0xe5, - 0x79, 0x05, 0x59, 0xc9, 0x37, 0x01, 0x8c, 0x60, 0x3c, 0x1c, 0x0c, 0x10, 0x2d, 0x70, 0x15, 0x0f, - 0x66, 0x37, 0x92, 0xe3, 0x11, 0x6b, 0x89, 0x99, 0x38, 0xb2, 0x0d, 0xfe, 0xf6, 0x52, 0x98, 0x82, - 0x52, 0x5d, 0x9a, 0x09, 0x2b, 0x6c, 0x30, 0x22, 0xf2, 0x26, 0xc7, 0x12, 0x97, 0x70, 0x1b, 0x19, - 0xf2, 0x26, 0xa7, 0x67, 0x91, 0x37, 0x25, 0x01, 0xed, 0x18, 0x76, 0x66, 0xbd, 0x58, 0xe2, 0x30, - 0xac, 0x5c, 0xf4, 0x30, 0xfc, 0x77, 0x79, 0x58, 0xc7, 0xda, 0xc4, 0x2c, 0xac, 0xc3, 0x86, 0x33, - 0xfd, 0x20, 0x82, 0xa5, 0x10, 0xb3, 0x31, 0xea, 0x37, 0x91, 0x0b, 0x64, 0x83, 0x57, 0x42, 0x82, - 0x18, 0xb0, 0x29, 0x56, 0x82, 0x23, 0xe1, 0x60, 0x1e, 0x81, 0x5e, 0x0a, 0x68, 0xa5, 0x6c, 0x86, - 0xb3, 0x94, 0x50, 0xbc, 0x1e, 0xe4, 0x2f, 0xb3, 0x1e, 0x14, 0x2e, 0xb4, 0x1e, 0xbc, 0x0f, 0xeb, - 0xe2, 0x69, 0x38, 0x93, 0x2f, 0x3f, 0xdd, 0x4c, 0x9e, 0xa8, 0x8c, 0xd4, 0xa3, 0x19, 0x7d, 0x65, - 0xe1, 0x8c, 0x8e, 0x56, 0x44, 0x31, 0xca, 0x32, 0x49, 0x8b, 0x79, 0x1d, 0x98, 0x02, 0xe8, 0xa8, - 0xdc, 0x7a, 0x82, 0x55, 0xf2, 0x35, 0x58, 0xab, 0x0f, 0x85, 0x01, 0x49, 0xba, 0xb9, 0x1f, 0x08, - 0xa2, 0xbc, 0x5d, 0x88, 0x38, 0xa3, 0xd5, 0x2d, 0xff, 0x45, 0xac, 0x6e, 0xf7, 0x01, 0x78, 0xe4, - 0x42, 0x9c, 0xba, 0x03, 0x87, 0x8c, 0x88, 0x1a, 0x4e, 0x1a, 0x10, 0x24, 0x66, 0x3a, 0x3b, 0x71, - 0x57, 0x13, 0xbd, 0xdb, 0x1d, 0x4e, 0x83, 0x30, 0x91, 0xeb, 0x8e, 0x03, 0x10, 0xd0, 0x25, 0x01, - 0xcb, 0xe4, 0xe9, 0x21, 0x25, 0xf6, 0xc5, 0x36, 0x08, 0x79, 0x37, 0xf2, 0x91, 0x5b, 0x98, 0xfa, - 0x5b, 0xcb, 0x7c, 0xa1, 0xb9, 0x9e, 0x71, 0xda, 0x4f, 0x15, 0x19, 0x71, 0xf8, 0x09, 0x9a, 0xfa, - 0x0d, 0x80, 0xc8, 0x82, 0x2f, 0xda, 0x9a, 0x9d, 0xe4, 0x22, 0xaa, 0xfc, 0x95, 0x63, 0x5e, 0xe9, - 0x6d, 0xf2, 0x5f, 0xd4, 0xdb, 0xb8, 0x50, 0x6c, 0x7e, 0x37, 0xec, 0xc4, 0x2e, 0x1f, 0xe0, 0x44, - 0x3b, 0x59, 0x9c, 0x99, 0x44, 0x8a, 0xf2, 0x78, 0x1f, 0x3c, 0x37, 0x45, 0x79, 0x24, 0xa8, 0xbd, - 0x0b, 0x5b, 0x72, 0xfc, 0xe2, 0xe3, 0xa0, 0x4b, 0x7e, 0x87, 0xe1, 0x9f, 0x29, 0x89, 0x33, 0x8e, - 0xc4, 0x44, 0x67, 0xdc, 0xc7, 0x41, 0x97, 0xed, 0x7f, 0x3a, 0x1f, 0xc9, 0xba, 0xe2, 0xe9, 0xf3, - 0xe7, 0x0a, 0x90, 0x2c, 0xbb, 0x3c, 0x9b, 0x28, 0xbf, 0x82, 0xdd, 0x65, 0x6a, 0x57, 0x56, 0xb8, - 0xcc, 0xae, 0xac, 0xf4, 0x17, 0x0a, 0x6c, 0x99, 0x7a, 0x83, 0xc3, 0x03, 0x33, 0x4b, 0xc4, 0x6f, - 0xc0, 0x0d, 0x53, 0x6f, 0x78, 0xad, 0x66, 0xdd, 0x2c, 0x3f, 0xf0, 0x66, 0xa2, 0xfe, 0xdd, 0x80, - 0xe7, 0xb2, 0x2c, 0xb1, 0xc5, 0x62, 0x1f, 0x76, 0xb3, 0xc5, 0x02, 0x19, 0x70, 0xb6, 0xb0, 0x00, - 0x11, 0xcc, 0x97, 0xde, 0x86, 0x2d, 0x81, 0x82, 0xe7, 0xd6, 0x1d, 0xc4, 0xd9, 0xdd, 0x82, 0xe2, - 0x89, 0x61, 0x9b, 0xd5, 0x07, 0x5e, 0xb5, 0x5d, 0xaf, 0xab, 0x4b, 0x64, 0x03, 0xd6, 0x38, 0xa1, - 0xac, 0xab, 0x0a, 0x59, 0x87, 0x55, 0xd3, 0x72, 0x8c, 0x72, 0xdb, 0x36, 0xd4, 0x5c, 0xe9, 0x6d, - 0xd8, 0x6c, 0x8d, 0xfb, 0x1f, 0x76, 0x42, 0xff, 0xd8, 0x7f, 0x8c, 0x06, 0x87, 0x2b, 0x90, 0xb7, - 0xf5, 0x53, 0x75, 0x89, 0x00, 0xac, 0xb4, 0x8e, 0xcb, 0xce, 0xdd, 0xbb, 0xaa, 0x42, 0x8a, 0x70, - 0xe5, 0xa8, 0xdc, 0xf2, 0x8e, 0x1b, 0x8e, 0x9a, 0xa3, 0x3f, 0xf4, 0x53, 0x07, 0x7f, 0xe4, 0x4b, - 0x5f, 0x83, 0x6d, 0xdc, 0x2b, 0xd4, 0xfb, 0x93, 0xd0, 0x0f, 0xfc, 0x31, 0xea, 0xb0, 0x0e, 0xab, - 0x8e, 0x4f, 0x07, 0x79, 0xe8, 0x33, 0x05, 0x1a, 0xd3, 0x41, 0xd8, 0x1f, 0x0d, 0xfc, 0xef, 0xab, - 0x4a, 0xe9, 0x3e, 0x6c, 0xd9, 0xc3, 0x69, 0xd8, 0x0f, 0xce, 0x9c, 0x90, 0x72, 0x9c, 0x3d, 0x26, - 0xcf, 0xc2, 0x76, 0xdb, 0xd2, 0x1b, 0x87, 0xe6, 0x51, 0xbb, 0xd9, 0x76, 0xbc, 0x86, 0xee, 0x96, - 0x6b, 0xcc, 0xdc, 0xd1, 0x68, 0x3a, 0xae, 0x67, 0x1b, 0x65, 0xc3, 0x72, 0x55, 0xa5, 0xf4, 0x27, - 0x0a, 0x6c, 0xb6, 0x27, 0xdc, 0x45, 0xb7, 0x8d, 0x81, 0x76, 0xcf, 0xc3, 0x7e, 0xdb, 0x31, 0x6c, - 0xcf, 0x6d, 0x1e, 0x1b, 0x96, 0xd7, 0x76, 0xf4, 0xa3, 0x34, 0xe4, 0xe4, 0x4d, 0xb8, 0x2e, 0x71, - 0xd8, 0x46, 0xb9, 0x79, 0x62, 0xd8, 0x5e, 0x4b, 0x77, 0x9c, 0xd3, 0xa6, 0x5d, 0x51, 0x15, 0xb2, - 0x07, 0x57, 0x67, 0x30, 0x34, 0xaa, 0xba, 0x9a, 0xcb, 0x94, 0x59, 0xc6, 0xa9, 0x5e, 0xf7, 0x0e, - 0x9b, 0xae, 0x9a, 0x2f, 0x35, 0xe8, 0x42, 0x87, 0x50, 0x6b, 0x0c, 0x53, 0x7f, 0x15, 0x0a, 0x56, - 0xd3, 0x32, 0xd2, 0x26, 0xa9, 0x75, 0x58, 0xd5, 0x5b, 0x2d, 0xbb, 0x79, 0x82, 0x0d, 0x0a, 0xb0, - 0x52, 0x31, 0x2c, 0xaa, 0x59, 0x9e, 0x96, 0xb4, 0xec, 0x66, 0xa3, 0xe9, 0x1a, 0x15, 0xb5, 0x50, - 0xb2, 0xc5, 0x80, 0x11, 0x95, 0x76, 0x87, 0xcc, 0xfe, 0x53, 0x31, 0xaa, 0x7a, 0xbb, 0xee, 0xf2, - 0x0f, 0xf2, 0xc0, 0xb3, 0x8d, 0x77, 0xdb, 0x86, 0xe3, 0x3a, 0xaa, 0x42, 0x54, 0x58, 0xb7, 0x0c, - 0xa3, 0xe2, 0x78, 0xb6, 0x71, 0x62, 0x1a, 0xa7, 0x6a, 0x8e, 0xd6, 0xc9, 0xfe, 0xa7, 0x4f, 0x28, - 0x7d, 0xa2, 0x00, 0x61, 0x30, 0x75, 0x02, 0xfb, 0x1c, 0xdb, 0xe7, 0x00, 0xf6, 0x6a, 0xf4, 0xc3, - 0xe2, 0xab, 0x35, 0x9a, 0x95, 0xf4, 0x27, 0xbb, 0x0a, 0x24, 0x55, 0xde, 0xac, 0x56, 0x55, 0x85, - 0x5c, 0x87, 0x67, 0x52, 0xf4, 0x8a, 0xdd, 0x6c, 0xa9, 0xb9, 0xbd, 0xdc, 0xaa, 0x42, 0xae, 0x65, - 0x0a, 0x8f, 0x0d, 0xa3, 0xa5, 0xe6, 0x69, 0x13, 0xa5, 0x0a, 0x44, 0x07, 0x64, 0xe2, 0x85, 0xd2, - 0x0f, 0x14, 0xb8, 0xca, 0xd4, 0x14, 0xbd, 0x39, 0x52, 0x75, 0x1f, 0x76, 0x39, 0xf8, 0xe6, 0x2c, - 0x45, 0x77, 0x40, 0x4d, 0x94, 0x32, 0x35, 0x9f, 0x85, 0xed, 0x04, 0x15, 0xf5, 0xc8, 0xd1, 0xb1, - 0x9a, 0x20, 0x1f, 0x1a, 0x8e, 0xeb, 0x19, 0xd5, 0x6a, 0xd3, 0x76, 0x99, 0x22, 0xf9, 0x92, 0x06, - 0xdb, 0x65, 0x7f, 0x1c, 0xd2, 0x33, 0x48, 0x30, 0xe9, 0x0f, 0x03, 0x54, 0x61, 0x03, 0xd6, 0x8c, - 0x6f, 0xba, 0x86, 0xe5, 0x98, 0x4d, 0x4b, 0x5d, 0x2a, 0xed, 0xa7, 0x78, 0xc4, 0xa8, 0x71, 0x9c, - 0x9a, 0xba, 0x54, 0xea, 0xc0, 0x86, 0x70, 0x89, 0x65, 0xbd, 0xe2, 0x00, 0xf6, 0x44, 0x5f, 0xc3, - 0xf1, 0x9b, 0x7e, 0x85, 0x5d, 0xd8, 0xc9, 0x96, 0x1b, 0xae, 0xaa, 0xd0, 0x56, 0x48, 0x95, 0x50, - 0x7a, 0xae, 0xf4, 0x87, 0x0a, 0x6c, 0x44, 0xb6, 0x08, 0xbc, 0x49, 0xbd, 0x09, 0xd7, 0x1b, 0x55, - 0xdd, 0xab, 0x18, 0x27, 0x66, 0xd9, 0xf0, 0x8e, 0x4d, 0xab, 0x92, 0x7a, 0xc8, 0x73, 0xf0, 0xec, - 0x0c, 0x06, 0x7c, 0xca, 0x2e, 0xec, 0xa4, 0x8b, 0xdc, 0xa6, 0x4b, 0xbf, 0xd7, 0x3e, 0xec, 0xa6, - 0x4b, 0x4e, 0x8d, 0x43, 0xbd, 0xed, 0xd6, 0x2c, 0x35, 0x5f, 0xfa, 0x5b, 0x05, 0x76, 0x79, 0xae, - 0x53, 0x6e, 0x15, 0x61, 0xa8, 0xe3, 0x08, 0xcb, 0x57, 0x82, 0xdb, 0xae, 0xdd, 0x76, 0x5c, 0xa3, - 0x22, 0xc4, 0x69, 0xa7, 0x35, 0x6d, 0xa3, 0x61, 0x58, 0x6e, 0x4a, 0xb7, 0x97, 0xe0, 0xcb, 0x0b, - 0x78, 0xad, 0xa6, 0x2b, 0x7e, 0xd3, 0xb1, 0xfa, 0x65, 0x78, 0x61, 0x01, 0x73, 0xc4, 0x98, 0x2b, - 0x7d, 0x0b, 0xd6, 0x13, 0x99, 0x54, 0xae, 0xc1, 0x33, 0xf2, 0xef, 0x96, 0x1f, 0xf4, 0xfa, 0xc1, - 0x99, 0xba, 0x94, 0x2e, 0xb0, 0xa7, 0x41, 0x40, 0x0b, 0x70, 0x5a, 0x90, 0x0b, 0x5c, 0x7f, 0x7c, - 0xde, 0x0f, 0x3a, 0xa1, 0xdf, 0x53, 0x73, 0xa5, 0x57, 0x60, 0x23, 0x81, 0xdf, 0x48, 0xdb, 0xbf, - 0xde, 0xe4, 0xb3, 0x66, 0xc3, 0xa8, 0x98, 0xed, 0x86, 0xba, 0x4c, 0x27, 0x84, 0x9a, 0x79, 0x54, - 0x53, 0xa1, 0xf4, 0x23, 0x85, 0xee, 0xdb, 0xf1, 0xfb, 0x34, 0xaa, 0xba, 0xe8, 0x31, 0xb4, 0xb7, - 0x32, 0x54, 0x58, 0xc3, 0x71, 0x98, 0x41, 0x77, 0x1f, 0x76, 0xf9, 0x0f, 0x4f, 0xb7, 0x2a, 0x5e, - 0x4d, 0xb7, 0x2b, 0xa7, 0xba, 0x4d, 0xbb, 0xf0, 0x03, 0x35, 0x87, 0xe3, 0x52, 0xa2, 0x78, 0x6e, - 0xb3, 0x5d, 0xae, 0xa9, 0x79, 0x3a, 0x0c, 0x12, 0xf4, 0x96, 0x69, 0xa9, 0x05, 0x1c, 0xe5, 0x19, - 0x6e, 0xac, 0x96, 0x96, 0x2f, 0x97, 0xfa, 0xa0, 0xa6, 0x43, 0x9c, 0x33, 0x96, 0x75, 0xbb, 0x6d, - 0x59, 0x6c, 0x1a, 0xdb, 0x82, 0x62, 0xd3, 0xad, 0x19, 0x36, 0xc7, 0xed, 0x45, 0xa0, 0xde, 0xb6, - 0x45, 0x7b, 0x43, 0xd3, 0x36, 0xdf, 0xc3, 0xf9, 0x6c, 0x17, 0x76, 0x9c, 0xba, 0x5e, 0x3e, 0xc6, - 0x46, 0x33, 0x2d, 0xaf, 0x5c, 0xd3, 0x2d, 0xcb, 0xa8, 0xab, 0x50, 0xfa, 0x6b, 0x85, 0x99, 0xb8, - 0x67, 0xc5, 0x42, 0x91, 0xaf, 0xc0, 0x8b, 0xcd, 0x63, 0x57, 0xf7, 0x5a, 0xf5, 0xf6, 0x91, 0x69, - 0x79, 0xce, 0x03, 0xab, 0x2c, 0x56, 0xba, 0x72, 0x76, 0xc8, 0xbf, 0x08, 0xb7, 0x16, 0x72, 0xc7, - 0x08, 0xbb, 0xb7, 0x41, 0x5b, 0xc8, 0xc9, 0x5f, 0xa4, 0xf4, 0x33, 0x05, 0xae, 0x2f, 0x30, 0x0d, - 0x92, 0x97, 0xe1, 0x4e, 0xcd, 0xd0, 0x2b, 0x75, 0xc3, 0x71, 0x3c, 0xfa, 0xbe, 0x86, 0xe5, 0x72, - 0x0b, 0xfc, 0xcc, 0x01, 0x7d, 0x07, 0xbe, 0xb4, 0x98, 0x3d, 0x5e, 0x1a, 0x5e, 0x84, 0x5b, 0x8b, - 0x59, 0xf9, 0x52, 0x91, 0xa3, 0x03, 0x6a, 0x31, 0x67, 0xb4, 0xc4, 0xe4, 0x4b, 0x3f, 0x54, 0xe0, - 0xea, 0xec, 0x13, 0x35, 0xd5, 0xcd, 0xb4, 0x1c, 0x57, 0xaf, 0xd7, 0xbd, 0x96, 0x6e, 0xeb, 0x0d, - 0xcf, 0xb0, 0xec, 0x66, 0xbd, 0x3e, 0x6b, 0x6a, 0xbd, 0x05, 0xcf, 0xcf, 0x67, 0x75, 0xca, 0xb6, - 0xd9, 0xa2, 0xb3, 0x87, 0x06, 0x07, 0xf3, 0xb9, 0x0c, 0xb3, 0x6c, 0xa8, 0xb9, 0xc3, 0xb7, 0x7e, - 0xf2, 0xef, 0x07, 0x4b, 0x3f, 0xf9, 0xec, 0x40, 0xf9, 0xf9, 0x67, 0x07, 0xca, 0xbf, 0x7d, 0x76, - 0xa0, 0xbc, 0xf7, 0xd2, 0x25, 0x72, 0x98, 0x7f, 0xb0, 0x82, 0x2e, 0x27, 0xf7, 0xfe, 0x2f, 0x00, - 0x00, 0xff, 0xff, 0xe6, 0x6b, 0xe4, 0x7a, 0xb3, 0x98, 0x01, 0x00, + // 27793 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xfd, 0x7b, 0x8c, 0x5c, 0x59, + 0x7a, 0x18, 0x86, 0x4f, 0x55, 0xf5, 0xa3, 0xfa, 0xeb, 0x57, 0xf5, 0x69, 0x3e, 0x9a, 0x9c, 0x21, + 0x8b, 0x73, 0x39, 0xc3, 0x21, 0xe7, 0x41, 0x2e, 0x9b, 0x3b, 0xdc, 0x9d, 0x9d, 0x67, 0x75, 0x57, + 0x93, 0x5d, 0x64, 0xb3, 0xbb, 0xf7, 0x56, 0x93, 0xdc, 0xd1, 0x3e, 0xee, 0xde, 0xae, 0x3a, 0xdd, + 0x7d, 0x87, 0x55, 0x75, 0x6b, 0xef, 0xbd, 0xc5, 0x66, 0xaf, 0xec, 0x9f, 0x25, 0xd9, 0xeb, 0xfd, + 0x19, 0x8e, 0x2c, 0x29, 0x96, 0x22, 0x39, 0x90, 0x05, 0x41, 0x8e, 0x1d, 0xc5, 0x81, 0x85, 0x44, + 0xb2, 0x91, 0x04, 0x42, 0x64, 0x29, 0x10, 0x94, 0x8d, 0x0c, 0xc4, 0x02, 0xe2, 0xbc, 0x36, 0x42, + 0x2b, 0x8a, 0x8c, 0x20, 0x20, 0x12, 0x40, 0x8e, 0x01, 0x27, 0x99, 0x40, 0x76, 0x70, 0xbe, 0xf3, + 0xb8, 0xe7, 0xdc, 0x7b, 0xab, 0xba, 0x38, 0xc3, 0xb1, 0xc5, 0x85, 0xfe, 0x21, 0xbb, 0xbe, 0xf3, + 0x7d, 0xdf, 0xb9, 0xe7, 0xfd, 0x9d, 0xef, 0x7c, 0x0f, 0x78, 0x31, 0xa2, 0x2d, 0xda, 0xf5, 0x83, + 0xe8, 0x4a, 0x8b, 0xee, 0xba, 0x8d, 0x83, 0x2b, 0xd1, 0x41, 0x97, 0x86, 0xfc, 0xdf, 0xcb, 0xdd, + 0xc0, 0x8f, 0x7c, 0x32, 0x8a, 0x3f, 0x4e, 0x1f, 0xdb, 0xf5, 0x77, 0x7d, 0x84, 0x5c, 0x61, 0x7f, + 0xf1, 0xc2, 0xd3, 0x67, 0x77, 0x7d, 0x7f, 0xb7, 0x45, 0xaf, 0xe0, 0xaf, 0xed, 0xde, 0xce, 0x95, + 0x66, 0x2f, 0x70, 0x23, 0xcf, 0xef, 0x88, 0xf2, 0x72, 0xb2, 0x3c, 0xf2, 0xda, 0x34, 0x8c, 0xdc, + 0x76, 0x57, 0x20, 0x5c, 0x52, 0x1f, 0xe0, 0x46, 0x11, 0x2b, 0x61, 0xc4, 0x57, 0x1e, 0x5e, 0xd5, + 0x7f, 0x0a, 0xd4, 0x37, 0xb2, 0xbf, 0x75, 0x3f, 0x70, 0xbb, 0x5d, 0x1a, 0xc4, 0x7f, 0x70, 0x74, + 0xeb, 0x17, 0x0a, 0x30, 0x71, 0x9b, 0xd2, 0x6e, 0xa5, 0xe5, 0x3d, 0xa4, 0xe4, 0x3c, 0x8c, 0xac, + 0xbb, 0x6d, 0xba, 0x90, 0x3b, 0x97, 0xbb, 0x38, 0xb1, 0x34, 0xfb, 0xf8, 0xb0, 0x3c, 0x19, 0xd2, + 0xe0, 0x21, 0x0d, 0x9c, 0x8e, 0xdb, 0xa6, 0x36, 0x16, 0x92, 0xd7, 0x60, 0x82, 0xfd, 0x1f, 0x76, + 0xdd, 0x06, 0x5d, 0xc8, 0x23, 0xe6, 0xf4, 0xe3, 0xc3, 0xf2, 0x44, 0x47, 0x02, 0xed, 0xb8, 0x9c, + 0xd4, 0x60, 0x7c, 0xe5, 0x51, 0xd7, 0x0b, 0x68, 0xb8, 0x30, 0x72, 0x2e, 0x77, 0x71, 0x72, 0xf1, + 0xf4, 0x65, 0xde, 0xd8, 0xcb, 0xb2, 0xb1, 0x97, 0xb7, 0x64, 0x63, 0x97, 0xe6, 0xbf, 0x77, 0x58, + 0x7e, 0xee, 0xf1, 0x61, 0x79, 0x9c, 0x72, 0x92, 0x9f, 0xfc, 0x83, 0x72, 0xce, 0x96, 0xf4, 0xe4, + 0x1d, 0x18, 0xd9, 0x3a, 0xe8, 0xd2, 0x85, 0x89, 0x73, 0xb9, 0x8b, 0x33, 0x8b, 0x67, 0x2f, 0xf3, + 0xee, 0x57, 0x1f, 0x1f, 0xff, 0xc5, 0xb0, 0x96, 0x8a, 0x8f, 0x0f, 0xcb, 0x23, 0x0c, 0xc5, 0x46, + 0x2a, 0xf2, 0x06, 0x8c, 0xad, 0xfa, 0x61, 0x54, 0xab, 0x2e, 0x00, 0x7e, 0xf2, 0xf1, 0xc7, 0x87, + 0xe5, 0xb9, 0x3d, 0x3f, 0x8c, 0x1c, 0xaf, 0xf9, 0xba, 0xdf, 0xf6, 0x22, 0xda, 0xee, 0x46, 0x07, + 0xb6, 0x40, 0xb2, 0x1e, 0xc1, 0xb4, 0xc1, 0x8f, 0x4c, 0xc2, 0xf8, 0xdd, 0xf5, 0xdb, 0xeb, 0x1b, + 0xf7, 0xd7, 0x4b, 0xcf, 0x91, 0x22, 0x8c, 0xac, 0x6f, 0x54, 0x57, 0x4a, 0x39, 0x32, 0x0e, 0x85, + 0xca, 0xe6, 0x66, 0x29, 0x4f, 0xa6, 0xa0, 0x58, 0xad, 0x6c, 0x55, 0x96, 0x2a, 0xf5, 0x95, 0x52, + 0x81, 0xcc, 0xc3, 0xec, 0xfd, 0xda, 0x7a, 0x75, 0xe3, 0x7e, 0xdd, 0xa9, 0xae, 0xd4, 0x6f, 0x6f, + 0x6d, 0x6c, 0x96, 0x46, 0xc8, 0x0c, 0xc0, 0xed, 0xbb, 0x4b, 0x2b, 0xf6, 0xfa, 0xca, 0xd6, 0x4a, + 0xbd, 0x34, 0x4a, 0x8e, 0x41, 0x49, 0x92, 0x38, 0xf5, 0x15, 0xfb, 0x5e, 0x6d, 0x79, 0xa5, 0x34, + 0x76, 0x6b, 0xa4, 0x58, 0x28, 0x8d, 0xd8, 0xe3, 0x6b, 0xd4, 0x0d, 0x69, 0xad, 0x6a, 0xfd, 0xad, + 0x02, 0x14, 0xef, 0xd0, 0xc8, 0x6d, 0xba, 0x91, 0x4b, 0x5e, 0x30, 0xc6, 0x07, 0x9b, 0xa8, 0x0d, + 0xcc, 0xf9, 0xf4, 0xc0, 0x8c, 0x3e, 0x3e, 0x2c, 0xe7, 0xde, 0xd0, 0x07, 0xe4, 0x6d, 0x98, 0xac, + 0xd2, 0xb0, 0x11, 0x78, 0x5d, 0x36, 0x69, 0x16, 0x0a, 0x88, 0x76, 0xea, 0xf1, 0x61, 0xf9, 0x78, + 0x33, 0x06, 0x6b, 0x1d, 0xa2, 0x63, 0x93, 0x1a, 0x8c, 0xad, 0xb9, 0xdb, 0xb4, 0x15, 0x2e, 0x8c, + 0x9e, 0x2b, 0x5c, 0x9c, 0x5c, 0x7c, 0x5e, 0x0c, 0x82, 0xfc, 0xc0, 0xcb, 0xbc, 0x74, 0xa5, 0x13, + 0x05, 0x07, 0x4b, 0xc7, 0x1e, 0x1f, 0x96, 0x4b, 0x2d, 0x04, 0xe8, 0x1d, 0xcc, 0x51, 0x48, 0x3d, + 0x9e, 0x18, 0x63, 0x47, 0x4e, 0x8c, 0x33, 0xdf, 0x3b, 0x2c, 0xe7, 0xd8, 0x80, 0x89, 0x89, 0x11, + 0xf3, 0x33, 0xa7, 0xc8, 0x22, 0x14, 0x6d, 0xfa, 0xd0, 0x0b, 0x59, 0xcb, 0x8a, 0xd8, 0xb2, 0x13, + 0x8f, 0x0f, 0xcb, 0x24, 0x10, 0x30, 0xed, 0x33, 0x14, 0xde, 0xe9, 0xb7, 0x60, 0x52, 0xfb, 0x6a, + 0x52, 0x82, 0xc2, 0x03, 0x7a, 0xc0, 0x7b, 0xd8, 0x66, 0x7f, 0x92, 0x63, 0x30, 0xfa, 0xd0, 0x6d, + 0xf5, 0x44, 0x97, 0xda, 0xfc, 0xc7, 0x97, 0xf2, 0x5f, 0xcc, 0xdd, 0x1a, 0x29, 0x8e, 0x97, 0x8a, + 0x76, 0xbe, 0x56, 0xb5, 0xfe, 0xed, 0x11, 0x28, 0xda, 0x3e, 0x5f, 0x88, 0xe4, 0x12, 0x8c, 0xd6, + 0x23, 0x37, 0x92, 0xc3, 0x34, 0xff, 0xf8, 0xb0, 0x3c, 0xcb, 0x16, 0x29, 0xd5, 0xea, 0xe7, 0x18, + 0x0c, 0x75, 0x73, 0xcf, 0x0d, 0xe5, 0x70, 0x21, 0x6a, 0x97, 0x01, 0x74, 0x54, 0xc4, 0x20, 0x17, + 0x60, 0xe4, 0x8e, 0xdf, 0xa4, 0x62, 0xc4, 0xc8, 0xe3, 0xc3, 0xf2, 0x4c, 0xdb, 0x6f, 0xea, 0x88, + 0x58, 0x4e, 0x5e, 0x87, 0x89, 0xe5, 0x5e, 0x10, 0xd0, 0x0e, 0x9b, 0xeb, 0x23, 0x88, 0x3c, 0xf3, + 0xf8, 0xb0, 0x0c, 0x0d, 0x0e, 0x74, 0xbc, 0xa6, 0x1d, 0x23, 0xb0, 0x61, 0xa8, 0x47, 0x6e, 0x10, + 0xd1, 0xe6, 0xc2, 0xe8, 0x50, 0xc3, 0xc0, 0xd6, 0xe7, 0x5c, 0xc8, 0x49, 0x92, 0xc3, 0x20, 0x38, + 0x91, 0x55, 0x98, 0xbc, 0x19, 0xb8, 0x0d, 0xba, 0x49, 0x03, 0xcf, 0x6f, 0xe2, 0xf8, 0x16, 0x96, + 0x2e, 0x3c, 0x3e, 0x2c, 0x9f, 0xd8, 0x65, 0x60, 0xa7, 0x8b, 0xf0, 0x98, 0xfa, 0xe3, 0xc3, 0x72, + 0xb1, 0x2a, 0xb6, 0x44, 0x5b, 0x27, 0x25, 0xdf, 0x64, 0x83, 0x13, 0x46, 0xd8, 0xb5, 0xb4, 0xb9, + 0x30, 0x7e, 0xe4, 0x27, 0x5a, 0xe2, 0x13, 0x4f, 0xb4, 0xdc, 0x30, 0x72, 0x02, 0x4e, 0x97, 0xf8, + 0x4e, 0x9d, 0x25, 0xd9, 0x80, 0x62, 0xbd, 0xb1, 0x47, 0x9b, 0xbd, 0x16, 0xc5, 0x29, 0x33, 0xb9, + 0x78, 0x52, 0x4c, 0x6a, 0x39, 0x9e, 0xb2, 0x78, 0xe9, 0xb4, 0xe0, 0x4d, 0x42, 0x01, 0xd1, 0xe7, + 0x93, 0xc4, 0xfa, 0x52, 0xf1, 0xe7, 0x7e, 0xb1, 0xfc, 0xdc, 0x8f, 0xfc, 0xfe, 0xb9, 0xe7, 0xac, + 0xff, 0x24, 0x0f, 0xa5, 0x24, 0x13, 0xb2, 0x03, 0xd3, 0x77, 0xbb, 0x4d, 0x37, 0xa2, 0xcb, 0x2d, + 0x8f, 0x76, 0xa2, 0x10, 0x27, 0xc9, 0xe0, 0x36, 0xbd, 0x24, 0xea, 0x5d, 0xe8, 0x21, 0xa1, 0xd3, + 0xe0, 0x94, 0x89, 0x56, 0x99, 0x6c, 0xe3, 0x7a, 0xea, 0xb8, 0x81, 0x87, 0x38, 0xc3, 0x9e, 0xac, + 0x1e, 0xbe, 0xf5, 0xf7, 0xa9, 0x47, 0xb0, 0x15, 0x13, 0xa8, 0xd3, 0xdc, 0x3e, 0xc0, 0x99, 0x39, + 0xfc, 0x04, 0x62, 0x24, 0x19, 0x13, 0x88, 0x81, 0xad, 0x7f, 0x9a, 0x83, 0x19, 0x9b, 0x86, 0x7e, + 0x2f, 0x68, 0xd0, 0x55, 0xea, 0x36, 0x69, 0xc0, 0xa6, 0xff, 0x6d, 0xaf, 0xd3, 0x14, 0x6b, 0x0a, + 0xa7, 0xff, 0x03, 0xaf, 0xa3, 0x6f, 0xdd, 0x58, 0x4e, 0x3e, 0x07, 0xe3, 0xf5, 0xde, 0x36, 0xa2, + 0xe6, 0xe3, 0x1d, 0x20, 0xec, 0x6d, 0x3b, 0x09, 0x74, 0x89, 0x46, 0xae, 0xc0, 0xf8, 0x3d, 0x1a, + 0x84, 0xf1, 0x6e, 0x88, 0x47, 0xc3, 0x43, 0x0e, 0xd2, 0x09, 0x04, 0x16, 0xb9, 0x19, 0xef, 0xc8, + 0xe2, 0x50, 0x9b, 0x4d, 0xec, 0x83, 0xf1, 0x54, 0x69, 0x0b, 0x88, 0x3e, 0x55, 0x24, 0x96, 0xf5, + 0x53, 0x79, 0x28, 0x55, 0xdd, 0xc8, 0xdd, 0x76, 0x43, 0xd1, 0x9f, 0xf7, 0xae, 0xb1, 0x3d, 0x5e, + 0x6b, 0x28, 0xee, 0xf1, 0xec, 0xcb, 0x3f, 0x71, 0xf3, 0x5e, 0x4e, 0x36, 0x6f, 0x92, 0x9d, 0xb0, + 0xa2, 0x79, 0x71, 0xa3, 0xde, 0x3d, 0xba, 0x51, 0x25, 0xd1, 0xa8, 0xa2, 0x6c, 0x54, 0xdc, 0x14, + 0xf2, 0x2e, 0x8c, 0xd4, 0xbb, 0xb4, 0x21, 0x36, 0x11, 0x79, 0x2e, 0x98, 0x8d, 0x63, 0x08, 0xf7, + 0xae, 0x2d, 0x4d, 0x09, 0x36, 0x23, 0x61, 0x97, 0x36, 0x6c, 0x24, 0xd3, 0x16, 0xcd, 0x7f, 0x5a, + 0x80, 0x63, 0x59, 0x64, 0x7a, 0x3b, 0xc6, 0x06, 0xb4, 0xe3, 0x22, 0x14, 0xd9, 0x11, 0xce, 0x8e, + 0x45, 0xdc, 0x2e, 0x26, 0x96, 0xa6, 0xd8, 0x27, 0xef, 0x09, 0x98, 0xad, 0x4a, 0xc9, 0x79, 0x25, + 0x11, 0x14, 0x63, 0x7e, 0x42, 0x22, 0x90, 0x72, 0x00, 0x1b, 0x6b, 0xb9, 0x84, 0x51, 0x70, 0x88, + 0xbb, 0x45, 0x82, 0xe3, 0xb1, 0x0e, 0x04, 0xc4, 0x38, 0x66, 0xe4, 0xa1, 0xb0, 0x02, 0x45, 0xd9, + 0xac, 0x85, 0x29, 0x64, 0x34, 0x97, 0xe8, 0xa4, 0x7b, 0xd7, 0xf8, 0x60, 0x36, 0xc5, 0x6f, 0x9d, + 0x8d, 0xc4, 0x21, 0xd7, 0xa0, 0xb8, 0x19, 0xf8, 0x8f, 0x0e, 0x6a, 0xd5, 0x70, 0x61, 0xfa, 0x5c, + 0xe1, 0xe2, 0xc4, 0xd2, 0xc9, 0xc7, 0x87, 0xe5, 0xf9, 0x2e, 0x83, 0x39, 0x5e, 0x53, 0x3f, 0x69, + 0x15, 0xe2, 0xad, 0x91, 0x62, 0xae, 0x94, 0xbf, 0x35, 0x52, 0xcc, 0x97, 0x0a, 0x5c, 0xbc, 0xb8, + 0x35, 0x52, 0x1c, 0x29, 0x8d, 0xde, 0x1a, 0x29, 0x8e, 0xa2, 0xc0, 0x31, 0x51, 0x82, 0x5b, 0x23, + 0xc5, 0xc9, 0xd2, 0x94, 0x71, 0xda, 0x23, 0x83, 0xc8, 0x6f, 0xf8, 0x2d, 0xbb, 0x70, 0xd7, 0xae, + 0xd9, 0x63, 0xcb, 0x95, 0x65, 0x1a, 0x44, 0x76, 0xa1, 0x72, 0xbf, 0x6e, 0x4f, 0x57, 0x0f, 0x3a, + 0x6e, 0xdb, 0x6b, 0xf0, 0xa3, 0xd3, 0x2e, 0xdc, 0x5c, 0xde, 0xb4, 0x2a, 0x30, 0x13, 0xb7, 0x65, + 0xcd, 0x0b, 0x23, 0x72, 0x05, 0x26, 0x24, 0x84, 0x6d, 0x74, 0x85, 0xcc, 0x56, 0xdb, 0x31, 0x8e, + 0xf5, 0x3b, 0x79, 0x80, 0xb8, 0xe4, 0x19, 0x5d, 0x0b, 0x5f, 0x30, 0xd6, 0xc2, 0xf1, 0xe4, 0x5a, + 0xe8, 0xbb, 0x0a, 0xc8, 0xfb, 0x30, 0xc6, 0xc4, 0x82, 0x9e, 0x14, 0x89, 0x4e, 0x26, 0x49, 0xb1, + 0xf0, 0xde, 0xb5, 0xa5, 0x19, 0x41, 0x3c, 0x16, 0x22, 0xc4, 0x16, 0x64, 0xda, 0x32, 0xfa, 0x85, + 0xf1, 0x78, 0x30, 0xc4, 0x02, 0xba, 0x08, 0x6a, 0x40, 0x45, 0x87, 0xe2, 0xca, 0xe8, 0xca, 0x41, + 0x56, 0xa5, 0xe4, 0x14, 0xb0, 0x01, 0x17, 0x9d, 0x3a, 0xfe, 0xf8, 0xb0, 0x5c, 0xe8, 0x05, 0x1e, + 0x4e, 0x02, 0x72, 0x05, 0xc4, 0x34, 0x10, 0x1d, 0xc8, 0x66, 0xdf, 0x5c, 0xc3, 0x75, 0x1a, 0x34, + 0x88, 0xe2, 0x1e, 0x5f, 0xc8, 0xc9, 0xd9, 0x42, 0xba, 0x60, 0x4e, 0x95, 0x85, 0x11, 0x9c, 0x06, + 0x17, 0x33, 0x7b, 0xe5, 0xb2, 0x81, 0xca, 0xc5, 0xc8, 0x73, 0xf2, 0x54, 0x6a, 0xf2, 0x32, 0x27, + 0x25, 0x52, 0x9a, 0x15, 0x90, 0x6b, 0xc0, 0x66, 0xa8, 0xe8, 0x7d, 0x10, 0xf5, 0x54, 0xee, 0xd7, + 0x97, 0x8e, 0x0b, 0x4e, 0xd3, 0xee, 0xbe, 0x4e, 0xce, 0xb0, 0xc9, 0xdb, 0xc0, 0xa6, 0xb0, 0xe8, + 0x77, 0x22, 0x88, 0x6e, 0x2e, 0x6f, 0x2e, 0xb7, 0xfc, 0x5e, 0xb3, 0xfe, 0xe5, 0xb5, 0x98, 0x78, + 0xb7, 0xd1, 0xd5, 0x89, 0x6f, 0x2e, 0x6f, 0x92, 0xb7, 0x61, 0xb4, 0xf2, 0xed, 0x5e, 0x40, 0x85, + 0x7c, 0x32, 0x25, 0xeb, 0x64, 0xb0, 0xa5, 0x93, 0x82, 0x70, 0xd6, 0x65, 0x3f, 0x75, 0xb9, 0x0e, + 0xcb, 0x59, 0xcd, 0x5b, 0x6b, 0x75, 0x21, 0x7b, 0x90, 0x44, 0xb7, 0x6c, 0xad, 0x69, 0x9f, 0x1d, + 0x19, 0xad, 0x66, 0x54, 0xe4, 0x0a, 0xe4, 0x2b, 0x55, 0xbc, 0x11, 0x4d, 0x2e, 0x4e, 0xc8, 0x6a, + 0xab, 0x4b, 0xc7, 0x04, 0xc9, 0x94, 0xab, 0x2f, 0x83, 0x7c, 0xa5, 0x4a, 0x96, 0x60, 0xf4, 0xce, + 0x41, 0xfd, 0xcb, 0x6b, 0x62, 0x33, 0x9b, 0x97, 0xf3, 0x9a, 0xc1, 0x36, 0x70, 0xd9, 0x87, 0xf1, + 0x17, 0xb7, 0x0f, 0xc2, 0x6f, 0xb5, 0xf4, 0x2f, 0x46, 0x34, 0xb2, 0x09, 0x13, 0x95, 0x66, 0xdb, + 0xeb, 0xdc, 0x0d, 0x69, 0xb0, 0x30, 0x89, 0x7c, 0x16, 0x12, 0xdf, 0xad, 0xca, 0x97, 0x16, 0x1e, + 0x1f, 0x96, 0x8f, 0xb9, 0xec, 0xa7, 0xd3, 0x0b, 0x69, 0xa0, 0x71, 0x8b, 0x99, 0x90, 0x4d, 0x80, + 0x3b, 0x7e, 0x67, 0xd7, 0xaf, 0x44, 0x2d, 0x37, 0x4c, 0x6c, 0x8f, 0x71, 0x81, 0x12, 0x1f, 0x8e, + 0xb7, 0x19, 0xcc, 0x71, 0x19, 0x50, 0x63, 0xa8, 0xf1, 0x20, 0x37, 0x60, 0x6c, 0x23, 0x70, 0x1b, + 0x2d, 0xba, 0x30, 0x8d, 0xdc, 0x8e, 0x09, 0x6e, 0x1c, 0x28, 0x5b, 0xba, 0x20, 0x18, 0x96, 0x7c, + 0x04, 0xeb, 0xd7, 0x14, 0x8e, 0x78, 0xfa, 0x3e, 0x90, 0xf4, 0x9c, 0xcc, 0xb8, 0x24, 0xbc, 0xa6, + 0x5f, 0x12, 0xe2, 0x45, 0xbf, 0xec, 0xb7, 0xdb, 0x6e, 0xa7, 0x89, 0xb4, 0xf7, 0x16, 0xb5, 0xbb, + 0x83, 0xf5, 0x2d, 0x98, 0x4b, 0x75, 0xd6, 0x11, 0xf7, 0xbb, 0xf7, 0x60, 0xb6, 0x4a, 0x77, 0xdc, + 0x5e, 0x2b, 0x52, 0x27, 0x09, 0x5f, 0xa2, 0x78, 0xd3, 0x6a, 0xf2, 0x22, 0x47, 0x1e, 0x1f, 0x76, + 0x12, 0xd9, 0x7a, 0x17, 0xa6, 0x8d, 0xe6, 0xb3, 0xab, 0x42, 0xa5, 0xd7, 0xf4, 0x22, 0x1c, 0xc8, + 0x5c, 0x7c, 0x55, 0x70, 0x19, 0x10, 0x87, 0xcb, 0x8e, 0x11, 0xac, 0x7f, 0x4f, 0x97, 0x56, 0xc4, + 0x4e, 0xc4, 0xae, 0xd5, 0x62, 0x3f, 0xc8, 0xc5, 0xb2, 0x53, 0x6a, 0x3f, 0x50, 0xbb, 0xc1, 0x25, + 0xbe, 0x36, 0xf3, 0xa9, 0xb5, 0x39, 0x29, 0x46, 0xa2, 0xe0, 0xee, 0x87, 0x7c, 0x45, 0xaa, 0x99, + 0x5a, 0xf8, 0xe4, 0x33, 0xf5, 0x7d, 0x98, 0xba, 0xe3, 0x76, 0xdc, 0x5d, 0xda, 0x64, 0x2d, 0xe0, + 0x7b, 0xcf, 0xc4, 0xd2, 0xf3, 0x8f, 0x0f, 0xcb, 0x27, 0xdb, 0x1c, 0x8e, 0xad, 0xd4, 0x27, 0x91, + 0x41, 0x40, 0xae, 0xca, 0x95, 0x3d, 0x9a, 0xb1, 0xb2, 0xa7, 0x45, 0xed, 0xa3, 0xb8, 0xb2, 0xc5, + 0x7a, 0xb6, 0x7e, 0x73, 0x02, 0xdb, 0x48, 0x5e, 0x87, 0x31, 0x9b, 0xee, 0xb2, 0xa3, 0x26, 0x17, + 0x0f, 0x52, 0x80, 0x10, 0xbd, 0x63, 0x38, 0x0e, 0xca, 0x19, 0xb4, 0x19, 0xee, 0x79, 0x3b, 0x91, + 0xe8, 0x1d, 0x25, 0x67, 0x08, 0xb0, 0x26, 0x67, 0x08, 0x88, 0x79, 0x9d, 0xe5, 0x30, 0xb6, 0xfb, + 0xd9, 0xd5, 0xba, 0xe8, 0x34, 0xd9, 0xc3, 0x76, 0x55, 0xdb, 0x46, 0x02, 0x43, 0x4a, 0x60, 0xd8, + 0xe4, 0x3a, 0x4c, 0x54, 0x1a, 0x0d, 0xbf, 0xa7, 0xdd, 0x19, 0xf9, 0xba, 0xe5, 0x40, 0x53, 0x45, + 0x12, 0xa3, 0x92, 0x3a, 0x4c, 0xae, 0xb0, 0x8b, 0x96, 0xb7, 0xec, 0x36, 0xf6, 0x64, 0x27, 0xc9, + 0x3d, 0x4c, 0x2b, 0x89, 0x57, 0x2e, 0x45, 0x60, 0x83, 0x01, 0x75, 0x25, 0x83, 0x86, 0x4b, 0xb6, + 0x60, 0xb2, 0x4e, 0x1b, 0x01, 0x8d, 0xea, 0x91, 0x1f, 0xd0, 0xc4, 0x96, 0xac, 0x95, 0x2c, 0x9d, + 0x95, 0x77, 0xbd, 0x10, 0x81, 0x4e, 0xc8, 0xa0, 0x3a, 0x57, 0x0d, 0x99, 0x0b, 0xed, 0x6d, 0x3f, + 0x38, 0xa8, 0x2e, 0x89, 0x6d, 0x3a, 0x3e, 0xd3, 0x39, 0x58, 0x17, 0xda, 0x19, 0xa4, 0xb9, 0x6d, + 0x0a, 0xed, 0x1c, 0x0b, 0x47, 0xaa, 0x5a, 0x47, 0xd9, 0x4a, 0x6c, 0xda, 0xb3, 0x71, 0x2f, 0x23, + 0x58, 0x1b, 0xa9, 0x66, 0x88, 0x92, 0x99, 0x31, 0x52, 0x02, 0x8b, 0x74, 0x81, 0xc8, 0x51, 0xe3, + 0x82, 0x6e, 0x8b, 0x86, 0xa1, 0xd8, 0xcb, 0x4f, 0x25, 0x06, 0x3f, 0x46, 0x58, 0x7a, 0x59, 0x30, + 0x3f, 0x23, 0xa7, 0x81, 0xb8, 0xa7, 0xb1, 0x42, 0xad, 0x9e, 0x0c, 0xde, 0xe4, 0x2d, 0x80, 0x95, + 0x47, 0x11, 0x0d, 0x3a, 0x6e, 0x4b, 0xe9, 0xc1, 0x50, 0xf5, 0x43, 0x05, 0xd4, 0x1c, 0x68, 0x0d, + 0x99, 0x2c, 0xc3, 0x74, 0x25, 0x0c, 0x7b, 0x6d, 0x6a, 0xfb, 0x2d, 0x5a, 0xb1, 0xd7, 0x71, 0xdf, + 0x9f, 0x58, 0x3a, 0xf3, 0xf8, 0xb0, 0x7c, 0xca, 0xc5, 0x02, 0x27, 0xf0, 0x5b, 0xd4, 0x71, 0x03, + 0x7d, 0x76, 0x9b, 0x34, 0x64, 0x03, 0x60, 0xa3, 0x4b, 0x3b, 0x75, 0xea, 0x06, 0x8d, 0xbd, 0xc4, + 0x36, 0x1f, 0x17, 0x2c, 0xbd, 0x20, 0x5a, 0x78, 0xcc, 0xef, 0xd2, 0x4e, 0x88, 0x30, 0xfd, 0xab, + 0x62, 0x4c, 0x72, 0x1f, 0x66, 0x6b, 0x95, 0x3b, 0x9b, 0x7e, 0xcb, 0x6b, 0x1c, 0x08, 0xc9, 0x69, + 0x06, 0xb5, 0x83, 0x27, 0x04, 0xd7, 0x44, 0x29, 0xdf, 0x9e, 0x3c, 0xb7, 0xed, 0x74, 0x11, 0xea, + 0x08, 0xf9, 0x29, 0xc9, 0x85, 0x7c, 0xc8, 0xe6, 0x60, 0xc8, 0x84, 0xc1, 0x2d, 0x77, 0x37, 0x5c, + 0x98, 0x35, 0xb4, 0x5d, 0x95, 0xfb, 0xf5, 0xcb, 0x5a, 0x29, 0x17, 0x53, 0x4e, 0xf3, 0x89, 0x88, + 0x50, 0x27, 0x72, 0x77, 0x43, 0x73, 0x22, 0x2a, 0x6c, 0x72, 0x0b, 0xa0, 0xea, 0x37, 0x7a, 0x6d, + 0xda, 0x89, 0xaa, 0x4b, 0x0b, 0x25, 0xf3, 0x2a, 0xa0, 0x0a, 0xe2, 0xad, 0xad, 0xe9, 0x37, 0x8c, + 0x99, 0xa8, 0x51, 0x9f, 0x7e, 0x0f, 0x4a, 0xc9, 0x0f, 0x79, 0x42, 0x05, 0xd6, 0x74, 0x69, 0x46, + 0x6b, 0xfd, 0xca, 0x23, 0x2f, 0x8c, 0x42, 0xeb, 0x87, 0x8d, 0x15, 0xc8, 0x76, 0x87, 0xdb, 0xf4, + 0x60, 0x33, 0xa0, 0x3b, 0xde, 0x23, 0xb1, 0x99, 0xe1, 0xee, 0xf0, 0x80, 0x1e, 0x38, 0x5d, 0x84, + 0xea, 0xbb, 0x83, 0x42, 0x25, 0x9f, 0x87, 0xe2, 0xed, 0x3b, 0xf5, 0xdb, 0xf4, 0xa0, 0x56, 0x15, + 0x07, 0x15, 0x27, 0x6b, 0x87, 0x0e, 0x23, 0x35, 0xe6, 0x9a, 0xc2, 0xb4, 0x96, 0xe2, 0x9d, 0x90, + 0xd5, 0xbc, 0xdc, 0xea, 0x85, 0x11, 0x0d, 0x6a, 0x55, 0xbd, 0xe6, 0x06, 0x07, 0x26, 0xf6, 0x25, + 0x85, 0x6a, 0xfd, 0xab, 0x3c, 0xee, 0x82, 0x6c, 0xc2, 0xd7, 0x3a, 0x61, 0xe4, 0x76, 0x1a, 0x54, + 0x31, 0xc0, 0x09, 0xef, 0x09, 0x68, 0x62, 0xc2, 0xc7, 0xc8, 0x66, 0xd5, 0xf9, 0xa1, 0xab, 0x66, + 0x55, 0x4a, 0xcd, 0x45, 0xad, 0xaa, 0xab, 0x57, 0x03, 0x01, 0x4d, 0x54, 0x19, 0x23, 0x93, 0x0b, + 0x30, 0x5e, 0xab, 0xdc, 0xa9, 0xf4, 0xa2, 0x3d, 0xdc, 0x83, 0x8b, 0x5c, 0x3e, 0x67, 0xb3, 0xd5, + 0xed, 0x45, 0x7b, 0xb6, 0x2c, 0x24, 0x57, 0xf0, 0xde, 0xd3, 0xa1, 0x11, 0x57, 0xc3, 0x8a, 0x43, + 0x37, 0xe4, 0xa0, 0xc4, 0xb5, 0x87, 0x81, 0xc8, 0xab, 0x30, 0x7a, 0x6f, 0x73, 0xb9, 0x56, 0x15, + 0x17, 0x67, 0x3c, 0x89, 0x1e, 0x76, 0x1b, 0xe6, 0x97, 0x70, 0x14, 0xb2, 0x02, 0x33, 0x75, 0xda, + 0xe8, 0x05, 0x5e, 0x74, 0x70, 0x33, 0xf0, 0x7b, 0xdd, 0x70, 0x61, 0x1c, 0xeb, 0xc0, 0x95, 0x1e, + 0x8a, 0x12, 0x67, 0x17, 0x8b, 0x34, 0xea, 0x04, 0x91, 0xf5, 0x5b, 0xb9, 0x78, 0x9b, 0x24, 0x17, + 0x0c, 0xb1, 0x06, 0x75, 0x37, 0x4c, 0xac, 0xd1, 0x75, 0x37, 0x28, 0xe0, 0xd8, 0x40, 0x96, 0x7b, + 0x61, 0xe4, 0xb7, 0x57, 0x3a, 0xcd, 0xae, 0xef, 0x75, 0x22, 0xa4, 0xe2, 0x9d, 0x6f, 0x3d, 0x3e, + 0x2c, 0x9f, 0x6d, 0x60, 0xa9, 0x43, 0x45, 0xb1, 0x93, 0xe0, 0x92, 0x41, 0xfd, 0x29, 0xc6, 0xc3, + 0xfa, 0xdd, 0xbc, 0x71, 0xbc, 0xb1, 0xcf, 0xb3, 0x69, 0xb7, 0xe5, 0x35, 0xf0, 0x46, 0x8f, 0x0d, + 0x55, 0xb3, 0x0a, 0x3f, 0x2f, 0x88, 0x4b, 0x79, 0x0f, 0x99, 0xbc, 0x33, 0xa8, 0xc9, 0x07, 0x30, + 0xc5, 0x24, 0x0d, 0xf1, 0x33, 0x5c, 0xc8, 0x63, 0x67, 0xbf, 0x80, 0x5a, 0xb8, 0x90, 0x06, 0x8a, + 0x8d, 0x21, 0xa2, 0xe8, 0x14, 0xa4, 0x09, 0x0b, 0x5b, 0x81, 0xdb, 0x09, 0xbd, 0x68, 0xa5, 0xd3, + 0x08, 0x0e, 0x50, 0x32, 0x5a, 0xe9, 0xb8, 0xdb, 0x2d, 0xda, 0xc4, 0xe6, 0x16, 0x97, 0x2e, 0x3e, + 0x3e, 0x2c, 0xbf, 0x14, 0x71, 0x1c, 0x87, 0x2a, 0x24, 0x87, 0x72, 0x2c, 0x8d, 0x73, 0x5f, 0x4e, + 0x4c, 0x92, 0x92, 0xdd, 0x8a, 0x8f, 0x30, 0x5c, 0x48, 0x40, 0x49, 0x4a, 0x8d, 0x06, 0xdb, 0xc3, + 0xf4, 0xcf, 0xd4, 0x09, 0xac, 0x7f, 0x91, 0x8b, 0x0f, 0x60, 0xf2, 0x0e, 0x4c, 0x8a, 0x15, 0xa3, + 0xcd, 0x0b, 0xdc, 0x41, 0xe5, 0xf2, 0x4a, 0x8c, 0xac, 0x8e, 0xce, 0xee, 0xfd, 0x95, 0xe5, 0x35, + 0x6d, 0x6e, 0xe0, 0xbd, 0xdf, 0x6d, 0xb4, 0x92, 0x54, 0x12, 0x8d, 0x4d, 0x82, 0xad, 0xb5, 0xba, + 0xd9, 0x2b, 0x38, 0x09, 0xa2, 0x56, 0x98, 0xd1, 0x0d, 0x1a, 0xf2, 0xa7, 0x6f, 0xf8, 0x7f, 0x9f, + 0xcb, 0x3a, 0xe7, 0xc9, 0x12, 0x4c, 0xdf, 0xf7, 0x83, 0x07, 0x38, 0xbe, 0x5a, 0x27, 0xe0, 0xc8, + 0xef, 0xcb, 0x82, 0x64, 0x83, 0x4c, 0x12, 0xfd, 0xdb, 0xb4, 0xde, 0x30, 0xbf, 0x2d, 0xc1, 0xc1, + 0x20, 0x60, 0xe3, 0xa0, 0x38, 0xaa, 0xd5, 0x81, 0xe3, 0x10, 0x7f, 0x82, 0x31, 0x85, 0x75, 0x74, + 0xeb, 0x3f, 0xcf, 0xe9, 0xe7, 0x39, 0xeb, 0xe4, 0xaa, 0xdf, 0x76, 0xbd, 0x8e, 0xd6, 0x1c, 0xfe, + 0xb0, 0x84, 0xd0, 0xe4, 0x97, 0x68, 0xc8, 0xe4, 0x1a, 0x14, 0xf9, 0x2f, 0xb5, 0xd7, 0xa2, 0x56, + 0x4b, 0x10, 0x9a, 0x07, 0x85, 0x44, 0x4c, 0x8d, 0x4c, 0xe1, 0x49, 0x47, 0xe6, 0x37, 0x73, 0xfa, + 0x51, 0xfc, 0x49, 0x0f, 0x9b, 0xc4, 0x21, 0x93, 0x7f, 0x92, 0x43, 0xe6, 0x53, 0x37, 0xe1, 0x47, + 0x72, 0x30, 0xa9, 0x69, 0x29, 0x58, 0x1b, 0x36, 0x03, 0xff, 0x23, 0xda, 0x88, 0xcc, 0x36, 0x74, + 0x39, 0x30, 0xd1, 0x06, 0x85, 0xfa, 0x29, 0xda, 0x60, 0xfd, 0xb3, 0x9c, 0xb8, 0x23, 0x0d, 0xbd, + 0xcd, 0x9b, 0x5b, 0x72, 0xfe, 0x49, 0x8e, 0xc8, 0x0f, 0x60, 0xd4, 0xa6, 0x4d, 0x2f, 0x14, 0xf7, + 0x9b, 0x39, 0xfd, 0x3e, 0x86, 0x05, 0xb1, 0xdc, 0x14, 0xb0, 0x9f, 0xfa, 0xf9, 0x86, 0xe5, 0x4c, + 0x90, 0xad, 0x85, 0x37, 0x5a, 0xf4, 0x91, 0xc7, 0x17, 0xa3, 0x38, 0x6a, 0xf1, 0x78, 0xf3, 0x42, + 0x67, 0x87, 0x95, 0x08, 0x89, 0x5a, 0x5f, 0x78, 0x06, 0x8d, 0xf5, 0x21, 0x40, 0x5c, 0x25, 0xb9, + 0x0d, 0x25, 0x31, 0x1b, 0xbc, 0xce, 0x2e, 0x17, 0xa4, 0x44, 0x1f, 0x94, 0x1f, 0x1f, 0x96, 0x9f, + 0x6f, 0xa8, 0x32, 0x21, 0x75, 0x6a, 0x7c, 0x53, 0x84, 0xd6, 0xbf, 0x9f, 0x87, 0x7c, 0x05, 0x07, + 0xe4, 0x36, 0x3d, 0x88, 0xdc, 0xed, 0x1b, 0x5e, 0xcb, 0x58, 0x4c, 0x0f, 0x10, 0xea, 0xec, 0x78, + 0x86, 0xba, 0x42, 0x43, 0x66, 0x8b, 0xe9, 0x76, 0xb0, 0xfd, 0x26, 0x12, 0x6a, 0x8b, 0xe9, 0x41, + 0xb0, 0xfd, 0x66, 0x92, 0x4c, 0x21, 0x12, 0x0b, 0xc6, 0xf8, 0xc2, 0x12, 0x73, 0x10, 0x1e, 0x1f, + 0x96, 0xc7, 0xf8, 0xfa, 0xb3, 0x45, 0x09, 0x39, 0x05, 0x85, 0xfa, 0xe6, 0xba, 0xd8, 0x01, 0x51, + 0x2d, 0x18, 0x76, 0x3b, 0x36, 0x83, 0xb1, 0x3a, 0xd7, 0xaa, 0x95, 0x4d, 0x54, 0x04, 0x8c, 0xc6, + 0x75, 0xb6, 0x9a, 0x6e, 0x37, 0xa9, 0x0a, 0x50, 0x88, 0xe4, 0x5d, 0x98, 0xbc, 0x5d, 0x5d, 0x5e, + 0xf5, 0x43, 0xbe, 0x7b, 0x8d, 0xc5, 0x93, 0xff, 0x41, 0xb3, 0xe1, 0xa0, 0x26, 0x3e, 0x79, 0x0c, + 0x68, 0xf8, 0xd6, 0x77, 0xf2, 0x30, 0xa9, 0xe9, 0xc9, 0xc8, 0xe7, 0xc5, 0x03, 0x69, 0xce, 0xb8, + 0x01, 0x68, 0x18, 0xac, 0x94, 0x2b, 0x55, 0xda, 0x7e, 0x93, 0x8a, 0xe7, 0xd2, 0x58, 0x81, 0x91, + 0x1f, 0x46, 0x81, 0xf1, 0x16, 0x00, 0x9f, 0x03, 0xf8, 0xc9, 0x9a, 0x38, 0xa1, 0xd9, 0x49, 0xe8, + 0xe3, 0x12, 0x23, 0x93, 0x7b, 0x30, 0xbf, 0x15, 0xf4, 0xc2, 0xa8, 0x7e, 0x10, 0x46, 0xb4, 0xcd, + 0xb8, 0x6d, 0xfa, 0x7e, 0x4b, 0xcc, 0xbf, 0x97, 0x1e, 0x1f, 0x96, 0xcf, 0x45, 0xac, 0xd8, 0x09, + 0xb1, 0x1c, 0x3f, 0xc0, 0xe9, 0xfa, 0xbe, 0xae, 0xd6, 0xc8, 0x62, 0x60, 0xd9, 0x30, 0xa5, 0x2b, + 0x45, 0xd8, 0xc9, 0x22, 0x1e, 0x93, 0x84, 0xaa, 0x5b, 0x3b, 0x59, 0xc4, 0x57, 0xa6, 0x1f, 0xb7, + 0x4c, 0x12, 0xeb, 0xf3, 0xba, 0x42, 0x6e, 0xd8, 0x85, 0x6d, 0xfd, 0x58, 0x2e, 0xde, 0x46, 0xee, + 0x5d, 0x25, 0x6f, 0xc3, 0x18, 0x7f, 0xbc, 0x13, 0x6f, 0x9c, 0xc7, 0xd5, 0xa5, 0x56, 0x7f, 0xd9, + 0xe3, 0x9a, 0xf0, 0xdf, 0xe3, 0x0f, 0xfc, 0xcf, 0xd9, 0x82, 0x44, 0x29, 0xd1, 0x4d, 0x7d, 0x9a, + 0xe4, 0x8e, 0xea, 0xe2, 0xab, 0x59, 0x4a, 0x74, 0xeb, 0xb7, 0x47, 0x60, 0xc6, 0x44, 0xd3, 0x5f, + 0xf8, 0x72, 0x43, 0xbd, 0xf0, 0x7d, 0x00, 0x45, 0xd6, 0x1f, 0x5e, 0x83, 0x4a, 0x89, 0xec, 0x25, + 0x7c, 0x5a, 0x10, 0x30, 0xe3, 0xe5, 0x1a, 0xf8, 0x70, 0xb0, 0x3b, 0xae, 0xad, 0xa8, 0xc8, 0xa2, + 0xf6, 0x0c, 0x55, 0x88, 0x85, 0x14, 0xf9, 0x0c, 0xa5, 0xaf, 0x07, 0xf5, 0x20, 0xf5, 0x06, 0x8c, + 0x31, 0xf9, 0x5e, 0xa9, 0x60, 0xf0, 0x2b, 0x99, 0xe8, 0x9f, 0x30, 0x51, 0xe1, 0x48, 0xe4, 0x3e, + 0x14, 0xd7, 0xdc, 0x30, 0xaa, 0x53, 0xda, 0x19, 0xe2, 0xed, 0xbe, 0x2c, 0xba, 0x6a, 0x1e, 0x1f, + 0xc6, 0x43, 0x4a, 0x3b, 0x89, 0xc7, 0x57, 0xc5, 0x8c, 0x7c, 0x1d, 0x60, 0xd9, 0xef, 0x44, 0x81, + 0xdf, 0x5a, 0xf3, 0x77, 0x17, 0xc6, 0xf0, 0xee, 0x7b, 0x36, 0x31, 0x00, 0x31, 0x02, 0xbf, 0xfe, + 0x2a, 0x05, 0x4f, 0x83, 0x17, 0x38, 0x2d, 0x7f, 0x57, 0x5f, 0x07, 0x31, 0x3e, 0xb9, 0x01, 0x25, + 0xa9, 0x58, 0xb8, 0xdb, 0xdd, 0x0d, 0x70, 0x82, 0x8c, 0xc7, 0x92, 0x07, 0x7d, 0x14, 0x39, 0x3d, + 0x01, 0xd7, 0x77, 0xca, 0x24, 0x0d, 0xf9, 0x1a, 0x9c, 0x4c, 0xc2, 0xe4, 0x28, 0x17, 0x63, 0x99, + 0x5c, 0x67, 0x97, 0x31, 0xef, 0xfb, 0xb1, 0xb0, 0x3e, 0xce, 0xc3, 0xc9, 0x3e, 0x8d, 0x65, 0xeb, + 0x01, 0x8f, 0x6b, 0x6d, 0x3d, 0x24, 0x4e, 0x69, 0x6e, 0x73, 0x74, 0x0e, 0xf2, 0xe2, 0x80, 0x1b, + 0x59, 0x2a, 0x3d, 0x3e, 0x2c, 0x4f, 0x19, 0xe3, 0x98, 0xaf, 0x55, 0xc9, 0x2d, 0x18, 0x61, 0x43, + 0x34, 0xc4, 0xd3, 0xb9, 0xd4, 0x29, 0xcd, 0x44, 0x9e, 0x3e, 0x7d, 0x70, 0xe8, 0x90, 0x07, 0xf9, + 0x3c, 0x14, 0xb6, 0xb6, 0xd6, 0x70, 0xee, 0x14, 0xb0, 0xed, 0xd3, 0x51, 0xd4, 0x32, 0xa6, 0xea, + 0x34, 0xa3, 0xbd, 0xac, 0x2c, 0x2d, 0x18, 0x3a, 0xf9, 0x4a, 0xc2, 0xa4, 0xe7, 0xd5, 0xc1, 0x03, + 0x3d, 0xbc, 0x85, 0xcf, 0xa7, 0x30, 0xac, 0xb1, 0x7e, 0x3e, 0x1f, 0xaf, 0xe1, 0x1b, 0x5e, 0x2b, + 0xa2, 0x01, 0x39, 0xcd, 0x97, 0x64, 0x2c, 0x9c, 0xd9, 0xea, 0x37, 0x59, 0x88, 0xd7, 0x37, 0x67, + 0xa5, 0x16, 0xf2, 0xab, 0xda, 0x42, 0x2e, 0xe0, 0x42, 0x9e, 0xe9, 0xbb, 0x64, 0x5f, 0xcd, 0x98, + 0x97, 0xb8, 0x10, 0x33, 0xe6, 0xde, 0x4b, 0x30, 0xbd, 0xee, 0xaf, 0x3c, 0x8a, 0x14, 0x22, 0x5b, + 0x80, 0x45, 0xdb, 0x04, 0x32, 0x8e, 0x1b, 0xad, 0x26, 0x0d, 0xb6, 0xf6, 0xdc, 0x8e, 0xf1, 0x76, + 0x6d, 0xa7, 0xe0, 0x0c, 0x77, 0x9d, 0xee, 0x9b, 0xb8, 0xe3, 0x1c, 0x37, 0x09, 0xb7, 0x7e, 0x34, + 0x2f, 0x3b, 0xe3, 0xde, 0xe2, 0x33, 0xfa, 0x46, 0xfa, 0xa6, 0xf1, 0x46, 0x3a, 0xaf, 0xb4, 0xbb, + 0xea, 0xc1, 0x7f, 0xf1, 0x08, 0x3b, 0x81, 0xff, 0x61, 0x14, 0xa6, 0x74, 0x74, 0xd6, 0x0f, 0x95, + 0x66, 0x33, 0xd0, 0xfb, 0xc1, 0x6d, 0x36, 0x03, 0x1b, 0xa1, 0x86, 0x59, 0x40, 0x61, 0xa0, 0x59, + 0xc0, 0x37, 0x60, 0x62, 0xb9, 0xdd, 0x34, 0x1e, 0x2b, 0xad, 0x8c, 0xcf, 0xbb, 0xac, 0x90, 0xf8, + 0x5a, 0x50, 0x4a, 0xcb, 0x46, 0xbb, 0x99, 0x7e, 0xa2, 0x8c, 0x59, 0x1a, 0x16, 0x05, 0xa3, 0x9f, + 0xc6, 0xa2, 0xe0, 0x3a, 0x4c, 0xdc, 0x0d, 0xe9, 0x56, 0xaf, 0xd3, 0xa1, 0x2d, 0x9c, 0x56, 0x45, + 0x2e, 0xeb, 0xf7, 0x42, 0xea, 0x44, 0x08, 0xd5, 0x3f, 0x40, 0xa1, 0xea, 0x03, 0x3c, 0x3e, 0x60, + 0x80, 0xaf, 0x41, 0x71, 0x93, 0xd2, 0x00, 0xfb, 0x74, 0x32, 0x16, 0xe9, 0xba, 0x94, 0x06, 0x0e, + 0xeb, 0x58, 0xc3, 0xd2, 0x40, 0x20, 0x1a, 0xe6, 0x09, 0x53, 0x43, 0x9a, 0x27, 0x90, 0x17, 0x61, + 0xaa, 0xdb, 0xdb, 0x6e, 0x79, 0x0d, 0xe4, 0x2b, 0xec, 0x1a, 0xec, 0x49, 0x0e, 0x63, 0x6c, 0x43, + 0xf2, 0x15, 0x98, 0xc6, 0x3b, 0x8e, 0x9a, 0x72, 0x33, 0xc6, 0xab, 0x9e, 0x51, 0xc6, 0x25, 0x9d, + 0x06, 0x03, 0x39, 0x19, 0xe6, 0x37, 0x26, 0xa3, 0xd3, 0x75, 0x98, 0x31, 0x47, 0xf2, 0x29, 0x3c, + 0xee, 0x29, 0x53, 0x8b, 0x62, 0x69, 0xe2, 0xd6, 0x48, 0x11, 0x4a, 0x93, 0xdc, 0xc8, 0xc2, 0x86, + 0x4d, 0xd5, 0x26, 0x9b, 0xdc, 0xee, 0x6d, 0xd3, 0xa0, 0x43, 0x23, 0x1a, 0x8a, 0x4b, 0x40, 0x68, + 0x8f, 0x54, 0xba, 0xdd, 0xd0, 0xfa, 0xfb, 0x79, 0x18, 0xaf, 0xdc, 0xaf, 0xd7, 0x3a, 0x3b, 0x3e, + 0x3e, 0xd1, 0xa9, 0x97, 0x19, 0xfd, 0x89, 0x4e, 0xbd, 0xcc, 0xe8, 0xef, 0x31, 0x57, 0x32, 0xae, + 0x71, 0x68, 0xc5, 0xab, 0x5d, 0xe3, 0x8c, 0x0b, 0x68, 0xfc, 0x48, 0x55, 0x18, 0xe2, 0x91, 0x4a, + 0xe9, 0x11, 0x47, 0x8e, 0xd6, 0x23, 0xbe, 0x0d, 0x93, 0xb5, 0x4e, 0x44, 0x77, 0x83, 0x78, 0xa6, + 0xab, 0x2b, 0xa5, 0x02, 0xeb, 0xa2, 0xbd, 0x86, 0xcd, 0xa6, 0x11, 0xd7, 0x5d, 0x2a, 0x9d, 0x25, + 0x4e, 0x23, 0xae, 0xe2, 0x4c, 0xe8, 0x03, 0x24, 0xa2, 0x55, 0x4d, 0xcc, 0x11, 0x69, 0x08, 0xc0, + 0x85, 0xcf, 0x99, 0x58, 0x79, 0xcf, 0x3a, 0x76, 0x69, 0x2e, 0xdb, 0x10, 0xc0, 0xfa, 0x6e, 0x1e, + 0x26, 0x2b, 0xdd, 0xee, 0x33, 0x6e, 0x8e, 0xf5, 0x45, 0x63, 0x7b, 0x95, 0x77, 0x21, 0xd5, 0xae, + 0xa1, 0x2c, 0xb1, 0x7e, 0x25, 0x0f, 0xb3, 0x09, 0x0a, 0xfd, 0xeb, 0x73, 0x43, 0x1a, 0x61, 0xe5, + 0x87, 0x34, 0xc2, 0x2a, 0x0c, 0x67, 0x84, 0x35, 0xf2, 0x69, 0xb6, 0xcc, 0x57, 0xa0, 0x50, 0xe9, + 0x76, 0x93, 0x8f, 0xb9, 0xdd, 0xee, 0xbd, 0x6b, 0xfc, 0x3e, 0xeb, 0x76, 0xbb, 0x36, 0xc3, 0x30, + 0xf6, 0xb1, 0xb1, 0x21, 0xf7, 0x31, 0xeb, 0x0d, 0x98, 0x40, 0x5e, 0x68, 0xfa, 0x74, 0x0e, 0x70, + 0x31, 0x0b, 0xab, 0x27, 0xa3, 0x2e, 0xb1, 0xcc, 0xff, 0xdf, 0x1c, 0x8c, 0xe2, 0xef, 0x67, 0x74, + 0x8e, 0x2d, 0x1a, 0x73, 0xac, 0xa4, 0xcd, 0xb1, 0x61, 0x66, 0xd7, 0xdf, 0x2d, 0x00, 0x2c, 0x6f, + 0xd8, 0x75, 0xae, 0xf6, 0x20, 0x37, 0x60, 0xd6, 0x6d, 0xb5, 0xfc, 0x7d, 0xda, 0x74, 0xfc, 0xc0, + 0xdb, 0xf5, 0x3a, 0xbc, 0xe7, 0xe4, 0x0b, 0xa3, 0x59, 0xa4, 0xbf, 0x3b, 0x88, 0xa2, 0x0d, 0x5e, + 0xa2, 0xf3, 0x69, 0xd3, 0x68, 0xcf, 0x6f, 0xca, 0x0b, 0x9c, 0xc1, 0x47, 0x14, 0x65, 0xf0, 0xb9, + 0xc3, 0x4b, 0x74, 0x3e, 0x7b, 0x78, 0x21, 0x95, 0xf2, 0xa3, 0xc1, 0x47, 0x14, 0x65, 0xf0, 0xe1, + 0xb7, 0xd8, 0x90, 0xac, 0xc1, 0x1c, 0x42, 0x9c, 0x46, 0x40, 0x9b, 0xb4, 0x13, 0x79, 0x6e, 0x2b, + 0x14, 0x57, 0x7e, 0x54, 0x0e, 0xa5, 0x0a, 0xf5, 0x2b, 0x0f, 0x16, 0x2e, 0xc7, 0x65, 0xe4, 0x32, + 0x8c, 0xb7, 0xdd, 0x47, 0x8e, 0xbb, 0xcb, 0xdf, 0xda, 0xa7, 0xf9, 0x15, 0x51, 0x80, 0xf4, 0x0d, + 0xbb, 0xed, 0x3e, 0xaa, 0xec, 0x52, 0xd6, 0x0a, 0xfa, 0xa8, 0xeb, 0x87, 0x5a, 0x2b, 0xc6, 0xe2, + 0x56, 0x24, 0x8a, 0xf4, 0x56, 0x88, 0x22, 0xd1, 0x0a, 0xeb, 0xff, 0x1a, 0xc5, 0xa9, 0x2d, 0x36, + 0x01, 0x61, 0x1e, 0x96, 0xcb, 0x30, 0x0f, 0x7b, 0x0b, 0xb4, 0x23, 0x4e, 0x57, 0xed, 0x69, 0x07, + 0xbc, 0x7e, 0x2d, 0x8c, 0x91, 0xc9, 0x83, 0xa4, 0xa1, 0x58, 0x01, 0x57, 0xce, 0xf9, 0xe4, 0xbc, + 0x7a, 0x2a, 0x36, 0x62, 0xab, 0x40, 0x6a, 0x1d, 0x7c, 0xcd, 0xa2, 0xf5, 0x07, 0x5e, 0xf7, 0x1e, + 0x0d, 0xbc, 0x9d, 0x03, 0x31, 0x2e, 0x28, 0x44, 0x79, 0xa2, 0xd4, 0x09, 0x1f, 0x78, 0x5d, 0x76, + 0x6f, 0xf4, 0x76, 0x0e, 0xec, 0x0c, 0x1a, 0xf2, 0x3e, 0x8c, 0xdb, 0x74, 0x3f, 0xf0, 0x22, 0x69, + 0xfe, 0x30, 0xa3, 0xb4, 0x1c, 0x08, 0xe5, 0x43, 0x14, 0xf0, 0x1f, 0xfa, 0x62, 0x15, 0xe5, 0x64, + 0x91, 0x9f, 0x52, 0xdc, 0xcc, 0x61, 0x3a, 0x6e, 0x6d, 0xe5, 0x7e, 0xbd, 0xdf, 0x21, 0x45, 0x2e, + 0xc1, 0x28, 0x1e, 0x75, 0x42, 0x80, 0x43, 0xb7, 0x01, 0x14, 0x78, 0xf4, 0x73, 0x18, 0x31, 0xc8, + 0x59, 0x00, 0xf5, 0x5c, 0x14, 0x2e, 0x14, 0x51, 0xb4, 0xd2, 0x20, 0xc9, 0x73, 0x7a, 0xe2, 0x89, + 0xce, 0xe9, 0x35, 0x28, 0xd9, 0xf4, 0x5b, 0x3d, 0x2f, 0xa0, 0xcd, 0x4a, 0x17, 0xdf, 0x24, 0xc2, + 0x05, 0xc0, 0x09, 0x76, 0xee, 0xf1, 0x61, 0xf9, 0x85, 0x40, 0x94, 0x39, 0x6e, 0x97, 0x3f, 0x65, + 0x18, 0xb3, 0x3b, 0x49, 0x49, 0xde, 0x82, 0x11, 0xb6, 0x23, 0x08, 0x93, 0x32, 0xa9, 0xdb, 0x8d, + 0x37, 0x09, 0x7e, 0xd3, 0x6e, 0xf8, 0xc6, 0x54, 0x45, 0x92, 0xcf, 0xce, 0x4c, 0xeb, 0x57, 0xf2, + 0x70, 0x5e, 0x1d, 0x82, 0x1b, 0x41, 0xbd, 0x72, 0x67, 0xad, 0xd6, 0xdc, 0x14, 0x77, 0xc6, 0xcd, + 0xc0, 0x7f, 0xe8, 0x35, 0x69, 0x70, 0xef, 0xea, 0x11, 0x5b, 0xf8, 0x1a, 0x5f, 0x3e, 0x5c, 0xe1, + 0x9c, 0x37, 0x0c, 0x5a, 0x34, 0x59, 0x43, 0xd8, 0xdc, 0x74, 0xbb, 0x29, 0xfd, 0xf3, 0xea, 0x73, + 0x76, 0xcc, 0x80, 0xfc, 0x58, 0x0e, 0x4e, 0x64, 0x7f, 0x88, 0xd0, 0x23, 0x94, 0xe5, 0x7d, 0xa5, + 0xcf, 0xd7, 0x2e, 0xbd, 0xf2, 0xf8, 0xb0, 0x7c, 0x3e, 0x74, 0xdb, 0x2d, 0xc7, 0x6b, 0xf2, 0xda, + 0xbc, 0x06, 0x75, 0xba, 0x02, 0xc1, 0xa8, 0xb7, 0x4f, 0x4d, 0x5f, 0x02, 0xb9, 0x93, 0x2f, 0xe4, + 0x96, 0x00, 0x8a, 0x52, 0xa7, 0x67, 0xfd, 0x83, 0x1c, 0x68, 0x53, 0xbb, 0x68, 0xd3, 0xa6, 0x17, + 0xd0, 0x46, 0x24, 0x76, 0x73, 0xe1, 0x8e, 0xc3, 0x61, 0x09, 0xfb, 0x25, 0x84, 0x91, 0xf7, 0x60, + 0x5c, 0xec, 0x3a, 0xb8, 0x71, 0xc7, 0x4b, 0x42, 0x68, 0x0b, 0xb9, 0xdf, 0x56, 0x6a, 0xc7, 0x92, + 0x44, 0xec, 0x56, 0x74, 0xeb, 0xfe, 0xd6, 0x72, 0xcb, 0xf5, 0xda, 0xa1, 0x38, 0xfd, 0xb0, 0x5b, + 0x3f, 0xda, 0x8f, 0x9c, 0x06, 0x42, 0xf5, 0x5b, 0x91, 0x42, 0xb5, 0x6e, 0x4a, 0x65, 0xe5, 0x11, + 0x46, 0x78, 0x65, 0x18, 0xbd, 0x17, 0x2b, 0x2d, 0x96, 0x26, 0x1e, 0x1f, 0x96, 0xf9, 0x74, 0xb1, + 0x39, 0xdc, 0xfa, 0xab, 0x39, 0x98, 0x31, 0xe7, 0x13, 0xb9, 0x0c, 0x63, 0xc2, 0x15, 0x26, 0x87, + 0xca, 0x19, 0xd6, 0x0b, 0x63, 0xdc, 0x09, 0xc6, 0x70, 0x7d, 0x11, 0x58, 0xec, 0xfc, 0x16, 0x1c, + 0xc4, 0xe1, 0x85, 0xe7, 0x77, 0x83, 0x83, 0x6c, 0x59, 0x46, 0x2c, 0x26, 0xbc, 0x87, 0xbd, 0x56, + 0xa4, 0xeb, 0xec, 0x03, 0x84, 0xd8, 0xa2, 0xc4, 0x5a, 0x86, 0x31, 0xbe, 0x97, 0x24, 0x8c, 0x7f, + 0x72, 0x4f, 0x60, 0xfc, 0x63, 0x1d, 0xe6, 0x00, 0xea, 0xf5, 0xd5, 0xdb, 0xf4, 0x60, 0xd3, 0xf5, + 0x02, 0x7c, 0x64, 0xc2, 0x7d, 0xfb, 0xb6, 0x58, 0x5c, 0x53, 0xe2, 0x91, 0x89, 0xef, 0xf1, 0x0f, + 0xe8, 0x81, 0xf1, 0xc8, 0x24, 0x51, 0xf1, 0x70, 0x08, 0xbc, 0x87, 0x6e, 0x44, 0x19, 0x61, 0x1e, + 0x09, 0xf9, 0xe1, 0xc0, 0xa1, 0x09, 0x4a, 0x0d, 0x99, 0x7c, 0x1d, 0x66, 0xe2, 0x5f, 0xea, 0xa9, + 0x6c, 0x46, 0x2d, 0x60, 0xb3, 0x70, 0xe9, 0xec, 0xe3, 0xc3, 0xf2, 0x69, 0x8d, 0x6b, 0xf2, 0x11, + 0x2d, 0xc1, 0xcc, 0xfa, 0xa5, 0x1c, 0x3e, 0x10, 0xcb, 0x06, 0x5e, 0x80, 0x11, 0x65, 0xd2, 0x38, + 0x25, 0x76, 0x1d, 0xf3, 0x39, 0x00, 0xcb, 0xc9, 0x79, 0x28, 0xc4, 0x2d, 0xc1, 0xbd, 0xda, 0x6c, + 0x01, 0x2b, 0x25, 0x37, 0x61, 0x7c, 0xa8, 0x6f, 0xc6, 0xa5, 0x91, 0xf1, 0xad, 0x92, 0x1a, 0x47, + 0xe1, 0xd6, 0xfd, 0xad, 0x1f, 0xdc, 0x51, 0xf8, 0x89, 0x3c, 0xcc, 0xb2, 0x7e, 0xad, 0xf4, 0xa2, + 0x3d, 0x3f, 0xf0, 0xa2, 0x83, 0x67, 0x56, 0xbb, 0xf5, 0x8e, 0x21, 0x1a, 0x9f, 0x96, 0xa7, 0x8c, + 0xde, 0xb6, 0xa1, 0x94, 0x5c, 0xbf, 0x33, 0x0a, 0xf3, 0x19, 0x54, 0xe4, 0x75, 0x43, 0x01, 0xbd, + 0x20, 0x5d, 0x5d, 0x3f, 0x3e, 0x2c, 0x4f, 0x49, 0xf4, 0xad, 0xd8, 0xf5, 0x75, 0xd1, 0xb4, 0xb6, + 0xe0, 0x3d, 0x85, 0xfa, 0x68, 0xdd, 0xda, 0xc2, 0xb4, 0xb1, 0xb8, 0x04, 0xa3, 0xb6, 0xdf, 0xa2, + 0xd2, 0xc2, 0x08, 0x25, 0x8c, 0x80, 0x01, 0x8c, 0x17, 0x55, 0x06, 0x20, 0xab, 0x30, 0xce, 0xfe, + 0xb8, 0xe3, 0x76, 0xc5, 0x5b, 0x01, 0x51, 0x97, 0x33, 0x84, 0x76, 0xbd, 0xce, 0xae, 0x7e, 0x3f, + 0x6b, 0x51, 0xa7, 0xed, 0x76, 0x0d, 0x51, 0x88, 0x23, 0x1a, 0xf7, 0xbc, 0x62, 0xff, 0x7b, 0x5e, + 0xee, 0xc8, 0x7b, 0x5e, 0x13, 0xa0, 0xee, 0xed, 0x76, 0xbc, 0xce, 0x6e, 0xa5, 0xb5, 0x2b, 0x1c, + 0x86, 0x2f, 0xf5, 0x1f, 0x85, 0xcb, 0x31, 0x32, 0x4e, 0x5c, 0xfe, 0xa0, 0xc7, 0x61, 0x8e, 0xdb, + 0x32, 0x1e, 0x32, 0x62, 0x54, 0xb2, 0x0e, 0x50, 0x69, 0x44, 0xde, 0x43, 0x36, 0x81, 0x43, 0x21, + 0xb5, 0xc8, 0x0f, 0x5e, 0xae, 0xdc, 0xa6, 0x07, 0x75, 0x1a, 0xc5, 0x0f, 0x23, 0x2e, 0xa2, 0xb2, + 0x75, 0x60, 0xd8, 0xac, 0xc7, 0x1c, 0x48, 0x17, 0x8e, 0x57, 0x9a, 0x4d, 0x8f, 0xb5, 0xc0, 0x6d, + 0xe1, 0x4b, 0x1f, 0x6d, 0x22, 0xeb, 0xa9, 0x6c, 0xd6, 0x97, 0x04, 0xeb, 0x17, 0x5d, 0x45, 0xe5, + 0x44, 0x9c, 0x2c, 0x59, 0x4d, 0x36, 0x63, 0x6b, 0x03, 0x66, 0xcc, 0xa6, 0x9b, 0x6e, 0xce, 0x53, + 0x50, 0xb4, 0xeb, 0x15, 0xa7, 0xbe, 0x5a, 0xb9, 0x5a, 0xca, 0x91, 0x12, 0x4c, 0x89, 0x5f, 0x8b, + 0xce, 0xe2, 0x9b, 0xd7, 0x4b, 0x79, 0x03, 0xf2, 0xe6, 0xd5, 0xc5, 0x94, 0x77, 0xd1, 0x78, 0xa9, + 0xc8, 0xd5, 0x5f, 0xd6, 0xaf, 0xe6, 0xa0, 0x28, 0xbf, 0x9b, 0x5c, 0x87, 0x42, 0xbd, 0xbe, 0x9a, + 0xf0, 0x07, 0x8a, 0xcf, 0x17, 0xbe, 0x93, 0x86, 0xa1, 0x6e, 0xf4, 0xc9, 0x08, 0x18, 0xdd, 0xd6, + 0x5a, 0x5d, 0x88, 0x05, 0x92, 0x2e, 0xde, 0xb6, 0x39, 0x5d, 0x86, 0x93, 0xc4, 0x75, 0x28, 0xdc, + 0xba, 0xbf, 0x25, 0xee, 0x13, 0x92, 0x2e, 0xde, 0x49, 0x39, 0xdd, 0x47, 0xfb, 0xfa, 0xfe, 0xce, + 0x08, 0x2c, 0x1b, 0x26, 0xb5, 0x29, 0xcc, 0x8f, 0xdb, 0xb6, 0xaf, 0xfc, 0x7a, 0xc5, 0x71, 0xcb, + 0x20, 0xb6, 0x28, 0x61, 0xd2, 0xc1, 0x9a, 0xdf, 0x70, 0x5b, 0xe2, 0xdc, 0x46, 0xe9, 0xa0, 0xc5, + 0x00, 0x36, 0x87, 0x5b, 0xbf, 0x95, 0x83, 0x12, 0xca, 0x50, 0x68, 0xb4, 0xe9, 0x3f, 0xa0, 0x9d, + 0x7b, 0x57, 0xc9, 0x1b, 0x72, 0xb1, 0xe5, 0x94, 0xaa, 0x61, 0x14, 0x17, 0x5b, 0xe2, 0xad, 0x42, + 0x2c, 0x38, 0xcd, 0x75, 0x3a, 0x3f, 0xbc, 0xcb, 0xe5, 0x11, 0xae, 0xd3, 0x65, 0x18, 0xc5, 0xcf, + 0x11, 0xdb, 0x22, 0x7e, 0x79, 0xc4, 0x00, 0x36, 0x87, 0x6b, 0xbb, 0xd2, 0x4f, 0xe5, 0x53, 0x6d, + 0x58, 0xfc, 0x81, 0x72, 0x5b, 0x34, 0x1b, 0x37, 0xd4, 0x4e, 0xfd, 0x21, 0x1c, 0x4b, 0x76, 0x09, + 0xaa, 0x81, 0x2a, 0x30, 0x6b, 0xc2, 0xa5, 0x46, 0xe8, 0x64, 0x66, 0x5d, 0xf7, 0x16, 0xed, 0x24, + 0xbe, 0xf5, 0xbf, 0xe4, 0x60, 0x02, 0xff, 0xb4, 0x7b, 0x2d, 0x34, 0x9e, 0xa9, 0xdc, 0xaf, 0x0b, + 0x95, 0xaf, 0x2e, 0xc6, 0xb9, 0xfb, 0xa1, 0x23, 0xb4, 0xc2, 0xc6, 0xfe, 0xa2, 0x90, 0x05, 0x29, + 0xd7, 0xe5, 0x4a, 0xb5, 0x88, 0x22, 0xe5, 0x4a, 0xdf, 0x30, 0x41, 0x2a, 0x90, 0xd1, 0xe4, 0xee, + 0x7e, 0x9d, 0x4d, 0x3f, 0xfd, 0x35, 0x1b, 0xe9, 0xfc, 0x96, 0x69, 0x72, 0xc7, 0xd1, 0xf0, 0x31, + 0xfb, 0x7e, 0xbd, 0x62, 0xaf, 0x1b, 0x8f, 0xd9, 0xec, 0x1b, 0x0d, 0x0b, 0x71, 0x81, 0x64, 0xfd, + 0x43, 0x48, 0x76, 0xa0, 0x38, 0xea, 0x9e, 0x70, 0x6d, 0xbc, 0x0d, 0xa3, 0x95, 0x56, 0xcb, 0xdf, + 0x17, 0xbb, 0x84, 0xd4, 0x4a, 0xa9, 0xfe, 0xe3, 0x27, 0x19, 0x2a, 0x56, 0x0c, 0x57, 0x2c, 0x06, + 0x20, 0xcb, 0x30, 0x51, 0xb9, 0x5f, 0xaf, 0xd5, 0xaa, 0x5b, 0x5b, 0xdc, 0xed, 0xa4, 0xb0, 0xf4, + 0xb2, 0xec, 0x1f, 0xcf, 0x6b, 0x3a, 0xc9, 0xf7, 0xd4, 0x58, 0x72, 0x8f, 0xe9, 0xc8, 0xbb, 0x00, + 0xb7, 0x7c, 0xaf, 0xc3, 0x15, 0x49, 0xa2, 0xf1, 0x67, 0x1e, 0x1f, 0x96, 0x27, 0x3f, 0xf2, 0xbd, + 0x8e, 0xd0, 0x3c, 0xb1, 0x6f, 0x8f, 0x91, 0x6c, 0xed, 0x6f, 0xd6, 0xd3, 0x4b, 0x3e, 0x37, 0x88, + 0x19, 0x8d, 0x7b, 0x7a, 0xdb, 0x4f, 0xd9, 0xc2, 0x48, 0x34, 0xd2, 0x86, 0xd9, 0x7a, 0x6f, 0x77, + 0x97, 0xb2, 0x5d, 0x5d, 0xa8, 0x4e, 0xc6, 0xc4, 0xed, 0x56, 0x05, 0xfb, 0xe0, 0x37, 0x11, 0x76, + 0x3f, 0x09, 0x97, 0x5e, 0x67, 0x13, 0xf9, 0xfb, 0x87, 0x65, 0xf1, 0x4e, 0xcb, 0x84, 0xb4, 0x50, + 0xd2, 0xa7, 0x15, 0x27, 0x49, 0xde, 0x64, 0x03, 0xc6, 0x6e, 0x7a, 0xd1, 0x6a, 0x6f, 0x5b, 0xb8, + 0x51, 0xbc, 0x38, 0x60, 0xd1, 0x70, 0x44, 0xfe, 0x50, 0xb0, 0xeb, 0x45, 0x7b, 0x3d, 0xdd, 0x90, + 0x5d, 0xb0, 0x21, 0xf7, 0xa1, 0xb8, 0xec, 0x05, 0x8d, 0x16, 0x5d, 0xae, 0x89, 0x53, 0xff, 0xfc, + 0x00, 0x96, 0x12, 0x95, 0xf7, 0x4b, 0x03, 0x7f, 0x35, 0x3c, 0x5d, 0x0a, 0x90, 0x18, 0xe4, 0xaf, + 0xe7, 0xe0, 0x79, 0xf5, 0xf5, 0x95, 0x5d, 0xda, 0x89, 0xee, 0xb8, 0x51, 0x63, 0x8f, 0x06, 0xa2, + 0x97, 0x26, 0x06, 0xf5, 0xd2, 0x97, 0x52, 0xbd, 0x74, 0x31, 0xee, 0x25, 0x97, 0x31, 0x73, 0xda, + 0x9c, 0x5b, 0xba, 0xcf, 0x06, 0xd5, 0x4a, 0x1c, 0x80, 0xf8, 0xe5, 0x47, 0xb8, 0xe1, 0xbd, 0x3c, + 0xa0, 0xc1, 0x31, 0xb2, 0x30, 0x9f, 0x57, 0xbf, 0x0d, 0xfb, 0x2f, 0x05, 0x25, 0xb7, 0xa5, 0xcf, + 0x12, 0x97, 0x48, 0xce, 0x0d, 0xe0, 0xcd, 0xfd, 0x98, 0xe6, 0x07, 0x78, 0x27, 0xf2, 0xd1, 0x5e, + 0x73, 0xb7, 0x85, 0x10, 0x72, 0xc4, 0x68, 0xaf, 0xb9, 0xf1, 0x68, 0xb7, 0xdc, 0xe4, 0x68, 0xaf, + 0xb9, 0xdb, 0x64, 0x99, 0x3b, 0x5a, 0x72, 0xaf, 0xbc, 0xb3, 0x83, 0xb8, 0x2d, 0x6f, 0xf2, 0x93, + 0x39, 0xc3, 0xe1, 0xf2, 0xab, 0x30, 0x51, 0xef, 0xba, 0x0d, 0xda, 0xf2, 0x76, 0x22, 0xf1, 0x14, + 0xf8, 0xd2, 0x00, 0x56, 0x0a, 0x57, 0x3c, 0x23, 0xc9, 0x9f, 0xfa, 0x05, 0x49, 0xe1, 0xb0, 0x2f, + 0xdc, 0xda, 0xbc, 0xb3, 0x30, 0x7b, 0xe4, 0x17, 0x6e, 0x6d, 0xde, 0x11, 0x32, 0x47, 0xb7, 0x6d, + 0xc8, 0x1c, 0x9b, 0x77, 0x48, 0x17, 0x66, 0xb6, 0x68, 0x10, 0xb8, 0x3b, 0x7e, 0xd0, 0xe6, 0xaa, + 0x3a, 0xee, 0xe9, 0x71, 0x69, 0x10, 0x3f, 0x83, 0x80, 0xeb, 0x68, 0x23, 0x09, 0x73, 0x92, 0xfa, + 0xbd, 0x04, 0x7f, 0xeb, 0xd7, 0x0b, 0x70, 0xb2, 0xcf, 0x57, 0x92, 0x75, 0xb9, 0x2b, 0xe6, 0x0c, + 0x9d, 0x6a, 0x1f, 0xf4, 0xcb, 0x47, 0x6e, 0x94, 0x6b, 0x50, 0x5a, 0xb9, 0x8d, 0x82, 0x34, 0xd7, + 0x76, 0x2f, 0x57, 0xe4, 0x79, 0x82, 0x7a, 0x3f, 0xfa, 0x00, 0x8d, 0xd7, 0xa4, 0x96, 0xbc, 0x61, + 0x78, 0x69, 0xa6, 0x28, 0x4f, 0xff, 0x68, 0x1e, 0x46, 0xf0, 0x6c, 0x4b, 0xc4, 0xa6, 0xc9, 0x3d, + 0x51, 0x6c, 0x9a, 0x0f, 0x60, 0x6a, 0xe5, 0x36, 0xbf, 0xe6, 0xae, 0xba, 0xe1, 0x9e, 0xd8, 0x79, + 0xf1, 0x2d, 0x98, 0x3e, 0x70, 0xc4, 0xad, 0x78, 0xcf, 0x35, 0xc4, 0x4a, 0x83, 0x82, 0xdc, 0x85, + 0x79, 0xfe, 0x6d, 0xde, 0x8e, 0xd7, 0xe0, 0x21, 0x2e, 0x3c, 0xb7, 0x25, 0xb6, 0xe1, 0xf3, 0x8f, + 0x0f, 0xcb, 0x65, 0xfa, 0x00, 0xcd, 0xf2, 0x44, 0xb9, 0x13, 0x22, 0x82, 0x6e, 0x9f, 0x97, 0x41, + 0xaf, 0xfb, 0xdd, 0xdb, 0x13, 0x58, 0x21, 0xab, 0x8d, 0xd5, 0xcd, 0x70, 0x39, 0x92, 0xf5, 0x0f, + 0x46, 0xe1, 0x74, 0xff, 0x1d, 0x94, 0x7c, 0xd9, 0x1c, 0xc0, 0x0b, 0x47, 0xee, 0xb9, 0x47, 0x8f, + 0xe1, 0x57, 0xe0, 0xd8, 0x4a, 0x27, 0xa2, 0x41, 0x37, 0xf0, 0x64, 0xa4, 0x85, 0x55, 0x3f, 0x94, + 0x66, 0x90, 0x68, 0x8f, 0x48, 0x55, 0xb9, 0xd0, 0x48, 0xa2, 0x51, 0xa6, 0xc6, 0x2a, 0x93, 0x03, + 0x59, 0x81, 0x19, 0x0d, 0xde, 0xea, 0xed, 0x0a, 0x99, 0x81, 0x3f, 0x3a, 0x68, 0x3c, 0x5b, 0x3d, + 0xfd, 0x6a, 0x95, 0x20, 0x3a, 0xfd, 0x4b, 0x05, 0x31, 0x2d, 0xce, 0x43, 0xa1, 0xde, 0xdb, 0x16, + 0xd3, 0x81, 0x5f, 0x0e, 0x8c, 0x83, 0x84, 0x95, 0x92, 0x2f, 0x02, 0xd8, 0xb4, 0xeb, 0x87, 0x5e, + 0xe4, 0x07, 0x07, 0xba, 0xc3, 0x4e, 0xa0, 0xa0, 0xa6, 0x4d, 0xb1, 0x84, 0x92, 0x55, 0x98, 0x8d, + 0x7f, 0x6d, 0xec, 0x77, 0x84, 0x1a, 0x75, 0x82, 0xeb, 0x2f, 0x62, 0x72, 0xc7, 0x67, 0x65, 0xfa, + 0xd1, 0x98, 0x20, 0x23, 0x8b, 0x50, 0xbc, 0xef, 0x07, 0x0f, 0x76, 0xd8, 0x40, 0x8d, 0xc4, 0x87, + 0xf7, 0xbe, 0x80, 0xe9, 0x87, 0x94, 0xc4, 0x63, 0x73, 0x7e, 0xa5, 0xf3, 0xd0, 0x0b, 0xfc, 0x4e, + 0x9b, 0x76, 0x22, 0xfd, 0x9d, 0x9c, 0xc6, 0x60, 0xc3, 0x55, 0x32, 0x06, 0xb3, 0x5b, 0x7a, 0xa5, + 0x11, 0xf9, 0x81, 0x78, 0x24, 0xe7, 0xc3, 0xcd, 0x00, 0xc6, 0x70, 0x33, 0x00, 0xeb, 0x44, 0x9b, + 0xee, 0x88, 0x07, 0x03, 0xec, 0xc4, 0x80, 0xee, 0x18, 0x7e, 0xa0, 0x74, 0x87, 0x09, 0x1f, 0x36, + 0xdd, 0x41, 0xd5, 0x82, 0x11, 0x3e, 0x69, 0x27, 0xa5, 0x94, 0x12, 0x68, 0xd6, 0xf7, 0x26, 0xfa, + 0xce, 0x5b, 0xb6, 0xdb, 0x3f, 0xd9, 0xbc, 0x5d, 0x73, 0x87, 0x98, 0xb7, 0xaf, 0x2b, 0x4b, 0x65, + 0xdd, 0xf9, 0x19, 0x21, 0xfa, 0x71, 0xc3, 0x71, 0x4e, 0xff, 0x72, 0xf1, 0x49, 0x26, 0x91, 0xe8, + 0xa4, 0xfc, 0xb0, 0x9d, 0x54, 0x18, 0xaa, 0x93, 0xc8, 0x12, 0x4c, 0xab, 0x00, 0x5c, 0x9b, 0x6e, + 0x64, 0xec, 0x4d, 0x2a, 0x6a, 0x9a, 0xd3, 0x75, 0x23, 0x7d, 0x6f, 0x32, 0x49, 0xc8, 0x3b, 0x30, + 0x29, 0xcc, 0xf5, 0x91, 0xc3, 0x68, 0x6c, 0x30, 0x29, 0x6d, 0xfb, 0x13, 0xf4, 0x3a, 0x3a, 0x5b, + 0x92, 0x9b, 0x5e, 0x97, 0xb6, 0xbc, 0x0e, 0xad, 0xa3, 0x9e, 0x5e, 0xcc, 0x18, 0x5c, 0x92, 0x5d, + 0x51, 0xe2, 0x70, 0x15, 0xbe, 0xa1, 0xa1, 0x33, 0x88, 0x92, 0x93, 0x75, 0xfc, 0x89, 0x26, 0x2b, + 0xb7, 0x57, 0x0a, 0xd6, 0xfc, 0x5d, 0x4f, 0x5a, 0x68, 0x4a, 0x7b, 0xa5, 0xc0, 0x69, 0x31, 0x68, + 0xc2, 0x5e, 0x89, 0xa3, 0xb2, 0x9b, 0x04, 0xfb, 0x51, 0xab, 0x8a, 0xc7, 0x29, 0xbc, 0x49, 0x20, + 0x91, 0x69, 0x16, 0xcb, 0x91, 0x64, 0x35, 0x2b, 0x6d, 0xd7, 0x6b, 0x09, 0x1f, 0xd7, 0xb8, 0x1a, + 0xca, 0xa0, 0xc9, 0x6a, 0x10, 0x95, 0x34, 0x60, 0xca, 0xa6, 0x3b, 0x9b, 0x81, 0x1f, 0xd1, 0x46, + 0x44, 0x9b, 0x42, 0x7a, 0x92, 0x17, 0x88, 0x25, 0xdf, 0xe7, 0x92, 0xe1, 0xd2, 0x1b, 0xdf, 0x3b, + 0x2c, 0xe7, 0xbe, 0x7f, 0x58, 0x06, 0x06, 0xe2, 0x36, 0xd7, 0x8f, 0x0f, 0xcb, 0x27, 0xd9, 0xf8, + 0x77, 0x25, 0xb1, 0x7e, 0xc4, 0xe8, 0x4c, 0xc9, 0x0f, 0xb3, 0x4d, 0x57, 0x75, 0x49, 0x5c, 0xd9, + 0x54, 0x9f, 0xca, 0xde, 0xcc, 0xac, 0xac, 0xac, 0xf5, 0x76, 0x66, 0xa5, 0x99, 0x95, 0x90, 0x77, + 0x61, 0x72, 0xb9, 0xb6, 0xec, 0x77, 0x76, 0xbc, 0xdd, 0xfa, 0x6a, 0x05, 0x45, 0x30, 0x61, 0x6f, + 0xdf, 0xf0, 0x9c, 0x06, 0xc2, 0x9d, 0x70, 0xcf, 0x35, 0xdc, 0xae, 0x62, 0x7c, 0x72, 0x13, 0x66, + 0xe4, 0x4f, 0x9b, 0xee, 0xdc, 0xb5, 0x6b, 0x28, 0x79, 0x49, 0x27, 0x07, 0xc5, 0x81, 0x75, 0x44, + 0x2f, 0xd0, 0x25, 0xf2, 0x04, 0x19, 0x9b, 0x8c, 0x55, 0xda, 0x6d, 0xf9, 0x07, 0xec, 0xf3, 0xb6, + 0x3c, 0x1a, 0xa0, 0xac, 0x25, 0x26, 0x63, 0x53, 0x95, 0x38, 0x91, 0x67, 0x6c, 0xb7, 0x09, 0x22, + 0xb2, 0x0e, 0x73, 0x62, 0x8a, 0xdf, 0xf3, 0x42, 0x6f, 0xdb, 0x6b, 0x79, 0xd1, 0x01, 0x4a, 0x59, + 0x42, 0x0a, 0x91, 0xeb, 0xe2, 0xa1, 0x2a, 0xd5, 0x98, 0xa5, 0x49, 0xad, 0x5f, 0xcd, 0xc3, 0x0b, + 0x83, 0x6e, 0x1c, 0xa4, 0x6e, 0x6e, 0x66, 0x17, 0x87, 0xb8, 0xa5, 0x1c, 0xbd, 0x9d, 0xad, 0xc0, + 0xcc, 0x46, 0xb0, 0xeb, 0x76, 0xbc, 0x6f, 0xe3, 0x4d, 0x52, 0x99, 0x6d, 0x61, 0x67, 0xf8, 0x5a, + 0x89, 0x39, 0xdb, 0x13, 0x44, 0xa7, 0x1f, 0x8a, 0x6d, 0xee, 0x93, 0x3a, 0x00, 0x5d, 0x87, 0x89, + 0x65, 0xbf, 0x13, 0xd1, 0x47, 0x51, 0xc2, 0xdd, 0x95, 0x03, 0x93, 0xce, 0x4f, 0x12, 0xd5, 0xfa, + 0x57, 0x79, 0x38, 0x33, 0x50, 0xe4, 0x26, 0x5b, 0x66, 0xaf, 0x5d, 0x1a, 0x46, 0x4e, 0x3f, 0xba, + 0xdb, 0x16, 0x53, 0x16, 0x46, 0x47, 0xda, 0xd7, 0x9f, 0xfe, 0x6f, 0x72, 0xa2, 0x93, 0x3e, 0x07, + 0xe3, 0x58, 0x95, 0xea, 0x22, 0xae, 0x8d, 0xc2, 0x5d, 0xd8, 0x33, 0xb5, 0x51, 0x1c, 0x8d, 0x5c, + 0x83, 0xe2, 0xb2, 0xdb, 0x6a, 0x69, 0xce, 0xc0, 0x78, 0x93, 0x68, 0x20, 0x2c, 0x61, 0x90, 0x26, + 0x11, 0xc9, 0x5b, 0x00, 0xfc, 0x6f, 0xed, 0xac, 0xc0, 0xcd, 0x52, 0x90, 0x25, 0x8e, 0x0b, 0x0d, + 0x19, 0x43, 0x08, 0x36, 0x7c, 0xe5, 0x6e, 0xc8, 0x43, 0x08, 0x32, 0x80, 0x11, 0x42, 0x90, 0x01, + 0xac, 0x5f, 0x2b, 0xc0, 0xd9, 0xc1, 0xf7, 0x46, 0x72, 0xd7, 0x1c, 0x82, 0x57, 0x87, 0xba, 0x6d, + 0x1e, 0x3d, 0x06, 0x32, 0x20, 0x27, 0xef, 0x90, 0x8b, 0x69, 0x33, 0xf8, 0x8f, 0x0f, 0xcb, 0x9a, + 0x95, 0xe3, 0x2d, 0xdf, 0xeb, 0x68, 0xaf, 0x12, 0xdf, 0x02, 0xa8, 0x47, 0x6e, 0xe4, 0x35, 0x6e, + 0xdd, 0xbf, 0x2d, 0xe3, 0x55, 0x5c, 0x1f, 0xee, 0xcb, 0x62, 0x3a, 0xbe, 0xaf, 0x08, 0x85, 0x3d, + 0x42, 0x9d, 0x8f, 0xf6, 0x1f, 0x18, 0x37, 0xe3, 0x18, 0xf9, 0xf4, 0x97, 0xa0, 0x94, 0x24, 0x25, + 0x17, 0x60, 0x04, 0x3f, 0x40, 0xb3, 0xe5, 0x4f, 0x70, 0xc0, 0xf2, 0xd3, 0x77, 0xc4, 0xdc, 0x41, + 0xff, 0x68, 0x7c, 0x0a, 0x37, 0x75, 0x70, 0xc2, 0x3f, 0x9a, 0xbf, 0xa4, 0xa7, 0xf5, 0x70, 0x09, + 0x22, 0xeb, 0x4f, 0x72, 0x70, 0xaa, 0xef, 0x8d, 0x9c, 0x6c, 0x9a, 0x03, 0xf6, 0xf2, 0x51, 0x57, + 0xf8, 0x23, 0xc7, 0xea, 0xf4, 0x8f, 0xcb, 0xb9, 0xff, 0x1e, 0x4c, 0xd5, 0x7b, 0xdb, 0xc9, 0x4b, + 0x16, 0x8f, 0x5e, 0xa0, 0xc1, 0xf5, 0x13, 0x4c, 0xc7, 0x67, 0xed, 0x97, 0x6f, 0xfd, 0xc2, 0xa6, + 0x44, 0xb3, 0xaf, 0x52, 0x0e, 0x7c, 0x69, 0xff, 0x70, 0x93, 0xc8, 0xfa, 0x95, 0x7c, 0xf6, 0x6d, + 0x95, 0xdd, 0xee, 0x9f, 0xe0, 0xb6, 0x7a, 0x73, 0x79, 0xf3, 0xe8, 0xb6, 0xff, 0x17, 0xb2, 0xed, + 0xf8, 0xf4, 0x29, 0x76, 0x3c, 0xa9, 0x50, 0x14, 0x4f, 0x9f, 0x72, 0x77, 0x0c, 0xcd, 0xa7, 0x4f, + 0x89, 0x4c, 0xde, 0x84, 0x89, 0x35, 0x9f, 0xbb, 0x6e, 0xcb, 0x16, 0x73, 0x0f, 0x37, 0x09, 0xd4, + 0xb7, 0x47, 0x85, 0xc9, 0xee, 0x16, 0xe6, 0xc0, 0x4b, 0x33, 0x32, 0xbc, 0x5b, 0x24, 0xa6, 0x8b, + 0xa9, 0x76, 0x33, 0xc9, 0xac, 0xff, 0x78, 0x14, 0xac, 0xa3, 0x95, 0x06, 0xe4, 0x43, 0xb3, 0xef, + 0x2e, 0x0f, 0xad, 0x6e, 0x18, 0x6a, 0xcb, 0xad, 0xf4, 0x9a, 0x1e, 0xed, 0x34, 0x4c, 0xbf, 0x6b, + 0x01, 0xd3, 0xb7, 0x40, 0x89, 0xf7, 0x49, 0xdc, 0xa0, 0x4e, 0xff, 0x97, 0x85, 0x78, 0xa9, 0x25, + 0x8e, 0xc6, 0xdc, 0x27, 0x38, 0x1a, 0xc9, 0x6d, 0x28, 0xe9, 0x10, 0xed, 0x0d, 0x14, 0x25, 0x17, + 0x83, 0x51, 0xe2, 0xa3, 0x52, 0x84, 0xe6, 0xf9, 0x5a, 0x18, 0xfe, 0x7c, 0x8d, 0xc5, 0x77, 0xac, + 0x7f, 0x24, 0x2d, 0xbe, 0x27, 0x5d, 0x1d, 0x35, 0x74, 0xe9, 0xa7, 0x1d, 0x8a, 0x43, 0x6b, 0xd4, + 0xf4, 0xd3, 0xce, 0x38, 0xb8, 0x74, 0x74, 0xe9, 0x6a, 0x8e, 0x3f, 0x35, 0x4f, 0x4b, 0xe5, 0x6a, + 0xce, 0xe9, 0xb3, 0x5c, 0xcd, 0x15, 0x09, 0x3b, 0x00, 0xed, 0x5e, 0x87, 0xc7, 0xaa, 0x1d, 0x8f, + 0x0f, 0xc0, 0xa0, 0xd7, 0x71, 0x92, 0xf1, 0x6a, 0x15, 0xa2, 0xf5, 0xe3, 0x79, 0x98, 0xe1, 0x1b, + 0x2e, 0x7f, 0xca, 0x78, 0x66, 0x9f, 0x89, 0xde, 0x36, 0x9e, 0x89, 0x64, 0x70, 0x1e, 0xbd, 0x69, + 0x43, 0x3d, 0x12, 0xed, 0x01, 0x49, 0xd3, 0x10, 0x1b, 0xa6, 0x74, 0xe8, 0xe0, 0xf7, 0xa1, 0xab, + 0x71, 0x1c, 0x27, 0x71, 0xde, 0xe1, 0x23, 0x5d, 0x68, 0x1b, 0x3c, 0xac, 0xbf, 0x9a, 0x87, 0x69, + 0xed, 0x39, 0xff, 0x99, 0xed, 0xf8, 0x2f, 0x19, 0x1d, 0xbf, 0xa0, 0xdc, 0x3d, 0x54, 0xcb, 0x86, + 0xea, 0xf7, 0x1e, 0xcc, 0xa5, 0x48, 0x92, 0x56, 0x11, 0xb9, 0x61, 0xac, 0x22, 0x5e, 0x4f, 0x07, + 0x85, 0xe1, 0xb1, 0x95, 0x55, 0x88, 0x00, 0x3d, 0x0a, 0xcd, 0x4f, 0xe4, 0xe1, 0x98, 0xf8, 0x85, + 0x51, 0xd4, 0xb8, 0xc4, 0xf1, 0xcc, 0x8e, 0x45, 0xc5, 0x18, 0x8b, 0xb2, 0x39, 0x16, 0x5a, 0x03, + 0xfb, 0x0f, 0x89, 0xf5, 0x97, 0x00, 0x16, 0xfa, 0x11, 0x0c, 0xed, 0x55, 0x19, 0xfb, 0xac, 0xe4, + 0x87, 0xf0, 0x59, 0x59, 0x83, 0x12, 0x56, 0x25, 0xe2, 0x24, 0x85, 0xec, 0xde, 0x5a, 0x88, 0x2f, + 0x89, 0x3c, 0xd4, 0x9d, 0x88, 0xdb, 0x14, 0x26, 0x2e, 0xae, 0x29, 0x4a, 0xf2, 0x4b, 0x39, 0x98, + 0x41, 0xe0, 0xca, 0x43, 0xda, 0x89, 0x90, 0xd9, 0x88, 0x70, 0xb1, 0x50, 0xaf, 0x48, 0xf5, 0x28, + 0xf0, 0x3a, 0xbb, 0xe2, 0x19, 0x69, 0x5b, 0x3c, 0x23, 0xbd, 0xc3, 0x9f, 0xbf, 0x2e, 0x37, 0xfc, + 0xf6, 0x95, 0xdd, 0xc0, 0x7d, 0xe8, 0x71, 0x4b, 0x15, 0xb7, 0x75, 0x25, 0x0e, 0xed, 0xdf, 0xf5, + 0x12, 0xc1, 0xfa, 0x05, 0x2b, 0x7c, 0xa2, 0xe3, 0x1f, 0x4a, 0xb1, 0xda, 0xe4, 0xfd, 0xda, 0xfc, + 0x22, 0xf2, 0x43, 0x70, 0x92, 0x47, 0x2f, 0x61, 0xd7, 0x34, 0xaf, 0xd3, 0xf3, 0x7b, 0xe1, 0x92, + 0xdb, 0x78, 0xc0, 0x64, 0x35, 0xee, 0x26, 0x86, 0x2d, 0x6f, 0xa8, 0x42, 0x67, 0x9b, 0x97, 0x1a, + 0x6e, 0xb1, 0xd9, 0x0c, 0xc8, 0x2a, 0xcc, 0xf1, 0xa2, 0x4a, 0x2f, 0xf2, 0xeb, 0x0d, 0xb7, 0xe5, + 0x75, 0x76, 0xf1, 0x40, 0x28, 0xf2, 0xf3, 0xc8, 0xed, 0x45, 0xbe, 0x13, 0x72, 0xb8, 0x7e, 0xdd, + 0x4e, 0x11, 0x91, 0x1a, 0xcc, 0xda, 0xd4, 0x6d, 0xde, 0x71, 0x1f, 0x2d, 0xbb, 0x5d, 0xb7, 0xc1, + 0x2e, 0xef, 0x45, 0x7c, 0x72, 0xc5, 0x53, 0x39, 0xa0, 0x6e, 0xd3, 0x69, 0xbb, 0x8f, 0x9c, 0x86, + 0x28, 0x34, 0xf5, 0xae, 0x06, 0x9d, 0x62, 0xe5, 0x75, 0x14, 0xab, 0x89, 0x24, 0x2b, 0xaf, 0xd3, + 0x9f, 0x55, 0x4c, 0x27, 0x59, 0x6d, 0xb9, 0xc1, 0x2e, 0x8d, 0xb8, 0xa1, 0x27, 0x9c, 0xcb, 0x5d, + 0xcc, 0x69, 0xac, 0x22, 0x2c, 0x73, 0xd0, 0xe8, 0x33, 0xc9, 0x4a, 0xa3, 0x63, 0x33, 0xef, 0x7e, + 0xe0, 0x45, 0x54, 0x6f, 0xe1, 0x24, 0x7e, 0x16, 0xf6, 0x3f, 0x9a, 0xc8, 0xf6, 0x6b, 0x62, 0x8a, + 0x32, 0xe6, 0xa6, 0x35, 0x72, 0x2a, 0xc5, 0x2d, 0xbb, 0x95, 0x29, 0x4a, 0xc5, 0x4d, 0x6f, 0xe7, + 0x34, 0xb6, 0x53, 0xe3, 0xd6, 0xa7, 0xa1, 0x29, 0x4a, 0xb2, 0xce, 0x3a, 0x2d, 0xa2, 0x1d, 0x36, + 0xa3, 0x85, 0xa1, 0xeb, 0x0c, 0x7e, 0xda, 0x4b, 0xc2, 0x5a, 0xab, 0x14, 0xc8, 0x62, 0x27, 0xc3, + 0xec, 0x35, 0x49, 0x4c, 0xfe, 0x1c, 0xcc, 0xde, 0x0d, 0xe9, 0x8d, 0xda, 0x66, 0x5d, 0x06, 0x3b, + 0x41, 0x0d, 0xd1, 0xcc, 0xe2, 0xd5, 0x23, 0x36, 0x9d, 0xcb, 0x3a, 0x0d, 0x46, 0xd8, 0xe7, 0xe3, + 0xd6, 0x0b, 0xa9, 0xb3, 0xe3, 0x75, 0x43, 0x15, 0x39, 0x4a, 0x1f, 0xb7, 0x44, 0x55, 0xd6, 0x2a, + 0xcc, 0xa5, 0xd8, 0x90, 0x19, 0x00, 0x06, 0x74, 0xee, 0xae, 0xd7, 0x57, 0xb6, 0x4a, 0xcf, 0x91, + 0x12, 0x4c, 0xe1, 0xef, 0x95, 0xf5, 0xca, 0xd2, 0xda, 0x4a, 0xb5, 0x94, 0x23, 0x73, 0x30, 0x8d, + 0x90, 0x6a, 0xad, 0xce, 0x41, 0x79, 0x1e, 0x5f, 0xd9, 0x2e, 0xf1, 0xa5, 0x1b, 0xb1, 0x05, 0x80, + 0x67, 0x8a, 0xf5, 0x37, 0xf2, 0x70, 0x4a, 0x1e, 0x2b, 0x34, 0x62, 0x22, 0x98, 0xd7, 0xd9, 0x7d, + 0xc6, 0x4f, 0x87, 0x1b, 0xc6, 0xe9, 0xf0, 0x52, 0xe2, 0xa4, 0x4e, 0xb4, 0x72, 0xc0, 0x11, 0xf1, + 0x9b, 0x13, 0x70, 0x66, 0x20, 0x15, 0xf9, 0x32, 0x3b, 0xcd, 0x3d, 0xda, 0x89, 0x6a, 0xcd, 0x16, + 0xdd, 0xf2, 0xda, 0xd4, 0xef, 0x45, 0xc2, 0xb0, 0xfa, 0x3c, 0x2a, 0x65, 0xb0, 0xd0, 0xf1, 0x9a, + 0x2d, 0xea, 0x44, 0xbc, 0xd8, 0x98, 0x6e, 0x69, 0x6a, 0xc6, 0x52, 0x65, 0xfb, 0xa8, 0x75, 0x22, + 0x1a, 0x3c, 0x44, 0x13, 0x2e, 0xc5, 0xf2, 0x01, 0xa5, 0x5d, 0xc7, 0x65, 0xa5, 0x8e, 0x27, 0x8a, + 0x4d, 0x96, 0x29, 0x6a, 0x72, 0x43, 0x63, 0xb9, 0xcc, 0xae, 0x70, 0x77, 0xdc, 0x47, 0xc2, 0xa6, + 0x44, 0x04, 0xcf, 0x53, 0x2c, 0xb9, 0x27, 0x67, 0xdb, 0x7d, 0x64, 0xa7, 0x49, 0xc8, 0xd7, 0xe1, + 0xb8, 0x38, 0x80, 0x84, 0x27, 0xbe, 0x6c, 0x31, 0xf7, 0xf3, 0x7f, 0xe5, 0xf1, 0x61, 0xf9, 0xa4, + 0x0c, 0x3b, 0x28, 0x63, 0x2f, 0x64, 0xb5, 0x3a, 0x9b, 0x0b, 0xd9, 0x62, 0x07, 0x72, 0xa2, 0x3b, + 0xee, 0xd0, 0x30, 0x94, 0x2e, 0x46, 0xe2, 0x7a, 0xa3, 0x77, 0xa6, 0xd3, 0xe6, 0xe5, 0x76, 0x5f, + 0x4a, 0xb2, 0x0a, 0x33, 0xf7, 0xe9, 0xb6, 0x3e, 0x3e, 0x63, 0x6a, 0xab, 0x2a, 0xed, 0xd3, 0xed, + 0xfe, 0x83, 0x93, 0xa0, 0x23, 0x1e, 0x2a, 0x79, 0x1f, 0x1d, 0xac, 0x79, 0x61, 0x44, 0x3b, 0x34, + 0xc0, 0x08, 0x2f, 0xe3, 0xb8, 0x19, 0x2c, 0xc4, 0x12, 0xb2, 0x59, 0xbe, 0xf4, 0xe2, 0xe3, 0xc3, + 0xf2, 0x19, 0xee, 0xab, 0xd7, 0x12, 0x70, 0x27, 0x91, 0x2b, 0x23, 0xcd, 0x95, 0x7c, 0x13, 0x66, + 0x6d, 0xbf, 0x17, 0x79, 0x9d, 0xdd, 0x7a, 0x14, 0xb8, 0x11, 0xdd, 0xe5, 0x07, 0x52, 0x1c, 0x4a, + 0x26, 0x51, 0x2a, 0xde, 0x07, 0x39, 0xd0, 0x09, 0x05, 0xd4, 0x38, 0x11, 0x4c, 0x02, 0xf2, 0x0d, + 0x98, 0xe1, 0x3e, 0xd8, 0xaa, 0x82, 0x09, 0x23, 0xce, 0xb7, 0x59, 0x78, 0xef, 0xaa, 0x30, 0x01, + 0x40, 0x68, 0x56, 0x05, 0x09, 0x6e, 0xe4, 0xab, 0xa2, 0xb3, 0x36, 0xbd, 0xce, 0xae, 0x9a, 0xc6, + 0x80, 0x3d, 0xff, 0x46, 0xdc, 0x25, 0x5d, 0xf6, 0xb9, 0x72, 0x1a, 0xf7, 0xb1, 0x67, 0x4a, 0xf3, + 0x21, 0x11, 0x9c, 0xa9, 0x84, 0xa1, 0x17, 0x46, 0xc2, 0xfd, 0x60, 0xe5, 0x11, 0x6d, 0xf4, 0x18, + 0x32, 0xbb, 0x28, 0xd2, 0x80, 0x1b, 0xc0, 0x8e, 0x2e, 0x5d, 0x7e, 0x7c, 0x58, 0x7e, 0xd5, 0x45, + 0x44, 0x47, 0x78, 0x2c, 0x38, 0x54, 0xa2, 0x3a, 0xfb, 0x1c, 0x57, 0x6b, 0xc3, 0x60, 0xa6, 0xe4, + 0x1b, 0x70, 0x62, 0xd9, 0x0d, 0x69, 0xad, 0x13, 0xd2, 0x4e, 0xe8, 0x45, 0xde, 0x43, 0x2a, 0x3a, + 0x15, 0x0f, 0xbf, 0x22, 0x66, 0x15, 0xb1, 0x1a, 0x6e, 0xc8, 0x16, 0xa6, 0x42, 0x71, 0xc4, 0xa0, + 0x68, 0xd5, 0xf4, 0xe1, 0x42, 0x6c, 0x98, 0xa9, 0xd7, 0x57, 0xab, 0x9e, 0xab, 0xd6, 0xd5, 0x34, + 0xf6, 0xd7, 0xab, 0xa8, 0x9f, 0x09, 0xf7, 0x9c, 0xa6, 0xe7, 0xaa, 0x05, 0xd5, 0xa7, 0xb3, 0x12, + 0x1c, 0xac, 0xc3, 0x1c, 0x94, 0x92, 0x43, 0x49, 0xbe, 0x02, 0x13, 0xdc, 0x18, 0x88, 0x86, 0x7b, + 0xc2, 0x25, 0x59, 0xda, 0x96, 0x28, 0xb8, 0x49, 0x24, 0xdc, 0x81, 0xb8, 0xa9, 0x11, 0xd5, 0xed, + 0x16, 0xd0, 0x1d, 0x48, 0x12, 0x91, 0x26, 0x4c, 0xf1, 0xd1, 0xa2, 0x18, 0x47, 0x4a, 0xd8, 0x84, + 0xbe, 0xa8, 0xaf, 0x0e, 0x51, 0x94, 0xe0, 0x8f, 0x4f, 0x3f, 0x62, 0x4e, 0x70, 0x04, 0xa3, 0x0a, + 0x83, 0xeb, 0x12, 0x40, 0x51, 0x12, 0x5a, 0xa7, 0xe0, 0x64, 0x9f, 0x6f, 0xb6, 0x1e, 0xe2, 0x73, + 0x70, 0x9f, 0x1a, 0xc9, 0x57, 0xe0, 0x18, 0x12, 0x2e, 0xfb, 0x9d, 0x0e, 0x6d, 0x44, 0xb8, 0x1d, + 0x49, 0x15, 0x6a, 0x81, 0xdb, 0x1c, 0xf0, 0xf6, 0x36, 0x14, 0x82, 0x93, 0xd4, 0xa4, 0x66, 0x72, + 0xb0, 0x7e, 0x36, 0x0f, 0x0b, 0x62, 0x87, 0xb3, 0x69, 0xc3, 0x0f, 0x9a, 0xcf, 0xfe, 0x89, 0xba, + 0x62, 0x9c, 0xa8, 0xe7, 0x55, 0x0c, 0x8a, 0xac, 0x46, 0x0e, 0x38, 0x50, 0x7f, 0x25, 0x07, 0x2f, + 0x0c, 0x22, 0x62, 0xbd, 0xa3, 0xe2, 0x66, 0x4d, 0xa4, 0xe2, 0x63, 0x75, 0x61, 0x1e, 0x07, 0x74, + 0x79, 0x8f, 0x36, 0x1e, 0x84, 0xab, 0x7e, 0x18, 0xa1, 0x49, 0x7a, 0xbe, 0xcf, 0x83, 0xe5, 0xeb, + 0x99, 0x0f, 0x96, 0x27, 0xf8, 0x2c, 0x6b, 0x20, 0x0f, 0x1e, 0xd9, 0xeb, 0x01, 0x3d, 0x08, 0xed, + 0x2c, 0xd6, 0x68, 0x5e, 0x5c, 0xe9, 0x45, 0x7b, 0x9b, 0x01, 0xdd, 0xa1, 0x01, 0xed, 0x34, 0xe8, + 0x0f, 0x98, 0x79, 0xb1, 0xd9, 0xb8, 0xa1, 0x34, 0x18, 0xbf, 0x32, 0x05, 0xc7, 0xb2, 0xc8, 0x58, + 0xbf, 0x68, 0x97, 0xe6, 0x64, 0xd2, 0xb3, 0xbf, 0x98, 0x83, 0xa9, 0x3a, 0x6d, 0xf8, 0x9d, 0xe6, + 0x0d, 0x34, 0x0b, 0x11, 0xbd, 0xe3, 0x70, 0xa1, 0x81, 0xc1, 0x9d, 0x9d, 0x84, 0xbd, 0xc8, 0xc7, + 0x87, 0xe5, 0x0f, 0x86, 0xbb, 0xab, 0x36, 0x7c, 0x8c, 0x23, 0x11, 0x61, 0x50, 0x6e, 0x55, 0x05, + 0xbe, 0xf0, 0x18, 0x95, 0x92, 0x25, 0x98, 0x16, 0xcb, 0xd5, 0xd7, 0xc3, 0xa6, 0xf1, 0x30, 0x1d, + 0xb2, 0x20, 0xa5, 0x7f, 0x34, 0x48, 0xc8, 0x35, 0x28, 0xdc, 0x5d, 0xbc, 0x21, 0xc6, 0x40, 0x86, + 0x35, 0xbf, 0xbb, 0x78, 0x03, 0xd5, 0x61, 0xec, 0x8a, 0x31, 0xdd, 0x5b, 0x34, 0x2c, 0x35, 0xee, + 0x2e, 0xde, 0x20, 0x7f, 0x01, 0x8e, 0x57, 0xbd, 0x50, 0x54, 0xc1, 0x0d, 0xdd, 0x9b, 0xe8, 0xd8, + 0x35, 0xd6, 0x67, 0xf6, 0x7e, 0x21, 0x73, 0xf6, 0xbe, 0xd8, 0x54, 0x4c, 0x1c, 0x6e, 0x45, 0xdf, + 0x4c, 0x86, 0x87, 0xcb, 0xae, 0x87, 0x7c, 0x04, 0x33, 0xa8, 0x3b, 0x47, 0xdb, 0x7f, 0x0c, 0xec, + 0x3b, 0xde, 0xa7, 0xe6, 0xcf, 0x65, 0xd6, 0x7c, 0x9a, 0xbb, 0x87, 0xa3, 0x07, 0x01, 0x06, 0x01, + 0x36, 0x6e, 0xfd, 0x06, 0x67, 0x72, 0x0b, 0x66, 0x85, 0xf8, 0xb5, 0xb1, 0xb3, 0xb5, 0x47, 0xab, + 0xee, 0x81, 0x30, 0xb2, 0xc0, 0x1b, 0x9d, 0x90, 0xd9, 0x1c, 0x7f, 0xc7, 0x89, 0xf6, 0xa8, 0xd3, + 0x74, 0x0d, 0x41, 0x25, 0x41, 0x48, 0x7e, 0x18, 0x26, 0xd7, 0xfc, 0x06, 0x93, 0xbc, 0x71, 0x67, + 0xe0, 0x76, 0x17, 0x1f, 0x62, 0x5a, 0x2d, 0x0e, 0x4e, 0x88, 0x53, 0x1f, 0x1f, 0x96, 0xdf, 0x7e, + 0xd2, 0x49, 0xa3, 0x55, 0x60, 0xeb, 0xb5, 0x91, 0x65, 0x28, 0xde, 0xa7, 0xdb, 0xac, 0xb5, 0xc9, + 0x94, 0x3b, 0x12, 0x2c, 0xcc, 0xaa, 0xc4, 0x2f, 0xc3, 0xac, 0x4a, 0xc0, 0x48, 0x00, 0x73, 0xd8, + 0x3f, 0x9b, 0x6e, 0x18, 0xee, 0xfb, 0x41, 0x13, 0x63, 0xab, 0xf7, 0x33, 0xe9, 0x58, 0xcc, 0xec, + 0xfc, 0x17, 0x78, 0xe7, 0x77, 0x35, 0x0e, 0xba, 0x00, 0x99, 0x62, 0x4f, 0xbe, 0x09, 0x33, 0xc2, + 0xa7, 0xf9, 0xce, 0x8d, 0x0a, 0xae, 0xca, 0x29, 0xc3, 0x3d, 0xce, 0x2c, 0xe4, 0x52, 0xaa, 0x70, + 0x91, 0x96, 0x1a, 0x28, 0xa7, 0xbd, 0xe3, 0x9a, 0xaf, 0x66, 0x3a, 0x09, 0xd9, 0x84, 0xc9, 0x2a, + 0x7d, 0xe8, 0x35, 0x28, 0x3a, 0xf1, 0x08, 0x23, 0x5a, 0x95, 0x33, 0x24, 0x2e, 0xe1, 0xba, 0x98, + 0x26, 0x02, 0xb8, 0x4b, 0x90, 0x69, 0x35, 0xa9, 0x10, 0xc9, 0x75, 0x28, 0xd4, 0xaa, 0x9b, 0xc2, + 0x86, 0x56, 0xfa, 0xc6, 0xd4, 0x9a, 0x9b, 0x32, 0xc3, 0x02, 0x1a, 0x41, 0x79, 0x4d, 0xc3, 0x02, + 0xb7, 0x56, 0xdd, 0x24, 0x3b, 0x30, 0x8d, 0x1d, 0xb0, 0x4a, 0x5d, 0xde, 0xb7, 0xb3, 0x7d, 0xfa, + 0xf6, 0x72, 0x66, 0xdf, 0x2e, 0xf0, 0xbe, 0xdd, 0x13, 0xd4, 0x46, 0xc8, 0x78, 0x9d, 0x2d, 0x13, + 0x69, 0x45, 0x1a, 0x0b, 0x19, 0xe8, 0x7c, 0x6b, 0x0d, 0x8d, 0x3c, 0x84, 0x48, 0x2b, 0xb3, 0x5e, + 0xa8, 0xc8, 0xeb, 0x7d, 0x4d, 0xf4, 0xd3, 0x7c, 0xc8, 0x97, 0x60, 0x64, 0xe3, 0x41, 0xe4, 0x2e, + 0xcc, 0x19, 0xfd, 0xc8, 0x40, 0xb2, 0xf9, 0xa8, 0x85, 0xf4, 0x1f, 0x18, 0x01, 0x84, 0x90, 0x86, + 0x2c, 0xc2, 0xf8, 0x66, 0xed, 0x5e, 0xbd, 0xe5, 0x47, 0x0b, 0x44, 0xdd, 0x93, 0x48, 0xd7, 0x7b, + 0xe8, 0x84, 0x2d, 0xdf, 0x4c, 0x85, 0x23, 0x11, 0xd9, 0xf0, 0xad, 0xba, 0x41, 0x73, 0xdf, 0x0d, + 0xd0, 0xf7, 0x72, 0xde, 0xa8, 0x56, 0x2b, 0xe1, 0xc3, 0xb7, 0x27, 0x00, 0x09, 0x87, 0x4c, 0x9d, + 0x85, 0xd0, 0x30, 0xcc, 0x89, 0x69, 0x22, 0x9a, 0x76, 0xe7, 0x46, 0xc5, 0xfa, 0xcf, 0x72, 0xb8, + 0x61, 0x92, 0x57, 0x31, 0xc6, 0x88, 0x7a, 0x3a, 0x43, 0x5d, 0xa9, 0xdb, 0x4d, 0x44, 0xf5, 0xe5, + 0x28, 0xe4, 0x75, 0x18, 0xbb, 0xe1, 0x36, 0x68, 0x24, 0x1f, 0x38, 0x11, 0x79, 0x07, 0x21, 0xba, + 0x62, 0x95, 0xe3, 0x30, 0x59, 0x8e, 0x4f, 0xa4, 0x4a, 0x9c, 0x83, 0x74, 0xb9, 0x22, 0xdf, 0x37, + 0x51, 0x96, 0x13, 0x13, 0x50, 0x4b, 0x52, 0x9a, 0xb0, 0x05, 0xce, 0xe4, 0x60, 0xfd, 0x71, 0x2e, + 0xde, 0x01, 0xc8, 0x2b, 0x30, 0x62, 0x6f, 0xaa, 0xef, 0xe7, 0x7e, 0x88, 0x89, 0xcf, 0x47, 0x04, + 0xf2, 0x55, 0x38, 0xae, 0xf1, 0x49, 0x19, 0x26, 0xbf, 0x8c, 0x8e, 0x72, 0xda, 0x97, 0x64, 0x5b, + 0x27, 0x67, 0xf3, 0x40, 0xc1, 0x35, 0x2e, 0xa8, 0xd2, 0x8e, 0xc7, 0x79, 0x6b, 0x8d, 0xd5, 0x79, + 0x37, 0x11, 0x21, 0xd9, 0xd8, 0x2c, 0x0e, 0xdc, 0x57, 0xce, 0xfa, 0x8d, 0x9c, 0xb1, 0xb2, 0x55, + 0xb2, 0xc7, 0xdc, 0x11, 0xc9, 0x1e, 0xdf, 0x02, 0xa8, 0xf4, 0x22, 0x7f, 0xa5, 0x13, 0xf8, 0x2d, + 0xae, 0xb1, 0x10, 0x81, 0xad, 0x51, 0x0f, 0x4b, 0x11, 0x6c, 0xb8, 0xf4, 0x28, 0xe4, 0x4c, 0x1b, + 0xee, 0xc2, 0x27, 0xb5, 0xe1, 0xb6, 0x7e, 0x37, 0x67, 0xcc, 0x6d, 0x26, 0x91, 0xc9, 0xe5, 0xa1, + 0x99, 0xd8, 0xa4, 0x97, 0x47, 0xbc, 0x38, 0xfe, 0xff, 0x39, 0x38, 0xc1, 0x8d, 0xa1, 0xd7, 0x7b, + 0xed, 0x6d, 0x1a, 0xdc, 0x73, 0x5b, 0x5e, 0x93, 0xfb, 0x82, 0x72, 0x61, 0xf3, 0x62, 0x7a, 0xa1, + 0x64, 0xe3, 0xf3, 0x4b, 0x21, 0x37, 0xce, 0x76, 0x3a, 0x58, 0xe8, 0x3c, 0x54, 0xa5, 0xfa, 0xa5, + 0x30, 0x9b, 0xde, 0xfa, 0xd5, 0x1c, 0xbc, 0x78, 0x64, 0x2d, 0xe4, 0x0a, 0x8c, 0xcb, 0x88, 0xe2, + 0x39, 0xec, 0x78, 0x34, 0x4c, 0x4c, 0x47, 0x13, 0x97, 0x58, 0xe4, 0x6b, 0x70, 0x5c, 0x67, 0xb5, + 0x15, 0xb8, 0x9e, 0x1e, 0xb7, 0x3b, 0xe3, 0xab, 0x23, 0x86, 0x92, 0x94, 0x8c, 0xb2, 0x99, 0x58, + 0xff, 0x4f, 0x4e, 0x4b, 0xff, 0xfa, 0x8c, 0xca, 0xcb, 0xd7, 0x0d, 0x79, 0x59, 0x46, 0x77, 0x53, + 0xad, 0x62, 0x65, 0x99, 0x77, 0x9c, 0x59, 0xcd, 0xc0, 0x16, 0x01, 0xdf, 0xcd, 0xc3, 0xe4, 0xdd, + 0x90, 0x06, 0xfc, 0xd1, 0xf4, 0x07, 0x2b, 0x8a, 0x97, 0x6a, 0xd7, 0x50, 0x71, 0x96, 0xfe, 0x30, + 0x87, 0xca, 0x74, 0x9d, 0x82, 0xf5, 0x86, 0x96, 0xf2, 0x09, 0x7b, 0x03, 0x93, 0x3d, 0x21, 0x94, + 0x87, 0xf7, 0x59, 0x33, 0xb3, 0xbf, 0x61, 0x0a, 0xc0, 0x35, 0xf2, 0x01, 0x8c, 0xde, 0x45, 0xd5, + 0xa0, 0xe9, 0xf7, 0xaf, 0xf8, 0x63, 0x21, 0xdf, 0xa4, 0x7b, 0xa1, 0x19, 0x92, 0x88, 0x13, 0x92, + 0x3a, 0x8c, 0x2f, 0x07, 0x14, 0x93, 0xb9, 0x8e, 0x0c, 0xef, 0xbb, 0xda, 0xe0, 0x24, 0x49, 0xdf, + 0x55, 0xc1, 0xc9, 0xfa, 0x99, 0x3c, 0x90, 0xb8, 0x8d, 0x98, 0xb9, 0x24, 0x7c, 0x66, 0x07, 0xfd, + 0x7d, 0x63, 0xd0, 0xcf, 0xa4, 0x06, 0x9d, 0x37, 0x6f, 0xa8, 0xb1, 0xff, 0xad, 0x1c, 0x9c, 0xc8, + 0x26, 0x24, 0xe7, 0x61, 0x6c, 0x63, 0x6b, 0x53, 0x86, 0x8e, 0x10, 0x4d, 0xf1, 0xbb, 0x78, 0x2f, + 0xb7, 0x45, 0x11, 0x79, 0x03, 0xc6, 0xbe, 0x6c, 0x2f, 0xb3, 0x73, 0x48, 0x8b, 0x8d, 0xfd, 0xad, + 0xc0, 0x69, 0x98, 0x47, 0x91, 0x40, 0xd2, 0xc7, 0xb6, 0xf0, 0xd4, 0xc6, 0xf6, 0x27, 0xf2, 0x30, + 0x5b, 0x69, 0x34, 0x68, 0x18, 0x32, 0x21, 0x87, 0x86, 0xd1, 0x33, 0x3b, 0xb0, 0xd9, 0x41, 0x21, + 0x8c, 0xb6, 0x0d, 0x35, 0xaa, 0xbf, 0x93, 0x83, 0xe3, 0x92, 0xea, 0xa1, 0x47, 0xf7, 0xb7, 0xf6, + 0x02, 0x1a, 0xee, 0xf9, 0xad, 0xe6, 0xd0, 0x01, 0xf8, 0x99, 0xa0, 0x87, 0x51, 0x75, 0xf5, 0x17, + 0xf4, 0x1d, 0x84, 0x18, 0x82, 0x1e, 0x8f, 0xbc, 0x7b, 0x05, 0xc6, 0x2b, 0xdd, 0x6e, 0xe0, 0x3f, + 0xe4, 0xcb, 0x5e, 0x04, 0x1d, 0x73, 0x39, 0xc8, 0x70, 0xfd, 0xe5, 0x20, 0xf6, 0x19, 0x55, 0xda, + 0xe1, 0xe1, 0xb4, 0xa6, 0xf9, 0x67, 0x34, 0x69, 0x47, 0x97, 0x61, 0xb1, 0xdc, 0xaa, 0x03, 0xd9, + 0x0c, 0xfc, 0xb6, 0x1f, 0xd1, 0x26, 0x6f, 0x0f, 0x7a, 0x4c, 0x1f, 0x19, 0x7e, 0x67, 0xcb, 0x8b, + 0x5a, 0x46, 0xf8, 0x9d, 0x88, 0x01, 0x6c, 0x0e, 0xb7, 0xfe, 0xcf, 0x51, 0x98, 0xd2, 0x7b, 0x87, + 0x58, 0x3c, 0xaa, 0xb6, 0x1f, 0xe8, 0x6e, 0xfb, 0x2e, 0x42, 0x6c, 0x51, 0x12, 0x47, 0xbb, 0xc8, + 0x1f, 0x19, 0xed, 0xe2, 0x3e, 0x4c, 0x6f, 0x06, 0x3e, 0x46, 0x47, 0xe3, 0x49, 0xbe, 0xf9, 0x56, + 0x38, 0xaf, 0xdd, 0xf1, 0xd8, 0x40, 0xe2, 0xdb, 0x23, 0x6a, 0x38, 0xba, 0x02, 0xdb, 0x49, 0xa6, + 0x00, 0x37, 0xf9, 0x70, 0xb3, 0x06, 0x37, 0x14, 0x21, 0x0e, 0x95, 0x59, 0x03, 0x83, 0x98, 0x66, + 0x0d, 0x0c, 0xa2, 0xaf, 0xb5, 0xd1, 0xa7, 0xb5, 0xd6, 0xc8, 0xcf, 0xe4, 0x60, 0xb2, 0xd2, 0xe9, + 0x88, 0x28, 0x1a, 0x47, 0xb8, 0x11, 0x7f, 0x4d, 0x58, 0x36, 0xbc, 0xfd, 0x89, 0x2c, 0x1b, 0x50, + 0x6e, 0x09, 0x51, 0x52, 0x8d, 0x2b, 0xd4, 0x6f, 0x39, 0xda, 0x77, 0x90, 0xb7, 0xa1, 0xa4, 0x26, + 0x79, 0xad, 0xd3, 0xa4, 0x8f, 0x28, 0xcf, 0x4a, 0x34, 0x2d, 0x82, 0x9b, 0xea, 0x92, 0x69, 0x12, + 0x91, 0x6c, 0x01, 0xb8, 0x6a, 0x76, 0x25, 0xd2, 0xab, 0xa5, 0xa7, 0x9f, 0x90, 0x9e, 0xf1, 0x37, + 0x3e, 0x1e, 0xe9, 0xd2, 0x73, 0xcc, 0x87, 0xb4, 0x61, 0x96, 0xe7, 0x36, 0xc3, 0x9c, 0xe7, 0x18, + 0xc3, 0x1b, 0x8e, 0x1c, 0x87, 0x57, 0x84, 0xae, 0xea, 0x79, 0x91, 0x31, 0x0d, 0xd3, 0xa8, 0x3b, + 0x19, 0x01, 0xbd, 0x93, 0xbc, 0x79, 0x28, 0x59, 0xfb, 0x64, 0xfa, 0x7b, 0xf9, 0xa4, 0xff, 0x89, + 0x1c, 0x9c, 0xd0, 0x27, 0x7d, 0xbd, 0xb7, 0xdd, 0xf6, 0xf0, 0x2e, 0x48, 0x2e, 0xc3, 0x84, 0x98, + 0x93, 0xea, 0x12, 0x95, 0x0e, 0x45, 0x1e, 0xa3, 0x90, 0x15, 0x36, 0x0d, 0x19, 0x0f, 0x21, 0x75, + 0xcf, 0x27, 0xf6, 0x29, 0x56, 0x14, 0xe7, 0xcd, 0x0c, 0xf0, 0xb7, 0x39, 0x3f, 0x19, 0xc4, 0x7a, + 0x0f, 0xe6, 0xcc, 0x91, 0xa8, 0xd3, 0x88, 0x5c, 0x82, 0x71, 0x39, 0x7c, 0xb9, 0xec, 0xe1, 0x93, + 0xe5, 0xd6, 0x7d, 0x20, 0x29, 0xfa, 0x10, 0x4d, 0x90, 0x68, 0x24, 0x4d, 0xe4, 0xe4, 0x03, 0x60, + 0x0a, 0x71, 0x69, 0x5e, 0x7c, 0xdf, 0xa4, 0x61, 0xc7, 0xcd, 0x48, 0xad, 0x3f, 0x9e, 0x81, 0xf9, + 0x8c, 0x3d, 0xf7, 0x08, 0x99, 0xa8, 0x6c, 0x6e, 0x10, 0x13, 0x2a, 0x0a, 0x81, 0xdc, 0x16, 0xde, + 0x93, 0x39, 0xff, 0x07, 0x6c, 0x07, 0xdc, 0x8a, 0x3f, 0xb1, 0x0b, 0x70, 0xb2, 0xcf, 0x44, 0x2e, + 0xd2, 0x03, 0x85, 0x8c, 0x3e, 0xb5, 0x40, 0x21, 0x4b, 0x30, 0x2d, 0x5a, 0x25, 0xb6, 0x2b, 0xcd, + 0x9a, 0x34, 0xe0, 0x05, 0x4e, 0x6a, 0xdb, 0x32, 0x49, 0x38, 0x8f, 0xd0, 0x6f, 0x3d, 0xa4, 0x82, + 0xc7, 0xb8, 0xce, 0x03, 0x0b, 0x32, 0x79, 0x68, 0x24, 0xe4, 0x3f, 0xc4, 0xbc, 0x4a, 0x08, 0xd1, + 0xf7, 0xac, 0xe2, 0xa0, 0x3d, 0xab, 0xf9, 0x74, 0xf6, 0xac, 0x33, 0xf2, 0x1b, 0xb3, 0xf7, 0xae, + 0x8c, 0xcf, 0x22, 0xbf, 0x9c, 0x83, 0x39, 0x1e, 0xad, 0x42, 0xff, 0xd8, 0x81, 0x11, 0x08, 0x1a, + 0x4f, 0xe7, 0x63, 0x5f, 0x10, 0xf9, 0x44, 0xb2, 0xbf, 0x35, 0xfd, 0x51, 0xe4, 0x87, 0x00, 0xd4, + 0x8a, 0xe2, 0xe1, 0x1c, 0x27, 0x17, 0x5f, 0xc8, 0xd8, 0x05, 0x14, 0x52, 0x1c, 0xfb, 0x3c, 0x52, + 0x74, 0x46, 0x36, 0x2d, 0x05, 0x25, 0x7f, 0x01, 0x8e, 0xb1, 0xf5, 0xa2, 0x20, 0x22, 0xb6, 0xce, + 0xc2, 0x24, 0xd6, 0xf2, 0xf9, 0xfe, 0x32, 0xd1, 0xe5, 0x2c, 0x32, 0x1e, 0xfc, 0x33, 0x4e, 0x6c, + 0x1a, 0xe9, 0x6e, 0xf8, 0x99, 0x15, 0x61, 0xb0, 0x2a, 0xfc, 0x7a, 0x1e, 0x9f, 0xbc, 0xcf, 0xfe, + 0x76, 0x4a, 0xae, 0x05, 0xbe, 0xbf, 0x85, 0xa6, 0x53, 0x27, 0x82, 0xc8, 0x97, 0x81, 0xa8, 0x30, + 0x0f, 0x1c, 0x46, 0x65, 0xec, 0x72, 0xae, 0xda, 0x8d, 0xc3, 0x45, 0x04, 0xb2, 0x58, 0x9f, 0x24, + 0x69, 0x62, 0x42, 0xe1, 0x98, 0x68, 0x34, 0x83, 0xca, 0xa4, 0x47, 0xe1, 0xc2, 0x8c, 0x11, 0xb9, + 0x28, 0x2e, 0x89, 0x33, 0xa0, 0x6a, 0x99, 0x93, 0x0c, 0x95, 0x53, 0x16, 0x3b, 0x72, 0x1d, 0x26, + 0xd0, 0xb3, 0x72, 0x55, 0x1a, 0x56, 0x09, 0x23, 0x0f, 0xf4, 0xc1, 0x74, 0xf6, 0x4c, 0xf3, 0xa8, + 0x18, 0x95, 0x5d, 0x07, 0xaa, 0xc1, 0x81, 0xdd, 0xeb, 0xa0, 0x02, 0x56, 0xe8, 0x3b, 0x9a, 0xc1, + 0x81, 0x13, 0xf4, 0x4c, 0xd7, 0x5b, 0x44, 0x22, 0xdf, 0x84, 0xc9, 0x3b, 0xee, 0x23, 0xa9, 0x7f, + 0x15, 0x4a, 0xd6, 0x41, 0x3b, 0x90, 0x25, 0x5b, 0xd3, 0x76, 0x1f, 0x39, 0xcd, 0x5e, 0x32, 0xf4, + 0x28, 0x6e, 0x43, 0x3a, 0x4b, 0xf2, 0x75, 0x00, 0x4d, 0x2b, 0x4c, 0x8e, 0xac, 0xe0, 0x45, 0x19, + 0x8b, 0x2b, 0x53, 0x5b, 0x8c, 0xfc, 0x35, 0x86, 0x09, 0xc9, 0xe1, 0xd8, 0x67, 0x27, 0x39, 0x1c, + 0xff, 0xec, 0x24, 0x87, 0xd3, 0xdb, 0x70, 0xaa, 0xef, 0xd2, 0xc9, 0x08, 0x90, 0x7a, 0xc5, 0x0c, + 0x90, 0x7a, 0xaa, 0xdf, 0x11, 0x1b, 0x9a, 0xe1, 0xee, 0xe7, 0x4b, 0xc7, 0xfa, 0x4b, 0x27, 0xdf, + 0xcf, 0x27, 0x8e, 0x5c, 0x71, 0xb1, 0xe0, 0xe9, 0x51, 0xfa, 0xc9, 0x24, 0x79, 0xcc, 0x88, 0xc9, + 0x0f, 0xe5, 0x7c, 0x7c, 0xa1, 0x49, 0x24, 0x11, 0xe7, 0xc7, 0xf3, 0xa7, 0x3d, 0x7d, 0xdf, 0x81, + 0x19, 0x9e, 0xc4, 0xee, 0x36, 0x3d, 0xd8, 0xf7, 0x83, 0xa6, 0xcc, 0x14, 0x8d, 0x32, 0x78, 0x2a, + 0x03, 0x6d, 0x02, 0x97, 0x54, 0xa5, 0xb3, 0xde, 0x28, 0xd6, 0x7e, 0x2a, 0x73, 0x17, 0x63, 0x08, + 0x83, 0xfc, 0xf8, 0xc8, 0x9b, 0x4a, 0x50, 0xa3, 0x81, 0x1e, 0xf4, 0x3e, 0x90, 0xc0, 0x0c, 0x79, + 0x8d, 0x06, 0xd6, 0xef, 0x17, 0x80, 0xf0, 0x9a, 0x96, 0xdd, 0xae, 0x8b, 0xae, 0xac, 0x1e, 0x06, + 0x81, 0x29, 0x09, 0x1c, 0x77, 0xbb, 0x45, 0xf5, 0x08, 0x4a, 0xc2, 0x90, 0x55, 0x95, 0x39, 0xc9, + 0x8b, 0x4e, 0x8a, 0xb0, 0xcf, 0x56, 0x97, 0xff, 0x34, 0x5b, 0xdd, 0x37, 0xe1, 0xf9, 0x4a, 0x17, + 0xb3, 0x61, 0xca, 0x5a, 0x6e, 0xf8, 0x81, 0xdc, 0xa4, 0x0c, 0x27, 0x29, 0x57, 0xa1, 0xa5, 0xbe, + 0x74, 0x10, 0x0b, 0x4d, 0x4e, 0x61, 0xf3, 0xb2, 0x1b, 0xe9, 0x4e, 0xf7, 0x52, 0x4e, 0xe9, 0x62, + 0x49, 0x86, 0x9c, 0xc2, 0x49, 0x24, 0x0f, 0x2f, 0x90, 0x72, 0x0a, 0xa6, 0x79, 0x89, 0x79, 0x78, + 0x01, 0xed, 0x23, 0xeb, 0x28, 0x12, 0xf2, 0x0e, 0x4c, 0x56, 0x7a, 0x91, 0x2f, 0x18, 0x0b, 0x0b, + 0xec, 0xd8, 0x56, 0x5a, 0x7c, 0x8a, 0x71, 0xf5, 0x89, 0xd1, 0xad, 0x3f, 0x2a, 0xc0, 0xa9, 0xf4, + 0xf0, 0x8a, 0x52, 0xb5, 0x3e, 0x72, 0x47, 0xac, 0x8f, 0xac, 0xd9, 0x90, 0x8f, 0x83, 0x90, 0x3f, + 0x8d, 0xd9, 0xc0, 0x93, 0x6a, 0x7e, 0xc2, 0xd9, 0x50, 0x87, 0x49, 0xfd, 0xbc, 0x1b, 0xf9, 0xa4, + 0xe7, 0x9d, 0xce, 0x85, 0x5d, 0xea, 0x79, 0xac, 0x81, 0xd1, 0xf8, 0xe9, 0x28, 0x19, 0x66, 0x80, + 0x63, 0x90, 0xff, 0x1f, 0x9c, 0xe3, 0x7b, 0x52, 0xb2, 0xb1, 0x4b, 0x07, 0x92, 0xa3, 0x18, 0xb8, + 0xc5, 0xc7, 0x87, 0xe5, 0xcb, 0x5c, 0x55, 0xe2, 0xa4, 0xba, 0xcd, 0xd9, 0x3e, 0x70, 0xe4, 0x97, + 0x69, 0x95, 0x1c, 0xc9, 0x1b, 0x33, 0x69, 0x6a, 0x59, 0x0e, 0xdf, 0xc8, 0x72, 0x4d, 0xe1, 0x31, + 0x80, 0x39, 0xd8, 0xf4, 0x4a, 0x91, 0xea, 0xb0, 0x7c, 0xa6, 0x3a, 0x4c, 0xea, 0x53, 0x0a, 0x99, + 0xfa, 0x94, 0x2a, 0xcc, 0xd6, 0x7b, 0xdb, 0xb2, 0xee, 0xa4, 0x6f, 0x5a, 0xd8, 0xdb, 0xce, 0x6a, + 0x50, 0x92, 0xc4, 0xfa, 0x2b, 0x79, 0x98, 0xda, 0x6c, 0xf5, 0x76, 0xbd, 0x4e, 0xd5, 0x8d, 0xdc, + 0x67, 0x56, 0x43, 0xf7, 0x96, 0xa1, 0xa1, 0x53, 0x1e, 0x58, 0xaa, 0x61, 0x43, 0xa9, 0xe7, 0x7e, + 0x3a, 0x07, 0xb3, 0x31, 0x09, 0x3f, 0x67, 0x57, 0x61, 0x84, 0xfd, 0x10, 0xf7, 0xd6, 0x73, 0x29, + 0xc6, 0x3c, 0xb5, 0x96, 0xfa, 0x4b, 0xe8, 0xcc, 0xcc, 0xbc, 0x35, 0xc8, 0xe1, 0xf4, 0x17, 0x60, + 0x22, 0x66, 0xfb, 0x24, 0x29, 0xb5, 0x7e, 0x2d, 0x07, 0xa5, 0x64, 0x4b, 0xc8, 0x6d, 0x18, 0x67, + 0x9c, 0x3c, 0x2a, 0xaf, 0xd4, 0x2f, 0xf5, 0x69, 0xf3, 0x65, 0x81, 0xc6, 0x3f, 0x0f, 0x3b, 0x9f, + 0x72, 0x88, 0x2d, 0x39, 0x9c, 0xb6, 0x61, 0x4a, 0xc7, 0xca, 0xf8, 0xba, 0xd7, 0x4d, 0xe1, 0xe2, + 0x44, 0x76, 0x3f, 0x18, 0x89, 0xc0, 0x8c, 0xaf, 0x16, 0x72, 0xc3, 0x05, 0x63, 0x72, 0x61, 0x5f, + 0x25, 0xe6, 0x0d, 0x9f, 0x66, 0x8b, 0x71, 0x58, 0x72, 0x7d, 0x9e, 0x65, 0x4c, 0x68, 0x85, 0x47, + 0x5e, 0x87, 0x31, 0x5e, 0x9f, 0x9e, 0x10, 0xa7, 0x8b, 0x10, 0x5d, 0xc4, 0xe5, 0x38, 0xd6, 0xdf, + 0x2c, 0xc0, 0x89, 0xf8, 0xf3, 0xee, 0x76, 0x9b, 0x6e, 0x44, 0x37, 0xdd, 0xc0, 0x6d, 0x87, 0x47, + 0xac, 0x80, 0x8b, 0xa9, 0x4f, 0xc3, 0x04, 0x29, 0xf2, 0xd3, 0xb4, 0x0f, 0xb2, 0x12, 0x1f, 0x84, + 0xea, 0x4b, 0xfe, 0x41, 0xf2, 0x33, 0xc8, 0x6d, 0x28, 0xd4, 0x69, 0x24, 0xb6, 0xcd, 0x0b, 0xa9, + 0x5e, 0xd5, 0xbf, 0xeb, 0x72, 0x9d, 0x46, 0x7c, 0x10, 0x79, 0x0c, 0x1c, 0x6a, 0x44, 0x3d, 0xad, + 0xd3, 0x88, 0xdc, 0x87, 0xb1, 0x95, 0x47, 0x5d, 0xda, 0x88, 0x44, 0x42, 0xb8, 0x4b, 0x83, 0xf9, + 0x71, 0x5c, 0x2d, 0x1f, 0x1c, 0x45, 0x80, 0xde, 0x59, 0x1c, 0xe5, 0xf4, 0x75, 0x28, 0xca, 0xca, + 0x9f, 0x64, 0xe6, 0x9e, 0x7e, 0x0b, 0x26, 0xb5, 0x4a, 0x9e, 0x68, 0xd2, 0xff, 0x02, 0xdb, 0x57, + 0xfd, 0x96, 0xcc, 0x21, 0xb7, 0x92, 0x12, 0xf3, 0x72, 0x7a, 0x6e, 0x73, 0x56, 0xe2, 0x3c, 0x10, + 0x45, 0x03, 0xe4, 0xbd, 0x1a, 0xcc, 0xd6, 0x1f, 0x78, 0xdd, 0x38, 0xf8, 0xa4, 0x71, 0x98, 0x62, + 0xc2, 0x08, 0x71, 0xe7, 0x4e, 0x1e, 0xa6, 0x49, 0x3a, 0xeb, 0x4f, 0x72, 0x30, 0xc6, 0xfe, 0xba, + 0x77, 0xfd, 0x19, 0xdd, 0x32, 0xaf, 0x19, 0x5b, 0xe6, 0x9c, 0x16, 0xf9, 0x19, 0x37, 0x8e, 0xeb, + 0x47, 0x6c, 0x96, 0x87, 0x62, 0x80, 0x38, 0x32, 0xb9, 0x09, 0xe3, 0xc2, 0xf2, 0x46, 0x98, 0x48, + 0xeb, 0xa1, 0xa4, 0xa5, 0x4d, 0x8e, 0xba, 0x9c, 0xfb, 0xdd, 0xa4, 0x36, 0x43, 0x52, 0x33, 0x91, + 0x5c, 0x86, 0x01, 0x35, 0x32, 0x8f, 0xfa, 0xe8, 0xd3, 0xc6, 0x43, 0x21, 0x6b, 0xb9, 0x82, 0xfb, + 0x78, 0xbc, 0x57, 0xc4, 0x43, 0x46, 0x61, 0x10, 0x93, 0x13, 0x32, 0x31, 0x63, 0xe6, 0x1b, 0xc7, + 0x3f, 0x39, 0xce, 0x83, 0x08, 0xcb, 0x0f, 0x7b, 0x17, 0xa6, 0x6e, 0xf8, 0xc1, 0xbe, 0x1b, 0xf0, + 0xd0, 0x90, 0xc2, 0x72, 0x80, 0x5d, 0x1d, 0xa7, 0x77, 0x38, 0x9c, 0x07, 0x97, 0xfc, 0xf8, 0xb0, + 0x3c, 0xb2, 0xe4, 0xfb, 0x2d, 0xdb, 0x40, 0x27, 0x1b, 0x30, 0x7d, 0xc7, 0x7d, 0xa4, 0x5d, 0x7a, + 0xb9, 0x93, 0xca, 0x25, 0x36, 0x81, 0xd9, 0xad, 0xf9, 0x68, 0x33, 0x28, 0x93, 0x9e, 0x78, 0x30, + 0xb3, 0xe9, 0x07, 0x91, 0xa8, 0xc4, 0xeb, 0xec, 0x8a, 0xc6, 0xa6, 0x0d, 0xb9, 0xae, 0x64, 0x1a, + 0x72, 0x9d, 0xea, 0xfa, 0x41, 0xe4, 0xec, 0x28, 0x72, 0x23, 0x78, 0x94, 0xc1, 0x98, 0xbc, 0x0b, + 0x73, 0x5a, 0x70, 0xbc, 0x1b, 0x7e, 0xd0, 0x76, 0xa5, 0x50, 0x8e, 0x7a, 0x60, 0xb4, 0x37, 0xd9, + 0x41, 0xb0, 0x9d, 0xc6, 0x24, 0x5f, 0xcd, 0x72, 0xfb, 0x19, 0x8d, 0x2d, 0xc1, 0x32, 0xdc, 0x7e, + 0xfa, 0x59, 0x82, 0xa5, 0x1d, 0x80, 0x76, 0x07, 0x59, 0x8a, 0x16, 0x97, 0xae, 0x8a, 0xeb, 0xf7, + 0xd1, 0x96, 0xa0, 0x6a, 0xdc, 0xfa, 0x58, 0x84, 0x2e, 0x42, 0x61, 0x69, 0xf3, 0x06, 0xbe, 0x5e, + 0x48, 0x43, 0x9b, 0xce, 0x9e, 0xdb, 0x69, 0xa0, 0xb0, 0x2c, 0xac, 0xb3, 0xf5, 0x1d, 0x79, 0x69, + 0xf3, 0x06, 0x71, 0x61, 0x7e, 0x93, 0x06, 0x6d, 0x2f, 0xfa, 0xca, 0xd5, 0xab, 0xda, 0x40, 0x15, + 0xf1, 0xd3, 0xae, 0x88, 0x4f, 0x2b, 0x77, 0x11, 0xc5, 0x79, 0x74, 0xf5, 0x6a, 0xe6, 0x70, 0xa8, + 0x0f, 0xcb, 0xe2, 0xc5, 0x76, 0xc6, 0x3b, 0xee, 0xa3, 0xd8, 0xa8, 0x3e, 0x14, 0x0e, 0x94, 0x67, + 0xe4, 0xc4, 0x8a, 0x0d, 0xf2, 0x8d, 0x9d, 0xd1, 0x24, 0x62, 0x77, 0x9d, 0x78, 0x7a, 0x85, 0xc2, + 0xf5, 0xe4, 0xb4, 0x54, 0xe9, 0x48, 0x2f, 0x5b, 0x5d, 0x60, 0xd7, 0xd0, 0xc9, 0x5d, 0x75, 0x63, + 0xe3, 0x37, 0x1e, 0x91, 0x76, 0xf0, 0x8a, 0x7e, 0x63, 0xe3, 0x8a, 0x14, 0xa3, 0x59, 0xb3, 0xea, + 0x9a, 0xcf, 0xbd, 0x0c, 0x6c, 0x93, 0x4b, 0xfa, 0x22, 0x38, 0xf5, 0xe4, 0x17, 0x41, 0x0a, 0x23, + 0x6b, 0x7e, 0xe3, 0x81, 0x88, 0x78, 0xf5, 0x65, 0xb6, 0xdc, 0x5b, 0x7e, 0xe3, 0xc1, 0xd3, 0xb3, + 0x80, 0x45, 0xf6, 0x64, 0x9d, 0x7d, 0x2a, 0x9b, 0x05, 0xa2, 0x4f, 0x84, 0x55, 0xe5, 0x31, 0x75, + 0x13, 0xd2, 0xca, 0xb8, 0xe0, 0xc3, 0x27, 0x8d, 0xec, 0x5a, 0xdb, 0x24, 0x27, 0x14, 0x4a, 0x55, + 0x1a, 0x3e, 0x88, 0xfc, 0xee, 0x72, 0xcb, 0xeb, 0x6e, 0xfb, 0x6e, 0x20, 0xe3, 0x90, 0xa6, 0xd7, + 0xf7, 0x2b, 0x99, 0xeb, 0x7b, 0xae, 0xc9, 0xe9, 0x9d, 0x86, 0x64, 0x60, 0xa7, 0x58, 0x92, 0xaf, + 0xc2, 0x0c, 0x9b, 0xdc, 0x2b, 0x8f, 0x22, 0xda, 0xe1, 0x23, 0x3f, 0x87, 0xa2, 0xc3, 0x31, 0x2d, + 0xe4, 0xbe, 0x2a, 0xe4, 0x73, 0x0a, 0x17, 0x3b, 0x55, 0x04, 0x46, 0xb4, 0x30, 0x83, 0x15, 0x69, + 0xc2, 0xc2, 0x1d, 0xf7, 0x91, 0x96, 0x2c, 0x51, 0x9b, 0xa4, 0x04, 0x27, 0xd8, 0xc5, 0xc7, 0x87, + 0xe5, 0x97, 0xd8, 0x04, 0x8b, 0x43, 0xe3, 0xf6, 0x99, 0xaf, 0x7d, 0x39, 0x91, 0x1f, 0x86, 0x93, + 0xa2, 0x59, 0x55, 0xcc, 0x43, 0xe3, 0x07, 0x07, 0xf5, 0x3d, 0x17, 0xfd, 0x69, 0xe6, 0x9f, 0x6c, + 0x43, 0x94, 0x1d, 0xd6, 0x94, 0x7c, 0x9c, 0x90, 0x33, 0xb2, 0xfb, 0xd5, 0x40, 0x3e, 0x82, 0x19, + 0xfe, 0x64, 0xb3, 0xea, 0x87, 0x11, 0x5e, 0xe8, 0x8f, 0x3d, 0x99, 0x99, 0x38, 0x7f, 0x07, 0xe2, + 0x8e, 0x15, 0x09, 0x05, 0x40, 0x82, 0x33, 0x79, 0x1b, 0x26, 0x37, 0xbd, 0x0e, 0x8f, 0xe7, 0x57, + 0xdb, 0x44, 0xd5, 0xa3, 0x38, 0x7f, 0xba, 0x5e, 0xc7, 0x91, 0xb7, 0xea, 0xae, 0xda, 0x2e, 0x74, + 0x6c, 0x72, 0x1f, 0x26, 0xeb, 0xf5, 0xd5, 0x1b, 0x1e, 0x3b, 0x00, 0xbb, 0x07, 0x0b, 0x27, 0xfa, + 0x7c, 0xe5, 0xf9, 0xcc, 0xaf, 0x9c, 0x0e, 0xc3, 0x3d, 0x4c, 0x40, 0xef, 0x34, 0xfc, 0xee, 0x81, + 0xad, 0x73, 0xca, 0x30, 0x9d, 0x3e, 0xf9, 0x94, 0x4d, 0xa7, 0x6b, 0x30, 0xab, 0x19, 0x58, 0xa2, + 0x71, 0xe5, 0x42, 0x1c, 0x04, 0x46, 0x37, 0x95, 0x4e, 0xba, 0x0a, 0x26, 0xe9, 0xa4, 0xcd, 0xf4, + 0xa9, 0x27, 0xb5, 0x99, 0xf6, 0x60, 0x8e, 0x0f, 0x86, 0x98, 0x07, 0x38, 0xd2, 0xa7, 0xfb, 0xf4, + 0xe1, 0xa5, 0xcc, 0x3e, 0x9c, 0x17, 0x23, 0x2d, 0x27, 0x19, 0x3e, 0x51, 0xa6, 0xb9, 0x92, 0x1d, + 0x20, 0x02, 0x28, 0xd2, 0xdf, 0x63, 0x5d, 0xcf, 0xf7, 0xa9, 0xeb, 0xa5, 0xcc, 0xba, 0x66, 0x64, + 0x5d, 0xdb, 0xbc, 0x9a, 0x0c, 0x8e, 0xa4, 0x23, 0xeb, 0x91, 0xf3, 0x0b, 0x3b, 0xf6, 0x05, 0x43, + 0x0f, 0x9a, 0x46, 0xe0, 0xc1, 0x74, 0x93, 0x93, 0x36, 0xd9, 0xef, 0x19, 0x9c, 0xc9, 0x23, 0x38, + 0x91, 0xfe, 0x0a, 0xac, 0xf3, 0x0c, 0xd6, 0x79, 0xc6, 0xa8, 0x33, 0x89, 0xc4, 0xe7, 0x8d, 0xd9, + 0xac, 0x64, 0xad, 0x7d, 0xf8, 0x93, 0xbf, 0x94, 0x83, 0x93, 0x77, 0x6e, 0x54, 0x30, 0xeb, 0x9b, + 0xc7, 0xc3, 0x3b, 0x29, 0x17, 0xcb, 0xb3, 0x42, 0x57, 0x9e, 0xd4, 0xdf, 0x4b, 0x89, 0x03, 0xb7, + 0x0a, 0x26, 0x23, 0x9e, 0x6f, 0xef, 0xb8, 0x3c, 0x99, 0x9c, 0x60, 0x91, 0xe1, 0x87, 0xf9, 0x73, + 0x7f, 0x50, 0xce, 0xd9, 0xfd, 0xaa, 0x22, 0x2d, 0x38, 0x6d, 0x76, 0x8b, 0xb4, 0x6a, 0xdf, 0xa3, + 0xad, 0xd6, 0x42, 0x19, 0x67, 0xf4, 0xeb, 0x8f, 0x0f, 0xcb, 0x17, 0x53, 0xbd, 0xab, 0x2c, 0xe5, + 0x19, 0xa6, 0xd6, 0xe0, 0x01, 0xfc, 0x6e, 0x8d, 0x14, 0xa7, 0x4b, 0x33, 0x59, 0xe6, 0xe5, 0xbf, + 0x99, 0x4f, 0x9c, 0x54, 0xa4, 0x06, 0xe3, 0x62, 0x02, 0x0a, 0xd1, 0x3d, 0x3d, 0xcd, 0xce, 0x64, + 0x4e, 0xb3, 0x71, 0x31, 0x97, 0x6d, 0x49, 0x4f, 0xf6, 0x19, 0x2b, 0xfc, 0x0a, 0x71, 0xd7, 0xf9, + 0x3a, 0x3f, 0x88, 0x10, 0x64, 0x1c, 0xb9, 0xd5, 0x27, 0xf7, 0x54, 0x32, 0x1d, 0xe1, 0xf0, 0xec, + 0x95, 0xb5, 0x91, 0x07, 0x3c, 0x31, 0x49, 0x41, 0xb9, 0xbb, 0x98, 0x59, 0x48, 0x9e, 0x5a, 0x85, + 0xac, 0x16, 0xeb, 0x37, 0x72, 0x30, 0x6d, 0x1c, 0x75, 0xe4, 0xba, 0xe6, 0xcb, 0x15, 0xbb, 0x37, + 0x1b, 0x38, 0xb8, 0xfb, 0x25, 0xbd, 0xbc, 0xae, 0x0b, 0x63, 0xf1, 0x7c, 0x7f, 0x3a, 0x9c, 0xfd, + 0x49, 0xd7, 0xbe, 0xc1, 0x9a, 0x41, 0x95, 0xe8, 0x6c, 0xa4, 0x4f, 0xa2, 0xb3, 0xbf, 0xff, 0x3c, + 0xcc, 0x98, 0x77, 0x21, 0xf2, 0x3a, 0x8c, 0xa1, 0x42, 0x55, 0x5e, 0xac, 0x79, 0x82, 0x78, 0x3f, + 0x91, 0xb3, 0x53, 0xe0, 0x90, 0x97, 0x01, 0x94, 0xd5, 0xae, 0x7c, 0x4e, 0x18, 0x7d, 0x7c, 0x58, + 0xce, 0xbd, 0x61, 0x6b, 0x05, 0xe4, 0x1b, 0x00, 0xeb, 0x7e, 0x93, 0xaa, 0xac, 0x90, 0x03, 0x9e, + 0xcc, 0x5f, 0x49, 0x05, 0xed, 0x3f, 0xde, 0xf1, 0x9b, 0x34, 0x1d, 0xa1, 0x5f, 0xe3, 0x48, 0xbe, + 0x04, 0xa3, 0x76, 0x8f, 0x5d, 0xe2, 0xb9, 0xfe, 0x64, 0x52, 0x1e, 0x39, 0xbd, 0x16, 0x8d, 0x6f, + 0x88, 0x41, 0x2f, 0x69, 0x0d, 0xc6, 0x00, 0xe4, 0x7d, 0x1e, 0xcc, 0x5f, 0x44, 0xc2, 0x1b, 0x8d, + 0x1f, 0x58, 0x34, 0x51, 0x24, 0x15, 0x0b, 0x4f, 0x23, 0x21, 0x1b, 0x30, 0xae, 0xbf, 0x0c, 0x68, + 0x4e, 0xc1, 0xfa, 0xeb, 0x91, 0x76, 0xdd, 0x14, 0xe9, 0x24, 0x93, 0x8f, 0x06, 0x92, 0x0b, 0x79, + 0x07, 0x26, 0x18, 0x7b, 0xb6, 0x94, 0x43, 0x71, 0xcd, 0xc0, 0x67, 0x14, 0xed, 0x83, 0xd8, 0x76, + 0x60, 0xc4, 0xab, 0x53, 0x04, 0xe4, 0xab, 0x98, 0xa8, 0x50, 0x74, 0xf5, 0x40, 0x53, 0x8a, 0x0b, + 0xa9, 0xae, 0xc6, 0xcc, 0x85, 0xe9, 0xcc, 0xe7, 0x8a, 0x1f, 0xd9, 0x55, 0x31, 0xa9, 0x86, 0x49, + 0xc0, 0xf0, 0x6a, 0xaa, 0x82, 0x05, 0x19, 0x66, 0x29, 0x9d, 0xdd, 0xd3, 0xe0, 0x4b, 0xba, 0x50, + 0x8a, 0xa5, 0x3c, 0x51, 0x17, 0x0c, 0xaa, 0xeb, 0x8d, 0x54, 0x5d, 0xfa, 0x00, 0xa6, 0xaa, 0x4b, + 0x71, 0x27, 0x4d, 0x98, 0x91, 0x27, 0x86, 0xa8, 0x6f, 0x72, 0x50, 0x7d, 0x2f, 0xa7, 0xea, 0x9b, + 0x6f, 0x6e, 0xa7, 0xeb, 0x49, 0xf0, 0x24, 0xef, 0xc0, 0xb4, 0x84, 0xf0, 0x5c, 0x9b, 0x53, 0x71, + 0x52, 0xc5, 0xe6, 0x76, 0x2a, 0xc3, 0xa6, 0x89, 0xac, 0x53, 0xf3, 0xd9, 0x31, 0x6d, 0x50, 0x27, + 0x67, 0x85, 0x89, 0x4c, 0x3e, 0x84, 0xc9, 0x5a, 0x9b, 0x35, 0xc4, 0xef, 0xb8, 0x11, 0x15, 0x0e, + 0x63, 0xd2, 0x2c, 0x44, 0x2b, 0xd1, 0xa6, 0x2a, 0xcf, 0x22, 0x1a, 0x17, 0x19, 0x59, 0x44, 0x63, + 0x30, 0xeb, 0x3c, 0xfe, 0x14, 0x24, 0xe6, 0xb0, 0x74, 0x26, 0x3b, 0x93, 0x61, 0x9a, 0xa1, 0xb1, + 0x17, 0x11, 0x27, 0x19, 0x54, 0x3e, 0xc5, 0x24, 0x22, 0x4e, 0xea, 0x3c, 0xc9, 0xbb, 0x30, 0x29, + 0x72, 0xd3, 0x54, 0xec, 0xf5, 0x70, 0xa1, 0x84, 0x8d, 0x47, 0x17, 0x78, 0x99, 0xc6, 0xc6, 0x71, + 0x83, 0x84, 0x0d, 0x62, 0x8c, 0x4f, 0xbe, 0x02, 0xc7, 0xee, 0x7b, 0x9d, 0xa6, 0xbf, 0x1f, 0x8a, + 0x63, 0x4a, 0x6c, 0x74, 0x73, 0xb1, 0x07, 0xd0, 0x3e, 0x2f, 0x57, 0xc2, 0x59, 0x6a, 0xe3, 0xcb, + 0xe4, 0x40, 0xfe, 0x7c, 0x8a, 0x33, 0x9f, 0x41, 0x64, 0xd0, 0x0c, 0x5a, 0x4c, 0xcd, 0xa0, 0x74, + 0xf5, 0xc9, 0xe9, 0x94, 0x59, 0x0d, 0xf1, 0x81, 0x98, 0xe7, 0xfb, 0x2d, 0xdf, 0xeb, 0x2c, 0xcc, + 0xe3, 0x5e, 0xf8, 0x7c, 0xd2, 0xe9, 0x1c, 0xf1, 0x44, 0x36, 0x56, 0xeb, 0xf1, 0x61, 0xf9, 0x6c, + 0x52, 0x08, 0xff, 0xc8, 0x37, 0x14, 0xe5, 0x19, 0xac, 0xc9, 0x87, 0x30, 0xc5, 0xfe, 0x57, 0x5a, + 0x82, 0x63, 0x86, 0x31, 0x9f, 0x86, 0x29, 0xea, 0xc1, 0x31, 0xc2, 0xe4, 0x39, 0x19, 0x0a, 0x04, + 0x83, 0x15, 0x79, 0x0b, 0x80, 0xc9, 0x31, 0x62, 0x3b, 0x3e, 0x1e, 0x07, 0xf8, 0x44, 0x31, 0x28, + 0xbd, 0x11, 0xc7, 0xc8, 0xe4, 0x1d, 0x98, 0x64, 0xbf, 0xea, 0xbd, 0xa6, 0xcf, 0xd6, 0xc6, 0x09, + 0xa4, 0xe5, 0x7e, 0x78, 0x8c, 0x36, 0xe4, 0x70, 0xc3, 0x0f, 0x2f, 0x46, 0x27, 0xab, 0x30, 0x8b, + 0x81, 0x58, 0x6b, 0x98, 0xaa, 0x39, 0xf2, 0x68, 0xb8, 0x70, 0x52, 0x7b, 0xc2, 0x66, 0x45, 0x8e, + 0xa7, 0xca, 0xf4, 0xcb, 0x45, 0x82, 0x8c, 0x84, 0x30, 0x1f, 0xef, 0x2e, 0xf1, 0x83, 0xf8, 0x02, + 0x76, 0x92, 0x14, 0xa9, 0xd3, 0x18, 0x7c, 0x3f, 0x66, 0x23, 0xa2, 0x6d, 0x5c, 0xf2, 0x39, 0x41, + 0xaf, 0x30, 0x8b, 0x3b, 0xb1, 0x81, 0xdc, 0x5c, 0xde, 0x4c, 0x46, 0x2a, 0x3d, 0x85, 0x2d, 0xc0, + 0x61, 0xde, 0x6d, 0xc4, 0x69, 0x62, 0x33, 0xa2, 0x95, 0x66, 0x50, 0x93, 0x6f, 0xc3, 0x71, 0xb9, + 0x83, 0x88, 0x22, 0x31, 0xaf, 0x4f, 0x3f, 0xe1, 0x4e, 0xdc, 0xdc, 0x56, 0x55, 0xa7, 0xa6, 0x74, + 0x76, 0x15, 0xc4, 0x85, 0x49, 0x1c, 0x56, 0x51, 0xe3, 0xf3, 0x83, 0x6a, 0xbc, 0x98, 0xaa, 0xf1, + 0x04, 0x4e, 0x94, 0x74, 0x65, 0x3a, 0x4f, 0xb2, 0x04, 0xd3, 0x62, 0x1d, 0x89, 0xd9, 0xf6, 0x02, + 0xf6, 0x16, 0x6a, 0x95, 0xe4, 0x0a, 0x4c, 0x4d, 0x38, 0x93, 0x44, 0xdf, 0x91, 0xf9, 0x33, 0xc2, + 0x19, 0x63, 0x47, 0x4e, 0xbe, 0x1e, 0x98, 0xc8, 0x6c, 0x47, 0x8a, 0xa5, 0x98, 0x95, 0x47, 0xdd, + 0x40, 0xe8, 0x8c, 0xce, 0xc6, 0x09, 0x3c, 0x34, 0xe1, 0xc7, 0xa1, 0x0a, 0x43, 0xdf, 0x12, 0xb2, + 0x38, 0x90, 0xbb, 0x30, 0xaf, 0x4e, 0x6d, 0x8d, 0x71, 0x39, 0x4e, 0x84, 0x12, 0x1f, 0xf5, 0xd9, + 0x7c, 0xb3, 0xe8, 0x89, 0x0b, 0x27, 0x8d, 0x73, 0x5a, 0x63, 0x7d, 0x0e, 0x59, 0x63, 0x5a, 0x62, + 0xf3, 0x90, 0xcf, 0x66, 0xdf, 0x8f, 0x0f, 0xf9, 0x08, 0x4e, 0x27, 0xcf, 0x66, 0xad, 0x96, 0x17, + 0xb1, 0x96, 0x57, 0x1f, 0x1f, 0x96, 0x2f, 0xa4, 0x8e, 0xf7, 0xec, 0x8a, 0x06, 0x70, 0x23, 0xdf, + 0x80, 0x05, 0xf3, 0x7c, 0xd6, 0x6a, 0xb2, 0xb0, 0x26, 0x5c, 0x3a, 0xea, 0x60, 0xcf, 0xae, 0xa1, + 0x2f, 0x0f, 0x12, 0x41, 0x39, 0x73, 0x76, 0x6b, 0xd5, 0x9c, 0x8f, 0x1b, 0x94, 0x5a, 0x25, 0xd9, + 0xd5, 0x1d, 0xc5, 0x92, 0xec, 0xc3, 0xd9, 0xac, 0x63, 0x42, 0xab, 0xf4, 0x25, 0xa5, 0x95, 0x7d, + 0x2d, 0xfb, 0xc8, 0xc9, 0xae, 0xf9, 0x08, 0xb6, 0xe4, 0xab, 0x70, 0x5c, 0x5b, 0x5f, 0x5a, 0x7d, + 0x2f, 0x63, 0x7d, 0xe8, 0xbf, 0xab, 0x2f, 0xcc, 0xec, 0x5a, 0xb2, 0x79, 0x90, 0x36, 0xcc, 0xcb, + 0x86, 0xa3, 0xfa, 0x5b, 0x1c, 0x3d, 0x17, 0x8c, 0x5d, 0x35, 0x8d, 0xa1, 0x25, 0x96, 0xdf, 0x76, + 0xba, 0x31, 0xa1, 0x3e, 0xd3, 0x33, 0xf8, 0x92, 0x55, 0x18, 0xab, 0x6f, 0xd6, 0x6e, 0xdc, 0x58, + 0x59, 0x78, 0x05, 0x6b, 0x90, 0xce, 0x3e, 0x1c, 0x68, 0x5c, 0x9a, 0x84, 0x8d, 0x59, 0xd7, 0xdb, + 0xd9, 0x31, 0x7c, 0xaa, 0x38, 0xea, 0xad, 0x91, 0xe2, 0xc5, 0xd2, 0xa5, 0x5b, 0x23, 0xc5, 0x4b, + 0xa5, 0x57, 0xed, 0x17, 0xb2, 0x53, 0x71, 0xf3, 0xc6, 0xda, 0x17, 0x06, 0x95, 0xc6, 0x5d, 0x61, + 0xfd, 0x42, 0x0e, 0xe6, 0x33, 0xbe, 0x83, 0x5c, 0x80, 0x11, 0xcc, 0x2c, 0xa2, 0xbd, 0xaa, 0x27, + 0x32, 0x8a, 0x60, 0x39, 0xf9, 0x1c, 0x8c, 0x57, 0xd7, 0xeb, 0xf5, 0xca, 0xba, 0xbc, 0xb2, 0xf1, + 0xed, 0xaa, 0x13, 0x3a, 0xa1, 0x6b, 0x3e, 0xc6, 0x09, 0x34, 0xf2, 0x06, 0x8c, 0xd5, 0x36, 0x91, + 0x80, 0x9b, 0x75, 0xe1, 0x15, 0xc6, 0xeb, 0x26, 0xf1, 0x05, 0x92, 0xf5, 0xe3, 0x39, 0x20, 0xe9, + 0x4e, 0x25, 0x57, 0x61, 0x52, 0x1f, 0x3a, 0x7e, 0xc1, 0xc4, 0x87, 0x23, 0x6d, 0x60, 0x6c, 0x1d, + 0x87, 0x54, 0x61, 0x14, 0x73, 0xaf, 0xa9, 0x57, 0xc0, 0xcc, 0x03, 0xe0, 0x64, 0xea, 0x00, 0x18, + 0xc5, 0xcc, 0x6e, 0x36, 0x27, 0xb6, 0x7e, 0x27, 0x07, 0x24, 0x7d, 0x68, 0x0e, 0x6d, 0x85, 0xf0, + 0xa6, 0xe6, 0x96, 0xab, 0xe7, 0x0e, 0x50, 0x89, 0x5f, 0xf4, 0xcb, 0x52, 0xec, 0xc0, 0x7b, 0xc1, + 0xb8, 0x9c, 0xf7, 0xf7, 0xe5, 0xba, 0x04, 0xa3, 0xf7, 0x68, 0xb0, 0x2d, 0x2d, 0x16, 0xd1, 0xca, + 0xe9, 0x21, 0x03, 0xe8, 0x97, 0x55, 0xc4, 0xb0, 0xfe, 0x28, 0x07, 0xc7, 0xb2, 0x24, 0xb9, 0x23, + 0x5c, 0xae, 0xac, 0x84, 0xb7, 0x18, 0x5a, 0x20, 0x70, 0x13, 0x28, 0xe5, 0x23, 0x56, 0x86, 0x51, + 0xd6, 0x58, 0x39, 0xc2, 0xa8, 0x2c, 0x60, 0xbd, 0x11, 0xda, 0x1c, 0xce, 0x10, 0x78, 0xa8, 0xa7, + 0x11, 0x8c, 0x12, 0x86, 0x08, 0x28, 0x28, 0xd8, 0x1c, 0xce, 0x10, 0xee, 0xf8, 0x4d, 0x95, 0x70, + 0x18, 0x11, 0xda, 0x0c, 0x60, 0x73, 0x38, 0xb9, 0x00, 0xe3, 0x1b, 0x9d, 0x35, 0xea, 0x3e, 0x94, + 0xf1, 0xab, 0xd1, 0x62, 0xc2, 0xef, 0x38, 0x2d, 0x06, 0xb3, 0x65, 0xa1, 0xf5, 0xd3, 0x39, 0x98, + 0x4b, 0x09, 0x91, 0x47, 0x7b, 0x95, 0x0d, 0x76, 0xef, 0x18, 0xa6, 0x7d, 0xfc, 0xf3, 0x47, 0xb2, + 0x3f, 0xdf, 0xfa, 0xbf, 0x47, 0xe0, 0x64, 0x9f, 0x3b, 0x7d, 0xec, 0x7e, 0x96, 0x3b, 0xd2, 0xfd, + 0xec, 0x6b, 0xec, 0x0e, 0xed, 0x7a, 0xed, 0x70, 0xcb, 0x8f, 0xbf, 0x38, 0xb6, 0x62, 0xc7, 0x32, + 0x99, 0x73, 0x59, 0x9a, 0x3b, 0x9f, 0xe2, 0x79, 0xef, 0x9d, 0xc8, 0x4f, 0x8b, 0x14, 0x06, 0xb3, + 0x94, 0x03, 0x58, 0xe1, 0x4f, 0x89, 0x03, 0x98, 0xe9, 0x92, 0x30, 0xf2, 0x54, 0x5d, 0x12, 0xb2, + 0xcd, 0x19, 0x47, 0x3f, 0x8d, 0x71, 0xeb, 0x32, 0x4c, 0x73, 0x93, 0x91, 0x4a, 0xc8, 0x07, 0x69, + 0x2c, 0x65, 0x66, 0xe2, 0x86, 0xe9, 0xb1, 0x30, 0x68, 0xc8, 0xaa, 0x69, 0x3e, 0x3f, 0x8e, 0x4f, + 0x5d, 0x17, 0xfa, 0x9b, 0xc7, 0x1b, 0x4f, 0xdc, 0x3a, 0xa9, 0xf5, 0xd3, 0x79, 0xd3, 0x3b, 0xec, + 0x4f, 0xe3, 0xcc, 0xbb, 0x04, 0xa3, 0xf7, 0xf7, 0x68, 0x20, 0xf7, 0x3b, 0xfc, 0x90, 0x7d, 0x06, + 0xd0, 0x3f, 0x04, 0x31, 0xc8, 0x0d, 0x98, 0xd9, 0xe4, 0x23, 0x21, 0xbb, 0x77, 0x24, 0xbe, 0x6a, + 0x75, 0x85, 0x42, 0x20, 0xa3, 0x7f, 0x13, 0x54, 0xd6, 0x4d, 0x38, 0x63, 0x2c, 0x48, 0x11, 0xcd, + 0x82, 0x5b, 0xb1, 0xf3, 0x13, 0x71, 0x26, 0xb6, 0xdb, 0x8f, 0x77, 0x0f, 0x3b, 0x01, 0xb5, 0x76, + 0xe0, 0xec, 0x40, 0x46, 0xec, 0x20, 0x82, 0xae, 0xfa, 0x95, 0x30, 0xb5, 0x1b, 0x48, 0x6a, 0x6b, + 0x74, 0xd6, 0x0f, 0xc3, 0x94, 0xde, 0xcb, 0xb8, 0xa7, 0xb2, 0xdf, 0x62, 0x53, 0xe3, 0x7b, 0x2a, + 0x03, 0xd8, 0x1c, 0x1e, 0xab, 0x70, 0xf3, 0xd9, 0x2a, 0xdc, 0x78, 0xf8, 0x0b, 0x47, 0x0d, 0x3f, + 0xab, 0x1c, 0x97, 0xac, 0x56, 0x39, 0xfe, 0xd6, 0x2b, 0xc7, 0x70, 0x15, 0x36, 0x87, 0x3f, 0xd5, + 0xca, 0x7f, 0x5b, 0x66, 0xf0, 0x40, 0x23, 0x79, 0x79, 0x27, 0x8e, 0x33, 0x02, 0xcf, 0x67, 0xdd, + 0x74, 0x63, 0xcc, 0xf8, 0x90, 0xcc, 0x1f, 0x75, 0x48, 0x3e, 0xc9, 0x44, 0xbc, 0x02, 0xe3, 0x15, + 0xf1, 0x10, 0x3d, 0x12, 0x0b, 0x36, 0x6e, 0xea, 0xd5, 0x59, 0x62, 0x59, 0x3f, 0x97, 0x83, 0xe3, + 0x99, 0xaa, 0x32, 0x56, 0x2b, 0xd7, 0xc9, 0x69, 0xeb, 0x30, 0xa9, 0x90, 0xe3, 0x18, 0x4f, 0xe2, + 0xab, 0x3c, 0x7c, 0x5b, 0xac, 0x17, 0x61, 0x42, 0x3d, 0xd4, 0x90, 0x63, 0x72, 0xe8, 0xd0, 0x3a, + 0x49, 0xea, 0xfb, 0xeb, 0x00, 0xec, 0x0b, 0x9e, 0xaa, 0x2d, 0x9d, 0xf5, 0xdb, 0x79, 0x9e, 0xdd, + 0xed, 0x99, 0x0d, 0xf1, 0x97, 0x6d, 0x00, 0xc7, 0x9a, 0xd4, 0x3f, 0xb0, 0x1f, 0x59, 0x81, 0xb1, + 0x7a, 0xe4, 0x46, 0x3d, 0xe9, 0x62, 0x3d, 0xaf, 0x93, 0x61, 0xc1, 0xbd, 0xc5, 0xd8, 0xc9, 0x36, + 0x44, 0x88, 0x71, 0x39, 0x40, 0x88, 0x66, 0x47, 0xf7, 0x8f, 0x73, 0x30, 0xa5, 0x13, 0x93, 0x0f, + 0x61, 0x46, 0x06, 0x2e, 0xe3, 0x8e, 0xe7, 0xe2, 0x55, 0x49, 0x9a, 0x64, 0xc8, 0xc0, 0x65, 0xba, + 0xa3, 0xba, 0x81, 0xaf, 0x6f, 0xd5, 0x5d, 0x1d, 0x99, 0x34, 0x81, 0xb4, 0x77, 0x5c, 0x67, 0x9f, + 0xba, 0x0f, 0x68, 0x18, 0x39, 0xfc, 0xe9, 0x5c, 0x3c, 0x3e, 0x49, 0xf6, 0x77, 0x6e, 0x54, 0xf8, + 0xab, 0x39, 0x1b, 0x09, 0x11, 0x81, 0x2e, 0x45, 0xa3, 0x6b, 0xd4, 0xdb, 0x3b, 0xee, 0x7d, 0x5e, + 0xc8, 0xe9, 0xac, 0x3f, 0x1e, 0xe3, 0xd3, 0x4d, 0xc4, 0x39, 0xdc, 0x86, 0x99, 0x8d, 0x5a, 0x75, + 0x59, 0xd3, 0xaf, 0x99, 0x69, 0x32, 0x56, 0x1e, 0x45, 0x34, 0xe8, 0xb8, 0x2d, 0x81, 0x70, 0x10, + 0x1f, 0x41, 0xbe, 0xd7, 0x6c, 0x64, 0xeb, 0xde, 0x12, 0x1c, 0x59, 0x1d, 0xfc, 0x0e, 0xa5, 0xea, + 0xc8, 0x0f, 0x59, 0x47, 0xe8, 0xb6, 0x5b, 0x7d, 0xea, 0x30, 0x39, 0x92, 0x3d, 0x28, 0xdd, 0x44, + 0x71, 0x49, 0xab, 0xa5, 0x30, 0xb8, 0x96, 0xf3, 0xa2, 0x96, 0xe7, 0xb9, 0x9c, 0x95, 0x5d, 0x4f, + 0x8a, 0x6b, 0xbc, 0x4f, 0x8c, 0x1c, 0xb9, 0x4f, 0xfc, 0xe5, 0x1c, 0x8c, 0x71, 0x79, 0x4c, 0x4c, + 0xe3, 0x3e, 0x12, 0xdf, 0xfd, 0xa7, 0x23, 0xf1, 0x95, 0xf0, 0x9c, 0x30, 0x26, 0x34, 0x2f, 0x23, + 0xd5, 0xc4, 0xba, 0x90, 0xe6, 0x9f, 0xa8, 0x29, 0xe7, 0x25, 0x47, 0x2f, 0x0b, 0x52, 0x8b, 0xdd, + 0x9e, 0xc7, 0x8f, 0xf4, 0xac, 0x93, 0xae, 0xe2, 0xe3, 0xc2, 0xed, 0xd9, 0x74, 0x76, 0x5e, 0x83, + 0x09, 0xe1, 0x4c, 0xbd, 0x74, 0x20, 0xde, 0xc3, 0x4a, 0x86, 0x89, 0x41, 0x73, 0xe9, 0x20, 0x96, + 0x35, 0x85, 0x3b, 0xb6, 0xb3, 0x7d, 0x60, 0x24, 0xcb, 0x93, 0x88, 0x64, 0x83, 0x27, 0x91, 0xe2, + 0x91, 0x20, 0xcd, 0xd0, 0xcf, 0x0a, 0x2e, 0xc2, 0xb4, 0x48, 0x8f, 0xcc, 0x8c, 0xc0, 0x8f, 0x31, + 0x0f, 0xb2, 0x06, 0x25, 0x34, 0x4b, 0xa1, 0x4d, 0xbe, 0x6a, 0x6a, 0x55, 0xee, 0xb0, 0x2b, 0x4c, + 0x0b, 0x23, 0x5e, 0x26, 0x96, 0x5b, 0xc2, 0x57, 0x26, 0x45, 0xc9, 0xee, 0x87, 0xa5, 0xe4, 0xec, + 0x23, 0xef, 0xc0, 0xa4, 0x8a, 0xc4, 0xa9, 0xbc, 0xf5, 0x50, 0x2f, 0x1e, 0x87, 0xee, 0x34, 0x53, + 0x0f, 0x69, 0xe8, 0x64, 0x11, 0x8a, 0x6c, 0x11, 0x27, 0xd3, 0xf4, 0xf5, 0x04, 0x4c, 0x37, 0xc1, + 0x97, 0x78, 0xa4, 0x0e, 0xf3, 0x6c, 0xd1, 0xd4, 0xbd, 0xce, 0x6e, 0x8b, 0xae, 0xf9, 0xbb, 0x7e, + 0x2f, 0xba, 0x6b, 0xaf, 0x89, 0x3d, 0x9c, 0x4b, 0xe4, 0x6e, 0xbb, 0x65, 0x14, 0x07, 0x46, 0x12, + 0xe6, 0x0c, 0x6a, 0x6d, 0xab, 0xfc, 0x83, 0x3c, 0x4c, 0x6a, 0xf3, 0x89, 0x5c, 0x82, 0x62, 0x2d, + 0x5c, 0xf3, 0x1b, 0x0f, 0x54, 0x1c, 0xaf, 0xe9, 0xc7, 0x87, 0xe5, 0x09, 0x2f, 0x74, 0x5a, 0x08, + 0xb4, 0x55, 0x31, 0x59, 0x82, 0x69, 0xfe, 0x97, 0x8c, 0x90, 0x9e, 0x8f, 0x2d, 0x09, 0x39, 0xb2, + 0x8c, 0x8d, 0xae, 0xef, 0x9e, 0x06, 0x09, 0xf9, 0x3a, 0x00, 0x07, 0xa0, 0xe7, 0x67, 0x61, 0x78, + 0x9f, 0x55, 0x51, 0x41, 0x86, 0xcf, 0xa7, 0xc6, 0x90, 0x7c, 0x93, 0x47, 0xee, 0x94, 0xf3, 0x7f, + 0x64, 0x78, 0xa7, 0x5b, 0xc6, 0xdf, 0xc9, 0xf6, 0xfd, 0xd7, 0x59, 0x8a, 0x90, 0x83, 0xa7, 0x6d, + 0xda, 0xf0, 0x1f, 0xd2, 0xe0, 0xa0, 0x12, 0x21, 0xa2, 0x86, 0x61, 0xfd, 0x8f, 0x39, 0x6d, 0xd5, + 0x90, 0x75, 0xcc, 0x2c, 0xc9, 0x67, 0x84, 0x30, 0x0d, 0x51, 0x77, 0x06, 0x09, 0xb7, 0xe9, 0xce, + 0xd2, 0xf3, 0xc2, 0x90, 0x75, 0x5e, 0xcd, 0xab, 0x44, 0xc6, 0x49, 0x0e, 0x24, 0x1f, 0xc0, 0x08, + 0x76, 0x5d, 0xfe, 0xc8, 0xa6, 0xc9, 0x63, 0x7b, 0x84, 0xf5, 0x19, 0x36, 0x04, 0x29, 0xc9, 0xe7, + 0x84, 0xd7, 0x1c, 0xef, 0xfc, 0x19, 0xed, 0xec, 0x65, 0xdf, 0xa1, 0xce, 0xeb, 0x38, 0xfc, 0x83, + 0x36, 0x7b, 0xfe, 0x9d, 0x3c, 0x94, 0x92, 0x6b, 0x95, 0xbc, 0x0f, 0x53, 0xf2, 0x3c, 0xc5, 0xd4, + 0xe3, 0xac, 0x95, 0x53, 0x22, 0xbc, 0xb6, 0x3c, 0x54, 0x93, 0x99, 0xc7, 0x75, 0x02, 0x26, 0xdc, + 0x6c, 0x89, 0x70, 0x4c, 0xda, 0x2a, 0x89, 0xfc, 0xa8, 0x9b, 0x08, 0xfe, 0x28, 0xd1, 0xc8, 0x9b, + 0x50, 0xb8, 0x73, 0xa3, 0x22, 0x5c, 0x34, 0x4a, 0xc9, 0x53, 0x97, 0x9b, 0xa0, 0x99, 0x06, 0x71, + 0x0c, 0x9f, 0xac, 0x69, 0xb1, 0x55, 0xc7, 0x8c, 0x9c, 0x4a, 0x12, 0xac, 0x1a, 0x77, 0x74, 0x90, + 0x55, 0x9e, 0xd3, 0x5c, 0x44, 0x30, 0xfc, 0x0f, 0x0a, 0x30, 0xa1, 0xea, 0x27, 0x04, 0x50, 0x76, + 0x13, 0x17, 0x26, 0xfc, 0x9b, 0x9c, 0x82, 0xa2, 0x14, 0xd7, 0x84, 0xa7, 0xc6, 0x78, 0x28, 0x44, + 0xb5, 0x05, 0x90, 0x72, 0x19, 0x5f, 0xe6, 0xb6, 0xfc, 0x49, 0xae, 0x82, 0x12, 0xba, 0xfa, 0x49, + 0x67, 0x23, 0x6c, 0xc0, 0x6c, 0x85, 0x46, 0x66, 0x20, 0xef, 0xf1, 0xa8, 0x38, 0x13, 0x76, 0xde, + 0x6b, 0x92, 0xf7, 0xa1, 0xe8, 0x36, 0x9b, 0xb4, 0xe9, 0xb8, 0xd2, 0xc6, 0x62, 0xd0, 0xa4, 0x29, + 0x32, 0x6e, 0xfc, 0x10, 0x40, 0xaa, 0x4a, 0x44, 0x2a, 0x30, 0xd1, 0x72, 0xb9, 0x19, 0x55, 0x73, + 0x88, 0x13, 0x25, 0xe6, 0x50, 0x64, 0x64, 0x77, 0x43, 0xda, 0x24, 0xaf, 0xc0, 0x08, 0x1b, 0x4d, + 0x71, 0x84, 0x48, 0x29, 0x91, 0x0d, 0x26, 0xef, 0xb0, 0xd5, 0xe7, 0x6c, 0x44, 0x20, 0x2f, 0x41, + 0xa1, 0xb7, 0xb8, 0x23, 0x0e, 0x87, 0x52, 0x1c, 0xe7, 0x58, 0xa1, 0xb1, 0x62, 0x72, 0x0d, 0x8a, + 0xfb, 0x66, 0x88, 0xdc, 0xe3, 0x89, 0x61, 0x54, 0xf8, 0x0a, 0x71, 0xa9, 0x08, 0x63, 0xfc, 0x20, + 0xb0, 0xce, 0x02, 0xc4, 0x55, 0xa7, 0x1d, 0x6a, 0xac, 0xaf, 0xc3, 0x84, 0xaa, 0x92, 0x9c, 0x01, + 0x78, 0x40, 0x0f, 0x9c, 0x3d, 0xb7, 0xd3, 0x6c, 0x71, 0x29, 0x72, 0xca, 0x9e, 0x78, 0x40, 0x0f, + 0x56, 0x11, 0x40, 0x4e, 0xc2, 0x78, 0x97, 0x8d, 0xaa, 0x98, 0xba, 0x53, 0xf6, 0x58, 0xb7, 0xb7, + 0xcd, 0x66, 0xe8, 0x02, 0x8c, 0xa3, 0x82, 0x4f, 0x2c, 0xb4, 0x69, 0x5b, 0xfe, 0xb4, 0xfe, 0xab, + 0x3c, 0xa6, 0x87, 0xd0, 0xbe, 0x93, 0x9c, 0x87, 0xe9, 0x46, 0x40, 0xf1, 0xcc, 0x71, 0x99, 0x24, + 0x25, 0xea, 0x99, 0x8a, 0x81, 0xb5, 0x26, 0xb9, 0x00, 0xb3, 0x22, 0x8d, 0x3f, 0xfb, 0xa0, 0xc6, + 0xb6, 0x88, 0x67, 0x3d, 0x65, 0x4f, 0x73, 0xf0, 0x6d, 0x7a, 0xb0, 0xbc, 0x8d, 0xd1, 0x9c, 0x4a, + 0x7a, 0x30, 0xce, 0x48, 0x65, 0x5f, 0xb5, 0x67, 0x35, 0x38, 0x9a, 0x4e, 0x9d, 0x80, 0x31, 0xd7, + 0xdd, 0xed, 0x79, 0x3c, 0xea, 0xca, 0x94, 0x2d, 0x7e, 0x91, 0xd7, 0x60, 0x2e, 0xf4, 0x76, 0x3b, + 0x6e, 0xd4, 0x0b, 0x44, 0x7e, 0x0e, 0x1a, 0xe0, 0x94, 0x9a, 0xb6, 0x4b, 0xaa, 0x60, 0x99, 0xc3, + 0xc9, 0x1b, 0x40, 0xf4, 0xfa, 0xfc, 0xed, 0x8f, 0x68, 0x83, 0x4f, 0xb5, 0x29, 0x7b, 0x4e, 0x2b, + 0xd9, 0xc0, 0x02, 0xf2, 0x22, 0x4c, 0x05, 0x34, 0x44, 0x29, 0x0e, 0xbb, 0x0d, 0xb3, 0x27, 0xd9, + 0x93, 0x12, 0xc6, 0xfa, 0xee, 0x22, 0x94, 0xb4, 0xee, 0xc0, 0x78, 0xa7, 0x3c, 0x98, 0xb3, 0x3d, + 0x13, 0xc3, 0xed, 0x6e, 0xad, 0x69, 0x2d, 0xc1, 0x5c, 0x6a, 0xe5, 0x6a, 0x19, 0xb3, 0xf9, 0x4e, + 0x34, 0x38, 0x63, 0xb6, 0xd5, 0x81, 0x29, 0x7d, 0x27, 0x3e, 0x22, 0xa6, 0xf8, 0x09, 0xf4, 0xda, + 0xe7, 0xdb, 0xd4, 0xd8, 0xe3, 0xc3, 0x72, 0xde, 0x6b, 0xa2, 0xaf, 0xfe, 0x45, 0x28, 0x4a, 0xa1, + 0x41, 0x9c, 0xd5, 0xa8, 0xa0, 0x15, 0xd2, 0xea, 0x81, 0xad, 0x4a, 0xad, 0x57, 0x60, 0x5c, 0x6c, + 0xb6, 0x83, 0xd5, 0xb2, 0xd6, 0x77, 0xf2, 0x30, 0x6b, 0x53, 0xb6, 0x15, 0x50, 0x9e, 0x48, 0xe0, + 0x99, 0xbd, 0x25, 0x66, 0xc7, 0x7e, 0x33, 0xda, 0x36, 0x20, 0x84, 0xff, 0xdf, 0xcb, 0xc1, 0x7c, + 0x06, 0xee, 0x27, 0x4a, 0x61, 0x77, 0x1d, 0x26, 0xaa, 0x9e, 0xdb, 0xaa, 0x34, 0x9b, 0xca, 0x85, + 0x1f, 0x45, 0x4d, 0xcc, 0x73, 0xe1, 0x32, 0xa8, 0x7e, 0xec, 0x2a, 0x54, 0xf2, 0xaa, 0x98, 0x14, + 0x71, 0x16, 0x4f, 0x9c, 0x14, 0x1f, 0x1f, 0x96, 0x81, 0x7f, 0x53, 0x9c, 0xda, 0x17, 0xe3, 0x31, + 0x72, 0x60, 0x6c, 0x62, 0xff, 0xcc, 0x0e, 0x5d, 0x76, 0x3c, 0xc6, 0x64, 0xf3, 0x86, 0x8a, 0xe2, + 0xff, 0xd7, 0xf2, 0x70, 0x22, 0x9b, 0xf0, 0x93, 0x66, 0x23, 0xc4, 0xfc, 0x09, 0x5a, 0x0c, 0x59, + 0xcc, 0x46, 0xc8, 0x93, 0x2d, 0x20, 0x7e, 0x8c, 0x40, 0x76, 0x60, 0x7a, 0xcd, 0x0d, 0xa3, 0x55, + 0xea, 0x06, 0xd1, 0x36, 0x75, 0xa3, 0x21, 0x64, 0xcf, 0x97, 0xe4, 0xeb, 0x27, 0x1e, 0x7f, 0x7b, + 0x92, 0x32, 0x21, 0x1d, 0x9a, 0x6c, 0xd5, 0x44, 0x19, 0x19, 0x62, 0xa2, 0x7c, 0x0b, 0x66, 0xeb, + 0xb4, 0xed, 0x76, 0xf7, 0xfc, 0x40, 0xfa, 0x68, 0x5e, 0x86, 0x69, 0x05, 0xca, 0x9c, 0x2d, 0x66, + 0xb1, 0x81, 0xaf, 0x75, 0x44, 0xbc, 0x95, 0x98, 0xc5, 0xd6, 0xdf, 0xc8, 0xc3, 0xc9, 0x4a, 0x43, + 0x18, 0x25, 0x89, 0x02, 0x69, 0x3b, 0xf9, 0x19, 0xd7, 0x4d, 0xae, 0xc0, 0xc4, 0x1d, 0xf7, 0xd1, + 0x1a, 0x75, 0x43, 0x1a, 0x8a, 0x5c, 0x50, 0x5c, 0x50, 0x73, 0x1f, 0xc5, 0xb6, 0x3a, 0x76, 0x8c, + 0xa3, 0xdf, 0x64, 0x47, 0x3e, 0xe5, 0x4d, 0xd6, 0x82, 0xb1, 0x55, 0xbf, 0xd5, 0x14, 0xc7, 0x98, + 0x78, 0xc5, 0xdb, 0x43, 0x88, 0x2d, 0x4a, 0xd8, 0x05, 0x70, 0x46, 0x7d, 0x31, 0x7e, 0xc2, 0x67, + 0xde, 0x25, 0x17, 0x60, 0x1c, 0x2b, 0x52, 0xd9, 0x74, 0xf1, 0xd0, 0x68, 0x51, 0xcc, 0xe8, 0xd3, + 0xb4, 0x65, 0xa1, 0xde, 0x13, 0xa3, 0x9f, 0xae, 0x27, 0xac, 0xbf, 0x8b, 0x0f, 0x84, 0x7a, 0x2b, + 0xd9, 0x49, 0xa4, 0x7d, 0x48, 0x6e, 0xc8, 0x0f, 0xc9, 0x3f, 0xb5, 0x21, 0x29, 0xf4, 0x1d, 0x92, + 0xef, 0xe6, 0x61, 0x52, 0x7d, 0xec, 0x0f, 0x58, 0x20, 0x63, 0xd5, 0xae, 0xa1, 0xe2, 0x2a, 0xd4, + 0xb5, 0xbd, 0x42, 0x84, 0x2f, 0xf8, 0x00, 0xc6, 0xc4, 0x62, 0xca, 0x25, 0x6c, 0x08, 0x13, 0xa3, + 0xbb, 0x34, 0x23, 0x58, 0x8f, 0xe1, 0x80, 0x86, 0xb6, 0xa0, 0xc3, 0xc0, 0x15, 0xf7, 0xe9, 0xb6, + 0x78, 0x2f, 0x7e, 0x66, 0xcf, 0xa8, 0xec, 0xc0, 0x15, 0x71, 0xc3, 0x86, 0x3a, 0x9d, 0x7e, 0xbe, + 0x08, 0xa5, 0x24, 0xc9, 0xd1, 0xa1, 0xa2, 0x37, 0x7b, 0xdb, 0x5c, 0x0a, 0xe7, 0xa1, 0xa2, 0xbb, + 0xbd, 0x6d, 0x9b, 0xc1, 0xd0, 0x9c, 0x24, 0xf0, 0x1e, 0x62, 0xab, 0xa7, 0x84, 0x39, 0x49, 0xe0, + 0x3d, 0x34, 0xcc, 0x49, 0x02, 0xef, 0x21, 0x5e, 0x7d, 0xd7, 0xea, 0xe8, 0x6b, 0x8b, 0x22, 0xb8, + 0xb8, 0xfa, 0xb6, 0xc2, 0x64, 0x8a, 0x15, 0x89, 0xc6, 0x8e, 0xca, 0x25, 0xea, 0x06, 0x22, 0xac, + 0xb1, 0xd8, 0xce, 0xf0, 0xa8, 0xdc, 0x46, 0x30, 0xcf, 0x88, 0x6c, 0xeb, 0x48, 0xa4, 0x05, 0x44, + 0xfb, 0x29, 0x17, 0xf0, 0xd1, 0xb7, 0x41, 0x69, 0xff, 0x73, 0x4c, 0x67, 0xed, 0xe8, 0xab, 0x39, + 0x83, 0xef, 0xd3, 0x54, 0x40, 0x6e, 0x8a, 0x58, 0x6d, 0xa8, 0xf2, 0x28, 0x1e, 0xc9, 0x4c, 0x3a, + 0xa3, 0x03, 0x8f, 0xe5, 0xa6, 0x14, 0x1f, 0x31, 0x13, 0xf2, 0x1e, 0x4c, 0xea, 0x1e, 0xd4, 0xdc, + 0xcf, 0xf7, 0x05, 0x1e, 0x7e, 0xab, 0x4f, 0x52, 0x3e, 0x9d, 0x80, 0x6c, 0xc3, 0xc9, 0x65, 0xbf, + 0x13, 0xf6, 0xda, 0x32, 0xd0, 0x57, 0x1c, 0x5e, 0x14, 0x70, 0x28, 0xd0, 0x1d, 0xb3, 0x21, 0x50, + 0x84, 0xc3, 0xae, 0x34, 0xd0, 0x36, 0x2f, 0x20, 0xfd, 0x18, 0x91, 0x2d, 0x98, 0x44, 0x25, 0x9e, + 0xb0, 0x00, 0x9b, 0x34, 0xb7, 0x8d, 0xb8, 0xa4, 0xca, 0x16, 0x06, 0x8f, 0x54, 0xe3, 0xb6, 0x5b, + 0xd2, 0x3e, 0x58, 0x57, 0x46, 0x6a, 0xc8, 0xe4, 0xeb, 0x30, 0xc3, 0xaf, 0x9b, 0xf7, 0xe9, 0x36, + 0x9f, 0x3b, 0x53, 0xc6, 0xdd, 0xd9, 0x2c, 0xe4, 0xef, 0xc9, 0x42, 0x75, 0xba, 0x4f, 0xb7, 0xf9, + 0xd8, 0x1b, 0xd6, 0xf9, 0x06, 0x3e, 0xb9, 0x0b, 0xf3, 0xab, 0x6e, 0xc8, 0x81, 0x9a, 0x2b, 0xec, + 0x34, 0xea, 0x14, 0xd1, 0x6a, 0x72, 0xcf, 0x0d, 0xa5, 0x2e, 0x36, 0xd3, 0xf5, 0x35, 0x8b, 0x9e, + 0x7c, 0x27, 0x07, 0x0b, 0x86, 0xaa, 0x56, 0xd8, 0xee, 0xb4, 0x69, 0x27, 0x42, 0x33, 0xfc, 0x19, + 0x95, 0x8b, 0xb9, 0x1f, 0x1a, 0x1f, 0x92, 0x84, 0x36, 0x38, 0x88, 0xcb, 0x75, 0x73, 0xc4, 0x7e, + 0x3c, 0xac, 0xeb, 0xc9, 0xde, 0x13, 0x8a, 0x96, 0x9c, 0x52, 0xb4, 0x1c, 0x83, 0x51, 0xec, 0x23, + 0x19, 0x87, 0x03, 0x7f, 0x58, 0x9f, 0xd3, 0x77, 0x15, 0x21, 0xe4, 0x0d, 0xdc, 0x55, 0xac, 0xff, + 0x76, 0x0c, 0x66, 0x13, 0x83, 0x2c, 0x6e, 0x9d, 0xb9, 0xd4, 0xad, 0xb3, 0x0e, 0xc0, 0x55, 0x8d, + 0x43, 0xea, 0x04, 0xa5, 0x43, 0xcf, 0xa4, 0xf0, 0x8f, 0x53, 0x2b, 0x44, 0x63, 0xc3, 0x98, 0xf2, + 0xf5, 0x37, 0xa4, 0x8e, 0x56, 0x31, 0xe5, 0x4b, 0x58, 0x63, 0x1a, 0xb3, 0x21, 0x65, 0x18, 0xc5, + 0xe0, 0x79, 0xba, 0x3f, 0x95, 0xc7, 0x00, 0x36, 0x87, 0x93, 0xf3, 0x30, 0xc6, 0x44, 0x22, 0x95, + 0xdf, 0x1f, 0x4f, 0x0a, 0x26, 0x33, 0x31, 0xf9, 0x43, 0x14, 0x91, 0xeb, 0x30, 0xc5, 0xff, 0x12, + 0xf1, 0x13, 0xc6, 0x4c, 0xf3, 0x30, 0xc7, 0x6b, 0xca, 0x10, 0x0a, 0x06, 0x1e, 0xbb, 0x2b, 0xd4, + 0x7b, 0xa8, 0x7f, 0xa8, 0x55, 0x45, 0xb4, 0x55, 0xbc, 0x2b, 0x84, 0x1c, 0x88, 0x99, 0xcb, 0x15, + 0x02, 0x93, 0x4c, 0x84, 0x55, 0x73, 0x11, 0x6f, 0x88, 0x28, 0x99, 0x70, 0x6b, 0x66, 0x5b, 0x94, + 0x90, 0x4b, 0x5c, 0xb5, 0x8f, 0x42, 0x1e, 0x4f, 0x10, 0x85, 0x7a, 0x73, 0x54, 0x33, 0xa0, 0xa4, + 0xa7, 0x8a, 0x59, 0xe5, 0xec, 0xef, 0x95, 0xb6, 0xeb, 0xb5, 0xc4, 0x26, 0x81, 0x95, 0x23, 0x2e, + 0x65, 0x50, 0x3b, 0x46, 0x20, 0xef, 0xc0, 0x0c, 0xfb, 0xb1, 0xec, 0xb7, 0xdb, 0x7e, 0x07, 0xd9, + 0x4f, 0xc6, 0xa1, 0x78, 0x90, 0xa4, 0x81, 0x45, 0xbc, 0x96, 0x04, 0x2e, 0x3b, 0x1d, 0xf0, 0xd9, + 0xb0, 0xc7, 0x1f, 0x1d, 0xa6, 0xe2, 0xd3, 0x01, 0x49, 0x43, 0x0e, 0xb7, 0x75, 0x24, 0xf2, 0x16, + 0x4c, 0xb3, 0x9f, 0x37, 0xbd, 0x87, 0x94, 0x57, 0x38, 0x1d, 0xbf, 0x97, 0x23, 0xd5, 0x2e, 0x2b, + 0xe1, 0xf5, 0x99, 0x98, 0xe4, 0xcb, 0x70, 0x1c, 0x39, 0x35, 0xfc, 0x2e, 0x6d, 0x56, 0x76, 0x76, + 0xbc, 0x96, 0xc7, 0xed, 0x75, 0x78, 0xa4, 0x00, 0xd4, 0x01, 0xf3, 0x8a, 0x11, 0xc3, 0x71, 0x63, + 0x14, 0x3b, 0x9b, 0x92, 0xdc, 0x87, 0xd2, 0x72, 0x2f, 0x8c, 0xfc, 0x76, 0x25, 0x8a, 0x02, 0x6f, + 0xbb, 0x17, 0xd1, 0x70, 0x61, 0xd6, 0xf0, 0xa7, 0x67, 0x8b, 0x43, 0x15, 0x72, 0xed, 0x4e, 0x03, + 0x29, 0x1c, 0x57, 0x91, 0xd8, 0x29, 0x26, 0xd6, 0x3f, 0xc9, 0xc1, 0xb4, 0x41, 0x4a, 0xde, 0x84, + 0xa9, 0x1b, 0x81, 0x47, 0x3b, 0xcd, 0xd6, 0x81, 0x76, 0xed, 0xc4, 0x3b, 0xc9, 0x8e, 0x80, 0xf3, + 0x56, 0x1b, 0x68, 0x4a, 0x6b, 0x93, 0xcf, 0x34, 0xa6, 0xbb, 0xc2, 0xdd, 0xfa, 0xc4, 0x04, 0x2d, + 0xc4, 0x01, 0x3e, 0x70, 0x82, 0x8a, 0xd9, 0xa9, 0xa1, 0x90, 0x77, 0x61, 0x8c, 0x3f, 0x30, 0x0a, + 0xcb, 0xae, 0x53, 0x59, 0xcd, 0xe4, 0x2e, 0xa4, 0x38, 0x11, 0xd1, 0x8a, 0x24, 0xb4, 0x05, 0x91, + 0xf5, 0x33, 0x39, 0x20, 0x69, 0xd4, 0x23, 0xb4, 0x58, 0x47, 0x5a, 0xa7, 0x7c, 0xa0, 0x56, 0x63, + 0xc1, 0xd0, 0xd9, 0xb2, 0x9a, 0x78, 0x01, 0xef, 0x78, 0xb1, 0xea, 0x74, 0xb5, 0x1a, 0x2f, 0xb6, + 0xfe, 0x52, 0x1e, 0x20, 0xc6, 0x26, 0x5f, 0xe4, 0x39, 0x4a, 0xbe, 0xdc, 0x73, 0x5b, 0xde, 0x8e, + 0x67, 0x06, 0xed, 0x43, 0x26, 0xdf, 0x92, 0x25, 0xb6, 0x89, 0x48, 0xde, 0x87, 0xd9, 0xfa, 0xa6, + 0x49, 0xab, 0xe5, 0x63, 0x08, 0xbb, 0x4e, 0x82, 0x3c, 0x89, 0x8d, 0x16, 0x9c, 0xfa, 0x68, 0x70, + 0x0b, 0x4e, 0x3e, 0x10, 0xa2, 0x84, 0x6d, 0x2c, 0xf5, 0x4d, 0x61, 0x34, 0xdc, 0xac, 0x55, 0xc5, + 0x2e, 0x85, 0x5f, 0x17, 0x76, 0x9d, 0xae, 0xb0, 0x26, 0x66, 0xfb, 0x84, 0x81, 0x17, 0x77, 0xe4, + 0x68, 0x1f, 0x37, 0xd1, 0x9f, 0x45, 0x25, 0x5e, 0xdb, 0x8f, 0xa8, 0xd0, 0x5d, 0x3c, 0xb3, 0xb7, + 0x98, 0xf8, 0x75, 0x7a, 0xd4, 0xf0, 0x7e, 0x33, 0x5a, 0x27, 0x2c, 0x30, 0xae, 0xc5, 0x57, 0x0e, + 0xfe, 0x4e, 0x9d, 0x61, 0xb4, 0xf1, 0xb7, 0x73, 0x70, 0x3c, 0x93, 0x96, 0x5c, 0x06, 0x88, 0x35, + 0x44, 0xa2, 0x97, 0x70, 0xc7, 0x8c, 0xc3, 0x5a, 0xd8, 0x1a, 0x06, 0xf9, 0x5a, 0x52, 0xb7, 0x73, + 0xf4, 0x41, 0x78, 0x5a, 0x86, 0x2d, 0x32, 0x75, 0x3b, 0x19, 0x1a, 0x1d, 0xeb, 0xef, 0x15, 0x60, + 0x4e, 0x8b, 0x9a, 0xc1, 0xbf, 0xf5, 0x08, 0x8b, 0xda, 0x07, 0x30, 0xc5, 0x5a, 0xe3, 0x35, 0x84, + 0x0b, 0x0e, 0xb7, 0xa4, 0x78, 0x35, 0xe5, 0xbf, 0x24, 0xb8, 0x5d, 0xd6, 0x91, 0x79, 0x30, 0x31, + 0xdc, 0x3a, 0x51, 0x73, 0xde, 0x48, 0xbb, 0xe2, 0x18, 0xcc, 0x49, 0x08, 0xd3, 0xd5, 0x83, 0x8e, + 0xdb, 0x56, 0xb5, 0x71, 0x8b, 0x8a, 0xd7, 0xfa, 0xd6, 0x66, 0x60, 0xf3, 0xea, 0x62, 0x4b, 0x7f, + 0x5e, 0x96, 0xe1, 0x64, 0x6a, 0x50, 0x9d, 0x7e, 0x1f, 0xe6, 0x52, 0x1f, 0xfd, 0x44, 0x71, 0xcd, + 0xee, 0x03, 0x49, 0x7f, 0x47, 0x06, 0x87, 0xd7, 0xcc, 0xa8, 0x79, 0xc7, 0xd5, 0xe3, 0x29, 0x66, + 0x4c, 0xe6, 0xf6, 0x19, 0x8b, 0x7a, 0xd4, 0xb3, 0x9f, 0xcd, 0xeb, 0x3e, 0x64, 0xcf, 0xfa, 0xaa, + 0xfb, 0xc0, 0xb8, 0xdb, 0x9e, 0xed, 0x37, 0xa6, 0x43, 0xe9, 0x10, 0xbe, 0x5f, 0x80, 0x93, 0x7d, + 0x28, 0xc9, 0x41, 0x72, 0x12, 0x71, 0x9d, 0xc2, 0xd5, 0xc1, 0x15, 0x3e, 0x8d, 0xa9, 0x44, 0xbe, + 0xc8, 0xbd, 0xc8, 0x1b, 0x98, 0x95, 0x57, 0xdc, 0xa6, 0x79, 0x92, 0x78, 0x05, 0x4d, 0xba, 0x8f, + 0x73, 0x28, 0x79, 0x1f, 0x46, 0xd1, 0x81, 0x30, 0x11, 0xb5, 0x8b, 0x61, 0x20, 0x5c, 0x0b, 0x71, + 0xc6, 0x7e, 0x1a, 0x21, 0xce, 0x18, 0x80, 0x7c, 0x01, 0x0a, 0x95, 0xfb, 0x75, 0x31, 0x2e, 0x33, + 0x3a, 0xf9, 0xfd, 0x7a, 0x1c, 0x59, 0xdd, 0x35, 0x42, 0xa0, 0x33, 0x0a, 0x46, 0x78, 0x73, 0x79, + 0x53, 0x8c, 0x8a, 0x4e, 0x78, 0x73, 0x79, 0x33, 0x26, 0xdc, 0x6d, 0x18, 0x51, 0x50, 0x6e, 0x2e, + 0x6f, 0x7e, 0x76, 0xd3, 0xfe, 0xdf, 0xca, 0x73, 0xd7, 0x77, 0xde, 0xb0, 0xf7, 0x61, 0xca, 0x88, + 0x6a, 0x9a, 0x8b, 0xe5, 0x31, 0x15, 0x3c, 0x36, 0x61, 0x82, 0x62, 0x10, 0xc8, 0x1c, 0x05, 0xec, + 0x37, 0x4a, 0xbc, 0xba, 0xb1, 0x87, 0xe2, 0x80, 0x32, 0x71, 0x32, 0x47, 0x81, 0x22, 0x21, 0xd7, + 0xa0, 0xb8, 0x45, 0x3b, 0x6e, 0x27, 0x52, 0xea, 0x4d, 0xb4, 0x56, 0x8d, 0x10, 0x66, 0x4a, 0x0d, + 0x0a, 0x11, 0x2d, 0x2b, 0x7b, 0xdb, 0x61, 0x23, 0xf0, 0x30, 0x44, 0x86, 0x3a, 0x8b, 0xb9, 0x65, + 0xa5, 0x56, 0x62, 0x32, 0x48, 0x10, 0x59, 0x3f, 0x9b, 0x83, 0x71, 0x31, 0x90, 0x3c, 0xb7, 0xcc, + 0x6e, 0x7c, 0x96, 0x88, 0xdc, 0x32, 0xbb, 0x5e, 0x32, 0xb7, 0xcc, 0x2e, 0x8f, 0x43, 0x31, 0x21, + 0xbc, 0x38, 0xd5, 0x43, 0x1f, 0x4f, 0x45, 0xce, 0x81, 0x66, 0xb5, 0x31, 0xea, 0xb0, 0x2e, 0x2b, + 0xd6, 0xdf, 0x14, 0x5f, 0x76, 0x73, 0x79, 0x93, 0x2c, 0x42, 0x71, 0xcd, 0xe7, 0x31, 0x4e, 0xf4, + 0x44, 0x81, 0x2d, 0x01, 0xd3, 0x3b, 0x48, 0xe2, 0xb1, 0xef, 0xdb, 0x0c, 0x7c, 0x71, 0x97, 0xd1, + 0xbe, 0xaf, 0xcb, 0x81, 0x89, 0xef, 0x53, 0xa8, 0x43, 0x7f, 0x1f, 0xcd, 0xd8, 0x24, 0xee, 0x5d, + 0xc3, 0xe0, 0xed, 0xb7, 0x74, 0x57, 0x20, 0x51, 0x24, 0x77, 0x8a, 0xd3, 0xfd, 0x76, 0x8a, 0x7b, + 0xd7, 0xec, 0x0c, 0x2a, 0x7c, 0x25, 0x8b, 0xc1, 0x75, 0x1a, 0x3c, 0x7c, 0x86, 0x77, 0xe9, 0xec, + 0x57, 0xb2, 0x64, 0xf3, 0x86, 0xda, 0xa4, 0xff, 0x71, 0x1e, 0x4e, 0x64, 0x13, 0xea, 0x6d, 0xc9, + 0x0d, 0x68, 0xcb, 0x45, 0x28, 0xae, 0xfa, 0x61, 0xa4, 0x59, 0x9d, 0xa1, 0x32, 0x7f, 0x4f, 0xc0, + 0x6c, 0x55, 0xca, 0xee, 0xdc, 0xec, 0x6f, 0xb5, 0x3c, 0x91, 0x1f, 0x3a, 0x7c, 0xb3, 0x3b, 0x37, + 0x2f, 0x22, 0x37, 0xa1, 0x68, 0x0b, 0x57, 0x94, 0x44, 0xd7, 0x48, 0xb0, 0x92, 0xa6, 0x48, 0x20, + 0x20, 0x46, 0x70, 0x59, 0x01, 0x23, 0x15, 0x18, 0x17, 0xa3, 0x9f, 0x78, 0x08, 0xce, 0x98, 0x32, + 0x66, 0xbc, 0x67, 0x49, 0xc7, 0x76, 0x14, 0x7c, 0xd2, 0xab, 0x55, 0xa5, 0x57, 0x09, 0xee, 0x28, + 0xfc, 0xc9, 0xcf, 0x34, 0xf0, 0x53, 0x88, 0xd6, 0x77, 0xf2, 0x00, 0x52, 0x6b, 0xf3, 0xcc, 0xce, + 0xb0, 0x2f, 0x18, 0x33, 0x4c, 0xb3, 0x77, 0x19, 0x3e, 0x17, 0xe2, 0x06, 0xda, 0x9d, 0x0c, 0x9f, + 0x09, 0xb1, 0x0c, 0xa3, 0x5b, 0xb1, 0x42, 0x4b, 0xf8, 0x38, 0xa0, 0x72, 0x99, 0xc3, 0xad, 0x6d, + 0x38, 0x76, 0x93, 0x46, 0xb1, 0x7a, 0x4b, 0x3e, 0x24, 0x0e, 0x66, 0xfb, 0x3a, 0x4c, 0x08, 0x7c, + 0xb5, 0x7f, 0x71, 0x5d, 0x8c, 0x88, 0xa1, 0x80, 0xba, 0x18, 0x89, 0xc0, 0x76, 0xa3, 0x2a, 0x6d, + 0xd1, 0x88, 0x7e, 0xb6, 0xd5, 0xd4, 0x81, 0xf0, 0xa6, 0x60, 0xcb, 0x86, 0xab, 0xe1, 0xc8, 0xfe, + 0xb9, 0x07, 0xc7, 0xd5, 0xb7, 0x3f, 0x4d, 0xbe, 0x57, 0xd8, 0x95, 0x52, 0x84, 0x4a, 0x8e, 0x39, + 0x0e, 0xb0, 0x24, 0x79, 0x04, 0xa7, 0x25, 0xc1, 0x7d, 0x4f, 0x19, 0xee, 0x0d, 0x45, 0x4b, 0xde, + 0x81, 0x49, 0x8d, 0x46, 0x84, 0xfa, 0x45, 0xa5, 0xf3, 0xbe, 0x17, 0xed, 0x39, 0x21, 0x87, 0xeb, + 0x4a, 0x67, 0x0d, 0xdd, 0xfa, 0x2a, 0x3c, 0xaf, 0xfc, 0x50, 0x32, 0xaa, 0x4e, 0x30, 0xcf, 0x3d, + 0x19, 0xf3, 0xf5, 0xb8, 0x59, 0xb5, 0x8e, 0xf2, 0x1d, 0x95, 0xbc, 0x89, 0xde, 0x2c, 0xd1, 0x98, + 0x17, 0x52, 0xde, 0xa8, 0x9a, 0xd3, 0xa9, 0xf5, 0xb6, 0xf6, 0xb1, 0x19, 0x0c, 0x0d, 0xe2, 0x5c, + 0x92, 0xf8, 0x3b, 0x79, 0x98, 0xdd, 0xa8, 0x55, 0x97, 0x95, 0x2d, 0xd1, 0x0f, 0x58, 0xa6, 0x46, + 0xa3, 0x6d, 0xfd, 0xf7, 0x1b, 0xeb, 0x2e, 0xcc, 0x27, 0xba, 0x01, 0x45, 0x87, 0xf7, 0xb8, 0x07, + 0x83, 0x02, 0x4b, 0xb1, 0xe1, 0x44, 0x16, 0xfb, 0x7b, 0xd7, 0xec, 0x04, 0xb6, 0xf5, 0x4f, 0x27, + 0x12, 0x7c, 0xc5, 0x16, 0xf6, 0x3a, 0x4c, 0xd4, 0xc2, 0xb0, 0x47, 0x83, 0xbb, 0xf6, 0x9a, 0xae, + 0x2a, 0xf0, 0x10, 0xe8, 0xf4, 0x82, 0x96, 0x1d, 0x23, 0x90, 0x4b, 0x50, 0x14, 0xd1, 0x6f, 0xe5, + 0x9e, 0x80, 0x5a, 0x5b, 0x15, 0x3c, 0xd7, 0x56, 0xc5, 0xe4, 0x4d, 0x98, 0xe2, 0x7f, 0xf3, 0xd9, + 0x26, 0x3a, 0x1c, 0x95, 0x83, 0x02, 0x9d, 0xcf, 0x4e, 0xdb, 0x40, 0x23, 0xaf, 0x42, 0xa1, 0xb2, + 0x6c, 0x0b, 0x75, 0x90, 0x90, 0x1b, 0x31, 0xff, 0x72, 0x8f, 0x9a, 0x97, 0x88, 0x65, 0x9b, 0x49, + 0x7f, 0xd2, 0x4f, 0x5d, 0x68, 0xb2, 0x79, 0x9a, 0x68, 0x01, 0x4b, 0x1c, 0x66, 0x08, 0x23, 0x57, + 0x60, 0xbc, 0xea, 0x85, 0xdd, 0x96, 0x7b, 0x20, 0xf4, 0xd8, 0x3c, 0x0d, 0x11, 0x07, 0x19, 0xee, + 0xe7, 0x1c, 0x44, 0x2e, 0xc9, 0xf4, 0x2c, 0xc5, 0xd8, 0x11, 0xa2, 0x4f, 0x0e, 0x96, 0xd7, 0x61, + 0x4c, 0xc4, 0x88, 0x9d, 0xd0, 0xa2, 0xbf, 0x27, 0x63, 0xc3, 0x0a, 0x9c, 0xb4, 0x47, 0x24, 0x3c, + 0x4d, 0x8f, 0xc8, 0x6d, 0x38, 0x79, 0x13, 0xb5, 0x37, 0x66, 0x60, 0x95, 0xbb, 0x76, 0x4d, 0xe8, + 0xc3, 0xf1, 0x51, 0x87, 0x2b, 0x78, 0x92, 0xb1, 0x59, 0x9c, 0x5e, 0xa0, 0x67, 0xd5, 0xeb, 0xc7, + 0x88, 0x7c, 0x05, 0x8e, 0x65, 0x15, 0x09, 0xad, 0x39, 0x86, 0x10, 0xc9, 0xae, 0x40, 0x0f, 0x21, + 0x92, 0xc5, 0x81, 0xac, 0x41, 0x89, 0xc3, 0x2b, 0xcd, 0xb6, 0xd7, 0xe1, 0x9a, 0x7f, 0xae, 0x55, + 0x47, 0xcf, 0x04, 0xc1, 0xd5, 0x65, 0x85, 0xfc, 0x05, 0xc0, 0xf0, 0x65, 0x49, 0x50, 0x92, 0x9f, + 0xcc, 0xb1, 0xdb, 0x1c, 0x8f, 0xa8, 0x7a, 0xd7, 0x5e, 0x0b, 0x45, 0xf8, 0xa9, 0x13, 0xb1, 0x9b, + 0x4a, 0x3d, 0x0a, 0xbc, 0xce, 0xae, 0xf0, 0x53, 0xd9, 0x12, 0x7e, 0x2a, 0xef, 0x7c, 0x22, 0x3f, + 0x15, 0xce, 0x2a, 0x7c, 0x7c, 0x58, 0x9e, 0x0a, 0x44, 0x9d, 0xb8, 0x8a, 0x8c, 0x2f, 0xc0, 0x8c, + 0xf0, 0xad, 0x96, 0xbf, 0x7f, 0xb7, 0xc3, 0xe3, 0x39, 0xd2, 0x26, 0x6f, 0xe4, 0x2c, 0xee, 0xe0, + 0x3c, 0x23, 0x3c, 0x2b, 0x77, 0x7a, 0x0a, 0x21, 0xd5, 0xd0, 0x4c, 0x0e, 0xec, 0xe2, 0x29, 0x7d, + 0x21, 0xb8, 0x7b, 0x67, 0x29, 0xbe, 0x78, 0x4a, 0xc7, 0x09, 0x07, 0xa7, 0x91, 0x3e, 0x79, 0x0c, + 0x12, 0x72, 0x05, 0xc6, 0xee, 0xb8, 0x8f, 0x2a, 0xbb, 0x54, 0xa4, 0xdd, 0x9a, 0x96, 0xdb, 0x1f, + 0x02, 0x97, 0x8a, 0xbf, 0xc7, 0x6d, 0xed, 0x9f, 0xb3, 0x05, 0x1a, 0xf9, 0x91, 0x1c, 0x9c, 0xe0, + 0xcb, 0x58, 0xb6, 0xb2, 0x4e, 0xa3, 0x88, 0xf5, 0x83, 0x88, 0x43, 0x25, 0x93, 0x56, 0xd4, 0xeb, + 0x1b, 0xd9, 0x78, 0x3c, 0x7f, 0xb9, 0xd8, 0x19, 0x54, 0xc7, 0x85, 0xa2, 0xd4, 0x88, 0xb0, 0x99, + 0x49, 0x2f, 0xec, 0xc8, 0xbf, 0x20, 0xbf, 0x9c, 0xbc, 0xa1, 0x7b, 0x21, 0x16, 0x50, 0xce, 0x1d, + 0x6f, 0xbb, 0x8f, 0x1c, 0x77, 0x97, 0x1a, 0xaf, 0xd3, 0x42, 0xcf, 0xfc, 0xd3, 0x39, 0x38, 0xd5, + 0xf7, 0xe3, 0xc8, 0x75, 0x38, 0x29, 0x53, 0xd9, 0xef, 0x45, 0x51, 0x37, 0x74, 0xe4, 0x65, 0x40, + 0xf8, 0x2d, 0xda, 0xc7, 0x45, 0xf1, 0x2a, 0x2b, 0x95, 0xf7, 0x83, 0x90, 0xbc, 0x0f, 0x2f, 0x78, + 0x9d, 0x90, 0x36, 0x7a, 0x01, 0x8d, 0x73, 0xe1, 0x7b, 0xcd, 0xc0, 0x09, 0xdc, 0xce, 0xae, 0x74, + 0xc2, 0xb4, 0x4f, 0x49, 0x1c, 0x99, 0x11, 0xdf, 0x6b, 0x06, 0x36, 0x22, 0x58, 0x7f, 0x38, 0xc1, + 0x4f, 0xc5, 0x4a, 0x2f, 0xda, 0x93, 0xe7, 0xe8, 0x62, 0x96, 0x4f, 0x0d, 0x37, 0xf6, 0xd3, 0x7c, + 0x6a, 0x4c, 0x4f, 0x1a, 0xf9, 0x9c, 0x91, 0xcf, 0x7c, 0xce, 0x78, 0x1d, 0x26, 0x96, 0xf7, 0x68, + 0xe3, 0x81, 0xf2, 0x6b, 0x28, 0x0a, 0x7d, 0x31, 0x03, 0xf2, 0xf0, 0xad, 0x31, 0x02, 0xb9, 0x02, + 0x80, 0xae, 0x7c, 0x5c, 0xc8, 0xd2, 0x42, 0xb0, 0xa3, 0xe7, 0x9f, 0xb0, 0x9f, 0xd0, 0x50, 0x90, + 0x7d, 0xdd, 0xbe, 0xa1, 0x1b, 0x5c, 0x70, 0xf6, 0x61, 0xb0, 0x23, 0xd0, 0x63, 0x04, 0xd6, 0x3c, + 0x6d, 0xa9, 0x88, 0x8d, 0xbd, 0x94, 0x5a, 0x4f, 0x3a, 0x12, 0xda, 0x32, 0x4a, 0x23, 0x6e, 0xdc, + 0xd7, 0xa7, 0x84, 0x2d, 0xa3, 0x32, 0xf8, 0xb6, 0x63, 0x04, 0xf2, 0x05, 0x18, 0x5f, 0xa6, 0x41, + 0xb4, 0xb5, 0xb5, 0x86, 0x36, 0x11, 0x3c, 0x4e, 0x79, 0x11, 0x63, 0x4a, 0x47, 0x51, 0xeb, 0xe3, + 0xc3, 0xf2, 0x74, 0xe4, 0xb5, 0xa9, 0x8a, 0xbf, 0x6a, 0x4b, 0x6c, 0xb2, 0x04, 0x25, 0xfe, 0xce, + 0x1b, 0x0b, 0xd3, 0xb8, 0xd5, 0x17, 0xf9, 0xc1, 0x23, 0x1e, 0x85, 0xf7, 0xe9, 0xb6, 0x8a, 0xa8, + 0x9d, 0xc2, 0x27, 0x2b, 0x32, 0x10, 0xbd, 0xde, 0x48, 0x88, 0xb5, 0x3b, 0xc9, 0x25, 0xc0, 0xda, + 0x9a, 0xa6, 0x20, 0x15, 0x98, 0x5e, 0xf6, 0xdb, 0x5d, 0x37, 0xf2, 0x30, 0xab, 0xd3, 0x81, 0xd8, + 0xd5, 0x51, 0x43, 0xd5, 0xd0, 0x0b, 0x8c, 0x23, 0x42, 0x2f, 0x20, 0x37, 0x60, 0xc6, 0xf6, 0x7b, + 0x6c, 0x90, 0xe4, 0xb5, 0x92, 0x6f, 0xdc, 0x68, 0xb9, 0x10, 0xb0, 0x12, 0x76, 0xce, 0x88, 0x3b, + 0xa4, 0x11, 0x1a, 0xcf, 0xa0, 0x22, 0xeb, 0x19, 0xfa, 0x7d, 0x7d, 0xb7, 0xd6, 0xe3, 0x6a, 0xa7, + 0x98, 0x65, 0x3c, 0x0d, 0x5c, 0x83, 0xc9, 0x7a, 0x7d, 0x63, 0x8b, 0x86, 0xd1, 0x8d, 0x96, 0xbf, + 0x8f, 0x9b, 0x75, 0x51, 0xe4, 0x1b, 0x09, 0x7d, 0x27, 0xa2, 0x61, 0xe4, 0xec, 0xb4, 0xfc, 0x7d, + 0x5b, 0xc7, 0x22, 0xdf, 0x60, 0xfd, 0xa1, 0x89, 0x36, 0x22, 0x08, 0xe0, 0x20, 0xe9, 0x0b, 0xb7, + 0xc4, 0x78, 0xc9, 0x30, 0x19, 0xcc, 0xec, 0x2c, 0x0d, 0x1d, 0x9d, 0x74, 0xd8, 0x85, 0xb8, 0xd2, + 0x6c, 0x06, 0x34, 0x0c, 0xc5, 0xae, 0xca, 0x9d, 0x74, 0xf0, 0xf6, 0xec, 0xf2, 0x02, 0xc3, 0x49, + 0x47, 0x23, 0x20, 0xdf, 0xcd, 0xc1, 0x71, 0xdd, 0xce, 0x1f, 0x17, 0x0b, 0x5a, 0x61, 0xf0, 0x3d, + 0xf6, 0x8d, 0xcb, 0xf2, 0x54, 0xb9, 0xac, 0xa1, 0x5d, 0x7e, 0x78, 0xf5, 0x72, 0x25, 0xfe, 0x59, + 0x97, 0x44, 0x22, 0x8e, 0x56, 0x16, 0x3f, 0xfd, 0x84, 0x70, 0x33, 0x48, 0xc9, 0x32, 0x13, 0x3c, + 0xd8, 0x7c, 0x42, 0xab, 0x9e, 0xda, 0x26, 0x6e, 0xd1, 0x42, 0x41, 0x28, 0x66, 0x1f, 0xb7, 0xff, + 0xf1, 0xba, 0xa6, 0x7c, 0xa1, 0xd1, 0x90, 0x1a, 0xcc, 0x72, 0x00, 0xdb, 0x12, 0x78, 0x32, 0x8a, + 0xf9, 0x38, 0x20, 0xb6, 0x60, 0x83, 0x4f, 0xd7, 0x98, 0x90, 0x42, 0x8f, 0x59, 0x97, 0xa0, 0x43, + 0xc9, 0xbf, 0x5e, 0xb9, 0xb3, 0x16, 0x8b, 0xaf, 0x3f, 0x58, 0x76, 0xfa, 0x46, 0xdb, 0x06, 0xd8, + 0xe9, 0xdf, 0xe5, 0x9e, 0x8b, 0x5a, 0x37, 0x48, 0xc9, 0xdf, 0x00, 0x27, 0x25, 0xff, 0x04, 0x8d, + 0x9d, 0xc0, 0xb6, 0x3e, 0x2e, 0x26, 0xf8, 0x0a, 0xdb, 0x3c, 0x0b, 0xc6, 0xb8, 0x60, 0xaf, 0x67, + 0x36, 0xe7, 0x62, 0xbf, 0x2d, 0x4a, 0xc8, 0x29, 0x28, 0xd4, 0xeb, 0x1b, 0xa2, 0x93, 0xd1, 0x42, + 0x2f, 0x0c, 0x7d, 0x9b, 0xc1, 0xd8, 0x08, 0xa1, 0xd9, 0x9d, 0x16, 0xfe, 0x97, 0xed, 0xa0, 0x36, + 0x42, 0x59, 0x7f, 0x4b, 0x31, 0x7b, 0x24, 0xee, 0x6f, 0x21, 0x66, 0xc7, 0xc2, 0xf5, 0x32, 0x2c, + 0x54, 0xc2, 0x90, 0x06, 0x6c, 0x82, 0x0a, 0x6b, 0xae, 0x40, 0x88, 0x82, 0xe2, 0xa0, 0xc0, 0x4a, + 0xdd, 0x46, 0x68, 0xf7, 0x45, 0x24, 0x17, 0xa1, 0x58, 0xe9, 0x35, 0x3d, 0xda, 0x69, 0x18, 0xb1, + 0x7d, 0x5c, 0x01, 0xb3, 0x55, 0x29, 0xf9, 0x32, 0x1c, 0x4f, 0xc4, 0xb7, 0x12, 0x3d, 0x30, 0x1e, + 0xaf, 0x66, 0x29, 0xaa, 0xc6, 0x6f, 0xd6, 0xbc, 0x4b, 0xb2, 0x29, 0x49, 0x05, 0x4a, 0x2b, 0xe8, + 0x97, 0x52, 0xa5, 0x5c, 0x7d, 0xee, 0x07, 0xdc, 0xd7, 0x86, 0x5f, 0x2c, 0xb8, 0xcf, 0x8a, 0xd3, + 0x54, 0x85, 0x76, 0x0a, 0x9d, 0xdc, 0x86, 0xf9, 0x24, 0x8c, 0x9d, 0x09, 0xfc, 0x0e, 0x81, 0xf1, + 0x27, 0x53, 0x5c, 0xf0, 0x54, 0xc8, 0xa2, 0x22, 0xdb, 0x30, 0x17, 0xdb, 0x6c, 0x98, 0x37, 0x0b, + 0x69, 0xd8, 0xa9, 0xca, 0xe5, 0xed, 0xe2, 0x79, 0x31, 0x19, 0xe7, 0x63, 0xfb, 0x0f, 0x75, 0xc3, + 0xb0, 0xd3, 0xec, 0x48, 0x13, 0x66, 0xea, 0xde, 0x6e, 0xc7, 0xeb, 0xec, 0xde, 0xa6, 0x07, 0x9b, + 0xae, 0x17, 0x08, 0x13, 0x3b, 0x69, 0x40, 0x5b, 0x09, 0x0f, 0xda, 0x6d, 0x1a, 0x05, 0x78, 0xda, + 0xb2, 0x72, 0x74, 0x13, 0x65, 0x12, 0xe3, 0xe9, 0x90, 0xd3, 0xa1, 0x0b, 0x56, 0xd7, 0xf5, 0x8c, + 0x63, 0xc5, 0xe4, 0x69, 0xdc, 0xee, 0xa6, 0x86, 0xbc, 0xdd, 0xb5, 0x60, 0x6e, 0xa5, 0xd3, 0x08, + 0x0e, 0xf0, 0x15, 0x43, 0x7e, 0xdc, 0xf4, 0x11, 0x1f, 0xf7, 0x92, 0xf8, 0xb8, 0x17, 0x5c, 0x39, + 0xc3, 0xb2, 0x3e, 0x2f, 0xcd, 0x98, 0xd4, 0x61, 0x0e, 0x25, 0xb6, 0x5a, 0x75, 0xb3, 0xd6, 0xf1, + 0x22, 0x0f, 0xf3, 0x6f, 0xf3, 0xe3, 0xea, 0x65, 0xc1, 0xf3, 0x0c, 0x97, 0xe2, 0xbd, 0x66, 0xd7, + 0xf1, 0x24, 0x8a, 0xce, 0x34, 0x45, 0x3f, 0x48, 0x94, 0x9e, 0xfd, 0xd7, 0x23, 0x4a, 0x63, 0x86, + 0xaa, 0x84, 0xfb, 0x74, 0x29, 0xde, 0xdb, 0x43, 0x2c, 0x62, 0x47, 0x84, 0xdf, 0x43, 0xf1, 0xc4, + 0xc8, 0x50, 0x65, 0xd2, 0x59, 0xdf, 0x9d, 0xe0, 0x7b, 0xbb, 0x2e, 0xbf, 0xf6, 0x33, 0xc6, 0x4b, + 0xc8, 0xb5, 0xf9, 0x27, 0x91, 0x6b, 0x0b, 0x47, 0xcb, 0xb5, 0x23, 0x47, 0xc9, 0xb5, 0x09, 0xc1, + 0x73, 0xf4, 0x89, 0x05, 0xcf, 0xb1, 0x27, 0x10, 0x3c, 0xc7, 0x9f, 0x48, 0xf0, 0x34, 0x24, 0xe8, + 0xe2, 0x51, 0x12, 0xf4, 0x9f, 0x89, 0xa9, 0xcf, 0xaa, 0x98, 0x9a, 0x25, 0x2a, 0x3c, 0x91, 0x98, + 0xda, 0x5f, 0xca, 0x2c, 0xfd, 0x9b, 0x96, 0x32, 0xe7, 0x9e, 0x8e, 0x94, 0x49, 0x3e, 0xa1, 0x94, + 0xf9, 0xe7, 0xa0, 0x94, 0x3c, 0xf8, 0x8e, 0x0e, 0xeb, 0xf7, 0xd4, 0x42, 0x50, 0xb1, 0x63, 0x39, + 0x79, 0xf0, 0xb0, 0x8b, 0xf4, 0x66, 0xe0, 0x3d, 0x74, 0x23, 0x7a, 0x5b, 0x1a, 0x2f, 0x88, 0x90, + 0x94, 0x1c, 0x8a, 0xdb, 0x87, 0x86, 0xa2, 0x64, 0xae, 0x7c, 0x96, 0xcc, 0x65, 0xfd, 0x95, 0x3c, + 0xcc, 0xf1, 0x38, 0x2e, 0xcf, 0xbe, 0x0e, 0xfd, 0x3d, 0x43, 0x92, 0x96, 0xa6, 0x72, 0x89, 0xd6, + 0x0d, 0xd0, 0xa2, 0x7f, 0x1d, 0x8e, 0xa7, 0xba, 0x02, 0xa5, 0xe9, 0xaa, 0x8c, 0xa0, 0x93, 0x92, + 0xa7, 0x17, 0xb2, 0x2b, 0xb9, 0x77, 0xcd, 0x4e, 0x51, 0x58, 0xff, 0x6c, 0x24, 0xc5, 0x5f, 0xe8, + 0xd3, 0x75, 0x0d, 0x79, 0xee, 0xc9, 0x34, 0xe4, 0xf9, 0xe1, 0x34, 0xe4, 0x89, 0x63, 0xaa, 0x30, + 0xcc, 0x31, 0xf5, 0x65, 0x98, 0xde, 0xa2, 0x6e, 0x3b, 0xdc, 0xf2, 0x45, 0xdc, 0x79, 0x6e, 0x2a, + 0x2b, 0x03, 0xe4, 0xb0, 0x32, 0x29, 0x0c, 0x2a, 0x93, 0x9f, 0x88, 0x11, 0xb0, 0xad, 0x95, 0x07, + 0xa2, 0xb7, 0x4d, 0x0e, 0xba, 0x84, 0x3f, 0x3a, 0x40, 0xc2, 0xaf, 0xc3, 0x94, 0xa0, 0x8b, 0x63, + 0x19, 0xc6, 0xa2, 0x28, 0x2b, 0x42, 0xb8, 0xac, 0x5d, 0xa5, 0x43, 0x54, 0xb5, 0x73, 0x29, 0xd4, + 0x60, 0xc2, 0xba, 0x60, 0xa5, 0xd3, 0xec, 0xfa, 0x5e, 0x07, 0xbb, 0x60, 0x3c, 0xee, 0x02, 0x2a, + 0xc0, 0xbc, 0x0b, 0x34, 0x24, 0xf2, 0x0e, 0xcc, 0x54, 0x36, 0x6b, 0x3a, 0x59, 0x31, 0x56, 0xd2, + 0xbb, 0x5d, 0xcf, 0x31, 0x48, 0x13, 0xb8, 0x83, 0xa4, 0xb2, 0x89, 0x7f, 0x3d, 0x52, 0x99, 0xf5, + 0x8f, 0x26, 0xe4, 0xf2, 0xfe, 0x6c, 0x95, 0x81, 0xa6, 0x7a, 0xaf, 0xf0, 0x84, 0xea, 0xbd, 0x91, + 0xa3, 0x84, 0x13, 0x43, 0x62, 0x1a, 0x7d, 0x02, 0x89, 0x69, 0xec, 0x53, 0xab, 0xea, 0xc6, 0x9f, + 0x50, 0x06, 0x4a, 0xac, 0xb4, 0xe2, 0x30, 0x2b, 0x2d, 0x53, 0x6e, 0x9a, 0xf8, 0xf4, 0x72, 0x13, + 0x3c, 0xb1, 0xdc, 0x54, 0x8f, 0xdd, 0xc8, 0x26, 0x8f, 0xb4, 0xe7, 0x3d, 0x23, 0xee, 0x2b, 0x73, + 0xd9, 0x21, 0x7c, 0x94, 0x43, 0xd9, 0x0f, 0x94, 0x30, 0xf6, 0xcd, 0x6c, 0x61, 0x6c, 0xf0, 0x69, + 0xf3, 0x67, 0xe2, 0xd8, 0x53, 0x11, 0xc7, 0x02, 0x1c, 0xb0, 0xfb, 0x6e, 0xd0, 0xc1, 0x2b, 0xe7, + 0x15, 0x18, 0x97, 0x51, 0xb1, 0x72, 0xb1, 0xf6, 0x24, 0x1d, 0x0e, 0x4b, 0x62, 0x91, 0x45, 0x28, + 0x4a, 0x62, 0x3d, 0x90, 0xf8, 0xbe, 0x80, 0x19, 0x01, 0x87, 0x04, 0xcc, 0xfa, 0x3b, 0x23, 0x72, + 0x53, 0x60, 0xdf, 0x21, 0x32, 0x6d, 0x2f, 0x69, 0x93, 0x40, 0x13, 0x06, 0x13, 0xc3, 0x9c, 0xb0, + 0xf4, 0x33, 0x49, 0x3e, 0x51, 0x9c, 0xb2, 0x38, 0xd9, 0x55, 0x61, 0x88, 0x64, 0x57, 0x6f, 0x19, + 0x99, 0xa2, 0x46, 0xe2, 0xd4, 0x24, 0x6c, 0xa1, 0x0c, 0xce, 0x11, 0x75, 0x5d, 0x4f, 0xe9, 0x34, + 0x1a, 0x87, 0xec, 0x40, 0xca, 0x01, 0xc9, 0x9c, 0x94, 0x74, 0x3b, 0xf6, 0x24, 0x11, 0x00, 0xc7, + 0xff, 0x8d, 0x46, 0x00, 0x5c, 0x01, 0xd0, 0xb2, 0x1b, 0xf3, 0xc7, 0x9d, 0x97, 0x59, 0x37, 0x1d, + 0x9d, 0xd9, 0x58, 0x23, 0xb4, 0x7e, 0x97, 0xc0, 0x5c, 0xbd, 0xbe, 0x51, 0xf5, 0xdc, 0xdd, 0x8e, + 0x1f, 0x46, 0x5e, 0xa3, 0xd6, 0xd9, 0xf1, 0x99, 0x68, 0xa7, 0x36, 0x18, 0x2d, 0xd4, 0x5b, 0xbc, + 0xb9, 0xa8, 0x62, 0x76, 0x75, 0x58, 0x09, 0x02, 0x3f, 0xd0, 0xaf, 0x0e, 0x94, 0x01, 0x6c, 0x0e, + 0x67, 0xd2, 0x53, 0xbd, 0xc7, 0xd3, 0xd4, 0xf2, 0xf7, 0x36, 0x94, 0x9e, 0x42, 0x0e, 0xb2, 0x65, + 0x19, 0xa1, 0xe9, 0x09, 0x2b, 0xa4, 0xe9, 0x93, 0x46, 0x1c, 0xc1, 0xb8, 0x98, 0x6f, 0x9f, 0xe2, + 0x78, 0xc3, 0xa5, 0xd8, 0x45, 0xb8, 0xfe, 0x40, 0x9e, 0x5a, 0x03, 0x07, 0x70, 0xdc, 0x70, 0x81, + 0x1a, 0x56, 0x71, 0xf8, 0xaa, 0x90, 0xd6, 0x2c, 0xf4, 0x9f, 0xcd, 0xd0, 0x1e, 0xea, 0xa9, 0x15, + 0x32, 0x6b, 0x20, 0x7f, 0x25, 0x07, 0x67, 0x32, 0x4b, 0xd4, 0xea, 0x9e, 0x34, 0x62, 0x39, 0x6a, + 0x9b, 0x06, 0x4f, 0x22, 0xd1, 0xaf, 0x6a, 0x27, 0x63, 0x2b, 0x18, 0x5c, 0x13, 0xf9, 0xf5, 0x1c, + 0x9c, 0x34, 0x30, 0xd4, 0xf6, 0x19, 0x2a, 0x5f, 0xdf, 0xcc, 0x79, 0xfd, 0xd1, 0xd3, 0x99, 0xd7, + 0xe7, 0xcd, 0xb6, 0xc4, 0xbb, 0xbb, 0xde, 0x86, 0x7e, 0x5f, 0x48, 0x1e, 0xc2, 0x1c, 0x16, 0x49, + 0x25, 0x26, 0x9b, 0xb3, 0x42, 0xf7, 0x79, 0x2c, 0xfe, 0x6c, 0xee, 0xd6, 0x87, 0x89, 0x00, 0x17, + 0xbf, 0x7f, 0x58, 0x9e, 0x36, 0xd0, 0x65, 0x74, 0x44, 0x27, 0xd6, 0x84, 0x7a, 0x9d, 0x1d, 0x5f, + 0x3f, 0x7a, 0x53, 0x55, 0x90, 0x7f, 0x98, 0x83, 0x05, 0x06, 0xe5, 0xcd, 0xb8, 0x11, 0xf8, 0x6d, + 0x55, 0x2e, 0x2d, 0x2d, 0xfa, 0x74, 0x5b, 0xeb, 0xe9, 0x74, 0xdb, 0xcb, 0xf8, 0xc9, 0x7c, 0x4f, + 0x70, 0x76, 0x02, 0xbf, 0x1d, 0x7f, 0xbe, 0x91, 0xbd, 0xb7, 0xdf, 0x47, 0x92, 0x1f, 0xcd, 0xc1, + 0x29, 0x43, 0xf3, 0xa2, 0x87, 0xaa, 0x16, 0xce, 0x93, 0xf3, 0xca, 0x49, 0x3a, 0x2e, 0x5a, 0xba, + 0x2c, 0xe6, 0xff, 0x05, 0xfc, 0x82, 0xf8, 0xb4, 0xc0, 0x6f, 0x71, 0xda, 0x1c, 0x4b, 0xfb, 0x84, + 0xfe, 0xb5, 0x10, 0x0f, 0xe6, 0xf0, 0x8d, 0xd2, 0xb0, 0x08, 0x3a, 0xd6, 0xdf, 0x22, 0x48, 0x25, + 0x6c, 0xc2, 0x00, 0xb5, 0xfd, 0xcd, 0x82, 0xd2, 0x5c, 0xc9, 0x9f, 0x87, 0x53, 0x29, 0xa0, 0x5a, + 0x6d, 0xc7, 0xfb, 0xae, 0xb6, 0xd7, 0x1e, 0x1f, 0x96, 0x5f, 0xc9, 0xaa, 0x2d, 0x6b, 0xa5, 0xf5, + 0xaf, 0x81, 0xb8, 0x00, 0x71, 0xa1, 0x48, 0x02, 0x9c, 0x3d, 0x41, 0x5f, 0x13, 0xf3, 0x43, 0xc3, + 0x67, 0x7b, 0xb9, 0xf6, 0x0d, 0xfa, 0x91, 0x17, 0x23, 0x11, 0x0a, 0x53, 0x5a, 0x70, 0xde, 0x03, + 0xcc, 0x06, 0xdc, 0xb7, 0x92, 0xef, 0x1f, 0x96, 0x0d, 0x6c, 0x26, 0x62, 0xeb, 0x51, 0x7f, 0x75, + 0x11, 0xdb, 0x40, 0x24, 0xbf, 0x96, 0x83, 0x63, 0x0c, 0x10, 0x4f, 0x2a, 0xd1, 0xa8, 0x85, 0x41, + 0xb3, 0x7e, 0xef, 0xe9, 0xcc, 0xfa, 0x17, 0xf1, 0x1b, 0xf5, 0x59, 0x9f, 0xea, 0x92, 0xcc, 0x8f, + 0xc3, 0xd9, 0x6e, 0x3c, 0x87, 0x1b, 0xb3, 0xfd, 0xd4, 0x10, 0xb3, 0x9d, 0x0f, 0xc0, 0xd1, 0xb3, + 0xbd, 0x6f, 0x2d, 0x64, 0x0b, 0xa6, 0x84, 0x74, 0xcd, 0x3b, 0xec, 0xac, 0x11, 0xd8, 0x53, 0x2f, + 0xe2, 0x57, 0x1e, 0x11, 0xbb, 0x38, 0xd5, 0x42, 0x83, 0x0b, 0xe9, 0xc0, 0x3c, 0xff, 0x6d, 0xea, + 0x3a, 0xca, 0x7d, 0x75, 0x1d, 0x17, 0x45, 0x8b, 0xce, 0x09, 0xfe, 0x09, 0x95, 0x87, 0x1e, 0x5b, + 0x21, 0x83, 0x31, 0xe9, 0x02, 0x31, 0xc0, 0x7c, 0xd1, 0x9e, 0x1b, 0xac, 0xe1, 0x78, 0x45, 0xd4, + 0x59, 0x4e, 0xd6, 0x99, 0x5c, 0xb9, 0x19, 0xbc, 0x89, 0x0b, 0xb3, 0x02, 0xca, 0xee, 0xd2, 0xb8, + 0xc3, 0xbf, 0x68, 0x44, 0xb7, 0x48, 0x94, 0x72, 0xc1, 0x5c, 0xd6, 0x84, 0xd1, 0x47, 0x12, 0x1b, + 0x7a, 0x92, 0x1f, 0xd9, 0x80, 0xb9, 0x4a, 0xb7, 0xdb, 0xf2, 0x68, 0x13, 0x5b, 0xc9, 0x73, 0x9b, + 0x5a, 0x71, 0x3e, 0x0b, 0x97, 0x17, 0x8a, 0xdb, 0x42, 0x32, 0xb1, 0x69, 0x9a, 0xd6, 0xfa, 0x6e, + 0x2e, 0xf5, 0xd1, 0xe4, 0x75, 0x98, 0xc0, 0x1f, 0x9a, 0x8b, 0x35, 0x2a, 0x01, 0xf8, 0x27, 0xa2, + 0x32, 0x22, 0x46, 0x60, 0xc2, 0x92, 0x1e, 0x34, 0xa9, 0xc0, 0x85, 0x25, 0x71, 0x53, 0x8d, 0xef, + 0xa6, 0x65, 0x69, 0xa9, 0x59, 0x88, 0x85, 0x2e, 0xb4, 0xd4, 0x14, 0xf6, 0x99, 0xd6, 0x8f, 0xe6, + 0xcd, 0x69, 0x47, 0x2e, 0x6a, 0x72, 0xbb, 0x16, 0xb6, 0x49, 0xca, 0xed, 0x9a, 0xb4, 0xfe, 0xb7, + 0x73, 0x30, 0xbf, 0x11, 0xec, 0xba, 0x1d, 0xef, 0xdb, 0x3c, 0xfc, 0xa3, 0x8f, 0xe3, 0x32, 0x38, + 0x35, 0xd0, 0xd3, 0x4a, 0x71, 0xe2, 0x6b, 0x15, 0xb3, 0x99, 0x82, 0x53, 0xc6, 0xce, 0xfa, 0x1e, + 0xb4, 0x7d, 0xc7, 0x0f, 0xd3, 0x32, 0xcd, 0x70, 0x74, 0x0e, 0xb7, 0xfe, 0x5a, 0x1e, 0x26, 0xb5, + 0x25, 0x40, 0x3e, 0x0f, 0x53, 0x3a, 0x1f, 0x5d, 0x81, 0xa4, 0x57, 0x6b, 0x1b, 0x58, 0xa8, 0x41, + 0xa2, 0x6e, 0xdb, 0xd0, 0x20, 0xb1, 0x89, 0x8e, 0xd0, 0x27, 0xbc, 0xda, 0xbc, 0x9f, 0x71, 0xb5, + 0x79, 0xa2, 0x24, 0xb8, 0xef, 0xa4, 0x2f, 0x38, 0xc3, 0xe7, 0xac, 0xb5, 0x7e, 0x2a, 0x07, 0xa5, + 0xe4, 0x22, 0xfd, 0x4c, 0x7a, 0xe5, 0x09, 0x5e, 0x0b, 0x7e, 0x3c, 0xaf, 0x22, 0x73, 0x4b, 0x8f, + 0x9e, 0x67, 0xd5, 0x24, 0xe6, 0x5d, 0x43, 0x91, 0xff, 0xbc, 0x19, 0x6a, 0x46, 0xf7, 0x85, 0xcd, + 0x8e, 0x2f, 0x35, 0xf2, 0x73, 0xbf, 0x58, 0x7e, 0xce, 0xfa, 0x10, 0x8e, 0x25, 0xbb, 0x03, 0x95, + 0xf9, 0x15, 0x98, 0x35, 0xe1, 0xc9, 0xb8, 0xfe, 0x49, 0x2a, 0x3b, 0x89, 0x6f, 0xfd, 0x5e, 0x3e, + 0xc9, 0x5b, 0x98, 0xc7, 0xb0, 0x4d, 0xa7, 0xe3, 0x6e, 0xb7, 0x54, 0x5c, 0x6f, 0xbe, 0xe9, 0x70, + 0x90, 0x2d, 0xcb, 0x9e, 0x24, 0x9f, 0x86, 0xf2, 0x4b, 0x29, 0x64, 0xfb, 0xa5, 0x90, 0xeb, 0x09, + 0x1b, 0x33, 0x2d, 0x88, 0xc2, 0x3e, 0xdd, 0x76, 0x62, 0x3b, 0xb3, 0x84, 0x69, 0xd9, 0x32, 0x1c, + 0x33, 0xe2, 0x7b, 0x4a, 0xfa, 0xd1, 0x58, 0x77, 0x1b, 0x61, 0x01, 0x27, 0xce, 0x44, 0x26, 0xab, + 0x30, 0xce, 0x3e, 0xf3, 0x8e, 0xdb, 0x15, 0x3a, 0x7a, 0xa2, 0xbc, 0xd4, 0x5a, 0xea, 0xc2, 0xa7, + 0x39, 0xaa, 0xb5, 0x28, 0x3b, 0xf2, 0x8d, 0x1c, 0xd2, 0x1c, 0xd1, 0xfa, 0xe7, 0x39, 0xb6, 0xfe, + 0x1b, 0x0f, 0x7e, 0xc0, 0x92, 0x72, 0xb0, 0x26, 0x0d, 0xb0, 0xde, 0xfa, 0xc3, 0x3c, 0x0f, 0xcd, + 0x2e, 0xa6, 0xcf, 0x5b, 0x30, 0xb6, 0xe5, 0x06, 0xbb, 0x34, 0x12, 0x41, 0xcb, 0x75, 0x2e, 0xbc, + 0x20, 0x0e, 0xf1, 0x10, 0xe1, 0x6f, 0x5b, 0x10, 0xe8, 0xba, 0xb0, 0xfc, 0x50, 0xba, 0x30, 0x4d, + 0xd3, 0x5b, 0x78, 0x6a, 0x9a, 0xde, 0x1f, 0x52, 0x51, 0xd8, 0x2b, 0xd1, 0x10, 0xe1, 0x23, 0xcf, + 0x25, 0xb3, 0x18, 0xa4, 0x02, 0x7d, 0xc6, 0xec, 0xc8, 0x75, 0x3d, 0x2f, 0x82, 0xe6, 0xea, 0x71, + 0x44, 0x06, 0x04, 0xeb, 0x0f, 0x0b, 0xbc, 0x8f, 0x45, 0x47, 0x5d, 0x30, 0xdc, 0xc0, 0x70, 0x9d, + 0xb0, 0x8d, 0x5e, 0xf7, 0xc8, 0x45, 0xc3, 0x8e, 0x0b, 0x30, 0xc2, 0xe6, 0xa6, 0xe8, 0x4d, 0xc4, + 0x63, 0xf3, 0x57, 0xc7, 0x63, 0xe5, 0x6c, 0x2d, 0xe3, 0x99, 0xa4, 0x27, 0xbc, 0xc1, 0x63, 0x4b, + 0x5f, 0xcb, 0x88, 0x41, 0x2e, 0xc2, 0xc8, 0xba, 0xdf, 0x94, 0x61, 0x4a, 0x8f, 0xa1, 0x33, 0xb0, + 0xdf, 0xd4, 0x58, 0x2e, 0xe4, 0x6c, 0xc4, 0x60, 0x6d, 0x55, 0x81, 0xcd, 0xf5, 0xb6, 0xb6, 0x77, + 0xdc, 0x74, 0x22, 0x13, 0x2d, 0x06, 0xfa, 0x0a, 0xcc, 0x98, 0x29, 0x2f, 0x85, 0x6d, 0x1b, 0x6a, + 0x6c, 0x13, 0x99, 0x33, 0x75, 0x45, 0xbb, 0x49, 0x44, 0x96, 0x60, 0xda, 0x08, 0x8f, 0x26, 0x1e, + 0xcb, 0x50, 0xbd, 0x69, 0x06, 0x57, 0xd3, 0xd5, 0x9b, 0x06, 0x09, 0x3b, 0xcf, 0xc5, 0xf7, 0x6b, + 0x4f, 0x66, 0xa9, 0x6f, 0x17, 0x38, 0xe4, 0x1a, 0x14, 0xb9, 0xd7, 0x6d, 0xad, 0xaa, 0x3f, 0x7c, + 0x84, 0x08, 0x4b, 0x78, 0xad, 0x4b, 0x44, 0xcd, 0xcb, 0xf2, 0x73, 0x50, 0x12, 0x5b, 0x52, 0x9c, + 0x5c, 0xf2, 0x05, 0x18, 0x59, 0xae, 0x55, 0x6d, 0x7d, 0x1b, 0x69, 0x78, 0xcd, 0xc0, 0x46, 0x28, + 0x9a, 0xee, 0xaf, 0xd3, 0x68, 0xdf, 0x0f, 0x1e, 0xd8, 0x34, 0x8c, 0x02, 0x8f, 0xe7, 0x4b, 0xc2, + 0x85, 0xf8, 0x79, 0xf2, 0x0e, 0x8c, 0xa2, 0x91, 0x55, 0xe2, 0x64, 0x48, 0xd6, 0xb1, 0x34, 0x2d, + 0x26, 0xf0, 0x28, 0x5a, 0x6c, 0xd9, 0x9c, 0x88, 0xbc, 0x05, 0x23, 0x55, 0xda, 0x39, 0x48, 0xa4, + 0x72, 0x49, 0x11, 0xab, 0x0d, 0xa1, 0x49, 0x3b, 0x07, 0x36, 0x92, 0x58, 0x3f, 0x95, 0x87, 0xe3, + 0x19, 0x9f, 0x75, 0xef, 0xf3, 0xcf, 0xe8, 0xae, 0xb8, 0x64, 0xec, 0x8a, 0xf2, 0xbd, 0xb3, 0x6f, + 0xc7, 0x67, 0x6e, 0x92, 0x3f, 0x9f, 0x83, 0x93, 0xe6, 0x04, 0x15, 0x56, 0x95, 0xf7, 0xae, 0x91, + 0xb7, 0x61, 0x6c, 0x95, 0xba, 0x4d, 0x2a, 0xd3, 0x3c, 0x1c, 0x57, 0xf1, 0x71, 0xb8, 0x4b, 0x21, + 0x2f, 0xe4, 0x6c, 0x63, 0x07, 0x14, 0x0e, 0x25, 0x55, 0xf1, 0x71, 0x5c, 0x1e, 0xb7, 0xa4, 0x7b, + 0x6f, 0x56, 0x55, 0x03, 0xac, 0x06, 0xbe, 0x9f, 0x83, 0xe7, 0x07, 0xd0, 0xb0, 0x81, 0x63, 0x43, + 0xaf, 0x0f, 0x1c, 0x9e, 0xa8, 0x08, 0x25, 0xef, 0xc1, 0xec, 0x96, 0x90, 0xe7, 0xe5, 0x70, 0xe4, + 0xe3, 0xf5, 0x22, 0x45, 0x7d, 0x47, 0x8e, 0x4b, 0x12, 0xd9, 0xf0, 0x3b, 0x2f, 0x0c, 0xf4, 0x3b, + 0xd7, 0xdd, 0xb8, 0x47, 0x86, 0x75, 0xe3, 0xfe, 0x30, 0x99, 0x28, 0x5e, 0x44, 0xd3, 0x8b, 0x9d, + 0xd8, 0x73, 0xfd, 0x9d, 0xd8, 0x07, 0xc6, 0xec, 0xb2, 0xfe, 0x5a, 0x0e, 0x4a, 0x26, 0xef, 0x4f, + 0x3b, 0x9e, 0xef, 0x1a, 0xe3, 0xf9, 0x7c, 0xf6, 0x78, 0xf6, 0x1f, 0xc8, 0xff, 0x23, 0x97, 0x6c, + 0xec, 0x50, 0x23, 0x68, 0xc1, 0x58, 0xd5, 0x6f, 0xbb, 0x5e, 0x47, 0xcf, 0x55, 0xda, 0x44, 0x88, + 0x2d, 0x4a, 0x86, 0xf3, 0xf9, 0x3f, 0x07, 0xa3, 0xeb, 0x7e, 0xa7, 0x52, 0x15, 0x46, 0x87, 0xc8, + 0xa7, 0xe3, 0x77, 0x1c, 0xb7, 0x69, 0xf3, 0x02, 0xb2, 0x06, 0x50, 0x6f, 0x04, 0x94, 0x76, 0xea, + 0xde, 0xb7, 0x69, 0x42, 0xd2, 0x60, 0x3d, 0xd4, 0xea, 0xe1, 0xc6, 0x82, 0x6f, 0x3c, 0x21, 0x22, + 0x3a, 0xa1, 0xf7, 0x6d, 0x7d, 0xbf, 0xd5, 0xe8, 0x2d, 0x0a, 0x10, 0x13, 0x61, 0xe2, 0x36, 0xaf, + 0x29, 0x92, 0xf1, 0x4e, 0x8b, 0xc4, 0x6d, 0x0c, 0x60, 0x24, 0x6e, 0x63, 0x00, 0xb6, 0xb5, 0xaf, + 0x52, 0x6f, 0x77, 0x8f, 0x5b, 0x9f, 0x4c, 0xf3, 0xa9, 0xba, 0x87, 0x10, 0x7d, 0x6b, 0xe7, 0x38, + 0xd6, 0xbf, 0x1c, 0x85, 0x53, 0x36, 0xdd, 0xf5, 0x98, 0x98, 0x7c, 0x37, 0xf4, 0x3a, 0xbb, 0x86, + 0x57, 0xb6, 0x95, 0x98, 0x48, 0x22, 0x20, 0x31, 0x83, 0xa8, 0x8e, 0xb9, 0x04, 0x45, 0x76, 0x2a, + 0x6a, 0x73, 0x09, 0xdf, 0x50, 0x30, 0xd3, 0x38, 0x9f, 0xe4, 0xb2, 0x98, 0xbc, 0x2a, 0x4e, 0x6d, + 0x2d, 0x64, 0x3c, 0x3b, 0xb5, 0x3f, 0x3e, 0x2c, 0x43, 0xfd, 0x20, 0x8c, 0x28, 0xde, 0xd8, 0xc4, + 0xc9, 0xad, 0x44, 0xeb, 0x91, 0x3e, 0xa2, 0xf5, 0x1d, 0x38, 0x56, 0x69, 0xf2, 0xcd, 0xda, 0x6d, + 0x6d, 0x06, 0x5e, 0xa7, 0xe1, 0x75, 0xdd, 0x96, 0xbc, 0x2e, 0x62, 0x2f, 0xbb, 0xaa, 0xdc, 0xe9, + 0x2a, 0x04, 0x3b, 0x93, 0x8c, 0x35, 0xa3, 0xba, 0x5e, 0x47, 0xe7, 0x65, 0xf1, 0x3c, 0x86, 0xcd, + 0x68, 0x76, 0x42, 0x6c, 0x45, 0x68, 0xab, 0x62, 0x14, 0xea, 0xd1, 0x9c, 0x61, 0x6b, 0xad, 0x1e, + 0x7b, 0x27, 0xf1, 0x88, 0xb6, 0xdc, 0xe4, 0x21, 0x6a, 0x85, 0x68, 0xf6, 0x60, 0xe0, 0xc5, 0x74, + 0xf5, 0xfa, 0x2a, 0xa3, 0x2b, 0xa6, 0xe8, 0xc2, 0x70, 0x4f, 0xa7, 0xe3, 0x78, 0xe4, 0x0a, 0x9b, + 0x0a, 0x6d, 0x3f, 0xa2, 0x38, 0xcf, 0x27, 0xe2, 0x2b, 0x40, 0x80, 0x50, 0x7e, 0x05, 0xd0, 0x50, + 0xc8, 0x3b, 0x30, 0xbf, 0xb2, 0xbc, 0x28, 0x95, 0x9a, 0x55, 0xbf, 0xd1, 0xc3, 0x07, 0x6a, 0xc0, + 0xfa, 0x70, 0x0c, 0x69, 0x63, 0x91, 0x4d, 0xee, 0x2c, 0x34, 0x72, 0x01, 0xc6, 0x6b, 0x55, 0xde, + 0xf7, 0x93, 0x7a, 0xda, 0x06, 0x61, 0xf8, 0x21, 0x0b, 0xc9, 0x46, 0x2c, 0xa3, 0x4e, 0x1d, 0x29, + 0x4c, 0x9e, 0x1a, 0x42, 0x3e, 0x7d, 0x0b, 0xa6, 0x97, 0xfc, 0xa8, 0xd6, 0x09, 0x23, 0xb7, 0xd3, + 0xa0, 0xb5, 0xaa, 0x1e, 0x75, 0x71, 0xdb, 0x8f, 0x1c, 0x4f, 0x94, 0xb0, 0x2f, 0x37, 0x31, 0xc9, + 0x17, 0x91, 0xf4, 0x26, 0xed, 0xd0, 0x20, 0x8e, 0xb6, 0x38, 0xca, 0xfb, 0x96, 0x91, 0xee, 0xaa, + 0x12, 0xdb, 0x44, 0x14, 0x29, 0x25, 0x78, 0xea, 0xa2, 0x65, 0xbf, 0x49, 0xc3, 0x7b, 0x57, 0x7f, + 0xc0, 0x52, 0x4a, 0x68, 0x6d, 0xc3, 0x2d, 0xf3, 0x6a, 0xe6, 0xfe, 0xfa, 0xef, 0x62, 0x4a, 0x89, + 0x14, 0x2e, 0xf9, 0x22, 0x8c, 0xe2, 0x4f, 0x21, 0x6c, 0xcd, 0x67, 0xb0, 0x8d, 0x05, 0xad, 0x06, + 0x4f, 0x70, 0x8c, 0x04, 0xa4, 0x06, 0xe3, 0x42, 0xce, 0x7f, 0x92, 0xc0, 0xe8, 0xe2, 0xc2, 0xc0, + 0x67, 0x86, 0xa0, 0xb7, 0x9a, 0x30, 0xa5, 0x57, 0xc8, 0x56, 0xc4, 0xaa, 0x1b, 0xee, 0xd1, 0x26, + 0xfb, 0x25, 0x72, 0x9a, 0xe0, 0x8a, 0xd8, 0x43, 0xa8, 0xc3, 0xbe, 0xc3, 0xd6, 0x50, 0xd8, 0x16, + 0x5f, 0x0b, 0xef, 0x86, 0xe2, 0x53, 0xc4, 0xcd, 0xdf, 0x43, 0x2d, 0x52, 0xd3, 0x16, 0x45, 0xd6, + 0x0f, 0xc1, 0xb1, 0xf5, 0x5e, 0xab, 0xe5, 0x6e, 0xb7, 0xa8, 0x8c, 0x79, 0x8d, 0xf9, 0x0d, 0x97, + 0x60, 0xb4, 0xae, 0x65, 0x4c, 0x9c, 0x57, 0x41, 0xc5, 0x63, 0x1c, 0xb4, 0xb1, 0xcb, 0xa1, 0x23, + 0x79, 0x22, 0x57, 0x22, 0x27, 0xb5, 0xbe, 0x17, 0xa7, 0xda, 0xde, 0x0a, 0xdc, 0xc6, 0x03, 0x95, + 0x36, 0x73, 0xd8, 0xac, 0xe1, 0xb7, 0xe4, 0x47, 0x98, 0xe7, 0x67, 0xd6, 0x07, 0x1f, 0xf5, 0x31, + 0xe4, 0x1d, 0x98, 0x14, 0x67, 0xa8, 0x16, 0xfe, 0x08, 0x63, 0x4c, 0xc8, 0xbc, 0xfd, 0x09, 0x1b, + 0x07, 0x1d, 0x1d, 0x45, 0x03, 0xb3, 0x29, 0xf7, 0xae, 0x7e, 0x16, 0xa2, 0x81, 0x59, 0xc7, 0x80, + 0xa9, 0xfb, 0x9b, 0x93, 0xc9, 0xbe, 0x15, 0x73, 0xf7, 0xba, 0x1e, 0xf0, 0x24, 0x17, 0x5f, 0xd4, + 0xe2, 0x80, 0x27, 0xfa, 0x45, 0x4d, 0xa1, 0xaa, 0x31, 0xc9, 0x1f, 0x31, 0x26, 0xef, 0xc9, 0x31, + 0x29, 0xf4, 0x9f, 0x18, 0xf3, 0x03, 0xc6, 0xa1, 0x1e, 0xaf, 0x90, 0x91, 0xa1, 0x6e, 0xf9, 0xcf, + 0x61, 0x64, 0x57, 0x4e, 0x92, 0xdc, 0x45, 0x05, 0x27, 0x5d, 0x75, 0x30, 0x3a, 0x3c, 0xd3, 0x23, + 0xb6, 0xe6, 0x2f, 0xc1, 0x54, 0x25, 0x8a, 0xdc, 0xc6, 0x1e, 0x6d, 0x56, 0xd9, 0xf6, 0xa4, 0xc5, + 0x66, 0x70, 0x05, 0x5c, 0x7f, 0xc3, 0xd1, 0x71, 0x79, 0xac, 0x31, 0x37, 0x14, 0xd6, 0x7a, 0x2a, + 0xd6, 0x18, 0x83, 0x98, 0xb1, 0xc6, 0x18, 0x84, 0x5c, 0x81, 0xf1, 0x5a, 0xe7, 0xa1, 0xc7, 0xfa, + 0xa4, 0x18, 0xe7, 0xd0, 0xf5, 0x38, 0x48, 0xdf, 0x5c, 0x05, 0x16, 0x79, 0x4b, 0x93, 0xb1, 0x27, + 0xe2, 0xfb, 0x34, 0xd7, 0xc0, 0x28, 0xaf, 0x6e, 0x5d, 0x7e, 0x56, 0x42, 0xf7, 0x75, 0x18, 0x97, + 0x8a, 0x35, 0x88, 0xef, 0xd0, 0x82, 0x32, 0xed, 0xfd, 0x29, 0x91, 0x31, 0x05, 0xa2, 0x96, 0x9b, + 0x65, 0x52, 0x4b, 0x81, 0xa8, 0xe5, 0x66, 0x31, 0x52, 0x20, 0x6a, 0x59, 0x5a, 0x94, 0x4e, 0x62, + 0xea, 0x48, 0x9d, 0xc4, 0x3d, 0x98, 0xda, 0x74, 0x83, 0xc8, 0x63, 0x32, 0x4a, 0x27, 0x0a, 0x17, + 0xa6, 0x0d, 0x35, 0x9e, 0x56, 0xb4, 0x74, 0x56, 0x66, 0xed, 0xeb, 0x6a, 0xf8, 0x66, 0x7a, 0xb9, + 0x18, 0x9e, 0x6d, 0xab, 0x37, 0xf3, 0x69, 0x6c, 0xf5, 0xb0, 0x53, 0x51, 0x75, 0x33, 0x1b, 0x2b, + 0x08, 0x50, 0x86, 0x4e, 0xe8, 0x6f, 0x14, 0x22, 0xf9, 0x1a, 0x4c, 0xb1, 0xbf, 0x31, 0x1f, 0xbf, + 0x47, 0xc3, 0x85, 0x12, 0x36, 0xee, 0x6c, 0xe6, 0xea, 0xe7, 0x49, 0xfb, 0xeb, 0x34, 0xe2, 0x0b, + 0x18, 0x19, 0x27, 0x75, 0xb2, 0x06, 0x37, 0xf2, 0x3e, 0x4c, 0xb1, 0xd9, 0xb7, 0xed, 0x86, 0x5c, + 0x34, 0x9d, 0x8b, 0xad, 0x2d, 0x9b, 0x02, 0x9e, 0x0a, 0xf7, 0xa7, 0x13, 0xb0, 0x63, 0xbe, 0xd2, + 0xe5, 0x1b, 0x24, 0xd1, 0x66, 0x7b, 0x37, 0xb5, 0x39, 0x4a, 0x34, 0xf2, 0x01, 0x4c, 0x55, 0xba, + 0xdd, 0x78, 0xc7, 0x99, 0xd7, 0xf4, 0x32, 0xdd, 0xae, 0x93, 0xb9, 0xeb, 0x18, 0x14, 0xc9, 0x8d, + 0xf9, 0xd8, 0x13, 0x6d, 0xcc, 0xe4, 0x0d, 0x25, 0xad, 0x1f, 0x8f, 0x95, 0x8c, 0xe2, 0x1e, 0x63, + 0x88, 0xfe, 0x5c, 0x70, 0x5f, 0x86, 0x69, 0xae, 0x75, 0x93, 0xd2, 0xcc, 0x89, 0xd4, 0xea, 0xc9, + 0x10, 0x6a, 0x4c, 0x1a, 0xb2, 0x02, 0x33, 0xdc, 0xd1, 0xad, 0x25, 0xe2, 0x30, 0x2e, 0x9c, 0x8c, + 0xb3, 0x3e, 0x73, 0xff, 0xb8, 0x16, 0x86, 0xe7, 0x76, 0x0d, 0x2e, 0x09, 0x22, 0xeb, 0x8f, 0x72, + 0x70, 0xb2, 0xcf, 0x88, 0xab, 0x28, 0x7d, 0xb9, 0xc1, 0x51, 0xfa, 0xd8, 0xce, 0x61, 0x5e, 0xd2, + 0xb1, 0xfd, 0x42, 0xca, 0xd2, 0xc7, 0x4b, 0xca, 0x5b, 0x3e, 0x10, 0x11, 0xcf, 0x5e, 0x54, 0x7d, + 0xcb, 0x47, 0x4d, 0x61, 0x21, 0x7d, 0x08, 0x09, 0x3c, 0xfe, 0x51, 0x4b, 0xd6, 0xe3, 0xc3, 0xf2, + 0x59, 0x11, 0x2e, 0x5f, 0x0d, 0xeb, 0x47, 0xbe, 0xb1, 0x82, 0x33, 0x58, 0x5b, 0x87, 0x39, 0x98, + 0xd4, 0xd6, 0x21, 0x39, 0xa7, 0xb9, 0xcd, 0x95, 0x78, 0xc2, 0x05, 0x8d, 0x43, 0x9e, 0x9f, 0x44, + 0xb8, 0xa8, 0xf2, 0x47, 0xeb, 0x43, 0xef, 0x30, 0x51, 0x48, 0x8b, 0x64, 0xd8, 0x36, 0x94, 0x97, + 0x36, 0x96, 0x63, 0xb2, 0x51, 0x37, 0x8c, 0x2a, 0x8d, 0xc8, 0x7b, 0x48, 0x87, 0x38, 0x74, 0xe2, + 0x64, 0xa3, 0x6e, 0x18, 0x39, 0x2e, 0x92, 0xa5, 0x92, 0x8d, 0x2a, 0x86, 0xd6, 0x8f, 0xe5, 0x00, + 0xee, 0xd6, 0x96, 0x31, 0x14, 0xe9, 0xa7, 0x15, 0x0a, 0xb2, 0xc3, 0xbb, 0x49, 0xee, 0x03, 0xc4, + 0x81, 0xff, 0x2e, 0x07, 0x33, 0x26, 0x1a, 0x79, 0x0f, 0x66, 0xeb, 0x8d, 0xc0, 0x6f, 0xb5, 0xb6, + 0xdd, 0xc6, 0x83, 0x35, 0xaf, 0x43, 0x79, 0x60, 0xad, 0x51, 0x7e, 0x16, 0x85, 0xaa, 0xc8, 0x69, + 0xb1, 0x32, 0x3b, 0x89, 0x4c, 0xfe, 0x62, 0x0e, 0xa6, 0xeb, 0x7b, 0xfe, 0x7e, 0x9c, 0x6a, 0x9e, + 0x0f, 0xc8, 0xd7, 0xd9, 0xda, 0x0e, 0xf7, 0xfc, 0x7d, 0x27, 0x23, 0xdf, 0xfc, 0xc7, 0x87, 0xe5, + 0x77, 0x87, 0x7b, 0x26, 0x6e, 0xf8, 0x78, 0x93, 0x89, 0xc2, 0xcb, 0x46, 0x25, 0xb6, 0x59, 0xa7, + 0xf5, 0x27, 0x39, 0x98, 0xc4, 0x3b, 0x4f, 0xab, 0x85, 0x32, 0xd7, 0x0f, 0x52, 0xea, 0x1f, 0xd5, + 0xae, 0x01, 0x03, 0xfb, 0x26, 0xcc, 0x26, 0xd0, 0x88, 0x05, 0x63, 0x75, 0x74, 0x95, 0xd6, 0x15, + 0x14, 0xdc, 0x79, 0xda, 0x16, 0x25, 0xd6, 0x8a, 0x46, 0x76, 0xef, 0x2a, 0xbe, 0x32, 0x2e, 0x02, + 0x78, 0x12, 0x24, 0x6f, 0x36, 0x24, 0xf9, 0x25, 0xf7, 0xae, 0xda, 0x1a, 0x96, 0xb5, 0x0e, 0x63, + 0x75, 0x3f, 0x88, 0x96, 0x0e, 0xf8, 0x65, 0xa2, 0x4a, 0xc3, 0x86, 0xfe, 0x8c, 0xe8, 0xa1, 0xea, + 0xbe, 0x61, 0x8b, 0x22, 0x52, 0x86, 0xd1, 0x1b, 0x1e, 0x6d, 0x35, 0x75, 0x7b, 0xd1, 0x1d, 0x06, + 0xb0, 0x39, 0x9c, 0x5d, 0xb8, 0x4e, 0xc4, 0x11, 0xbb, 0x63, 0xc3, 0xd4, 0x4f, 0xbb, 0x6e, 0x96, + 0x8d, 0xfe, 0x7d, 0xd1, 0xcc, 0xac, 0x6b, 0xd4, 0x34, 0xa0, 0xab, 0xff, 0xa3, 0x1c, 0x9c, 0xee, + 0x4f, 0xa2, 0xdb, 0xba, 0xe6, 0x06, 0xd8, 0xba, 0xbe, 0x9c, 0x7c, 0xf6, 0x42, 0x34, 0xf1, 0xec, + 0x15, 0x3f, 0x76, 0x55, 0xd1, 0xd4, 0xb8, 0xa1, 0x12, 0x9f, 0x9f, 0x1b, 0xf0, 0xcd, 0x88, 0xc8, + 0x87, 0x39, 0x42, 0x1a, 0x5b, 0xd0, 0x5a, 0xbf, 0x31, 0x02, 0xa7, 0xfa, 0x52, 0x90, 0x55, 0x2d, + 0xf8, 0xff, 0x8c, 0x0a, 0x3b, 0xde, 0x17, 0xff, 0x32, 0xfe, 0x8b, 0xd6, 0x64, 0x49, 0x67, 0x9a, + 0x0d, 0x15, 0xf4, 0x9d, 0x67, 0xb8, 0x7f, 0xed, 0x48, 0x5e, 0x1c, 0x1d, 0x99, 0x41, 0x3a, 0xfe, + 0x3b, 0xba, 0x5d, 0xd1, 0xc8, 0xf5, 0x5a, 0xa1, 0xbe, 0xec, 0x9a, 0x1c, 0x64, 0xcb, 0xb2, 0xd8, + 0x00, 0x79, 0x24, 0xdb, 0x00, 0xd9, 0xfa, 0x97, 0x39, 0x98, 0x50, 0x9f, 0x4d, 0x4e, 0xc3, 0x89, + 0x2d, 0xbb, 0xb2, 0xbc, 0xe2, 0x6c, 0x7d, 0xb8, 0xb9, 0xe2, 0xdc, 0x5d, 0xaf, 0x6f, 0xae, 0x2c, + 0xd7, 0x6e, 0xd4, 0x56, 0xaa, 0xa5, 0xe7, 0xc8, 0x1c, 0x4c, 0xdf, 0x5d, 0xbf, 0xbd, 0xbe, 0x71, + 0x7f, 0xdd, 0x59, 0xb1, 0xed, 0x0d, 0xbb, 0x94, 0x23, 0xd3, 0x30, 0x61, 0x2f, 0x55, 0x96, 0x9d, + 0xf5, 0x8d, 0xea, 0x4a, 0x29, 0x4f, 0x4a, 0x30, 0xb5, 0xbc, 0xb1, 0xbe, 0xbe, 0xb2, 0xbc, 0x55, + 0xbb, 0x57, 0xdb, 0xfa, 0xb0, 0x54, 0x20, 0x04, 0x66, 0x10, 0x61, 0xd3, 0xae, 0xad, 0x2f, 0xd7, + 0x36, 0x2b, 0x6b, 0xa5, 0x11, 0x06, 0x63, 0xf8, 0x1a, 0x6c, 0x54, 0x31, 0xba, 0x7d, 0x77, 0x69, + 0xa5, 0x34, 0xc6, 0x50, 0xd8, 0x5f, 0x1a, 0xca, 0x38, 0xab, 0x1e, 0x51, 0xaa, 0x95, 0xad, 0xca, + 0x52, 0xa5, 0xbe, 0x52, 0x2a, 0x92, 0x93, 0x30, 0x6f, 0x80, 0x9c, 0xb5, 0x8d, 0x9b, 0xb5, 0xf5, + 0xd2, 0x04, 0x39, 0x06, 0x25, 0x05, 0xab, 0x2e, 0x39, 0x77, 0xeb, 0x2b, 0x76, 0x09, 0x92, 0xd0, + 0xf5, 0xca, 0x9d, 0x95, 0xd2, 0xa4, 0xf5, 0x2e, 0x77, 0x73, 0xe2, 0x5d, 0x4d, 0x4e, 0x00, 0xa9, + 0x6f, 0x55, 0xb6, 0xee, 0xd6, 0x13, 0x8d, 0x9f, 0x84, 0xf1, 0xfa, 0xdd, 0xe5, 0xe5, 0x95, 0x7a, + 0xbd, 0x94, 0x23, 0x00, 0x63, 0x37, 0x2a, 0xb5, 0xb5, 0x95, 0x6a, 0x29, 0x6f, 0xfd, 0x64, 0x0e, + 0xe6, 0xa4, 0x04, 0x28, 0xdf, 0x30, 0x3e, 0xe5, 0x5a, 0x7c, 0xcf, 0xb8, 0xd8, 0x4a, 0x2f, 0x94, + 0x44, 0x25, 0x03, 0x96, 0xe1, 0xcf, 0xe7, 0xe0, 0x78, 0x26, 0x36, 0xf9, 0x10, 0x4a, 0xf2, 0x0b, + 0xee, 0xb8, 0x51, 0x63, 0x2f, 0xde, 0xc7, 0xce, 0x26, 0x6a, 0x49, 0xa0, 0x71, 0xb5, 0x66, 0x9c, + 0x5c, 0x30, 0xc5, 0x66, 0xf8, 0x60, 0xb9, 0xd6, 0xcf, 0xe5, 0xe0, 0x64, 0x9f, 0x6a, 0xc8, 0x32, + 0x8c, 0xa9, 0xb0, 0xe9, 0x03, 0x0c, 0xaa, 0x8e, 0x7d, 0xff, 0xb0, 0x2c, 0x10, 0x31, 0x1b, 0x1b, + 0xfe, 0x65, 0x8f, 0xa9, 0x38, 0xe8, 0x18, 0x8c, 0x9c, 0x77, 0xdf, 0xa9, 0x44, 0xcf, 0x8b, 0x9a, + 0x2a, 0xf7, 0xeb, 0x4b, 0x93, 0xa2, 0xef, 0x0a, 0xee, 0x7e, 0x88, 0xd1, 0xc8, 0xad, 0x9f, 0xce, + 0x31, 0xe1, 0x2e, 0x89, 0xc8, 0x64, 0xde, 0x4a, 0x18, 0xf6, 0xda, 0xd4, 0xf6, 0x5b, 0xb4, 0x62, + 0xaf, 0x8b, 0x63, 0x03, 0xa5, 0x55, 0x17, 0x0b, 0xf0, 0x5a, 0xe1, 0xb8, 0x41, 0xc7, 0x78, 0x3c, + 0xd5, 0x69, 0xc8, 0x5b, 0x00, 0x2a, 0x2b, 0xbe, 0x0c, 0x6a, 0xc0, 0x83, 0x7a, 0x08, 0xa8, 0x29, + 0x6f, 0x6b, 0xc8, 0xd6, 0x5f, 0xce, 0xc1, 0x94, 0xb8, 0x34, 0x55, 0x5a, 0x34, 0x88, 0x3e, 0xdd, + 0xf4, 0x7a, 0xcb, 0x98, 0x5e, 0xca, 0x7f, 0x40, 0xe3, 0xcf, 0x8a, 0x33, 0x67, 0xd6, 0x7f, 0x9d, + 0x83, 0x52, 0x12, 0x91, 0xbc, 0x07, 0xc5, 0x3a, 0x7d, 0x48, 0x03, 0x2f, 0x3a, 0x10, 0x1b, 0xa5, + 0x4c, 0x30, 0xc3, 0x71, 0x44, 0x19, 0x9f, 0x0f, 0xa1, 0xf8, 0x65, 0x2b, 0x9a, 0x61, 0xf7, 0x7b, + 0x4d, 0xed, 0x51, 0x78, 0x5a, 0x6a, 0x0f, 0xeb, 0x7f, 0xce, 0xc3, 0xc9, 0x9b, 0x34, 0xd2, 0xdb, + 0xa4, 0x5e, 0xbb, 0x3f, 0x37, 0x5c, 0xbb, 0xb4, 0x96, 0x2c, 0xc0, 0x38, 0x16, 0xc9, 0xf1, 0xb5, + 0xe5, 0x4f, 0xb2, 0xa4, 0xe6, 0x75, 0xc1, 0xc8, 0x60, 0xd1, 0xa7, 0xee, 0xcb, 0x5a, 0x4c, 0x7b, + 0x35, 0xad, 0x2f, 0xc0, 0x0c, 0x06, 0x6d, 0xed, 0xb1, 0xe5, 0x40, 0x9b, 0x42, 0xfd, 0x53, 0xb4, + 0x13, 0x50, 0xf2, 0x2a, 0x94, 0x18, 0xa4, 0xd2, 0x78, 0xd0, 0xf1, 0xf7, 0x5b, 0xb4, 0xb9, 0x4b, + 0x79, 0x1a, 0xf3, 0xa2, 0x9d, 0x82, 0x4b, 0x9e, 0x77, 0x3b, 0xfc, 0xea, 0x46, 0x9b, 0xa8, 0xa3, + 0x11, 0x3c, 0x63, 0xe8, 0xe9, 0xb7, 0x60, 0xf2, 0x13, 0xe6, 0xa7, 0xb0, 0xfe, 0xa7, 0x1c, 0x1c, + 0xc3, 0xc6, 0x69, 0x15, 0xe3, 0x8b, 0xc1, 0xe7, 0xe2, 0xde, 0xd2, 0x42, 0xb6, 0xbb, 0x0c, 0x64, + 0x2e, 0x05, 0xd5, 0x8b, 0xb1, 0x4e, 0x28, 0x3f, 0x84, 0x4e, 0xa8, 0xfe, 0x24, 0x59, 0x4f, 0x87, + 0x54, 0x69, 0xf1, 0x5c, 0xf5, 0xf1, 0x90, 0x5b, 0x7f, 0x31, 0x0f, 0xe3, 0x36, 0xc5, 0x74, 0x90, + 0xe4, 0x02, 0x8c, 0xaf, 0xfb, 0x11, 0x0d, 0xef, 0x18, 0xb9, 0x3f, 0x3b, 0x0c, 0xe4, 0xb4, 0x9b, + 0xb6, 0x2c, 0x64, 0x13, 0x7e, 0x33, 0xf0, 0x9b, 0xbd, 0x46, 0xa4, 0x4f, 0xf8, 0x2e, 0x07, 0xd9, + 0xb2, 0x8c, 0xbc, 0x0e, 0x13, 0x82, 0xb3, 0x7a, 0x63, 0x44, 0xdb, 0xd8, 0x80, 0xaa, 0x74, 0xa2, + 0x31, 0x02, 0xca, 0xb4, 0x5c, 0xc0, 0x18, 0xd1, 0x64, 0xda, 0x94, 0xcc, 0x20, 0x45, 0xf5, 0xd1, + 0x01, 0xa2, 0xfa, 0xe7, 0x60, 0xac, 0x12, 0x86, 0x34, 0x92, 0x4e, 0xda, 0x53, 0x2a, 0x62, 0x4e, + 0x48, 0x23, 0xce, 0xd8, 0xc5, 0x72, 0x5b, 0xe0, 0x59, 0xff, 0x3c, 0x0f, 0xa3, 0xf8, 0x27, 0xbe, + 0xab, 0x06, 0x8d, 0x3d, 0xe3, 0x5d, 0x35, 0x68, 0xec, 0xd9, 0x08, 0x25, 0x57, 0x51, 0x53, 0x21, + 0xb3, 0x0b, 0x88, 0xd6, 0xa3, 0x0a, 0xbe, 0x19, 0x83, 0x6d, 0x1d, 0x47, 0x3d, 0x38, 0x17, 0x32, + 0x43, 0x33, 0x9c, 0x80, 0xfc, 0x46, 0x5d, 0xb4, 0x18, 0x43, 0xc8, 0xf8, 0xa1, 0x9d, 0xdf, 0xa8, + 0x63, 0x6f, 0xac, 0x56, 0x16, 0xdf, 0xbc, 0xae, 0xa7, 0xa9, 0x0d, 0xf7, 0xdc, 0xc5, 0x37, 0xaf, + 0xdb, 0xa2, 0x84, 0xf5, 0x2f, 0x7e, 0x33, 0x3e, 0xbc, 0x72, 0xa7, 0x62, 0xec, 0x5f, 0x6c, 0x1b, + 0x3e, 0xb2, 0xda, 0x31, 0x02, 0x59, 0x84, 0x49, 0xe1, 0xca, 0x8e, 0xf8, 0x9a, 0xab, 0xb9, 0x70, + 0x75, 0xe7, 0x14, 0x3a, 0x12, 0x7f, 0x82, 0x13, 0x03, 0x24, 0x73, 0xa0, 0x89, 0x27, 0x38, 0x39, + 0x84, 0xa1, 0xad, 0xa1, 0xc4, 0x3e, 0xd1, 0xb1, 0xb3, 0xb0, 0xee, 0x13, 0x8d, 0x41, 0x78, 0x15, + 0x82, 0xf5, 0xcb, 0x79, 0x28, 0x6e, 0xb6, 0x7a, 0xbb, 0x5e, 0xe7, 0xde, 0x55, 0x42, 0x00, 0xaf, + 0x71, 0x32, 0x4a, 0x33, 0xfb, 0x9b, 0x9c, 0x82, 0xa2, 0xbc, 0xb9, 0xc9, 0x0d, 0x29, 0x14, 0xb7, + 0xb6, 0x05, 0x90, 0xe3, 0x2e, 0x72, 0xda, 0xcb, 0x9f, 0xe4, 0x2a, 0xa8, 0xfb, 0x57, 0xbf, 0x8b, + 0xda, 0x08, 0x5b, 0x2c, 0xb6, 0x42, 0x23, 0x6f, 0x00, 0x1e, 0x12, 0xe2, 0xf2, 0x20, 0x15, 0xda, + 0xfc, 0xd3, 0x84, 0x9c, 0xc2, 0x49, 0x10, 0x8d, 0x5c, 0x03, 0x31, 0x31, 0x45, 0xe6, 0xcc, 0xe3, + 0x26, 0x01, 0xcf, 0x5e, 0x24, 0x49, 0x04, 0x2a, 0x79, 0x07, 0x26, 0xe3, 0x9c, 0xf5, 0x71, 0x42, + 0x4c, 0x9d, 0x72, 0x39, 0x2e, 0xbf, 0x77, 0xd5, 0xd6, 0xd1, 0xad, 0xef, 0x8c, 0xc3, 0x94, 0xfe, + 0x3d, 0xc4, 0x86, 0xf9, 0xb0, 0xc5, 0xee, 0xee, 0xc2, 0xf6, 0xa9, 0x8b, 0x85, 0xe2, 0x38, 0x3d, + 0x67, 0x7e, 0x10, 0xc3, 0xe3, 0x86, 0x50, 0xd2, 0x07, 0x7f, 0xf5, 0x39, 0x7b, 0x2e, 0x8c, 0xc1, + 0x1c, 0x8f, 0x54, 0xa0, 0xe8, 0x77, 0xc3, 0x5d, 0xda, 0xf1, 0xe4, 0x7b, 0xcb, 0x79, 0x83, 0xd1, + 0x86, 0x28, 0x4c, 0xf1, 0x52, 0x64, 0xe4, 0x4d, 0x18, 0xf3, 0xbb, 0xb4, 0xe3, 0x7a, 0xe2, 0x8c, + 0x7b, 0x3e, 0xc1, 0x80, 0x76, 0x2a, 0x35, 0x8d, 0x50, 0x20, 0x93, 0x2b, 0x30, 0xe2, 0x3f, 0x50, + 0xe3, 0x75, 0xca, 0x24, 0x7a, 0x10, 0xb9, 0x1a, 0x09, 0x22, 0x32, 0x82, 0x8f, 0xdc, 0xf6, 0x8e, + 0x18, 0x31, 0x93, 0xe0, 0x96, 0xdb, 0xde, 0xd1, 0x09, 0x18, 0x22, 0x79, 0x1f, 0xa0, 0xeb, 0xee, + 0xd2, 0xc0, 0x69, 0xf6, 0xa2, 0x03, 0x31, 0x6e, 0x67, 0x0d, 0xb2, 0x4d, 0x56, 0x5c, 0xed, 0x45, + 0x07, 0x1a, 0xed, 0x44, 0x57, 0x02, 0x49, 0x05, 0xa0, 0xed, 0x46, 0x11, 0x0d, 0xda, 0xbe, 0x30, + 0x3e, 0x9b, 0x54, 0x09, 0x27, 0x39, 0x83, 0x3b, 0xaa, 0x58, 0xe3, 0xa0, 0x11, 0xe1, 0x47, 0x7b, + 0x81, 0x2b, 0xf2, 0x97, 0x26, 0x3e, 0xda, 0x0b, 0x8c, 0x56, 0x32, 0x44, 0xf2, 0x45, 0x18, 0x6f, + 0x7a, 0x61, 0xc3, 0x0f, 0x9a, 0x22, 0x38, 0xc3, 0x0b, 0x06, 0x4d, 0x95, 0x97, 0x69, 0x64, 0x12, + 0x9d, 0x7d, 0xad, 0x88, 0xff, 0xb6, 0xee, 0xef, 0xa3, 0x9a, 0x3f, 0xf9, 0xb5, 0x75, 0x55, 0xac, + 0x7f, 0x6d, 0x4c, 0xc4, 0x86, 0x72, 0xd7, 0x8b, 0x5a, 0xee, 0xb6, 0x78, 0xe7, 0x36, 0x87, 0xf2, + 0x26, 0x16, 0xe9, 0x43, 0xc9, 0x91, 0xc9, 0x5b, 0x50, 0xa4, 0x9d, 0x28, 0x70, 0x1d, 0xaf, 0x29, + 0x9c, 0xf6, 0xcc, 0x8f, 0x66, 0x07, 0xb0, 0x5b, 0xab, 0xea, 0x1f, 0x8d, 0xf8, 0xb5, 0x26, 0xeb, + 0x9f, 0xb0, 0xe1, 0xb5, 0x85, 0xaf, 0x9d, 0xd9, 0x3f, 0xf5, 0xe5, 0xda, 0x1d, 0xbd, 0x7f, 0x18, + 0x22, 0x79, 0x0f, 0xc6, 0xd9, 0xfa, 0x6d, 0xfa, 0xbb, 0xc2, 0xe3, 0xdd, 0x32, 0xfb, 0x87, 0x97, + 0xa5, 0xa6, 0xab, 0x24, 0x22, 0x67, 0x01, 0xe2, 0x27, 0x72, 0xfe, 0xa0, 0x61, 0x6b, 0x90, 0x2f, + 0x8d, 0xfc, 0x6f, 0xbf, 0x58, 0xce, 0x2d, 0x01, 0x14, 0x65, 0x74, 0x0b, 0x6b, 0x0d, 0x4e, 0xf5, + 0x5d, 0x54, 0xe4, 0x12, 0x94, 0x76, 0x5c, 0xa1, 0x52, 0x6b, 0xec, 0xb9, 0x9d, 0x0e, 0x6d, 0x89, + 0xed, 0x6c, 0x56, 0xc2, 0x97, 0x39, 0x98, 0x73, 0xb6, 0xde, 0x87, 0x63, 0x59, 0xbd, 0x49, 0x5e, + 0x84, 0x29, 0x3d, 0x90, 0x87, 0x60, 0x32, 0xe9, 0x76, 0x3d, 0x19, 0xca, 0x43, 0x30, 0xf8, 0xf5, + 0x1c, 0xbc, 0x30, 0x68, 0x6d, 0x92, 0xd3, 0x50, 0xec, 0x06, 0x9e, 0x8f, 0x32, 0x20, 0xdf, 0x41, + 0xd5, 0x6f, 0x72, 0x06, 0x80, 0x0b, 0x2b, 0x91, 0xbb, 0x2b, 0x8c, 0xf9, 0xed, 0x09, 0x84, 0x6c, + 0xb9, 0xbb, 0x21, 0x79, 0x0d, 0xe6, 0x9a, 0x74, 0xc7, 0xed, 0xb5, 0x22, 0x27, 0x6c, 0xec, 0xd1, + 0x26, 0xfa, 0xcf, 0xa0, 0x91, 0x96, 0x5d, 0x12, 0x05, 0x75, 0x09, 0x4f, 0x7d, 0xf1, 0x68, 0x9f, + 0x2f, 0xbe, 0x35, 0x52, 0xcc, 0x95, 0xf2, 0x36, 0xda, 0x2a, 0x59, 0x3f, 0x92, 0x87, 0x85, 0x7e, + 0x93, 0x91, 0xbc, 0x9b, 0xd5, 0x07, 0xfc, 0x55, 0x40, 0x87, 0xeb, 0xaf, 0x02, 0x5a, 0x6d, 0x64, + 0x11, 0x94, 0xf7, 0xcb, 0x51, 0x9e, 0xec, 0x12, 0xc6, 0x68, 0xba, 0x6e, 0x18, 0xee, 0xb3, 0xf5, + 0x56, 0xd0, 0x02, 0xf5, 0x09, 0x98, 0x4e, 0x23, 0x61, 0xe4, 0x0b, 0x00, 0x8d, 0x96, 0x1f, 0x52, + 0x7c, 0x7c, 0x17, 0x07, 0x39, 0x37, 0x01, 0x56, 0x50, 0xfd, 0xb5, 0x15, 0xa1, 0xcb, 0x7e, 0x93, + 0x8a, 0x01, 0x74, 0xe1, 0x64, 0x9f, 0xdd, 0x87, 0x0d, 0x4f, 0x9c, 0x18, 0x54, 0xa6, 0x19, 0xe8, + 0xa9, 0xf4, 0xa0, 0xc9, 0x1e, 0xcf, 0xf7, 0x9b, 0x23, 0x07, 0x40, 0xd2, 0x5b, 0x0c, 0xe3, 0x2e, + 0x0c, 0x59, 0x7b, 0x81, 0xe2, 0xce, 0x21, 0x77, 0x83, 0x16, 0x29, 0xc3, 0xa4, 0x4c, 0x23, 0xc4, + 0x04, 0x65, 0xce, 0x1c, 0x04, 0xe8, 0x36, 0xc5, 0xc9, 0x83, 0xf1, 0x24, 0xd1, 0xc7, 0x49, 0x1c, + 0xc1, 0x13, 0x08, 0xd9, 0x3a, 0xe8, 0xca, 0xd6, 0xbd, 0x20, 0xe7, 0xb7, 0xb9, 0xf1, 0x8b, 0xd2, + 0x9f, 0xc9, 0xc9, 0xe1, 0x4f, 0xef, 0x9c, 0x47, 0x7d, 0x1f, 0x01, 0xf4, 0x48, 0x11, 0x1f, 0x86, + 0x7f, 0x33, 0x91, 0x40, 0xae, 0x3a, 0x21, 0x12, 0x88, 0x9f, 0xe4, 0x02, 0xcc, 0x06, 0xdc, 0x66, + 0x31, 0xf2, 0x45, 0x7f, 0xe2, 0x48, 0xd9, 0xd3, 0x1c, 0xbc, 0xe5, 0x63, 0x9f, 0x8a, 0xef, 0xba, + 0xa5, 0x3a, 0x4c, 0x3b, 0x48, 0xc8, 0x65, 0x98, 0x60, 0x07, 0x09, 0xc6, 0xc9, 0x48, 0x98, 0xc2, + 0x23, 0x1e, 0x1e, 0xcb, 0x76, 0xf1, 0x23, 0xf1, 0xb7, 0xe0, 0xf5, 0x8f, 0x72, 0x92, 0x99, 0x7e, + 0x8c, 0x91, 0x93, 0x30, 0xee, 0x07, 0xbb, 0x5a, 0xd3, 0xc6, 0xfc, 0x60, 0x97, 0xb5, 0xeb, 0x22, + 0x94, 0xb8, 0x67, 0x06, 0x77, 0x79, 0x0f, 0x0f, 0x3a, 0xfc, 0x9e, 0x5b, 0xb4, 0x67, 0x38, 0x1c, + 0x73, 0xa5, 0x1e, 0x74, 0x1a, 0x0c, 0x33, 0x0c, 0x7d, 0x47, 0x0f, 0x8e, 0x23, 0x9a, 0x3d, 0x13, + 0x86, 0x7e, 0x1c, 0x25, 0xa7, 0x49, 0x96, 0x60, 0x9a, 0xf1, 0x51, 0x21, 0x7a, 0xc4, 0x29, 0x7b, + 0x26, 0x7d, 0xca, 0x1e, 0x74, 0x1a, 0xf2, 0x13, 0xed, 0xa9, 0x50, 0xfb, 0x25, 0x5a, 0xf3, 0xab, + 0x79, 0x38, 0x91, 0x8d, 0x8e, 0xe3, 0xc5, 0x2a, 0x41, 0x07, 0x25, 0xae, 0x1e, 0xb5, 0x27, 0x18, + 0x84, 0xc7, 0x60, 0xc8, 0xfa, 0xda, 0x7c, 0xe6, 0xd7, 0xbe, 0x0a, 0x73, 0xc8, 0x48, 0xc8, 0x35, + 0x2d, 0x2f, 0x8c, 0x44, 0x68, 0x01, 0x7b, 0x96, 0x15, 0xf0, 0x0d, 0x6e, 0x8d, 0x81, 0xc9, 0xcb, + 0x30, 0x23, 0xb7, 0x28, 0x7f, 0xbf, 0xc3, 0x2a, 0xe6, 0xfb, 0xd3, 0xb4, 0x80, 0x6e, 0x20, 0x90, + 0x1c, 0x87, 0x31, 0xb7, 0xdb, 0x65, 0x55, 0xf2, 0x6d, 0x69, 0xd4, 0xed, 0x76, 0x6b, 0x4d, 0x72, + 0x1e, 0xa6, 0xd1, 0x1d, 0xcb, 0xd9, 0x41, 0x9b, 0x14, 0x61, 0x00, 0x67, 0x4f, 0x21, 0x90, 0xdb, + 0xa9, 0x84, 0x6c, 0x21, 0x30, 0x5a, 0x89, 0x32, 0x8e, 0x28, 0xe0, 0x76, 0x15, 0xc2, 0x29, 0x28, + 0xca, 0xd7, 0x51, 0x6e, 0x55, 0x6e, 0x8f, 0xbb, 0xfc, 0x65, 0x54, 0x74, 0xda, 0x17, 0x61, 0x56, + 0x1c, 0xd4, 0x62, 0xf3, 0x47, 0xa6, 0x62, 0x6a, 0x32, 0x09, 0x5a, 0x44, 0x5e, 0x07, 0x01, 0xaa, + 0x35, 0x65, 0x77, 0xff, 0x7e, 0x0e, 0x8e, 0x67, 0x9e, 0xf4, 0xe4, 0x9b, 0xc0, 0x1d, 0x57, 0x22, + 0xdf, 0x09, 0x68, 0xc3, 0xeb, 0x7a, 0xe8, 0xda, 0xcf, 0x35, 0x61, 0x8b, 0x83, 0x64, 0x04, 0x74, + 0x82, 0xd9, 0xf2, 0x6d, 0x45, 0xc4, 0xaf, 0xe8, 0xa5, 0x20, 0x01, 0x3e, 0xfd, 0x55, 0x38, 0x9e, + 0x89, 0x9a, 0x71, 0x75, 0x7e, 0xdd, 0xcc, 0x50, 0x27, 0xdf, 0x36, 0x12, 0x8d, 0xd6, 0xae, 0xd4, + 0xa2, 0x79, 0xbf, 0xa5, 0x9a, 0x97, 0x90, 0x09, 0xc8, 0x4a, 0x72, 0xc6, 0x66, 0x89, 0xb5, 0x92, + 0xa8, 0xef, 0xa4, 0x25, 0x5f, 0x85, 0xe3, 0x62, 0x16, 0xed, 0x06, 0x6e, 0x77, 0x2f, 0x66, 0xc7, + 0x3f, 0xf4, 0x95, 0x2c, 0x76, 0x7c, 0x7a, 0xdd, 0x64, 0xf8, 0x8a, 0xeb, 0xbc, 0x9b, 0x06, 0x8a, + 0x36, 0xfc, 0x41, 0x4e, 0x0a, 0x04, 0x19, 0x9f, 0x93, 0x31, 0x3f, 0x73, 0x59, 0xf3, 0x73, 0xf8, + 0xc5, 0xb1, 0x0e, 0x44, 0xbb, 0x15, 0x38, 0x5c, 0x59, 0x26, 0xec, 0x70, 0xa4, 0x78, 0x27, 0x3e, + 0x44, 0xbb, 0x4c, 0xd4, 0x79, 0x86, 0xa0, 0xb9, 0x46, 0x12, 0x44, 0x9e, 0x87, 0x09, 0x95, 0x84, + 0x4f, 0x6c, 0x89, 0x45, 0x0e, 0xa8, 0x35, 0x45, 0x0b, 0x7f, 0x34, 0x07, 0xe7, 0x8e, 0xea, 0x21, + 0x72, 0x1f, 0x4e, 0xe0, 0x5b, 0x7f, 0xe8, 0xab, 0x4e, 0x76, 0x1a, 0x6e, 0x63, 0x8f, 0x8a, 0x39, + 0x69, 0x65, 0x76, 0x75, 0xb7, 0x5b, 0xaf, 0x6f, 0x68, 0xbd, 0xdc, 0xed, 0xd6, 0x43, 0x5f, 0xfe, + 0x5e, 0x66, 0xe4, 0xe2, 0x1b, 0x9a, 0xf0, 0xfc, 0x00, 0x4a, 0x6d, 0x7d, 0xe7, 0xf4, 0xf5, 0x7d, + 0x11, 0x4a, 0x3b, 0xb4, 0xc9, 0x64, 0x39, 0xda, 0xc4, 0x4f, 0x7b, 0xb8, 0xc8, 0x93, 0x4a, 0xda, + 0x33, 0x0a, 0x5e, 0x0f, 0xfd, 0x7b, 0x8b, 0xa2, 0x96, 0xb6, 0xdc, 0xaa, 0x75, 0x59, 0x93, 0x5c, + 0x86, 0xf9, 0x44, 0x50, 0x84, 0xd8, 0xcb, 0xd6, 0x9e, 0x63, 0x45, 0x66, 0x08, 0x9d, 0x17, 0x61, + 0x4a, 0x8e, 0x79, 0xa0, 0x7c, 0x75, 0xec, 0x49, 0x01, 0x63, 0x6b, 0x4a, 0x54, 0xd7, 0x93, 0x8d, + 0xca, 0x14, 0x53, 0x87, 0x90, 0x01, 0xc9, 0x1b, 0x40, 0x94, 0xbc, 0xa9, 0xb6, 0x01, 0x51, 0xe1, + 0x9c, 0x2c, 0x51, 0xeb, 0x57, 0x54, 0xfb, 0x77, 0xf2, 0x52, 0x64, 0x5c, 0xf2, 0xfd, 0x28, 0x8c, + 0x02, 0xb7, 0x6b, 0xdc, 0x3b, 0x49, 0x1b, 0x4e, 0xf9, 0x6e, 0x2f, 0xda, 0x5b, 0x74, 0xd8, 0xbf, + 0x7e, 0x20, 0xfd, 0x75, 0x1b, 0xd2, 0xe8, 0x70, 0x72, 0xf1, 0x8a, 0x79, 0x74, 0x54, 0x18, 0x76, + 0x45, 0x47, 0x66, 0x12, 0x8e, 0xc6, 0x75, 0xf5, 0x39, 0xfb, 0x24, 0xe7, 0x99, 0xc2, 0x22, 0xab, + 0x30, 0xb5, 0x4d, 0xdd, 0x80, 0x06, 0x4e, 0x9c, 0x34, 0x3f, 0x79, 0xf1, 0x5c, 0x42, 0x04, 0xb4, + 0xbf, 0x35, 0xb9, 0x4e, 0x6e, 0xc7, 0x25, 0xe4, 0x3d, 0x98, 0xf0, 0x9a, 0x22, 0xd4, 0xa0, 0xb8, + 0x7e, 0x9a, 0x57, 0x9e, 0x5a, 0x93, 0x47, 0x1e, 0x8c, 0x79, 0xb0, 0xbb, 0xab, 0x27, 0xa0, 0x4b, + 0xd3, 0xc6, 0x0d, 0xdd, 0x5a, 0x92, 0xd2, 0x49, 0x9a, 0x2c, 0x95, 0xf2, 0xff, 0x04, 0x8c, 0x85, + 0x5a, 0xec, 0x43, 0x5b, 0xfc, 0xb2, 0xfe, 0x1c, 0x5c, 0x1c, 0xb6, 0x8f, 0xd8, 0x68, 0xf6, 0xe9, + 0xf0, 0x09, 0x7b, 0xce, 0x4d, 0xf5, 0xdb, 0x8b, 0xa0, 0x07, 0x6f, 0xf3, 0xe4, 0x3c, 0x93, 0xb0, + 0xbb, 0x81, 0x67, 0xfd, 0x58, 0x01, 0x66, 0x4c, 0x9d, 0x04, 0x79, 0x0d, 0x46, 0x14, 0xdb, 0x19, + 0xa5, 0x3b, 0xd7, 0x91, 0x18, 0x73, 0x1b, 0x91, 0xd8, 0x01, 0x89, 0x4f, 0x6d, 0x4e, 0x5b, 0x57, + 0x6f, 0xdb, 0x53, 0x08, 0x94, 0x6a, 0xed, 0x5b, 0xc0, 0x53, 0x27, 0xe3, 0x86, 0x1d, 0x79, 0x6d, + 0x3a, 0x84, 0x76, 0xbb, 0xf8, 0xbd, 0xc3, 0xf2, 0x73, 0xa8, 0x97, 0x9c, 0x62, 0xb4, 0x6c, 0xcf, + 0x64, 0x85, 0xda, 0x95, 0x73, 0xa4, 0xff, 0x95, 0x53, 0x34, 0xa5, 0xcf, 0x95, 0x73, 0x74, 0xc0, + 0x95, 0x33, 0xa6, 0xd4, 0xaf, 0x9c, 0xa8, 0x78, 0x18, 0xef, 0xa7, 0x78, 0x88, 0x69, 0xb8, 0xe2, + 0xe1, 0x25, 0xd1, 0xdc, 0xc0, 0xdd, 0x77, 0xb0, 0x1f, 0xb8, 0x51, 0x20, 0x6f, 0x88, 0xed, 0xee, + 0xe3, 0xa3, 0xe4, 0xd2, 0x04, 0xc8, 0x97, 0x4c, 0xeb, 0xaf, 0xe7, 0x12, 0x97, 0x3c, 0x39, 0x14, + 0x2f, 0xc3, 0x8c, 0xd7, 0x66, 0xd2, 0x27, 0x6d, 0x6a, 0x52, 0xd3, 0xb4, 0x3d, 0x2d, 0xa1, 0x5c, + 0x72, 0x7a, 0x05, 0x66, 0x15, 0x1a, 0xf7, 0x1e, 0xe7, 0x1e, 0x0e, 0xb6, 0xa2, 0x16, 0xde, 0xe3, + 0xaf, 0xc1, 0x9c, 0x42, 0x14, 0x82, 0x3a, 0x17, 0x9c, 0xa6, 0xed, 0x92, 0x2c, 0x10, 0x49, 0x40, + 0x43, 0x6b, 0x37, 0x79, 0xf4, 0x7e, 0x46, 0x5f, 0x65, 0xfd, 0x56, 0xc1, 0x10, 0x80, 0x65, 0x35, + 0x4b, 0x30, 0xc9, 0x76, 0x64, 0xd1, 0x49, 0x62, 0x5b, 0x79, 0xb1, 0x4f, 0xf7, 0x8b, 0xb7, 0xe0, + 0x7a, 0x7d, 0xc3, 0x86, 0x30, 0xf4, 0xe5, 0xd3, 0xb0, 0xc3, 0x0f, 0x1d, 0x2e, 0xc3, 0xe1, 0xf4, + 0x93, 0xec, 0xf8, 0x1e, 0xf2, 0xea, 0x60, 0x76, 0x95, 0x6e, 0x17, 0xbf, 0x91, 0xcd, 0x3e, 0x3c, + 0x7c, 0xd4, 0x2f, 0x59, 0xc1, 0x5d, 0xc0, 0xfb, 0x62, 0x68, 0x32, 0x2f, 0x64, 0x08, 0x0f, 0x29, + 0xe6, 0xd8, 0x4b, 0xc8, 0xb9, 0xd4, 0x93, 0x7f, 0x4a, 0xb6, 0x2b, 0x30, 0x15, 0x36, 0xbc, 0xb6, + 0x62, 0x38, 0x92, 0xa1, 0xba, 0x48, 0x37, 0x7e, 0xb9, 0x76, 0xc7, 0x9e, 0x64, 0x74, 0x92, 0xcd, + 0x1e, 0x9c, 0xd2, 0x65, 0x64, 0xf3, 0x23, 0x47, 0x65, 0x54, 0xbe, 0x81, 0x3d, 0x10, 0x8b, 0xd2, + 0xf8, 0xa9, 0x27, 0x5c, 0x13, 0x20, 0xd0, 0xac, 0x3d, 0x38, 0xdd, 0x7f, 0x48, 0xd8, 0xb5, 0x8b, + 0xea, 0xfe, 0xe5, 0xb6, 0xfc, 0xa9, 0x9d, 0xcb, 0x79, 0xfd, 0x5c, 0xd6, 0x25, 0xe6, 0x82, 0x21, + 0x31, 0x5b, 0x7f, 0xab, 0x00, 0xe7, 0x87, 0x18, 0xae, 0x01, 0x75, 0x7e, 0x00, 0x93, 0x5c, 0xe1, + 0xca, 0xb7, 0xcf, 0xbc, 0x21, 0x1a, 0x31, 0xa6, 0x62, 0xaf, 0x63, 0x62, 0x5a, 0xbc, 0xdf, 0x41, + 0xa8, 0xfe, 0x26, 0xdf, 0x84, 0x59, 0xbe, 0xa1, 0x71, 0x73, 0x8e, 0x9d, 0x5e, 0x6b, 0x88, 0x1d, + 0xed, 0x79, 0x69, 0x7b, 0x9e, 0x20, 0xc5, 0x4d, 0x0e, 0x77, 0x8c, 0xba, 0x82, 0x91, 0x2d, 0x98, + 0x44, 0xb4, 0x1d, 0xd7, 0x6b, 0x0d, 0x65, 0x04, 0x2d, 0x2d, 0xdb, 0x75, 0x32, 0x6e, 0x85, 0xc6, + 0x00, 0x37, 0xf0, 0x37, 0xbb, 0xe4, 0x76, 0x7a, 0x6d, 0xc7, 0xed, 0x76, 0xf9, 0x5c, 0x10, 0xaf, + 0x66, 0xa3, 0xf6, 0x74, 0xa7, 0xd7, 0xae, 0x74, 0xbb, 0x38, 0xa4, 0xf8, 0xbc, 0x36, 0xc7, 0xf0, + 0xf8, 0xaa, 0x95, 0x98, 0x63, 0x88, 0xc9, 0x18, 0xf0, 0x75, 0x2b, 0x70, 0x8f, 0x01, 0x37, 0xb6, + 0xe0, 0xcf, 0x05, 0x36, 0xff, 0x61, 0xfd, 0x8b, 0xbc, 0x14, 0x09, 0xfb, 0xcf, 0xfb, 0x3f, 0x1b, + 0xa2, 0x8c, 0x21, 0xba, 0x08, 0x25, 0xd6, 0xf5, 0xf1, 0xa6, 0xa2, 0xc6, 0x68, 0xa6, 0xd3, 0x6b, + 0xab, 0xbe, 0xd3, 0x3b, 0x7e, 0x4c, 0xef, 0xf8, 0x2f, 0x48, 0x91, 0x31, 0x73, 0x7b, 0xe8, 0xdf, + 0xe5, 0xd6, 0xff, 0x5e, 0x80, 0x0b, 0xc3, 0x6d, 0x02, 0x7f, 0x36, 0x6e, 0x19, 0xe3, 0x96, 0x50, + 0x02, 0x8c, 0xa6, 0x94, 0x00, 0x19, 0x6b, 0x6f, 0x2c, 0x6b, 0xed, 0xa5, 0x54, 0x0e, 0xe3, 0x19, + 0x2a, 0x87, 0xcc, 0x05, 0x5a, 0x3c, 0x62, 0x81, 0x4e, 0xe8, 0xf3, 0xe4, 0x7f, 0xcd, 0xc3, 0x7c, + 0xc6, 0x93, 0x12, 0xf9, 0x2a, 0xcc, 0x4b, 0xd1, 0x9e, 0x9f, 0x1c, 0x5c, 0xe4, 0xe6, 0xa7, 0xef, + 0xa5, 0x2c, 0xa1, 0x1e, 0xd1, 0x32, 0x04, 0xef, 0x39, 0x21, 0xce, 0xc7, 0xe5, 0x7f, 0x7a, 0x04, + 0x79, 0xf2, 0x21, 0x9c, 0xc0, 0xb0, 0xb1, 0x0d, 0x47, 0xbf, 0x2c, 0x07, 0x74, 0x47, 0xcc, 0x87, + 0x17, 0x53, 0x62, 0xaf, 0xd7, 0xd0, 0x3e, 0xe7, 0xff, 0xa3, 0xee, 0x6a, 0x7e, 0x1c, 0x39, 0xae, + 0xfb, 0x34, 0xc9, 0x99, 0x9d, 0x79, 0x9c, 0x8f, 0x9e, 0xd2, 0x68, 0x77, 0xb4, 0x3b, 0x3b, 0xab, + 0xf4, 0xae, 0xd7, 0x5a, 0xca, 0x92, 0xbd, 0xda, 0xc8, 0xd2, 0x2a, 0x51, 0xe4, 0x1e, 0xb2, 0x39, + 0x6c, 0x0d, 0xd9, 0xa4, 0xba, 0x9b, 0x33, 0x5e, 0xc9, 0x76, 0x83, 0x1a, 0xf6, 0xcc, 0x30, 0xe6, + 0x34, 0x69, 0xb2, 0x29, 0x79, 0x75, 0x49, 0x82, 0x00, 0x0e, 0x90, 0xc4, 0xf9, 0x30, 0x72, 0x30, + 0x92, 0x00, 0x41, 0x00, 0x1d, 0x72, 0xc8, 0x31, 0xb7, 0xfc, 0x03, 0x06, 0x0c, 0x03, 0x3e, 0xe4, + 0x94, 0x00, 0x42, 0x22, 0x20, 0x39, 0xe4, 0x1a, 0x24, 0x07, 0x9f, 0x82, 0x7a, 0x55, 0xd5, 0x5d, + 0xdd, 0x4d, 0x72, 0x67, 0x76, 0xe5, 0x04, 0x3e, 0xcd, 0xb0, 0xea, 0xbd, 0xea, 0xfa, 0xae, 0x7a, + 0xf5, 0xde, 0xfb, 0x3d, 0xdb, 0x3f, 0xa9, 0x2d, 0xd8, 0x5b, 0xe3, 0x29, 0xe9, 0x69, 0x19, 0xe1, + 0xef, 0x15, 0xd0, 0x9e, 0xdc, 0x5f, 0x28, 0xcb, 0xa5, 0x3b, 0x9c, 0xca, 0x72, 0x52, 0xef, 0xdd, + 0x86, 0xb5, 0x91, 0x7f, 0x32, 0xf2, 0xc7, 0x67, 0x52, 0xf7, 0xad, 0xd8, 0xab, 0x3c, 0x51, 0x74, + 0x8c, 0x00, 0x8b, 0xba, 0xd4, 0x25, 0x5b, 0x30, 0x69, 0xd5, 0x48, 0xf4, 0x9b, 0x3a, 0x0e, 0x74, + 0x36, 0xc9, 0x15, 0x64, 0x3f, 0xde, 0x2d, 0x2c, 0xe7, 0xd4, 0xbc, 0xcd, 0x21, 0xad, 0x4e, 0x7a, + 0x7d, 0x5f, 0xfb, 0x07, 0x45, 0xdc, 0x08, 0xa6, 0x75, 0x1e, 0xf9, 0x40, 0x32, 0x82, 0xca, 0x67, + 0xae, 0x21, 0xd3, 0x58, 0x64, 0x7b, 0x11, 0x8e, 0xb2, 0x84, 0x09, 0x09, 0x94, 0x25, 0x4c, 0x79, + 0x16, 0x4b, 0x8e, 0x87, 0x42, 0x87, 0x4a, 0x77, 0xbb, 0xc3, 0xfb, 0xe4, 0x1e, 0x5c, 0x61, 0x6a, + 0x53, 0x51, 0xd1, 0x8d, 0x44, 0x45, 0x0f, 0xef, 0xdb, 0x22, 0x5f, 0xfb, 0x71, 0xf4, 0xce, 0x93, + 0xa9, 0xfe, 0xe1, 0x7d, 0xf2, 0xc6, 0xc5, 0xcc, 0x99, 0x96, 0x85, 0x39, 0x53, 0x64, 0xca, 0xf4, + 0x66, 0xc2, 0x94, 0xe9, 0xce, 0xfc, 0x7e, 0xe2, 0x4f, 0xcc, 0xe9, 0x68, 0xde, 0xff, 0xa3, 0xc0, + 0xcd, 0xb9, 0x1c, 0x64, 0x07, 0x96, 0xf5, 0x96, 0xe9, 0xc6, 0x23, 0x4b, 0x57, 0x8b, 0x48, 0x21, + 0xfb, 0xb0, 0xb2, 0xd7, 0x19, 0xf7, 0x8e, 0xe9, 0x04, 0x9e, 0xfa, 0x32, 0x96, 0x29, 0x36, 0x22, + 0xaf, 0x2d, 0xd8, 0x31, 0x2f, 0xf1, 0x60, 0x13, 0x57, 0x41, 0x26, 0x5a, 0x6e, 0xfa, 0xc1, 0x20, + 0x53, 0x60, 0x86, 0x8d, 0xee, 0x30, 0x99, 0xc4, 0xf4, 0xe2, 0xfb, 0x48, 0xdc, 0x42, 0x66, 0x57, + 0xf0, 0x12, 0xc0, 0x68, 0x2f, 0xc1, 0x72, 0x4b, 0x28, 0x7f, 0x24, 0xfb, 0x3f, 0xa1, 0xe8, 0xb1, + 0xa3, 0x5c, 0xed, 0x8f, 0x15, 0x21, 0xd5, 0x3f, 0xb9, 0x21, 0x52, 0x18, 0x85, 0xee, 0xfc, 0x30, + 0x0a, 0xdd, 0xa7, 0x0c, 0xa3, 0xa0, 0xfd, 0x1d, 0x87, 0x2d, 0x35, 0xbb, 0xad, 0x54, 0x64, 0xaf, + 0x67, 0xb5, 0xe3, 0x34, 0x12, 0xb3, 0xf3, 0xb6, 0x14, 0xda, 0x25, 0xfb, 0xad, 0xd9, 0xe6, 0x9c, + 0xd2, 0x54, 0xfd, 0x8f, 0x1c, 0xec, 0xcc, 0x63, 0x9f, 0x1a, 0x84, 0x4c, 0xb9, 0x5c, 0x10, 0xb2, + 0x7b, 0xb0, 0xcc, 0xd2, 0x92, 0x91, 0x9d, 0x39, 0x2b, 0xed, 0x70, 0x91, 0x4d, 0x6e, 0xc3, 0x92, + 0x5e, 0x76, 0xe2, 0xd8, 0x13, 0x68, 0x4d, 0xd4, 0x39, 0x1e, 0xa3, 0x9d, 0x0a, 0xcf, 0x22, 0xdf, + 0xc9, 0x86, 0x5b, 0xe1, 0x41, 0x27, 0x6e, 0x48, 0x1d, 0x92, 0x41, 0x14, 0xc6, 0xfa, 0xc6, 0x08, + 0xb8, 0x1c, 0x54, 0xd2, 0xce, 0x86, 0x6e, 0xd1, 0x60, 0xa9, 0x35, 0xf2, 0xc7, 0x7e, 0x28, 0x5b, + 0xfa, 0x0c, 0x31, 0xc5, 0xe6, 0x39, 0xdc, 0x0e, 0xa7, 0xf3, 0x98, 0xb9, 0x5d, 0x2e, 0xc9, 0xae, + 0xf0, 0x68, 0xb8, 0x43, 0x93, 0x6d, 0x89, 0x44, 0xfb, 0x03, 0x05, 0xb6, 0xa6, 0x55, 0x8b, 0xec, + 0x40, 0x21, 0x98, 0x1a, 0x28, 0x26, 0x60, 0xce, 0x5f, 0x45, 0x8c, 0xaa, 0x7b, 0x32, 0x18, 0x9d, + 0x77, 0x42, 0xd9, 0xbc, 0x49, 0x4a, 0xb6, 0x81, 0xfe, 0xa8, 0xe2, 0xff, 0xe4, 0x96, 0xd8, 0x6c, + 0xf3, 0x99, 0xd0, 0x32, 0xf8, 0x47, 0xd3, 0x01, 0xcc, 0x6e, 0xab, 0x39, 0x64, 0x00, 0xb5, 0x0f, + 0xa0, 0x40, 0xab, 0x95, 0x9a, 0x8c, 0x74, 0x3a, 0xe8, 0x8d, 0x3a, 0x27, 0x62, 0xb5, 0x1a, 0x77, + 0xce, 0xfb, 0x36, 0x12, 0x6b, 0x47, 0xb0, 0x9e, 0xa4, 0x20, 0x46, 0x12, 0xd2, 0xac, 0xf8, 0x9a, + 0xca, 0x4b, 0xda, 0x1b, 0x0c, 0x98, 0x89, 0xed, 0xde, 0x0b, 0xff, 0xfc, 0xd9, 0x2d, 0xa0, 0x3f, + 0x19, 0xcf, 0x34, 0xc8, 0x33, 0xed, 0x4f, 0x73, 0xb0, 0x15, 0x7b, 0xf5, 0x89, 0x25, 0xf1, 0x2b, + 0xeb, 0x62, 0xa2, 0x27, 0x5c, 0x20, 0xc4, 0x8d, 0x29, 0xdb, 0xc0, 0x39, 0x96, 0xd7, 0xfb, 0xb0, + 0x3d, 0x8b, 0x9e, 0xbc, 0x9c, 0x89, 0x7a, 0xcf, 0x21, 0x2f, 0xa2, 0xf0, 0xf8, 0x52, 0x10, 0xfc, + 0x9f, 0x29, 0x70, 0x9d, 0x1b, 0x86, 0x36, 0x3a, 0xbd, 0x00, 0x75, 0x0a, 0xc7, 0xfe, 0x17, 0xe3, + 0x22, 0xb5, 0x9f, 0xd8, 0x96, 0xbe, 0x94, 0xb4, 0xff, 0xcd, 0x7c, 0x6d, 0x76, 0x6b, 0xc9, 0x3d, + 0x04, 0x37, 0xe1, 0x0a, 0x94, 0x02, 0x73, 0x49, 0x0d, 0x68, 0x82, 0xec, 0x92, 0x8a, 0x14, 0xda, + 0xef, 0xc0, 0xee, 0xfc, 0x0f, 0x90, 0x6f, 0xc3, 0x1a, 0x06, 0x04, 0x68, 0x0f, 0x4f, 0x47, 0x9d, + 0xae, 0x2f, 0xde, 0xb4, 0xc4, 0x93, 0xa2, 0x9c, 0xc7, 0x00, 0x5d, 0xb8, 0x8b, 0xe4, 0x29, 0x86, + 0x1a, 0xe0, 0x4c, 0x09, 0xeb, 0x6b, 0xb9, 0x34, 0xed, 0x77, 0x15, 0x20, 0xd9, 0x32, 0xc8, 0xd7, + 0x61, 0xb5, 0xed, 0x96, 0x9d, 0xb0, 0x33, 0x0a, 0x6b, 0x83, 0xc9, 0x88, 0x03, 0xa5, 0x30, 0x8f, + 0xb9, 0xf0, 0x98, 0xee, 0x0c, 0xa3, 0xd0, 0x3b, 0x1b, 0x4c, 0x46, 0x76, 0x82, 0x0e, 0xa3, 0x0e, + 0xf8, 0xfe, 0x77, 0xbb, 0x9d, 0xc7, 0xc9, 0xa8, 0x03, 0x3c, 0x2d, 0x11, 0x75, 0x80, 0xa7, 0x69, + 0x9f, 0x2a, 0x70, 0x43, 0x58, 0x7c, 0x74, 0xa7, 0xd4, 0xa5, 0x8c, 0x7e, 0xe1, 0x23, 0x01, 0x14, + 0x37, 0xef, 0x6e, 0xba, 0x29, 0xa0, 0x13, 0xb0, 0x82, 0x78, 0x49, 0x65, 0xbc, 0xe4, 0x1b, 0x50, + 0x70, 0xc2, 0xc1, 0xf0, 0x02, 0xd8, 0x09, 0x6a, 0x34, 0xa2, 0xe1, 0x60, 0x88, 0x45, 0x20, 0xa7, + 0xe6, 0xc3, 0x96, 0x5c, 0x39, 0x51, 0x63, 0xd2, 0x80, 0x2b, 0x1c, 0x49, 0x27, 0xa5, 0x94, 0x9a, + 0xd3, 0xa6, 0xbd, 0x0d, 0x01, 0xd0, 0xc0, 0x81, 0xca, 0x6c, 0x51, 0x86, 0xf6, 0x27, 0x0a, 0x14, + 0xe9, 0xe5, 0x01, 0xc5, 0xb1, 0x67, 0x9d, 0xd2, 0xc9, 0x7b, 0xa0, 0xd0, 0xa0, 0x46, 0xc5, 0x5f, + 0xe8, 0x70, 0x7d, 0x1d, 0x36, 0x52, 0x0c, 0x44, 0x43, 0xd7, 0xdc, 0x7e, 0xef, 0xb8, 0xc3, 0x40, + 0xcc, 0x99, 0xf6, 0x31, 0x91, 0xa6, 0xfd, 0xa1, 0x02, 0x5b, 0x54, 0x78, 0x37, 0xf1, 0xdd, 0xd6, + 0x9e, 0xf4, 0xc5, 0x7a, 0xa7, 0x17, 0x22, 0x61, 0x3a, 0xc4, 0xdc, 0x06, 0xd9, 0x85, 0x88, 0xa7, + 0xd9, 0x51, 0x2e, 0xa9, 0xc1, 0x32, 0x3f, 0x5f, 0xc6, 0x1c, 0x5f, 0x6c, 0x57, 0x7a, 0x15, 0x88, + 0x0b, 0xe6, 0x44, 0xb4, 0x25, 0xb8, 0x85, 0x71, 0x1e, 0x3b, 0xe2, 0xd6, 0xfe, 0x4b, 0x81, 0x6b, + 0x33, 0x78, 0xc8, 0xdb, 0xb0, 0x88, 0x2e, 0x0d, 0x7c, 0xf4, 0x76, 0x66, 0x7c, 0x22, 0x3c, 0x3e, + 0x3b, 0xbc, 0xcf, 0x0e, 0xa2, 0x73, 0xfa, 0xc3, 0x66, 0x5c, 0xe4, 0x03, 0x58, 0xd1, 0xbb, 0x5d, + 0x2e, 0x97, 0xe4, 0x12, 0x72, 0xc9, 0x8c, 0x2f, 0xbe, 0x1a, 0xd1, 0x33, 0xb9, 0x84, 0x19, 0xd7, + 0x76, 0xbb, 0x1e, 0x77, 0xd7, 0x88, 0xcb, 0xbb, 0xfe, 0x9b, 0xb0, 0x9e, 0x24, 0xbe, 0x94, 0x5c, + 0xf2, 0x63, 0x05, 0xd4, 0x64, 0x1d, 0x7e, 0x39, 0xd0, 0x12, 0xd3, 0x86, 0xf9, 0x09, 0x93, 0xea, + 0xcf, 0x73, 0xf0, 0xfc, 0xd4, 0x1e, 0x26, 0xaf, 0xc0, 0x92, 0x3e, 0x1c, 0x9a, 0x15, 0x3e, 0xab, + 0xf8, 0x85, 0x07, 0x9f, 0x7b, 0x13, 0x62, 0x1b, 0x23, 0x22, 0x0f, 0x60, 0x19, 0x67, 0x26, 0x65, + 0xc8, 0xc5, 0x48, 0x5f, 0xec, 0x35, 0x24, 0x85, 0xf4, 0x25, 0x08, 0x49, 0x15, 0xd6, 0xb9, 0x97, + 0xb9, 0xed, 0x9f, 0xfa, 0xdf, 0x8f, 0x20, 0x67, 0x11, 0x15, 0x57, 0xbc, 0x21, 0x7b, 0x23, 0x96, + 0x27, 0xfb, 0x59, 0x27, 0xb9, 0x48, 0x1d, 0x54, 0x2c, 0x53, 0x2e, 0x89, 0xc1, 0x8d, 0xa1, 0xdf, + 0x3f, 0xab, 0xc4, 0x8c, 0xb2, 0x32, 0x9c, 0xd1, 0x70, 0xe9, 0xe3, 0x71, 0xef, 0x34, 0x38, 0xf7, + 0x83, 0xf0, 0x97, 0x37, 0x5c, 0xf1, 0x37, 0x2e, 0x34, 0x5c, 0x7f, 0x51, 0x60, 0x8b, 0x39, 0xcd, + 0x46, 0x6f, 0x34, 0x12, 0xc2, 0x24, 0xde, 0x68, 0x30, 0x6a, 0x28, 0xf3, 0xa3, 0xae, 0xc0, 0x15, + 0xe6, 0xdf, 0x2e, 0x56, 0xc6, 0xcd, 0xa9, 0x55, 0x60, 0x34, 0x87, 0xf7, 0xd9, 0xf5, 0x85, 0xf9, + 0x56, 0x8c, 0x6d, 0xc1, 0x4a, 0x0e, 0xa1, 0x58, 0xee, 0xfb, 0x9d, 0x60, 0x32, 0x74, 0x2f, 0xa6, + 0x06, 0xdc, 0xe6, 0x6d, 0x59, 0x3d, 0x66, 0x6c, 0xa8, 0x3e, 0xc4, 0x9d, 0x5c, 0x2e, 0x88, 0xb8, + 0x91, 0xb9, 0x75, 0x01, 0x9f, 0x1c, 0xbf, 0x36, 0xa7, 0x7f, 0xd2, 0x89, 0xc8, 0x97, 0xf4, 0x25, + 0xe0, 0xf6, 0xd8, 0x1e, 0xac, 0xd7, 0x3b, 0xe3, 0xd0, 0x1d, 0x75, 0x82, 0x31, 0xe2, 0x62, 0x5d, + 0x00, 0x37, 0x44, 0xc4, 0x17, 0x66, 0x4f, 0x91, 0x61, 0xc4, 0xca, 0x9e, 0x22, 0x93, 0xc5, 0xd1, + 0xfb, 0x52, 0xb5, 0x17, 0x74, 0xfa, 0xbd, 0x4f, 0x84, 0x57, 0x0a, 0xbb, 0x2f, 0x9d, 0x88, 0x44, + 0x3b, 0xce, 0xd7, 0xbe, 0x95, 0x19, 0x37, 0x56, 0xcb, 0x22, 0x5c, 0xe1, 0x3e, 0x8b, 0xcc, 0x87, + 0xaf, 0x65, 0x58, 0x15, 0xd3, 0xda, 0x57, 0x15, 0xb2, 0x0e, 0xd0, 0xb2, 0x9b, 0x65, 0xc3, 0x71, + 0xe8, 0xef, 0x1c, 0xfd, 0xcd, 0x1d, 0xfc, 0xaa, 0xed, 0xba, 0x9a, 0x97, 0x7c, 0xfc, 0x0a, 0xda, + 0x4f, 0x15, 0xb8, 0x3a, 0x7d, 0x28, 0x89, 0x0b, 0xe8, 0xe5, 0xc9, 0x15, 0xc2, 0x5f, 0x9f, 0x3b, + 0xee, 0x53, 0x93, 0xd3, 0xde, 0xa2, 0x21, 0xf3, 0x42, 0xcc, 0x09, 0xad, 0x4f, 0x1c, 0x19, 0xb7, + 0xd7, 0xd5, 0xca, 0xb0, 0x3d, 0xab, 0x8c, 0x64, 0x53, 0x37, 0xa0, 0xa8, 0xb7, 0x5a, 0x75, 0xb3, + 0xac, 0xbb, 0x66, 0xd3, 0x52, 0x15, 0xb2, 0x02, 0x8b, 0xfb, 0x76, 0xb3, 0xdd, 0x52, 0x73, 0xda, + 0x8f, 0x14, 0x58, 0x33, 0x83, 0xd0, 0x3f, 0x65, 0x56, 0xba, 0xcf, 0xba, 0xf8, 0xde, 0x4a, 0x2c, + 0xbe, 0xed, 0xc8, 0x1f, 0x3a, 0xfa, 0xc0, 0x85, 0x56, 0xde, 0x3f, 0x29, 0xb0, 0x99, 0xe1, 0x21, + 0x0e, 0x5c, 0xd1, 0x8f, 0x9c, 0xa6, 0x59, 0x29, 0xf3, 0x9a, 0x89, 0x5b, 0x39, 0x4f, 0xcd, 0x7e, + 0x85, 0xf9, 0x10, 0x7d, 0x3c, 0xf6, 0x06, 0xbd, 0xae, 0x14, 0x8f, 0xab, 0xb6, 0x60, 0x8b, 0x92, + 0xf0, 0x24, 0xfb, 0x64, 0x32, 0xf2, 0xb1, 0xd8, 0x5c, 0xe2, 0x45, 0x33, 0x4a, 0xcf, 0x16, 0x8c, + 0x46, 0xa9, 0x1d, 0x9a, 0x9f, 0x2d, 0x3a, 0x2e, 0x6f, 0x6f, 0x0d, 0x8a, 0x5c, 0x6a, 0x41, 0x81, + 0xe0, 0x87, 0x0a, 0x6c, 0xcf, 0xaa, 0x2b, 0x15, 0x84, 0x92, 0x0e, 0x85, 0x57, 0x23, 0x44, 0xe5, + 0xa4, 0x27, 0xa1, 0x20, 0x23, 0xef, 0x40, 0x91, 0x85, 0x1b, 0x77, 0x1e, 0xb4, 0x6d, 0x93, 0x4f, + 0x90, 0x9b, 0xff, 0xf9, 0xd9, 0xad, 0x6b, 0x2c, 0x38, 0xb9, 0x37, 0x7e, 0xe0, 0x4d, 0x46, 0xbd, + 0x04, 0xfa, 0xac, 0xcc, 0xa1, 0xfd, 0x40, 0x81, 0xeb, 0xb3, 0x1b, 0x49, 0x4f, 0x19, 0x97, 0x99, + 0x2f, 0x09, 0x17, 0x26, 0x3c, 0x65, 0x22, 0x1b, 0x27, 0xf9, 0x94, 0x11, 0x84, 0x94, 0x29, 0x8a, + 0x74, 0x99, 0xcb, 0x04, 0xb8, 0x4b, 0x32, 0x09, 0x42, 0xed, 0xaf, 0x72, 0x70, 0x95, 0x4e, 0xa0, + 0xbe, 0x3f, 0x1e, 0xeb, 0x93, 0xf0, 0xcc, 0x0f, 0x42, 0x7e, 0xa5, 0x22, 0x6f, 0xc0, 0xd2, 0xd9, + 0xe5, 0x5e, 0x03, 0x19, 0x39, 0x21, 0x80, 0x9b, 0xb2, 0x30, 0x6a, 0xa5, 0xff, 0x93, 0x9b, 0x20, + 0x05, 0x14, 0xc4, 0x3d, 0x75, 0xd5, 0x5e, 0x19, 0x46, 0x61, 0x05, 0xdf, 0x84, 0x45, 0x94, 0xfe, + 0xf9, 0xd6, 0x28, 0xae, 0xb4, 0xd3, 0x6b, 0x86, 0x6f, 0x03, 0x36, 0x63, 0x20, 0x5f, 0x05, 0x88, + 0x91, 0x7b, 0xf9, 0xde, 0x27, 0xc4, 0xe8, 0x08, 0xbc, 0xd7, 0x5e, 0x39, 0x3f, 0xe9, 0x70, 0x38, + 0xdc, 0x12, 0x6c, 0x8a, 0x2e, 0x19, 0x0a, 0x98, 0x20, 0xae, 0x9e, 0xda, 0x60, 0x19, 0xe6, 0x90, + 0x43, 0x05, 0x69, 0xff, 0x9e, 0x83, 0x95, 0x23, 0x7a, 0x51, 0x40, 0xf1, 0x77, 0xbe, 0x38, 0xfd, + 0x1a, 0x14, 0xeb, 0x83, 0x0e, 0x7f, 0xbb, 0x1f, 0x73, 0xa4, 0x32, 0x74, 0x4c, 0xea, 0x0f, 0x3a, + 0x42, 0x0d, 0x30, 0xb6, 0x65, 0xa2, 0x27, 0x38, 0x55, 0xbd, 0x0b, 0x4b, 0x4c, 0x97, 0xc2, 0x1f, + 0x6a, 0xc4, 0x55, 0x31, 0xaa, 0xd1, 0xab, 0x2c, 0x5b, 0x7a, 0x6e, 0x66, 0xfa, 0x18, 0xf9, 0xde, + 0xc2, 0x81, 0xca, 0x24, 0x61, 0x7f, 0xf1, 0x62, 0xc2, 0xbe, 0x04, 0xc8, 0xb2, 0x74, 0x11, 0x40, + 0x96, 0xeb, 0x0f, 0xa1, 0x28, 0xd5, 0xe7, 0x52, 0x37, 0xc7, 0xdf, 0xcb, 0xc1, 0x1a, 0xb6, 0x2a, + 0x32, 0xac, 0xf8, 0xd5, 0x7c, 0xba, 0x78, 0x2b, 0xf1, 0x74, 0xb1, 0x2d, 0x8f, 0x17, 0x6b, 0xd9, + 0x9c, 0x37, 0x8b, 0x77, 0x61, 0x33, 0x43, 0x48, 0x5e, 0x87, 0x45, 0x5a, 0x7d, 0x21, 0xea, 0xa9, + 0xe9, 0x19, 0x10, 0x83, 0xf7, 0xd1, 0x86, 0x8f, 0x6d, 0x46, 0xad, 0xfd, 0xb7, 0x02, 0xab, 0x1c, + 0xca, 0x39, 0x38, 0x19, 0x3c, 0xb1, 0x3b, 0xef, 0xa6, 0xbb, 0x93, 0xb9, 0x08, 0xf3, 0xee, 0xfc, + 0xbf, 0xee, 0xc4, 0x87, 0x89, 0x4e, 0xbc, 0x16, 0x41, 0xf9, 0x88, 0xe6, 0xcc, 0xe9, 0xc3, 0x7f, + 0x44, 0x70, 0xbb, 0x24, 0x21, 0xf9, 0x0e, 0xac, 0x58, 0xfe, 0xc7, 0x09, 0x89, 0xe9, 0xee, 0x8c, + 0x42, 0x5f, 0x8d, 0x08, 0xd9, 0x9a, 0xc2, 0xc3, 0x26, 0xf0, 0x3f, 0xf6, 0x32, 0x6a, 0x9c, 0xb8, + 0x48, 0x2a, 0x34, 0x25, 0xd9, 0x2e, 0x33, 0xf5, 0xb9, 0x23, 0x09, 0x7a, 0xbd, 0xff, 0x6d, 0x01, + 0x20, 0xb6, 0xc1, 0xa7, 0x0b, 0x30, 0xa1, 0xc1, 0x16, 0x6f, 0xc7, 0x98, 0x24, 0xcf, 0x71, 0xa1, + 0xd8, 0xbe, 0xcb, 0x1f, 0x45, 0x73, 0xb3, 0xa1, 0x96, 0xf0, 0x79, 0xb4, 0xcc, 0x6d, 0xdc, 0xbb, + 0x7e, 0xbf, 0xc3, 0xf6, 0xe2, 0xfc, 0xde, 0x1d, 0x44, 0xd6, 0x8b, 0x52, 0x67, 0xc4, 0xe4, 0x43, + 0x4b, 0xf8, 0x0a, 0x25, 0xc8, 0xf8, 0xb5, 0x14, 0x9e, 0xde, 0xaf, 0x65, 0xf1, 0x29, 0xfc, 0x5a, + 0x96, 0x2e, 0xe8, 0xd7, 0xd2, 0x82, 0x95, 0x5e, 0xf0, 0x91, 0x1f, 0x84, 0x83, 0xd1, 0x63, 0xd4, + 0x52, 0xc7, 0x4f, 0x59, 0xb4, 0xab, 0x4d, 0x91, 0xc7, 0xc6, 0x1b, 0x0f, 0xcc, 0x88, 0x5e, 0x1e, + 0xee, 0x28, 0x91, 0xfc, 0x3a, 0xc4, 0x5a, 0x0f, 0x8e, 0xbf, 0x3e, 0xfb, 0x9c, 0x3d, 0x16, 0x4a, + 0x91, 0x6f, 0x40, 0x52, 0xf9, 0xc1, 0xbd, 0x4a, 0x59, 0xfc, 0x58, 0x39, 0x43, 0x46, 0x17, 0x3b, + 0x96, 0xf4, 0x23, 0xdc, 0xec, 0xf5, 0x17, 0x39, 0x20, 0xd9, 0x8a, 0x93, 0xb7, 0xa0, 0xc8, 0xb6, + 0x7e, 0x6f, 0x34, 0xfe, 0x1e, 0x77, 0xc6, 0x60, 0xa8, 0x06, 0x52, 0xb2, 0x8c, 0x6a, 0xc0, 0x92, + 0xed, 0xf1, 0xf7, 0xfa, 0xe4, 0xdb, 0xf0, 0x1c, 0x0e, 0xfc, 0xd0, 0x1f, 0xf5, 0x06, 0x5d, 0x0f, + 0x21, 0xe8, 0x3a, 0x7d, 0x1e, 0xd9, 0xe7, 0x15, 0x0c, 0x41, 0x97, 0xcd, 0x9e, 0x31, 0x41, 0xd0, + 0xe7, 0xa1, 0x85, 0x94, 0x2d, 0x46, 0x48, 0x5c, 0x50, 0x65, 0xfe, 0x93, 0x49, 0xbf, 0xcf, 0xe7, + 0x5c, 0x89, 0x8a, 0xbf, 0xe9, 0xbc, 0x19, 0x05, 0xaf, 0xc7, 0x05, 0x57, 0x27, 0xfd, 0x3e, 0x79, + 0x03, 0x60, 0x10, 0x78, 0xe7, 0xbd, 0xf1, 0x98, 0x29, 0x32, 0x22, 0x7f, 0xa5, 0x38, 0x55, 0x1e, + 0xbe, 0x41, 0xd0, 0x60, 0x89, 0x74, 0xf8, 0x86, 0x9d, 0x53, 0x1f, 0xbd, 0x84, 0x99, 0xd1, 0x0a, + 0xc7, 0xea, 0x16, 0x89, 0xc9, 0x69, 0x74, 0xea, 0x3b, 0xbd, 0x4f, 0x84, 0xa9, 0xf3, 0xfb, 0xb0, + 0xc9, 0xcd, 0x45, 0x8f, 0x7a, 0xe1, 0x19, 0xbf, 0x77, 0x3f, 0xcb, 0xa5, 0x5d, 0xba, 0x78, 0xff, + 0x4b, 0x01, 0x40, 0x3f, 0x72, 0x04, 0x00, 0xc7, 0x3d, 0x58, 0xa4, 0xd2, 0x84, 0x78, 0x95, 0xc0, + 0x37, 0x5d, 0x2c, 0x57, 0x7e, 0xd3, 0x45, 0x0a, 0xba, 0x4f, 0xd8, 0xfe, 0x29, 0x3e, 0x8c, 0xe5, + 0xe2, 0x27, 0x8c, 0x11, 0x4b, 0x4a, 0xdc, 0x5e, 0x59, 0x12, 0xa9, 0x03, 0xc4, 0x90, 0x18, 0x5c, + 0xbe, 0xdd, 0x8c, 0x7d, 0xcb, 0x79, 0x06, 0x07, 0x61, 0x8e, 0x61, 0x35, 0xe4, 0xe9, 0x13, 0x93, + 0x91, 0x03, 0x28, 0xb8, 0x9d, 0xc8, 0x1b, 0x67, 0x06, 0x50, 0xc8, 0x8b, 0x3c, 0xf2, 0x52, 0x0c, + 0x16, 0xb2, 0x1e, 0x76, 0x12, 0x01, 0xea, 0xb0, 0x10, 0x62, 0xc0, 0x12, 0x8f, 0xaa, 0x39, 0x03, + 0x60, 0x8a, 0x07, 0xd5, 0xe4, 0xb0, 0x92, 0x98, 0x28, 0xdf, 0x76, 0x78, 0xfc, 0xcc, 0xd7, 0x20, + 0xef, 0x38, 0x0d, 0xee, 0x1e, 0xbb, 0x16, 0xcb, 0x2a, 0x8e, 0xd3, 0x10, 0x41, 0x88, 0xcf, 0x25, + 0x36, 0x4a, 0x4c, 0x7e, 0x03, 0x8a, 0xd2, 0x45, 0x9c, 0x3b, 0x96, 0x63, 0x1f, 0xf4, 0xe2, 0x64, + 0x79, 0x3b, 0x93, 0xa8, 0x49, 0x1d, 0xd4, 0x83, 0xc9, 0x87, 0xbe, 0x3e, 0x1c, 0xa2, 0xbb, 0xc8, + 0x47, 0xfe, 0x88, 0x01, 0x44, 0x2f, 0xc7, 0x88, 0x8c, 0x5e, 0x67, 0x38, 0xf4, 0xba, 0x22, 0x57, + 0x7e, 0x99, 0x49, 0x73, 0x92, 0x16, 0x6c, 0x3a, 0x7e, 0x38, 0x19, 0x32, 0x33, 0x8c, 0xea, 0x60, + 0x44, 0x45, 0x13, 0xb6, 0x61, 0x20, 0x78, 0xdd, 0x98, 0x66, 0x0a, 0xdb, 0x97, 0x93, 0xc1, 0x28, + 0x25, 0xa6, 0x64, 0x99, 0x35, 0x5f, 0x1e, 0x72, 0x7a, 0xde, 0x27, 0x05, 0x1e, 0x3c, 0xef, 0x85, + 0xc0, 0x13, 0x8b, 0x39, 0x5f, 0x9d, 0x02, 0x95, 0x82, 0x6a, 0x34, 0x09, 0x2a, 0x25, 0x01, 0x90, + 0xf2, 0x69, 0x41, 0x42, 0xeb, 0xe2, 0x63, 0xf1, 0x36, 0xc0, 0xbb, 0x83, 0x5e, 0xd0, 0xf0, 0xc3, + 0xb3, 0x41, 0x57, 0x42, 0x6c, 0x29, 0xfe, 0xf6, 0xa0, 0x17, 0x78, 0xe7, 0x98, 0xfc, 0x8b, 0xcf, + 0x6e, 0x49, 0x44, 0xb6, 0xf4, 0x3f, 0xf9, 0x0a, 0xac, 0xd0, 0x5f, 0x6e, 0x6c, 0x4c, 0xc2, 0x1e, + 0x30, 0x91, 0x9b, 0x07, 0x33, 0x8f, 0x08, 0xc8, 0x43, 0x44, 0x71, 0xef, 0x0d, 0x43, 0xe9, 0x5a, + 0x2d, 0x20, 0xdb, 0x7b, 0xc3, 0x30, 0x0d, 0xc0, 0x28, 0x11, 0x93, 0x5a, 0x54, 0x75, 0x11, 0x07, + 0x80, 0x83, 0xc5, 0xe3, 0x2b, 0x1d, 0x9f, 0x6b, 0x9e, 0x40, 0x7e, 0x93, 0x23, 0xb6, 0xa5, 0xd8, + 0xb0, 0x12, 0x4e, 0xad, 0xc2, 0xd4, 0x2a, 0xfc, 0x74, 0x63, 0x95, 0x18, 0x9f, 0x75, 0xbd, 0x63, + 0x4c, 0x4e, 0x54, 0x22, 0x22, 0x26, 0x7b, 0xb0, 0xc1, 0x70, 0x05, 0xa2, 0x78, 0x42, 0xfc, 0xa4, + 0xc3, 0xbd, 0x2d, 0x0e, 0x38, 0x24, 0x7f, 0x3e, 0xc5, 0x40, 0xaa, 0xb0, 0x88, 0xa2, 0x25, 0x37, + 0x06, 0xbf, 0x21, 0xcb, 0xd4, 0xe9, 0x75, 0x84, 0xfb, 0x0a, 0x4a, 0xd3, 0xf2, 0xbe, 0x82, 0xa4, + 0xe4, 0x9b, 0x00, 0x46, 0x30, 0x1a, 0xf4, 0xfb, 0x88, 0x4d, 0xb8, 0x8c, 0x82, 0xd9, 0xcd, 0xe4, + 0x7a, 0xc4, 0x52, 0x62, 0x22, 0x8e, 0xa3, 0x83, 0xbf, 0xbd, 0x14, 0x82, 0xa1, 0x54, 0x96, 0x66, + 0xc2, 0x12, 0x5b, 0x8c, 0x88, 0xf3, 0xc9, 0x91, 0xcb, 0x25, 0x94, 0x48, 0x86, 0xf3, 0xc9, 0xd3, + 0xb3, 0x38, 0x9f, 0x12, 0x83, 0x76, 0x00, 0x5b, 0xd3, 0x1a, 0x96, 0x10, 0x86, 0x95, 0x8b, 0x0a, + 0xc3, 0x7f, 0x93, 0x87, 0x55, 0x2c, 0x4d, 0xec, 0xc2, 0x3a, 0xac, 0x39, 0x93, 0x0f, 0x23, 0x10, + 0x0c, 0xb1, 0x1b, 0x63, 0xfd, 0xc6, 0x72, 0x86, 0xac, 0xf0, 0x4a, 0x70, 0x10, 0x03, 0xd6, 0xc5, + 0x49, 0xb0, 0x2f, 0x0c, 0xcc, 0x23, 0x88, 0x4d, 0x01, 0xe4, 0x94, 0x8d, 0xa7, 0x96, 0x62, 0x8a, + 0xcf, 0x83, 0xfc, 0x65, 0xce, 0x83, 0xc2, 0x85, 0xce, 0x83, 0x0f, 0x60, 0x55, 0x7c, 0x0d, 0x77, + 0xf2, 0xc5, 0x67, 0xdb, 0xc9, 0x13, 0x85, 0x91, 0x7a, 0xb4, 0xa3, 0x2f, 0xcd, 0xdd, 0xd1, 0x51, + 0x8b, 0x28, 0x56, 0x59, 0x26, 0x44, 0x32, 0x2f, 0x03, 0x03, 0x0e, 0xed, 0x97, 0x5b, 0x4f, 0x71, + 0x4a, 0xbe, 0x0e, 0x2b, 0xf5, 0x81, 0x50, 0x20, 0x49, 0x2f, 0xf7, 0x7d, 0x91, 0x28, 0x5f, 0x17, + 0x22, 0xca, 0xe8, 0x74, 0xcb, 0x7f, 0x11, 0xa7, 0xdb, 0x43, 0x00, 0xee, 0xb9, 0x10, 0x07, 0x0a, + 0xc1, 0x25, 0x23, 0x7c, 0x94, 0x93, 0x0a, 0x04, 0x89, 0x98, 0xee, 0x4e, 0xdc, 0xd4, 0x44, 0x3f, + 0x3e, 0x1e, 0x4c, 0x82, 0x30, 0x11, 0x59, 0x8f, 0xc3, 0x1d, 0xd0, 0x23, 0x01, 0xf3, 0xe4, 0xed, + 0x21, 0xc5, 0xf6, 0xc5, 0x0e, 0x08, 0x79, 0x2f, 0xb2, 0x91, 0x9b, 0x1b, 0x68, 0x5c, 0xcb, 0xf4, + 0xd0, 0x4c, 0xcb, 0x38, 0xed, 0xa7, 0x8a, 0x8c, 0x6f, 0xfc, 0x14, 0x43, 0xfd, 0x26, 0x40, 0xa4, + 0xc1, 0x17, 0x63, 0xcd, 0x24, 0xb9, 0x28, 0x55, 0xee, 0xe5, 0x98, 0x56, 0x6a, 0x4d, 0xfe, 0x8b, + 0x6a, 0x8d, 0x0b, 0xc5, 0xe6, 0x77, 0xc3, 0x4e, 0x6c, 0xf2, 0x01, 0x4e, 0x74, 0x93, 0xc5, 0x9d, + 0x49, 0x04, 0x44, 0x8f, 0xef, 0xc1, 0x33, 0x03, 0xa2, 0x47, 0x8c, 0xda, 0x7b, 0xb0, 0x21, 0xfb, + 0x2f, 0x3e, 0x0e, 0x8e, 0xc9, 0x6f, 0x31, 0xb4, 0x35, 0x25, 0x21, 0xe3, 0x48, 0x44, 0x74, 0xc7, + 0x7d, 0x1c, 0x1c, 0xb3, 0xfb, 0x4f, 0xe7, 0x63, 0xb9, 0xae, 0x28, 0x7d, 0xfe, 0x5c, 0x01, 0x92, + 0x25, 0x97, 0x77, 0x13, 0xe5, 0xff, 0xe1, 0x76, 0x99, 0xba, 0x95, 0x15, 0x2e, 0x73, 0x2b, 0x2b, + 0xfd, 0x99, 0x02, 0x1b, 0xa6, 0xde, 0xe0, 0x60, 0xc4, 0x4c, 0x13, 0xf1, 0x6b, 0x70, 0xd3, 0xd4, + 0x1b, 0x5e, 0xab, 0x59, 0x37, 0xcb, 0x8f, 0xbc, 0xa9, 0x18, 0x83, 0x37, 0xe1, 0x85, 0x2c, 0x49, + 0xac, 0xb1, 0xd8, 0x81, 0xed, 0x6c, 0xb6, 0xc0, 0x21, 0x9c, 0xce, 0x2c, 0x20, 0x0b, 0xf3, 0xa5, + 0x77, 0x60, 0x43, 0x60, 0xee, 0xb9, 0x75, 0x07, 0x51, 0x7d, 0x37, 0xa0, 0x78, 0x68, 0xd8, 0x66, + 0xf5, 0x91, 0x57, 0x6d, 0xd7, 0xeb, 0xea, 0x02, 0x59, 0x83, 0x15, 0x9e, 0x50, 0xd6, 0x55, 0x85, + 0xac, 0xc2, 0xb2, 0x69, 0x39, 0x46, 0xb9, 0x6d, 0x1b, 0x6a, 0xae, 0xf4, 0x0e, 0xac, 0xb7, 0x46, + 0xbd, 0x8f, 0x3a, 0xa1, 0x7f, 0xe0, 0x3f, 0x46, 0x85, 0xc3, 0x15, 0xc8, 0xdb, 0xfa, 0x91, 0xba, + 0x40, 0x00, 0x96, 0x5a, 0x07, 0x65, 0xe7, 0xfe, 0x7d, 0x55, 0x21, 0x45, 0xb8, 0xb2, 0x5f, 0x6e, + 0x79, 0x07, 0x0d, 0x47, 0xcd, 0xd1, 0x1f, 0xfa, 0x91, 0x83, 0x3f, 0xf2, 0xa5, 0xaf, 0xc1, 0x26, + 0xde, 0x15, 0xea, 0xbd, 0x71, 0xe8, 0x07, 0xfe, 0x08, 0xeb, 0xb0, 0x0a, 0xcb, 0x8e, 0x4f, 0x17, + 0x79, 0xe8, 0xb3, 0x0a, 0x34, 0x26, 0xfd, 0xb0, 0x37, 0xec, 0xfb, 0xdf, 0x57, 0x95, 0xd2, 0x43, + 0xd8, 0xb0, 0x07, 0x93, 0xb0, 0x17, 0x9c, 0x3a, 0x21, 0xa5, 0x38, 0x7d, 0x4c, 0x9e, 0x87, 0xcd, + 0xb6, 0xa5, 0x37, 0xf6, 0xcc, 0xfd, 0x76, 0xb3, 0xed, 0x78, 0x0d, 0xdd, 0x2d, 0xd7, 0x98, 0xba, + 0xa3, 0xd1, 0x74, 0x5c, 0xcf, 0x36, 0xca, 0x86, 0xe5, 0xaa, 0x4a, 0xe9, 0x8f, 0x14, 0x58, 0x6f, + 0x8f, 0xb9, 0x89, 0x6e, 0x1b, 0x1d, 0xed, 0x5e, 0x84, 0x9d, 0xb6, 0x63, 0xd8, 0x9e, 0xdb, 0x3c, + 0x30, 0x2c, 0xaf, 0xed, 0xe8, 0xfb, 0x69, 0x80, 0xcb, 0x5b, 0x70, 0x43, 0xa2, 0xb0, 0x8d, 0x72, + 0xf3, 0xd0, 0xb0, 0xbd, 0x96, 0xee, 0x38, 0x47, 0x4d, 0xbb, 0xa2, 0x2a, 0xe4, 0x3a, 0x5c, 0x9d, + 0x42, 0xd0, 0xa8, 0xea, 0x6a, 0x2e, 0x93, 0x67, 0x19, 0x47, 0x7a, 0xdd, 0xdb, 0x6b, 0xba, 0x6a, + 0xbe, 0xd4, 0xa0, 0x07, 0x1d, 0x02, 0xbb, 0x31, 0x04, 0xff, 0x65, 0x28, 0x58, 0x4d, 0xcb, 0x48, + 0xab, 0xa4, 0x56, 0x61, 0x59, 0x6f, 0xb5, 0xec, 0xe6, 0x21, 0x0e, 0x28, 0xc0, 0x52, 0xc5, 0xb0, + 0x68, 0xcd, 0xf2, 0x34, 0xa7, 0x65, 0x37, 0x1b, 0x4d, 0xd7, 0xa8, 0xa8, 0x85, 0x92, 0x2d, 0x16, + 0x8c, 0x28, 0xf4, 0x78, 0xc0, 0xf4, 0x3f, 0x15, 0xa3, 0xaa, 0xb7, 0xeb, 0x2e, 0xef, 0x90, 0x47, + 0x9e, 0x6d, 0xbc, 0xd7, 0x36, 0x1c, 0xd7, 0x51, 0x15, 0xa2, 0xc2, 0xaa, 0x65, 0x18, 0x15, 0xc7, + 0xb3, 0x8d, 0x43, 0xd3, 0x38, 0x52, 0x73, 0xb4, 0x4c, 0xf6, 0x3f, 0xfd, 0x42, 0xe9, 0x53, 0x05, + 0x08, 0x03, 0xc5, 0x13, 0x48, 0xeb, 0x38, 0x3e, 0xbb, 0x70, 0xbd, 0x46, 0x3b, 0x16, 0x9b, 0xd6, + 0x68, 0x56, 0xd2, 0x5d, 0x76, 0x15, 0x48, 0x2a, 0xbf, 0x59, 0xad, 0xaa, 0x0a, 0xb9, 0x01, 0xcf, + 0xa5, 0xd2, 0x2b, 0x76, 0xb3, 0xa5, 0xe6, 0xae, 0xe7, 0x96, 0x15, 0x72, 0x2d, 0x93, 0x79, 0x60, + 0x18, 0x2d, 0x35, 0x4f, 0x87, 0x28, 0x95, 0x21, 0x26, 0x20, 0x63, 0x2f, 0x94, 0x7e, 0xa0, 0xc0, + 0x55, 0x56, 0x4d, 0x31, 0x9b, 0xa3, 0xaa, 0xee, 0xc0, 0x36, 0x87, 0xfa, 0x9c, 0x56, 0xd1, 0x2d, + 0x50, 0x13, 0xb9, 0xac, 0x9a, 0xcf, 0xc3, 0x66, 0x22, 0x15, 0xeb, 0x91, 0xa3, 0x6b, 0x35, 0x91, + 0xbc, 0x67, 0x38, 0xae, 0x67, 0x54, 0xab, 0x4d, 0xdb, 0x65, 0x15, 0xc9, 0x97, 0x34, 0xd8, 0x2c, + 0xfb, 0xa3, 0x90, 0xca, 0x20, 0xc1, 0xb8, 0x37, 0x08, 0xb0, 0x0a, 0x6b, 0xb0, 0x62, 0x7c, 0xd3, + 0x35, 0x2c, 0xc7, 0x6c, 0x5a, 0xea, 0x42, 0x69, 0x27, 0x45, 0x23, 0x56, 0x8d, 0xe3, 0xd4, 0xd4, + 0x85, 0x52, 0x07, 0xd6, 0x84, 0x49, 0x2c, 0x9b, 0x15, 0xbb, 0x70, 0x5d, 0xcc, 0x35, 0x5c, 0xbf, + 0xe9, 0x26, 0x6c, 0xc3, 0x56, 0x36, 0xdf, 0x70, 0x55, 0x85, 0x8e, 0x42, 0x2a, 0x87, 0xa6, 0xe7, + 0x4a, 0xbf, 0xaf, 0xc0, 0x5a, 0xa4, 0x8b, 0xc0, 0x97, 0xd4, 0x5b, 0x70, 0xa3, 0x51, 0xd5, 0xbd, + 0x8a, 0x71, 0x68, 0x96, 0x0d, 0xef, 0xc0, 0xb4, 0x2a, 0xa9, 0x8f, 0xbc, 0x00, 0xcf, 0x4f, 0x21, + 0xc0, 0xaf, 0x6c, 0xc3, 0x56, 0x3a, 0xcb, 0x6d, 0xba, 0xb4, 0xbf, 0x76, 0x60, 0x3b, 0x9d, 0x73, + 0x64, 0xec, 0xe9, 0x6d, 0xb7, 0x66, 0xa9, 0xf9, 0xd2, 0x5f, 0x2b, 0xb0, 0xcd, 0x23, 0xab, 0x72, + 0xad, 0x08, 0xc3, 0x38, 0x47, 0x10, 0xc0, 0x12, 0xdc, 0x75, 0xed, 0xb6, 0xe3, 0x1a, 0x15, 0xc1, + 0x4e, 0x27, 0xad, 0x69, 0x1b, 0x0d, 0xc3, 0x72, 0x53, 0x75, 0x7b, 0x19, 0xbe, 0x3c, 0x87, 0xd6, + 0x6a, 0xba, 0xe2, 0x37, 0x5d, 0xab, 0x5f, 0x86, 0xdb, 0x73, 0x88, 0x23, 0xc2, 0x5c, 0xe9, 0x5b, + 0xb0, 0x9a, 0x88, 0xdb, 0x72, 0x0d, 0x9e, 0x93, 0x7f, 0xb7, 0xfc, 0xa0, 0xdb, 0x0b, 0x4e, 0xd5, + 0x85, 0x74, 0x86, 0x3d, 0x09, 0x02, 0x9a, 0x81, 0xdb, 0x82, 0x9c, 0xe1, 0xfa, 0xa3, 0xf3, 0x5e, + 0xd0, 0x09, 0xfd, 0xae, 0x9a, 0x2b, 0xbd, 0x0a, 0x6b, 0x09, 0xb4, 0x48, 0x3a, 0xfe, 0xf5, 0x26, + 0xdf, 0x35, 0x1b, 0x46, 0xc5, 0x6c, 0x37, 0xd4, 0x45, 0xba, 0x21, 0xd4, 0xcc, 0xfd, 0x9a, 0x0a, + 0xa5, 0x1f, 0x29, 0xf4, 0xde, 0x8e, 0xfd, 0xd3, 0xa8, 0xea, 0x62, 0xc6, 0xd0, 0xd9, 0xca, 0x30, + 0x68, 0x0d, 0xc7, 0x61, 0x0a, 0xdd, 0x1d, 0xd8, 0xe6, 0x3f, 0x3c, 0xdd, 0xaa, 0x78, 0x35, 0xdd, + 0xae, 0x1c, 0xe9, 0x36, 0x9d, 0xc2, 0x8f, 0xd4, 0x1c, 0xae, 0x4b, 0x29, 0xc5, 0x73, 0x9b, 0xed, + 0x72, 0x4d, 0xcd, 0xd3, 0x65, 0x90, 0x48, 0x6f, 0x99, 0x96, 0x5a, 0xc0, 0x55, 0x9e, 0xa1, 0xc6, + 0x62, 0x69, 0xfe, 0x62, 0xe9, 0x2f, 0x15, 0xd8, 0x9e, 0x05, 0x8b, 0x40, 0xee, 0x82, 0x66, 0x58, + 0xae, 0xad, 0x9b, 0x15, 0xaf, 0x6c, 0x1b, 0x15, 0xc3, 0x72, 0x4d, 0xbd, 0xee, 0x78, 0x4e, 0xb3, + 0x6d, 0x97, 0xe9, 0x14, 0x15, 0x2a, 0xe9, 0xdb, 0x70, 0x6b, 0x0e, 0x5d, 0xd3, 0xac, 0x94, 0x55, + 0x85, 0xdc, 0x87, 0x57, 0xe6, 0x10, 0x39, 0x8f, 0x1c, 0xd7, 0x68, 0xc8, 0x39, 0x6a, 0xae, 0xd4, + 0x03, 0x35, 0xed, 0x7f, 0x9d, 0x51, 0xfb, 0xdb, 0x6d, 0xcb, 0x62, 0x7b, 0xec, 0x06, 0x14, 0x9b, + 0x6e, 0xcd, 0xb0, 0x39, 0x84, 0x31, 0x62, 0x16, 0xb7, 0x2d, 0x3a, 0x55, 0x9b, 0xb6, 0xf9, 0x3e, + 0x6e, 0xb6, 0xdb, 0xb0, 0xe5, 0xd4, 0xf5, 0xf2, 0x01, 0xce, 0x28, 0xd3, 0xf2, 0xca, 0x35, 0xdd, + 0xb2, 0x8c, 0xba, 0x0a, 0xd8, 0x0f, 0xb3, 0x1c, 0xb5, 0xc8, 0x57, 0xe0, 0xa5, 0xe6, 0x81, 0xab, + 0x7b, 0xad, 0x7a, 0x7b, 0xdf, 0xb4, 0x3c, 0xe7, 0x91, 0x55, 0x16, 0xc7, 0x70, 0x39, 0xbb, 0x1f, + 0xbd, 0x04, 0x77, 0xe6, 0x52, 0xc7, 0x60, 0xc3, 0x77, 0x41, 0x9b, 0x4b, 0xc9, 0x1b, 0x52, 0xfa, + 0x99, 0x02, 0x37, 0xe6, 0xe8, 0x2d, 0xc9, 0x2b, 0x70, 0xaf, 0x66, 0xe8, 0x95, 0xba, 0xe1, 0x38, + 0x1e, 0x6d, 0x2f, 0xed, 0x41, 0x66, 0x1e, 0x30, 0x75, 0xb7, 0xb9, 0x07, 0x5f, 0x9a, 0x4f, 0x1e, + 0x9f, 0x5b, 0x2f, 0xc1, 0x9d, 0xf9, 0xa4, 0xfc, 0x1c, 0xcb, 0xd1, 0xd5, 0x3e, 0x9f, 0x32, 0x3a, + 0xff, 0xf2, 0xa5, 0x1f, 0x2a, 0x70, 0x75, 0xba, 0xb8, 0x4f, 0xeb, 0x66, 0x5a, 0x8e, 0xab, 0xd7, + 0xeb, 0x5e, 0x4b, 0xb7, 0xf5, 0x86, 0x67, 0x58, 0x76, 0xb3, 0x5e, 0x9f, 0xb6, 0xef, 0xdf, 0x81, + 0x17, 0x67, 0x93, 0x3a, 0x65, 0xdb, 0x6c, 0xd1, 0xad, 0x4d, 0x83, 0xdd, 0xd9, 0x54, 0x86, 0x59, + 0x36, 0xd4, 0xdc, 0xde, 0xdb, 0x3f, 0xf9, 0xb7, 0xdd, 0x85, 0x9f, 0x7c, 0xbe, 0xab, 0xfc, 0xfc, + 0xf3, 0x5d, 0xe5, 0x5f, 0x3f, 0xdf, 0x55, 0xde, 0x7f, 0xf9, 0x12, 0xe1, 0xdc, 0x3f, 0x5c, 0x42, + 0x7b, 0x98, 0x07, 0xff, 0x1b, 0x00, 0x00, 0xff, 0xff, 0xca, 0xe8, 0xab, 0x26, 0x05, 0x9a, 0x01, + 0x00, } func (this *PluginSpecV1) Equal(that interface{}) bool { @@ -22642,6 +22693,12 @@ func (this *PluginEntraIDSyncSettings) Equal(that interface{}) bool { if this.SsoConnectorId != that1.SsoConnectorId { return false } + if this.CredentialsSource != that1.CredentialsSource { + return false + } + if this.TenantId != that1.TenantId { + return false + } if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) { return false } @@ -24052,6 +24109,15 @@ func (m *RDS) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.SecurityGroups) > 0 { + for iNdEx := len(m.SecurityGroups) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.SecurityGroups[iNdEx]) + copy(dAtA[i:], m.SecurityGroups[iNdEx]) + i = encodeVarintTypes(dAtA, i, uint64(len(m.SecurityGroups[iNdEx]))) + i-- + dAtA[i] = 0x3a + } + } if len(m.VPCID) > 0 { i -= len(m.VPCID) copy(dAtA[i:], m.VPCID) @@ -41890,6 +41956,18 @@ func (m *PluginEntraIDSyncSettings) MarshalToSizedBuffer(dAtA []byte) (int, erro i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.TenantId) > 0 { + i -= len(m.TenantId) + copy(dAtA[i:], m.TenantId) + i = encodeVarintTypes(dAtA, i, uint64(len(m.TenantId))) + i-- + dAtA[i] = 0x22 + } + if m.CredentialsSource != 0 { + i = encodeVarintTypes(dAtA, i, uint64(m.CredentialsSource)) + i-- + dAtA[i] = 0x18 + } if len(m.SsoConnectorId) > 0 { i -= len(m.SsoConnectorId) copy(dAtA[i:], m.SsoConnectorId) @@ -46398,6 +46476,12 @@ func (m *RDS) Size() (n int) { if l > 0 { n += 1 + l + sovTypes(uint64(l)) } + if len(m.SecurityGroups) > 0 { + for _, s := range m.SecurityGroups { + l = len(s) + n += 1 + l + sovTypes(uint64(l)) + } + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -54514,6 +54598,13 @@ func (m *PluginEntraIDSyncSettings) Size() (n int) { if l > 0 { n += 1 + l + sovTypes(uint64(l)) } + if m.CredentialsSource != 0 { + n += 1 + sovTypes(uint64(m.CredentialsSource)) + } + l = len(m.TenantId) + if l > 0 { + n += 1 + l + sovTypes(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -60318,6 +60409,38 @@ func (m *RDS) Unmarshal(dAtA []byte) error { } m.VPCID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SecurityGroups", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SecurityGroups = append(m.SecurityGroups, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTypes(dAtA[iNdEx:]) @@ -112573,6 +112696,57 @@ func (m *PluginEntraIDSyncSettings) Unmarshal(dAtA []byte) error { } m.SsoConnectorId = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field CredentialsSource", wireType) + } + m.CredentialsSource = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.CredentialsSource |= EntraIDCredentialsSource(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TenantId", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTypes + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.TenantId = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTypes(dAtA[iNdEx:]) diff --git a/api/types/user.go b/api/types/user.go index f4401cd3c7aee..490e26435d2b1 100644 --- a/api/types/user.go +++ b/api/types/user.go @@ -511,11 +511,15 @@ func (u UserV2) GetGCPServiceAccounts() []string { // GetUserType indicates if the User was created by an SSO Provider or locally. func (u UserV2) GetUserType() UserType { - if u.GetCreatedBy().Connector == nil { - return UserTypeLocal + if u.GetCreatedBy().Connector != nil || + len(u.GetOIDCIdentities()) > 0 || + len(u.GetGithubIdentities()) > 0 || + len(u.GetSAMLIdentities()) > 0 { + + return UserTypeSSO } - return UserTypeSSO + return UserTypeLocal } // IsBot returns true if the user is a bot. diff --git a/api/types/usertasks/object.go b/api/types/usertasks/object.go index df00f4e0a58a1..244dda1d47bc1 100644 --- a/api/types/usertasks/object.go +++ b/api/types/usertasks/object.go @@ -90,55 +90,40 @@ const ( // This value is used to populate the UserTasks.Spec.IssueType for Discover EC2 tasks. // The Web UI will then use those identifiers to show detailed instructions on how to fix the issue. const ( - // AutoDiscoverEC2IssueEICEFailedToCreateNode is used when the EICE flow fails to create a node. - // This can happen when the Node does not have a valid PrivateIPAddress. - // This is very unlikely and should only happen if the AWS API returns an unexpected response. - AutoDiscoverEC2IssueEICEFailedToCreateNode = "ec2-eice-create-node" - - // AutoDiscoverEC2IssueEICEFailedToUpsertNode is used when the EICE flow fails to upsert a node into the cluster. - // This is very unlikely and should only happen - // - if the Discovery system role was changed - // - if the Node resource validation was changed on the Auth and not on the DiscoveryService - // - if Teleport backend is offline or in failing mode - // - or because of a network error - AutoDiscoverEC2IssueEICEFailedToUpsertNode = "ec2-eice-upsert-node" - - // AutoDiscoverEC2IssueScriptInstanceNotRegistered is used to identify instances that failed to auto-enroll + // AutoDiscoverEC2IssueSSMInstanceNotRegistered is used to identify instances that failed to auto-enroll // because they are not present in Amazon Systems Manager. // This usually means that the Instance does not have the SSM Agent running, // or that the instance's IAM Profile does not allow have the managed IAM Policy AmazonSSMManagedInstanceCore assigned to it. - AutoDiscoverEC2IssueScriptInstanceNotRegistered = "ec2-ssm-agent-not-registered" + AutoDiscoverEC2IssueSSMInstanceNotRegistered = "ec2-ssm-agent-not-registered" - // AutoDiscoverEC2IssueScriptInstanceConnectionLost is used to identify instances that failed to auto-enroll + // AutoDiscoverEC2IssueSSMInstanceConnectionLost is used to identify instances that failed to auto-enroll // because the agent lost connection to Amazon Systems Manager. // This can happen if the user changed some setting in the instance's network or IAM profile. - AutoDiscoverEC2IssueScriptInstanceConnectionLost = "ec2-ssm-agent-connection-lost" + AutoDiscoverEC2IssueSSMInstanceConnectionLost = "ec2-ssm-agent-connection-lost" - // AutoDiscoverEC2IssueScriptInstanceUnsupportedOS is used to identify instances that failed to auto-enroll + // AutoDiscoverEC2IssueSSMInstanceUnsupportedOS is used to identify instances that failed to auto-enroll // because its OS is not supported by teleport. // This can happen if the instance is running Windows. - AutoDiscoverEC2IssueScriptInstanceUnsupportedOS = "ec2-ssm-unsupported-os" + AutoDiscoverEC2IssueSSMInstanceUnsupportedOS = "ec2-ssm-unsupported-os" - // AutoDiscoverEC2IssueScriptFailure is used to identify instances that failed to auto-enroll + // AutoDiscoverEC2IssueSSMScriptFailure is used to identify instances that failed to auto-enroll // because the installation script failed. // The invocation url must be included in the report, so that users can see what was wrong. - AutoDiscoverEC2IssueScriptFailure = "ec2-ssm-script-failure" + AutoDiscoverEC2IssueSSMScriptFailure = "ec2-ssm-script-failure" - // AutoDiscoverEC2IssueInvocationFailure is used to identify instances that failed to auto-enroll + // AutoDiscoverEC2IssueSSMInvocationFailure is used to identify instances that failed to auto-enroll // because the SSM Script Run (also known as Invocation) failed. // This happens when there's a failure with permissions or an invalid configuration (eg, invalid document name). - AutoDiscoverEC2IssueInvocationFailure = "ec2-ssm-invocation-failure" + AutoDiscoverEC2IssueSSMInvocationFailure = "ec2-ssm-invocation-failure" ) // discoverEC2IssueTypes is a list of issue types that can occur when trying to auto enroll EC2 instances. var discoverEC2IssueTypes = []string{ - AutoDiscoverEC2IssueEICEFailedToCreateNode, - AutoDiscoverEC2IssueEICEFailedToUpsertNode, - AutoDiscoverEC2IssueScriptInstanceNotRegistered, - AutoDiscoverEC2IssueScriptInstanceConnectionLost, - AutoDiscoverEC2IssueScriptInstanceUnsupportedOS, - AutoDiscoverEC2IssueScriptFailure, - AutoDiscoverEC2IssueInvocationFailure, + AutoDiscoverEC2IssueSSMInstanceNotRegistered, + AutoDiscoverEC2IssueSSMInstanceConnectionLost, + AutoDiscoverEC2IssueSSMInstanceUnsupportedOS, + AutoDiscoverEC2IssueSSMScriptFailure, + AutoDiscoverEC2IssueSSMInvocationFailure, } // ValidateUserTask validates the UserTask object without modifying it. @@ -230,10 +215,12 @@ func validateDiscoverEC2TaskType(ut *usertasksv1.UserTask) error { // TaskNameForDiscoverEC2Parts are the fields that deterministically compute a Discover EC2 task name. // To be used with TaskNameForDiscoverEC2 function. type TaskNameForDiscoverEC2Parts struct { - Integration string - IssueType string - AccountID string - Region string + Integration string + IssueType string + AccountID string + Region string + SSMDocument string + InstallerScript string } // TaskNameForDiscoverEC2 returns a deterministic name for the DiscoverEC2 task type. @@ -248,6 +235,10 @@ func TaskNameForDiscoverEC2(parts TaskNameForDiscoverEC2Parts) string { bs = append(bs, []byte(parts.AccountID)...) bs = append(bs, binary.LittleEndian.AppendUint64(nil, uint64(len(parts.Region)))...) bs = append(bs, []byte(parts.Region)...) + bs = append(bs, binary.LittleEndian.AppendUint64(nil, uint64(len(parts.SSMDocument)))...) + bs = append(bs, []byte(parts.SSMDocument)...) + bs = append(bs, binary.LittleEndian.AppendUint64(nil, uint64(len(parts.InstallerScript)))...) + bs = append(bs, []byte(parts.InstallerScript)...) return uuid.NewSHA1(discoverEC2Namespace, bs).String() } diff --git a/api/types/usertasks/object_test.go b/api/types/usertasks/object_test.go index 3c6f77211a9ca..f2298f2132829 100644 --- a/api/types/usertasks/object_test.go +++ b/api/types/usertasks/object_test.go @@ -39,7 +39,7 @@ func TestValidateUserTask(t *testing.T) { userTask, err := usertasks.NewDiscoverEC2UserTask(&usertasksv1.UserTaskSpec{ Integration: "my-integration", TaskType: "discover-ec2", - IssueType: "ec2-eice-create-node", + IssueType: "ec2-ssm-invocation-failure", State: "OPEN", DiscoverEc2: &usertasksv1.DiscoverEC2{ AccountId: "123456789012", @@ -221,7 +221,7 @@ func TestNewDiscoverEC2UserTask(t *testing.T) { baseEC2DiscoverTaskSpec := &usertasksv1.UserTaskSpec{ Integration: "my-integration", TaskType: "discover-ec2", - IssueType: "ec2-eice-create-node", + IssueType: "ec2-ssm-invocation-failure", State: "OPEN", DiscoverEc2: &usertasksv1.DiscoverEC2{ AccountId: "123456789012", @@ -250,7 +250,7 @@ func TestNewDiscoverEC2UserTask(t *testing.T) { Kind: "user_task", Version: "v1", Metadata: &headerv1.Metadata{ - Name: "bd1e9ec3-33d3-52f8-a674-c8145e739559", + Name: "f36b8798-fdec-59fe-8bd0-33f4890ced05", Expires: userTaskExpirationTimestamp, }, Spec: baseEC2DiscoverTaskSpec, diff --git a/api/utils/grpc/interceptors/mfa.go b/api/utils/grpc/interceptors/mfa.go index 367851fef1cc7..e8dae8e45e1f7 100644 --- a/api/utils/grpc/interceptors/mfa.go +++ b/api/utils/grpc/interceptors/mfa.go @@ -31,7 +31,7 @@ import ( // to the rpc call when an MFA response is provided through the context. Additionally, // when the call returns an error that indicates that MFA is required, this interceptor // will prompt for MFA using the given mfaCeremony and retry. -func WithMFAUnaryInterceptor(mfaCeremony mfa.MFACeremony) grpc.UnaryClientInterceptor { +func WithMFAUnaryInterceptor(mfaCeremony mfa.CeremonyFn) grpc.UnaryClientInterceptor { return func(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error { // Check for MFA response passed through the context. if mfaResp, err := mfa.MFAResponseFromContext(ctx); err == nil { diff --git a/api/version.go b/api/version.go index 4fb8cd891037b..92b6f3447a9d8 100644 --- a/api/version.go +++ b/api/version.go @@ -3,6 +3,6 @@ package api import "github.com/coreos/go-semver/semver" -const Version = "16.4.2" +const Version = "16.4.6" var SemVersion = semver.New(Version) diff --git a/assets/aws/files/bin/teleport-renew-cert b/assets/aws/files/bin/teleport-renew-cert index b0d3ec9824a0a..13b8c03dce89b 100755 --- a/assets/aws/files/bin/teleport-renew-cert +++ b/assets/aws/files/bin/teleport-renew-cert @@ -17,7 +17,7 @@ if [ ! -f /etc/teleport.d/role.auth ] && [ ! -f /etc/teleport.d/role.all ]; then fi # Fetching certbot state -aws s3 sync --exact-timestamps "s3://${TELEPORT_S3_BUCKET}" /etc/letsencrypt/ --sse=AES256 +aws s3 sync '--exclude=records/*' --exact-timestamps "s3://${TELEPORT_S3_BUCKET}" /etc/letsencrypt/ --sse=AES256 # s3 does not support symlinks, we have to create them after the sync, else certbot will fail. # live/ symlinks point to the latest archive//XX.pem where XX is incremented at each cert-renewal. diff --git a/build.assets/macos/tsh/tsh.app/Contents/Info.plist b/build.assets/macos/tsh/tsh.app/Contents/Info.plist index c6d5b661262c8..0980ed7c1c8d3 100644 --- a/build.assets/macos/tsh/tsh.app/Contents/Info.plist +++ b/build.assets/macos/tsh/tsh.app/Contents/Info.plist @@ -19,13 +19,13 @@ CFBundlePackageType APPL CFBundleShortVersionString - 16.4.2 + 16.4.6 CFBundleSupportedPlatforms MacOSX CFBundleVersion - 16.4.2 + 16.4.6 DTCompiler com.apple.compilers.llvm.clang.1_0 DTPlatformBuild diff --git a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist index 5868ea59e7c38..5f4cd92b17219 100644 --- a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist +++ b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist @@ -17,13 +17,13 @@ CFBundlePackageType APPL CFBundleShortVersionString - 16.4.2 + 16.4.6 CFBundleSupportedPlatforms MacOSX CFBundleVersion - 16.4.2 + 16.4.6 DTCompiler com.apple.compilers.llvm.clang.1_0 DTPlatformBuild diff --git a/build.assets/tooling/cmd/render-helm-ref/main.go b/build.assets/tooling/cmd/render-helm-ref/main.go index 0b4af23e9dbfe..2026c2147672a 100644 --- a/build.assets/tooling/cmd/render-helm-ref/main.go +++ b/build.assets/tooling/cmd/render-helm-ref/main.go @@ -59,7 +59,7 @@ func main() { reference, err := parseAndRender(chartPath) if err != nil { - log.Errorf("failed parsing chart and rendering refence: %s", err) + log.Errorf("failed parsing chart and rendering reference: %s", err) os.Exit(1) } diff --git a/constants.go b/constants.go index e213751db1372..0e2a1e1f4a2b5 100644 --- a/constants.go +++ b/constants.go @@ -543,6 +543,10 @@ const ( // HomeDirNotFound is returned when a the "teleport checkhomedir" command cannot // find the user's home directory. HomeDirNotFound = 254 + // HomeDirNotAccessible is returned when a the "teleport checkhomedir" command has + // found the user's home directory, but the user does NOT have permissions to + // access it. + HomeDirNotAccessible = 253 ) // MaxEnvironmentFileLines is the maximum number of lines in a environment file. diff --git a/docs/config.json b/docs/config.json index 45674a8e75751..31a8b5ad37a30 100644 --- a/docs/config.json +++ b/docs/config.json @@ -135,7 +135,7 @@ "aws_secret_access_key": "zyxw9876-this-is-an-example" }, "cloud": { - "version": "16.3.0", + "version": "16.4.2", "major_version": "16", "sla": { "monthly_percentage": "99.9%", @@ -185,18 +185,18 @@ "teleport": { "git": "api/14.0.0-gd1e081e", "major_version": "16", - "version": "16.4.2", + "version": "16.4.6", "url": "teleport.example.com", "golang": "1.22", "plugin": { - "version": "16.4.2" + "version": "16.4.6" }, "helm_repo_url": "https://charts.releases.teleport.dev", - "latest_oss_docker_image": "public.ecr.aws/gravitational/teleport-distroless:16.4.2", - "latest_oss_debug_docker_image": "public.ecr.aws/gravitational/teleport-distroless-debug:16.4.2", - "latest_ent_docker_image": "public.ecr.aws/gravitational/teleport-ent-distroless:16.4.2", - "latest_ent_debug_docker_image": "public.ecr.aws/gravitational/teleport-ent-distroless-debug:16.4.2", - "teleport_install_script_url": "https://cdn.teleport.dev/install-v16.4.2.sh" + "latest_oss_docker_image": "public.ecr.aws/gravitational/teleport-distroless:16.4.6", + "latest_oss_debug_docker_image": "public.ecr.aws/gravitational/teleport-distroless-debug:16.4.6", + "latest_ent_docker_image": "public.ecr.aws/gravitational/teleport-ent-distroless:16.4.6", + "latest_ent_debug_docker_image": "public.ecr.aws/gravitational/teleport-ent-distroless-debug:16.4.6", + "teleport_install_script_url": "https://cdn.teleport.dev/install-v16.4.6.sh" }, "terraform": { "version": "1.0.0" @@ -223,11 +223,6 @@ "destination": "/admin-guides/access-controls/sso/github-sso/", "permanent": true }, - { - "source": "/machine-id/deployment/circleci/", - "destination": "/enroll-resources/machine-id/deployment/circleci/", - "permanent": true - }, { "source": "/machine-id/deployment/gitlab/", "destination": "/enroll-resources/machine-id/deployment/gitlab/", @@ -238,21 +233,11 @@ "destination": "/enroll-resources/machine-id/deployment/jenkins/", "permanent": true }, - { - "source": "/machine-id/access-guides/ansible/", - "destination": "/enroll-resources/machine-id/access-guides/ansible/", - "permanent": true - }, { "source": "/machine-id/deployment/spacelift/", "destination": "/admin-guides/infrastructure-as-code/terraform-provider/spacelift/", "permanent": true }, - { - "source": "/machine-id/access-guides/terraform/", - "destination": "/admin-guides/infrastructure-as-code/terraform-provider/dedicated-server/", - "permanent": true - }, { "source": "/enroll-resources/machine-id/deployment/terraform/", "destination": "/admin-guides/infrastructure-as-code/terraform-provider/dedicated-server/", @@ -263,26 +248,11 @@ "destination": "/enroll-resources/machine-id/deployment/aws/", "permanent": true }, - { - "source": "/machine-id/deployment/gcp/", - "destination": "/enroll-resources/machine-id/deployment/gcp/", - "permanent": true - }, - { - "source": "/machine-id/deployment/azure/", - "destination": "/enroll-resources/machine-id/deployment/azure/", - "permanent": true - }, { "source": "/machine-id/deployment/kubernetes/", "destination": "/enroll-resources/machine-id/deployment/kubernetes/", "permanent": true }, - { - "source": "/machine-id/getting-started/", - "destination": "/enroll-resources/machine-id/getting-started/", - "permanent": true - }, { "source": "/database-access/guides/gui-clients/", "destination": "/connect-your-client/gui-clients/", @@ -298,21 +268,6 @@ "destination": "/enroll-resources/database-access/guides/", "permanent": true }, - { - "source": "/desktop-access/active-directory/", - "destination": "/enroll-resources/desktop-access/active-directory/", - "permanent": true - }, - { - "source": "/desktop-access/getting-started/", - "destination": "/enroll-resources/desktop-access/getting-started/", - "permanent": true - }, - { - "source": "/server-access/getting-started/", - "destination": "/enroll-resources/server-access/getting-started/", - "permanent": true - }, { "source": "/setup/admin/trustedclusters/", "destination": "/admin-guides/management/admin/trustedclusters/", @@ -463,11 +418,6 @@ "destination": "/enroll-resources/application-access/guides/vnet/", "permanent": true }, - { - "source": "/application-access/introduction/", - "destination": "/enroll-resources/application-access/introduction/", - "permanent": true - }, { "source": "/application-access/jwt/", "destination": "/enroll-resources/application-access/jwt/", @@ -818,16 +768,6 @@ "destination": "/enroll-resources/database-access/getting-started/", "permanent": true }, - { - "source": "/database-access/guides/", - "destination": "/enroll-resources/database-access/guides/", - "permanent": true - }, - { - "source": "/database-access/guides/dynamic-registration/", - "destination": "/enroll-resources/database-access/guides/dynamic-registration/", - "permanent": true - }, { "source": "/database-access/guides/ha/", "destination": "/enroll-resources/database-access/guides/ha/", @@ -1043,11 +983,6 @@ "destination": "/enroll-resources/machine-id/deployment/", "permanent": true }, - { - "source": "/machine-id/deployment/aws/", - "destination": "/enroll-resources/machine-id/deployment/aws/", - "permanent": true - }, { "source": "/machine-id/deployment/azure/", "destination": "/enroll-resources/machine-id/deployment/azure/", @@ -1068,21 +1003,6 @@ "destination": "/enroll-resources/machine-id/deployment/github-actions/", "permanent": true }, - { - "source": "/machine-id/deployment/gitlab/", - "destination": "/enroll-resources/machine-id/deployment/gitlab/", - "permanent": true - }, - { - "source": "/machine-id/deployment/jenkins/", - "destination": "/enroll-resources/machine-id/deployment/jenkins/", - "permanent": true - }, - { - "source": "/machine-id/deployment/kubernetes/", - "destination": "/enroll-resources/machine-id/deployment/kubernetes/", - "permanent": true - }, { "source": "/machine-id/deployment/linux-tpm/", "destination": "/enroll-resources/machine-id/deployment/linux-tpm/", @@ -1093,11 +1013,6 @@ "destination": "/enroll-resources/machine-id/deployment/linux/", "permanent": true }, - { - "source": "/machine-id/deployment/spacelift/", - "destination": "/admin-guides/infrastructure-as-code/terraform-provider/spacelift/", - "permanent": true - }, { "source": "/machine-id/faq/", "destination": "/enroll-resources/machine-id/faq/", @@ -1273,31 +1188,16 @@ "destination": "/enroll-resources/database-access/enroll-aws-databases/rds-proxy-postgres/", "permanent": true }, - { - "source": "/database-access/guides/rds-proxy-sqlserver/", - "destination": "/enroll-resources/database-access/enroll-aws-databases/rds-proxy-sqlserver/", - "permanent": true - }, { "source": "/database-access/guides/rds-proxy-mysql/", "destination": "/enroll-resources/database-access/enroll-aws-databases/rds-proxy-mysql/", "permanent": true }, - { - "source": "/database-access/guides/ha/", - "destination": "/enroll-resources/database-access/guides/ha/", - "permanent": true - }, { "source": "/database-access/guides/dynamic-registration/", "destination": "/enroll-resources/database-access/guides/dynamic-registration/", "permanent": true }, - { - "source": "/database-access/guides/aws-dynamodb/", - "destination": "/enroll-resources/database-access/enroll-aws-databases/rds-proxy-postgres/", - "permanent": true - }, { "source": "/database-access/guides/redis-aws/", "destination": "/enroll-resources/database-access/enroll-aws-databases/redis-aws/", @@ -1308,26 +1208,11 @@ "destination": "/enroll-resources/database-access/enroll-aws-databases/aws-cassandra-keyspaces/", "permanent": true }, - { - "source": "/database-access/guides/postgres-redshift/", - "destination": "/enroll-resources/database-access/enroll-aws-databases/postgres-redshift/", - "permanent": true - }, { "source": "/database-access/guides/redshift-serverless/", "destination": "/enroll-resources/database-access/enroll-aws-databases/redshift-serverless/", "permanent": true }, - { - "source": "/database-access/guides/azure-redis/", - "destination": "/enroll-resources/database-access/enroll-aws-databases/rds-proxy-postgres/", - "permanent": true - }, - { - "source": "/database-access/guides/azure-postgres-mysql/", - "destination": "/enroll-resources/database-access/enroll-azure-databases/azure-postgres-mysql/", - "permanent": true - }, { "source": "/database-access/guides/azure-postgres-mysql/", "destination": "/enroll-resources/database-access/enroll-azure-databases/azure-postgres-mysql/", @@ -1338,11 +1223,6 @@ "destination": "/enroll-resources/database-access/enroll-azure-databases/azure-sql-server-ad/", "permanent": true }, - { - "source": "/database-access/guides/sql-server-ad/", - "destination": "/enroll-resources/database-access/enroll-aws-databases/sql-server-ad/", - "permanent": true - }, { "source": "/database-access/guides/mysql-cloudsql/", "destination": "/enroll-resources/database-access/enroll-google-cloud-databases/mysql-cloudsql/", @@ -1353,11 +1233,6 @@ "destination": "/enroll-resources/database-access/enroll-google-cloud-databases/postgres-cloudsql/", "permanent": true }, - { - "source": "/database-access/guides/mongodb-atlas/", - "destination": "/enroll-resources/database-access/enroll-managed-databases/mongodb-atlas/", - "permanent": true - }, { "source": "/database-access/guides/cassandra-self-hosted/", "destination": "/enroll-resources/database-access/enroll-self-hosted-databases/cassandra-self-hosted/", @@ -1368,26 +1243,11 @@ "destination": "/enroll-resources/database-access/enroll-self-hosted-databases/cockroachdb-self-hosted/", "permanent": true }, - { - "source": "/database-access/guides/elastic/", - "destination": "/enroll-resources/database-access/enroll-self-hosted-databases/elastic/", - "permanent": true - }, { "source": "/database-access/guides/mongodb-self-hosted/", "destination": "/enroll-resources/database-access/enroll-self-hosted-databases/mongodb-self-hosted/", "permanent": true }, - { - "source": "/database-access/guides/redis/", - "destination": "/enroll-resources/database-access/enroll-self-hosted-databases/redis/", - "permanent": true - }, - { - "source": "/database-access/guides/snowflake/", - "destination": "/enroll-resources/database-access/enroll-managed-databases/snowflake/", - "permanent": true - }, { "source": "/database-access/guides/redis-cluster/", "destination": "/enroll-resources/database-access/enroll-self-hosted-databases/redis-cluster/", @@ -1398,11 +1258,6 @@ "destination": "/get-started/", "permanent": true }, - { - "source": "/database-access/guides/snowflake/", - "destination": "/enroll-resources/database-access/enroll-managed-databases/snowflake/", - "permanent": true - }, { "source": "/enterprise/sso/google-workspace/", "destination": "/admin-guides/access-controls/sso/google-workspace/", @@ -1458,11 +1313,6 @@ "destination": "/connect-your-client/putty-winscp/", "permanent": true }, - { - "source": "/machine-id/guides/jenkins/", - "destination": "/enroll-resources/machine-id/deployment/jenkins/", - "permanent": true - }, { "source": "/machine-id/guides/databases/", "destination": "/enroll-resources/machine-id/access-guides/databases/", @@ -1533,121 +1383,41 @@ "destination": "/", "permanent": true }, - { - "source": "/database-access/guides/rds-proxy-sqlserver/", - "destination": "/enroll-resources/database-access/enroll-aws-databases/rds-proxy-sqlserver/", - "permanent": true - }, - { - "source": "/database-access/guides/rds-proxy-mysql/", - "destination": "/enroll-resources/database-access/enroll-aws-databases/rds-proxy-mysql/", - "permanent": true - }, - { - "source": "/database-access/guides/ha/", - "destination": "/enroll-resources/database-access/guides/ha/", - "permanent": true - }, - { - "source": "/database-access/guides/dynamic-registration/", - "destination": "/enroll-resources/database-access/guides/dynamic-registration/", - "permanent": true - }, { "source": "/database-access/guides/aws-dynamodb/", "destination": "/enroll-resources/database-access/enroll-aws-databases/rds-proxy-postgres/", "permanent": true }, - { - "source": "/database-access/guides/redis-aws/", - "destination": "/enroll-resources/database-access/enroll-aws-databases/redis-aws/", - "permanent": true - }, - { - "source": "/database-access/guides/aws-cassandra-keyspaces/", - "destination": "/enroll-resources/database-access/enroll-aws-databases/aws-cassandra-keyspaces/", - "permanent": true - }, { "source": "/database-access/guides/postgres-redshift/", "destination": "/enroll-resources/database-access/enroll-aws-databases/postgres-redshift/", "permanent": true }, - { - "source": "/database-access/guides/redshift-serverless/", - "destination": "/enroll-resources/database-access/enroll-aws-databases/redshift-serverless/", - "permanent": true - }, { "source": "/database-access/guides/azure-redis/", "destination": "/enroll-resources/database-access/enroll-aws-databases/rds-proxy-postgres/", "permanent": true }, - { - "source": "/database-access/guides/azure-postgres-mysql/", - "destination": "/enroll-resources/database-access/enroll-azure-databases/azure-postgres-mysql/", - "permanent": true - }, - { - "source": "/database-access/guides/azure-postgres-mysql/", - "destination": "/enroll-resources/database-access/enroll-azure-databases/azure-postgres-mysql/", - "permanent": true - }, - { - "source": "/database-access/guides/azure-sql-server-ad/", - "destination": "/enroll-resources/database-access/enroll-azure-databases/azure-sql-server-ad/", - "permanent": true - }, { "source": "/database-access/guides/sql-server-ad/", "destination": "/enroll-resources/database-access/enroll-aws-databases/sql-server-ad/", "permanent": true }, - { - "source": "/database-access/guides/mysql-cloudsql/", - "destination": "/enroll-resources/database-access/enroll-google-cloud-databases/mysql-cloudsql/", - "permanent": true - }, - { - "source": "/database-access/guides/postgres-cloudsql/", - "destination": "/enroll-resources/database-access/enroll-google-cloud-databases/postgres-cloudsql/", - "permanent": true - }, { "source": "/database-access/guides/mongodb-atlas/", "destination": "/enroll-resources/database-access/enroll-managed-databases/mongodb-atlas/", "permanent": true }, - { - "source": "/database-access/guides/cassandra-self-hosted/", - "destination": "/enroll-resources/database-access/enroll-self-hosted-databases/cassandra-self-hosted/", - "permanent": true - }, - { - "source": "/database-access/guides/cockroachdb-self-hosted/", - "destination": "/enroll-resources/database-access/enroll-self-hosted-databases/cockroachdb-self-hosted/", - "permanent": true - }, { "source": "/database-access/guides/elastic/", "destination": "/enroll-resources/database-access/enroll-self-hosted-databases/elastic/", "permanent": true }, - { - "source": "/database-access/guides/mongodb-self-hosted/", - "destination": "/enroll-resources/database-access/enroll-self-hosted-databases/mongodb-self-hosted/", - "permanent": true - }, { "source": "/database-access/guides/redis/", "destination": "/enroll-resources/database-access/enroll-self-hosted-databases/redis/", "permanent": true }, - { - "source": "/database-access/guides/redis-cluster/", - "destination": "/enroll-resources/database-access/enroll-self-hosted-databases/redis-cluster/", - "permanent": true - }, { "source": "/database-access/guides/snowflake/", "destination": "/enroll-resources/database-access/enroll-managed-databases/snowflake/", @@ -1758,6 +1528,11 @@ "destination": "/admin-guides/access-controls/access-request-plugins/ssh-approval-slack/", "permanent": true }, + { + "source": "/access-controls/access-request-plugins/datadog-hosted/", + "destination": "/admin-guides/access-controls/access-request-plugins/datadog-hosted/", + "permanent": true + }, { "source": "/access-controls/access-requests/", "destination": "/admin-guides/access-controls/access-requests/", diff --git a/docs/cspell.json b/docs/cspell.json index d540c37ba1326..9e08456c0f3be 100644 --- a/docs/cspell.json +++ b/docs/cspell.json @@ -863,6 +863,7 @@ "snowsql", "spacectl", "spacelift", + "specoptions", "spfile", "spiffe", "splunkd", diff --git a/docs/img/azuread/azuread-8c-usernameclaim.png b/docs/img/azuread/azuread-8c-usernameclaim.png index c4522140a05e5..884df14c9eca1 100644 Binary files a/docs/img/azuread/azuread-8c-usernameclaim.png and b/docs/img/azuread/azuread-8c-usernameclaim.png differ diff --git a/docs/img/enterprise/plugins/datadog/create-access-request.png b/docs/img/enterprise/plugins/datadog/create-access-request.png new file mode 100644 index 0000000000000..d2ef31d11f2db Binary files /dev/null and b/docs/img/enterprise/plugins/datadog/create-access-request.png differ diff --git a/docs/img/enterprise/plugins/datadog/dashboard-api-keys.png b/docs/img/enterprise/plugins/datadog/dashboard-api-keys.png new file mode 100644 index 0000000000000..3870b86f4307c Binary files /dev/null and b/docs/img/enterprise/plugins/datadog/dashboard-api-keys.png differ diff --git a/docs/img/enterprise/plugins/datadog/dashboard-application-keys.png b/docs/img/enterprise/plugins/datadog/dashboard-application-keys.png new file mode 100644 index 0000000000000..0817fff8801f9 Binary files /dev/null and b/docs/img/enterprise/plugins/datadog/dashboard-application-keys.png differ diff --git a/docs/img/enterprise/plugins/datadog/dashboard-notification-rules.png b/docs/img/enterprise/plugins/datadog/dashboard-notification-rules.png new file mode 100644 index 0000000000000..e5b05fa1339bb Binary files /dev/null and b/docs/img/enterprise/plugins/datadog/dashboard-notification-rules.png differ diff --git a/docs/img/enterprise/plugins/datadog/dashboard-service-accounts.png b/docs/img/enterprise/plugins/datadog/dashboard-service-accounts.png new file mode 100644 index 0000000000000..560f5ebdaa3d3 Binary files /dev/null and b/docs/img/enterprise/plugins/datadog/dashboard-service-accounts.png differ diff --git a/docs/img/enterprise/plugins/datadog/datadog-enrollment.png b/docs/img/enterprise/plugins/datadog/datadog-enrollment.png new file mode 100644 index 0000000000000..42a98db40367f Binary files /dev/null and b/docs/img/enterprise/plugins/datadog/datadog-enrollment.png differ diff --git a/docs/img/enterprise/plugins/datadog/new-access-request-incident.png b/docs/img/enterprise/plugins/datadog/new-access-request-incident.png new file mode 100644 index 0000000000000..610ece461a3c1 Binary files /dev/null and b/docs/img/enterprise/plugins/datadog/new-access-request-incident.png differ diff --git a/docs/img/enterprise/plugins/datadog/review-access-request.png b/docs/img/enterprise/plugins/datadog/review-access-request.png new file mode 100644 index 0000000000000..05a2ab77bd67d Binary files /dev/null and b/docs/img/enterprise/plugins/datadog/review-access-request.png differ diff --git a/docs/img/enterprise/plugins/datadog/select-enrollment.png b/docs/img/enterprise/plugins/datadog/select-enrollment.png new file mode 100644 index 0000000000000..d0957a9bcaeec Binary files /dev/null and b/docs/img/enterprise/plugins/datadog/select-enrollment.png differ diff --git a/docs/img/enterprise/plugins/datadog/teleport-users.png b/docs/img/enterprise/plugins/datadog/teleport-users.png new file mode 100644 index 0000000000000..0d99c7289d237 Binary files /dev/null and b/docs/img/enterprise/plugins/datadog/teleport-users.png differ diff --git a/docs/img/server-access/guides/gcp/access-scopes@2x.png b/docs/img/server-access/guides/gcp/access-scopes@2x.png new file mode 100644 index 0000000000000..354a97b6d8cc5 Binary files /dev/null and b/docs/img/server-access/guides/gcp/access-scopes@2x.png differ diff --git a/docs/img/server-access/guides/gcp/custom-role@2x.png b/docs/img/server-access/guides/gcp/custom-role@2x.png index b98ede3bdacb5..3d048e6434392 100644 Binary files a/docs/img/server-access/guides/gcp/custom-role@2x.png and b/docs/img/server-access/guides/gcp/custom-role@2x.png differ diff --git a/docs/img/workload-identity/intro-diagram.png b/docs/img/workload-identity/intro-diagram.png new file mode 100644 index 0000000000000..04635cfbc355d Binary files /dev/null and b/docs/img/workload-identity/intro-diagram.png differ diff --git a/docs/pages/admin-guides/access-controls/access-monitoring.mdx b/docs/pages/admin-guides/access-controls/access-monitoring.mdx index b1d80d2f3e82a..073072c977ab0 100644 --- a/docs/pages/admin-guides/access-controls/access-monitoring.mdx +++ b/docs/pages/admin-guides/access-controls/access-monitoring.mdx @@ -143,7 +143,7 @@ Below, you can find the IAM permissions that allow the Auth Service to execute A You can use our [Terraform Example](https://github.com/gravitational/teleport/tree/v(=teleport.version=)/examples/athena) to set up Athena and Access Monitoring AWS resources and generate Athena Backend and Access Monitoring Teleport configuration: -```bash +```code $ terraform apply ... access_monitoring: diff --git a/docs/pages/admin-guides/access-controls/access-request-plugins.mdx b/docs/pages/admin-guides/access-controls/access-request-plugins.mdx index e98548fd80f70..a58faf37d635a 100644 --- a/docs/pages/admin-guides/access-controls/access-request-plugins.mdx +++ b/docs/pages/admin-guides/access-controls/access-request-plugins.mdx @@ -29,6 +29,7 @@ The following Access Request plugins are hosted on Teleport Cloud: - PagerDuty - ServiceNow - Slack +- Datadog ## Self-hosting Access Request plugins diff --git a/docs/pages/admin-guides/access-controls/access-request-plugins/datadog-hosted.mdx b/docs/pages/admin-guides/access-controls/access-request-plugins/datadog-hosted.mdx new file mode 100644 index 0000000000000..1baa8b091e0df --- /dev/null +++ b/docs/pages/admin-guides/access-controls/access-request-plugins/datadog-hosted.mdx @@ -0,0 +1,253 @@ +--- +title: Access Requests with Datadog Incident Management +description: How to set up Teleport's Datadog Incident Management plugin for privilege elevation approvals. +--- + +## How it works + +With Teleport's Datadog Incident Management integration, engineers can access the +infrastructure they need to resolve incidents without longstanding admin +permissions that can become a vector for attacks. + +Teleport's Datadog Incident Management integration allows you to treat Teleport +Role Access Requests as Datadog incidents, notify the appropriate on-call team, +and approve or deny the requests via Teleport. + +This guide will explain how to set up Teleport's Access Request plugin for Datadog. + +## Prerequisites + +(!docs/pages/includes/commercial-prereqs-tabs.mdx!) + +- A Datadog account with the role "Datadog Admin Role". The admin role is required to + create a Service Account and generate required credentials for the plugin. + + You can see your role by visiting your user page in Datadog and navigating to + **Personal Settings -> Profile** and checking the value of the **Roles** field. + +- Either a Linux host or Kubernetes cluster where you will run the Datadog plugin. + +- (!docs/pages/includes/tctl.mdx!) + +- Your Teleport user will require the `editor` role or a role that provides permissions + to create Teleport roles and grant them to users. + +## Step 1/6. Create Datadog team + +To demonstrate the Datadog Incident Management plugin, create a team in Datadog. +In the Datadog web UI, navigate to the **Teams** tab and click on **New Team** to +create a new Datadog team. Name it "Teleport Access". + +We will configure the Datadog Incident Management plugin to route certain access +requests to the "Teleport Access" team. + +## Step 2/6. Define RBAC resources + +Before you set up the Datadog Incident Management plugin, you will need to enable +Role Access Requests in your Teleport cluster. + +### Create a requester and reviewer role + +For the purpose of this guide, we will define an `editor-requester` role, which +can request the built-in `editor` role, and an `editor-reviewer` role that can +review requests for the `editor` role. + +In the Teleport WebUI navigate to **Management -> Access -> Roles**. Then select +**Create New Role** and create the desired roles. + + +```yaml +kind: role +version: v7 +metadata: + name: editor-reviewer +spec: + allow: + review_requests: + roles: ['editor'] +--- +kind: role +version: v7 +metadata: + name: editor-requester +spec: + allow: + request: + roles: ['editor'] + thresholds: + - approve: 1 + deny: 1 +``` + +### Create a requester and reviewer user + +First, assign yourself the `editor-reviewer` role. This will allow your user to +review Access Requests for the `editor` role. To edit your user roles navigate to +**Management -> Access -> Users**, then for your user select **Options -> Edit** +and add the `editor-reviewer` role. + +Next, create a user called `myuser@example.com` who has the `editor-requester` role. +Later in this guide, you will create an Access Request as this user to test the +Datadog plugin. To this user, navigate to **Management -> Access -> Users**. Then +select **Enroll Users** and create a user with the `editor-requester` role. + +You should end up with two users that look like this: + +![Teleport Users](../../../../img/enterprise/plugins/datadog/teleport-users.png) + +## Step 3/6. Generate Datadog credentials + +The Access Request plugin for Datadog receives Access Request events from the Teleport +Auth Service, formats them into Datadog incidents, and sends them to the Datadog +API. For this to work, you must provide a valid Datadog API and Application key +to the Teleport plugin. + +### Generate a Datadog API key + +First, in the Datadog web UI navigate to **Organization Settings -> Access -> API Keys** +to view your organization's API keys. To generate a new API key, click on **New Key** +and name it "Teleport Access". Copy the API key to paste in a later step. + +![Datadog dashboard for API Keys](../../../../img/enterprise/plugins/datadog/dashboard-api-keys.png) + +### Create a Datadog Service Account + +Next, navigate to **Organization Settings -> Identity & Accounts -> Service Accounts** +to view your organization's service accounts. To create a new service account, click +on **New Service Account** and name it "Teleport Access". You can provide whatever +email you'd like to associate with the service account, then assign the role +"Datadog Standard Role". This role provides the required permissions necessary to +manage the Teleport Access Request incidents. + +![Datadog dashboard for Service Accounts](../../../../img/enterprise/plugins/datadog/dashboard-service-accounts.png) + +Now click on the "Teleport Access" service account that was just created and click +on the **Application Keys** tab and click on **New Key** and name it "Teleport Access" +to create a new Application key. Copy the Application key to paste in a later step. + +![Datadog dashboard for Application Keys](../../../../img/enterprise/plugins/datadog/dashboard-application-keys.png) + +## Step 4/6. Enroll the Datadog Incident Management plugin + +At this point, you're now ready to enroll the Datadog Incident Management plugin. +Navigate to **Access Management -> Enroll New Integration -> Datadog**. + +![Select enrollment](../../../../img/enterprise/plugins/datadog/select-enrollment.png) + +Provide the API and Application keys generated above. Select the desired API endpoint. +Then provide the Datadog team handle, that you created earlier, as the fallback recipient. +This should be "teleport-access". + +The fallback recipient will be the default recipient for notifications. The recipient +can be a Datadog user email, or a Datadog team handle. You can configure more custom +notification routing rules afterwards using +[Access Monitoring Rules](./notification-routing-rules.mdx). + +![Datadog enrollment](../../../../img/enterprise/plugins/datadog/datadog-enrollment.png) + +If the recipient is a Datadog team, the team name will be added to the Datadog incident +teams attribute. + +The plugin creates incidents and labels them with the recipient team. By default, +the team members won't be notified, you must configure Datadog notification rules +to page the team members. To do so, navigate to **Incidents -> Settings -> Notifications -> Rules** +and create a new rule matching alerts labeled with the recipient team. + +![Datadog dashboard for Incident Notification Rules](../../../../img/enterprise/plugins/datadog/dashboard-notification-rules.png) + +
+ +Users can suggest specific reviewers when they create an Access Request by providing +Datadog user emails, e.g.,: + +```code +$ tsh request create --roles=editor --reviewers=alice@example.com,ivan@example.com +``` + +If an Access Request includes suggested reviewers, the Datadog Incident Management +plugin will add these to the list of users to notify. + +
+ +## Step 5/6. Test your Datadog Incident Management plugin + +### Create an Access Request + +As the Teleport user `myuser@example.com`, create an Access Request for the +`editor` role. Navigate to the **Access Requests** tab and click on +**New Access Request**: + +![New access request](../../../../img/enterprise/plugins/datadog/create-access-request.png) + +In Datadog, you will see a new incident containing information about the +Access Request: + +![Datadog dashboard showing an Access +Request](../../../../img/enterprise/plugins/datadog/new-access-request-incident.png) + +### Resolve the request + +Once you receive an Access Request message, click the link to visit Teleport and +approve or deny the request: + +![Review access request](../../../../img/enterprise/plugins/datadog/review-access-request.png) + + + +When the Datadog plugin sends a notification, anyone who receives the +notification can follow the enclosed link to an Access Request URL. While users +must be authorized via their Teleport roles to review Access Request, you +should still check the Teleport audit log to ensure that the right users are +reviewing the right requests. + +When auditing Access Request reviews, check for events with the type `Access +Request Reviewed` in the Teleport Web UI. + + + +## Step 6/6. Configure Automatic Approvals + +### Setup a Datadog on-call schedule + +To enable automatic approvals for Access Requests, you will need to set up an +on-call schedule for your Datadog team. Navigate to **On-Call -> Teams** and +select **Add Team to On-Call** to set up an on-call schedule for the "Teleport Access" +team. + +### Update Teleport RBAC to support automatic approvals + +Configure the Teleport `editor-requester` role and add the `teleport.dev/schedules` +annotation. The `teleport.dev/schedules` annotation is used to specify on-call +schedules, services, and teams for auto-approval. For the Datadog plugin, this +annotation expects a list of Datadog team handle names. + +Add the "teleport-access" team to the annotation. Access requests made by an +on-call user of this team will be automatically approved. + +```yaml +kind: role +version: v7 +metadata: + name: editor-requester +spec: + allow: + request: + annotations: + teleport.dev/schedules: + - teleport-access + roles: ['editor'] + thresholds: + - approve: 1 + deny: 1 +``` + +### Trigger an auto-approval + +To trigger an auto-approval, login to Teleport as the current on-call user in Datadog, +and create an Access Request for the `editor` role. Automatic approvals requires +that the Teleport username matches the Datadog on-call user email. + +## Next steps + +- Read our guide on [Routing Access Request notifications](./notification-routing-rules.mdx) + to configure custom notification routing rules for your plugin. diff --git a/docs/pages/admin-guides/access-controls/access-request-plugins/ssh-approval-mattermost.mdx b/docs/pages/admin-guides/access-controls/access-request-plugins/ssh-approval-mattermost.mdx index eb44ea5ff3931..dd10deccc0066 100644 --- a/docs/pages/admin-guides/access-controls/access-request-plugins/ssh-approval-mattermost.mdx +++ b/docs/pages/admin-guides/access-controls/access-request-plugins/ssh-approval-mattermost.mdx @@ -101,7 +101,7 @@ Set the "Username", "Display Name", and "Description" fields according to how you would like the Mattermost plugin bot to appear in your workspace. Set "Role" to "Member". -You can download our avatar to set as your Bot Icon. Set "post:all" to "Enabled". @@ -277,7 +277,7 @@ DEBU Mattermost API health check finished ok mattermost/main.go:19 Run the plugin: -```bash +```code $ docker run -v :/etc/teleport-mattermost.toml public.ecr.aws/gravitational/teleport-plugin-mattermost:(=teleport.version=) start ``` diff --git a/docs/pages/admin-guides/access-controls/device-trust/device-management.mdx b/docs/pages/admin-guides/access-controls/device-trust/device-management.mdx index f5f8cccecd44a..35ef6b00286e7 100644 --- a/docs/pages/admin-guides/access-controls/device-trust/device-management.mdx +++ b/docs/pages/admin-guides/access-controls/device-trust/device-management.mdx @@ -144,11 +144,14 @@ integration, like the [Jamf Pro integration](./jamf-integration.mdx). benefit from auto-enrollment. -Enable auto-enrollment in your cluster settings: +Enable auto-enrollment in your cluster settings. To do so, modify the dynamic +config resource using the following command: - - -Modify the dynamic config resource using `tctl edit cluster_auth_preference`: +```code +$ tctl edit cluster_auth_preference +``` + +Make the following change: ```diff kind: cluster_auth_preference @@ -162,22 +165,7 @@ spec: + auto_enroll: true ``` - - -Edit the Auth Server's `teleport.yaml` file: - -```diff -auth_service: - authentication: - # ... - device_trust: -+ auto_enroll: true -``` - -After saving the changes, restart the Teleport service. - - - +Save and close your editor to apply your changes. Once enabled, users with their device registered in Teleport will have their device enrolled to Teleport in their next login. @@ -250,18 +238,14 @@ To configure `ekcert_allowed_cas`, you must first obtain the CA certificate in PEM format from the manufacturer of the TPM included in your devices. This step varies from manufacturer to manufacturer. -After you obtain the CA certificate in PEM format, there are two ways of -configuring `ekcert_allowed_cas`: +After you obtain the CA certificate in PEM format, modify the dynamic config +resource using the following command: -- Statically using the Teleport configuration file. This is the simplest - option, but is not possible for Teleport Cloud clusters and not recommended - for clusters in a highly available configuration. -- Dynamically using `cluster_auth_preference` resource. This works with all - clusters and is the most flexible. +```code +$ tctl edit cluster_auth_preference +``` - - -Modify the dynamic config resource using `tctl edit cluster_auth_preference`: +Make the following change: ```diff kind: cluster_auth_preference @@ -280,27 +264,7 @@ spec: + -----END CERTIFICATE----- ``` - - -Edit the Auth Server's `teleport.yaml` file and restart: - -```diff -auth_service: - authentication: - ... - device_trust: -+ ekcert_allowed_cas: -+ # The CA can be configured inline within the configuration file: -+ - | -+ -----BEGIN CERTIFICATE----- -+ --snip-- -+ -----END CERTIFICATE----- -+ # Or, it can be configured in the configuration file using a path: -+ - /path/to/my/ekcert-ca.pem -``` - - - +Save and close your editor to apply your changes. ## Troubleshooting diff --git a/docs/pages/admin-guides/access-controls/device-trust/enforcing-device-trust.mdx b/docs/pages/admin-guides/access-controls/device-trust/enforcing-device-trust.mdx index 3bb1fff1e7647..9ac5c819060c2 100644 --- a/docs/pages/admin-guides/access-controls/device-trust/enforcing-device-trust.mdx +++ b/docs/pages/admin-guides/access-controls/device-trust/enforcing-device-trust.mdx @@ -96,10 +96,13 @@ accesses. To enable device mode `required` update your configuration as follows: - - -Create a `cap.yaml` file or get the existing configuration using -`tctl get cluster_auth_preference`: +Edit your cluster authentication preference using the following command: + +```code +$ tctl edit cluster_auth_preference +``` + +Make the following change: ```diff kind: cluster_auth_preference @@ -115,39 +118,11 @@ spec: + mode: "required" # add this line ``` -Update the configuration: - -```code -$ tctl create -f cap.yaml -cluster auth preference has been updated -``` - -You can also edit this configuration directly: - -```code -$ tctl edit cluster_auth_preference -``` - - - -Edit the Auth Server's `teleport.yaml` file and restart all Auth Services: - -```diff -auth_service: - authentication: - type: local - second_factor: "on" - webauthn: - rp_id: (=clusterDefaults.clusterName=) - device_trust: -+ mode: "required" # add this line -``` - - - +Save and close your editor to apply your changes. -Once the config is updated, SSH, Database and Kubernetes access without a trusted device will be forbidden. -For example, SSH access without a trusted device fails with the following error: +Once the config is updated, SSH, Database and Kubernetes access without a +trusted device will be forbidden. For example, SSH access without a trusted +device fails with the following error: ```code $ tsh ssh (=clusterDefaults.nodeIP=) diff --git a/docs/pages/admin-guides/access-controls/device-trust/guide.mdx b/docs/pages/admin-guides/access-controls/device-trust/guide.mdx index 51afa55fc5d94..62a3fe88b4db2 100644 --- a/docs/pages/admin-guides/access-controls/device-trust/guide.mdx +++ b/docs/pages/admin-guides/access-controls/device-trust/guide.mdx @@ -173,7 +173,7 @@ The presence of the `teleport-device-*` extensions shows that the device was suc Now, let's try to access server (`(=clusterDefaults.nodeIP=)`) again: -```bash +```code $ tsh ssh root@(=clusterDefaults.nodeIP=) root@(=clusterDefaults.nodeIP=):~# ``` diff --git a/docs/pages/admin-guides/access-controls/guides/impersonation.mdx b/docs/pages/admin-guides/access-controls/guides/impersonation.mdx index 2896bbdfb5444..8916069032136 100644 --- a/docs/pages/admin-guides/access-controls/guides/impersonation.mdx +++ b/docs/pages/admin-guides/access-controls/guides/impersonation.mdx @@ -86,11 +86,6 @@ spec: users: ['jenkins'] roles: ['jenkins'] - # The deny section uses the identical format as the 'allow' section. - # The deny rules always override allow rules. - deny: - node_labels: - '*': '*' ``` Create the `role` resource: @@ -207,12 +202,6 @@ spec: where: > equals(impersonate_role.metadata.labels["group"], "security") && equals(impersonate_user.metadata.labels["group"], "security") - - # The deny section uses the identical format as the 'allow' section. - # The deny rules always override allow rules. - deny: - node_labels: - '*': '*' ``` Create the resources: @@ -285,12 +274,6 @@ spec: where: > contains(user.spec.traits["group"], impersonate_role.metadata.labels["group"]) && contains(user.spec.traits["group"], impersonate_user.metadata.labels["group"]) - - # The deny section uses the identical format as the 'allow' section. - # The deny rules always override allow rules. - deny: - node_labels: - '*': '*' ``` While user traits typically come from an external identity provider, we can test diff --git a/docs/pages/admin-guides/access-controls/guides/mfa-for-admin-actions.mdx b/docs/pages/admin-guides/access-controls/guides/mfa-for-admin-actions.mdx index a3cab5e3e3b5b..809a3b193ba8d 100644 --- a/docs/pages/admin-guides/access-controls/guides/mfa-for-admin-actions.mdx +++ b/docs/pages/admin-guides/access-controls/guides/mfa-for-admin-actions.mdx @@ -56,50 +56,30 @@ WebAuthn is the only form of second factor allowed. for a wider range of cluster configurations. - - - - Edit the `cluster_auth_preference` resource: - - ```code - $ tctl edit cap - ``` - - Update the `cluster_auth_preference` definition to include the following content: - - ```yaml - kind: cluster_auth_preference - version: v2 - metadata: - name: cluster-auth-preference - spec: - type: local - # To make webauthn the only form of second factor allowed, set this field to 'webauthn'. - second_factor: "webauthn" - webauthn: - rp_id: example.com - ``` - - Save and exit the file. `tctl` will update the remote definition: - - ```text - cluster auth preference has been updated - ``` - - - - Edit the Auth Service's `teleport.yaml` file and restart all Auth Service instances: - - ```yaml - # snippet from /etc/teleport.yaml: - auth_service: - authentication: - type: local - # To make webauthn the only form of second factor allowed, set this field to 'webauthn'. - second_factor: "webauthn" - webauthn: - rp_id: example.com - ``` - - - +Edit the `cluster_auth_preference` resource: + +```code +$ tctl edit cap +``` + +Update the `cluster_auth_preference` definition to include the following content: + +```yaml +kind: cluster_auth_preference +version: v2 +metadata: + name: cluster-auth-preference +spec: + type: local + # To make webauthn the only form of second factor allowed, set this field to 'webauthn'. + second_factor: "webauthn" + webauthn: + rp_id: example.com +``` + +Save and exit the file. `tctl` will update the remote definition: + +```text +cluster auth preference has been updated +``` + diff --git a/docs/pages/admin-guides/access-controls/guides/passwordless.mdx b/docs/pages/admin-guides/access-controls/guides/passwordless.mdx index ee373a1215fdd..0b359316911f9 100644 --- a/docs/pages/admin-guides/access-controls/guides/passwordless.mdx +++ b/docs/pages/admin-guides/access-controls/guides/passwordless.mdx @@ -119,54 +119,17 @@ using `tsh login --proxy=example.com --auth=local` in order to get their first passwordless registration. To enable passwordless by default, add `connector_name: passwordless` to your -cluster configuration: +cluster configuration. - - - - - Auth Server `teleport.yaml` file: - - ```yaml - auth_service: - authentication: - type: local - second_factor: on - webauthn: - rp_id: example.com - connector_name: passwordless # passwordless by default - ``` - - - Create a `cap.yaml` file or get the existing configuration using - `tctl get cluster_auth_preference`: - - ```yaml - kind: cluster_auth_preference - version: v2 - metadata: - name: cluster-auth-preference - spec: - type: local - second_factor: "on" - webauthn: - rp_id: example.com - connector_name: passwordless # passwordless by default - ``` - - Update the configuration: - - ```code - $ tctl create -f cap.yaml - # cluster auth preference has been updated - ``` - - - +Edit your cluster authentication preference configuration using the following +command: + +```code +$ tctl edit cluster_auth_preference +``` - -Create a `cap.yaml` file or get the existing configuration using -`tctl get cluster_auth_preference`: +Ensure that the configuration includes the `connector_name` field as shown +below: ```yaml kind: cluster_auth_preference @@ -181,16 +144,6 @@ spec: connector_name: passwordless # passwordless by default ``` -Update the configuration: - -```code -$ tctl create -f cap.yaml -# cluster auth preference has been updated -``` - - - - ## Troubleshooting ### "Allow passwordless logins" doesn't appear @@ -260,55 +213,15 @@ $ tsh webauthnwin diag ### Disable passwordless If you want to forbid passwordless access to your cluster, add `passwordless: -false` to your configuration: +false` to your configuration. Edit your cluster authentication preference using +the following command: - - - - - Auth Server `teleport.yaml` file: - - ```yaml - # snippet from /etc/teleport.yaml: - auth_service: - authentication: - type: local - second_factor: on - webauthn: - rp_id: example.com - passwordless: false # disable passwordless - ``` - - - Create a `cap.yaml` file or get the existing configuration using - `tctl get cluster_auth_preference`: - - ```yaml - kind: cluster_auth_preference - version: v2 - metadata: - name: cluster-auth-preference - spec: - type: local - second_factor: "on" - webauthn: - rp_id: example.com - passwordless: false # disable passwordless - ``` - - Update the configuration: - - ```code - $ tctl create -f cap.yaml - # cluster auth preference has been updated - ``` - - - +```code +$ tctl edit cluster_auth_preference +``` - -Create a `cap.yaml` file or get the existing configuration using -`tctl get cluster_auth_preference`: +In your editor, ensure that your `cluster_auth_preference` includes a +`passwordless` field similar to the following: ```yaml kind: cluster_auth_preference @@ -323,15 +236,7 @@ spec: passwordless: false # disable passwordless ``` -Update the configuration: - -```code -$ tctl create -f cap.yaml -# cluster auth preference has been updated -``` - - - +Save and close your editor to apply your changes. ### Why did my multi-factor authentication (MFA) device become a passkey? diff --git a/docs/pages/admin-guides/access-controls/guides/per-session-mfa.mdx b/docs/pages/admin-guides/access-controls/guides/per-session-mfa.mdx index e09365dd95da0..c2fa8ed63f9ef 100644 --- a/docs/pages/admin-guides/access-controls/guides/per-session-mfa.mdx +++ b/docs/pages/admin-guides/access-controls/guides/per-session-mfa.mdx @@ -56,51 +56,8 @@ Per-session MFA can be enforced cluster-wide or only for some specific roles. ### Cluster-wide - - - To enforce MFA checks for all roles, edit your cluster authentication -configuration: - - - - -Update `teleport.yaml` on the Auth Server to include the following content: - -```yaml -auth_service: - authentication: - # require per-session MFA cluster-wide - require_session_mfa: yes -``` - - - - -Edit your `cluster_auth_preference` resource: - -```code -$ tctl edit cap -``` - -Ensure that the resource contains the following content: - -```yaml -kind: cluster_auth_preference -metadata: - name: cluster-auth-preference -spec: - require_session_mfa: true -version: v2 -``` - -Apply your changes by saving and closing the file in your editor. - - - - - - +configuration. Edit your `cluster_auth_preference` resource: @@ -121,10 +78,6 @@ version: v2 Apply your changes by saving and closing the file in your editor. - - - - ### Per role To enforce MFA checks for a specific role, update the role to contain: diff --git a/docs/pages/admin-guides/access-controls/idps/saml-gcp-workforce-identity-federation.mdx b/docs/pages/admin-guides/access-controls/idps/saml-gcp-workforce-identity-federation.mdx index 7d5ce194631b0..c28c2b66d96df 100644 --- a/docs/pages/admin-guides/access-controls/idps/saml-gcp-workforce-identity-federation.mdx +++ b/docs/pages/admin-guides/access-controls/idps/saml-gcp-workforce-identity-federation.mdx @@ -248,7 +248,7 @@ spec: Replace **pool_name** and **pool_provider_name** values with the workforce pool and pool provider names you used in step 1. Save the spec as **pool_provider_name.yaml** file. And create the saml service provider resource. -```bash +```code $ tctl create pool_provider_name.yaml ``` diff --git a/docs/pages/admin-guides/access-controls/sso/adfs.mdx b/docs/pages/admin-guides/access-controls/sso/adfs.mdx index b75d19bc9b374..d65c7e22bce02 100644 --- a/docs/pages/admin-guides/access-controls/sso/adfs.mdx +++ b/docs/pages/admin-guides/access-controls/sso/adfs.mdx @@ -130,9 +130,10 @@ The login `{{external["http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]}}` configures Teleport to look at the `http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname` -ADFS claim and use that field as an allowed login for each user. Note the -double quotes (`"`) and square brackets (`[]`) around the claim name—these are -important. +attribute and use that field as an allowed login for each user. Since the name +of the attribute contains characters besides letters, numbers, and underscores, +you must use double quotes (`"`) and square brackets (`[]`) around the name of +the attribute. ## Step 3/3. Create a SAML connector diff --git a/docs/pages/admin-guides/access-controls/sso/azuread.mdx b/docs/pages/admin-guides/access-controls/sso/azuread.mdx index 29a77ca537daa..52dd8cc7701c5 100644 --- a/docs/pages/admin-guides/access-controls/sso/azuread.mdx +++ b/docs/pages/admin-guides/access-controls/sso/azuread.mdx @@ -92,14 +92,18 @@ Before you get started, you’ll need: ![Put in Security group claim](../../../../img/azuread/azuread-8b-groupclaim.png) -1. Add a claim that transforms the format of the Azure AD username to lower case, in order to pass it to - Teleport. Set the Source to "Transformation". In the new panel: +1. (optional) Add a claim that transforms the format of the Azure AD username to lower case, in order to use it inside + Teleport roles as the `{{external.username}}` property. + + Set the Source to "Transformation". In the new panel: - Set the Transformation value to "Extract()" - Set the Attribute name to `user.userprincipalname`. - - Set the Value to `ToLowercase()`. + - Set the Value to `@`. + + - Click "Add Transformation" and set the Transformation to `ToLowercase()`. ![Add a transformed username](../../../../img/azuread/azuread-8c-usernameclaim.png) @@ -173,10 +177,7 @@ $ tctl create -f azure-connector.yaml Create a Teleport role resource that will use external username data from the Azure AD connector to determine which Linux logins to allow on a host. -Users with the following `dev` role are only allowed to log in to nodes with -the `access: relaxed` Teleport label. They can log in as either `ubuntu` or a -username that is passed in from the Azure AD connector. Users with this role can't -obtain admin access to Teleport. +Create a file called `dev.yaml` with the following content: ```yaml kind: role @@ -187,12 +188,27 @@ spec: options: max_session_ttl: 24h allow: - logins: [ "{{external.username}}", ubuntu ] + # only allow login as either ubuntu or the 'windowsaccountname' claim + logins: [ '{{external["http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]}}', ubuntu ] node_labels: access: relaxed ``` -Replace `ubuntu` with the Linux login available on your servers. +Users with the `dev` role are only allowed to log in to nodes with the `access: +relaxed` Teleport label. They can log in as either `ubuntu` or a username that +is passed in from the Azure AD connector using the `windowsaccountname` +attribute. + +The login +`{{external["http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]}}` +configures Teleport to look at the +`http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname` +attribute and use that field as an allowed login for each user. Since the name +of the attribute contains characters besides letters, numbers, and underscores, +you must use double quotes (`"`) and square brackets (`[]`) around the name of +the attribute. + +Create the role: ```code $ tctl create dev.yaml diff --git a/docs/pages/admin-guides/admin-guides.mdx b/docs/pages/admin-guides/admin-guides.mdx new file mode 100644 index 0000000000000..6ee7b110f6d83 --- /dev/null +++ b/docs/pages/admin-guides/admin-guides.mdx @@ -0,0 +1,6 @@ +--- +title: Teleport Admin Guides +description: Provides step-by-step instructions for completing administrative tasks in Teleport. +--- + +(!toc!) diff --git a/docs/pages/admin-guides/infrastructure-as-code/terraform-provider/dedicated-server.mdx b/docs/pages/admin-guides/infrastructure-as-code/terraform-provider/dedicated-server.mdx index 66861e260297e..3afb79ea87035 100644 --- a/docs/pages/admin-guides/infrastructure-as-code/terraform-provider/dedicated-server.mdx +++ b/docs/pages/admin-guides/infrastructure-as-code/terraform-provider/dedicated-server.mdx @@ -53,7 +53,7 @@ At this point, `tbot` is installed and configured on the machine that will run T Use the `tctl bots update` command to add the role to the Bot. Replace `example` with the name of the Bot you created in the deployment guide. -```bash +```code $ tctl bots update example --add-roles terraform-provider ``` diff --git a/docs/pages/admin-guides/infrastructure-as-code/terraform-starter/enroll-resources.mdx b/docs/pages/admin-guides/infrastructure-as-code/terraform-starter/enroll-resources.mdx index f9ba0a9859851..b28896b42033b 100644 --- a/docs/pages/admin-guides/infrastructure-as-code/terraform-starter/enroll-resources.mdx +++ b/docs/pages/admin-guides/infrastructure-as-code/terraform-starter/enroll-resources.mdx @@ -360,7 +360,6 @@ provider "aws" { provider "teleport" { # Update addr to point to your Teleport Enterprise (managed) tenant URL's host:port addr = PROXY_SERVICE_ADDRESS - identity_file_path = "terraform-identity/identity" } ``` @@ -396,7 +395,6 @@ provider "google" { provider "teleport" { # Update addr to point to your Teleport Enterprise (managed) tenant URL's host:port addr = PROXY_SERVICE_ADDRESS - identity_file_path = "terraform-identity/identity" } ``` @@ -427,7 +425,6 @@ terraform { } provider "teleport" { - identity_file_path = "terraform-identity/identity" # Update addr to point to your Teleport Cloud tenant URL's host:port addr = PROXY_SERVICE_ADDRESS } diff --git a/docs/pages/admin-guides/management/diagnostics/metrics.mdx b/docs/pages/admin-guides/management/diagnostics/metrics.mdx index bbea5111e27bd..08acf7acca448 100644 --- a/docs/pages/admin-guides/management/diagnostics/metrics.mdx +++ b/docs/pages/admin-guides/management/diagnostics/metrics.mdx @@ -1,11 +1,20 @@ --- -title: Metrics -description: How to enable and consume metrics +title: Key Metrics for Self-Hosted Clusters +description: Describes important metrics to monitor if you are self-hosting Teleport. +tocDepth: 3 --- -Teleport exposes metrics for all of its components, helping you get insight -into the state of your cluster. This guide explains the metrics that you can -collect from your Teleport cluster. +This guide explains the metrics you should use to get started monitoring your +self-hosted Teleport cluster, focusing on metrics reported by the Auth Service +and Proxy Service. If you use Teleport Enterprise (Cloud), the Teleport team +monitors and responds to these metrics for you. + +For a reference of all available metrics, see the [Teleport Metrics +Reference](../../../reference/monitoring/metrics.mdx). + +This guide assumes that you already monitor compute resources on all instances +that run the Teleport Auth Service and Proxy Service (e.g., CPU, memory, disk, +bandwidth, and open file descriptors). ## Enabling metrics @@ -14,12 +23,183 @@ collect from your Teleport cluster. This will enable the `http://127.0.0.1:3000/metrics` endpoint, which serves the metrics that Teleport tracks. It is compatible with [Prometheus](https://prometheus.io/) collectors. -The following metrics are available: +## Backend operations + +A Teleport cluster cannot function if the Auth Service does not have a healthy +cluster state backend. You need to track the ability of the Auth Service to read +from and write to its backend. + +The Auth Service can connect to [several possible +backends](../../../reference/backends.mdx). In addition to Teleport backend +metrics, you should set up monitoring for your backend of choice so that, if +these metrics show problematic values, you can correlate them with metrics on +your backend infrastructure. + +### Backend operation throughput and availability + +On each backend operation, the Auth Service increments a metric. Backend +operation metrics have the following format: + +```text +teleport_backend_[_failed]_total +``` + +If an operation results in an error, the Auth Service adds the `_failed` segment +to the metric name. For example, successfully creating a record increments the +`teleport_backend_write_requests_total` metric. If the create operation fails, +the Auth Service increments `teleport_backend_write_requests_failed_total` +instead. + +The following backend operation metrics are available: + +|Operation|Incremented metric name| +|---|---| +|Create an item|`write_requests`| +|Modify an item, creating it if it does not exist|`write_requests`| +|Update an item|`write_requests`| +|Conditionally update an item if versions match|`write_requests`| +|List a range of items|`batch_read_requests`| +|Get a single item|`read_requests`| +|Compare and swap items|`write_requests`| +|Delete an item|`write_requests`| +|Conditionally delete an item if versions match|`write_requests`| +|Write a batch of updates atomically, failing the write if any update fails|Both `write_requests` and `atomic_write_requests`| +|Delete a range of items|`batch_write_requests`| +|Update the keepalive status of an item|`write_requests`| + +During failed backend writes, a Teleport process also increments the +`backend_write_requests_failed_precondition_total` metric if the cause of the +failure is expected. For example, the metric increments during a create +operation if a record already exists, during an update or delete operation if +the record is not found, and during an atomic write if the resource was modified +concurrently. All of these conditions can hold in a well-functioning Teleport +cluster. + +`backend_write_requests_failed_precondition_total` increments whenever +`backend_write_requests_failed_total` increments, and you can use it to +distinguish potentially expected write failures from unexpected, problematic +ones. + +You can use backend operation metrics to define an availability formula, i.e., +the percentage of reads or writes that succeeded. For example, in Prometheus, +you can define a query similar to the following. This takes the percentage of +write requests that failed for unexpected reasons and subtracts it from 1 to get +a percentage of successful writes: + +``` +1- (sum(rate(backend_write_requests_failed_total -sum(rate(teleport_backend_write_requests_failed_precondition_total)) / sum(rate(backend_write_requests_total)) +``` + +If your backend begins to appear unavailable, you can investigate your backend +infrastructure. + +### Backend operation performance + +To help you track backend operation performance, the Auth Service also exposes +Prometheus [histogram metrics](https://prometheus.io/docs/practices/histograms/) +for read and write operations: + +- `teleport_backend_read_seconds_bucket` +- `teleport_backend_write_seconds_bucket` +- `teleport_backend_batch_write_seconds_bucket` +- `teleport_backend_batch_read_seconds_bucket` +- `teleport_backend_atomic_write_seconds_bucket` + +The backend throughput metrics discussed in the previous section map on to +latency metrics. Whenever the Auth Service increments one of the throughput +metrics, it reports one of the corresponding latency metrics. See the table +below for which throughput metrics map to which latency metrics. Each metric +name excludes the standard prefixes and suffixes. + +|Throughput|Latency| +|---|---| +|`read_requests`|`read_seconds_bucket`| +|`read_requests`|`write_seconds_bucket`| +|`batch_read_requests`|`batch_write_seconds_bucket`| +|`batch_write_requests`|`batch_read_seconds_bucket`| +|`atomic_write_requests`|`atomic_write_seconds_bucket`| + +## Agents and connected resources + +To enable users to access most infrastructure with Teleport, you must join a +[Teleport Agent](../../../enroll-resources/agents/agents.mdx) to your Teleport +cluster and configure it to proxy your infrastructure. In a typical setup, an +Agent establishes an SSH reverse tunnel with the Proxy Service. User traffic to +Teleport-protected resources flows through the Proxy Service, an Agent, and +finally the infrastructure resource the Agent proxies. Return traffic from the +resource takes this path in reverse. + +### Number of connected resources by type + +Teleport-connected resources periodically send heartbeat (keepalive) messages to +the Auth Service. The Auth Service uses these heartbeats to track the number of +Teleport-protected resources by type with the `teleport_connected_resources` +metric. + +The Auth Service tracks this metric for the following resources: + +- SSH servers +- Kubernetes clusters +- Applications +- Databases +- Teleport Database Service instances +- Windows desktops + +You can use this metric to: +- Compare the number of resources that are protected by Teleport with those that + are not so you can plan your Teleport rollout, e.g., by configuring [Auto + Discovery](../../../enroll-resources/auto-discovery/auto-discovery.mdx). +- Correlate changes in Teleport usage with resource utilization on Auth Service + and Proxy Service compute instances to determine scaling needs. + +You can include this query in your Grafana configuration to break this metric +down by resource type: + +```text +sum(teleport_connected_resources) by (type) +``` + +### Reverse tunnels by type + +Every Teleport service that starts up establishes an SSH reverse tunnel to the +Proxy Service. (Self-hosted clusters can configure Agent services to connect to +the Auth Service directly without establishing a reverse tunnel.) The Proxy +Service tracks the number of reverse tunnels using the metric, +`teleport_reverse_tunnels_connected`. + +With an improperly scaled Proxy Service pool, the Proxy Service can become a +bottleneck for traffic to Teleport-protected resources. If Proxy Service +instances display heavy utilization of compute resources while the number of +connected infrastructure resources is high, you can consider scaling out your +Proxy Service pool and using [Proxy Peering](../operations/proxy-peering.mdx). + +Use the following Grafana query to track the maximum number of reverse tunnels +by type over a given interval: + +```text +max(teleport_reverse_tunnels_connected) by (type)) +``` + +## Teleport instance versions + +At regular intervals (around 7 seconds with jitter), the Auth Service refreshes +its count of registered Teleport instances, including Agents and Teleport +processes that run the Auth Service and Proxy Service. You can measure this +count with the metric, `teleport_registered_servers`. To get the number of +registered instances by version, you can use this query in Grafana: - +```text +sum by (version)(teleport_registered_servers) +``` - Teleport Cloud does not expose monitoring endpoints for the Auth Service and Proxy Service. +You can use this metric to tell how many of your registered Teleport instances +are behind the version of the Auth Service and Proxy Service, which can help you +identify any that are at risk of violating the Teleport [version compatibility +guarantees](../../../upgrading/overview.mdx). - +We strongly encourage self-hosted Teleport users to enroll their Agents in +automatic updates. You can track the count of Teleport Agents that are not +enrolled in automatic updates using the metric, `teleport_enrolled_in_upgrades`. +[Read the documentation](../../../upgrading/automatic-agent-updates.mdx) for how +to enroll Agents in automatic updates. -(!docs/pages/includes/metrics.mdx!) \ No newline at end of file diff --git a/docs/pages/admin-guides/management/guides/ec2-tags.mdx b/docs/pages/admin-guides/management/guides/ec2-tags.mdx index e89eddfdcb0e2..382648e966b1e 100644 --- a/docs/pages/admin-guides/management/guides/ec2-tags.mdx +++ b/docs/pages/admin-guides/management/guides/ec2-tags.mdx @@ -12,7 +12,7 @@ so newly created or deleted tags will be reflected in the labels. If the tag `TeleportHostname` (case-sensitive) is present, its value will override the node's hostname. -```bash +```code $ tsh ls Node Name Address Labels -------------------- -------------- ----------------------------------------------------------------------------------------------------------------------- diff --git a/docs/pages/admin-guides/management/guides/gcp-tags.mdx b/docs/pages/admin-guides/management/guides/gcp-tags.mdx index 33b50406d9a0f..36b3bbb2dbabc 100644 --- a/docs/pages/admin-guides/management/guides/gcp-tags.mdx +++ b/docs/pages/admin-guides/management/guides/gcp-tags.mdx @@ -20,7 +20,7 @@ so newly created or deleted tags will be reflected in the labels. If the GCP label `TeleportHostname` (case-sensitive) is present, its value will override the node's hostname. This does not apply to GCP tags. -```bash +```code $ tsh ls Node Name Address Labels -------------------- -------------- ------------------------------------------------------------------------------------------- diff --git a/docs/pages/admin-guides/management/security/client-timeout.mdx b/docs/pages/admin-guides/management/security/client-timeout.mdx new file mode 100644 index 0000000000000..bb06ae6ff34bd --- /dev/null +++ b/docs/pages/admin-guides/management/security/client-timeout.mdx @@ -0,0 +1,86 @@ +--- +title: Securing Sessions with Client Timeout Enforcement +description: How to implement idle client timeouts. +--- + +The `client_idle_timeout` in Teleport is a configurable setting that helps improve security by terminating inactive sessions after a specified period. It can be applied globally or per role, +allowing for flexibility based on your organization's security policies. The `client_idle_timeout` configuration ensures that SSH sessions, desktop sessions, kubectl exec or database +connections that remain inactive for a certain period of time are automatically terminated. This helps to mitigate risks associated with unattended sessions, such as unauthorized access. + +## Use cases + +- Security compliance: Many organizations require idle timeout enforcement as part of their security policies, ensuring that inactive sessions are not left open. +- Risk mitigation: If users forget to disconnect from a session, an idle timeout ensures that they are logged out automatically after a set period of inactivity, reducing the risk of unauthorized access. + +## How it works +Teleport monitors user activity, such as key presses or mouse movement in desktop sessions, or network traffic from ssh or database connections. +If there is no detected activity for the duration defined by `client_idle_timeout`, the session is terminated, forcing the user to reconnect. + +## Configuration +The `client_idle_timeout` can be configured globally or per role, giving administrators flexibility in how they apply client idle timeout rules. + +### Global configuration (applies to all users) + +You can set the `client_idle_timeout` globally in the Teleport cluster configuration (`teleport.yaml`) under the `auth_service` section: + +```yaml +auth_service: + client_idle_timeout: 15m +``` +This example configures a global client idle timeout of **15 minutes**. After 15 minutes of client inactivity, the session will be terminated. + + +If you are a cloud customer, you will need to modify these settings using dynamic configuration. + +Log in and use the `tctl` admin tool: + +```code +$ tsh login --proxy=myinstance.teleport.sh +$ tctl status +``` + +Obtain your existing `cluster_auth_preference` resource: + +```code +$ tctl get cap > cap.yaml +``` + +Include `client_idle_timeout` in `cap.yaml`: + +```yaml +kind: cluster_auth_preference +metadata: + name: cluster-auth-preference +spec: + options: + client_idle_timeout: 30m # Set your desired timeout value +``` + +Create the `cluster_auth_preference` resource via `tctl`: + +```code +$ tctl create -f cap.yaml +``` + +You should then see the following output: + +```code +$ cluster auth preference has been created +``` + +### Per-role configuration (applies to specific users or groups) + +You can also specify the timeout on a per-role basis, allowing different users or groups to have different timeout settings. For example, you might want a shorter timeout for higher-privileged roles. + +```yaml +kind: role +version: v3 +metadata: + name: admin-role +spec: + options: + client_idle_timeout: 10m +``` + +## Default behavior +If the `client_idle_timeout` is not set, sessions will not automatically close due to inactivity unless other timeout policies (like `disconnect_expired_cert`) are applied. diff --git a/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx b/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx index cb35dc9c2c067..2aae7cd963fb5 100644 --- a/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx +++ b/docs/pages/admin-guides/teleport-policy/integrations/aws-sync.mdx @@ -60,12 +60,13 @@ graphical representation thereof. ## Prerequisites - A running Teleport Enterprise cluster v14.3.9/v15.2.0 or later. -- For self-hosted clusters, an updated `license.pem` with Teleport Policy enabled. -- For self-hosted clusters, a running Access Graph node v1.17.0 or later. -Check [Access Graph page](../teleport-policy.mdx) for details on +- Teleport Policy enabled for your account. +- For self-hosted clusters: + - Ensure that an up-to-date `license.pem` is used in the Auth Service configuration. + - A running Access Graph node v1.17.0 or later. +Check the [Teleport Policy page](../teleport-policy.mdx) for details on how to set up Access Graph. -- The node running the Access Graph service must be reachable -from Teleport Auth Service and Discovery Service. + - The node running the Access Graph service must be reachable from the Teleport Auth Service. ## Step 1/2. Configure Discovery Service (Self-hosted only) diff --git a/docs/pages/admin-guides/teleport-policy/integrations/entra-id.mdx b/docs/pages/admin-guides/teleport-policy/integrations/entra-id.mdx index 67d9736ed8ff2..da9b9e7feff9b 100644 --- a/docs/pages/admin-guides/teleport-policy/integrations/entra-id.mdx +++ b/docs/pages/admin-guides/teleport-policy/integrations/entra-id.mdx @@ -35,11 +35,12 @@ These resources are then visualized using the graph representation detailed in t - A running Teleport Enterprise cluster v15.4.2/v16.0.0 or later. - Teleport Identity and Teleport Policy enabled for your account. - - For self-hosted clusters, ensure that an up-to-date `license.pem` is used in the Auth Service configuration. -- For self-hosted clusters, a running Access Graph node v1.21.3 or later. +- For self-hosted clusters: + - Ensure that an up-to-date `license.pem` is used in the Auth Service configuration. + - A running Access Graph node v1.21.3 or later. Check the [Teleport Policy page](../teleport-policy.mdx) for details on how to set up Access Graph. -- The node running the Access Graph service must be reachable from the Teleport Auth Service. + - The node running the Access Graph service must be reachable from the Teleport Auth Service. - Your user must have privileged administrator permissions in the Azure account To verify that Access Graph is set up correctly for your cluster, sign in to the Teleport Web UI and navigate to the Management tab. diff --git a/docs/pages/admin-guides/teleport-policy/integrations/gitlab.mdx b/docs/pages/admin-guides/teleport-policy/integrations/gitlab.mdx index 83cc193507070..3a25ef7ad225f 100644 --- a/docs/pages/admin-guides/teleport-policy/integrations/gitlab.mdx +++ b/docs/pages/admin-guides/teleport-policy/integrations/gitlab.mdx @@ -46,13 +46,14 @@ graphical representation thereof. ## Prerequisites - A running Teleport Enterprise cluster v14.3.20/v15.3.1/v16.0.0 or later. -- For self-hosted clusters, an updated `license.pem` with Teleport Policy enabled. -- For self-hosted clusters, a running Access Graph node v1.21.4 or later. -Check [Access Graph page](../teleport-policy.mdx) for details on -how to set up Access Graph. -- For self-hosted clusters, the node running the Access Graph service must be reachable -from Teleport Auth Service. +- Teleport Policy enabled for your account. - A GitLab instance running GitLab v9.0 or later. +- For self-hosted clusters: + - Ensure that an up-to-date `license.pem` is used in the Auth Service configuration. + - A running Access Graph node v1.21.4 or later. +Check the [Teleport Policy page](../teleport-policy.mdx) for details on +how to set up Access Graph. + - The node running the Access Graph service must be reachable from the Teleport Auth Service. ## Step 1/3. Create GitLab token diff --git a/docs/pages/admin-guides/teleport-policy/integrations/ssh-keys-scan.mdx b/docs/pages/admin-guides/teleport-policy/integrations/ssh-keys-scan.mdx index 8aa1b8eac451a..8c50d3ad2da9d 100644 --- a/docs/pages/admin-guides/teleport-policy/integrations/ssh-keys-scan.mdx +++ b/docs/pages/admin-guides/teleport-policy/integrations/ssh-keys-scan.mdx @@ -70,15 +70,16 @@ It also never sends the private key path or any other sensitive information. ## Prerequisites - A running Teleport Enterprise cluster v15.4.16/v16.2.0 or later. -- For self-hosted clusters, an updated `license.pem` with Teleport Policy enabled. -- For self-hosted clusters, a running Access Graph node v1.22.0 or later. -Check [Access Graph page](../teleport-policy.mdx) for details on -how to set up Access Graph. -- For self-hosted clusters, the node running the Access Graph service must be reachable -from Teleport Auth Service. +- Teleport Policy enabled for your account. - A Linux/macOS server running the Teleport SSH Service. - Devices enrolled in the [Teleport Device Trust feature](../../access-controls/device-trust.mdx). - For Jamf Pro integration, devices must be enrolled in Jamf Pro and have the signed `tsh` binary installed. +- For self-hosted clusters: + - Ensure that an up-to-date `license.pem` is used in the Auth Service configuration. + - A running Access Graph node v1.22.0 or later. +Check the [Teleport Policy page](../teleport-policy.mdx) for details on +how to set up Access Graph. + - The node running the Access Graph service must be reachable from the Teleport Auth Service. ## Step 1/3. Enable SSH Key Scanning diff --git a/docs/pages/connect-your-client/connect-your-client.mdx b/docs/pages/connect-your-client/connect-your-client.mdx new file mode 100644 index 0000000000000..844e0a9d842dc --- /dev/null +++ b/docs/pages/connect-your-client/connect-your-client.mdx @@ -0,0 +1,6 @@ +--- +title: Teleport User Guides +description: Provides instructions to help users connect to infrastructure resources with Teleport. +--- + +(!toc!) diff --git a/docs/pages/connect-your-client/gui-clients.mdx b/docs/pages/connect-your-client/gui-clients.mdx index c1a46aae5f789..5c2bd78bcdace 100644 --- a/docs/pages/connect-your-client/gui-clients.mdx +++ b/docs/pages/connect-your-client/gui-clients.mdx @@ -30,7 +30,7 @@ You won't need to configure any credentials when connecting to this tunnel. Here is an example on how to start the proxy: -```bash +```code # Start the local proxy. $ tsh proxy db --tunnel Started authenticated tunnel for the database "" in cluster "" on 127.0.0.1:62652. diff --git a/docs/pages/connect-your-client/putty-winscp.mdx b/docs/pages/connect-your-client/putty-winscp.mdx index bf221422b9afe..c39f7403a2b4e 100644 --- a/docs/pages/connect-your-client/putty-winscp.mdx +++ b/docs/pages/connect-your-client/putty-winscp.mdx @@ -49,16 +49,16 @@ To add saved sessions to PuTTY: 1. Sign into a Teleport cluster using the `tsh login` command: -```bash -C:\Users\gus>tsh login --proxy=teleport.example.com +```code +$ tsh login --proxy=teleport.example.com ``` This command retrieves your user certificates and saves them in a local file in the `%USERPROFILE%/.tsh` directory. 2. List SSH nodes that the user can connect to inside the cluster: -```bash -C:\Users\gus>tsh ls +```code +$ tsh ls Node Name Address Labels ----------------------------------- -------------- ---------------------------- ip-172-31-30-140 127.0.0.1:3022 company=acmecorp,env=aws,... @@ -71,8 +71,8 @@ ip-172-31-8-63 172.31.8.63:22 type=openssh For example, you can add a saved session for the login `ubuntu` on the node `ip-172-31-30-140` to the Windows registry by running the following command: -```bash -C:\Users\gus>tsh puttyconfig ubuntu@ip-172-31-30-140 +```code +$ tsh puttyconfig ubuntu@ip-172-31-30-140 Added PuTTY session for ubuntu@ip-172-31-30-140 [proxy:teleport.example.com] ``` @@ -82,8 +82,8 @@ If you are adding a session for a registered OpenSSH node within your cluster (a [`teleport join openssh`](../enroll-resources/server-access/openssh/openssh-agentless.mdx)), you must specify the `sshd` port (usually 22) when adding a session with `tsh puttyconfig`: -```bash -C:\Users\gus>tsh puttyconfig --port 22 ubuntu@ip-172-31-8-63 +```code +$ tsh puttyconfig --port 22 ubuntu@ip-172-31-8-63 Added PuTTY session for ubuntu@ip-172-31-8-63 [proxy:teleport.example.com] ``` @@ -94,8 +94,8 @@ You can also use `tsh puttyconfig user@host:22` if you prefer. 1. Sign into a Teleport cluster using the `tsh login` command: -```bash -C:\Users\gus>tsh login --proxy=mytenant.teleport.sh +```code +$ tsh login --proxy=mytenant.teleport.sh ``` This command retrieves your user certificates and saves them in a local file in the `%USERPROFILE%/.tsh` directory. @@ -103,7 +103,7 @@ This command retrieves your user certificates and saves them in a local file in 2. List SSH nodes that the user can connect to inside the cluster: ``` -C:\Users\gus>tsh ls +$ tsh ls Node Name Address Labels ----------------------------------- -------------- ---------------------------- ip-172-31-30-140 ⟵ Tunnel company=acmecorp,env=aws,... @@ -115,8 +115,8 @@ ip-172-31-34-128.us-east-2.compu... ⟵ Tunnel access=open,enhanced_reco... For example, you can add a saved session for the login `ubuntu` on the node `ip-172-31-30-140` to the Windows registry by running the following command: -```bash -C:\Users\gus>tsh puttyconfig ubuntu@ip-172-31-30-140 +```code +$ tsh puttyconfig ubuntu@ip-172-31-30-140 Added PuTTY session for ubuntu@ip-172-31-30-140 [proxy:mytenant.teleport.sh] ``` @@ -154,8 +154,8 @@ recording of the session after you stop the session and disconnect from the host To list available leaf clusters, run the following command: -```bash -C:\Users\gus>tsh clusters +```code +$ tsh clusters Cluster Name Status Cluster Type Labels Selected ----------------- ------ ------------ ------ -------- teleport.example.com online root * @@ -167,8 +167,8 @@ You can access a leaf cluster in a PuTTY session by adding the `--leaf tsh puttyconfig --leaf example.teleport.sh ec2-user@ip-172-31-34-128.us-east-2.compute.internal +```code +$ tsh puttyconfig --leaf example.teleport.sh ec2-user@ip-172-31-34-128.us-east-2.compute.internal Added PuTTY session for ec2-user@ip-172-31-34-128.us-east-2.compute.internal [leaf:example.teleport.sh,proxy:teleport.example.com] ``` diff --git a/docs/pages/connect-your-client/tsh.mdx b/docs/pages/connect-your-client/tsh.mdx index 74a94a0f2b11b..5ae4efce0eff4 100644 --- a/docs/pages/connect-your-client/tsh.mdx +++ b/docs/pages/connect-your-client/tsh.mdx @@ -892,7 +892,7 @@ aliases: The alias substitution happens before the command line flags are fully parsed. This means that it is not affected by the `--debug` flag. To troubleshoot your aliases, set the `TELEPORT_DEBUG=1` environment variable instead. This will cause the `tsh` logs to be printed to the console: -```bash +```code $ TELEPORT_DEBUG=1 tsh status DEBU [TSH] Self re-exec command: tsh [status --format=json]. tsh/aliases.go:203 ... @@ -942,13 +942,14 @@ the session recording backend. This requires either a self-hosted Teleport cluster or [external audit storage](../admin-guides/management/external-audit-storage.mdx). -The `tsh play` command can print recordings in three formats, depending on the +The `tsh play` command can print recordings in several formats, depending on the kind of resource the recorded session interacts with. To choose a format, use the `--format` flag of `tsh play`: | `--format` value | Supported resources | Description | |------------------|---------------------|-------------| | `pty` (default) | Servers, Kubernetes clusters | `tsh` opens a pseudo-terminal to play each command executed in the session. | +| `text` | Servers, Kubernetes clusters | `tsh` dumps the entire recording directly to standard out. Timing data is ignored. | | `json` | Servers, Kubernetes clusters, applications, databases | `tsh` prints a JSON-serialized list of audit events, separated by newlines. | | `yaml` | Servers, Kubernetes clusters, applications, databases | `tsh` prints a YAML-serialized list of audit events, separated by `---` characters. | @@ -1064,7 +1065,7 @@ aliases: To troubleshoot aliases, set the `TELEPORT_DEBUG=1` environment variable. This will cause detailed logs to be printed to standard error: -```bash +```code $ TELEPORT_DEBUG=1 tsh status DEBU [TSH] Self re-exec command: tsh [status --format=json]. tsh/aliases.go:203 ... @@ -1136,7 +1137,7 @@ the corresponding cli value will be set. If leaf certificates are required to connect to the node, `tsh` automatically retrieves leaf certificates from the root cluster: -```bash +```code $ tsh ssh -J {{proxy}} node1.leaf1 # becomes $ tsh ssh -J leaf1.eu.example.com:443 --cluster leaf1 node1 @@ -1144,7 +1145,7 @@ $ tsh ssh -J leaf1.eu.example.com:443 --cluster leaf1 node1 If there is no template matched, an error is returned. -```bash +```code $ tsh ssh -J {{proxy}} node1.none.example.com ERROR: proxy jump contains {{proxy}} variable but did not match any of the templates in tsh config ``` @@ -1154,7 +1155,7 @@ attempts to match a template, but won't fail if there isn't a match. Additionally, `tsh` won't replace the `proxy` value if it's explicitly set by the client: -```bash +```code $ tsh ssh -J leaf2.us.example.com:443 node1.leaf2 # becomes $ tsh ssh -J leaf2.us.example.com:443 --cluster leaf2 node1 @@ -1171,7 +1172,7 @@ Host *.example.com As a result, you can use `tsh ssh` and `ssh` interchangeably. -```bash +```code $ tsh ssh node1.leaf1 # is equivalent to $ ssh node1.leaf1 diff --git a/docs/pages/connect-your-client/web-ui.mdx b/docs/pages/connect-your-client/web-ui.mdx index 22b8c6202d1d5..be05318f09d57 100644 --- a/docs/pages/connect-your-client/web-ui.mdx +++ b/docs/pages/connect-your-client/web-ui.mdx @@ -40,9 +40,6 @@ interacted with any Web UI browser tab, either through keyboard input or mouse m To change the default idle timeout of 10 minutes, ask your cluster admin to adjust the `web_idle_timeout` setting in the Auth Service configuration. - - - Use `tctl` to edit the `cluster_networking_config` value: ```code @@ -68,15 +65,3 @@ After you save and exit the editor, `tctl` will update the resource: cluster networking configuration has been updated ``` - - - -Update `/etc/teleport.yaml` in the `auth_service` section and restart the `teleport` daemon. - -```yaml -auth_service: - web_idle_timeout: 10m0s -``` - - - diff --git a/docs/pages/enroll-resources/application-access/cloud-apis/aws-console.mdx b/docs/pages/enroll-resources/application-access/cloud-apis/aws-console.mdx index bf028b33bbff5..6f4922c96041c 100644 --- a/docs/pages/enroll-resources/application-access/cloud-apis/aws-console.mdx +++ b/docs/pages/enroll-resources/application-access/cloud-apis/aws-console.mdx @@ -746,7 +746,7 @@ introduced them: If you are using `tsh proxy aws` or if your `tsh` version does not contain the above fixes, add the following domain to the `NO_PROXY` environment variable before running `tsh` commands to ensure the WebSocket connections bypass `tsh`: -```bash +```code export NO_PROXY=ssmmessages.us-west-1.amazonaws.com ``` diff --git a/docs/pages/enroll-resources/application-access/okta/scim-only.mdx b/docs/pages/enroll-resources/application-access/okta/scim-only.mdx index 7e005dccbec96..ea8adfab2183f 100644 --- a/docs/pages/enroll-resources/application-access/okta/scim-only.mdx +++ b/docs/pages/enroll-resources/application-access/okta/scim-only.mdx @@ -57,7 +57,7 @@ Run the following `tctl` command to install the SCIM integration. -```bash +```code $ tctl plugins install okta \ --org https://trial-12356.okta.com \ --saml-connector "${SAML_CONNECTOR_NAME}" \ @@ -75,7 +75,7 @@ SCIM Bearer Token: 1234567891234567891234567890 -```bash +```code $ tctl plugins install okta \ --org https://trial-12356.okta.com \ --saml-connector "${SAML_CONNECTOR_NAME}" \ @@ -125,7 +125,7 @@ with a subset and/or mapped version of the full User profile. You can delete the SCIM integration via the Integrations page in the Teleport UI, or with tctl like so: -```bash +```code $ tctl plugins delete okta ``` @@ -138,7 +138,7 @@ You can semi-manually delete all SCIM-provisioned users using a combination of tctl and jq. For example: -```bash +```code tctl get users --format=json \ | jq '.[] | select(.metadata.labels["teleport.dev/origin"] == "okta") | .metadata.name' -r \ | xargs -L 1 tctl users rm diff --git a/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx b/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx index 97bbf596fb3dc..b26f94f22566c 100644 --- a/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx +++ b/docs/pages/enroll-resources/auto-discovery/kubernetes/google-cloud.mdx @@ -454,8 +454,18 @@ value, `gke`. #### `discovery_service.gcp[0].project_ids` In your matcher, replace `myproject` with the ID of your Google Cloud project. -The `project_ids` field must include at least one value, and it must not be the -wildcard character (`*`). + +Ensure that the `project_ids` field follows these rules: +- It must include at least one value. +- It must not combine the wildcard character (`*`) with other values. + +##### Examples of valid configurations +- `["p1", "p2"]` +- `["*"]` +- `["p1"]` + +##### Example of an invalid configuration +- `["p1", "*"]` #### `discovery_service.gcp[0].locations` diff --git a/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx b/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx index b485a78ad04a5..3b050c5d9de26 100644 --- a/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx +++ b/docs/pages/enroll-resources/auto-discovery/servers/gcp-discovery.mdx @@ -93,6 +93,12 @@ discover instances. your custom role. Click *Save*. ![Role assignment](../../../../img/server-access/guides/gcp/assign-role-to-service-account@2x.png) + + If the Discovery Service will run in a GCP compute instance, edit the instance and + assign the service account to the instance and set its access scopes to include + Read Write access to the Compute API. + + ![Service account assignment](../../../../img/server-access/guides/gcp/access-scopes@2x.png) Copy the following and paste it into a file called `teleport-discovery-role.yaml`: @@ -131,6 +137,14 @@ discover instances. --member="serviceAccount:teleport-discovery@.iam.gserviceaccount.com" \ --role="projects//roles/teleport_discovery" ``` + + If the Discovery Service will run in a GCP compute instance, run the following command to + add the service account to the instance: + ```code + $ gcloud compute instances set-service-account \ + --service-account=teleport-discovery@.iam.gserviceaccount.com \ + --scopes=default,compute-rw + ``` diff --git a/docs/pages/enroll-resources/database-access/auto-user-provisioning/mongodb.mdx b/docs/pages/enroll-resources/database-access/auto-user-provisioning/mongodb.mdx index 1bfb57c144d32..32b58386d39a5 100644 --- a/docs/pages/enroll-resources/database-access/auto-user-provisioning/mongodb.mdx +++ b/docs/pages/enroll-resources/database-access/auto-user-provisioning/mongodb.mdx @@ -28,7 +28,7 @@ connections. First create a role on `admin` database with the following privileges: -```bash +```code db.getSiblingDB("admin").runCommand({ createRole: "teleport-admin-role", privileges: [ @@ -49,7 +49,7 @@ To enforce the principle of least privilege, you can limit the `grantRole` to only the databases that own the roles to be assigned to the auto-provisioned users: -```bash +```code db.getSiblingDB("admin").runCommand({ createRole: "teleport-admin-role", privileges: [ @@ -67,7 +67,7 @@ db.getSiblingDB("admin").runCommand({ Now create the admin user with this role: -```bash +```code db.getSiblingDB("$external").runCommand({ createUser: "CN=teleport-admin", roles: [ { role: 'teleport-admin-role', db: 'admin' } ], diff --git a/docs/pages/enroll-resources/database-access/enroll-aws-databases/aws-opensearch.mdx b/docs/pages/enroll-resources/database-access/enroll-aws-databases/aws-opensearch.mdx index 5fd5b7cffb2e7..bc4a2f57b5bce 100644 --- a/docs/pages/enroll-resources/database-access/enroll-aws-databases/aws-opensearch.mdx +++ b/docs/pages/enroll-resources/database-access/enroll-aws-databases/aws-opensearch.mdx @@ -184,9 +184,6 @@ Use the token provided by the output of this command in the next step. (!docs/pages/includes/install-linux.mdx!) - - - On the host where you will run the Teleport Database Service, start Teleport with the appropriate configuration. @@ -214,59 +211,6 @@ $ sudo teleport db configure create \ (!docs/pages/includes/start-teleport.mdx service="the Teleport Database Service"!) - - - -Modify your Teleport Database Service static configuration file: - -```yaml -db_service: - enabled: "yes" - databases: - - name: example-opensearch - aws: - account_id: "(=aws.aws_access_key=)" - protocol: opensearch - uri: :443 - static_labels: - env: dev -``` - -Restart the Teleport Database Service for the configuration file changes to take -effect. - - - -Create a dynamic database resource to dynamically register an AWS database -in an external account and proxy connections to it. - -```yaml -kind: db -version: v3 -metadata: - name: "example-opensearch" - description: "Example dynamic database resource" - labels: - env: "dev" -spec: - protocol: "opensearch" - uri: :443 - aws: - account_id: "(=aws.aws_access_key=)" -``` - -Save the configuration to a file like `database.yaml` and create it with `tctl`: - -```code -$ tctl create database.yaml -``` - -For more information about database registration using dynamic database -resources, see: [Dynamic Registration](../guides/dynamic-registration.mdx). - - - - ## Step 4/4. Connect Once the Database Service has started and joined the cluster, you can start accessing Amazon OpenSearch API: diff --git a/docs/pages/enroll-resources/database-access/enroll-managed-databases/oracle-exadata.mdx b/docs/pages/enroll-resources/database-access/enroll-managed-databases/oracle-exadata.mdx index fc2f0deed59ca..3fe300b8e4b1f 100644 --- a/docs/pages/enroll-resources/database-access/enroll-managed-databases/oracle-exadata.mdx +++ b/docs/pages/enroll-resources/database-access/enroll-managed-databases/oracle-exadata.mdx @@ -45,7 +45,7 @@ Adjust the commands to match your configuration. Connect to the Oracle Exadata VM by logging in as the `opc` user and then switch to the `oracle` user: -```bash +```code $ ssh opc@ $ sudo su - oracle ``` diff --git a/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/cockroachdb-self-hosted.mdx b/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/cockroachdb-self-hosted.mdx index 9c68fddcb2a7a..c11ad9aeaf423 100644 --- a/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/cockroachdb-self-hosted.mdx +++ b/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/cockroachdb-self-hosted.mdx @@ -265,7 +265,7 @@ connecting to your CockroachDB database if your `psql` uses SQL_ASCII encoding. CockroachDB supports only UTF8 client encoding. To enforce the encoding, set the following environment variable in the shell running `tsh db connect`: -```bash +```code export PGCLIENTENCODING='utf-8' ``` diff --git a/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/oracle-self-hosted.mdx b/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/oracle-self-hosted.mdx index f66f25e7317a4..17f1aef4d7455 100644 --- a/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/oracle-self-hosted.mdx +++ b/docs/pages/enroll-resources/database-access/enroll-self-hosted-databases/oracle-self-hosted.mdx @@ -204,10 +204,9 @@ AUDIT ALL STATEMENTS by alice BY access; You must enable auditing for each Teleport user that will be used to connect to Oracle. Additionally you can create a different audit policy for each user. -Configure the Teleport Database Service to pull audit logs from Oracle Audit Trail: +Edit the Database Service configuration you created earlier pull audit logs from +Oracle Audit Trail: - - ```yaml db_service: enabled: "yes" @@ -218,22 +217,6 @@ db_service: oracle: audit_user: "teleport" ``` - - -```yaml -kind: db -version: v3 -metadata: - name: oracle -spec: - protocol: "oracle" - uri: "oracle.example.com:2484" - oracle: - audit_user: "teleport" -``` - - - Teleport doesn't clean up audit trail events from Oracle Audit Trail. Make sure to configure an Oracle Audit Trail cleanup policy to avoid running out of disk space. diff --git a/docs/pages/enroll-resources/database-access/faq.mdx b/docs/pages/enroll-resources/database-access/faq.mdx index 762048a8e8507..59ab92704e03f 100644 --- a/docs/pages/enroll-resources/database-access/faq.mdx +++ b/docs/pages/enroll-resources/database-access/faq.mdx @@ -16,6 +16,7 @@ The Teleport Database Service currently supports the following protocols: - MongoDB - MySQL - Oracle +- OpenSearch - PostgreSQL - Redis - Snowflake @@ -58,17 +59,14 @@ This is useful when the Teleport Web UI is running behind an L7 load balancer (e.g. ALB in AWS), in which case the PostgreSQL/MySQL proxy needs to be exposed on a plain TCP load balancer (e.g. NLB in AWS). +Using [TLS routing](../../reference/architecture/tls-routing.mdx) for the Teleport Proxy Service allows for all +database connections with the web public address. + -In Teleport Enterprise Cloud, the Proxy Service uses the following ports for -Database Service client traffic: - -|Configuration setting|Port| -|---|---| -|`mysql_public_addr`|`3036`| -|`postgres_public_addr`|`443`| -|`mongo_public_addr`|`443`| +In Teleport Enterprise (Cloud), database connections use the web public address +since [TLS routing](../../reference/architecture/tls-routing.mdx) is applied. diff --git a/docs/pages/enroll-resources/database-access/troubleshooting.mdx b/docs/pages/enroll-resources/database-access/troubleshooting.mdx index 82c2cd1fd45a3..b526939bd0022 100644 --- a/docs/pages/enroll-resources/database-access/troubleshooting.mdx +++ b/docs/pages/enroll-resources/database-access/troubleshooting.mdx @@ -22,7 +22,7 @@ due to expired certificates. The command used to generate a new certificate is `tctl auth sign`. For example, to create a certificate for PostgreSQL, the command looks like this: -```bash +```code # Export Teleport's certificate authority and a generate certificate/key pair # for host db.example.com with a 3-month validity period. diff --git a/docs/pages/enroll-resources/desktop-access/active-directory.mdx b/docs/pages/enroll-resources/desktop-access/active-directory.mdx index 78e70c1de7ff8..94e851c2ec504 100644 --- a/docs/pages/enroll-resources/desktop-access/active-directory.mdx +++ b/docs/pages/enroll-resources/desktop-access/active-directory.mdx @@ -66,7 +66,7 @@ It may also be easier to comprehend what the script does by following the manual To use the `tctl` generated configuration script, run the following command: -```bash +```code # Generate the script and save it to a file named configure-ad.ps1. tctl desktop bootstrap > configure-ad.ps1 ``` diff --git a/docs/pages/enroll-resources/desktop-access/getting-started.mdx b/docs/pages/enroll-resources/desktop-access/getting-started.mdx index 001f0411f11fd..3fefc79ec2b00 100644 --- a/docs/pages/enroll-resources/desktop-access/getting-started.mdx +++ b/docs/pages/enroll-resources/desktop-access/getting-started.mdx @@ -231,7 +231,7 @@ To configure a role for desktop access: Depending on how you configure role-based access controls for Windows, Teleport can create local user logins automatically from the `windows_desktop_logins` you specify. For more information about enabling Teleport - to create local Windows logins, see [Logins](./rbac.mdx#logins). + to create local Windows logins, see [Automatic User Creation](../../reference/agent-services/desktop-access-reference/user-creation.mdx). 1. Apply the new role to your cluster by running the following command: diff --git a/docs/pages/enroll-resources/desktop-access/rbac.mdx b/docs/pages/enroll-resources/desktop-access/rbac.mdx index f03ff9012b1e9..b6c27aaa34f40 100644 --- a/docs/pages/enroll-resources/desktop-access/rbac.mdx +++ b/docs/pages/enroll-resources/desktop-access/rbac.mdx @@ -11,7 +11,7 @@ desktop access: ```yaml kind: role -version: v4 +version: v5 metadata: name: developer spec: @@ -31,6 +31,12 @@ spec: # the clipboard, then it will be disabled. desktop_clipboard: true + # Specify whether directory sharing should be allowed from the + # local machine to remote desktop (requires a supported browser). Defaults to true + # if unspecified. If one or more of the user's roles has disabled + # directory sharing, then it will be disabled. + desktop_directory_sharing: true + # Specify whether local users should be created automatically at connection # time. By default, this feature is disabled, and the user must already exist. # Note: this is applicable to local users only and is not supported in Active diff --git a/docs/pages/enroll-resources/enroll-resources.mdx b/docs/pages/enroll-resources/enroll-resources.mdx new file mode 100644 index 0000000000000..6d0f6ab1192d4 --- /dev/null +++ b/docs/pages/enroll-resources/enroll-resources.mdx @@ -0,0 +1,6 @@ +--- +title: Enrolling Teleport Resources +description: Provides step-by-step instructions for enrolling servers, databases, and other infrastructure resources with your Teleport cluster. +--- + +(!toc!) diff --git a/docs/pages/enroll-resources/kubernetes-access/troubleshooting.mdx b/docs/pages/enroll-resources/kubernetes-access/troubleshooting.mdx index fdc3bb612fe1f..0c90c6379a795 100644 --- a/docs/pages/enroll-resources/kubernetes-access/troubleshooting.mdx +++ b/docs/pages/enroll-resources/kubernetes-access/troubleshooting.mdx @@ -44,13 +44,13 @@ If the agent is running outside of Kubernetes, the state directory is located at `/var/lib/teleport/proc` by default. You can delete the state directory with the following command: -```bash +```code sudo rm -rf /var/lib/teleport/proc ``` And then restart the agent: -```bash +```code sudo systemctl restart teleport ``` @@ -60,7 +60,7 @@ Starting in Teleport 11, the `teleport-kube-agent` pod's state is stored in a Kubernetes Secret - name:`{pod-name}-state` - existing in the installation namespace. To delete the state, follow the steps below: -```bash +```code # Get the secrets for the teleport-kube-agent pods $ kubectl get secret -o name -n teleport-agent | grep "state" teleport-agent-0-state diff --git a/docs/pages/enroll-resources/machine-id/access-guides/ansible.mdx b/docs/pages/enroll-resources/machine-id/access-guides/ansible.mdx index 2e2806a884d27..dd5bc03811f86 100644 --- a/docs/pages/enroll-resources/machine-id/access-guides/ansible.mdx +++ b/docs/pages/enroll-resources/machine-id/access-guides/ansible.mdx @@ -78,7 +78,7 @@ Now, use `tctl bots update` to add the role to the Bot. Replace `example` with the name of the Bot you created in the deployment guide and `example-role` with the name of the role you just created: -```bash +```code $ tctl bots update example --add-roles example-role ``` diff --git a/docs/pages/enroll-resources/machine-id/access-guides/applications.mdx b/docs/pages/enroll-resources/machine-id/access-guides/applications.mdx index 876e0b1c88db9..82cd7c50d5e65 100644 --- a/docs/pages/enroll-resources/machine-id/access-guides/applications.mdx +++ b/docs/pages/enroll-resources/machine-id/access-guides/applications.mdx @@ -52,7 +52,7 @@ Now, use `tctl bots update` to add the role to the Bot. Replace `example` with the name of the Bot you created in the deployment guide and `example-role` with the name of the role you just created: -```bash +```code $ tctl bots update example --add-roles example-role ``` diff --git a/docs/pages/enroll-resources/machine-id/access-guides/databases.mdx b/docs/pages/enroll-resources/machine-id/access-guides/databases.mdx index 1c5a815e59919..9e7ebad0f969f 100644 --- a/docs/pages/enroll-resources/machine-id/access-guides/databases.mdx +++ b/docs/pages/enroll-resources/machine-id/access-guides/databases.mdx @@ -70,7 +70,7 @@ Now, use `tctl bots update` to add the role to the Bot. Replace `example` with the name of the Bot you created in the deployment guide and `example-role` with the name of the role you just created: -```bash +```code $ tctl bots update example --add-roles example-role ``` diff --git a/docs/pages/enroll-resources/machine-id/access-guides/kubernetes.mdx b/docs/pages/enroll-resources/machine-id/access-guides/kubernetes.mdx index 2a21a22d16024..73879388eb92f 100644 --- a/docs/pages/enroll-resources/machine-id/access-guides/kubernetes.mdx +++ b/docs/pages/enroll-resources/machine-id/access-guides/kubernetes.mdx @@ -104,7 +104,7 @@ Now, use `tctl bots update` to add the role to the Bot. Replace `example` with the name of the Bot you created in the deployment guide and `example-role` with the name of the role you just created: -```bash +```code $ tctl bots update example --add-roles example-role ``` diff --git a/docs/pages/enroll-resources/machine-id/access-guides/ssh.mdx b/docs/pages/enroll-resources/machine-id/access-guides/ssh.mdx index af13432dfc8c5..ca4bf290c9cdc 100644 --- a/docs/pages/enroll-resources/machine-id/access-guides/ssh.mdx +++ b/docs/pages/enroll-resources/machine-id/access-guides/ssh.mdx @@ -61,7 +61,7 @@ Now, use `tctl bots update` to add the role to the Bot. Replace `example` with the name of the Bot you created in the deployment guide and `example-role` with the name of the role you just created: -```bash +```code $ tctl bots update example --add-roles example-role ``` diff --git a/docs/pages/enroll-resources/machine-id/access-guides/tctl.mdx b/docs/pages/enroll-resources/machine-id/access-guides/tctl.mdx index 974d06fb6aa1e..b6e8b33f99d72 100644 --- a/docs/pages/enroll-resources/machine-id/access-guides/tctl.mdx +++ b/docs/pages/enroll-resources/machine-id/access-guides/tctl.mdx @@ -60,7 +60,7 @@ Now, use `tctl bots update` to add the role to the Bot. Replace `example` with the name of the Bot you created in the deployment guide and `example-role` with the name of the role you just created: -```bash +```code $ tctl bots update example --add-roles example-role ``` diff --git a/docs/pages/enroll-resources/machine-id/deployment/github-actions.mdx b/docs/pages/enroll-resources/machine-id/deployment/github-actions.mdx index ac013be01469d..23d64e94cf83d 100644 --- a/docs/pages/enroll-resources/machine-id/deployment/github-actions.mdx +++ b/docs/pages/enroll-resources/machine-id/deployment/github-actions.mdx @@ -277,6 +277,13 @@ spec: - editor ``` + +This example assumes the role is version `v6`. If you are using a `v7`+ role +you will need to include `verbs: ["get", "list"]` for the `kind: pod` section +in `kubernetes_resources`. Otherwise the example `kubectl get pods -A` execution +will be denied. + + With that privileges granted, you can now create the GitHub Actions workflow. Create `.github/workflows/example.yaml`: diff --git a/docs/pages/enroll-resources/machine-id/getting-started.mdx b/docs/pages/enroll-resources/machine-id/getting-started.mdx index dfdaf84dc4249..e168f2e2144ba 100644 --- a/docs/pages/enroll-resources/machine-id/getting-started.mdx +++ b/docs/pages/enroll-resources/machine-id/getting-started.mdx @@ -43,23 +43,25 @@ Download the appropriate Teleport package for your platform: (!docs/pages/includes/install-linux.mdx!) -## Step 2/4. Create a bot user +## Step 2/4. Create a Bot + +In Teleport, a **Bot** represents an identity for a machine. This is similar to +how a user represents the identity of a human. Like users, bots are assigned +roles to manage their access to resources. However, unlike users, bots do not +authenticate using a username and password or SSO. Instead, they initially +authenticate in a process called joining. + +Teleport supports a number of secure join methods specific to the platform the +bot is running on, but for the purposes of this guide, we will use the simpler +`token` join method. You can follow a deployment guide later to learn about the +secure join methods available for your platform. Before you create a bot user, you need to determine which role(s) you want to assign to it. You can use the `tctl` command below to examine what roles exist on your system. - - On your client machine, log in to Teleport using `tsh`, then use `tctl` to examine what roles exist on your system. - - -Connect to the Teleport Auth Server and use `tctl` to examine what roles exist on -your system. - - - ```code $ tctl get roles --format=text @@ -83,55 +85,15 @@ database. For full details on how traits work in Teleport roles, see the [Teleport Access Controls Reference](../../reference/access-controls/roles.mdx). -Machine ID can join with a token or the [IAM Method](../agents/join-services-to-your-cluster/aws-iam.mdx) on AWS. - Assuming that you are using the default `access` role, ensure that you use the `--logins` flag when adding your bot to specify the SSH logins that you wish to allow the bot to access on hosts. For our example, we will be using `root`. - - - ```code - $ tctl bots add robot --roles=access --logins=root - ``` - - - First, create an IAM method token that specifies the AWS account from which - the bot can join. Create the below file as `iam-token.yaml` then run `tctl - create -f iam-token.yaml`. - - ``` - kind: token - version: v2 - metadata: - # The token name is not a secret because instances must prove that they are - # running in your AWS account to use this token. - name: iam-token - spec: - # Only allow bots to join using this token. - roles: [Bot] - - # Set the join method to be IAM. - join_method: iam - - # Define the name of the bot that will be allowed to use this token. - bot_name: robot - - allow: - # Restrict the AWS account and (optionally) ARN that can use this token. - # This information can be obtained from running the - # "aws sts get-caller-identity" command from the CLI. - - aws_account: "111111111111" - aws_arn: "arn:aws:sts::111111111111:assumed-role/teleport-bot-role/i-*" - ``` - - Next, create the bot user. +Use `tctl bots add` to create our bot: - ``` - $ tctl bots add robot --token=iam-token --roles=access --logins=root - ``` - - +```code +$ tctl bots add robot --roles=access --logins=root +``` ## Step 3/4. Start Machine ID @@ -144,34 +106,15 @@ In a production environment you will want to run Machine ID in the background using a service manager like systemd. However, in this guide you will run it in the foreground to better understand how it works. - - - - ```code - $ export TELEPORT_ANONYMOUS_TELEMETRY=1 - $ sudo tbot start \ - --data-dir=/var/lib/teleport/bot \ - --destination-dir=/opt/machine-id \ - --token=(=presets.tokens.first=) \ - --join-method=token \ - --proxy-server=example.teleport.sh:443 - ``` - - - - - ```code - $ export TELEPORT_ANONYMOUS_TELEMETRY=1 - $ sudo tbot start \ - --data-dir=/var/lib/teleport/bot \ - --destination-dir=/opt/machine-id \ - --token=iam-token \ - --join-method=iam \ - --proxy-server=example.teleport.sh:443 - ``` - - - +```code +$ export TELEPORT_ANONYMOUS_TELEMETRY=1 +$ sudo tbot start \ + --data-dir=/var/lib/teleport/bot \ + --destination-dir=/opt/machine-id \ + --token=(=presets.tokens.first=) \ + --join-method=token \ + --proxy-server=example.teleport.sh:443 +``` `TELEPORT_ANONYMOUS_TELEMETRY` enables the submission of anonymous usage telemetry. This helps us shape the future development of `tbot`. You can disable @@ -179,29 +122,10 @@ this by omitting this. Replace the following fields with values from your own cluster. - - - - `token` is the token output by the `tctl bots add` command or the name of your IAM method token. - `destination-dir` is where Machine ID writes user certificates that can be used by applications and tools. - `data-dir` is where Machine ID writes its private data, including its own short-lived renewable certificates. These should not be used by applications and tools. -- `auth-server` is the address of your Teleport Cloud Proxy Server, for example `example.teleport.sh:443`. - - - - -- `token` is the token output by the `tctl bots add` command or the name of your IAM method token. -- `ca-pin` is the CA Pin for your Teleport cluster, and is output by the `tctl bots add` command. -- `destination-dir` is where Machine ID writes user certificates that can be used by applications and tools. -- `data-dir` is where Machine ID writes its private data, including its own short-lived renewable certificates. These should not be used by applications and tools. -- `auth-server` is typically the address of your Teleport Proxy Server - (`teleport.example.com:443`), but can also be the address of the - Auth Server is direct connectivity is available. - `teleport.example.com:443`. - - - - +- `proxy-server` is the address of your Teleport Proxy service, for example `example.teleport.sh:443`. Now that Machine ID has successfully started, let's investigate the `/opt/machine-id` directory to see what was written to disk. @@ -257,19 +181,9 @@ $ ssh -F /opt/machine-id/ssh_config root@node-name.example.com In addition to the `ssh` client you can use `tsh`. Replace the `--proxy` parameter with your proxy address. - - -```code -$ tsh ssh --proxy=teleport.example.com -i /opt/machine-id/identity root@node-name -``` - - ```code $ tsh ssh --proxy=mytenant.teleport.sh -i /opt/machine-id/identity root@node-name ``` - - - The below error can occur when the bot does not have permission to log in to diff --git a/docs/pages/enroll-resources/server-access/guides/auditd.mdx b/docs/pages/enroll-resources/server-access/guides/auditd.mdx index a3c46559bb158..af9adcec423a7 100644 --- a/docs/pages/enroll-resources/server-access/guides/auditd.mdx +++ b/docs/pages/enroll-resources/server-access/guides/auditd.mdx @@ -22,7 +22,7 @@ You can verify that by calling `auditctl -s` as root. Here is an example output from that command: -```bash +```code $ sudo auditctl -s enabled 1 failure 1 diff --git a/docs/pages/enroll-resources/server-access/guides/bpf-session-recording.mdx b/docs/pages/enroll-resources/server-access/guides/bpf-session-recording.mdx index c38067b2bfc35..44c681c9778d4 100644 --- a/docs/pages/enroll-resources/server-access/guides/bpf-session-recording.mdx +++ b/docs/pages/enroll-resources/server-access/guides/bpf-session-recording.mdx @@ -88,7 +88,7 @@ Teleport supports enhanced session recording with BPF on `amd64` and `arm64` arc | Fedora | 33 | 5.8+ | | Arch Linux | 2020.09.01 | 5.8.5+ | | Flatcar | 2765.2.2 | 5.10.25+ | -| Amazon Linux | 2 | 5.10+ | +| Amazon Linux | 2 and 2023 | 5.10+ | - (!docs/pages/includes/tctl.mdx!) diff --git a/docs/pages/enroll-resources/server-access/guides/host-user-creation.mdx b/docs/pages/enroll-resources/server-access/guides/host-user-creation.mdx index 17c3ad0033831..ddd3bcb9e97f7 100644 --- a/docs/pages/enroll-resources/server-access/guides/host-user-creation.mdx +++ b/docs/pages/enroll-resources/server-access/guides/host-user-creation.mdx @@ -410,3 +410,5 @@ them to the `teleport-keep` group directly on the hosts you wish to migrate. - Configure automatic user provisioning for [Database Access](../../database-access/auto-user-provisioning.mdx). - Configure automatic user provisioning for [desktop access](../../../reference/agent-services/desktop-access-reference/user-creation.mdx). +- Configure automatic user provisioning with [Terraform](../../../reference/terraform-provider/resources/role.mdx). +Note when using the terraform provider that some values may be different than described in this guide. diff --git a/docs/pages/enroll-resources/workload-identity/aws-oidc-federation.mdx b/docs/pages/enroll-resources/workload-identity/aws-oidc-federation.mdx new file mode 100644 index 0000000000000..6febebfaf106b --- /dev/null +++ b/docs/pages/enroll-resources/workload-identity/aws-oidc-federation.mdx @@ -0,0 +1,461 @@ +--- +title: Configuring Workload Identity and AWS OIDC Federation +description: Configuring AWS to accept Workload Identity JWTs as authentication using OIDC Federation +--- + + +Teleport Workload Identity is currently in Preview. This means that some +features may be missing. We're actively looking for design partners to help us +shape the future of Workload Identity and would love to +[hear your feedback](mailto:product@goteleport.com). + + +Teleport Workload Identity issues flexible short-lived identities in JWT format. +AWS OIDC Federation allows you to use these JWTs to authenticate to AWS +services. + +This can be useful in cases where a machine needs to securely authenticate with +AWS services without the use of a long-lived credential. This is because the +machine can authenticate with Teleport without using any shared secrets by +using one of our delegated join methods. + +In this guide, we'll configure Teleport Workload Identity and AWS to allow our +workload to authenticate to the AWS S3 API and upload content to a bucket. + +## How it works + +This implementation differs from using the Teleport Application Service to protect +AWS APIs in a few ways: + +- Requests to AWS are not proxied through the Teleport Proxy Service, meaning + reduced latency but also less visibility, as these requests will not be + recorded in Teleport's audit log. +- Workload Identity works with any AWS client, including the command-line tool + but also their SDKs. +- Using the Teleport Application Service to access AWS does not work with Machine + ID and therefore cannot be used when a machine needs to authenticate with AWS. + +## OIDC Federation vs Roles Anywhere + +The AWS platform offers two routes for workload identity federation: OIDC +Federation and Roles Anywhere. Teleport Workload Identity supports both of these +methods. + +There are a number of differences between the two methods: + +- OIDC Federation exchanges a JWT SVID for an AWS credential, whereas Roles + Anywhere exchanges an X509 SVID for an AWS credential. The use of X509 SVIDs + is generally considered more secure. +- OIDC Federation does not require the additional installation of an AWS + credential helper alongside workloads, whereas Roles Anywhere does. +- OIDC Federation requires that your Teleport Proxy Service is reachable by + AWS, whereas Roles Anywhere does not. + +This guide covers configuring OIDC federation. For Roles Anywhere, see +[Configuring Workload Identity and AWS Roles Anywhere](./aws-roles-anywhere.mdx). + +## Prerequisites + +(!docs/pages/includes/edition-prereqs-tabs.mdx!) + +- (!docs/pages/includes/tctl.mdx!) +- `tbot` must already be installed and configured on the host where the +workloads which need to access Teleport Workload Identity will run. For more +information, see the [deployment guides](../machine-id/deployment.mdx). + + +Issuing JWT SVIDs with Teleport Workload Identity requires at least Teleport +version 16.4.3. + + +### Deciding on a SPIFFE ID structure + +Within Teleport Workload Identity, all identities are represented using a +SPIFFE ID. This is a URI that uniquely identifies the entity that the identity +represents. The scheme is always `spiffe://`, and the host will be the name of +your Teleport cluster. The structure of the path of this URI is up to you. + +For the purposes of this guide, we will be granting access to AWS to the +`spiffe://example.teleport.sh/svc/example-service` SPIFFE ID. + +If you have already deployed Teleport Workload Identity, then you will already +have a SPIFFE ID structure in place. If you have not, then you will need to +decide on a structure for your SPIFFE IDs. + +If you are only using Teleport Workload Identity with AWS OIDC Federation, you +may structure your SPIFFE IDs so that they explicitly specify the AWS role they +are allowed to assume. However, it often makes more sense to name the workload +or person that will use the SPIFFE ID. See the +[best practices guide](./best-practices.mdx) for further advice. + +## Step 1/4. Configure AWS + +Configuring AWS OIDC Federation for the first time involves a few steps. Some of +these may not be necessary if you have previously configured AWS OIDC Federation +for your Teleport cluster. + +### Create an OpenID Connect Identity Provider + +First, you'll need to create an OIDC identity provider in AWS. This will define +a trust relationship between AWS and your Teleport cluster's Workload Identity +issuer. You can reuse this OIDC identity provider to grant different workloads +using Teleport Workload Identity access to AWS services. + +When configuring the provider, you need to specify the issuer URI. This will be +the public address of your Teleport Proxy Service with the path +`/workload-identity` appended. Your Teleport Proxy Service must be accessible +by AWS in order for OIDC federation to work. + + + + +Before you can configure the OIDC identity provider, you need to determine the +thumbprint of the TLS certificate used by your Teleport Proxy Service. You can +do this using `curl`: + +```code +$ curl https://example.teleport.sh/webapi/thumbprint +"example589ee4bf31a11b78c72b8d13f0example"% +``` + +Insert the following into a Terraform configuration file which has already +been configured to manage your AWS account: + +```hcl +resource "aws_iam_openid_connect_provider" "example_teleport_sh_workload_identity" { + // Replace "example.teleport.sh" with the hostname used to access your + // Teleport Proxy Service. + url = "https://example.teleport.sh/workload-identity" + + client_id_list = [ + "sts.amazonaws.com", + ] + + thumbprint_list = [ + // Replace with the thumbprint you determined using curl. + "example589ee4bf31a11b78c72b8d13f0example" + ] +} +``` + + + + +1. Browse to IAM +1. Select "Identity Providers" from the sidebar +1. Select "Add provider" +1. Select "OpenID Connect" as the "Provider type". +1. Specify the public hostname of your Teleport Proxy Service, with + "/workload-identity" appended as the "Provider URL", e.g + `https://example.teleport.sh/workload-identity` +1. Specify `sts.amazonaws.com` as the Audience +1. Click "Add Provider". + + + + +### Create an S3 bucket + +For the purposes of this guide, you'll be granting the workload access to an +AWS S3 bucket. Before we can dive into configuring the RBAC, we'll need to +create our bucket. + +You can omit this step if you wish to grant access to a different service +within AWS. + + + +```hcl +// Create an S3 bucket +resource "aws_s3_bucket" "example" { + // Replace "example" with a meaningful, unique name. + bucket = "workload-id-demo" +} +``` + + + +1. Browse to S3 +1. Select "Create bucket" +1. Enter a meaningful, unique name for your bucket, e.g `workload-id-demo` +1. Leave other settings as default +1. Click "Create bucket". + + + + +### Configure RBAC + +#### Create an IAM Policy + +First, create an IAM policy that will grant access to the S3 bucket. Later, +you'll attach this to a role that the workload will assume. + +The examples in this guide will create an IAM policy that will grant full access +to the example bucket. In a production environment, you should modify this to +grant the least privileges necessary. + + + + +Insert the following into your Terraform configuration file: + +```hcl +resource "aws_iam_policy" "example" { + // Choose a unique, meaningful name that describes what the policy grants + // access to. + name = "workload-id-s3-full-access" + path = "/" + + // This example policy grants full access to AWS S3. In production, you + // may wish to grant a less permissive policy. + policy = jsonencode({ + Version = "2012-10-17" + Statement = [{ + Action = "s3:*" + Effect = "Allow" + Resource = [ + aws_s3_bucket.workload_id_demo.arn, + "${aws_s3_bucket.workload_id_demo.arn}/*" + ] + }] + }) +} +``` + + + + +1. Browse to IAM +1. Select "Policies" from the sidebar +1. Click "Create policy" +1. Choose the "S3" service +1. Under "Actions allowed", choose "All S3 actions" +1. Under "Resources", choose "Specific" + 1. For "bucket" enter the name of the bucket you created earlier. + 1. For "object" enter the name of the bucket you created earlier and select + "All objects" +1. Click "Next" +1. Enter a unique and meaningful name for this policy, in our example, this will + be `workload-id-s3-full-access` +1. Click "Create policy" + + + + +#### Create an IAM Role + +Now, you'll create an IAM role. This role will be assumed by the workload +after it authenticates to AWS using the JWT SVID issued by Teleport Workload +Identity. + +When creating the IAM role, you'll define a trust policy that controls which +workload identities are able to assume the role. This policy will contain +conditions which will be evaluated against the claims within the JWT SVID +issued by Teleport Workload Identity. In our case, the only claim we want to +evaluate is the `sub` claim, which will contain our workload's SPIFFE ID. + +Finally, we'll attach the IAM policy we created earlier to this role to grant it +the privileges specified within the policy. + + + + +Insert the following into your Terraform configuration file: + +```hcl +// Create a role that the workload identity will assume. +resource "aws_iam_role" "example" { + // Choose a unique, meaningful name that describes the role and the workload + // that will assume it. + name = "workload-id-demo" + assume_role_policy = jsonencode({ + Version = "2012-10-17" + Statement = [{ + Effect = "Allow" + Principal = { + Federated = aws_iam_openid_connect_provider.example.arn + } + Action = "sts:AssumeRoleWithWebIdentity" + Condition = { + StringEquals = { + "${aws_iam_openid_connect_provider.example.url}:aud" = "sts.amazonaws.com" + "${aws_iam_openid_connect_provider.example.url}:sub" = "spiffe://example.teleport.sh/svc/example-service" + } + } + }] + }) +} + +// Attach the policy we created earlier to our role. +resource "aws_iam_role_policy_attachment" "example" { + role = aws_iam_role.example.name + policy_arn = aws_iam_policy.example.arn +} +``` + + + +1. Browse to IAM +1. Select "Roles" from the sidebar +1. Click "Create role" +1. Select "Web identity" for the "Trusted entity type" +1. Select your identity provider +1. Select the `sts.amazonaws.com` audience +1. Click "Add condition" + 1. Select `example.teleport.sh:sub` for the key + 1. Select "StringEquals" for the condition + 1. Enter the SPIFFE ID of your workload for the value. In our example, this + will be `spiffe://example.teleport.sh/svc/example +1. Click "Next" +1. Select the IAM policy you created earlier, and click "Next" +1. Enter a unique and meaningful name for this role, in our example, this will + be `workload-id-demo` +1. Click "Create role" + + + + +## Step 2/4. Configure Teleport RBAC + +Now we need to configure Teleport to allow a JWT to be issued containing the +SPIFFE ID we have chosen. + +Create `role.yaml` with the following content: + +```yaml +kind: role +version: v6 +metadata: + name: my-workload-aws +spec: + allow: + spiffe: + - path: /svc/example-service +``` + +Replace: + +- `my-workload-aws` with a descriptive name for the role. +- `/svc/example-service` with the path part of the SPIFFE ID you have chosen. + +Apply this role to your Teleport cluster using `tctl`: + +```code +$ tctl create -f role.yaml +``` + +You now need to assign this role to the bot: + +```code +$ tctl bots update my-bot --add-roles my-workload-aws +``` + +## Step 3/4. Issue Workload Identity JWTs + +You'll now configure `tbot` to issue and renew the short-lived JWT SVIDs for +your workload. It'll write the JWT as a file on disk, where you can then +configure AWS clients and SDKs to read it. + +Take your already deployed `tbot` service and configure it to issue SPIFFE SVIDs +by adding the following to the `tbot` configuration file: + +```yaml +outputs: + - type: spiffe-svid + destination: + type: directory + path: /opt/workload-identity + svid: + path: /svc/example-service + jwts: + - audience: sts.amazonaws.com + file_name: aws-jwt +``` + +Replace: + +- /opt/workload-identity with the directory where you want the JWT to be + written. +- /svc/example-service with the SPIFFE ID you have chosen. + +Restart your `tbot` service to apply the new configuration. You should see a +file created at `/opt/workload-identity/aws-jwt` containing the JWT. + +## Step 4/4. Configure AWS CLIs and SDKs + +Finally, you need to configure the AWS CLIs and SDKs to use the JWT SVID for +authentication. + +This can be done using the configuration file located at `~/.aws/config` or by +using environment variables. + +To proceed, you'll need to know the ARN of the role you created earlier. + + + + +Add the following to your `~/.aws/config` file: + +```ini +# You can replace "workload-id-demo" with a recognizable name that identifies +# your use-case. +[profile workload-id-demo] +# Replace with the ARN of the role you created earlier. +role_arn=arn:aws:iam:123456789012:role/workload-id-demo +# Replace with the directory and file name you configured `tbot` to write the +# JWT to. +web_identity_token_file=/opt/workload-identity/aws-jwt +``` + + + + +Configure the following environment variables: + +- `AWS_ROLE_ARN`: The ARN of the role you created earlier, e.g + `arn:aws:iam::123456789012:role/workload-id-demo` +- `AWS_WEB_IDENTITY_TOKEN_FILE`: The path to the JWT file that `tbot` is writing, + e.g `/opt/workload-identity/aws-jwt` + + + + +You can now test authenticating to the AWS S3 API. Create a file which you can +upload to your bucket: + +```code +$ echo "Hello, World!" > hello.txt +``` + +Now, use the AWS CLI to upload this file to your bucket: + +```code +$ aws s3 cp hello.txt s3://workload-id-demo +``` + +If everything is configured correctly, you should see this file uploaded to your +bucket: + +```code +$ aws s3 ls s3://workload-id-demo +``` + +Inspecting the audit logs on CloudTrail should indicate that the request +was authenticated using Workload Identity and specify the SPIFFE ID of the +workload that made the request. + +## Next steps + +- [AWS OIDC Federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html): +The official AWS documentation for OIDC federation. +- [AWS CLI documentation](https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-role.html#cli-configure-role-oidc): +The official AWS CLI documentation for configuring a role to be assumed. +- [Workload Identity Overview](./introduction.mdx): Overview of Teleport +Workload Identity. +- [JWT SVID Overview](./jwt-svids.mdx): Overview of the JWT SVIDs issued by +Teleport Workload Identity. +- [Best Practices](./best-practices.mdx): Best practices for using Workload +Identity in Production. +- Read the [configuration reference](../../reference/machine-id/configuration.mdx) to explore +all the available configuration options. diff --git a/docs/pages/enroll-resources/workload-identity/aws-roles-anywhere.mdx b/docs/pages/enroll-resources/workload-identity/aws-roles-anywhere.mdx index f6b6970a96691..56c7b7d23e97e 100644 --- a/docs/pages/enroll-resources/workload-identity/aws-roles-anywhere.mdx +++ b/docs/pages/enroll-resources/workload-identity/aws-roles-anywhere.mdx @@ -1,14 +1,9 @@ --- -title: Configuring Workload ID and AWS Roles Anywhere -description: Configuring AWS to accept Workload ID certificates as authentication using AWS Roles Anywhere +title: Configuring Workload Identity and AWS Roles Anywhere +description: Configuring AWS to accept Workload Identity certificates as authentication using AWS Roles Anywhere --- - -Teleport Workload Identity is currently in Preview. This means that some -features may be missing. We're actively looking for design partners to help us -shape the future of Workload Identity and would love to -[hear your feedback](mailto:product@goteleport.com). - +(!/docs/pages/includes/workload-id-preview.mdx!) Teleport Workload Identity issues flexible short-lived identities in X.509 certificates. AWS Roles Anywhere allows you to use these certificates to @@ -27,8 +22,9 @@ AWS APIs in a few ways: - Requests to AWS are not proxied through the Teleport Proxy Service, meaning reduced latency but also less visibility, as these requests will not be recorded in Teleport's audit log. -- Workload ID works with any AWS client, including the command-line tool but also - their SDKs +- Workload Identity works with any AWS client, including the command-line tool + but also + their SDKs. - Using the Teleport Application Service to access AWS does not work with Machine ID and therefore cannot be used when a machine needs to authenticate with AWS. @@ -36,6 +32,25 @@ Whilst this guide is primarily aimed at allowing a machine to access AWS, the `tsh svid issue` command can be used in place of Machine ID to allow a human user to authenticate with using AWS Roles Anywhere. +## OIDC Federation vs Roles Anywhere + +The AWS platform offers two routes for workload identity federation: OIDC +Federation and Roles Anywhere. Teleport Workload Identity supports both of these +methods. + +There are a number of differences between the two methods: + +- Roles Anywhere exchanges an X509 SVID for an AWS credential, whereas OIDC + Federation exchanges a JWT SVID for an AWS credential. The use of X509 SVIDs + is generally considered more secure. +- Roles Anywhere requires the installation of an AWS credential helper alongside + the workloads, whereas OIDC Federation does not. +- Roles Anywhere does not require the Teleport Proxy Service to be reachable by + AWS, whereas OIDC Federation does. + +This guide covers configuring Roles Anywhere, for OIDC federation, see +[Configuring Workload Identity and AWS OIDC Federation](./aws-oidc-federation.mdx). + ## Prerequisites (!docs/pages/includes/edition-prereqs-tabs.mdx!) @@ -59,7 +74,7 @@ If you have already deployed Teleport Workload Identity, then you will already have a SPIFFE ID structure in place. If you have not, then you will need to decide on a structure for your SPIFFE IDs. -If you are only using Teleport Workload ID with AWS Roles Anywhere, you way +If you are only using Teleport Workload Identity with AWS Roles Anywhere, you may structure your SPIFFE IDs so that they explicitly specify the AWS role they are allowed to assume. However, it often makes more sense to name the workload or person that will use the SPIFFE ID. See the @@ -168,6 +183,8 @@ Click "Create profile". Now we need to configure Teleport to allow a X.509 certificate to be issued containing the SPIFFE ID we have chosen. +Create `role.yaml` with the following content: + ```yaml kind: role version: v6 @@ -184,6 +201,12 @@ Replace: - `my-workload-roles-anywhere` with a descriptive name for the role. - `/my-workload` with the path part of the SPIFFE ID you have chosen. +Apply this role to your Teleport cluster using `tctl`: + +```code +$ tctl create -f role.yaml +``` + If you intend this SPIFFE ID to be issued by a human, you now need to assign this role to their user: @@ -199,7 +222,7 @@ this role to the bot: $ tctl bots update my-bot --add-roles my-workload-roles-anywhere ``` -## Step 3/4. Issue Workload ID certificates +## Step 3/4. Issue Workload Identity certificates ### For machines using `tbot` diff --git a/docs/pages/enroll-resources/workload-identity/best-practices.mdx b/docs/pages/enroll-resources/workload-identity/best-practices.mdx index a18fa57a7bb95..7b94082383458 100644 --- a/docs/pages/enroll-resources/workload-identity/best-practices.mdx +++ b/docs/pages/enroll-resources/workload-identity/best-practices.mdx @@ -3,12 +3,7 @@ title: Best Practices for Teleport Workload Identity description: Answers common questions and describes best practices for using Teleport Workload Identity in production. --- - -Teleport Workload Identity is currently in Preview. This means that some -features may be missing. We're actively looking for design partners to help us -shape the future of Workload Identity and would love to -[hear your feedback](mailto:product@goteleport.com). - +(!/docs/pages/includes/workload-id-preview.mdx!) This page covers common questions and best practices for using Teleport's Workload Identity feature in production. diff --git a/docs/pages/enroll-resources/workload-identity/federation.mdx b/docs/pages/enroll-resources/workload-identity/federation.mdx index 24c0e2b55d29c..dea8d0ab64a98 100644 --- a/docs/pages/enroll-resources/workload-identity/federation.mdx +++ b/docs/pages/enroll-resources/workload-identity/federation.mdx @@ -3,12 +3,7 @@ title: SPIFFE Federation description: An overview of the Teleport Workload Identity SPIFFE Federation feature. --- - -Teleport Workload Identity is currently in Preview. This means that some -features may be missing. We're actively looking for design partners to help us -shape the future of Workload Identity and would love to -[hear your feedback](mailto:product@goteleport.com). - +(!/docs/pages/includes/workload-id-preview.mdx!) Federation allows a relationship to be established between your Teleport Workload Identity trust domain and another trust domain, enabling workloads diff --git a/docs/pages/enroll-resources/workload-identity/gcp-workload-identity-federation-jwt.mdx b/docs/pages/enroll-resources/workload-identity/gcp-workload-identity-federation-jwt.mdx new file mode 100644 index 0000000000000..95be984161a08 --- /dev/null +++ b/docs/pages/enroll-resources/workload-identity/gcp-workload-identity-federation-jwt.mdx @@ -0,0 +1,388 @@ +--- +title: Configuring Workload Identity and GCP Workload Identity Federation with JWTs +description: Configuring GCP to accept Workload Identity JWTs as authentication using Workload Identity Federation +--- + +(!/docs/pages/includes/workload-id-preview.mdx!) + +Teleport Workload Identity issues flexible short-lived identities in JWT format. +GCP Workload Identity Federation allows you to use these JWTs to authenticate to +GCP services. + +This can be useful in cases where a machine needs to securely authenticate with +GCP services without the use of a long-lived credential. This is because the +machine can authenticate with Teleport without using any shared secrets by +using one of our delegated join methods. + +In this guide, we'll configure Teleport Workload Identity and GCP to allow our +workload to authenticate to the GCP Cloud Storage API and upload content to a +bucket. + +## How it works + +This implementation differs from using the Teleport Application Service to protect +GCP APIs in a few ways: + +- Requests to GCP are not proxied through the Teleport Proxy Service, meaning + reduced latency but also less visibility, as these requests will not be + recorded in Teleport's audit log. +- Workload Identity works with any GCP client, including the command-line tool + but also their SDKs. +- Using the Teleport Application Service to access GCP does not work with Machine ID + and therefore cannot be used when a machine needs to authenticate with AWS. + +## Prerequisites + +(!docs/pages/includes/edition-prereqs-tabs.mdx!) + +- (!docs/pages/includes/tctl.mdx!) +- `tbot` must already be installed and configured on the host where the +workloads which need to access Teleport Workload Identity will run. For more +information, see the [deployment guides](../machine-id/deployment.mdx). + + +Issuing JWT SVIDs with Teleport Workload Identity requires at minimum version +16.4.3. + + +### Deciding on a SPIFFE ID structure + +Within Teleport Workload Identity, all identities are represented using a +SPIFFE ID. This is a URI that uniquely identifies the entity that the identity +represents. The scheme is always `spiffe://`, and the host will be the name of +your Teleport cluster. The structure of the path of this URI is up to you. + +For the purposes of this guide, we will be granting access to GCP to the +`spiffe://example.teleport.sh/svc/example-service` SPIFFE ID. + +If you have already deployed Teleport Workload Identity, then you will already +have a SPIFFE ID structure in place. If you have not, then you will need to +decide on a structure for your SPIFFE IDs. + +If you are only using Teleport Workload Identity with GCP Workload Identity +Federation, you may structure your SPIFFE IDs so that they explicitly specify +the GCP service account they are allowed to assume. However, it often makes more +sense to name the workload or person that will use the SPIFFE ID. See the +[best practices guide](./best-practices.mdx) for further advice. + +## Step 1/4. Configure GCP + +Configuring GCP Workload Identity Federation for the first time involves a few +steps. Some of these may not be necessary if you have previously configured GCP +Workload Identity Federation for your Teleport cluster. + +### Create a Workload Identity Pool and OIDC Provider + +First, you'll need to create a workload identity pool and an OIDC provider +within this pool in GCP. A workload identity pool is an entity for managing +how external workload identities are represented within GCP. + +The provider configures how the external identities should authenticate to the +pool. Since Teleport Workload Identity issues OIDC compatible JWT-SVIDs, you'll +use the OIDC provider type. + +When configuring the pool, you need to choose a name to identify it. This name +should uniquely identify the source of the workload identities. It may make +sense to name it after your Teleport cluster. In this example, it will be called +`workload-id-pool`. + +When configuring the provider, you need to specify the issuer URI. This will be +the public address of your Teleport Proxy Service with the path +`/workload-identity` appended. Your Teleport Proxy Service must be accessible +by GCP in order for OIDC federation to work. + +You'll also specify an "attribute mapping". This determines how GCP will map the +identity within the JWT to a principal in GCP. Since we're using SVIDs, we'll +map the `sub` claim within the JWT to the `google.subject` attribute to +be able to use the workload's SPIFFE ID to make authorization decisions in GCP. + + + + +```hcl +data "google_project" "project" {} + +resource "google_iam_workload_identity_pool" "workload_identity" { + workload_identity_pool_id = "workload-id-pool" +} + +resource "google_iam_workload_identity_pool_provider" "workload_identity_oidc" { + workload_identity_pool_id = google_iam_workload_identity_pool.workload_identity.workload_identity_pool_id + workload_identity_pool_provider_id = "workload-id-oidc" + attribute_mapping = { + // Maps the `sub` claim within the JWT to the `google.subject` attribute. + // This will allow it to be used to make Authz decisions in GCP. + "google.subject" = "assertion.sub" + } + oidc { + // Replace example.teleport.sh with the hostname of your Proxy Service's + // public address. + issuer_uri = "https://example.teleport.sh/workload-identity" + } +} +``` + + + +Use the `gcloud` CLI to create a workload identity pool: + +```code +# Replace "workload-id-pool" with a meaningful, unique name. +$ gcloud iam workload-identity-pools create workload-id-pool \ + --location="global" +``` + +Use the `gcloud` CLI to create a workload identity provider: + +```code +# Replace "workload-id-pool" with the name of the pool you just created and +# "workload-id-oidc" with a meaningful, unique name. +$ gcloud iam workload-identity-pools providers create-oidc workload-id-oidc \ + --location="global" \ + # This should match the name of the pool you just created. + --workload-identity-pool="workload-id-pool" \ + # Replace example.teleport.sh with the hostname of your Proxy Service's + # public address. + --issuer-uri="https://example.teleport.sh/workload-identity" \ + # Maps the `sub` claim within the JWT to the `google.subject` attribute. + # This will allow it to be used to make Authz decisions in GCP. + --attribute-mapping="google.subject=assertion.sub" +``` + + + + + +### Create a storage bucket and RBAC + +For the purposes of this guide, we'll be granting the workload access to a +GCP storage bucket. You can substitute this step to grant access to a different +service within GCP of your choice. + +We'll be granting our workload identity direct access to the resource without +the workload assuming a service account. + +To do this, we use the principal that is generated by the workload identity +federation pool based on the attribute mapping that we have already configured. +This principal can be used directly in IAM policies to grant privileges to a +workload identity. The principal contains the GCP project number, the name of +the workload identity pool and the SPIFFE ID. It takes the following format: + +`principal://iam.googleapis.com/projects/$PROJECT_NUMBER/locations/global/workloadIdentityPools/$POOL_NAME/subject/$SPIFFE_ID` + +It is also possible to grant a workload the ability to assume a service account. +This is not covered within this guide, but, can be useful in scenarios where you +already have a service account created with the necessary privileges and now +wish to allow the workload to use this without the use of a long-lived shared +secret. + + + + +```hcl +resource "google_storage_bucket" "demo" { + // Replace with a meaningful, unique name. + name = "example" + location = "EU" + force_destroy = true + + uniform_bucket_level_access = true +} + +locals { + // Replace with the SPIFFE ID of the workload that will access the bucket. + allow_spiffe_id = "spiffe://example.teleport.sh/svc/example-service" +} + +resource "google_storage_bucket_iam_binding" "binding" { + bucket = google_storage_bucket.demo.name + role = "roles/storage.admin" + members = [ + "principal://iam.googleapis.com/projects/${data.google_project.project.number}/locations/global/workloadIdentityPools/${google_iam_workload_identity_pool.leaf_cluster.workload_identity_pool_id}/subject/${local.allow_spiffe_id}", + ] +} +``` + + + + +Create a storage bucket using the `gcloud` CLI: + +```code +# Replace "example" with a meaningful, unique name. +$ gcloud storage buckets create gs://example \ + --location=EU \ + --uniform-bucket-level-access +``` + +Use the `gcloud` CLI to grant our workload access to the bucket: + +```code +$ ROLE="roles/storage.admin" +# Replace PROJECT_NUMBER with your GCP project number. +$ PROJECT_NUMBER="123456789000" +# Replace POOL_ID with the ID of the Workload Identity Pool you created. +$ POOL_ID="workload-id-pool" +# Replace SPIFFE_ID with the SPIFFE ID of the workload that will access the bucket. +$ SPIFFE_ID="spiffe://example.teleport.sh/svc/example-service" +$ MEMBER="principal://iam.googleapis.com/projects/${PROJECT_NUMBER}/locations/global/workloadIdentityPools/${POOL_ID}/subject/${SPIFFE_ID}" +$ gcloud storage buckets add-iam-policy-binding gs://example --member=$MEMBER --role=$ROLE +``` + + + + +## Step 2/4. Configure Teleport RBAC + +Now we need to configure Teleport to allow a JWT to be issued containing the +SPIFFE ID we have chosen. + +Create `role.yaml` with the following content: + +```yaml +kind: role +version: v6 +metadata: + name: my-workload-gcp +spec: + allow: + spiffe: + - path: /svc/example-service +``` + +Replace: + +- `my-workload-gcp` with a descriptive name for the role. +- `/svc/example-service` with the path part of the SPIFFE ID you have chosen. + +Apply this role to your Teleport cluster using `tctl`: + +```code +$ tctl create -f role.yaml +``` + +You now need to assign this role to the bot: + +```code +$ tctl bots update my-bot --add-roles my-workload-gcp +``` + +## Step 3/4. Issue Workload Identity JWTs + +You'll now configure `tbot` to issue and renew the short-lived JWT SVIDs for +your workload. It'll write the JWT as a file on disk, where you can then +configure GCP clients and SDKs to read it. + +Before configuring this, you'll need to determine the correct audience to +request in the JWT SVIDs. This is specific to the Workload Identity Federation +configuration you have just created and contains three components: + +- The project number of your GCP project +- The name of your Workload Identity Federation pool as configured in GCP +- The name of your Workload Identity Federation provider as configured in GCP + +It has the following format: `https://iam.googleapis.com/projects/$PROJECT_NUMBER/locations/global/workloadIdentityPools/$POOL_NAME/providers/$PROVIDER_NAME`. + +Take your already deployed `tbot` service and configure it to issue SPIFFE SVIDs +by adding the following to the `tbot` configuration file: + +```yaml +outputs: + - type: spiffe-svid + destination: + type: directory + path: /opt/workload-identity + svid: + path: /svc/example-service + jwts: + - audience: https://iam.googleapis.com/projects/123456789000/locations/global/workloadIdentityPools/workload-id-pool/providers/workload-id-oidc + file_name: gcp-jwt +``` + +Replace: + +- `123456789000` with your GCP project number. +- `workload-id-pool` with the name of your Workload Identity Federation pool. +- `workload-id-oidc` with the name of your Workload Identity Federation provider. + +Restart your `tbot` service to apply the new configuration. You should see a +file created at `/opt/workload-identity/gcp-jwt` containing the JWT. + +## Step 4/4. Configure GCP CLIs and SDKs + +Finally, you need to create a configuration file to configure the GCP CLIs and +SDKs to authenticate using Workload Identity. This configuration file will +specify the path to the JWT file that `tbot` is writing and will specify which +Workload Identity Federation pool and provider to use. + +You can generate this configuration file using the `gcloud` CLI: + +```code +$ gcloud iam workload-identity-pools create-cred-config \ + projects/123456789000/locations/global/workloadIdentityPools/workload-id-pool/providers/workload-id-oidc \ + --output-file=gcp-workload-identity.json \ + --credential-source-file=/opt/workload-identity/gcp-jwt \ + --credential-source-type=text +``` + +Replace: + +- `123456789000` with your GCP project number. +- `workload-id-pool` with the name of your Workload Identity Federation pool. +- `workload-id-oidc` with the name of your Workload Identity Federation provider. +- `/opt/workload-identity/gcp-jwt` with the path to the JWT file that `tbot` is + writing. + +The command should have created a file called `gcp-workload-identity.json` in +the current directory. + +### `gcloud` CLI + +To configure the `gcloud` CLI to authenticate using Workload Identity, you use +the `gcloud auth login` command and specify the path to the configuration file +that you have just created: + +```code +$ gcloud auth login --cred-file gcp-workload-identity.json +``` + +You can now test authenticating to the GCP Storage API. Create a file which +you can upload to your bucket: + +```code +$ echo "Hello, World!" > hello.txt +``` + +Now, use the `gcloud` CLI to upload this file to your bucket: + +```code +$ gcloud storage cp hello.txt gs://example +``` + +If everything is configured correctly, you should see this file uploaded to your +bucket. Inspecting the audit logs on GCP should indicate that the request was +authenticated using Workload Identity and specify the SPIFFE ID of the workload +that made the request. + +### GCP SDKs + +To configure the GCP SDKs to authenticate using Workload Identity, you need to +set the `GOOGLE_APPLICATION_CREDENTIALS` environment variable to the path of the +configuration file that you have just created: + +```code +$ export GOOGLE_APPLICATION_CREDENTIALS=gcp-workload-identity.json +``` + +## Next steps + +- [GCP Workload Identity Federation documentation](https://cloud.google.com/iam/docs/workload-identity-federation): +The official GCP documentation for Workload Identity Federation. +- [Workload Identity Overview](./introduction.mdx): Overview of Teleport +Workload Identity. +- [JWT SVID Overview](./jwt-svids.mdx): Overview of the JWT SVIDs issued by +Teleport Workload Identity. +- [Best Practices](./best-practices.mdx): Best practices for using Workload +Identity in Production. +- Read the [configuration reference](../../reference/machine-id/configuration.mdx) to explore +all the available configuration options. diff --git a/docs/pages/enroll-resources/workload-identity/getting-started.mdx b/docs/pages/enroll-resources/workload-identity/getting-started.mdx index 1b99f0db1f702..9fd17e23f2b40 100644 --- a/docs/pages/enroll-resources/workload-identity/getting-started.mdx +++ b/docs/pages/enroll-resources/workload-identity/getting-started.mdx @@ -3,12 +3,7 @@ title: Getting Started with Workload Identity description: Getting started with Teleport Workload Identity for SPIFFE and Machine ID --- - -Teleport Workload Identity is currently in Preview. This means that some -features may be missing. We're actively looking for design partners to help us -shape the future of Workload Identity and would love to -[hear your feedback](mailto:product@goteleport.com). - +(!/docs/pages/includes/workload-id-preview.mdx!) Teleport's Workload Identity issues flexible short-lived identities intended for workloads. It is compatible with the industry-standard SPIFFE specification @@ -63,7 +58,7 @@ Now, use `tctl bots update` to add the role to the Bot. Replace `example-bot` with the name of the Bot you created in the deployment guide and `spiffe-issuer` with the name of the role you just created: -```bash +```code $ tctl bots update example-bot --add-roles spiffe-issuer ``` @@ -193,7 +188,7 @@ Use the `spiffe-inspect` command with `--path` to specify the path to the Workload API socket, replacing `/opt/machine-id/workload.sock` with the path you configured in the previous step: -```bash +```code $ tbot spiffe-inspect --path unix:///opt/machine-id/workload.sock INFO [TBOT] Inspecting SPIFFE Workload API Endpoint unix:///opt/machine-id/workload.sock tbot/spiffe.go:31 INFO [TBOT] Received X.509 SVID context from Workload API bundles_count:1 svids_count:1 tbot/spiffe.go:46 diff --git a/docs/pages/enroll-resources/workload-identity/introduction.mdx b/docs/pages/enroll-resources/workload-identity/introduction.mdx index a29288662e654..a2670483a5586 100644 --- a/docs/pages/enroll-resources/workload-identity/introduction.mdx +++ b/docs/pages/enroll-resources/workload-identity/introduction.mdx @@ -1,157 +1,114 @@ --- title: Introduction to Workload Identity -description: Describes Teleport Workload Identity, which issues flexible, short-lived identities to secure workload-to-workload communications. +description: Describes Teleport Workload Identity, which securely issues flexible, short-lived cryptographic identities to workloads and non-human identities. --- - -Teleport Workload Identity is currently in Preview. This means that some -features may be missing. We're actively looking for design partners to help us -shape the future of Workload Identity and would love to -[hear your feedback](mailto:product@goteleport.com). - - -Teleport's Workload Identity issues flexible short-lived identities intended -for workloads. The term workload refers generally to pieces of software running -within your system. These identities can be used to secure workload to workload -communication (e.g mTLS) or to allow these workloads to access third party -systems. +(!/docs/pages/includes/workload-id-preview.mdx!) + +Teleport Workload Identity securely issues short-lived cryptographic identities +to workloads. It is a flexible foundation for workload identity across your +infrastructure, creating a uniform way for your workloads to authenticate +regardless of where they are running. + +The flexible nature of Teleport Workload Identity enables it to be used for a +range of purposes, including: + +- Workload authentication to third-party APIs on cloud platforms such as AWS, + GCP and Azure. +- Providing X.509 certificates for mutual TLS authentication between workloads + within your infrastructure as part of a Zero Trust strategy. +- Workload authentication between services within your infrastructure. + +Teleport Workload Identity is compatible with the open-source +[Secure Production Identity Framework For Everyone (SPIFFE)](./spiffe.mdx) +standard. This enables interoperability between workload identity +implementations and also provides a wealth of off-the-shelf tools and SDKs to +simplify integration with your workloads. + +There's a whole host of benefits to adopting Teleport Workload Identity, but +here's some of the key ones: + +- Eliminate the use of long-lived shared secrets within your infrastructure, and + reduce the risk of exfiltration and time spent by engineers creating and + rotating these secrets. +- Establish an out of the box universal form of identity for your workloads, + enabling your engineers to get on with building new services without needing + to think about how they'll authenticate. +- Converge on a first-class form of identity for your workloads, simplifying + infrastructure by reducing the number of different ways workloads authenticate. + +## How it works + +Teleport Workload Identity establishes a root certificate authority within your +Teleport cluster that will be responsible for issuing the short-lived JWTs and +X509 certificates to workloads. + +These identities are also known as SPIFFE Verifiable Identity Documents (SVIDs) +and contain the identity of the workload encoded as a URI, also known as a +SPIFFE ID. The structure of this SPIFFE ID is up to you and can encode any +information you need to uniquely identify your workload. + +The ability to request these identities is controlled by Teleport's Role-Based +Access Control system. Users and Bots are granted roles which will allow them to +request identities with specific SPIFFE IDs. + +The `tbot` agent is installed in close proximity to workloads which require an +identity. It manages the process of requesting and renewing the identities for +the workloads. The `tbot` agent authenticates to the Teleport cluster using one +of our support join methods, which in many cases enable it to authenticate +on the basis of federated trust rather than the use of long-lived secrets. + +Workloads can receive their identities in one of two ways: + +- The `tbot` agent can write these identities to a directory on the local + filesystem, or, to a Kubernetes secret. +- The `tbot` agent can expose a SPIFFE Workload API. A standardized gRPC API + that allows workloads to request their identities directly from the `tbot` + agent. + +When using the Workload API, the `tbot` agent can perform an additional process +called Workload Attestation. This allows the issuance of identities to be +restricted to specific workloads. For example, you can restrict an identity to +only be issued to a Linux process with a specific UID or GID, or restrict an +identity to only be issued to a specific Kubernetes pod. The Workload +Attestation process eliminates the need for a "bootstrapping" secret to be +provided to the workloads. + +![Workload ID overview](../../../img/workload-identity/intro-diagram.png) + +Once the workload has its identity, it can be used for a range of purposes. The +X.509 certificates can be used to establish Mutual TLS, and the JWTs can be used +to authenticate with a range of third-party APIs. + +## Teleport Workload Identity vs Machine ID + +Teleport Machine ID issues short-lived credentials to workloads to enable them +to access resources secured by the Teleport cluster. The credentials issued are +only compatible with Teleport itself, and access to resources must be through +the Teleport Proxy. + +Teleport Workload Identity issues cryptographic identities that are compatible +with the popular SPIFFE standard for interoperable workload identity. These +identities are flexible enough to be used for a range of purposes. The +Teleport Proxy is not used for securing workload-to-workload communication. -It is compatible with the industry-standard -[Secure Production Identity Framework For Everyone (SPIFFE) Specification](https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE.md) -meaning that it can be used in place of other SPIFFE compatible identity -providers. - -Teleport Workload Identity brings a number of Teleport features you are -already familiar with, such as: - -- Auditing of the issuance of SPIFFE SVIDs. -- RBAC for limiting access to SPIFFE IDs to specific machines and users. -- Rotation and management of the SPIFFE CA. -- Using Teleport SPIFFE CA with 3rd party services such as AWS Roles Anywhere. - -Teleport Workload Identity is different from Teleport Machine Identity in that -it is intended for workload to workload communication and is not -intended to grant access to the Teleport cluster itself. Workload Identity does -not leverage the Teleport Proxy. - -## What is SPIFFE? - -SPIFFE (Secure Production Identity Framework For Everyone) is a set of standards -for securely identifying workloads. - -SPIFFE sets out: - -- A format for uniquely specifying an identity, the SPIFFE ID. -- Standards for encoding the SPIFFE ID into verifiable documents, the SVID. -- Processes that workloads should use to validate a received SVID. -- A set of APIs that workloads can use to request SVIDS, the Workload API. - -The open nature and popularity of SPIFFE make it a great choice as a foundation -for a full workload identity implementation. It is supported as an identity -provider by a number of popular tools (such as Linkerd and Istio) and -off-the-shelf SDKs exist for implementing SPIFFE directly into your own -services. - -It's important to recognize that SPIFFE does not specify how to use SPIFFE IDs -for authorization. This gives a high level of flexibility, allowing you to -implement authorization in a way that suits you. - -## SPIFFE IDs and Trust Domains - -The basis of identity in SPIFFE is the SPIFFE ID. This is a unique string that -identifies a workload. The SPIFFE ID is formatted as a URI with a scheme of -`spiffe` and contains a trust domain and a workload identifier. - -The trust domain is the "root of trust" for your workload identities. Workloads -within the trust domain are issued identities by authorities within the trust -domain, and using the root keys of the trust domain, it is possible to -validate these identities. The trust domain is encoded as the host within the -URI. For Teleport Workload Identity, the trust domain is your Teleport cluster, -and this is represented by the name configured for the cluster, -e.g `example.teleport.sh`. - -The workload identifier is encoded in the URI as the path. This should be a -string that identifies your workload within the trust domain. What you include -within this path is up to you and your application's requirements. Typically, -the hierarchical nature of the path is leveraged. For example, you had the -service `foo` operating in the `europe` region, you may wish to represent this -as: `/region/europe/svc/foo`. - -Together, this produces a SPIFFE ID that looks like: - -``` -spiffe://example.teleport.sh/region/europe/svc/foo -``` - -## Secure Verifiable Identity Documents (SVIDs) - -The SPIFFE ID may be a unique identifier for a workload, but provides no way -for a workload to verifiably prove its identity. This is where the Secure -Verifiable Identity Documents (SVIDs) come in. - -The SVID is a document that encodes the SPIFFE ID and a cryptographic proof -which allows the SVID to be verified as issued by a trusted authority. - -SPIFFE sets out two formats for SVIDs: - -- X.509-SVID: These are X.509 certificates that include the SPIFFE ID encoded in - the URI SAN field. This certificate is then signed by a trusted authority - within the trust domain. -- JWT-SVID: These are JWT tokens that include the SPIFFE ID as the `sub` claim. - These are signed by a trusted authority within the trust domain. - -The data needed by a workload to verify a SVID is known as the trust bundle. -This is a set of certificates belonging to the trusted authorities within the -trust domain. - -## Workload API - -The Workload API is a standardized gRPC API that workloads should use to request -SVIDs and trust bundles from a SPIFFE identity provider. The Workload API -server also handles automatically renewing the credentials for subscribed -workloads. - -The Workload API is usually exposed by an agent that is installed on the same -host as the workloads and is accessed using a unix socket rather than a TCP -endpoint. It can perform basic authentication and authorization of the workload -before issuing SVIDs. This is known as Workload Attestation. - -## Teleport's Workload Identity - -Teleport's Workload Identity is an implementation of SPIFFE. Each Teleport -cluster acts as a SPIFFE trust domain, with the Auth Service as a certificate -authority for issuing SVIDs. +## Next steps -Teleport's RBAC system is used to control which Bots and Users are able to -request a SVID for a given SPIFFE ID. Roles can specify which SPIFFE IDs can -be issued and this role is then granted to the Bot or User. For example: +Learn more about Teleport Workload Identity: -```yaml -kind: role -version: v6 -metadata: - name: europe-foo-svid-issuer -spec: - allow: - spiffe: - - path: "/region/europe/svc/foo" -``` - -The SPIFFE Workload API is implemented as a configurable service within the -`tbot` agent. The `tbot` agent should be installed close to the workloads that -need to request SVIDs, and they can then use the Workload API exposed by `tbot` -to fetch SVIDs and Trust Bundles. - -Teleport's Workload Identity currently only supports issuing X.509-SVIDs. +- [SPIFFE](./spiffe.mdx): Learn about the SPIFFE specification and how it is implemented by Teleport Workload Identity. +- [Workload Attestation](./workload-attestation.mdx): Learn about using Workload Attestation to securely issue SVIDs to specific workloads. +- [Federation](./federation.mdx): Learn about using Federation to allow workloads to trust workloads from other trust domains. +- [JWT SVIDs](./jwt-svids.mdx): Learn about the short-lived JWTs issued by Workload Identity. +- [Best Practices](./best-practices.mdx): Best practices for using Workload Identity in Production. -## Next steps +Learn how to configure Teleport Workload Identity for specific use-cases: - [Getting Started](./getting-started.mdx): How to configure Teleport for Workload Identity. -- [Best Practices](./best-practices.mdx): Best practices for using Workload Identity in Production. -- [Workload Attestation](./workload-attestation.mdx): Learn about using Workload Attestation to securely issue SVIDs to specific workloads. -- [Federation](./federation.mdx): Learn about using Federation to allow workloads to trust workloads from other trust domains. - [TSH Support](./tsh.mdx): How to use `tsh` with Workload Identity to issue SVIDs to users. -- [AWS Roles Anywhere](./aws-roles-anywhere.mdx): Configuring AWS to accept Workload ID certificates as authentication using AWS Roles Anywhere. +- [AWS Roles Anywhere](./aws-roles-anywhere.mdx): Configuring AWS to accept Workload Identity certificates as authentication using AWS Roles Anywhere. +- [AWS OIDC Federation](./aws-oidc-federation.mdx): Configuring AWS to accept Workload Identity JWTs as authentication using AWS OIDC Federation. +- [GCP Workload Identity Federation](./gcp-workload-identity-federation-jwt.mdx): Configuring GCP to accept Workload Identity JWTs as authentication using GCP Workload Identity Federation. ### Other resources diff --git a/docs/pages/enroll-resources/workload-identity/jwt-svids.mdx b/docs/pages/enroll-resources/workload-identity/jwt-svids.mdx new file mode 100644 index 0000000000000..c4a81d2023b44 --- /dev/null +++ b/docs/pages/enroll-resources/workload-identity/jwt-svids.mdx @@ -0,0 +1,70 @@ +--- +title: JWT SVIDs +description: An overview of the JWT SVIDs issued by Teleport Workload Identity +--- + +(!/docs/pages/includes/workload-id-preview.mdx!) + +One type of credential that can be issued by Teleport Workload Identity is a +JWT SVID. This is a short-lived JSON Web Token (JWT) that contains the identity +of the workload and is signed by the Teleport Workload Identity CA. + +The ability is issue JWT SVIDs has been available since Teleport 16.4.3. + +## Claims + +The JWT contains the following claims: + +- `sub`: The SPIFFE ID of the workload. +- `aud`: The audience of the JWT. This indicates the intended recipient and + limits the potential for token reuse. +- `exp`: The expiration time of the JWT. By default, Teleport issues JWT-SVIDs + with a 5-minute expiration lifetime. +- `iat`: The time at which the JWT was issued. +- `jti`: A unique identifier for this JWT. This allows a JWT-SVID to be + correlated with audit logs pertaining to its issuance. +- `iss`: The issuer of the JWT. This is the host extracted from the public + address configured for your Teleport Proxy Service. + +The JWT-SVID can be useful in scenarios where X509-SVIDs are not suitable. +For example, when the workload needs to authenticate to another workload which +is behind a TLS-terminating load balancer. + +## OIDC Compatibility + +The JWT SVIDs issued by Teleport Workload Identity are compatible with the +specification for OIDC ID Tokens. This means that they can be used by workloads +to authenticate to services that accept OIDC ID tokens as a form of +authentication. + +The OIDC compatibility is powered by two endpoints exposed by the Teleport +Proxy Service: + +- `/workload-identity/.well-known/openid-configuration`: This endpoint exposes + the OIDC configuration for the Teleport Workload Identity CA. This includes + the issuer URL and the supported signing algorithms. +- `/workload-identity/jwt-jwks.json`: This endpoint exposes the public signing + keys for the Teleport Workload Identity CA. + +In order for OIDC federation to function correctly, these two endpoints must be +accessible from the service that you intend to use the JWT SVIDs to +authenticate to. + +Teleport Workload Identity uses the publicly configured address for your +Teleport Proxy service as the issuer URL for OIDC configuration. + +We have tested Teleport Workload Identity issued JWT-SVIDs with the following +platforms: + +- [AWS](./aws-oidc-federation.mdx) +- [Google Cloud Platform](./gcp-workload-identity-federation-jwt.mdx) +- Azure + +## Next steps + +- [Workload Identity Overview](./introduction.mdx): Overview of Teleport +Workload Identity. +- [Best Practices](./best-practices.mdx): Best practices for using Workload +Identity in Production. +- Read the [configuration reference](../../reference/machine-id/configuration.mdx) to explore +all the available configuration options. diff --git a/docs/pages/enroll-resources/workload-identity/spiffe.mdx b/docs/pages/enroll-resources/workload-identity/spiffe.mdx new file mode 100644 index 0000000000000..8a311104dccd4 --- /dev/null +++ b/docs/pages/enroll-resources/workload-identity/spiffe.mdx @@ -0,0 +1,93 @@ +--- +title: Introduction to SPIFFE +description: Learn about Secure Production Identity Framework For Everyone (SPIFFE) and how it is implemented by Teleport Workload Identity +--- + +SPIFFE (Secure Production Identity Framework For Everyone) is a set of standards +for securely identifying workloads. + +SPIFFE sets out: + +- A format for uniquely specifying an identity called SPIFFE ID. +- Standards for encoding the SPIFFE ID into verifiable documents which are + called SVIDs (SPIFFE Verifiable Identity Document), and which come in a JWT + and X.509 format. +- Processes that workloads should use to validate a received SVID. +- A set of APIs that workloads can use to request SVIDS, the Workload API. + +The open nature and popularity of SPIFFE make it well-suited as the foundation +of a full workload identity implementation. It is supported as an identity +provider by a number of popular tools (such as Linkerd and Istio) and +off-the-shelf SDKs exist for implementing SPIFFE directly into your own +services. + +It's important to recognize that SPIFFE does not specify how to use SPIFFE IDs +for authorization. This gives a high level of flexibility, allowing you to +implement authorization in a way that suits you. + +## SPIFFE IDs and trust domains + +The basis of identity in SPIFFE is the SPIFFE ID. This is a unique string that +identifies a workload. The SPIFFE ID is formatted as a URI with a scheme of +`spiffe` and contains a trust domain and a workload identifier. + +The trust domain is the "root of trust" for your workload identities. Workloads +within the trust domain are issued identities by authorities within the trust +domain, and using the root keys of the trust domain, it is possible to +validate these identities. The trust domain is encoded as the host within the +URI. For Teleport Workload Identity, the trust domain is your Teleport cluster, +and this is represented by the name configured for the cluster, +e.g `example.teleport.sh`. + +The workload identifier is encoded in the URI as the path. This should be a +string that identifies your workload within the trust domain. What you include +within this path is up to you and your application's requirements. Typically, +the hierarchical nature of the path is leveraged. For example, you had the +service `foo` operating in the `europe` region, you may wish to represent this +as: `/region/europe/svc/foo`. + +Together, this produces a SPIFFE ID that looks like: + +``` +spiffe://example.teleport.sh/region/europe/svc/foo +``` + +## Secure Verifiable Identity Documents (SVIDs) + +The SPIFFE ID may be a unique identifier for a workload, but provides no way +for a workload to verifiably prove its identity. This is where the Secure +Verifiable Identity Documents (SVIDs) come in. + +The SVID is a document that encodes the SPIFFE ID and a cryptographic proof +which allows the SVID to be verified as issued by a trusted authority. + +SPIFFE sets out two formats for SVIDs: + +- X.509-SVID: These are X.509 certificates that include the SPIFFE ID encoded in + the URI SAN field. This certificate is then signed by a trusted authority + within the trust domain. +- JWT-SVID: These are JWT tokens that include the SPIFFE ID as the `sub` claim. + These are signed by a trusted authority within the trust domain. + +The data needed by a workload to verify a SVID is known as the trust bundle. +This is a set of certificates belonging to the trusted authorities within the +trust domain. + +## Workload API + +The Workload API is a standardized gRPC API that workloads should use to request +SVIDs and trust bundles from a SPIFFE identity provider. The Workload API +server also handles automatically renewing the credentials for subscribed +workloads. + +The Workload API is usually exposed by an agent that is installed on the same +host as the workloads and is accessed using a unix socket rather than a TCP +endpoint. It can perform basic authentication and authorization of the workload +before issuing SVIDs. This is known as Workload Attestation. + +## Next steps + +- [Workload Identity Overview](./introduction.mdx): Overview of Teleport + Workload Identity. +- [SPIFFE Website](https://spiffe.io/): Learn more about the SPIFFE + specification. \ No newline at end of file diff --git a/docs/pages/enroll-resources/workload-identity/tsh.mdx b/docs/pages/enroll-resources/workload-identity/tsh.mdx index 82838b084850d..4cc5f7bfc46ad 100644 --- a/docs/pages/enroll-resources/workload-identity/tsh.mdx +++ b/docs/pages/enroll-resources/workload-identity/tsh.mdx @@ -3,12 +3,7 @@ title: Workload Identity and tsh description: Issuing SPIFFE SVIDs using Workload Identity and tsh --- - -Teleport Workload Identity is currently in Preview. This means that some -features may be missing. We're actively looking for design partners to help us -shape the future of Workload Identity and would love to -[hear your feedback](mailto:product@goteleport.com). - +(!/docs/pages/includes/workload-id-preview.mdx!) In some scenarios, you may wish to issue a SPIFFE SVID manually, without using Machine ID. This can be useful in scenarios where you need to impersonate a diff --git a/docs/pages/enroll-resources/workload-identity/workload-attestation.mdx b/docs/pages/enroll-resources/workload-identity/workload-attestation.mdx index 2936d28bf7559..9c3c6423f090a 100644 --- a/docs/pages/enroll-resources/workload-identity/workload-attestation.mdx +++ b/docs/pages/enroll-resources/workload-identity/workload-attestation.mdx @@ -3,12 +3,7 @@ title: Workload Attestation description: An overview of the Teleport Workload Identity Workload Attestation feature. --- - -Teleport Workload Identity is currently in Preview. This means that some -features may be missing. We're actively looking for design partners to help us -shape the future of Workload Identity and would love to -[hear your feedback](mailto:product@goteleport.com). - +(!/docs/pages/includes/workload-id-preview.mdx!) Workload Attestation is the process completed by `tbot` to assert the identity of a workload that has connected to the Workload API and requested certificates. diff --git a/docs/pages/includes/access-request-integrations.mdx b/docs/pages/includes/access-request-integrations.mdx index 27c6f2dd38b09..7cd736084610c 100644 --- a/docs/pages/includes/access-request-integrations.mdx +++ b/docs/pages/includes/access-request-integrations.mdx @@ -8,4 +8,5 @@ | Email | Messaging | [Set up email](../admin-guides/access-controls/access-request-plugins/ssh-approval-email.mdx) | | Discord | Messaging | [Set up Discord](../admin-guides/access-controls/access-request-plugins/ssh-approval-discord.mdx) | | OpsGenie | Incident Management | [Set up OpsGenie](../admin-guides/access-controls/access-request-plugins/opsgenie.mdx) | -| ServiceNow | Workflow | [Set up ServiceNow](../admin-guides/access-controls/access-request-plugins/servicenow.mdx) | \ No newline at end of file +| ServiceNow | Workflow | [Set up ServiceNow](../admin-guides/access-controls/access-request-plugins/servicenow.mdx) | +| Datadog | Incident Management | [Set up Datadog](../admin-guides/access-controls/access-request-plugins/datadog-hosted.mdx) | diff --git a/docs/pages/includes/config-reference/app-service.yaml b/docs/pages/includes/config-reference/app-service.yaml index 3fdad53c8506b..36c83f1b7bd53 100644 --- a/docs/pages/includes/config-reference/app-service.yaml +++ b/docs/pages/includes/config-reference/app-service.yaml @@ -22,6 +22,8 @@ app_service: # Optional: For access to cloud provider APIs, specify the cloud # provider. Allowed values are "AWS", "Azure", and "GCP". cloud: "" + # Optional: Free-form description of the application. + description: "Kubernetes Dashboard to development cluster" # URI of Application. For TCP applications # use tcp, ex: tcp://localhost:5432. uri: "http://10.0.1.27:8000" diff --git a/docs/pages/includes/database-access/auto-discovery-tip.mdx b/docs/pages/includes/database-access/auto-discovery-tip.mdx index 484be5f486ae0..024302e261ede 100644 --- a/docs/pages/includes/database-access/auto-discovery-tip.mdx +++ b/docs/pages/includes/database-access/auto-discovery-tip.mdx @@ -1,4 +1,4 @@ This guide shows how to register a single {{ dbType }} with your Teleport cluster. For a more scalable approach, learn how to set up [Database Auto-Discovery](../../enroll-resources/auto-discovery/databases.mdx) to -automatically enroll all {{ provideType }} databases in your infrastructure. +automatically enroll all {{ providerType }} databases in your infrastructure. diff --git a/docs/pages/includes/database-access/auto-user-provisioning/db-definition-default-dbname.mdx b/docs/pages/includes/database-access/auto-user-provisioning/db-definition-default-dbname.mdx index 8db14c3ab953a..f5283bfed938e 100644 --- a/docs/pages/includes/database-access/auto-user-provisioning/db-definition-default-dbname.mdx +++ b/docs/pages/includes/database-access/auto-user-provisioning/db-definition-default-dbname.mdx @@ -1,23 +1,6 @@ {{ default="'teleport'" }} Next, configure the database admin user in the Teleport database configuration: - - -```yaml -db_service: - enabled: "yes" - databases: - - name: "example" - protocol: "{{ protocol }}" - uri: "{{ uri }}" - admin_user: - name: "teleport-admin" - # Optional default database the admin user logs into. Default is - # {{ default }}, if not specified. - # default_database: teleport -``` - - ```yaml kind: db version: v3 @@ -32,11 +15,12 @@ spec: # {{ default }}, if not specified. # default_database: teleport ``` - - - +This example assumes that you have configured the database as a dynamic +resource. If you have configured your database using a static Teleport Database +Service configuration, edit the entry in your `db_service.databases` +configuration. + For auto-discovered cloud databases, the name of the admin user is taken from the `teleport.dev/db-admin` label, and the default database is taken from the `teleport.dev/db-admin-default-database` label. - diff --git a/docs/pages/includes/database-access/auto-user-provisioning/db-definition-self-hosted.mdx b/docs/pages/includes/database-access/auto-user-provisioning/db-definition-self-hosted.mdx index c238a65926a17..84cdb5a0f120c 100644 --- a/docs/pages/includes/database-access/auto-user-provisioning/db-definition-self-hosted.mdx +++ b/docs/pages/includes/database-access/auto-user-provisioning/db-definition-self-hosted.mdx @@ -1,19 +1,5 @@ Next, configure the database admin user in the Teleport database configuration: - - -```yaml -db_service: - enabled: "yes" - databases: - - name: "example" - protocol: "{{ protocol }}" - uri: "{{ uri }}" - admin_user: - name: "teleport-admin" -``` - - ```yaml kind: db version: v3 @@ -25,5 +11,8 @@ spec: admin_user: name: "teleport-admin" ``` - - + +This example assumes that you have configured the database as a dynamic +resource. If you have configured your database using a static Teleport Database +Service configuration, edit the entry in your `db_service.databases` +configuration. diff --git a/docs/pages/includes/database-access/auto-user-provisioning/db-definition.mdx b/docs/pages/includes/database-access/auto-user-provisioning/db-definition.mdx index c2a7749c46055..ac4afded4f7af 100644 --- a/docs/pages/includes/database-access/auto-user-provisioning/db-definition.mdx +++ b/docs/pages/includes/database-access/auto-user-provisioning/db-definition.mdx @@ -1,19 +1,5 @@ Next, configure the database admin user in the Teleport database configuration: - - -```yaml -db_service: - enabled: "yes" - databases: - - name: "example" - protocol: "{{ protocol }}" - uri: "{{ uri }}" - admin_user: - name: "teleport-admin" -``` - - ```yaml kind: db version: v3 @@ -25,10 +11,11 @@ spec: admin_user: name: "teleport-admin" ``` - - - +This example assumes that you have configured the database as a dynamic +resource. If you have configured your database using a static Teleport Database +Service configuration, edit the entry in your `db_service.databases` +configuration. + For auto-discovered cloud databases, the name of the admin user is taken from the `teleport.dev/db-admin` label. - diff --git a/docs/pages/includes/database-access/aws-db-iam-policy-picker.mdx b/docs/pages/includes/database-access/aws-db-iam-policy-picker.mdx index ceae6131fc851..98cf4f96f5a57 100644 --- a/docs/pages/includes/database-access/aws-db-iam-policy-picker.mdx +++ b/docs/pages/includes/database-access/aws-db-iam-policy-picker.mdx @@ -3,12 +3,12 @@ -(!docs/pages/includes/database-access/reference/aws-iam/documentdb/access-policy.mdx!) +(!docs/pages/includes/database-access/reference/aws-iam/documentdb/access-policy.mdx dbUserRole="DatabaseUserRole" !) -(!docs/pages/includes/database-access/reference/aws-iam/dynamodb/access-policy.mdx!) +(!docs/pages/includes/database-access/reference/aws-iam/dynamodb/access-policy.mdx dbUserRole="DatabaseUserRole" !) @@ -18,7 +18,7 @@ -(!docs/pages/includes/database-access/reference/aws-iam/keyspaces/access-policy.mdx!) +(!docs/pages/includes/database-access/reference/aws-iam/keyspaces/access-policy.mdx dbUserRole="DatabaseUserRole" !) @@ -28,7 +28,7 @@ -(!docs/pages/includes/database-access/reference/aws-iam/opensearch/access-policy.mdx!) +(!docs/pages/includes/database-access/reference/aws-iam/opensearch/access-policy.mdx dbUserRole="DatabaseUserRole" !) @@ -43,12 +43,12 @@ -(!docs/pages/includes/database-access/reference/aws-iam/redshift/access-policy.mdx!) +(!docs/pages/includes/database-access/reference/aws-iam/redshift/access-policy.mdx dbUserRole="DatabaseUserRole" !) -(!docs/pages/includes/database-access/reference/aws-iam/redshift-serverless/access-policy.mdx!) +(!docs/pages/includes/database-access/reference/aws-iam/redshift-serverless/access-policy.mdx dbUserRole="DatabaseUserRole" !) diff --git a/docs/pages/includes/device-trust/troubleshooting.mdx b/docs/pages/includes/device-trust/troubleshooting.mdx index 952ae5515c696..bb1e8085f51a1 100644 --- a/docs/pages/includes/device-trust/troubleshooting.mdx +++ b/docs/pages/includes/device-trust/troubleshooting.mdx @@ -22,6 +22,28 @@ for a different solution, we recommend creating udev rules similar to the ones shipped by the [TPM2 Software Stack]( https://github.com/tpm2-software/tpm2-tss/blob/ede63dd1ac1f0a46029d457304edcac2162bfab8/dist/tpm-udev.rules#L4). +### Auto enrollment not working + +Auto-enrollment ceremonies, due to their automated nature, are stricter than +regular enrollment. Additional auto-enrollment checks include: + +1. Verifying device profile data, such as data originated from Jamf, against the + actual device +2. Verifying that the device is not enrolled by another user (auto-enroll cannot + take devices that are already enrolled) + +Check you audit log for clues: look for failed "Device Enroll Token Created" +events and see the "message" field in the details (auto-enroll audit log details +available since Teleport v16.4.6). + +If you suspect (1) is the issue, compare the actual device against its inventory +definition (`tsh device collect` executed in the actual device vs `tctl get +device/`). Tweaking the device profile, manual enrollment or waiting +for the next MDM sync may solve the issue. + +If you suspect (2), you can unenroll the device using `tctl edit +device/` and changing the "enroll_status" field to "not_enrolled". + ### App access and "access to this app requires a trusted device" Follow the instructions in the [Web UI troubleshooting section]( diff --git a/docs/pages/includes/enterprise/oidcauthentication.mdx b/docs/pages/includes/enterprise/oidcauthentication.mdx index 5ecb3a6ce3b3a..136102ea83651 100644 --- a/docs/pages/includes/enterprise/oidcauthentication.mdx +++ b/docs/pages/includes/enterprise/oidcauthentication.mdx @@ -1,39 +1,19 @@ Configure Teleport to use OIDC authentication as the default instead of the local user database. -Follow the instructions for your Teleport edition: - - - - - Update `/etc/teleport.yaml` in the `auth_service` section and restart the `teleport` daemon. - - ```yaml - auth_service: - authentication: - type: oidc - - ``` - - - - - Create a file called `cap.yaml`: - - ```yaml - kind: cluster_auth_preference - metadata: - name: cluster-auth-preference - spec: - type: oidc - version: v2 - ``` - - Create a resource: - - ```code - $ tctl create -f cap.yaml - ``` - - - +Edit your `cluster_auth_preference` resource: + +```code +$ tctl edit cap +``` + +In your editor, ensure that the file contains the following content: + +```yaml +kind: cluster_auth_preference +metadata: + name: cluster-auth-preference +spec: + type: oidc +version: v2 +``` diff --git a/docs/pages/includes/enterprise/samlauthentication.mdx b/docs/pages/includes/enterprise/samlauthentication.mdx index dfabdb7a3ec71..9fcd1e9db5362 100644 --- a/docs/pages/includes/enterprise/samlauthentication.mdx +++ b/docs/pages/includes/enterprise/samlauthentication.mdx @@ -3,11 +3,6 @@ Configure Teleport to use SAML authentication as the default instead of the local user database. -Follow the instructions for your Teleport edition: - - - - Use `tctl` to edit the `cluster_auth_preference` value: ```code @@ -34,20 +29,6 @@ After you save and exit the editor, `tctl` will update the resource: cluster auth preference has been updated ``` - - - -Update `/etc/teleport.yaml` in the `auth_service` section and restart the `teleport` daemon. - -```yaml -auth_service: - authentication: - type: saml -``` - - - - If you need to log in again before configuring your SAML provider, use the flag `--auth=local`. diff --git a/docs/pages/includes/helm-reference/zz_generated.access-datadog.mdx b/docs/pages/includes/helm-reference/zz_generated.access-datadog.mdx new file mode 100644 index 0000000000000..cc90d24bab68e --- /dev/null +++ b/docs/pages/includes/helm-reference/zz_generated.access-datadog.mdx @@ -0,0 +1,417 @@ + +{/* Generated file. Do not edit.*/} +{/* Generate this file by navigating to examples/chart and running make render-chart-ref*/} +## `teleport` + +`teleport` contains the configuration describing how the plugin connects to +your Teleport cluster. + +### `teleport.address` + +| Type | Default | +|------|---------| +| `string` | `""` | + +`teleport.address` is the address of the Teleport cluster the plugin +connects to. The address must contain both the domain name and the port of +the Teleport cluster. It can be either the address of the auth servers or the +proxy servers. + +For example: + - joining a Proxy: `teleport.example.com:443` or `teleport.example.com:3080` + - joining an Auth: `teleport-auth.example.com:3025` + +When the address is empty, `tbot.teleportProxyAddress` +or `tbot.teleportAuthAddress` will be used if they are set. + +### `teleport.identitySecretName` + +| Type | Default | +|------|---------| +| `string` | `""` | + +`teleport.identitySecretName` is the name of the Kubernetes secret +that contains the credentials for the connection to your Teleport cluster. + +The secret should be in the following format: + +```yaml +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: teleport-plugin-datadog-identity +data: + auth_id: #... +``` + +Check out the [Access Requests with +Datadog Incident Management](../../admin-guides/access-controls/access-request-plugins/datadog-hosted.mdx) guide +for more information about how to acquire these credentials. + +### `teleport.identitySecretPath` + +| Type | Default | +|------|---------| +| `string` | `"auth_id"` | + +`teleport.identitySecretPath` is the key in the Kubernetes secret +specified by `teleport.identitySecretName` that holds the credentials for +the connection to your Teleport cluster. If the secret has the path, +`"auth_id"`, you can omit this field. + +## `datadog` + +`datadog` contains the configuration used by the plugin to authenticate to Datadog. + +You can pass the Datadog keys by setting the chart values or using an existing Kubernetes Secret. + +### `datadog.apiEndpoint` + +| Type | Default | +|------|---------| +| `string` | `"https://api.datadoghq.com"` | + +`datadog.apiEndpoint` specifies which Datadog API site to set API +requests. + +### `datadog.apiKey` + +| Type | Default | +|------|---------| +| `string` | `""` | + +`datadog.apiKey` is the Datadog API key used by the plugin to interact +with Datadog. When set, the Chart creates a Kubernetes Secret for you. + +This value has no effect if `datadog.apiKeyFromSecret` is set. + +### `datadog.apiKeyFromSecret` + +| Type | Default | +|------|---------| +| `string` | `""` | + +`datadog.apiKeyFromSecret` is the name of the Kubernetes Secret +containing the Datadog apiKey. When this value is set, you must create the +Secret before creating the chart release. + +### `datadog.apiKeySecretPath` + +| Type | Default | +|------|---------| +| `string` | `"datadogApiKey"` | + +`datadog.apiKeySecretPath` is the Kubernetes Secret key +containing the Datadog API key. The secret name is set via `datadog.apiKeyFromSecret`. + +### `datadog.applicationKey` + +| Type | Default | +|------|---------| +| `string` | `""` | + +`datadog.applicationKey` is the Datadog Application key used by the plugin to interact +with Datadog. When set, the Chart creates a Kubernetes Secret for you. + +This value has no effect if `datadog.applicationKeyFromSecret` is set. + +### `datadog.applicationKeyFromSecret` + +| Type | Default | +|------|---------| +| `string` | `""` | + +`datadog.applicationKeyFromSecret` is the name of the Kubernetes Secret +containing the Datadog applicationKey. When this value is set, you must create the +Secret before creating the chart release. + +### `datadog.applicationKeySecretPath` + +| Type | Default | +|------|---------| +| `string` | `"datadogApplicationKey"` | + +`datadog.applicationKeySecretPath` is the Kubernetes Secret key +containing the Datadog Application key. The secret name is set via `datadog.applicationKeyFromSecret`. + +### `datadog.fallbackRecipient` + +| Type | Default | +|------|---------| +| `string` | `""` | + +`datadog.fallbackRecipient` specifies the default recipient for +Access Request notifications. The recipient can be a Datadog user email or +a team handle. + +### `datadog.severity` + +| Type | Default | +|------|---------| +| `string` | `"SEV-3"` | + +`datadog.severity` specifies the Datadog incident severity. + +## `log` + +`log` controls the plugin logging. + +### `log.severity` + +| Type | Default | +|------|---------| +| `string` | `"INFO"` | + +`log.severity` is the log level for the Teleport process. +Available log levels are: `DEBUG`, `INFO`, `WARN`, `ERROR`. + +The default is `INFO`, which is recommended in production. +`DEBUG` is useful during first-time setup or to see more detailed logs for debugging. + +### `log.output` + +| Type | Default | +|------|---------| +| `string` | `"stdout"` | + +`log.output` sets the output destination for the Teleport process. +This can be set to any of the built-in values: `stdout`, `stderr`. + +The value can also be set to a file path (such as `/var/log/teleport.log`) +to write logs to a file. Bear in mind that a few service startup messages +will still go to `stderr` for resilience. + +## `tbot` + +`tbot` controls the optional tbot deployment that obtains and renews +credentials for the plugin to connect to Teleport. +Only default and mandatory values are described here, see the tbot chart reference +for the full list of supported values. + +### `tbot.enabled` + +| Type | Default | +|------|---------| +| `bool` | `false` | + +`tbot.enabled` controls if tbot should be deployed with the datadog plugin. + +### `tbot.clusterName` + +| Type | Default | +|------|---------| +| `string` | `""` | + +`tbot.clusterName` is the name of the Teleport cluster tbot and the Datadog plugin will join. +Setting this value is mandatory when tbot is enabled. + +### `tbot.teleportProxyAddress` + +| Type | Default | +|------|---------| +| `string` | `""` | + +`tbot.teleportProxyAddress` is the teleport Proxy Service address the bot will connect to. +This must contain the port number, usually 443 or 3080 for Proxy Service. +Connecting to the Proxy Service is the most common and recommended way to connect to Teleport. +This is mandatory to connect to Teleport Enterprise (Cloud). + +This setting is mutually exclusive with `teleportAuthAddress`. + +For example: +```yaml +tbot: + teleportProxyAddress: "test.teleport.sh:443" +``` + +### `tbot.teleportAuthAddress` + +| Type | Default | +|------|---------| +| `string` | `""` | + +`tbot.teleportAuthAddress` is the teleport Auth Service address the bot will connect to. +This must contain the port number, usually 3025 for Auth Service. Direct Auth Service connection +should be used when you are deploying the bot in the same Kubernetes cluster than your `teleport-cluster` +Helm release and have direct access to the Auth Service. +Else, you should prefer connecting via the Proxy Service. + +This setting is mutually exclusive with `teleportProxyAddress`. + +For example: +```yaml +teleportAuthAddress: "teleport-auth.teleport-namespace.svc.cluster.local:3025" +``` + +### `tbot.joinMethod` + +| Type | Default | +|------|---------| +| `string` | `"kubernetes"` | + +`tbot.joinMethod` describes how tbot joins the Teleport cluster. +See [the join method reference](../../reference/join-methods.mdx) for a list fo supported values and detailed explanations. + +## `annotations` + +`annotations` contains annotations to apply to the different Kubernetes +objects created by the chart. See [the Kubernetes annotation +documentation](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) +for more details. + +### `annotations.config` + +| Type | Default | +|------|---------| +| `object` | `{}` | + +`annotations.config` contains the Kubernetes annotations +put on the `ConfigMap` resource created by the chart. + +### `annotations.deployment` + +| Type | Default | +|------|---------| +| `object` | `{}` | + +`annotations.deployment` contains the Kubernetes annotations +put on the `Deployment` or `StatefulSet` resource created by the chart. + +### `annotations.pod` + +| Type | Default | +|------|---------| +| `object` | `{}` | + +`annotations.pod` contains the Kubernetes annotations +put on the `Pod` resources created by the chart. + +### `annotations.secret` + +| Type | Default | +|------|---------| +| `object` | `{}` | + +`annotations.secret` contains the Kubernetes annotations +put on the `Secret` resource created by the chart. +This has no effect when `joinTokenSecret.create` is `false`. + +## `image` + +`image` sets the container image used for plugin pods created by the chart. + +You can override this to use your own plugin image rather than a Teleport-published image. + +### `image.repository` + +| Type | Default | +|------|---------| +| `string` | `"public.ecr.aws/gravitational/teleport-plugin-datadog"` | + +`image.repository` is the image repository. + +### `image.pullPolicy` + +| Type | Default | +|------|---------| +| `string` | `"IfNotPresent"` | + +`image.pullPolicy` is the [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). + +### `image.tag` + +| Type | Default | +|------|---------| +| `string` | `""` | + +`image.tag` Overrides the image tag whose default is the chart appVersion. + +Normally, the version of the Teleport plugin matches the +version of the chart. If you install chart version 15.0.0, you'll use +the plugin version 15.0.0. Upgrading the plugin is done by upgrading the chart. + + +`image.tag` is intended for development and custom tags. This MUST NOT be +used to control the plugin version in a typical deployment. This +chart is designed to run a specific plugin version. You will face +compatibility issues trying to run a different version with it. + +If you want to run the Teleport plugin version `X.Y.Z`, you should use +`helm install --version X.Y.Z` instead. + + +## `imagePullSecrets` + +| Type | Default | +|------|---------| +| `list` | `[]` | + +`imagePullSecrets` is a list of secrets containing authorization tokens +which can be optionally used to access a private Docker registry. + +See the [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) for more details. + +## `podSecurityContext` + +| Type | Default | +|------|---------| +| `object` | `{}` | + +`podSecurityContext` sets the pod security context for any pods created by the chart. +See [the Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) +for more details. + +To unset the security context, set it to `null` or `~`. + +## `securityContext` + +| Type | Default | +|------|---------| +| `object` | `{}` | + +`securityContext` sets the container security context for any pods created by the chart. +See [the Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) +for more details. + +To unset the security context, set it to `null` or `~`. + +## `resources` + +| Type | Default | +|------|---------| +| `object` | `{}` | + +`resources` sets the resource requests/limits for any pods created by the chart. +See [the Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) +for more details. + +## `nodeSelector` + +| Type | Default | +|------|---------| +| `object` | `{}` | + +`nodeSelector` sets the node selector for any pods created by the chart. +See [the Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) +for more details. + +## `tolerations` + +| Type | Default | +|------|---------| +| `list` | `[]` | + +`tolerations` sets the tolerations for any pods created by the chart. +See [the Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) +for more details. + +## `affinity` + +| Type | Default | +|------|---------| +| `object` | `{}` | + +`affinity` sets the affinities for any pods created by the chart. +See [the Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) +for more details. diff --git a/docs/pages/includes/plugins/editor-request-rbac.mdx b/docs/pages/includes/plugins/editor-request-rbac.mdx index a4ee41b8de927..e89ea5fab2451 100644 --- a/docs/pages/includes/plugins/editor-request-rbac.mdx +++ b/docs/pages/includes/plugins/editor-request-rbac.mdx @@ -6,7 +6,7 @@ Create a file called `editor-request-rbac.yaml` with the following content: ```yaml kind: role -version: v5 +version: v7 metadata: name: editor-reviewer spec: @@ -15,7 +15,7 @@ spec: roles: ['editor'] --- kind: role -version: v5 +version: v7 metadata: name: editor-requester spec: diff --git a/docs/pages/includes/plugins/rbac-impersonate.mdx b/docs/pages/includes/plugins/rbac-impersonate.mdx index 22173ad65c565..1456837350be7 100644 --- a/docs/pages/includes/plugins/rbac-impersonate.mdx +++ b/docs/pages/includes/plugins/rbac-impersonate.mdx @@ -13,7 +13,7 @@ a file called `access-plugin-impersonator.yaml`: ```yaml kind: role -version: v5 +version: v7 metadata: name: access-plugin-impersonator spec: diff --git a/docs/pages/includes/plugins/rbac-with-friendly-name.mdx b/docs/pages/includes/plugins/rbac-with-friendly-name.mdx index 553f036c9820b..f7fc43c266427 100644 --- a/docs/pages/includes/plugins/rbac-with-friendly-name.mdx +++ b/docs/pages/includes/plugins/rbac-with-friendly-name.mdx @@ -8,7 +8,7 @@ a file called `access-plugin.yaml`: ```yaml kind: role -version: v5 +version: v7 metadata: name: access-plugin spec: @@ -48,7 +48,7 @@ version: v2 # labels can be further limited to only the resources that access can be # requested to. kind: role -version: v5 +version: v7 metadata: name: list-access-request-resources spec: diff --git a/docs/pages/includes/preset-roles-table.mdx b/docs/pages/includes/preset-roles-table.mdx index 5d757ff8e2e00..c3a2e1a9d829c 100644 --- a/docs/pages/includes/preset-roles-table.mdx +++ b/docs/pages/includes/preset-roles-table.mdx @@ -1,13 +1,13 @@ -| Role | Description | -| --- | --- | -| `access`| Allows access to cluster resources. | -| `editor` | Allows editing of cluster configuration settings. | -| `auditor`| Allows reading cluster events, audit logs, and playing back session records. | -| `requester`| Enterprise-only role that allows a user to create Access Requests. | -| `reviewer`| Enterprise-only role that allows review of Access Requests. | -| `group-access`| Allows access to all user groups. | -| `device-admin`| Used to manage trusted devices. | -| `device-enroll`| Used to grant device enrollment powers to users. | -| `require-trusted-device`| Requires trusted device access to resources. | -| `terraform-provider`| Allows the Teleport Terraform provider to configure all of its supported Teleport resources. | +| Role | Description | Enterprise-only | +| --- | --- | --- | +| `access`| Allows access to cluster resources. | | +| `editor` | Allows editing of cluster configuration settings. | | +| `auditor`| Allows reading cluster events, audit logs, and playing back session records. | | +| `requester`| Allows a user to create Access Requests. | ✔ | +| `reviewer`| Allows review of Access Requests. | ✔ | +| `group-access`| Allows access to all user groups. | ✔ | +| `device-admin`| Used to manage trusted devices. | ✔ | +| `device-enroll`| Used to grant device enrollment powers to users. | ✔ | +| `require-trusted-device`| Requires trusted device access to resources. | ✔ | +| `terraform-provider`| Allows the Teleport Terraform provider to configure all of its supported Teleport resources. | ✔ | diff --git a/docs/pages/includes/role-spec.mdx b/docs/pages/includes/role-spec.mdx index 77c15fd482c47..3030a255d21f0 100644 --- a/docs/pages/includes/role-spec.mdx +++ b/docs/pages/includes/role-spec.mdx @@ -88,6 +88,11 @@ spec: # if unspecified. If one or more of the user's roles has disabled # the clipboard, then it will be disabled. desktop_clipboard: true + # Specify whether directory sharing should be allowed from the + # local machine to remote desktop (requires a supported browser). Defaults to true + # if unspecified. If one or more of the user's roles has disabled + # directory sharing, then it will be disabled. + desktop_directory_sharing: true # enterprise-only: when enabled, the source IP that was used to log in is embedded in the user # certificates, preventing a compromised certificate from being used on another # network. The default is false. diff --git a/docs/pages/includes/tpm-joining-background.mdx b/docs/pages/includes/tpm-joining-background.mdx index 1cba711e5ba88..24d537245cdea 100644 --- a/docs/pages/includes/tpm-joining-background.mdx +++ b/docs/pages/includes/tpm-joining-background.mdx @@ -11,7 +11,8 @@ A Trusted Platform Module (TPM) is a secure, physical cryptoprocessor that is installed on a host. TPMs can store cryptographic material and perform a number of cryptographic operations, without exposing the cryptographic material to the operating system. Each TPM has a unique key pair burned-in known as the -Endorsement Key (EK). +Endorsement Key (EK). This key does not change, even if the host operating +system is reinstalled. Some TPMs also contain an X.509 certificate for this key pair that is signed by the manufacturer's CA. This is known as the EK Certificate (EKCert). This @@ -19,11 +20,12 @@ certificate can be used by the TPM to prove to a third-party (who trusts the manufacturer's CA) that the TPM is genuine and abides by the TPM specification. When using the `tpm` join method, you must first query the TPM's public key and -then create a join token that explicitly allows this public key. Even if the -host operating system is reinstalled, the EK public key will not change, meaning -that the TPM will still be usable to join your Teleport cluster. If you have a -large number of hosts, it may make sense to use automation tooling such as -ansible to query the TPMs across your fleet and then generate join tokens. +then create a join token that explicitly allows this public key. To list +information about the detected TPM, run the `teleport tpm identify` command. + +If you have a large number of hosts, it may make sense to use automation tooling +such as Ansible to query the TPMs across your fleet and then generate join +tokens. The `tpm` join method is currently not compatible with FIPS 140-2. diff --git a/docs/pages/includes/workload-id-preview.mdx b/docs/pages/includes/workload-id-preview.mdx new file mode 100644 index 0000000000000..89ab5b9ad4016 --- /dev/null +++ b/docs/pages/includes/workload-id-preview.mdx @@ -0,0 +1,5 @@ + +We're actively looking for design partners to help us shape the future of +Teleport Workload Identity and would love to +hear your feedback. + \ No newline at end of file diff --git a/docs/pages/reference/access-controls/access-controls.mdx b/docs/pages/reference/access-controls/access-controls.mdx index 40a2afda3e623..55f6f3153540c 100644 --- a/docs/pages/reference/access-controls/access-controls.mdx +++ b/docs/pages/reference/access-controls/access-controls.mdx @@ -1,6 +1,5 @@ --- -title: Access Controls -h1: Access Controls References +title: Access Controls References description: Contains guides to configuring authentication and authorization in Teleport. --- diff --git a/docs/pages/reference/access-controls/roles.mdx b/docs/pages/reference/access-controls/roles.mdx index 510bfb3da4a05..939713f7acb39 100644 --- a/docs/pages/reference/access-controls/roles.mdx +++ b/docs/pages/reference/access-controls/roles.mdx @@ -68,6 +68,7 @@ user: | `max_kubernetes_connections` | Defines the maximum number of concurrent Kubernetes sessions per user | | | `record_session` |Defines the [Session recording mode](../monitoring/audit.mdx).|The strictest value takes precedence.| | `desktop_clipboard` | Allow clipboard sharing for desktop sessions | Logical "AND" i.e. evaluates to "yes" if all roles enable clipboard sharing | +| `desktop_directory_sharing` | Allows sharing local workstation directory to remote desktop | Logical "AND" i.e. evaluates to "yes" if all roles enable directory sharing | | `pin_source_ip` | Enable source IP pinning for SSH certificates. | Logical "OR" i.e. evaluates to "yes" if at least one role requires session termination | | `cert_extensions` | Specifies extensions to be included in SSH certificates | | | `create_host_user_mode` | Allow users to be automatically created on a host | Logical "AND" i.e. if all roles matching a server specify host user creation (`off`, `keep`, `insecure-drop`), it will evaluate to the option specified by all of the roles. If some roles specify both `insecure-drop` or `keep` it will evaluate to `keep`| @@ -559,7 +560,6 @@ logins: - '{{external["http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]}}' ``` - In role templates, you can refer to these variables using the following two formats, where `trait` is the name of the trait: @@ -571,7 +571,14 @@ attribute or OIDC claim called `trait`. You can specify an external trait in dot syntax if it begins with a letter and contains only letters, numbers, and underscores. Otherwise, you must use bracket -syntax to specify a trait. +syntax to specify a trait. + +When using Azure AD or ADFS as your IdP, you must use bracket notation, as these +IdPs assign attribute keys to URLs such as the following: + +```text +http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname +``` Common examples of external traits available through an identity provider include the following: diff --git a/docs/pages/reference/backends.mdx b/docs/pages/reference/backends.mdx index d73b150a1dde6..2ad66568dbde2 100644 --- a/docs/pages/reference/backends.mdx +++ b/docs/pages/reference/backends.mdx @@ -43,9 +43,9 @@ run in a highly available fashion. ## Auth Service State To run multiple instances of the Teleport Auth Service, you must switch to one of -the high-availability secrets backend listed below first. +the high-availability storage backends listed below first. -Once you have a high-availability secrets backend and multiple instances of +Once you have a high-availability storage backend and multiple instances of the Auth Service running, you'll need to create a load balancer to evenly distribute traffic to all Auth Service instances and have a single point of entry for all components that need to communicate with the Auth Service. Use the @@ -1307,6 +1307,10 @@ teleport: # Name of the Firestore table. collection_name: Example_TELEPORT_FIRESTORE_TABLE_NAME + # An optional database id to use. If not provided the default + # database for the project is used. + database_id: Example_TELEPORT_FIRESTORE_DATABASE_ID + credentials_path: /var/lib/teleport/gcs_creds # This setting configures Teleport to send the audit events to three places: @@ -1315,7 +1319,7 @@ teleport: # database table, so attempting to use the same table for both will result in errors. # When using highly available storage like Firestore, you should make sure that the list always specifies # the High Availability storage method first, as this is what the Teleport web UI uses as its source of events to display. - audit_events_uri: ['firestore://Example_TELEPORT_FIRESTORE_EVENTS_TABLE_NAME', 'file:///var/lib/teleport/audit/events', 'stdout://'] + audit_events_uri: ['firestore://Example_TELEPORT_FIRESTORE_EVENTS_TABLE_NAME?projectID=$PROJECT_ID&credentialsPath=$CREDENTIALS_PATH&databaseID=$DATABASE_ID', 'file:///var/lib/teleport/audit/events', 'stdout://'] # This setting configures Teleport to save the recorded sessions in GCP storage: audit_sessions_uri: gs://Example_TELEPORT_GCS_BUCKET/records diff --git a/docs/pages/reference/cli/tctl.mdx b/docs/pages/reference/cli/tctl.mdx index 7033fed762c7a..4b58fcc3e3fa1 100644 --- a/docs/pages/reference/cli/tctl.mdx +++ b/docs/pages/reference/cli/tctl.mdx @@ -1007,6 +1007,45 @@ $ tctl request approve [token] $ tctl request approve request-id-1, request-id-2 ``` +## tctl request create + +Create a pending Access Request. + +```code +$ tctl request create +``` + +### Arguments + +- `` - Name of target user (required). + +### Flags + +| Name | Default Value(s) | Allowed Value(s) | Description | +| - | - | - | - | +|`roles`|none|Comma-separated list of strings|Roles to be requested| +|`resource`|none|Comma-separated list of strings|Resource IDs to be requested| +|`reason`|none|String|Optional reason message| +|`dry-run`|none|Boolean|Don't actually generate the Access Request| + +Use the `dry-run` flag if you want to validate whether Teleport can create an +Access Request for the user in the `username` argument, given the user's static +roles. + +### Global flags + +These flags are available for all commands `--debug, --config`. Run +`tctl help ` or see the [Global Flags section](#tctl-global-flags). + +### Examples + +Create an Access Request for user `myuser` for the `prod` role, providing a +reason: + +```code +$ tctl request create myuser --roles=prod --reason="Fix an outage" +``` + ## tctl request deny Denies a user's request: diff --git a/docs/pages/reference/cli/tsh.mdx b/docs/pages/reference/cli/tsh.mdx index a511d1d1702f8..d5f91affbc852 100644 --- a/docs/pages/reference/cli/tsh.mdx +++ b/docs/pages/reference/cli/tsh.mdx @@ -499,22 +499,23 @@ $ tsh mfa rm Plays back a prior session: ```code -$ tsh play [] +$ tsh play [] ``` ### Arguments -`` +`` -- `session-id` The UUID of a past Teleport Session obtained by `teleport status` within - the session or from the Web UI. +- `id-or-file` The UUID of a past Teleport session, or the path to a local recording file. ### Flags | Name | Default Value(s) | Allowed Value(s) | Description | | - | - | - | - | -| `--cluster` | none | a cluster_name | Specify the cluster to connect | -| `--format` | `pty` | json, pty | Format for playback | +| `--cluster` | none | a cluster_name | Specify the cluster to connect | +| `--format` | `pty` | `json`, `yaml`, `pty`, `text` | Format for playback | +| `--speed` | `1x` | `0.5x`, `1x`, `2x`, `4x`, `8x` | Playback speed | +| `--skip-idle-time` | `false` | `true, `false` | Skip idle time during playback | ### Global flags @@ -526,11 +527,17 @@ Run `tsh help ` or see the [Global Flags section](#tsh-global-flags) ```code $ tsh --proxy proxy.example.com play -# Playing back a session using pty format using a downloaded session recording. -$ tsh play --format=pty 1fe153d1-ce8b-4ef4-9908-6539457ba4ad.tar +# Playing back a session streamed from the server. +$ tsh play 1fe153d1-ce8b-4ef4-9908-6539457ba4ad -# Playing back a session in json format using jq to filter on events +# Playing back a local session in JSON format using jq to filter on events $ tsh play --format=json ~/play/0c0b81ed-91a9-4a2a-8d7c-7495891a6ca0.tar | jq '.event + +# Playing back a session at 2x speed while also skipping idle time +$ tsh play --speed=2x --skip-idle-time 1fe153d1-ce8b-4ef4-9908-6539457ba4ad + +# Dump an SSH session recording to standard out, without respecting timing data. +$ tsh play --format=text 1fe153d1-ce8b-4ef4-9908-6539457ba4ad ``` ## tsh proxy app @@ -1192,4 +1199,3 @@ Only display the `tsh` binary version: $ tsh version --client Teleport v(=teleport.version=) git: go(=teleport.golang=) ``` - diff --git a/docs/pages/reference/cloud-faq.mdx b/docs/pages/reference/cloud-faq.mdx index ab0743e923092..7974c5cf79292 100644 --- a/docs/pages/reference/cloud-faq.mdx +++ b/docs/pages/reference/cloud-faq.mdx @@ -203,8 +203,8 @@ Updates](../upgrading/automatic-agent-updates.mdx) guide. You can check the status of your agents' version from the `tctl inventory ls` command. `Auth` and `Proxy` services are those managed by Teleport. -```bash -tctl inventory ls +```code +$ tctl inventory ls Server ID Hostname Services Agent Version Upgrader Upgrader Version ------------------------------------ --------------------- --------------- ------------- -------- ---------------- 065ab336-1ac2-4314-8b16-32fc06a172a7 example-1 Node,App v(=cloud.version=) unit v(=cloud.version=) diff --git a/docs/pages/reference/helm-reference.mdx b/docs/pages/reference/helm-reference.mdx index 8a7a939304c7d..daac382c8ba6d 100644 --- a/docs/pages/reference/helm-reference.mdx +++ b/docs/pages/reference/helm-reference.mdx @@ -39,3 +39,6 @@ layout: tocless-doc - [teleport-plugin-slack](./helm-reference/teleport-plugin-slack.mdx): Deploy the Teleport Slack Plugin, which allows notifying Slack users and channels when Access Requests are made. +- [teleport-plugin-datadog](./helm-reference/teleport-plugin-datadog.mdx): Deploy + the Teleport Datadog Incident Management Plugin, which allows Access Requests + to be managed as Datadog incidents. \ No newline at end of file diff --git a/docs/pages/reference/helm-reference/teleport-plugin-datadog.mdx b/docs/pages/reference/helm-reference/teleport-plugin-datadog.mdx new file mode 100644 index 0000000000000..6afc4634da03a --- /dev/null +++ b/docs/pages/reference/helm-reference/teleport-plugin-datadog.mdx @@ -0,0 +1,15 @@ +--- +title: teleport-plugin-datadog Chart Reference +description: Values that can be set using the teleport-plugin-datadog Helm chart +--- + +The `teleport-plugin-datadog` Helm chart runs the Datadog Teleport plugin, which +allows users to receive and manage Access Requests as Datadog incidents. + +You can [browse the source on GitHub](https://github.com/gravitational/teleport/tree/v(=teleport.version=)/examples/chart/access/datadog). + +This reference details available values for the `teleport-plugin-datadog` chart. + +(!docs/pages/includes/backup-warning.mdx!) + +(!docs/pages/includes/helm-reference/zz_generated.access-datadog.mdx!) diff --git a/docs/pages/reference/machine-id/configuration.mdx b/docs/pages/reference/machine-id/configuration.mdx index 5f22c534f1b6e..e571de8dc5d19 100644 --- a/docs/pages/reference/machine-id/configuration.mdx +++ b/docs/pages/reference/machine-id/configuration.mdx @@ -322,6 +322,11 @@ The output generates the following artifacts: - `svid.key`: the private key associated with the X509 SVID. - `bundle.pem`: the X509 bundle that contains the trust domain CAs. + +An artifact will also be generated for each entry within the `jwts` list. This +will be named according to `file_name`. This artifact will contain only the +JWT-SVID with the audience specified in `audience`. + See [Workload Identity](../../enroll-resources/workload-identity/introduction.mdx) for more information on how to use SPIFFE SVIDs. @@ -342,6 +347,17 @@ svid: # ip specifies the IP SANs. If omitted, no IP SANs are included. ip: - 10.0.0.1 + # jwts controls the output of JWT-SVIDs. Each entry will be generated as a + # separate artifact. If omitted, no JWT-SVIDs are generated. + jwts: + # audience specifies the audience that the JWT-SVID should be issued for. + # this typically identifies the service that the JWT-SVID will be used to + # authenticate to. + - audience: https://example.com + # file_name specifies the name of the file that the JWT-SVID should be + # written to. + file_name: example-jwt + (!docs/pages/includes/machine-id/common-output-config.yaml!) ``` diff --git a/docs/pages/reference/machine-id/machine-id.mdx b/docs/pages/reference/machine-id/machine-id.mdx index b59fdca096f11..f26377c9027d7 100644 --- a/docs/pages/reference/machine-id/machine-id.mdx +++ b/docs/pages/reference/machine-id/machine-id.mdx @@ -1,6 +1,5 @@ --- -title: Machine ID -h1: Machine ID References +title: Machine ID References description: Configuration and CLI reference for Teleport Machine ID. --- diff --git a/docs/pages/reference/operator-resources/resources.teleport.dev_accesslists.mdx b/docs/pages/reference/operator-resources/resources.teleport.dev_accesslists.mdx index 5075097d7d748..009cf351b2980 100644 --- a/docs/pages/reference/operator-resources/resources.teleport.dev_accesslists.mdx +++ b/docs/pages/reference/operator-resources/resources.teleport.dev_accesslists.mdx @@ -26,14 +26,14 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |Field|Type|Description| |---|---|---| -|audit|[object](#specaudit)|audit describes the frequency that this access list must be audited.| -|description|string|description is an optional plaintext description of the access list.| -|grants|[object](#specgrants)|grants describes the access granted by membership to this access list.| -|membership_requires|[object](#specmembership_requires)|membership_requires describes the requirements for a user to be a member of the access list. For a membership to an access list to be effective, the user must meet the requirements of Membership_requires and must be in the members list.| -|owner_grants|[object](#specowner_grants)|owner_grants describes the access granted by owners to this access list.| -|owners|[][object](#specowners-items)|owners is a list of owners of the access list.| -|ownership_requires|[object](#specownership_requires)|ownership_requires describes the requirements for a user to be an owner of the access list. For ownership of an access list to be effective, the user must meet the requirements of ownership_requires and must be in the owners list.| -|title|string|title is a plaintext short description of the access list.| +|audit|[object](#specaudit)|audit describes the frequency that this Access List must be audited.| +|description|string|description is an optional plaintext description of the Access List.| +|grants|[object](#specgrants)|grants describes the access granted by membership to this Access List.| +|membership_requires|[object](#specmembership_requires)|membership_requires describes the requirements for a user to be a member of the Access List. For a membership to an Access List to be effective, the user must meet the requirements of Membership_requires and must be in the members list.| +|owner_grants|[object](#specowner_grants)|owner_grants describes the access granted by owners to this Access List.| +|owners|[][object](#specowners-items)|owners is a list of owners of the Access List.| +|ownership_requires|[object](#specownership_requires)|ownership_requires describes the requirements for a user to be an owner of the Access List. For ownership of an Access List to be effective, the user must meet the requirements of ownership_requires and must be in the owners list.| +|title|string|title is a plaintext short description of the Access List.| ### spec.audit @@ -60,8 +60,8 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |Field|Type|Description| |---|---|---| -|roles|[]string|roles are the roles that are granted to users who are members of the access list.| -|traits|object|traits are the traits that are granted to users who are members of the access list.| +|roles|[]string|roles are the roles that are granted to users who are members of the Access List.| +|traits|object|traits are the traits that are granted to users who are members of the Access List.| ### spec.membership_requires @@ -74,8 +74,8 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |Field|Type|Description| |---|---|---| -|roles|[]string|roles are the roles that are granted to users who are members of the access list.| -|traits|object|traits are the traits that are granted to users who are members of the access list.| +|roles|[]string|roles are the roles that are granted to users who are members of the Access List.| +|traits|object|traits are the traits that are granted to users who are members of the Access List.| ### spec.owners items diff --git a/docs/pages/reference/operator-resources/resources.teleport.dev_oidcconnectors.mdx b/docs/pages/reference/operator-resources/resources.teleport.dev_oidcconnectors.mdx index 891d87a067636..5e376dee79e66 100644 --- a/docs/pages/reference/operator-resources/resources.teleport.dev_oidcconnectors.mdx +++ b/docs/pages/reference/operator-resources/resources.teleport.dev_oidcconnectors.mdx @@ -29,7 +29,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |acr_values|string|ACR is an Authentication Context Class Reference value. The meaning of the ACR value is context-specific and varies for identity providers.| |allow_unverified_email|boolean|AllowUnverifiedEmail tells the connector to accept OIDC users with unverified emails.| |claims_to_roles|[][object](#specclaims_to_roles-items)|ClaimsToRoles specifies a dynamic mapping from claims to roles.| -|client_id|string|ClientID is the id of the authentication client (Teleport Auth server).| +|client_id|string|ClientID is the id of the authentication client (Teleport Auth Service).| |client_redirect_settings|[object](#specclient_redirect_settings)|ClientRedirectSettings defines which client redirect URLs are allowed for non-browser SSO logins other than the standard localhost ones.| |client_secret|string|ClientSecret is used to authenticate the client. This field supports secret lookup. See the operator documentation for more details.| |display|string|Display is the friendly name for this provider.| diff --git a/docs/pages/reference/operator-resources/resources.teleport.dev_provisiontokens.mdx b/docs/pages/reference/operator-resources/resources.teleport.dev_provisiontokens.mdx index eea28c3af4954..8a9b7e773cf1d 100644 --- a/docs/pages/reference/operator-resources/resources.teleport.dev_provisiontokens.mdx +++ b/docs/pages/reference/operator-resources/resources.teleport.dev_provisiontokens.mdx @@ -50,7 +50,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |aws_account|string|AWSAccount is the AWS account ID.| |aws_arn|string|AWSARN is used for the IAM join method, the AWS identity of joining nodes must match this ARN. Supports wildcards "*" and "?".| |aws_regions|[]string|AWSRegions is used for the EC2 join method and is a list of AWS regions a node is allowed to join from.| -|aws_role|string|AWSRole is used for the EC2 join method and is the ARN of the AWS role that the auth server will assume in order to call the ec2 API.| +|aws_role|string|AWSRole is used for the EC2 join method and is the ARN of the AWS role that the Auth Service will assume in order to call the ec2 API.| ### spec.azure @@ -98,7 +98,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |Field|Type|Description| |---|---|---| |allow|[][object](#specgithuballow-items)|Allow is a list of TokenRules, nodes using this token must match one allow rule to use this token.| -|enterprise_server_host|string|EnterpriseServerHost allows joining from runners associated with a GitHub Enterprise Server instance. When unconfigured, tokens will be validated against github.com, but when configured to the host of a GHES instance, then the tokens will be validated against host. This value should be the hostname of the GHES instance, and should not include the scheme or a path. The instance must be accessible over HTTPS at this hostname and the certificate must be trusted by the Auth Server.| +|enterprise_server_host|string|EnterpriseServerHost allows joining from runners associated with a GitHub Enterprise Server instance. When unconfigured, tokens will be validated against github.com, but when configured to the host of a GHES instance, then the tokens will be validated against host. This value should be the hostname of the GHES instance, and should not include the scheme or a path. The instance must be accessible over HTTPS at this hostname and the certificate must be trusted by the Auth Service.| |enterprise_slug|string|EnterpriseSlug allows the slug of a GitHub Enterprise organisation to be included in the expected issuer of the OIDC tokens. This is for compatibility with the `include_enterprise_slug` option in GHE. This field should be set to the slug of your enterprise if this is enabled. If this is not enabled, then this field must be left empty. This field cannot be specified if `enterprise_server_host` is specified. See https://docs.github.com/en/enterprise-cloud@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-issuer-value-for-an-enterprise for more information about customized issuer values.| ### spec.github.allow items diff --git a/docs/pages/reference/operator-resources/resources.teleport.dev_roles.mdx b/docs/pages/reference/operator-resources/resources.teleport.dev_roles.mdx index 5a8b17bcc12d8..204ff9b9b9cd4 100644 --- a/docs/pages/reference/operator-resources/resources.teleport.dev_roles.mdx +++ b/docs/pages/reference/operator-resources/resources.teleport.dev_roles.mdx @@ -110,7 +110,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |Field|Type|Description| |---|---|---| -|annotations|object|Annotations is a collection of annotations to be programmatically appended to pending access requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.| +|annotations|object|Annotations is a collection of annotations to be programmatically appended to pending Access Requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.| |claims_to_roles|[][object](#specallowrequestclaims_to_roles-items)|ClaimsToRoles specifies a mapping from claims (traits) to teleport roles.| |max_duration|string|MaxDuration is the amount of time the access will be granted for. If this is zero, the default duration is used.| |roles|[]string|Roles is the name of roles which will match the request rule.| @@ -260,7 +260,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |Field|Type|Description| |---|---|---| -|annotations|object|Annotations is a collection of annotations to be programmatically appended to pending access requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.| +|annotations|object|Annotations is a collection of annotations to be programmatically appended to pending Access Requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.| |claims_to_roles|[][object](#specdenyrequestclaims_to_roles-items)|ClaimsToRoles specifies a mapping from claims (traits) to teleport roles.| |max_duration|string|MaxDuration is the amount of time the access will be granted for. If this is zero, the default duration is used.| |roles|[]string|Roles is the name of roles which will match the request rule.| @@ -340,7 +340,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |create_db_user|boolean|CreateDatabaseUser enabled automatic database user creation.| |create_db_user_mode|string or integer|CreateDatabaseUserMode allows users to be automatically created on a database when not set to off. 0 is "unspecified", 1 is "off", 2 is "keep", 3 is "best_effort_drop". Can be either the string or the integer representation of each option.| |create_desktop_user|boolean|CreateDesktopUser allows users to be automatically created on a Windows desktop| -|create_host_user|boolean|CreateHostUser allows users to be automatically created on a host| +|create_host_user|boolean|Deprecated: use CreateHostUserMode instead.| |create_host_user_default_shell|string|CreateHostUserDefaultShell is used to configure the default shell for newly provisioned host users.| |create_host_user_mode|string or integer|CreateHostUserMode allows users to be automatically created on a host when not set to off. 0 is "unspecified"; 1 is "off"; 2 is "drop" (removed for v15 and above), 3 is "keep"; 4 is "insecure-drop". Can be either the string or the integer representation of each option.| |desktop_clipboard|boolean|DesktopClipboard indicates whether clipboard sharing is allowed between the user's workstation and the remote desktop. It defaults to true unless explicitly set to false.| @@ -493,7 +493,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |Field|Type|Description| |---|---|---| -|annotations|object|Annotations is a collection of annotations to be programmatically appended to pending access requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.| +|annotations|object|Annotations is a collection of annotations to be programmatically appended to pending Access Requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.| |claims_to_roles|[][object](#specallowrequestclaims_to_roles-items)|ClaimsToRoles specifies a mapping from claims (traits) to teleport roles.| |max_duration|string|MaxDuration is the amount of time the access will be granted for. If this is zero, the default duration is used.| |roles|[]string|Roles is the name of roles which will match the request rule.| @@ -643,7 +643,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |Field|Type|Description| |---|---|---| -|annotations|object|Annotations is a collection of annotations to be programmatically appended to pending access requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.| +|annotations|object|Annotations is a collection of annotations to be programmatically appended to pending Access Requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.| |claims_to_roles|[][object](#specdenyrequestclaims_to_roles-items)|ClaimsToRoles specifies a mapping from claims (traits) to teleport roles.| |max_duration|string|MaxDuration is the amount of time the access will be granted for. If this is zero, the default duration is used.| |roles|[]string|Roles is the name of roles which will match the request rule.| @@ -723,7 +723,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |create_db_user|boolean|CreateDatabaseUser enabled automatic database user creation.| |create_db_user_mode|string or integer|CreateDatabaseUserMode allows users to be automatically created on a database when not set to off. 0 is "unspecified", 1 is "off", 2 is "keep", 3 is "best_effort_drop". Can be either the string or the integer representation of each option.| |create_desktop_user|boolean|CreateDesktopUser allows users to be automatically created on a Windows desktop| -|create_host_user|boolean|CreateHostUser allows users to be automatically created on a host| +|create_host_user|boolean|Deprecated: use CreateHostUserMode instead.| |create_host_user_default_shell|string|CreateHostUserDefaultShell is used to configure the default shell for newly provisioned host users.| |create_host_user_mode|string or integer|CreateHostUserMode allows users to be automatically created on a host when not set to off. 0 is "unspecified"; 1 is "off"; 2 is "drop" (removed for v15 and above), 3 is "keep"; 4 is "insecure-drop". Can be either the string or the integer representation of each option.| |desktop_clipboard|boolean|DesktopClipboard indicates whether clipboard sharing is allowed between the user's workstation and the remote desktop. It defaults to true unless explicitly set to false.| diff --git a/docs/pages/reference/operator-resources/resources.teleport.dev_rolesv6.mdx b/docs/pages/reference/operator-resources/resources.teleport.dev_rolesv6.mdx index 72496075a135b..1ea906c390622 100644 --- a/docs/pages/reference/operator-resources/resources.teleport.dev_rolesv6.mdx +++ b/docs/pages/reference/operator-resources/resources.teleport.dev_rolesv6.mdx @@ -110,7 +110,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |Field|Type|Description| |---|---|---| -|annotations|object|Annotations is a collection of annotations to be programmatically appended to pending access requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.| +|annotations|object|Annotations is a collection of annotations to be programmatically appended to pending Access Requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.| |claims_to_roles|[][object](#specallowrequestclaims_to_roles-items)|ClaimsToRoles specifies a mapping from claims (traits) to teleport roles.| |max_duration|string|MaxDuration is the amount of time the access will be granted for. If this is zero, the default duration is used.| |roles|[]string|Roles is the name of roles which will match the request rule.| @@ -260,7 +260,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |Field|Type|Description| |---|---|---| -|annotations|object|Annotations is a collection of annotations to be programmatically appended to pending access requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.| +|annotations|object|Annotations is a collection of annotations to be programmatically appended to pending Access Requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.| |claims_to_roles|[][object](#specdenyrequestclaims_to_roles-items)|ClaimsToRoles specifies a mapping from claims (traits) to teleport roles.| |max_duration|string|MaxDuration is the amount of time the access will be granted for. If this is zero, the default duration is used.| |roles|[]string|Roles is the name of roles which will match the request rule.| @@ -340,7 +340,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |create_db_user|boolean|CreateDatabaseUser enabled automatic database user creation.| |create_db_user_mode|string or integer|CreateDatabaseUserMode allows users to be automatically created on a database when not set to off. 0 is "unspecified", 1 is "off", 2 is "keep", 3 is "best_effort_drop". Can be either the string or the integer representation of each option.| |create_desktop_user|boolean|CreateDesktopUser allows users to be automatically created on a Windows desktop| -|create_host_user|boolean|CreateHostUser allows users to be automatically created on a host| +|create_host_user|boolean|Deprecated: use CreateHostUserMode instead.| |create_host_user_default_shell|string|CreateHostUserDefaultShell is used to configure the default shell for newly provisioned host users.| |create_host_user_mode|string or integer|CreateHostUserMode allows users to be automatically created on a host when not set to off. 0 is "unspecified"; 1 is "off"; 2 is "drop" (removed for v15 and above), 3 is "keep"; 4 is "insecure-drop". Can be either the string or the integer representation of each option.| |desktop_clipboard|boolean|DesktopClipboard indicates whether clipboard sharing is allowed between the user's workstation and the remote desktop. It defaults to true unless explicitly set to false.| diff --git a/docs/pages/reference/operator-resources/resources.teleport.dev_rolesv7.mdx b/docs/pages/reference/operator-resources/resources.teleport.dev_rolesv7.mdx index 18b86829bb115..877857b1dd5e1 100644 --- a/docs/pages/reference/operator-resources/resources.teleport.dev_rolesv7.mdx +++ b/docs/pages/reference/operator-resources/resources.teleport.dev_rolesv7.mdx @@ -110,7 +110,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |Field|Type|Description| |---|---|---| -|annotations|object|Annotations is a collection of annotations to be programmatically appended to pending access requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.| +|annotations|object|Annotations is a collection of annotations to be programmatically appended to pending Access Requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.| |claims_to_roles|[][object](#specallowrequestclaims_to_roles-items)|ClaimsToRoles specifies a mapping from claims (traits) to teleport roles.| |max_duration|string|MaxDuration is the amount of time the access will be granted for. If this is zero, the default duration is used.| |roles|[]string|Roles is the name of roles which will match the request rule.| @@ -260,7 +260,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |Field|Type|Description| |---|---|---| -|annotations|object|Annotations is a collection of annotations to be programmatically appended to pending access requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.| +|annotations|object|Annotations is a collection of annotations to be programmatically appended to pending Access Requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.| |claims_to_roles|[][object](#specdenyrequestclaims_to_roles-items)|ClaimsToRoles specifies a mapping from claims (traits) to teleport roles.| |max_duration|string|MaxDuration is the amount of time the access will be granted for. If this is zero, the default duration is used.| |roles|[]string|Roles is the name of roles which will match the request rule.| @@ -340,7 +340,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator. |create_db_user|boolean|CreateDatabaseUser enabled automatic database user creation.| |create_db_user_mode|string or integer|CreateDatabaseUserMode allows users to be automatically created on a database when not set to off. 0 is "unspecified", 1 is "off", 2 is "keep", 3 is "best_effort_drop". Can be either the string or the integer representation of each option.| |create_desktop_user|boolean|CreateDesktopUser allows users to be automatically created on a Windows desktop| -|create_host_user|boolean|CreateHostUser allows users to be automatically created on a host| +|create_host_user|boolean|Deprecated: use CreateHostUserMode instead.| |create_host_user_default_shell|string|CreateHostUserDefaultShell is used to configure the default shell for newly provisioned host users.| |create_host_user_mode|string or integer|CreateHostUserMode allows users to be automatically created on a host when not set to off. 0 is "unspecified"; 1 is "off"; 2 is "drop" (removed for v15 and above), 3 is "keep"; 4 is "insecure-drop". Can be either the string or the integer representation of each option.| |desktop_clipboard|boolean|DesktopClipboard indicates whether clipboard sharing is allowed between the user's workstation and the remote desktop. It defaults to true unless explicitly set to false.| diff --git a/docs/pages/reference/reference.mdx b/docs/pages/reference/reference.mdx new file mode 100644 index 0000000000000..6b28695deeb91 --- /dev/null +++ b/docs/pages/reference/reference.mdx @@ -0,0 +1,6 @@ +--- +title: Teleport Reference Guides +description: Provides comprehensive information on configuration fields, Teleport commands, and other ways of interacting with Teleport. +--- + +(!toc!) diff --git a/docs/pages/reference/terraform-provider/data-sources/access_list.mdx b/docs/pages/reference/terraform-provider/data-sources/access_list.mdx index 87075e1b269a7..b5ddd133fdb07 100644 --- a/docs/pages/reference/terraform-provider/data-sources/access_list.mdx +++ b/docs/pages/reference/terraform-provider/data-sources/access_list.mdx @@ -16,7 +16,7 @@ description: This page describes the supported values of the teleport_access_lis ### Optional - `header` (Attributes) header is the header for the resource. (see [below for nested schema](#nested-schema-for-header)) -- `spec` (Attributes) spec is the specification for the access list. (see [below for nested schema](#nested-schema-for-spec)) +- `spec` (Attributes) spec is the specification for the Access List. (see [below for nested schema](#nested-schema-for-spec)) ### Nested Schema for `header` @@ -39,7 +39,7 @@ Required: Optional: - `description` (String) description is object description. -- `expires` (String) +- `expires` (String) expires is a global expiry time header can be set on any resource in the system. - `labels` (Map of String) labels is a set of labels. - `namespace` (String) namespace is object namespace. The field should be called "namespace" when it returns in Teleport 2.4. - `revision` (String) revision is an opaque identifier which tracks the versions of a resource over time. Clients should ignore and not alter its value but must return the revision in any updates of a resource. @@ -50,17 +50,17 @@ Optional: Required: -- `audit` (Attributes) audit describes the frequency that this access list must be audited. (see [below for nested schema](#nested-schema-for-specaudit)) -- `grants` (Attributes) grants describes the access granted by membership to this access list. (see [below for nested schema](#nested-schema-for-specgrants)) -- `owners` (Attributes List) owners is a list of owners of the access list. (see [below for nested schema](#nested-schema-for-specowners)) +- `audit` (Attributes) audit describes the frequency that this Access List must be audited. (see [below for nested schema](#nested-schema-for-specaudit)) +- `grants` (Attributes) grants describes the access granted by membership to this Access List. (see [below for nested schema](#nested-schema-for-specgrants)) +- `owners` (Attributes List) owners is a list of owners of the Access List. (see [below for nested schema](#nested-schema-for-specowners)) Optional: -- `description` (String) description is an optional plaintext description of the access list. -- `membership_requires` (Attributes) membership_requires describes the requirements for a user to be a member of the access list. For a membership to an access list to be effective, the user must meet the requirements of Membership_requires and must be in the members list. (see [below for nested schema](#nested-schema-for-specmembership_requires)) -- `owner_grants` (Attributes) owner_grants describes the access granted by owners to this access list. (see [below for nested schema](#nested-schema-for-specowner_grants)) -- `ownership_requires` (Attributes) ownership_requires describes the requirements for a user to be an owner of the access list. For ownership of an access list to be effective, the user must meet the requirements of ownership_requires and must be in the owners list. (see [below for nested schema](#nested-schema-for-specownership_requires)) -- `title` (String) title is a plaintext short description of the access list. +- `description` (String) description is an optional plaintext description of the Access List. +- `membership_requires` (Attributes) membership_requires describes the requirements for a user to be a member of the Access List. For a membership to an Access List to be effective, the user must meet the requirements of Membership_requires and must be in the members list. (see [below for nested schema](#nested-schema-for-specmembership_requires)) +- `owner_grants` (Attributes) owner_grants describes the access granted by owners to this Access List. (see [below for nested schema](#nested-schema-for-specowner_grants)) +- `ownership_requires` (Attributes) ownership_requires describes the requirements for a user to be an owner of the Access List. For ownership of an Access List to be effective, the user must meet the requirements of ownership_requires and must be in the owners list. (see [below for nested schema](#nested-schema-for-specownership_requires)) +- `title` (String) title is a plaintext short description of the Access List. ### Nested Schema for `spec.audit` @@ -70,7 +70,7 @@ Required: Optional: -- `next_audit_date` (String) +- `next_audit_date` (String) next_audit_date is when the next audit date should be done by. - `notifications` (Attributes) notifications is the configuration for notifying users. (see [below for nested schema](#nested-schema-for-specauditnotifications)) ### Nested Schema for `spec.audit.recurrence` @@ -88,7 +88,7 @@ Optional: Optional: -- `start` (String) +- `start` (String) start specifies when to start notifying users that the next audit date is coming up. @@ -96,8 +96,8 @@ Optional: Optional: -- `roles` (List of String) roles are the roles that are granted to users who are members of the access list. -- `traits` (Attributes List) traits are the traits that are granted to users who are members of the access list. (see [below for nested schema](#nested-schema-for-specgrantstraits)) +- `roles` (List of String) roles are the roles that are granted to users who are members of the Access List. +- `traits` (Attributes List) traits are the traits that are granted to users who are members of the Access List. (see [below for nested schema](#nested-schema-for-specgrantstraits)) ### Nested Schema for `spec.grants.traits` @@ -136,8 +136,8 @@ Optional: Optional: -- `roles` (List of String) roles are the roles that are granted to users who are members of the access list. -- `traits` (Attributes List) traits are the traits that are granted to users who are members of the access list. (see [below for nested schema](#nested-schema-for-specowner_grantstraits)) +- `roles` (List of String) roles are the roles that are granted to users who are members of the Access List. +- `traits` (Attributes List) traits are the traits that are granted to users who are members of the Access List. (see [below for nested schema](#nested-schema-for-specowner_grantstraits)) ### Nested Schema for `spec.owner_grants.traits` diff --git a/docs/pages/reference/terraform-provider/data-sources/access_monitoring_rule.mdx b/docs/pages/reference/terraform-provider/data-sources/access_monitoring_rule.mdx index 85398747cdd29..d7703bde74658 100644 --- a/docs/pages/reference/terraform-provider/data-sources/access_monitoring_rule.mdx +++ b/docs/pages/reference/terraform-provider/data-sources/access_monitoring_rule.mdx @@ -53,6 +53,6 @@ Required: Optional: - `description` (String) description is object description. -- `expires` (String) +- `expires` (String) expires is a global expiry time header can be set on any resource in the system. - `labels` (Map of String) labels is a set of labels. diff --git a/docs/pages/reference/terraform-provider/data-sources/auth_preference.mdx b/docs/pages/reference/terraform-provider/data-sources/auth_preference.mdx index 6f1943d4f55fb..9995f9cfe6f98 100644 --- a/docs/pages/reference/terraform-provider/data-sources/auth_preference.mdx +++ b/docs/pages/reference/terraform-provider/data-sources/auth_preference.mdx @@ -27,13 +27,13 @@ description: This page describes the supported values of the teleport_auth_prefe Optional: -- `allow_headless` (Boolean) -- `allow_local_auth` (Boolean) -- `allow_passwordless` (Boolean) +- `allow_headless` (Boolean) AllowHeadless enables/disables headless support. Headless authentication requires Webauthn to work. Defaults to true if the Webauthn is configured, defaults to false otherwise. +- `allow_local_auth` (Boolean) AllowLocalAuth is true if local authentication is enabled. +- `allow_passwordless` (Boolean) AllowPasswordless enables/disables passwordless support. Passwordless requires Webauthn to work. Defaults to true if the Webauthn is configured, defaults to false otherwise. - `connector_name` (String) ConnectorName is the name of the OIDC or SAML connector. If this value is not set the first connector in the backend will be used. - `default_session_ttl` (String) DefaultSessionTTL is the TTL to use for user certs when an explicit TTL is not requested. - `device_trust` (Attributes) DeviceTrust holds settings related to trusted device verification. Requires Teleport Enterprise. (see [below for nested schema](#nested-schema-for-specdevice_trust)) -- `disconnect_expired_cert` (Boolean) +- `disconnect_expired_cert` (Boolean) DisconnectExpiredCert provides disconnect expired certificate setting - if true, connections with expired client certificates will get disconnected - `hardware_key` (Attributes) HardwareKey are the settings for hardware key support. (see [below for nested schema](#nested-schema-for-spechardware_key)) - `idp` (Attributes) IDP is a set of options related to accessing IdPs within Teleport. Requires Teleport Enterprise. (see [below for nested schema](#nested-schema-for-specidp)) - `locking_mode` (String) LockingMode is the cluster-wide locking mode default. @@ -41,7 +41,7 @@ Optional: - `okta` (Attributes) Okta is a set of options related to the Okta service in Teleport. Requires Teleport Enterprise. (see [below for nested schema](#nested-schema-for-specokta)) - `piv_slot` (String) TODO(Joerger): DELETE IN 17.0.0 Deprecated, replaced by HardwareKey settings. - `require_session_mfa` (Number) RequireMFAType is the type of MFA requirement enforced for this cluster. 0 is "OFF", 1 is "SESSION", 2 is "SESSION_AND_HARDWARE_KEY", 3 is "HARDWARE_KEY_TOUCH", 4 is "HARDWARE_KEY_PIN", 5 is "HARDWARE_KEY_TOUCH_AND_PIN". -- `second_factor` (String) SecondFactor is the type of second factor. +- `second_factor` (String) SecondFactor is the type of mult-factor. - `type` (String) Type is the type of authentication. - `u2f` (Attributes) U2F are the settings for the U2F device. (see [below for nested schema](#nested-schema-for-specu2f)) - `webauthn` (Attributes) Webauthn are the settings for server-side Web Authentication support. (see [below for nested schema](#nested-schema-for-specwebauthn)) @@ -81,7 +81,7 @@ Optional: Optional: -- `enabled` (Boolean) +- `enabled` (Boolean) Enabled is set to true if this option allows access to the Teleport SAML IdP. @@ -96,9 +96,9 @@ Optional: Optional: -- `app_id` (String) AppID returns the application ID for universal second factor. +- `app_id` (String) AppID returns the application ID for universal mult-factor. - `device_attestation_cas` (List of String) DeviceAttestationCAs contains the trusted attestation CAs for U2F devices. -- `facets` (List of String) Facets returns the facets for universal second factor. Deprecated: Kept for backwards compatibility reasons, but Facets have no effect since Teleport v10, when Webauthn replaced the U2F implementation. +- `facets` (List of String) Facets returns the facets for universal mult-factor. Deprecated: Kept for backwards compatibility reasons, but Facets have no effect since Teleport v10, when Webauthn replaced the U2F implementation. ### Nested Schema for `spec.webauthn` @@ -107,7 +107,7 @@ Optional: - `attestation_allowed_cas` (List of String) Allow list of device attestation CAs in PEM format. If present, only devices whose attestation certificates match the certificates specified here may be registered (existing registrations are unchanged). If supplied in conjunction with AttestationDeniedCAs, then both conditions need to be true for registration to be allowed (the device MUST match an allowed CA and MUST NOT match a denied CA). By default all devices are allowed. - `attestation_denied_cas` (List of String) Deny list of device attestation CAs in PEM format. If present, only devices whose attestation certificates don't match the certificates specified here may be registered (existing registrations are unchanged). If supplied in conjunction with AttestationAllowedCAs, then both conditions need to be true for registration to be allowed (the device MUST match an allowed CA and MUST NOT match a denied CA). By default no devices are denied. -- `rp_id` (String) RPID is the ID of the Relying Party. It should be set to the domain name of the Teleport installation. IMPORTANT: RPID must never change in the lifetime of the cluster, because it's recorded in the registration data on the WebAuthn device. If the RPID changes, all existing WebAuthn key registrations will become invalid and all users who use WebAuthn as the second factor will need to re-register. +- `rp_id` (String) RPID is the ID of the Relying Party. It should be set to the domain name of the Teleport installation. IMPORTANT: RPID must never change in the lifetime of the cluster, because it's recorded in the registration data on the WebAuthn device. If the RPID changes, all existing WebAuthn key registrations will become invalid and all users who use WebAuthn as the multi-factor will need to re-register. diff --git a/docs/pages/reference/terraform-provider/data-sources/database.mdx b/docs/pages/reference/terraform-provider/data-sources/database.mdx index 7220f84418faa..42d5b64cd7dd2 100644 --- a/docs/pages/reference/terraform-provider/data-sources/database.mdx +++ b/docs/pages/reference/terraform-provider/data-sources/database.mdx @@ -143,6 +143,7 @@ Optional: - `iam_auth` (Boolean) IAMAuth indicates whether database IAM authentication is enabled. - `instance_id` (String) InstanceID is the RDS instance identifier. - `resource_id` (String) ResourceID is the RDS instance resource identifier (db-xxx). +- `security_groups` (List of String) SecurityGroups is a list of attached security groups for the RDS instance. - `subnets` (List of String) Subnets is a list of subnets for the RDS instance. - `vpc_id` (String) VPCID is the VPC where the RDS is running. diff --git a/docs/pages/reference/terraform-provider/data-sources/oidc_connector.mdx b/docs/pages/reference/terraform-provider/data-sources/oidc_connector.mdx index 81a214a6b4c6c..32aadfc1f0463 100644 --- a/docs/pages/reference/terraform-provider/data-sources/oidc_connector.mdx +++ b/docs/pages/reference/terraform-provider/data-sources/oidc_connector.mdx @@ -30,7 +30,7 @@ Optional: - `acr_values` (String) ACR is an Authentication Context Class Reference value. The meaning of the ACR value is context-specific and varies for identity providers. - `allow_unverified_email` (Boolean) AllowUnverifiedEmail tells the connector to accept OIDC users with unverified emails. - `claims_to_roles` (Attributes List) ClaimsToRoles specifies a dynamic mapping from claims to roles. (see [below for nested schema](#nested-schema-for-specclaims_to_roles)) -- `client_id` (String) ClientID is the id of the authentication client (Teleport Auth server). +- `client_id` (String) ClientID is the id of the authentication client (Teleport Auth Service). - `client_redirect_settings` (Attributes) ClientRedirectSettings defines which client redirect URLs are allowed for non-browser SSO logins other than the standard localhost ones. (see [below for nested schema](#nested-schema-for-specclient_redirect_settings)) - `client_secret` (String, Sensitive) ClientSecret is used to authenticate the client. - `display` (String) Display is the friendly name for this provider. @@ -41,7 +41,7 @@ Optional: - `max_age` (String) - `prompt` (String) Prompt is an optional OIDC prompt. An empty string omits prompt. If not specified, it defaults to select_account for backwards compatibility. - `provider` (String) Provider is the external identity provider. -- `redirect_url` (List of String) +- `redirect_url` (List of String) RedirectURLs is a list of callback URLs which the identity provider can use to redirect the client back to the Teleport Proxy to complete authentication. This list should match the URLs on the provider's side. The URL used for a given auth request will be chosen to match the requesting Proxy's public address. If there is no match, the first url in the list will be used. - `scope` (List of String) Scope specifies additional scopes set by provider. - `username_claim` (String) UsernameClaim specifies the name of the claim from the OIDC connector to be used as the user's username. diff --git a/docs/pages/reference/terraform-provider/data-sources/provision_token.mdx b/docs/pages/reference/terraform-provider/data-sources/provision_token.mdx index 2aa5c8acfa4b7..5bd8d596bcfda 100644 --- a/docs/pages/reference/terraform-provider/data-sources/provision_token.mdx +++ b/docs/pages/reference/terraform-provider/data-sources/provision_token.mdx @@ -42,8 +42,8 @@ Optional: - `join_method` (String) JoinMethod is the joining method required in order to use this token. Supported joining methods include: azure, circleci, ec2, gcp, github, gitlab, iam, kubernetes, spacelift, token, tpm - `kubernetes` (Attributes) Kubernetes allows the configuration of options specific to the "kubernetes" join method. (see [below for nested schema](#nested-schema-for-speckubernetes)) - `spacelift` (Attributes) Spacelift allows the configuration of options specific to the "spacelift" join method. (see [below for nested schema](#nested-schema-for-specspacelift)) -- `suggested_agent_matcher_labels` (Map of List of String) -- `suggested_labels` (Map of List of String) +- `suggested_agent_matcher_labels` (Map of List of String) SuggestedAgentMatcherLabels is a set of labels to be used by agents to match on resources. When an agent uses this token, the agent should monitor resources that match those labels. For databases, this means adding the labels to `db_service.resources.labels`. Currently, only node-join scripts create a configuration according to the suggestion. +- `suggested_labels` (Map of List of String) SuggestedLabels is a set of labels that resources should set when using this token to enroll themselves in the cluster. Currently, only node-join scripts create a configuration according to the suggestion. - `terraform_cloud` (Attributes) TerraformCloud allows the configuration of options specific to the "terraform_cloud" join method. (see [below for nested schema](#nested-schema-for-specterraform_cloud)) - `tpm` (Attributes) TPM allows the configuration of options specific to the "tpm" join method. (see [below for nested schema](#nested-schema-for-spectpm)) @@ -54,7 +54,7 @@ Optional: - `aws_account` (String) AWSAccount is the AWS account ID. - `aws_arn` (String) AWSARN is used for the IAM join method, the AWS identity of joining nodes must match this ARN. Supports wildcards "*" and "?". - `aws_regions` (List of String) AWSRegions is used for the EC2 join method and is a list of AWS regions a node is allowed to join from. -- `aws_role` (String) AWSRole is used for the EC2 join method and is the ARN of the AWS role that the auth server will assume in order to call the ec2 API. +- `aws_role` (String) AWSRole is used for the EC2 join method and is the ARN of the AWS role that the Auth Service will assume in order to call the ec2 API. ### Nested Schema for `spec.azure` @@ -109,7 +109,7 @@ Optional: Optional: - `allow` (Attributes List) Allow is a list of TokenRules, nodes using this token must match one allow rule to use this token. (see [below for nested schema](#nested-schema-for-specgithuballow)) -- `enterprise_server_host` (String) EnterpriseServerHost allows joining from runners associated with a GitHub Enterprise Server instance. When unconfigured, tokens will be validated against github.com, but when configured to the host of a GHES instance, then the tokens will be validated against host. This value should be the hostname of the GHES instance, and should not include the scheme or a path. The instance must be accessible over HTTPS at this hostname and the certificate must be trusted by the Auth Server. +- `enterprise_server_host` (String) EnterpriseServerHost allows joining from runners associated with a GitHub Enterprise Server instance. When unconfigured, tokens will be validated against github.com, but when configured to the host of a GHES instance, then the tokens will be validated against host. This value should be the hostname of the GHES instance, and should not include the scheme or a path. The instance must be accessible over HTTPS at this hostname and the certificate must be trusted by the Auth Service. - `enterprise_slug` (String) EnterpriseSlug allows the slug of a GitHub Enterprise organisation to be included in the expected issuer of the OIDC tokens. This is for compatibility with the `include_enterprise_slug` option in GHE. This field should be set to the slug of your enterprise if this is enabled. If this is not enabled, then this field must be left empty. This field cannot be specified if `enterprise_server_host` is specified. See https://docs.github.com/en/enterprise-cloud@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-issuer-value-for-an-enterprise for more information about customized issuer values. ### Nested Schema for `spec.github.allow` @@ -142,15 +142,15 @@ Optional: - `ci_config_sha` (String) CIConfigSHA is the git commit SHA for the ci_config_ref_uri. - `deployment_tier` (String) DeploymentTier is the deployment tier of the environment the job specifies - `environment` (String) Environment limits access by the environment the job deploys to (if one is associated) -- `environment_protected` (Boolean) -- `namespace_path` (String) NamespacePath is used to limit access to jobs in a group or user's projects. Example: `mygroup` This field supports simple "glob-style" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character. +- `environment_protected` (Boolean) EnvironmentProtected is true if the Git ref is protected, false otherwise. +- `namespace_path` (String) NamespacePath is used to limit access to jobs in a group or user's projects. Example: `mygroup` This field supports "glob-style" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character. - `pipeline_source` (String) PipelineSource limits access by the job pipeline source type. https://docs.gitlab.com/ee/ci/jobs/job_control.html#common-if-clauses-for-rules Example: `web` -- `project_path` (String) ProjectPath is used to limit access to jobs belonging to an individual project. Example: `mygroup/myproject` This field supports simple "glob-style" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character. +- `project_path` (String) ProjectPath is used to limit access to jobs belonging to an individual project. Example: `mygroup/myproject` This field supports "glob-style" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character. - `project_visibility` (String) ProjectVisibility is the visibility of the project where the pipeline is running. Can be internal, private, or public. -- `ref` (String) Ref allows access to be limited to jobs triggered by a specific git ref. Ensure this is used in combination with ref_type. This field supports simple "glob-style" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character. -- `ref_protected` (Boolean) +- `ref` (String) Ref allows access to be limited to jobs triggered by a specific git ref. Ensure this is used in combination with ref_type. This field supports "glob-style" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character. +- `ref_protected` (Boolean) RefProtected is true if the Git ref is protected, false otherwise. - `ref_type` (String) RefType allows access to be limited to jobs triggered by a specific git ref type. Example: `branch` or `tag` -- `sub` (String) Sub roughly uniquely identifies the workload. Example: `project_path:mygroup/my-project:ref_type:branch:ref:main` project_path:GROUP/PROJECT:ref_type:TYPE:ref:BRANCH_NAME This field supports simple "glob-style" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character. +- `sub` (String) Sub roughly uniquely identifies the workload. Example: `project_path:mygroup/my-project:ref_type:branch:ref:main` project_path:GROUP/PROJECT:ref_type:TYPE:ref:BRANCH_NAME This field supports "glob-style" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character. - `user_email` (String) UserEmail is the email of the user executing the job - `user_id` (String) UserID is the ID of the user executing the job - `user_login` (String) UserLogin is the username of the user executing the job diff --git a/docs/pages/reference/terraform-provider/data-sources/role.mdx b/docs/pages/reference/terraform-provider/data-sources/role.mdx index f4fe6a472df17..c86fe26c731c1 100644 --- a/docs/pages/reference/terraform-provider/data-sources/role.mdx +++ b/docs/pages/reference/terraform-provider/data-sources/role.mdx @@ -48,42 +48,42 @@ Optional: Optional: -- `app_labels` (Map of List of String) +- `app_labels` (Map of List of String) AppLabels is a map of labels used as part of the RBAC system. - `app_labels_expression` (String) AppLabelsExpression is a predicate expression used to allow/deny access to Apps. - `aws_role_arns` (List of String) AWSRoleARNs is a list of AWS role ARNs this role is allowed to assume. - `azure_identities` (List of String) AzureIdentities is a list of Azure identities this role is allowed to assume. -- `cluster_labels` (Map of List of String) +- `cluster_labels` (Map of List of String) ClusterLabels is a map of node labels (used to dynamically grant access to clusters). - `cluster_labels_expression` (String) ClusterLabelsExpression is a predicate expression used to allow/deny access to remote Teleport clusters. -- `db_labels` (Map of List of String) +- `db_labels` (Map of List of String) DatabaseLabels are used in RBAC system to allow/deny access to databases. - `db_labels_expression` (String) DatabaseLabelsExpression is a predicate expression used to allow/deny access to Databases. - `db_names` (List of String) DatabaseNames is a list of database names this role is allowed to connect to. - `db_permissions` (Attributes List) DatabasePermissions specifies a set of permissions that will be granted to the database user when using automatic database user provisioning. (see [below for nested schema](#nested-schema-for-specallowdb_permissions)) - `db_roles` (List of String) DatabaseRoles is a list of databases roles for automatic user creation. -- `db_service_labels` (Map of List of String) +- `db_service_labels` (Map of List of String) DatabaseServiceLabels are used in RBAC system to allow/deny access to Database Services. - `db_service_labels_expression` (String) DatabaseServiceLabelsExpression is a predicate expression used to allow/deny access to Database Services. - `db_users` (List of String) DatabaseUsers is a list of databases users this role is allowed to connect as. - `desktop_groups` (List of String) DesktopGroups is a list of groups for created desktop users to be added to - `gcp_service_accounts` (List of String) GCPServiceAccounts is a list of GCP service accounts this role is allowed to assume. -- `group_labels` (Map of List of String) +- `group_labels` (Map of List of String) GroupLabels is a map of labels used as part of the RBAC system. - `group_labels_expression` (String) GroupLabelsExpression is a predicate expression used to allow/deny access to user groups. - `host_groups` (List of String) HostGroups is a list of groups for created users to be added to - `host_sudoers` (List of String) HostSudoers is a list of entries to include in a users sudoer file - `impersonate` (Attributes) Impersonate specifies what users and roles this role is allowed to impersonate by issuing certificates or other possible means. (see [below for nested schema](#nested-schema-for-specallowimpersonate)) - `join_sessions` (Attributes List) JoinSessions specifies policies to allow users to join other sessions. (see [below for nested schema](#nested-schema-for-specallowjoin_sessions)) - `kubernetes_groups` (List of String) KubeGroups is a list of kubernetes groups -- `kubernetes_labels` (Map of List of String) +- `kubernetes_labels` (Map of List of String) KubernetesLabels is a map of kubernetes cluster labels used for RBAC. - `kubernetes_labels_expression` (String) KubernetesLabelsExpression is a predicate expression used to allow/deny access to kubernetes clusters. - `kubernetes_resources` (Attributes List) KubernetesResources is the Kubernetes Resources this Role grants access to. (see [below for nested schema](#nested-schema-for-specallowkubernetes_resources)) - `kubernetes_users` (List of String) KubeUsers is an optional kubernetes users to impersonate - `logins` (List of String) Logins is a list of *nix system logins. -- `node_labels` (Map of List of String) +- `node_labels` (Map of List of String) NodeLabels is a map of node labels (used to dynamically grant access to nodes). - `node_labels_expression` (String) NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes. - `request` (Attributes) (see [below for nested schema](#nested-schema-for-specallowrequest)) - `require_session_join` (Attributes List) RequireSessionJoin specifies policies for required users to start a session. (see [below for nested schema](#nested-schema-for-specallowrequire_session_join)) - `review_requests` (Attributes) ReviewRequests defines conditions for submitting access reviews. (see [below for nested schema](#nested-schema-for-specallowreview_requests)) - `rules` (Attributes List) Rules is a list of rules and their access levels. Rules are a high level construct used for access control. (see [below for nested schema](#nested-schema-for-specallowrules)) - `spiffe` (Attributes List) SPIFFE is used to allow or deny access to a role holder to generating a SPIFFE SVID. (see [below for nested schema](#nested-schema-for-specallowspiffe)) -- `windows_desktop_labels` (Map of List of String) +- `windows_desktop_labels` (Map of List of String) WindowsDesktopLabels are used in the RBAC system to allow/deny access to Windows desktops. - `windows_desktop_labels_expression` (String) WindowsDesktopLabelsExpression is a predicate expression used to allow/deny access to Windows desktops. - `windows_desktop_logins` (List of String) WindowsDesktopLogins is a list of desktop login names allowed/denied for Windows desktops. @@ -91,7 +91,7 @@ Optional: Optional: -- `match` (Map of List of String) +- `match` (Map of List of String) Match is a list of object labels that must be matched for the permission to be granted. - `permissions` (List of String) Permission is the list of string representations of the permission to be given, e.g. SELECT, INSERT, UPDATE, ... @@ -128,7 +128,7 @@ Optional: Optional: -- `annotations` (Map of List of String) +- `annotations` (Map of List of String) Annotations is a collection of annotations to be programmatically appended to pending Access Requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions. - `claims_to_roles` (Attributes List) ClaimsToRoles specifies a mapping from claims (traits) to teleport roles. (see [below for nested schema](#nested-schema-for-specallowrequestclaims_to_roles)) - `max_duration` (String) MaxDuration is the amount of time the access will be granted for. If this is zero, the default duration is used. - `roles` (List of String) Roles is the name of roles which will match the request rule. @@ -211,42 +211,42 @@ Optional: Optional: -- `app_labels` (Map of List of String) +- `app_labels` (Map of List of String) AppLabels is a map of labels used as part of the RBAC system. - `app_labels_expression` (String) AppLabelsExpression is a predicate expression used to allow/deny access to Apps. - `aws_role_arns` (List of String) AWSRoleARNs is a list of AWS role ARNs this role is allowed to assume. - `azure_identities` (List of String) AzureIdentities is a list of Azure identities this role is allowed to assume. -- `cluster_labels` (Map of List of String) +- `cluster_labels` (Map of List of String) ClusterLabels is a map of node labels (used to dynamically grant access to clusters). - `cluster_labels_expression` (String) ClusterLabelsExpression is a predicate expression used to allow/deny access to remote Teleport clusters. -- `db_labels` (Map of List of String) +- `db_labels` (Map of List of String) DatabaseLabels are used in RBAC system to allow/deny access to databases. - `db_labels_expression` (String) DatabaseLabelsExpression is a predicate expression used to allow/deny access to Databases. - `db_names` (List of String) DatabaseNames is a list of database names this role is allowed to connect to. - `db_permissions` (Attributes List) DatabasePermissions specifies a set of permissions that will be granted to the database user when using automatic database user provisioning. (see [below for nested schema](#nested-schema-for-specdenydb_permissions)) - `db_roles` (List of String) DatabaseRoles is a list of databases roles for automatic user creation. -- `db_service_labels` (Map of List of String) +- `db_service_labels` (Map of List of String) DatabaseServiceLabels are used in RBAC system to allow/deny access to Database Services. - `db_service_labels_expression` (String) DatabaseServiceLabelsExpression is a predicate expression used to allow/deny access to Database Services. - `db_users` (List of String) DatabaseUsers is a list of databases users this role is allowed to connect as. - `desktop_groups` (List of String) DesktopGroups is a list of groups for created desktop users to be added to - `gcp_service_accounts` (List of String) GCPServiceAccounts is a list of GCP service accounts this role is allowed to assume. -- `group_labels` (Map of List of String) +- `group_labels` (Map of List of String) GroupLabels is a map of labels used as part of the RBAC system. - `group_labels_expression` (String) GroupLabelsExpression is a predicate expression used to allow/deny access to user groups. - `host_groups` (List of String) HostGroups is a list of groups for created users to be added to - `host_sudoers` (List of String) HostSudoers is a list of entries to include in a users sudoer file - `impersonate` (Attributes) Impersonate specifies what users and roles this role is allowed to impersonate by issuing certificates or other possible means. (see [below for nested schema](#nested-schema-for-specdenyimpersonate)) - `join_sessions` (Attributes List) JoinSessions specifies policies to allow users to join other sessions. (see [below for nested schema](#nested-schema-for-specdenyjoin_sessions)) - `kubernetes_groups` (List of String) KubeGroups is a list of kubernetes groups -- `kubernetes_labels` (Map of List of String) +- `kubernetes_labels` (Map of List of String) KubernetesLabels is a map of kubernetes cluster labels used for RBAC. - `kubernetes_labels_expression` (String) KubernetesLabelsExpression is a predicate expression used to allow/deny access to kubernetes clusters. - `kubernetes_resources` (Attributes List) KubernetesResources is the Kubernetes Resources this Role grants access to. (see [below for nested schema](#nested-schema-for-specdenykubernetes_resources)) - `kubernetes_users` (List of String) KubeUsers is an optional kubernetes users to impersonate - `logins` (List of String) Logins is a list of *nix system logins. -- `node_labels` (Map of List of String) +- `node_labels` (Map of List of String) NodeLabels is a map of node labels (used to dynamically grant access to nodes). - `node_labels_expression` (String) NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes. - `request` (Attributes) (see [below for nested schema](#nested-schema-for-specdenyrequest)) - `require_session_join` (Attributes List) RequireSessionJoin specifies policies for required users to start a session. (see [below for nested schema](#nested-schema-for-specdenyrequire_session_join)) - `review_requests` (Attributes) ReviewRequests defines conditions for submitting access reviews. (see [below for nested schema](#nested-schema-for-specdenyreview_requests)) - `rules` (Attributes List) Rules is a list of rules and their access levels. Rules are a high level construct used for access control. (see [below for nested schema](#nested-schema-for-specdenyrules)) - `spiffe` (Attributes List) SPIFFE is used to allow or deny access to a role holder to generating a SPIFFE SVID. (see [below for nested schema](#nested-schema-for-specdenyspiffe)) -- `windows_desktop_labels` (Map of List of String) +- `windows_desktop_labels` (Map of List of String) WindowsDesktopLabels are used in the RBAC system to allow/deny access to Windows desktops. - `windows_desktop_labels_expression` (String) WindowsDesktopLabelsExpression is a predicate expression used to allow/deny access to Windows desktops. - `windows_desktop_logins` (List of String) WindowsDesktopLogins is a list of desktop login names allowed/denied for Windows desktops. @@ -254,7 +254,7 @@ Optional: Optional: -- `match` (Map of List of String) +- `match` (Map of List of String) Match is a list of object labels that must be matched for the permission to be granted. - `permissions` (List of String) Permission is the list of string representations of the permission to be given, e.g. SELECT, INSERT, UPDATE, ... @@ -291,7 +291,7 @@ Optional: Optional: -- `annotations` (Map of List of String) +- `annotations` (Map of List of String) Annotations is a collection of annotations to be programmatically appended to pending Access Requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions. - `claims_to_roles` (Attributes List) ClaimsToRoles specifies a mapping from claims (traits) to teleport roles. (see [below for nested schema](#nested-schema-for-specdenyrequestclaims_to_roles)) - `max_duration` (String) MaxDuration is the amount of time the access will be granted for. If this is zero, the default duration is used. - `roles` (List of String) Roles is the name of roles which will match the request rule. @@ -377,14 +377,14 @@ Optional: - `cert_extensions` (Attributes List) CertExtensions specifies the key/values (see [below for nested schema](#nested-schema-for-specoptionscert_extensions)) - `cert_format` (String) CertificateFormat defines the format of the user certificate to allow compatibility with older versions of OpenSSH. - `client_idle_timeout` (String) ClientIdleTimeout sets disconnect clients on idle timeout behavior, if set to 0 means do not disconnect, otherwise is set to the idle duration. -- `create_db_user` (Boolean) +- `create_db_user` (Boolean) CreateDatabaseUser enabled automatic database user creation. - `create_db_user_mode` (Number) CreateDatabaseUserMode allows users to be automatically created on a database when not set to off. 0 is "unspecified", 1 is "off", 2 is "keep", 3 is "best_effort_drop". -- `create_desktop_user` (Boolean) -- `create_host_user` (Boolean) +- `create_desktop_user` (Boolean) CreateDesktopUser allows users to be automatically created on a Windows desktop +- `create_host_user` (Boolean) Deprecated: use CreateHostUserMode instead. - `create_host_user_default_shell` (String) CreateHostUserDefaultShell is used to configure the default shell for newly provisioned host users. - `create_host_user_mode` (Number) CreateHostUserMode allows users to be automatically created on a host when not set to off. 0 is "unspecified"; 1 is "off"; 2 is "drop" (removed for v15 and above), 3 is "keep"; 4 is "insecure-drop". -- `desktop_clipboard` (Boolean) -- `desktop_directory_sharing` (Boolean) +- `desktop_clipboard` (Boolean) DesktopClipboard indicates whether clipboard sharing is allowed between the user's workstation and the remote desktop. It defaults to true unless explicitly set to false. +- `desktop_directory_sharing` (Boolean) DesktopDirectorySharing indicates whether directory sharing is allowed between the user's workstation and the remote desktop. It defaults to false unless explicitly set to true. - `device_trust_mode` (String) DeviceTrustMode is the device authorization mode used for the resources associated with the role. See DeviceTrust.Mode. - `disconnect_expired_cert` (Boolean) DisconnectExpiredCert sets disconnect clients on expired certificates. - `enhanced_recording` (List of String) BPF defines what events to record for the BPF-based session recorder. @@ -398,12 +398,12 @@ Optional: - `mfa_verification_interval` (String) MFAVerificationInterval optionally defines the maximum duration that can elapse between successive MFA verifications. This variable is used to ensure that users are periodically prompted to verify their identity, enhancing security by preventing prolonged sessions without re-authentication when using tsh proxy * derivatives. It's only effective if the session requires MFA. If not set, defaults to `max_session_ttl`. - `permit_x11_forwarding` (Boolean) PermitX11Forwarding authorizes use of X11 forwarding. - `pin_source_ip` (Boolean) PinSourceIP forces the same client IP for certificate generation and usage -- `port_forwarding` (Boolean) +- `port_forwarding` (Boolean) PortForwarding defines if the certificate will have "permit-port-forwarding" in the certificate. PortForwarding is "yes" if not set, that's why this is a pointer - `record_session` (Attributes) RecordDesktopSession indicates whether desktop access sessions should be recorded. It defaults to true unless explicitly set to false. (see [below for nested schema](#nested-schema-for-specoptionsrecord_session)) - `request_access` (String) RequestAccess defines the request strategy (optional|note|always) where optional is the default. - `request_prompt` (String) RequestPrompt is an optional message which tells users what they aught to request. - `require_session_mfa` (Number) RequireMFAType is the type of MFA requirement enforced for this user. 0 is "OFF", 1 is "SESSION", 2 is "SESSION_AND_HARDWARE_KEY", 3 is "HARDWARE_KEY_TOUCH", 4 is "HARDWARE_KEY_PIN", 5 is "HARDWARE_KEY_TOUCH_AND_PIN". -- `ssh_file_copy` (Boolean) +- `ssh_file_copy` (Boolean) SSHFileCopy indicates whether remote file operations via SCP or SFTP are allowed over an SSH session. It defaults to true unless explicitly set to false. ### Nested Schema for `spec.options.cert_extensions` @@ -425,7 +425,7 @@ Optional: Optional: -- `enabled` (Boolean) +- `enabled` (Boolean) Enabled is set to true if this option allows access to the Teleport SAML IdP. @@ -434,6 +434,6 @@ Optional: Optional: - `default` (String) Default indicates the default value for the services. -- `desktop` (Boolean) +- `desktop` (Boolean) Desktop indicates whether desktop sessions should be recorded. It defaults to true unless explicitly set to false. - `ssh` (String) SSH indicates the session mode used on SSH sessions. diff --git a/docs/pages/reference/terraform-provider/data-sources/session_recording_config.mdx b/docs/pages/reference/terraform-provider/data-sources/session_recording_config.mdx index f050c0a0258a4..261c56331a058 100644 --- a/docs/pages/reference/terraform-provider/data-sources/session_recording_config.mdx +++ b/docs/pages/reference/terraform-provider/data-sources/session_recording_config.mdx @@ -37,5 +37,5 @@ Optional: Optional: - `mode` (String) Mode controls where (or if) the session is recorded. -- `proxy_checks_host_keys` (Boolean) +- `proxy_checks_host_keys` (Boolean) ProxyChecksHostKeys is used to control if the proxy will check host keys when in recording mode. diff --git a/docs/pages/reference/terraform-provider/data-sources/static_host_user.mdx b/docs/pages/reference/terraform-provider/data-sources/static_host_user.mdx index 99219be614718..12db8897cb1d1 100644 --- a/docs/pages/reference/terraform-provider/data-sources/static_host_user.mdx +++ b/docs/pages/reference/terraform-provider/data-sources/static_host_user.mdx @@ -32,7 +32,7 @@ Required: Optional: - `description` (String) description is object description. -- `expires` (String) +- `expires` (String) expires is a global expiry time header can be set on any resource in the system. - `labels` (Map of String) labels is a set of labels. diff --git a/docs/pages/reference/terraform-provider/data-sources/user.mdx b/docs/pages/reference/terraform-provider/data-sources/user.mdx index 45ab9fcffdc43..ef7b3278fece3 100644 --- a/docs/pages/reference/terraform-provider/data-sources/user.mdx +++ b/docs/pages/reference/terraform-provider/data-sources/user.mdx @@ -45,7 +45,7 @@ Optional: - `oidc_identities` (Attributes List) OIDCIdentities lists associated OpenID Connect identities that let user log in using externally verified identity (see [below for nested schema](#nested-schema-for-specoidc_identities)) - `roles` (List of String) Roles is a list of roles assigned to user - `saml_identities` (Attributes List) SAMLIdentities lists associated SAML identities that let user log in using externally verified identity (see [below for nested schema](#nested-schema-for-specsaml_identities)) -- `traits` (Map of List of String) +- `traits` (Map of List of String) Traits are key/value pairs received from an identity provider (through OIDC claims or SAML assertions) or from a system administrator for local accounts. Traits are used to populate role variables. - `trusted_device_ids` (List of String) TrustedDeviceIDs contains the IDs of trusted devices enrolled by the user. Note that SSO users are transient and thus may contain an empty TrustedDeviceIDs field, even though the user->device association exists under the Device Trust subsystem. Do not rely on this field to determine device associations or ownership, it exists for legacy/informative purposes only. Managed by the Device Trust subsystem, avoid manual edits. ### Nested Schema for `spec.github_identities` diff --git a/docs/pages/reference/terraform-provider/resources/access_list.mdx b/docs/pages/reference/terraform-provider/resources/access_list.mdx index 952e44b2e24b9..974584d3714ec 100644 --- a/docs/pages/reference/terraform-provider/resources/access_list.mdx +++ b/docs/pages/reference/terraform-provider/resources/access_list.mdx @@ -58,7 +58,7 @@ resource "teleport_access_list" "crane-operation" { ### Optional - `header` (Attributes) header is the header for the resource. (see [below for nested schema](#nested-schema-for-header)) -- `spec` (Attributes) spec is the specification for the access list. (see [below for nested schema](#nested-schema-for-spec)) +- `spec` (Attributes) spec is the specification for the Access List. (see [below for nested schema](#nested-schema-for-spec)) ### Nested Schema for `header` @@ -81,7 +81,7 @@ Required: Optional: - `description` (String) description is object description. -- `expires` (String) +- `expires` (String) expires is a global expiry time header can be set on any resource in the system. - `labels` (Map of String) labels is a set of labels. - `namespace` (String) namespace is object namespace. The field should be called "namespace" when it returns in Teleport 2.4. - `revision` (String) revision is an opaque identifier which tracks the versions of a resource over time. Clients should ignore and not alter its value but must return the revision in any updates of a resource. @@ -92,17 +92,17 @@ Optional: Required: -- `audit` (Attributes) audit describes the frequency that this access list must be audited. (see [below for nested schema](#nested-schema-for-specaudit)) -- `grants` (Attributes) grants describes the access granted by membership to this access list. (see [below for nested schema](#nested-schema-for-specgrants)) -- `owners` (Attributes List) owners is a list of owners of the access list. (see [below for nested schema](#nested-schema-for-specowners)) +- `audit` (Attributes) audit describes the frequency that this Access List must be audited. (see [below for nested schema](#nested-schema-for-specaudit)) +- `grants` (Attributes) grants describes the access granted by membership to this Access List. (see [below for nested schema](#nested-schema-for-specgrants)) +- `owners` (Attributes List) owners is a list of owners of the Access List. (see [below for nested schema](#nested-schema-for-specowners)) Optional: -- `description` (String) description is an optional plaintext description of the access list. -- `membership_requires` (Attributes) membership_requires describes the requirements for a user to be a member of the access list. For a membership to an access list to be effective, the user must meet the requirements of Membership_requires and must be in the members list. (see [below for nested schema](#nested-schema-for-specmembership_requires)) -- `owner_grants` (Attributes) owner_grants describes the access granted by owners to this access list. (see [below for nested schema](#nested-schema-for-specowner_grants)) -- `ownership_requires` (Attributes) ownership_requires describes the requirements for a user to be an owner of the access list. For ownership of an access list to be effective, the user must meet the requirements of ownership_requires and must be in the owners list. (see [below for nested schema](#nested-schema-for-specownership_requires)) -- `title` (String) title is a plaintext short description of the access list. +- `description` (String) description is an optional plaintext description of the Access List. +- `membership_requires` (Attributes) membership_requires describes the requirements for a user to be a member of the Access List. For a membership to an Access List to be effective, the user must meet the requirements of Membership_requires and must be in the members list. (see [below for nested schema](#nested-schema-for-specmembership_requires)) +- `owner_grants` (Attributes) owner_grants describes the access granted by owners to this Access List. (see [below for nested schema](#nested-schema-for-specowner_grants)) +- `ownership_requires` (Attributes) ownership_requires describes the requirements for a user to be an owner of the Access List. For ownership of an Access List to be effective, the user must meet the requirements of ownership_requires and must be in the owners list. (see [below for nested schema](#nested-schema-for-specownership_requires)) +- `title` (String) title is a plaintext short description of the Access List. ### Nested Schema for `spec.audit` @@ -112,7 +112,7 @@ Required: Optional: -- `next_audit_date` (String) +- `next_audit_date` (String) next_audit_date is when the next audit date should be done by. - `notifications` (Attributes) notifications is the configuration for notifying users. (see [below for nested schema](#nested-schema-for-specauditnotifications)) ### Nested Schema for `spec.audit.recurrence` @@ -130,7 +130,7 @@ Optional: Optional: -- `start` (String) +- `start` (String) start specifies when to start notifying users that the next audit date is coming up. @@ -138,8 +138,8 @@ Optional: Optional: -- `roles` (List of String) roles are the roles that are granted to users who are members of the access list. -- `traits` (Attributes List) traits are the traits that are granted to users who are members of the access list. (see [below for nested schema](#nested-schema-for-specgrantstraits)) +- `roles` (List of String) roles are the roles that are granted to users who are members of the Access List. +- `traits` (Attributes List) traits are the traits that are granted to users who are members of the Access List. (see [below for nested schema](#nested-schema-for-specgrantstraits)) ### Nested Schema for `spec.grants.traits` @@ -178,8 +178,8 @@ Optional: Optional: -- `roles` (List of String) roles are the roles that are granted to users who are members of the access list. -- `traits` (Attributes List) traits are the traits that are granted to users who are members of the access list. (see [below for nested schema](#nested-schema-for-specowner_grantstraits)) +- `roles` (List of String) roles are the roles that are granted to users who are members of the Access List. +- `traits` (Attributes List) traits are the traits that are granted to users who are members of the Access List. (see [below for nested schema](#nested-schema-for-specowner_grantstraits)) ### Nested Schema for `spec.owner_grants.traits` diff --git a/docs/pages/reference/terraform-provider/resources/access_monitoring_rule.mdx b/docs/pages/reference/terraform-provider/resources/access_monitoring_rule.mdx index 45f18e0bf3e64..e6dd4b1de53a8 100644 --- a/docs/pages/reference/terraform-provider/resources/access_monitoring_rule.mdx +++ b/docs/pages/reference/terraform-provider/resources/access_monitoring_rule.mdx @@ -70,6 +70,6 @@ Required: Optional: - `description` (String) description is object description. -- `expires` (String) +- `expires` (String) expires is a global expiry time header can be set on any resource in the system. - `labels` (Map of String) labels is a set of labels. diff --git a/docs/pages/reference/terraform-provider/resources/app.mdx b/docs/pages/reference/terraform-provider/resources/app.mdx index 535af84b692cd..b8c69a8323fad 100644 --- a/docs/pages/reference/terraform-provider/resources/app.mdx +++ b/docs/pages/reference/terraform-provider/resources/app.mdx @@ -14,6 +14,7 @@ description: This page describes the supported values of the teleport_app resour # Teleport App resource "teleport_app" "example" { + version = "v3" metadata = { name = "example" description = "Test app" diff --git a/docs/pages/reference/terraform-provider/resources/auth_preference.mdx b/docs/pages/reference/terraform-provider/resources/auth_preference.mdx index c899fa7652572..4f47ce94d7fdb 100644 --- a/docs/pages/reference/terraform-provider/resources/auth_preference.mdx +++ b/docs/pages/reference/terraform-provider/resources/auth_preference.mdx @@ -14,6 +14,7 @@ description: This page describes the supported values of the teleport_auth_prefe # AuthPreference resource resource "teleport_auth_preference" "example" { + version = "v2" metadata = { description = "Auth preference" labels = { @@ -45,13 +46,13 @@ resource "teleport_auth_preference" "example" { Optional: -- `allow_headless` (Boolean) -- `allow_local_auth` (Boolean) -- `allow_passwordless` (Boolean) +- `allow_headless` (Boolean) AllowHeadless enables/disables headless support. Headless authentication requires Webauthn to work. Defaults to true if the Webauthn is configured, defaults to false otherwise. +- `allow_local_auth` (Boolean) AllowLocalAuth is true if local authentication is enabled. +- `allow_passwordless` (Boolean) AllowPasswordless enables/disables passwordless support. Passwordless requires Webauthn to work. Defaults to true if the Webauthn is configured, defaults to false otherwise. - `connector_name` (String) ConnectorName is the name of the OIDC or SAML connector. If this value is not set the first connector in the backend will be used. - `default_session_ttl` (String) DefaultSessionTTL is the TTL to use for user certs when an explicit TTL is not requested. - `device_trust` (Attributes) DeviceTrust holds settings related to trusted device verification. Requires Teleport Enterprise. (see [below for nested schema](#nested-schema-for-specdevice_trust)) -- `disconnect_expired_cert` (Boolean) +- `disconnect_expired_cert` (Boolean) DisconnectExpiredCert provides disconnect expired certificate setting - if true, connections with expired client certificates will get disconnected - `hardware_key` (Attributes) HardwareKey are the settings for hardware key support. (see [below for nested schema](#nested-schema-for-spechardware_key)) - `idp` (Attributes) IDP is a set of options related to accessing IdPs within Teleport. Requires Teleport Enterprise. (see [below for nested schema](#nested-schema-for-specidp)) - `locking_mode` (String) LockingMode is the cluster-wide locking mode default. @@ -59,7 +60,7 @@ Optional: - `okta` (Attributes) Okta is a set of options related to the Okta service in Teleport. Requires Teleport Enterprise. (see [below for nested schema](#nested-schema-for-specokta)) - `piv_slot` (String) TODO(Joerger): DELETE IN 17.0.0 Deprecated, replaced by HardwareKey settings. - `require_session_mfa` (Number) RequireMFAType is the type of MFA requirement enforced for this cluster. 0 is "OFF", 1 is "SESSION", 2 is "SESSION_AND_HARDWARE_KEY", 3 is "HARDWARE_KEY_TOUCH", 4 is "HARDWARE_KEY_PIN", 5 is "HARDWARE_KEY_TOUCH_AND_PIN". -- `second_factor` (String) SecondFactor is the type of second factor. +- `second_factor` (String) SecondFactor is the type of mult-factor. - `type` (String) Type is the type of authentication. - `u2f` (Attributes) U2F are the settings for the U2F device. (see [below for nested schema](#nested-schema-for-specu2f)) - `webauthn` (Attributes) Webauthn are the settings for server-side Web Authentication support. (see [below for nested schema](#nested-schema-for-specwebauthn)) @@ -99,7 +100,7 @@ Optional: Optional: -- `enabled` (Boolean) +- `enabled` (Boolean) Enabled is set to true if this option allows access to the Teleport SAML IdP. @@ -114,9 +115,9 @@ Optional: Optional: -- `app_id` (String) AppID returns the application ID for universal second factor. +- `app_id` (String) AppID returns the application ID for universal mult-factor. - `device_attestation_cas` (List of String) DeviceAttestationCAs contains the trusted attestation CAs for U2F devices. -- `facets` (List of String) Facets returns the facets for universal second factor. Deprecated: Kept for backwards compatibility reasons, but Facets have no effect since Teleport v10, when Webauthn replaced the U2F implementation. +- `facets` (List of String) Facets returns the facets for universal mult-factor. Deprecated: Kept for backwards compatibility reasons, but Facets have no effect since Teleport v10, when Webauthn replaced the U2F implementation. ### Nested Schema for `spec.webauthn` @@ -125,7 +126,7 @@ Optional: - `attestation_allowed_cas` (List of String) Allow list of device attestation CAs in PEM format. If present, only devices whose attestation certificates match the certificates specified here may be registered (existing registrations are unchanged). If supplied in conjunction with AttestationDeniedCAs, then both conditions need to be true for registration to be allowed (the device MUST match an allowed CA and MUST NOT match a denied CA). By default all devices are allowed. - `attestation_denied_cas` (List of String) Deny list of device attestation CAs in PEM format. If present, only devices whose attestation certificates don't match the certificates specified here may be registered (existing registrations are unchanged). If supplied in conjunction with AttestationAllowedCAs, then both conditions need to be true for registration to be allowed (the device MUST match an allowed CA and MUST NOT match a denied CA). By default no devices are denied. -- `rp_id` (String) RPID is the ID of the Relying Party. It should be set to the domain name of the Teleport installation. IMPORTANT: RPID must never change in the lifetime of the cluster, because it's recorded in the registration data on the WebAuthn device. If the RPID changes, all existing WebAuthn key registrations will become invalid and all users who use WebAuthn as the second factor will need to re-register. +- `rp_id` (String) RPID is the ID of the Relying Party. It should be set to the domain name of the Teleport installation. IMPORTANT: RPID must never change in the lifetime of the cluster, because it's recorded in the registration data on the WebAuthn device. If the RPID changes, all existing WebAuthn key registrations will become invalid and all users who use WebAuthn as the multi-factor will need to re-register. diff --git a/docs/pages/reference/terraform-provider/resources/cluster_maintenance_config.mdx b/docs/pages/reference/terraform-provider/resources/cluster_maintenance_config.mdx index dd19b42583877..475fa0394af66 100644 --- a/docs/pages/reference/terraform-provider/resources/cluster_maintenance_config.mdx +++ b/docs/pages/reference/terraform-provider/resources/cluster_maintenance_config.mdx @@ -14,6 +14,7 @@ description: This page describes the supported values of the teleport_cluster_ma # Teleport Cluster Networking config resource "teleport_cluster_maintenance_config" "example" { + version = "v1" metadata = { description = "Maintenance config" } diff --git a/docs/pages/reference/terraform-provider/resources/cluster_networking_config.mdx b/docs/pages/reference/terraform-provider/resources/cluster_networking_config.mdx index 522c07df97bb1..e248050332f99 100644 --- a/docs/pages/reference/terraform-provider/resources/cluster_networking_config.mdx +++ b/docs/pages/reference/terraform-provider/resources/cluster_networking_config.mdx @@ -14,6 +14,7 @@ description: This page describes the supported values of the teleport_cluster_ne # Teleport Cluster Networking config resource "teleport_cluster_networking_config" "example" { + version = "v2" metadata = { description = "Networking config" labels = { diff --git a/docs/pages/reference/terraform-provider/resources/database.mdx b/docs/pages/reference/terraform-provider/resources/database.mdx index c38f58d0c0217..b075866736514 100644 --- a/docs/pages/reference/terraform-provider/resources/database.mdx +++ b/docs/pages/reference/terraform-provider/resources/database.mdx @@ -14,6 +14,7 @@ description: This page describes the supported values of the teleport_database r # Teleport Database resource "teleport_database" "example" { + version = "v3" metadata = { name = "example" description = "Test database" @@ -162,6 +163,7 @@ Optional: - `iam_auth` (Boolean) IAMAuth indicates whether database IAM authentication is enabled. - `instance_id` (String) InstanceID is the RDS instance identifier. - `resource_id` (String) ResourceID is the RDS instance resource identifier (db-xxx). +- `security_groups` (List of String) SecurityGroups is a list of attached security groups for the RDS instance. - `subnets` (List of String) Subnets is a list of subnets for the RDS instance. - `vpc_id` (String) VPCID is the VPC where the RDS is running. diff --git a/docs/pages/reference/terraform-provider/resources/github_connector.mdx b/docs/pages/reference/terraform-provider/resources/github_connector.mdx index 6db1290d5850b..0d66e4c83c303 100644 --- a/docs/pages/reference/terraform-provider/resources/github_connector.mdx +++ b/docs/pages/reference/terraform-provider/resources/github_connector.mdx @@ -16,6 +16,7 @@ description: This page describes the supported values of the teleport_github_con variable "github_secret" {} resource "teleport_github_connector" "github" { + version = "v3" # This section tells Terraform that role example must be created before the GitHub connector depends_on = [ teleport_role.example diff --git a/docs/pages/reference/terraform-provider/resources/oidc_connector.mdx b/docs/pages/reference/terraform-provider/resources/oidc_connector.mdx index 194dcad80bfe9..91b40743d4836 100644 --- a/docs/pages/reference/terraform-provider/resources/oidc_connector.mdx +++ b/docs/pages/reference/terraform-provider/resources/oidc_connector.mdx @@ -18,6 +18,7 @@ description: This page describes the supported values of the teleport_oidc_conne variable "oidc_secret" {} resource "teleport_oidc_connector" "example" { + version = "v3" metadata = { name = "example" labels = { @@ -59,7 +60,7 @@ Optional: - `acr_values` (String) ACR is an Authentication Context Class Reference value. The meaning of the ACR value is context-specific and varies for identity providers. - `allow_unverified_email` (Boolean) AllowUnverifiedEmail tells the connector to accept OIDC users with unverified emails. - `claims_to_roles` (Attributes List) ClaimsToRoles specifies a dynamic mapping from claims to roles. (see [below for nested schema](#nested-schema-for-specclaims_to_roles)) -- `client_id` (String) ClientID is the id of the authentication client (Teleport Auth server). +- `client_id` (String) ClientID is the id of the authentication client (Teleport Auth Service). - `client_redirect_settings` (Attributes) ClientRedirectSettings defines which client redirect URLs are allowed for non-browser SSO logins other than the standard localhost ones. (see [below for nested schema](#nested-schema-for-specclient_redirect_settings)) - `client_secret` (String, Sensitive) ClientSecret is used to authenticate the client. - `display` (String) Display is the friendly name for this provider. @@ -70,7 +71,7 @@ Optional: - `max_age` (String) - `prompt` (String) Prompt is an optional OIDC prompt. An empty string omits prompt. If not specified, it defaults to select_account for backwards compatibility. - `provider` (String) Provider is the external identity provider. -- `redirect_url` (List of String) +- `redirect_url` (List of String) RedirectURLs is a list of callback URLs which the identity provider can use to redirect the client back to the Teleport Proxy to complete authentication. This list should match the URLs on the provider's side. The URL used for a given auth request will be chosen to match the requesting Proxy's public address. If there is no match, the first url in the list will be used. - `scope` (List of String) Scope specifies additional scopes set by provider. - `username_claim` (String) UsernameClaim specifies the name of the claim from the OIDC connector to be used as the user's username. diff --git a/docs/pages/reference/terraform-provider/resources/provision_token.mdx b/docs/pages/reference/terraform-provider/resources/provision_token.mdx index e7810c78b9d80..8d14d82ee2da7 100644 --- a/docs/pages/reference/terraform-provider/resources/provision_token.mdx +++ b/docs/pages/reference/terraform-provider/resources/provision_token.mdx @@ -76,8 +76,8 @@ Optional: - `join_method` (String) JoinMethod is the joining method required in order to use this token. Supported joining methods include: azure, circleci, ec2, gcp, github, gitlab, iam, kubernetes, spacelift, token, tpm - `kubernetes` (Attributes) Kubernetes allows the configuration of options specific to the "kubernetes" join method. (see [below for nested schema](#nested-schema-for-speckubernetes)) - `spacelift` (Attributes) Spacelift allows the configuration of options specific to the "spacelift" join method. (see [below for nested schema](#nested-schema-for-specspacelift)) -- `suggested_agent_matcher_labels` (Map of List of String) -- `suggested_labels` (Map of List of String) +- `suggested_agent_matcher_labels` (Map of List of String) SuggestedAgentMatcherLabels is a set of labels to be used by agents to match on resources. When an agent uses this token, the agent should monitor resources that match those labels. For databases, this means adding the labels to `db_service.resources.labels`. Currently, only node-join scripts create a configuration according to the suggestion. +- `suggested_labels` (Map of List of String) SuggestedLabels is a set of labels that resources should set when using this token to enroll themselves in the cluster. Currently, only node-join scripts create a configuration according to the suggestion. - `terraform_cloud` (Attributes) TerraformCloud allows the configuration of options specific to the "terraform_cloud" join method. (see [below for nested schema](#nested-schema-for-specterraform_cloud)) - `tpm` (Attributes) TPM allows the configuration of options specific to the "tpm" join method. (see [below for nested schema](#nested-schema-for-spectpm)) @@ -88,7 +88,7 @@ Optional: - `aws_account` (String) AWSAccount is the AWS account ID. - `aws_arn` (String) AWSARN is used for the IAM join method, the AWS identity of joining nodes must match this ARN. Supports wildcards "*" and "?". - `aws_regions` (List of String) AWSRegions is used for the EC2 join method and is a list of AWS regions a node is allowed to join from. -- `aws_role` (String) AWSRole is used for the EC2 join method and is the ARN of the AWS role that the auth server will assume in order to call the ec2 API. +- `aws_role` (String) AWSRole is used for the EC2 join method and is the ARN of the AWS role that the Auth Service will assume in order to call the ec2 API. ### Nested Schema for `spec.azure` @@ -143,7 +143,7 @@ Optional: Optional: - `allow` (Attributes List) Allow is a list of TokenRules, nodes using this token must match one allow rule to use this token. (see [below for nested schema](#nested-schema-for-specgithuballow)) -- `enterprise_server_host` (String) EnterpriseServerHost allows joining from runners associated with a GitHub Enterprise Server instance. When unconfigured, tokens will be validated against github.com, but when configured to the host of a GHES instance, then the tokens will be validated against host. This value should be the hostname of the GHES instance, and should not include the scheme or a path. The instance must be accessible over HTTPS at this hostname and the certificate must be trusted by the Auth Server. +- `enterprise_server_host` (String) EnterpriseServerHost allows joining from runners associated with a GitHub Enterprise Server instance. When unconfigured, tokens will be validated against github.com, but when configured to the host of a GHES instance, then the tokens will be validated against host. This value should be the hostname of the GHES instance, and should not include the scheme or a path. The instance must be accessible over HTTPS at this hostname and the certificate must be trusted by the Auth Service. - `enterprise_slug` (String) EnterpriseSlug allows the slug of a GitHub Enterprise organisation to be included in the expected issuer of the OIDC tokens. This is for compatibility with the `include_enterprise_slug` option in GHE. This field should be set to the slug of your enterprise if this is enabled. If this is not enabled, then this field must be left empty. This field cannot be specified if `enterprise_server_host` is specified. See https://docs.github.com/en/enterprise-cloud@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-issuer-value-for-an-enterprise for more information about customized issuer values. ### Nested Schema for `spec.github.allow` @@ -176,15 +176,15 @@ Optional: - `ci_config_sha` (String) CIConfigSHA is the git commit SHA for the ci_config_ref_uri. - `deployment_tier` (String) DeploymentTier is the deployment tier of the environment the job specifies - `environment` (String) Environment limits access by the environment the job deploys to (if one is associated) -- `environment_protected` (Boolean) -- `namespace_path` (String) NamespacePath is used to limit access to jobs in a group or user's projects. Example: `mygroup` This field supports simple "glob-style" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character. +- `environment_protected` (Boolean) EnvironmentProtected is true if the Git ref is protected, false otherwise. +- `namespace_path` (String) NamespacePath is used to limit access to jobs in a group or user's projects. Example: `mygroup` This field supports "glob-style" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character. - `pipeline_source` (String) PipelineSource limits access by the job pipeline source type. https://docs.gitlab.com/ee/ci/jobs/job_control.html#common-if-clauses-for-rules Example: `web` -- `project_path` (String) ProjectPath is used to limit access to jobs belonging to an individual project. Example: `mygroup/myproject` This field supports simple "glob-style" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character. +- `project_path` (String) ProjectPath is used to limit access to jobs belonging to an individual project. Example: `mygroup/myproject` This field supports "glob-style" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character. - `project_visibility` (String) ProjectVisibility is the visibility of the project where the pipeline is running. Can be internal, private, or public. -- `ref` (String) Ref allows access to be limited to jobs triggered by a specific git ref. Ensure this is used in combination with ref_type. This field supports simple "glob-style" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character. -- `ref_protected` (Boolean) +- `ref` (String) Ref allows access to be limited to jobs triggered by a specific git ref. Ensure this is used in combination with ref_type. This field supports "glob-style" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character. +- `ref_protected` (Boolean) RefProtected is true if the Git ref is protected, false otherwise. - `ref_type` (String) RefType allows access to be limited to jobs triggered by a specific git ref type. Example: `branch` or `tag` -- `sub` (String) Sub roughly uniquely identifies the workload. Example: `project_path:mygroup/my-project:ref_type:branch:ref:main` project_path:GROUP/PROJECT:ref_type:TYPE:ref:BRANCH_NAME This field supports simple "glob-style" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character. +- `sub` (String) Sub roughly uniquely identifies the workload. Example: `project_path:mygroup/my-project:ref_type:branch:ref:main` project_path:GROUP/PROJECT:ref_type:TYPE:ref:BRANCH_NAME This field supports "glob-style" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character. - `user_email` (String) UserEmail is the email of the user executing the job - `user_id` (String) UserID is the ID of the user executing the job - `user_login` (String) UserLogin is the username of the user executing the job diff --git a/docs/pages/reference/terraform-provider/resources/role.mdx b/docs/pages/reference/terraform-provider/resources/role.mdx index b4785964412e4..e18ddabb1f0e5 100644 --- a/docs/pages/reference/terraform-provider/resources/role.mdx +++ b/docs/pages/reference/terraform-provider/resources/role.mdx @@ -14,6 +14,7 @@ description: This page describes the supported values of the teleport_role resou # Teleport Role resource resource "teleport_role" "example" { + version = "v7" metadata = { name = "example" description = "Example Teleport Role" @@ -101,42 +102,42 @@ Optional: Optional: -- `app_labels` (Map of List of String) +- `app_labels` (Map of List of String) AppLabels is a map of labels used as part of the RBAC system. - `app_labels_expression` (String) AppLabelsExpression is a predicate expression used to allow/deny access to Apps. - `aws_role_arns` (List of String) AWSRoleARNs is a list of AWS role ARNs this role is allowed to assume. - `azure_identities` (List of String) AzureIdentities is a list of Azure identities this role is allowed to assume. -- `cluster_labels` (Map of List of String) +- `cluster_labels` (Map of List of String) ClusterLabels is a map of node labels (used to dynamically grant access to clusters). - `cluster_labels_expression` (String) ClusterLabelsExpression is a predicate expression used to allow/deny access to remote Teleport clusters. -- `db_labels` (Map of List of String) +- `db_labels` (Map of List of String) DatabaseLabels are used in RBAC system to allow/deny access to databases. - `db_labels_expression` (String) DatabaseLabelsExpression is a predicate expression used to allow/deny access to Databases. - `db_names` (List of String) DatabaseNames is a list of database names this role is allowed to connect to. - `db_permissions` (Attributes List) DatabasePermissions specifies a set of permissions that will be granted to the database user when using automatic database user provisioning. (see [below for nested schema](#nested-schema-for-specallowdb_permissions)) - `db_roles` (List of String) DatabaseRoles is a list of databases roles for automatic user creation. -- `db_service_labels` (Map of List of String) +- `db_service_labels` (Map of List of String) DatabaseServiceLabels are used in RBAC system to allow/deny access to Database Services. - `db_service_labels_expression` (String) DatabaseServiceLabelsExpression is a predicate expression used to allow/deny access to Database Services. - `db_users` (List of String) DatabaseUsers is a list of databases users this role is allowed to connect as. - `desktop_groups` (List of String) DesktopGroups is a list of groups for created desktop users to be added to - `gcp_service_accounts` (List of String) GCPServiceAccounts is a list of GCP service accounts this role is allowed to assume. -- `group_labels` (Map of List of String) +- `group_labels` (Map of List of String) GroupLabels is a map of labels used as part of the RBAC system. - `group_labels_expression` (String) GroupLabelsExpression is a predicate expression used to allow/deny access to user groups. - `host_groups` (List of String) HostGroups is a list of groups for created users to be added to - `host_sudoers` (List of String) HostSudoers is a list of entries to include in a users sudoer file - `impersonate` (Attributes) Impersonate specifies what users and roles this role is allowed to impersonate by issuing certificates or other possible means. (see [below for nested schema](#nested-schema-for-specallowimpersonate)) - `join_sessions` (Attributes List) JoinSessions specifies policies to allow users to join other sessions. (see [below for nested schema](#nested-schema-for-specallowjoin_sessions)) - `kubernetes_groups` (List of String) KubeGroups is a list of kubernetes groups -- `kubernetes_labels` (Map of List of String) +- `kubernetes_labels` (Map of List of String) KubernetesLabels is a map of kubernetes cluster labels used for RBAC. - `kubernetes_labels_expression` (String) KubernetesLabelsExpression is a predicate expression used to allow/deny access to kubernetes clusters. - `kubernetes_resources` (Attributes List) KubernetesResources is the Kubernetes Resources this Role grants access to. (see [below for nested schema](#nested-schema-for-specallowkubernetes_resources)) - `kubernetes_users` (List of String) KubeUsers is an optional kubernetes users to impersonate - `logins` (List of String) Logins is a list of *nix system logins. -- `node_labels` (Map of List of String) +- `node_labels` (Map of List of String) NodeLabels is a map of node labels (used to dynamically grant access to nodes). - `node_labels_expression` (String) NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes. - `request` (Attributes) (see [below for nested schema](#nested-schema-for-specallowrequest)) - `require_session_join` (Attributes List) RequireSessionJoin specifies policies for required users to start a session. (see [below for nested schema](#nested-schema-for-specallowrequire_session_join)) - `review_requests` (Attributes) ReviewRequests defines conditions for submitting access reviews. (see [below for nested schema](#nested-schema-for-specallowreview_requests)) - `rules` (Attributes List) Rules is a list of rules and their access levels. Rules are a high level construct used for access control. (see [below for nested schema](#nested-schema-for-specallowrules)) - `spiffe` (Attributes List) SPIFFE is used to allow or deny access to a role holder to generating a SPIFFE SVID. (see [below for nested schema](#nested-schema-for-specallowspiffe)) -- `windows_desktop_labels` (Map of List of String) +- `windows_desktop_labels` (Map of List of String) WindowsDesktopLabels are used in the RBAC system to allow/deny access to Windows desktops. - `windows_desktop_labels_expression` (String) WindowsDesktopLabelsExpression is a predicate expression used to allow/deny access to Windows desktops. - `windows_desktop_logins` (List of String) WindowsDesktopLogins is a list of desktop login names allowed/denied for Windows desktops. @@ -144,7 +145,7 @@ Optional: Optional: -- `match` (Map of List of String) +- `match` (Map of List of String) Match is a list of object labels that must be matched for the permission to be granted. - `permissions` (List of String) Permission is the list of string representations of the permission to be given, e.g. SELECT, INSERT, UPDATE, ... @@ -181,7 +182,7 @@ Optional: Optional: -- `annotations` (Map of List of String) +- `annotations` (Map of List of String) Annotations is a collection of annotations to be programmatically appended to pending Access Requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions. - `claims_to_roles` (Attributes List) ClaimsToRoles specifies a mapping from claims (traits) to teleport roles. (see [below for nested schema](#nested-schema-for-specallowrequestclaims_to_roles)) - `max_duration` (String) MaxDuration is the amount of time the access will be granted for. If this is zero, the default duration is used. - `roles` (List of String) Roles is the name of roles which will match the request rule. @@ -264,42 +265,42 @@ Optional: Optional: -- `app_labels` (Map of List of String) +- `app_labels` (Map of List of String) AppLabels is a map of labels used as part of the RBAC system. - `app_labels_expression` (String) AppLabelsExpression is a predicate expression used to allow/deny access to Apps. - `aws_role_arns` (List of String) AWSRoleARNs is a list of AWS role ARNs this role is allowed to assume. - `azure_identities` (List of String) AzureIdentities is a list of Azure identities this role is allowed to assume. -- `cluster_labels` (Map of List of String) +- `cluster_labels` (Map of List of String) ClusterLabels is a map of node labels (used to dynamically grant access to clusters). - `cluster_labels_expression` (String) ClusterLabelsExpression is a predicate expression used to allow/deny access to remote Teleport clusters. -- `db_labels` (Map of List of String) +- `db_labels` (Map of List of String) DatabaseLabels are used in RBAC system to allow/deny access to databases. - `db_labels_expression` (String) DatabaseLabelsExpression is a predicate expression used to allow/deny access to Databases. - `db_names` (List of String) DatabaseNames is a list of database names this role is allowed to connect to. - `db_permissions` (Attributes List) DatabasePermissions specifies a set of permissions that will be granted to the database user when using automatic database user provisioning. (see [below for nested schema](#nested-schema-for-specdenydb_permissions)) - `db_roles` (List of String) DatabaseRoles is a list of databases roles for automatic user creation. -- `db_service_labels` (Map of List of String) +- `db_service_labels` (Map of List of String) DatabaseServiceLabels are used in RBAC system to allow/deny access to Database Services. - `db_service_labels_expression` (String) DatabaseServiceLabelsExpression is a predicate expression used to allow/deny access to Database Services. - `db_users` (List of String) DatabaseUsers is a list of databases users this role is allowed to connect as. - `desktop_groups` (List of String) DesktopGroups is a list of groups for created desktop users to be added to - `gcp_service_accounts` (List of String) GCPServiceAccounts is a list of GCP service accounts this role is allowed to assume. -- `group_labels` (Map of List of String) +- `group_labels` (Map of List of String) GroupLabels is a map of labels used as part of the RBAC system. - `group_labels_expression` (String) GroupLabelsExpression is a predicate expression used to allow/deny access to user groups. - `host_groups` (List of String) HostGroups is a list of groups for created users to be added to - `host_sudoers` (List of String) HostSudoers is a list of entries to include in a users sudoer file - `impersonate` (Attributes) Impersonate specifies what users and roles this role is allowed to impersonate by issuing certificates or other possible means. (see [below for nested schema](#nested-schema-for-specdenyimpersonate)) - `join_sessions` (Attributes List) JoinSessions specifies policies to allow users to join other sessions. (see [below for nested schema](#nested-schema-for-specdenyjoin_sessions)) - `kubernetes_groups` (List of String) KubeGroups is a list of kubernetes groups -- `kubernetes_labels` (Map of List of String) +- `kubernetes_labels` (Map of List of String) KubernetesLabels is a map of kubernetes cluster labels used for RBAC. - `kubernetes_labels_expression` (String) KubernetesLabelsExpression is a predicate expression used to allow/deny access to kubernetes clusters. - `kubernetes_resources` (Attributes List) KubernetesResources is the Kubernetes Resources this Role grants access to. (see [below for nested schema](#nested-schema-for-specdenykubernetes_resources)) - `kubernetes_users` (List of String) KubeUsers is an optional kubernetes users to impersonate - `logins` (List of String) Logins is a list of *nix system logins. -- `node_labels` (Map of List of String) +- `node_labels` (Map of List of String) NodeLabels is a map of node labels (used to dynamically grant access to nodes). - `node_labels_expression` (String) NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes. - `request` (Attributes) (see [below for nested schema](#nested-schema-for-specdenyrequest)) - `require_session_join` (Attributes List) RequireSessionJoin specifies policies for required users to start a session. (see [below for nested schema](#nested-schema-for-specdenyrequire_session_join)) - `review_requests` (Attributes) ReviewRequests defines conditions for submitting access reviews. (see [below for nested schema](#nested-schema-for-specdenyreview_requests)) - `rules` (Attributes List) Rules is a list of rules and their access levels. Rules are a high level construct used for access control. (see [below for nested schema](#nested-schema-for-specdenyrules)) - `spiffe` (Attributes List) SPIFFE is used to allow or deny access to a role holder to generating a SPIFFE SVID. (see [below for nested schema](#nested-schema-for-specdenyspiffe)) -- `windows_desktop_labels` (Map of List of String) +- `windows_desktop_labels` (Map of List of String) WindowsDesktopLabels are used in the RBAC system to allow/deny access to Windows desktops. - `windows_desktop_labels_expression` (String) WindowsDesktopLabelsExpression is a predicate expression used to allow/deny access to Windows desktops. - `windows_desktop_logins` (List of String) WindowsDesktopLogins is a list of desktop login names allowed/denied for Windows desktops. @@ -307,7 +308,7 @@ Optional: Optional: -- `match` (Map of List of String) +- `match` (Map of List of String) Match is a list of object labels that must be matched for the permission to be granted. - `permissions` (List of String) Permission is the list of string representations of the permission to be given, e.g. SELECT, INSERT, UPDATE, ... @@ -344,7 +345,7 @@ Optional: Optional: -- `annotations` (Map of List of String) +- `annotations` (Map of List of String) Annotations is a collection of annotations to be programmatically appended to pending Access Requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins. Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions. - `claims_to_roles` (Attributes List) ClaimsToRoles specifies a mapping from claims (traits) to teleport roles. (see [below for nested schema](#nested-schema-for-specdenyrequestclaims_to_roles)) - `max_duration` (String) MaxDuration is the amount of time the access will be granted for. If this is zero, the default duration is used. - `roles` (List of String) Roles is the name of roles which will match the request rule. @@ -430,14 +431,14 @@ Optional: - `cert_extensions` (Attributes List) CertExtensions specifies the key/values (see [below for nested schema](#nested-schema-for-specoptionscert_extensions)) - `cert_format` (String) CertificateFormat defines the format of the user certificate to allow compatibility with older versions of OpenSSH. - `client_idle_timeout` (String) ClientIdleTimeout sets disconnect clients on idle timeout behavior, if set to 0 means do not disconnect, otherwise is set to the idle duration. -- `create_db_user` (Boolean) +- `create_db_user` (Boolean) CreateDatabaseUser enabled automatic database user creation. - `create_db_user_mode` (Number) CreateDatabaseUserMode allows users to be automatically created on a database when not set to off. 0 is "unspecified", 1 is "off", 2 is "keep", 3 is "best_effort_drop". -- `create_desktop_user` (Boolean) -- `create_host_user` (Boolean) +- `create_desktop_user` (Boolean) CreateDesktopUser allows users to be automatically created on a Windows desktop +- `create_host_user` (Boolean) Deprecated: use CreateHostUserMode instead. - `create_host_user_default_shell` (String) CreateHostUserDefaultShell is used to configure the default shell for newly provisioned host users. - `create_host_user_mode` (Number) CreateHostUserMode allows users to be automatically created on a host when not set to off. 0 is "unspecified"; 1 is "off"; 2 is "drop" (removed for v15 and above), 3 is "keep"; 4 is "insecure-drop". -- `desktop_clipboard` (Boolean) -- `desktop_directory_sharing` (Boolean) +- `desktop_clipboard` (Boolean) DesktopClipboard indicates whether clipboard sharing is allowed between the user's workstation and the remote desktop. It defaults to true unless explicitly set to false. +- `desktop_directory_sharing` (Boolean) DesktopDirectorySharing indicates whether directory sharing is allowed between the user's workstation and the remote desktop. It defaults to false unless explicitly set to true. - `device_trust_mode` (String) DeviceTrustMode is the device authorization mode used for the resources associated with the role. See DeviceTrust.Mode. - `disconnect_expired_cert` (Boolean) DisconnectExpiredCert sets disconnect clients on expired certificates. - `enhanced_recording` (List of String) BPF defines what events to record for the BPF-based session recorder. @@ -451,12 +452,12 @@ Optional: - `mfa_verification_interval` (String) MFAVerificationInterval optionally defines the maximum duration that can elapse between successive MFA verifications. This variable is used to ensure that users are periodically prompted to verify their identity, enhancing security by preventing prolonged sessions without re-authentication when using tsh proxy * derivatives. It's only effective if the session requires MFA. If not set, defaults to `max_session_ttl`. - `permit_x11_forwarding` (Boolean) PermitX11Forwarding authorizes use of X11 forwarding. - `pin_source_ip` (Boolean) PinSourceIP forces the same client IP for certificate generation and usage -- `port_forwarding` (Boolean) +- `port_forwarding` (Boolean) PortForwarding defines if the certificate will have "permit-port-forwarding" in the certificate. PortForwarding is "yes" if not set, that's why this is a pointer - `record_session` (Attributes) RecordDesktopSession indicates whether desktop access sessions should be recorded. It defaults to true unless explicitly set to false. (see [below for nested schema](#nested-schema-for-specoptionsrecord_session)) - `request_access` (String) RequestAccess defines the request strategy (optional|note|always) where optional is the default. - `request_prompt` (String) RequestPrompt is an optional message which tells users what they aught to request. - `require_session_mfa` (Number) RequireMFAType is the type of MFA requirement enforced for this user. 0 is "OFF", 1 is "SESSION", 2 is "SESSION_AND_HARDWARE_KEY", 3 is "HARDWARE_KEY_TOUCH", 4 is "HARDWARE_KEY_PIN", 5 is "HARDWARE_KEY_TOUCH_AND_PIN". -- `ssh_file_copy` (Boolean) +- `ssh_file_copy` (Boolean) SSHFileCopy indicates whether remote file operations via SCP or SFTP are allowed over an SSH session. It defaults to true unless explicitly set to false. ### Nested Schema for `spec.options.cert_extensions` @@ -478,7 +479,7 @@ Optional: Optional: -- `enabled` (Boolean) +- `enabled` (Boolean) Enabled is set to true if this option allows access to the Teleport SAML IdP. @@ -487,6 +488,6 @@ Optional: Optional: - `default` (String) Default indicates the default value for the services. -- `desktop` (Boolean) +- `desktop` (Boolean) Desktop indicates whether desktop sessions should be recorded. It defaults to true unless explicitly set to false. - `ssh` (String) SSH indicates the session mode used on SSH sessions. diff --git a/docs/pages/reference/terraform-provider/resources/saml_connector.mdx b/docs/pages/reference/terraform-provider/resources/saml_connector.mdx index da2e18b955968..90736b807c87c 100644 --- a/docs/pages/reference/terraform-provider/resources/saml_connector.mdx +++ b/docs/pages/reference/terraform-provider/resources/saml_connector.mdx @@ -16,6 +16,7 @@ description: This page describes the supported values of the teleport_saml_conne # Please note that the SAML connector will work in Teleport Enterprise only. resource "teleport_saml_connector" "example" { + version = "v2" # This block will tell Terraform to never update private key from our side if a keys are managed # from an outside of Terraform. diff --git a/docs/pages/reference/terraform-provider/resources/session_recording_config.mdx b/docs/pages/reference/terraform-provider/resources/session_recording_config.mdx index a1453c83379d6..9c8826633c830 100644 --- a/docs/pages/reference/terraform-provider/resources/session_recording_config.mdx +++ b/docs/pages/reference/terraform-provider/resources/session_recording_config.mdx @@ -14,6 +14,7 @@ description: This page describes the supported values of the teleport_session_re # Teleport session recording config resource "teleport_session_recording_config" "example" { + version = "v2" metadata = { description = "Session recording config" labels = { @@ -55,5 +56,5 @@ Optional: Optional: - `mode` (String) Mode controls where (or if) the session is recorded. -- `proxy_checks_host_keys` (Boolean) +- `proxy_checks_host_keys` (Boolean) ProxyChecksHostKeys is used to control if the proxy will check host keys when in recording mode. diff --git a/docs/pages/reference/terraform-provider/resources/static_host_user.mdx b/docs/pages/reference/terraform-provider/resources/static_host_user.mdx index 00cebadd20e08..7260ba9903e9d 100644 --- a/docs/pages/reference/terraform-provider/resources/static_host_user.mdx +++ b/docs/pages/reference/terraform-provider/resources/static_host_user.mdx @@ -59,7 +59,7 @@ Required: Optional: - `description` (String) description is object description. -- `expires` (String) +- `expires` (String) expires is a global expiry time header can be set on any resource in the system. - `labels` (Map of String) labels is a set of labels. diff --git a/docs/pages/reference/terraform-provider/resources/user.mdx b/docs/pages/reference/terraform-provider/resources/user.mdx index edeff278ff921..9e7c2409513a3 100644 --- a/docs/pages/reference/terraform-provider/resources/user.mdx +++ b/docs/pages/reference/terraform-provider/resources/user.mdx @@ -14,6 +14,7 @@ description: This page describes the supported values of the teleport_user resou # Teleport User resource resource "teleport_user" "example" { + version = "v2" # Tells Terraform that the role could not be destroyed while this user exists depends_on = [ teleport_role.example @@ -91,7 +92,7 @@ Optional: - `oidc_identities` (Attributes List) OIDCIdentities lists associated OpenID Connect identities that let user log in using externally verified identity (see [below for nested schema](#nested-schema-for-specoidc_identities)) - `roles` (List of String) Roles is a list of roles assigned to user - `saml_identities` (Attributes List) SAMLIdentities lists associated SAML identities that let user log in using externally verified identity (see [below for nested schema](#nested-schema-for-specsaml_identities)) -- `traits` (Map of List of String) +- `traits` (Map of List of String) Traits are key/value pairs received from an identity provider (through OIDC claims or SAML assertions) or from a system administrator for local accounts. Traits are used to populate role variables. - `trusted_device_ids` (List of String) TrustedDeviceIDs contains the IDs of trusted devices enrolled by the user. Note that SSO users are transient and thus may contain an empty TrustedDeviceIDs field, even though the user->device association exists under the Device Trust subsystem. Do not rely on this field to determine device associations or ownership, it exists for legacy/informative purposes only. Managed by the Device Trust subsystem, avoid manual edits. ### Nested Schema for `spec.github_identities` diff --git a/docs/pages/upcoming-releases.mdx b/docs/pages/upcoming-releases.mdx index 034574e61211a..52e9e955cfb6d 100644 --- a/docs/pages/upcoming-releases.mdx +++ b/docs/pages/upcoming-releases.mdx @@ -7,10 +7,10 @@ The Teleport team delivers a new major release roughly every 4 months. ## Teleport -| Version | Date | -|---------|--------------------| -| 17.0.0 | October 31, 2024 | -| 17.1.0 | November 30, 2024 | +| Version | Date | +|---------|---------------------| +| 17.0.0 | November 15th, 2024 | +| 17.1.0 | December 13th, 2024 | ### 17.0.0 @@ -25,11 +25,10 @@ Teleport admins will have the option to use elliptic curve cryptography for the majority of user, host, and certificate authority key material. This includes Ed25519 SSH keys and ECDSA TLS keys, replacing the RSA keys used today. -#### AWS Identity Center integration +#### (Preview) AWS Identity Center integration Teleport will integrate with AWS Identity Center to allow users to sync and -manage AWS IC group and their members and allow them to request access to AWS -IC permission sets. +manage AWS IC group members via Access Lists. #### Hardware Key support for Teleport Connect @@ -76,6 +75,11 @@ Github with RBAC and audit logging support. Teleport users will be able to satisfy per-session MFA checks by authenticating with an external identity provider as an alternative to using second factors registered with Teleport. +#### Access requests support for AWS Identity Center + +AWS Identity Center integration will allow users to request short or long term access to permission +sets via Access Requests. + #### Database access for PostgreSQL via web UI Database access users will be able to connect to PostgreSQL databases connected to Teleport right @@ -109,10 +113,10 @@ sync and NetIQ permissions and Azure resources. The key deliverables for Teleport Cloud in the next quarter: -| Week of | Description | -|--------------------|----------------------------------------------------------------| -| December 2, 2024 | Teleport 17.1 will begin rollout on Cloud. | -| December 2, 2024 | Teleport 17.1 agents will begin rollout to eligible tenants. | +| Week of | Description | +|-----------------------|----------------------------------------------------------------| +| December 16th, 2024 | Teleport 17.1 will begin rollout on Cloud. | +| December 16th, 2024 | Teleport 17.1 agents will begin rollout to eligible tenants. | ## Production readiness diff --git a/docs/pages/usage-billing.mdx b/docs/pages/usage-billing.mdx index 9f8b689010eca..f3a0f1a2ab4c9 100644 --- a/docs/pages/usage-billing.mdx +++ b/docs/pages/usage-billing.mdx @@ -134,15 +134,16 @@ representation of all active users over the last month. The Teleport Protected Resources (TPR) metric is the aggregate number of unique resources connected to Teleport. -We aggregate TPRs on a daily basis and use the average of those daily sums to -determine the amount of TPRs for each monthly period, which starts on the -subscription start date and ends on each monthly anniversary thereafter. - A "resource" is any unique bot, such as a CI/CD Jenkins or GitHub Actions job, or a distinct computing resource, including a Kubernetes cluster, SSH server, database instance, or serverless endpoint, that registers with the Teleport cluster at least once a month. +We aggregate TPRs during each day on an hourly basis, and take an hourly average +to compute a daily TPR. Then we average the daily TPR over a monthly period, +which starts on the subscription start date and ends on each monthly anniversary +thereafter. + ## Usage measurement for billing We aggregate all counts of the billing metrics on a monthly basis starting on diff --git a/e b/e index 999bc9b3dc840..4f6680c23b769 160000 --- a/e +++ b/e @@ -1 +1 @@ -Subproject commit 999bc9b3dc8409e9b01ff88fe26fe942d2842097 +Subproject commit 4f6680c23b769510330646b68bac4e92682f869f diff --git a/e2e/aws/databases_test.go b/e2e/aws/databases_test.go index c8e6198b1fec5..aa153d2e53c2a 100644 --- a/e2e/aws/databases_test.go +++ b/e2e/aws/databases_test.go @@ -112,7 +112,7 @@ func awsDBDiscoveryUnmatched(t *testing.T) { } const ( - waitForConnTimeout = 60 * time.Second + waitForConnTimeout = 90 * time.Second connRetryTick = 10 * time.Second ) diff --git a/examples/aws/terraform/ha-autoscale-cluster/outputs.tf b/examples/aws/terraform/ha-autoscale-cluster/outputs.tf index 1baaa66bd9541..5d59e18eaf6d5 100644 --- a/examples/aws/terraform/ha-autoscale-cluster/outputs.tf +++ b/examples/aws/terraform/ha-autoscale-cluster/outputs.tf @@ -38,7 +38,7 @@ output "cluster_name" { output "cluster_web_address" { description = "Web address to access the Teleport cluster" - value = "https://${var.use_acm ? aws_route53_record.proxy_acm[0].name : aws_route53_record.proxy[0].name}" + value = "https://${var.use_acm ? aws_route53_record.proxy_acm[0].name : aws_route53_record.proxy[0].fqdn}" } output "key_name" { diff --git a/examples/aws/terraform/ha-autoscale-cluster/ssm.tf b/examples/aws/terraform/ha-autoscale-cluster/ssm.tf index 6077e773a2273..32f92391f22fe 100644 --- a/examples/aws/terraform/ha-autoscale-cluster/ssm.tf +++ b/examples/aws/terraform/ha-autoscale-cluster/ssm.tf @@ -8,4 +8,5 @@ resource "aws_ssm_parameter" "license" { type = "SecureString" value = file(var.license_path) overwrite = true + tier = "Intelligent-Tiering" } diff --git a/examples/aws/terraform/starter-cluster/outputs.tf b/examples/aws/terraform/starter-cluster/outputs.tf index 9ae4a2722ecf1..9b077e316914f 100644 --- a/examples/aws/terraform/starter-cluster/outputs.tf +++ b/examples/aws/terraform/starter-cluster/outputs.tf @@ -10,7 +10,7 @@ output "cluster_name" { output "cluster_web_address" { description = "Web address to access the Teleport cluster" - value = "https://${var.use_acm ? aws_route53_record.cluster_acm[0].name : aws_route53_record.cluster[0].name}" + value = "https://${var.use_acm ? aws_route53_record.cluster_acm[0].name : aws_route53_record.cluster[0].fqdn}" } output "key_name" { diff --git a/examples/aws/terraform/starter-cluster/ssm.tf b/examples/aws/terraform/starter-cluster/ssm.tf index 499791e29b740..b6e1589c171ac 100644 --- a/examples/aws/terraform/starter-cluster/ssm.tf +++ b/examples/aws/terraform/starter-cluster/ssm.tf @@ -5,4 +5,5 @@ resource "aws_ssm_parameter" "license" { type = "SecureString" value = file(var.license_path) overwrite = true + tier = "Intelligent-Tiering" } diff --git a/examples/chart/Makefile b/examples/chart/Makefile index e48ee95f70a1c..017864ae573b5 100644 --- a/examples/chart/Makefile +++ b/examples/chart/Makefile @@ -1,7 +1,7 @@ # TODO(hugoShaka): uncomment the additional targets as we start sync-ing # the reference and the values.yaml -access = discord email jira mattermost msteams pagerduty slack +access = discord email jira mattermost msteams pagerduty slack datadog check_access = $(addprefix check-chart-ref-access-,$(access)) render_access = $(addprefix render-chart-ref-access-,$(access)) diff --git a/examples/chart/access/datadog/.helmignore b/examples/chart/access/datadog/.helmignore new file mode 100644 index 0000000000000..0e8a0eb36f4ca --- /dev/null +++ b/examples/chart/access/datadog/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/examples/chart/access/datadog/Chart.yaml b/examples/chart/access/datadog/Chart.yaml new file mode 100644 index 0000000000000..0890fd9dfc1ab --- /dev/null +++ b/examples/chart/access/datadog/Chart.yaml @@ -0,0 +1,13 @@ +.version: &version "16.4.6" + +apiVersion: v2 +name: teleport-plugin-datadog +description: A Helm chart for the Teleport Datadog Incident Management Plugin +type: application +version: *version +appVersion: *version + +dependencies: + - name: tbot + version: *version + condition: tbot.enabled diff --git a/examples/chart/access/datadog/README.md b/examples/chart/access/datadog/README.md new file mode 100644 index 0000000000000..5a88a98868994 --- /dev/null +++ b/examples/chart/access/datadog/README.md @@ -0,0 +1,11 @@ +# Teleport Access Request Datadog Incident Management Plugin + +This chart sets up and configures a Deployment for the Access Request Datadog Incident Management plugin. + +## Installation + +See the [Access Requests with Datadog Incident Management guide](https://goteleport.com/docs/access-controls/access-request-plugins/datadog-hosted/). + +## Values + +See [teleport-plugin-datadog Chart Reference](https://goteleport.com/docs/reference/helm-reference/teleport-plugin-datadog/) for available Helm Chart configuration. diff --git a/examples/chart/access/datadog/charts/tbot b/examples/chart/access/datadog/charts/tbot new file mode 120000 index 0000000000000..bc5284c76fa10 --- /dev/null +++ b/examples/chart/access/datadog/charts/tbot @@ -0,0 +1 @@ +../../../tbot \ No newline at end of file diff --git a/examples/chart/access/datadog/templates/_helpers.tpl b/examples/chart/access/datadog/templates/_helpers.tpl new file mode 100644 index 0000000000000..86e3fb5b1f677 --- /dev/null +++ b/examples/chart/access/datadog/templates/_helpers.tpl @@ -0,0 +1,82 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "datadog.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "datadog.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "datadog.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "datadog.labels" -}} +helm.sh/chart: {{ include "datadog.chart" . }} +{{ include "datadog.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "datadog.selectorLabels" -}} +app.kubernetes.io/name: {{ include "datadog.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "datadog.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "datadog.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "datadog.identitySecretName" -}} +{{- if .Values.teleport.identitySecretName -}} +{{- .Values.teleport.identitySecretName -}} +{{- else if .Values.tbot.enabled -}} + {{- .Release.Name }}-{{ default .Values.tbot.nameOverride "tbot" }}-out +{{- end }} +{{- end -}} + +{{- define "datadog.identitySecretPath" -}} +{{- if .Values.tbot.enabled -}} +identity +{{- else -}} +{{- .Values.teleport.identitySecretPath -}} +{{- end -}} +{{- end -}} + +{{- define "datadog.teleportAddress" -}} + +{{- end -}} diff --git a/examples/chart/access/datadog/templates/configmap.yaml b/examples/chart/access/datadog/templates/configmap.yaml new file mode 100644 index 0000000000000..418c1db7d4903 --- /dev/null +++ b/examples/chart/access/datadog/templates/configmap.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "datadog.fullname" . }} + {{- with .Values.annotations.config }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "datadog.labels" . | nindent 4 }} +data: + teleport-datadog.toml: | + [teleport] + addr = {{ coalesce .Values.teleport.address .Values.tbot.teleportProxyAddress .Values.tbot.teleportAuthAddress | quote }} + identity = "/var/lib/teleport/plugins/datadog/teleport-identity/{{ include "datadog.identitySecretPath" . }}" + refresh_identity = true + + [datadog] + api_endpoint = "{{ .Values.datadog.apiEndpoint }}" + api_key = "/var/lib/teleport/plugins/datadog/datadog-api-key" + application_key = "/var/lib/teleport/plugins/datadog/datadog-application-key" + severity = "{{ .Values.datadog.severity }}" + + [role_to_recipients] + "*" = ["{{ .Values.datadog.fallbackRecipient }}"] + + [log] + output = "{{ .Values.log.output }}" + severity = "{{ .Values.log.severity }}" diff --git a/examples/chart/access/datadog/templates/deployment.yaml b/examples/chart/access/datadog/templates/deployment.yaml new file mode 100644 index 0000000000000..75550b87b2ca8 --- /dev/null +++ b/examples/chart/access/datadog/templates/deployment.yaml @@ -0,0 +1,87 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "datadog.fullname" . }} + {{- with .Values.annotations.deployment }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "datadog.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "datadog.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with coalesce .Values.annotations.pod .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "datadog.labels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - /usr/local/bin/teleport-plugin + - start + - "--config" + - "/etc/teleport-datadog.toml" + env: + - name: "TELEPORT_PLUGIN_FAIL_FAST" + value: "true" + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: config + mountPath: /etc/teleport-datadog.toml + subPath: teleport-datadog.toml + - name: teleport-identity + mountPath: /var/lib/teleport/plugins/datadog/teleport-identity + - name: {{ .Values.secretVolumeName }}-api-key + mountPath: /var/lib/teleport/plugins/datadog/datadog-api-key + subPath: {{ .Values.datadog.apiKeySecretPath }} + - name: {{ .Values.secretVolumeName }}-application-key + mountPath: /var/lib/teleport/plugins/datadog/datadog-application-key + subPath: {{ .Values.datadog.applicationKeySecretPath }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ include "datadog.fullname" . }} + defaultMode: 0600 + - name: teleport-identity + secret: + secretName: {{ include "datadog.identitySecretName" . | quote }} + defaultMode: 0600 + - name: {{ .Values.secretVolumeName }}-api-key + secret: + secretName: "{{ coalesce .Values.datadog.apiKeyFromSecret (printf "%s-api-key" (include "datadog.fullname" .)) }}" + defaultMode: 0600 + - name: {{ .Values.secretVolumeName }}-application-key + secret: + secretName: "{{ coalesce .Values.datadog.applicationKeyFromSecret (printf "%s-application-key" (include "datadog.fullname" .)) }}" + defaultMode: 0600 diff --git a/examples/chart/access/datadog/templates/secret.yaml b/examples/chart/access/datadog/templates/secret.yaml new file mode 100644 index 0000000000000..60a50e58d6052 --- /dev/null +++ b/examples/chart/access/datadog/templates/secret.yaml @@ -0,0 +1,28 @@ +{{- if not .Values.datadog.apiKeyFromSecret}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "datadog.fullname" . }}-api-key + {{- with .Values.annotations.secret }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + datadogApiKey: {{ .Values.datadog.apiKey | b64enc }} +{{- end }} + +{{- if not .Values.datadog.applicationKeyFromSecret}} +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "datadog.fullname" . }}-application-key + {{- with .Values.annotations.secret }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + datadogApplicationKey: {{ .Values.datadog.applicationKey | b64enc }} +{{- end }} diff --git a/examples/chart/access/datadog/tests/__snapshot__/configmap_test.yaml.snap b/examples/chart/access/datadog/tests/__snapshot__/configmap_test.yaml.snap new file mode 100644 index 0000000000000..56dd7199ba7af --- /dev/null +++ b/examples/chart/access/datadog/tests/__snapshot__/configmap_test.yaml.snap @@ -0,0 +1,31 @@ +should match the snapshot: + 1: | + apiVersion: v1 + data: + teleport-datadog.toml: | + [teleport] + addr = "teleport.example.com:1234" + identity = "/var/lib/teleport/plugins/datadog/teleport-identity/auth_id" + refresh_identity = true + + [datadog] + api_endpoint = "https://api.datadoghq.com" + api_key = "/var/lib/teleport/plugins/datadog/datadog-api-key" + application_key = "/var/lib/teleport/plugins/datadog/datadog-application-key" + severity = "SEV-3" + + [role_to_recipients] + "*" = ["admin@example.com"] + + [log] + output = "/var/log/teleport-datadog.log" + severity = "DEBUG" + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: teleport-plugin-datadog + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-datadog-16.4.6 + name: RELEASE-NAME-teleport-plugin-datadog diff --git a/examples/chart/access/datadog/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/access/datadog/tests/__snapshot__/deployment_test.yaml.snap new file mode 100644 index 0000000000000..c3775fbc7a82e --- /dev/null +++ b/examples/chart/access/datadog/tests/__snapshot__/deployment_test.yaml.snap @@ -0,0 +1,71 @@ +should match the snapshot: + 1: | + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: teleport-plugin-datadog + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-datadog-16.4.6 + name: RELEASE-NAME-teleport-plugin-datadog + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: teleport-plugin-datadog + template: + metadata: + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: teleport-plugin-datadog + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-datadog-16.4.6 + spec: + containers: + - command: + - /usr/local/bin/teleport-plugin + - start + - --config + - /etc/teleport-datadog.toml + env: + - name: TELEPORT_PLUGIN_FAIL_FAST + value: "true" + image: gcr.io/overridden/repository:v98.76.54 + imagePullPolicy: IfNotPresent + name: teleport-plugin-datadog + resources: {} + securityContext: {} + volumeMounts: + - mountPath: /etc/teleport-datadog.toml + name: config + subPath: teleport-datadog.toml + - mountPath: /var/lib/teleport/plugins/datadog/teleport-identity + name: teleport-identity + - mountPath: /var/lib/teleport/plugins/datadog/datadog-api-key + name: password-file-api-key + subPath: datadogApiKey + - mountPath: /var/lib/teleport/plugins/datadog/datadog-application-key + name: password-file-application-key + subPath: datadogApplicationKey + securityContext: {} + volumes: + - configMap: + defaultMode: 384 + name: RELEASE-NAME-teleport-plugin-datadog + name: config + - name: teleport-identity + secret: + defaultMode: 384 + secretName: "" + - name: password-file-api-key + secret: + defaultMode: 384 + secretName: RELEASE-NAME-teleport-plugin-datadog-api-key + - name: password-file-application-key + secret: + defaultMode: 384 + secretName: RELEASE-NAME-teleport-plugin-datadog-application-key diff --git a/examples/chart/access/datadog/tests/__snapshot__/secret_test.yaml.snap b/examples/chart/access/datadog/tests/__snapshot__/secret_test.yaml.snap new file mode 100644 index 0000000000000..fc9ff6af65c5e --- /dev/null +++ b/examples/chart/access/datadog/tests/__snapshot__/secret_test.yaml.snap @@ -0,0 +1,17 @@ +should contain the api and application key: + 1: | + apiVersion: v1 + data: + datadogApiKey: ZGF0YWRvZ0FwaUtleQ== + kind: Secret + metadata: + name: RELEASE-NAME-teleport-plugin-datadog-api-key + type: Opaque + 2: | + apiVersion: v1 + data: + datadogApplicationKey: ZGF0YWRvZ0FwcGxpY2F0aW9uS2V5 + kind: Secret + metadata: + name: RELEASE-NAME-teleport-plugin-datadog-application-key + type: Opaque diff --git a/examples/chart/access/datadog/tests/configmap_test.yaml b/examples/chart/access/datadog/tests/configmap_test.yaml new file mode 100644 index 0000000000000..8927111f1a32b --- /dev/null +++ b/examples/chart/access/datadog/tests/configmap_test.yaml @@ -0,0 +1,37 @@ +suite: Test configmap +templates: + - configmap.yaml +tests: + - it: should match the snapshot + set: + teleport: + address: teleport.example.com:1234 + datadog: + apiEndpoint: https://api.datadoghq.com + apiKey: test-api-key + applicationKey: test-application-key + fallbackRecipient: admin@example.com + severity: SEV-3 + log: + output: /var/log/teleport-datadog.log + severity: DEBUG + asserts: + - matchSnapshot: {} + + - it: should not contain annotations when not defined + asserts: + - isNull: + path: metadata.annotations + + - it: should contain annotations when defined + set: + annotations: + config: + keyA: valA + keyB: valB + asserts: + - equal: + path: metadata.annotations + value: + keyA: valA + keyB: valB diff --git a/examples/chart/access/datadog/tests/deployment_test.yaml b/examples/chart/access/datadog/tests/deployment_test.yaml new file mode 100644 index 0000000000000..8f2cde402536e --- /dev/null +++ b/examples/chart/access/datadog/tests/deployment_test.yaml @@ -0,0 +1,69 @@ +suite: Test deployment +templates: + - deployment.yaml +tests: + - it: should match the snapshot + set: + image: + repository: gcr.io/overridden/repository + tag: v98.76.54 + asserts: + - matchSnapshot: {} + + - it: should not contain deployment or pod annotations when not defined + asserts: + - isNull: + path: metadata.annotations + - isNull: + path: spec.template.metadata.annotations + + - it: should contain deployment annotations when defined + set: + annotations: + deployment: + keyA: valA + keyB: valB + asserts: + - equal: + path: metadata.annotations + value: + keyA: valA + keyB: valB + - isNull: + path: spec.template.metadata.annotations + + - it: should contain pod annotations when defined + set: + annotations: + pod: + keyA: valA + keyB: valB + asserts: + - equal: + path: spec.template.metadata.annotations + value: + keyA: valA + keyB: valB + - isNull: + path: metadata.annotations + + - it: should contain both annotations when defined + set: + annotations: + deployment: + keyA: valA + keyB: valB + pod: + keyA: valA' + keyC: valC + asserts: + - equal: + path: metadata.annotations + value: + keyA: valA + keyB: valB + - equal: + path: spec.template.metadata.annotations + value: + keyA: valA' + keyC: valC diff --git a/examples/chart/access/datadog/tests/secret_test.yaml b/examples/chart/access/datadog/tests/secret_test.yaml new file mode 100644 index 0000000000000..bef3533b4eee6 --- /dev/null +++ b/examples/chart/access/datadog/tests/secret_test.yaml @@ -0,0 +1,38 @@ +suite: Test secret +templates: + - secret.yaml +tests: + - it: should contain the api and application key + set: + datadog: + apiKey: datadogApiKey + applicationKey: datadogApplicationKey + asserts: + - matchSnapshot: {} + + - it: should not exist when using external secret + set: + datadog: + apiKeyFromSecret: datadog-api-key + applicationKeyFromSecret: datadog-application-key + asserts: + - hasDocuments: + count: 0 + + - it: should not contain annotations when not defined + asserts: + - isNull: + path: metadata.annotations + + - it: should contain annotations when defined + set: + annotations: + secret: + keyA: valA + keyB: valB + asserts: + - equal: + path: metadata.annotations + value: + keyA: valA + keyB: valB diff --git a/examples/chart/access/datadog/values.schema.json b/examples/chart/access/datadog/values.schema.json new file mode 100644 index 0000000000000..ac42f66ff445b --- /dev/null +++ b/examples/chart/access/datadog/values.schema.json @@ -0,0 +1,429 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "$id": "http://example.com/example.json", + "default": {}, + "required": [ + "image", + "imagePullSecrets", + "nameOverride", + "fullnameOverride", + "podAnnotations", + "podSecurityContext", + "securityContext", + "nodeSelector", + "tolerations", + "affinity", + "teleport", + "datadog", + "log" + ], + "properties": { + "image": { + "$id": "#/properties/image", + "type": "object", + "default": {}, + "examples": [ + { + "repository": "public.ecr.aws/gravitational/teleport-plugin-datadog", + "pullPolicy": "IfNotPresent", + "tag": "" + } + ], + "required": [ + "repository", + "pullPolicy", + "tag" + ], + "properties": { + "repository": { + "$id": "#/properties/image/properties/repository", + "type": "string", + "default": "public.ecr.aws/gravitational/teleport-plugin-datadog", + "examples": [ + "public.ecr.aws/gravitational/teleport-plugin-datadog" + ] + }, + "pullPolicy": { + "$id": "#/properties/image/properties/pullPolicy", + "type": "string", + "default": "IfNotPresent", + "examples": [ + "IfNotPresent" + ] + }, + "tag": { + "$id": "#/properties/image/properties/tag", + "type": "string", + "default": "" + } + }, + "additionalProperties": true + }, + "imagePullSecrets": { + "$id": "#/properties/imagePullSecrets", + "type": "array", + "default": [], + "examples": [ + [ + { + "name": "image-pull-secrets" + } + ] + ], + "additionalItems": true, + "items": { + "$id": "#/properties/imagePullSecrets/items" + } + }, + "nameOverride": { + "$id": "#/properties/nameOverride", + "type": "string", + "default": "" + }, + "fullnameOverride": { + "$id": "#/properties/fullnameOverride", + "type": "string", + "default": "" + }, + "podAnnotations": { + "$id": "#/properties/podAnnotations", + "type": "object", + "additionalProperties": true + }, + "podSecurityContext": { + "$id": "#/properties/podSecurityContext", + "type": "object", + "required": [], + "additionalProperties": true + }, + "securityContext": { + "$id": "#/properties/securityContext", + "type": "object", + "properties": { + "capabilities": { + "$id": "#/properties/securityContext/properties/capabilities", + "type": "object", + "additionalProperties": true + }, + "readOnlyRootFilesystem": { + "$id": "#/properties/securityContext/properties/readOnlyRootFilesystem", + "type": "boolean", + "default": false, + "examples": [ + true + ] + }, + "runAsNonRoot": { + "$id": "#/properties/securityContext/properties/runAsNonRoot", + "type": "boolean", + "default": false, + "examples": [ + true + ] + }, + "runAsUser": { + "$id": "#/properties/securityContext/properties/runAsUser", + "type": "integer", + "default": 0, + "examples": [ + 1000 + ] + } + }, + "additionalProperties": true + }, + "resources": { + "$id": "#/properties/resources", + "type": "object", + "default": {}, + "examples": [ + { + "limits": { + "cpu": "100m", + "memory": "128Mi" + }, + "requests": { + "cpu": "100m", + "memory": "128Mi" + } + } + ], + "properties": { + "limits": { + "$id": "#/properties/resources/properties/limits", + "type": "object", + "default": {}, + "examples": [ + { + "cpu": "100m", + "memory": "128Mi" + } + ], + "required": [ + "cpu", + "memory" + ], + "properties": { + "cpu": { + "$id": "#/properties/resources/properties/limits/properties/cpu", + "type": "string", + "default": "", + "examples": [ + "100m" + ] + }, + "memory": { + "$id": "#/properties/resources/properties/limits/properties/memory", + "type": "string", + "default": "", + "examples": [ + "128Mi" + ] + } + }, + "additionalProperties": true + }, + "requests": { + "$id": "#/properties/resources/properties/requests", + "type": "object", + "default": {}, + "examples": [ + { + "cpu": "100m", + "memory": "128Mi" + } + ], + "required": [ + "cpu", + "memory" + ], + "properties": { + "cpu": { + "$id": "#/properties/resources/properties/requests/properties/cpu", + "type": "string", + "default": "", + "examples": [ + "100m" + ] + }, + "memory": { + "$id": "#/properties/resources/properties/requests/properties/memory", + "type": "string", + "default": "", + "examples": [ + "128Mi" + ] + } + }, + "additionalProperties": true + } + }, + "additionalProperties": true + }, + "nodeSelector": { + "$id": "#/properties/nodeSelector", + "type": "object", + "default": {}, + "additionalProperties": true + }, + "tolerations": { + "$id": "#/properties/tolerations", + "type": "array", + "default": [], + "additionalItems": true, + "items": { + "$id": "#/properties/tolerations/items" + } + }, + "affinity": { + "$id": "#/properties/affinity", + "type": "object", + "default": {}, + "additionalProperties": true + }, + "teleport": { + "$id": "#/properties/teleport", + "type": "object", + "default": {}, + "examples": [ + { + "address": "auth.example.com:3025", + "identitySecretName": "teleport-plugin-datadog-auth-id", + "identitySecretPath": "auth_id" + } + ], + "required": [ + "address", + "identitySecretName", + "identitySecretPath" + ], + "properties": { + "address": { + "$id": "#/properties/teleport/properties/address", + "type": "string", + "default": "", + "examples": [ + "auth.example.com:3025" + ] + }, + "identitySecretName": { + "$id": "#/properties/teleport/properties/identitySecretName", + "type": "string", + "default": "" + }, + "identitySecretPath": { + "$id": "#/properties/teleport/properties/identitySecretPath", + "type": "string", + "default": "auth_id", + "examples": [ + "auth_id" + ] + } + }, + "additionalProperties": true + }, + "datadog": { + "$id": "#/properties/datadog", + "type": "object", + "default": {}, + "examples": [ + { + "apiEndpoint": "https://api.datadoghq.com", + "apiKey": "example-api-key", + "applicationKey": "example-application-key", + "severity": "SEV-3", + "fallbackRecipient": "admin@example.com" + } + ], + "required": [ + "apiEndpoint", + "apiKey", + "applicationKey", + "fallbackRecipient" + ], + "properties": { + "apiEndpoint": { + "$id": "#/properties/datadog/properties/apiEndpoint", + "type": "string", + "default": "https://api.datadoghq.com", + "examples": [ + "https://api.datadoghq.com", + "https://api.us3.datadoghq.com", + "https://api.us5.datadoghq.com", + "https://api.datadoghq.eu", + "https://api.ap1.datadoghq.com" + ] + }, + "apiKey": { + "$id": "#/properties/datadog/properties/apiKey", + "type": "string", + "default": "", + "examples": [ + "example-api-key" + ] + }, + "apiKeyFromSecret": { + "$id": "#/properties/datadog/properties/apiKeyFromSecret", + "type": "string", + "default": "", + "examples": [ + "my-datadog-secret" + ] + }, + "apiKeySecretPath": { + "$id": "#/properties/datadog/properties/apiKeySecretPath", + "type": "string", + "default": "datadogApiKey", + "examples": [ + "apikey" + ] + }, + "applicationKey": { + "$id": "#/properties/datadog/properties/applicationKey", + "type": "string", + "default": "", + "examples": [ + "example-application-key" + ] + }, + "applicationKeyFromSecret": { + "$id": "#/properties/datadog/properties/applicationKeyFromSecret", + "type": "string", + "default": "", + "examples": [ + "my-datadog-secret" + ] + }, + "applicationKeySecretPath": { + "$id": "#/properties/datadog/properties/applicationKeySecretPath", + "type": "string", + "default": "datadogApplicationKey", + "examples": [ + "applicationkey" + ] + }, + "fallbackRecipient": { + "$id": "#/properties/datadog/properties/fallbackRecipient", + "type": "string", + "default": "", + "examples": [ + "admin@example.com", + "datadog-team-handle" + ] + }, + "severity": { + "$id": "#/properties/datadog/properties/severity", + "type": "string", + "default": "SEV-3", + "examples": [ + "SEV-3" + ] + } + }, + "additionalProperties": true + }, + "log": { + "$id": "#/properties/log", + "type": "object", + "default": {}, + "examples": [ + { + "output": "stdout", + "severity": "INFO" + } + ], + "required": [ + "output", + "severity" + ], + "properties": { + "output": { + "$id": "#/properties/log/properties/output", + "type": "string", + "default": "stdout", + "examples": [ + "stdout" + ] + }, + "severity": { + "$id": "#/properties/log/properties/severity", + "type": "string", + "default": "INFO", + "examples": [ + "INFO" + ] + } + }, + "additionalProperties": true + }, + "secretVolumeName": { + "$id": "#/properties/secretVolumeName", + "type": "string", + "default": "password-file", + "examples": [ + "my-secret-volume" + ] + } + }, + "additionalProperties": true +} diff --git a/examples/chart/access/datadog/values.yaml b/examples/chart/access/datadog/values.yaml new file mode 100644 index 0000000000000..9c92af3397917 --- /dev/null +++ b/examples/chart/access/datadog/values.yaml @@ -0,0 +1,246 @@ +# +# Plugin specific options +# + +# teleport -- contains the configuration describing how the plugin connects to +# your Teleport cluster. +teleport: + # teleport.address(string) -- is the address of the Teleport cluster the plugin + # connects to. The address must contain both the domain name and the port of + # the Teleport cluster. It can be either the address of the auth servers or the + # proxy servers. + # + # For example: + # - joining a Proxy: `teleport.example.com:443` or `teleport.example.com:3080` + # - joining an Auth: `teleport-auth.example.com:3025` + # + # When the address is empty, `tbot.teleportProxyAddress` + # or `tbot.teleportAuthAddress` will be used if they are set. + address: "" + # teleport.identitySecretName(string) -- is the name of the Kubernetes secret + # that contains the credentials for the connection to your Teleport cluster. + # + # The secret should be in the following format: + # + # ```yaml + # apiVersion: v1 + # kind: Secret + # type: Opaque + # metadata: + # name: teleport-plugin-datadog-identity + # data: + # auth_id: #... + # ``` + # + # Check out the [Access Requests with + # Datadog Incident Management](../../admin-guides/access-controls/access-request-plugins/datadog-hosted.mdx) guide + # for more information about how to acquire these credentials. + identitySecretName: "" + # teleport.identitySecretPath(string) -- is the key in the Kubernetes secret + # specified by `teleport.identitySecretName` that holds the credentials for + # the connection to your Teleport cluster. If the secret has the path, + # `"auth_id"`, you can omit this field. + identitySecretPath: "auth_id" + +# datadog -- contains the configuration used by the plugin to authenticate to Datadog. +# +# You can pass the Datadog keys by setting the chart values or using an existing Kubernetes Secret. +datadog: + # datadog.apiEndpoint(string) -- specifies which Datadog API site to set API + # requests. + apiEndpoint: "https://api.datadoghq.com" + # datadog.apiKey(string) -- is the Datadog API key used by the plugin to interact + # with Datadog. When set, the Chart creates a Kubernetes Secret for you. + # + # This value has no effect if `datadog.apiKeyFromSecret` is set. + apiKey: "" + # datadog.apiKeyFromSecret(string) -- is the name of the Kubernetes Secret + # containing the Datadog apiKey. When this value is set, you must create the + # Secret before creating the chart release. + apiKeyFromSecret: "" + # datadog.apiKeySecretPath(string) -- is the Kubernetes Secret key + # containing the Datadog API key. The secret name is set via `datadog.apiKeyFromSecret`. + apiKeySecretPath: "datadogApiKey" + # datadog.applicationKey(string) -- is the Datadog Application key used by the plugin to interact + # with Datadog. When set, the Chart creates a Kubernetes Secret for you. + # + # This value has no effect if `datadog.applicationKeyFromSecret` is set. + applicationKey: "" + # datadog.applicationKeyFromSecret(string) -- is the name of the Kubernetes Secret + # containing the Datadog applicationKey. When this value is set, you must create the + # Secret before creating the chart release. + applicationKeyFromSecret: "" + # datadog.applicationKeySecretPath(string) -- is the Kubernetes Secret key + # containing the Datadog Application key. The secret name is set via `datadog.applicationKeyFromSecret`. + applicationKeySecretPath: "datadogApplicationKey" + # datadog.fallbackRecipient(string) -- specifies the default recipient for + # Access Request notifications. The recipient can be a Datadog user email or + # a team handle. + fallbackRecipient: "" + # datadog.severity(string) -- specifies the Datadog incident severity. + severity: "SEV-3" + +# log -- controls the plugin logging. +log: + # log.severity(string) -- is the log level for the Teleport process. + # Available log levels are: `DEBUG`, `INFO`, `WARN`, `ERROR`. + # + # The default is `INFO`, which is recommended in production. + # `DEBUG` is useful during first-time setup or to see more detailed logs for debugging. + severity: INFO + # log.output(string) -- sets the output destination for the Teleport process. + # This can be set to any of the built-in values: `stdout`, `stderr`. + # + # The value can also be set to a file path (such as `/var/log/teleport.log`) + # to write logs to a file. Bear in mind that a few service startup messages + # will still go to `stderr` for resilience. + output: stdout + +# tbot -- controls the optional tbot deployment that obtains and renews +# credentials for the plugin to connect to Teleport. +# Only default and mandatory values are described here, see the tbot chart reference +# for the full list of supported values. +tbot: + # tbot.enabled(bool) -- controls if tbot should be deployed with the datadog plugin. + enabled: false + # tbot.clusterName(string) -- is the name of the Teleport cluster tbot and the Datadog plugin will join. + # Setting this value is mandatory when tbot is enabled. + clusterName: "" + # tbot.teleportProxyAddress(string) -- is the teleport Proxy Service address the bot will connect to. + # This must contain the port number, usually 443 or 3080 for Proxy Service. + # Connecting to the Proxy Service is the most common and recommended way to connect to Teleport. + # This is mandatory to connect to Teleport Enterprise (Cloud). + # + # This setting is mutually exclusive with `teleportAuthAddress`. + # + # For example: + # ```yaml + # tbot: + # teleportProxyAddress: "test.teleport.sh:443" + # ``` + teleportProxyAddress: "" + # tbot.teleportAuthAddress(string) -- is the teleport Auth Service address the bot will connect to. + # This must contain the port number, usually 3025 for Auth Service. Direct Auth Service connection + # should be used when you are deploying the bot in the same Kubernetes cluster than your `teleport-cluster` + # Helm release and have direct access to the Auth Service. + # Else, you should prefer connecting via the Proxy Service. + # + # This setting is mutually exclusive with `teleportProxyAddress`. + # + # For example: + # ```yaml + # teleportAuthAddress: "teleport-auth.teleport-namespace.svc.cluster.local:3025" + # ``` + teleportAuthAddress: "" + + # tbot.joinMethod(string) -- describes how tbot joins the Teleport cluster. + # See [the join method reference](../../reference/join-methods.mdx) for a list fo supported values and detailed explanations. + joinMethod: "kubernetes" + token: "" + + # Don't touch the tbot values below, this will break the chart. + # This ensures that tbot.fullname is not shortened if the release name contains "tbot" + nameOverride: tbot + defaultOutput: + enabled: true + +secretVolumeName: "password-file" + +# annotations -- contains annotations to apply to the different Kubernetes +# objects created by the chart. See [the Kubernetes annotation +# documentation](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) +# for more details. +annotations: + # annotations.config(object) -- contains the Kubernetes annotations + # put on the `ConfigMap` resource created by the chart. + config: {} + # annotations.deployment(object) -- contains the Kubernetes annotations + # put on the `Deployment` or `StatefulSet` resource created by the chart. + deployment: {} + # annotations.pod(object) -- contains the Kubernetes annotations + # put on the `Pod` resources created by the chart. + pod: {} + # annotations.secret(object) -- contains the Kubernetes annotations + # put on the `Secret` resource created by the chart. + # This has no effect when `joinTokenSecret.create` is `false`. + secret: {} + +# +# Deployment +# +# image -- sets the container image used for plugin pods created by the chart. +# +# You can override this to use your own plugin image rather than a Teleport-published image. +image: + # image.repository(string) -- is the image repository. + repository: public.ecr.aws/gravitational/teleport-plugin-datadog + # image.pullPolicy(string) -- is the [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). + pullPolicy: IfNotPresent + # image.tag(string) -- Overrides the image tag whose default is the chart appVersion. + # + # Normally, the version of the Teleport plugin matches the + # version of the chart. If you install chart version 15.0.0, you'll use + # the plugin version 15.0.0. Upgrading the plugin is done by upgrading the chart. + # + # + # `image.tag` is intended for development and custom tags. This MUST NOT be + # used to control the plugin version in a typical deployment. This + # chart is designed to run a specific plugin version. You will face + # compatibility issues trying to run a different version with it. + # + # If you want to run the Teleport plugin version `X.Y.Z`, you should use + # `helm install --version X.Y.Z` instead. + # + tag: "" + +# imagePullSecrets(list) -- is a list of secrets containing authorization tokens +# which can be optionally used to access a private Docker registry. +# +# See the [Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) for more details. +imagePullSecrets: [] + +nameOverride: "" +fullnameOverride: "" + +# Deprecated way to set pod annotations. `annotations.pod` should be preferred. +podAnnotations: {} + +# podSecurityContext(object) -- sets the pod security context for any pods created by the chart. +# See [the Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) +# for more details. +# +# To unset the security context, set it to `null` or `~`. +podSecurityContext: {} + +# securityContext(object) -- sets the container security context for any pods created by the chart. +# See [the Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) +# for more details. +# +# To unset the security context, set it to `null` or `~`. +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +# resources(object) -- sets the resource requests/limits for any pods created by the chart. +# See [the Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) +# for more details. +resources: {} + +# nodeSelector(object) -- sets the node selector for any pods created by the chart. +# See [the Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) +# for more details. +nodeSelector: {} + +# tolerations(list) -- sets the tolerations for any pods created by the chart. +# See [the Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) +# for more details. +tolerations: [] + +# affinity(object) -- sets the affinities for any pods created by the chart. +# See [the Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) +# for more details. +affinity: {} diff --git a/examples/chart/access/discord/Chart.yaml b/examples/chart/access/discord/Chart.yaml index 14e13cedb3bee..73cd6a1bda849 100644 --- a/examples/chart/access/discord/Chart.yaml +++ b/examples/chart/access/discord/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "16.4.2" +.version: &version "16.4.6" apiVersion: v2 name: teleport-plugin-discord diff --git a/examples/chart/access/discord/tests/__snapshot__/configmap_test.yaml.snap b/examples/chart/access/discord/tests/__snapshot__/configmap_test.yaml.snap index 7040e9bbb50d2..d82974e5efbcc 100644 --- a/examples/chart/access/discord/tests/__snapshot__/configmap_test.yaml.snap +++ b/examples/chart/access/discord/tests/__snapshot__/configmap_test.yaml.snap @@ -24,6 +24,6 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-discord - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-discord-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-discord-16.4.6 name: RELEASE-NAME-teleport-plugin-discord diff --git a/examples/chart/access/discord/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/access/discord/tests/__snapshot__/deployment_test.yaml.snap index 393dcf40abafc..7a5a50d2fa848 100644 --- a/examples/chart/access/discord/tests/__snapshot__/deployment_test.yaml.snap +++ b/examples/chart/access/discord/tests/__snapshot__/deployment_test.yaml.snap @@ -7,8 +7,8 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-discord - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-discord-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-discord-16.4.6 name: RELEASE-NAME-teleport-plugin-discord spec: replicas: 1 @@ -22,8 +22,8 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-discord - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-discord-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-discord-16.4.6 spec: containers: - command: diff --git a/examples/chart/access/email/Chart.yaml b/examples/chart/access/email/Chart.yaml index 10fa53cb61cde..4b9446bea396c 100644 --- a/examples/chart/access/email/Chart.yaml +++ b/examples/chart/access/email/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "16.4.2" +.version: &version "16.4.6" apiVersion: v2 name: teleport-plugin-email diff --git a/examples/chart/access/email/tests/__snapshot__/configmap_test.yaml.snap b/examples/chart/access/email/tests/__snapshot__/configmap_test.yaml.snap index e88de32d9f4cc..60895d9bf7941 100644 --- a/examples/chart/access/email/tests/__snapshot__/configmap_test.yaml.snap +++ b/examples/chart/access/email/tests/__snapshot__/configmap_test.yaml.snap @@ -26,8 +26,8 @@ should match the snapshot (mailgun on): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 name: RELEASE-NAME-teleport-plugin-email should match the snapshot (smtp on): 1: | @@ -59,8 +59,8 @@ should match the snapshot (smtp on): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 name: RELEASE-NAME-teleport-plugin-email should match the snapshot (smtp on, no starttls): 1: | @@ -92,8 +92,8 @@ should match the snapshot (smtp on, no starttls): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 name: RELEASE-NAME-teleport-plugin-email should match the snapshot (smtp on, password file): 1: | @@ -125,8 +125,8 @@ should match the snapshot (smtp on, password file): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 name: RELEASE-NAME-teleport-plugin-email should match the snapshot (smtp on, roleToRecipients set): 1: | @@ -161,8 +161,8 @@ should match the snapshot (smtp on, roleToRecipients set): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 name: RELEASE-NAME-teleport-plugin-email should match the snapshot (smtp on, starttls disabled): 1: | @@ -194,6 +194,6 @@ should match the snapshot (smtp on, starttls disabled): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 name: RELEASE-NAME-teleport-plugin-email diff --git a/examples/chart/access/email/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/access/email/tests/__snapshot__/deployment_test.yaml.snap index 4b46509ffa4a0..7a37605bdbc3f 100644 --- a/examples/chart/access/email/tests/__snapshot__/deployment_test.yaml.snap +++ b/examples/chart/access/email/tests/__snapshot__/deployment_test.yaml.snap @@ -7,8 +7,8 @@ should be possible to override volume name (smtp on): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 name: RELEASE-NAME-teleport-plugin-email spec: replicas: 1 @@ -22,8 +22,8 @@ should be possible to override volume name (smtp on): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 spec: containers: - command: @@ -34,7 +34,7 @@ should be possible to override volume name (smtp on): env: - name: TELEPORT_PLUGIN_FAIL_FAST value: "true" - image: public.ecr.aws/gravitational/teleport-plugin-email:16.4.2 + image: public.ecr.aws/gravitational/teleport-plugin-email:16.4.6 imagePullPolicy: IfNotPresent name: teleport-plugin-email ports: @@ -75,8 +75,8 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 name: RELEASE-NAME-teleport-plugin-email spec: replicas: 1 @@ -90,8 +90,8 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 spec: containers: - command: @@ -136,8 +136,8 @@ should match the snapshot (mailgun on): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 name: RELEASE-NAME-teleport-plugin-email spec: replicas: 1 @@ -151,8 +151,8 @@ should match the snapshot (mailgun on): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 spec: containers: - command: @@ -163,7 +163,7 @@ should match the snapshot (mailgun on): env: - name: TELEPORT_PLUGIN_FAIL_FAST value: "true" - image: public.ecr.aws/gravitational/teleport-plugin-email:16.4.2 + image: public.ecr.aws/gravitational/teleport-plugin-email:16.4.6 imagePullPolicy: IfNotPresent name: teleport-plugin-email ports: @@ -204,8 +204,8 @@ should match the snapshot (smtp on): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 name: RELEASE-NAME-teleport-plugin-email spec: replicas: 1 @@ -219,8 +219,8 @@ should match the snapshot (smtp on): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 spec: containers: - command: @@ -231,7 +231,7 @@ should match the snapshot (smtp on): env: - name: TELEPORT_PLUGIN_FAIL_FAST value: "true" - image: public.ecr.aws/gravitational/teleport-plugin-email:16.4.2 + image: public.ecr.aws/gravitational/teleport-plugin-email:16.4.6 imagePullPolicy: IfNotPresent name: teleport-plugin-email ports: @@ -272,8 +272,8 @@ should mount external secret (mailgun on): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 name: RELEASE-NAME-teleport-plugin-email spec: replicas: 1 @@ -287,8 +287,8 @@ should mount external secret (mailgun on): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 spec: containers: - command: @@ -299,7 +299,7 @@ should mount external secret (mailgun on): env: - name: TELEPORT_PLUGIN_FAIL_FAST value: "true" - image: public.ecr.aws/gravitational/teleport-plugin-email:16.4.2 + image: public.ecr.aws/gravitational/teleport-plugin-email:16.4.6 imagePullPolicy: IfNotPresent name: teleport-plugin-email ports: @@ -340,8 +340,8 @@ should mount external secret (smtp on): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 name: RELEASE-NAME-teleport-plugin-email spec: replicas: 1 @@ -355,8 +355,8 @@ should mount external secret (smtp on): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-email - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-email-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-email-16.4.6 spec: containers: - command: @@ -367,7 +367,7 @@ should mount external secret (smtp on): env: - name: TELEPORT_PLUGIN_FAIL_FAST value: "true" - image: public.ecr.aws/gravitational/teleport-plugin-email:16.4.2 + image: public.ecr.aws/gravitational/teleport-plugin-email:16.4.6 imagePullPolicy: IfNotPresent name: teleport-plugin-email ports: diff --git a/examples/chart/access/jira/Chart.yaml b/examples/chart/access/jira/Chart.yaml index 65b49f2a6a9aa..9f3c2deead7ce 100644 --- a/examples/chart/access/jira/Chart.yaml +++ b/examples/chart/access/jira/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "16.4.2" +.version: &version "16.4.6" apiVersion: v2 name: teleport-plugin-jira diff --git a/examples/chart/access/jira/tests/__snapshot__/configmap_test.yaml.snap b/examples/chart/access/jira/tests/__snapshot__/configmap_test.yaml.snap index ad122c6799790..4bde4506647d8 100644 --- a/examples/chart/access/jira/tests/__snapshot__/configmap_test.yaml.snap +++ b/examples/chart/access/jira/tests/__snapshot__/configmap_test.yaml.snap @@ -32,6 +32,6 @@ should match the snapshot (smtp on): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-jira - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-jira-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-jira-16.4.6 name: RELEASE-NAME-teleport-plugin-jira diff --git a/examples/chart/access/jira/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/access/jira/tests/__snapshot__/deployment_test.yaml.snap index 876753b96038f..f8a501e1e743a 100644 --- a/examples/chart/access/jira/tests/__snapshot__/deployment_test.yaml.snap +++ b/examples/chart/access/jira/tests/__snapshot__/deployment_test.yaml.snap @@ -7,8 +7,8 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-jira - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-jira-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-jira-16.4.6 name: RELEASE-NAME-teleport-plugin-jira spec: replicas: 1 @@ -22,8 +22,8 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-jira - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-jira-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-jira-16.4.6 spec: containers: - command: diff --git a/examples/chart/access/mattermost/Chart.yaml b/examples/chart/access/mattermost/Chart.yaml index dfe0ed75456ac..d7204abe3e613 100644 --- a/examples/chart/access/mattermost/Chart.yaml +++ b/examples/chart/access/mattermost/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "16.4.2" +.version: &version "16.4.6" apiVersion: v2 name: teleport-plugin-mattermost diff --git a/examples/chart/access/mattermost/tests/__snapshot__/configmap_test.yaml.snap b/examples/chart/access/mattermost/tests/__snapshot__/configmap_test.yaml.snap index ffe58b5c51f5a..bfc1390082811 100644 --- a/examples/chart/access/mattermost/tests/__snapshot__/configmap_test.yaml.snap +++ b/examples/chart/access/mattermost/tests/__snapshot__/configmap_test.yaml.snap @@ -22,6 +22,6 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-mattermost - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-mattermost-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-mattermost-16.4.6 name: RELEASE-NAME-teleport-plugin-mattermost diff --git a/examples/chart/access/mattermost/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/access/mattermost/tests/__snapshot__/deployment_test.yaml.snap index 7514411789aae..3435c7cfd663c 100644 --- a/examples/chart/access/mattermost/tests/__snapshot__/deployment_test.yaml.snap +++ b/examples/chart/access/mattermost/tests/__snapshot__/deployment_test.yaml.snap @@ -7,8 +7,8 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-mattermost - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-mattermost-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-mattermost-16.4.6 name: RELEASE-NAME-teleport-plugin-mattermost spec: replicas: 1 @@ -22,8 +22,8 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-mattermost - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-mattermost-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-mattermost-16.4.6 spec: containers: - command: @@ -75,8 +75,8 @@ should mount external secret: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-mattermost - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-mattermost-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-mattermost-16.4.6 name: RELEASE-NAME-teleport-plugin-mattermost spec: replicas: 1 @@ -90,8 +90,8 @@ should mount external secret: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-mattermost - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-mattermost-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-mattermost-16.4.6 spec: containers: - command: @@ -102,7 +102,7 @@ should mount external secret: env: - name: TELEPORT_PLUGIN_FAIL_FAST value: "true" - image: public.ecr.aws/gravitational/teleport-plugin-mattermost:16.4.2 + image: public.ecr.aws/gravitational/teleport-plugin-mattermost:16.4.6 imagePullPolicy: IfNotPresent name: teleport-plugin-mattermost ports: @@ -143,8 +143,8 @@ should override volume name: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-mattermost - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-mattermost-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-mattermost-16.4.6 name: RELEASE-NAME-teleport-plugin-mattermost spec: replicas: 1 @@ -158,8 +158,8 @@ should override volume name: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-mattermost - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-mattermost-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-mattermost-16.4.6 spec: containers: - command: @@ -170,7 +170,7 @@ should override volume name: env: - name: TELEPORT_PLUGIN_FAIL_FAST value: "true" - image: public.ecr.aws/gravitational/teleport-plugin-mattermost:16.4.2 + image: public.ecr.aws/gravitational/teleport-plugin-mattermost:16.4.6 imagePullPolicy: IfNotPresent name: teleport-plugin-mattermost ports: diff --git a/examples/chart/access/msteams/Chart.yaml b/examples/chart/access/msteams/Chart.yaml index 23c51379e0249..3c959bbd6021c 100644 --- a/examples/chart/access/msteams/Chart.yaml +++ b/examples/chart/access/msteams/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "16.4.2" +.version: &version "16.4.6" apiVersion: v2 name: teleport-plugin-msteams diff --git a/examples/chart/access/msteams/tests/__snapshot__/configmap_test.yaml.snap b/examples/chart/access/msteams/tests/__snapshot__/configmap_test.yaml.snap index 6f986e7d67bbe..8b42b66ddf7e0 100644 --- a/examples/chart/access/msteams/tests/__snapshot__/configmap_test.yaml.snap +++ b/examples/chart/access/msteams/tests/__snapshot__/configmap_test.yaml.snap @@ -29,6 +29,6 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-msteams - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-msteams-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-msteams-16.4.6 name: RELEASE-NAME-teleport-plugin-msteams diff --git a/examples/chart/access/msteams/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/access/msteams/tests/__snapshot__/deployment_test.yaml.snap index 1d592bdc5c024..39a1dcb63c149 100644 --- a/examples/chart/access/msteams/tests/__snapshot__/deployment_test.yaml.snap +++ b/examples/chart/access/msteams/tests/__snapshot__/deployment_test.yaml.snap @@ -7,8 +7,8 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-msteams - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-msteams-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-msteams-16.4.6 name: RELEASE-NAME-teleport-plugin-msteams spec: replicas: 1 @@ -22,8 +22,8 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-msteams - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-msteams-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-msteams-16.4.6 spec: containers: - command: diff --git a/examples/chart/access/pagerduty/Chart.yaml b/examples/chart/access/pagerduty/Chart.yaml index 6cfb8a7657a04..663773f75c2e1 100644 --- a/examples/chart/access/pagerduty/Chart.yaml +++ b/examples/chart/access/pagerduty/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "16.4.2" +.version: &version "16.4.6" apiVersion: v2 name: teleport-plugin-pagerduty diff --git a/examples/chart/access/pagerduty/tests/__snapshot__/configmap_test.yaml.snap b/examples/chart/access/pagerduty/tests/__snapshot__/configmap_test.yaml.snap index 6168d442a8059..83d48445a1a14 100644 --- a/examples/chart/access/pagerduty/tests/__snapshot__/configmap_test.yaml.snap +++ b/examples/chart/access/pagerduty/tests/__snapshot__/configmap_test.yaml.snap @@ -21,6 +21,6 @@ should match the snapshot (smtp on): app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-pagerduty - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-pagerduty-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-pagerduty-16.4.6 name: RELEASE-NAME-teleport-plugin-pagerduty diff --git a/examples/chart/access/pagerduty/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/access/pagerduty/tests/__snapshot__/deployment_test.yaml.snap index 94fc02bdd6341..8d473fa5f8dad 100644 --- a/examples/chart/access/pagerduty/tests/__snapshot__/deployment_test.yaml.snap +++ b/examples/chart/access/pagerduty/tests/__snapshot__/deployment_test.yaml.snap @@ -7,8 +7,8 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-pagerduty - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-pagerduty-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-pagerduty-16.4.6 name: RELEASE-NAME-teleport-plugin-pagerduty spec: replicas: 1 @@ -22,8 +22,8 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-pagerduty - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-pagerduty-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-pagerduty-16.4.6 spec: containers: - command: diff --git a/examples/chart/access/slack/Chart.yaml b/examples/chart/access/slack/Chart.yaml index 0fc0992887f96..685edc49cc5a8 100644 --- a/examples/chart/access/slack/Chart.yaml +++ b/examples/chart/access/slack/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "16.4.2" +.version: &version "16.4.6" apiVersion: v2 name: teleport-plugin-slack diff --git a/examples/chart/access/slack/tests/__snapshot__/configmap_test.yaml.snap b/examples/chart/access/slack/tests/__snapshot__/configmap_test.yaml.snap index 7b842a96ee9d6..b6c08e6142674 100644 --- a/examples/chart/access/slack/tests/__snapshot__/configmap_test.yaml.snap +++ b/examples/chart/access/slack/tests/__snapshot__/configmap_test.yaml.snap @@ -24,6 +24,6 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-slack - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-slack-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-slack-16.4.6 name: RELEASE-NAME-teleport-plugin-slack diff --git a/examples/chart/access/slack/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/access/slack/tests/__snapshot__/deployment_test.yaml.snap index 97c01d08ca385..2638a3320017c 100644 --- a/examples/chart/access/slack/tests/__snapshot__/deployment_test.yaml.snap +++ b/examples/chart/access/slack/tests/__snapshot__/deployment_test.yaml.snap @@ -7,8 +7,8 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-slack - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-slack-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-slack-16.4.6 name: RELEASE-NAME-teleport-plugin-slack spec: replicas: 1 @@ -22,8 +22,8 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-slack - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-slack-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-slack-16.4.6 spec: containers: - command: diff --git a/examples/chart/event-handler/Chart.yaml b/examples/chart/event-handler/Chart.yaml index 38800818e65fe..637bf235b7c42 100644 --- a/examples/chart/event-handler/Chart.yaml +++ b/examples/chart/event-handler/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "16.4.2" +.version: &version "16.4.6" apiVersion: v2 name: teleport-plugin-event-handler diff --git a/examples/chart/event-handler/tests/__snapshot__/configmap_test.yaml.snap b/examples/chart/event-handler/tests/__snapshot__/configmap_test.yaml.snap index 30296238d2266..0d7ad5ac45b17 100644 --- a/examples/chart/event-handler/tests/__snapshot__/configmap_test.yaml.snap +++ b/examples/chart/event-handler/tests/__snapshot__/configmap_test.yaml.snap @@ -26,6 +26,6 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-event-handler - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-event-handler-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-event-handler-16.4.6 name: RELEASE-NAME-teleport-plugin-event-handler diff --git a/examples/chart/event-handler/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/event-handler/tests/__snapshot__/deployment_test.yaml.snap index fe58bb4b473d2..133577d211a2a 100644 --- a/examples/chart/event-handler/tests/__snapshot__/deployment_test.yaml.snap +++ b/examples/chart/event-handler/tests/__snapshot__/deployment_test.yaml.snap @@ -7,8 +7,8 @@ should match the snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-plugin-event-handler - app.kubernetes.io/version: 16.4.2 - helm.sh/chart: teleport-plugin-event-handler-16.4.2 + app.kubernetes.io/version: 16.4.6 + helm.sh/chart: teleport-plugin-event-handler-16.4.6 name: RELEASE-NAME-teleport-plugin-event-handler spec: replicas: 1 @@ -82,7 +82,7 @@ should mount tls.existingCASecretName and set environment when set in values: value: "true" - name: SSL_CERT_FILE value: /etc/teleport-tls-ca/ca.pem - image: public.ecr.aws/gravitational/teleport-plugin-event-handler:16.4.2 + image: public.ecr.aws/gravitational/teleport-plugin-event-handler:16.4.6 imagePullPolicy: IfNotPresent name: teleport-plugin-event-handler ports: diff --git a/examples/chart/index.html b/examples/chart/index.html index 39b8d7b9522c4..8f48ba224c0af 100644 --- a/examples/chart/index.html +++ b/examples/chart/index.html @@ -55,6 +55,20 @@

See our
+ 
teleport-plugin-datadog:
+      # Install the Teleport Datadog Incident Management Plugin to create Datadog incidents on Access Requests.
+      # Click the link above to see the README.
+
+      helm install ${RELEASE_NAME?} teleport/teleport-plugin-datadog \
+        --create-namespace \
+        --namespace ${NAMESPACE?} \
+        --set teleport.address="${TELEPORT_ADDR?}" \
+        --set teleport.identitySecretName="${ID_SECRET}" \
+        --set datadog.apiEndpoint="https://api.datadoghq.com" \
+        --set datadog.apiKey="${DATADOG_API_KEY}" \
+        --set datadog.applicationKey="${DATADOG_APPLICATION_KEY}" \
+        --set datadog.fallbackRecipient="${EMAIL?}"
+ 
tbot:
       # Install the TBot chart to automatically configure a tbot agent to
       # generate short-lived credentials for consumption by clients.
diff --git a/examples/chart/tbot/Chart.yaml b/examples/chart/tbot/Chart.yaml
index d7e063ba9ad88..eeade7ed7e299 100644
--- a/examples/chart/tbot/Chart.yaml
+++ b/examples/chart/tbot/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "16.4.2"
+.version: &version "16.4.6"
 
 name: tbot
 apiVersion: v2
diff --git a/examples/chart/tbot/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/tbot/tests/__snapshot__/deployment_test.yaml.snap
index 2f370bfffb46e..b597ada4840b0 100644
--- a/examples/chart/tbot/tests/__snapshot__/deployment_test.yaml.snap
+++ b/examples/chart/tbot/tests/__snapshot__/deployment_test.yaml.snap
@@ -29,7 +29,7 @@ should match the snapshot (full):
             app.kubernetes.io/instance: RELEASE-NAME
             app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/name: tbot
-            helm.sh/chart: tbot-16.4.2
+            helm.sh/chart: tbot-16.4.6
             test-key: test-label-pod
         spec:
           affinity:
@@ -68,7 +68,7 @@ should match the snapshot (full):
               value: "1"
             - name: TEST_ENV
               value: test-value
-            image: public.ecr.aws/gravitational/tbot-distroless:16.4.2
+            image: public.ecr.aws/gravitational/tbot-distroless:16.4.6
             imagePullPolicy: Always
             livenessProbe:
               failureThreshold: 6
@@ -154,7 +154,7 @@ should match the snapshot (simple):
             app.kubernetes.io/instance: RELEASE-NAME
             app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/name: tbot
-            helm.sh/chart: tbot-16.4.2
+            helm.sh/chart: tbot-16.4.6
         spec:
           containers:
           - args:
@@ -176,7 +176,7 @@ should match the snapshot (simple):
                   fieldPath: spec.nodeName
             - name: KUBERNETES_TOKEN_PATH
               value: /var/run/secrets/tokens/join-sa-token
-            image: public.ecr.aws/gravitational/tbot-distroless:16.4.2
+            image: public.ecr.aws/gravitational/tbot-distroless:16.4.6
             imagePullPolicy: IfNotPresent
             livenessProbe:
               failureThreshold: 6
diff --git a/examples/chart/teleport-cluster/Chart.yaml b/examples/chart/teleport-cluster/Chart.yaml
index dbf47fa512b5d..42285ae340b16 100644
--- a/examples/chart/teleport-cluster/Chart.yaml
+++ b/examples/chart/teleport-cluster/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "16.4.2"
+.version: &version "16.4.6"
 
 name: teleport-cluster
 apiVersion: v2
diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
index 9a8db7804f4ec..ebdad0d1d516a 100644
--- a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
+++ b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "16.4.2"
+.version: &version "16.4.6"
 
 name: teleport-operator
 apiVersion: v2
diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_accesslists.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_accesslists.yaml
index f73fc63729992..60c0a57843c12 100644
--- a/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_accesslists.yaml
+++ b/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_accesslists.yaml
@@ -36,7 +36,7 @@ spec:
             description: AccessList resource definition v1 from Teleport
             properties:
               audit:
-                description: audit describes the frequency that this access list must
+                description: audit describes the frequency that this Access List must
                   be audited.
                 nullable: true
                 properties:
@@ -74,16 +74,16 @@ spec:
                 type: object
               description:
                 description: description is an optional plaintext description of the
-                  access list.
+                  Access List.
                 type: string
               grants:
                 description: grants describes the access granted by membership to
-                  this access list.
+                  this Access List.
                 nullable: true
                 properties:
                   roles:
                     description: roles are the roles that are granted to users who
-                      are members of the access list.
+                      are members of the Access List.
                     items:
                       type: string
                     nullable: true
@@ -94,13 +94,13 @@ spec:
                         type: string
                       type: array
                     description: traits are the traits that are granted to users who
-                      are members of the access list.
+                      are members of the Access List.
                     type: object
                 type: object
               membership_requires:
                 description: membership_requires describes the requirements for a
-                  user to be a member of the access list. For a membership to an access
-                  list to be effective, the user must meet the requirements of Membership_requires
+                  user to be a member of the Access List. For a membership to an Access
+                  List to be effective, the user must meet the requirements of Membership_requires
                   and must be in the members list.
                 nullable: true
                 properties:
@@ -122,12 +122,12 @@ spec:
                 type: object
               owner_grants:
                 description: owner_grants describes the access granted by owners to
-                  this access list.
+                  this Access List.
                 nullable: true
                 properties:
                   roles:
                     description: roles are the roles that are granted to users who
-                      are members of the access list.
+                      are members of the Access List.
                     items:
                       type: string
                     nullable: true
@@ -138,11 +138,11 @@ spec:
                         type: string
                       type: array
                     description: traits are the traits that are granted to users who
-                      are members of the access list.
+                      are members of the Access List.
                     type: object
                 type: object
               owners:
-                description: owners is a list of owners of the access list.
+                description: owners is a list of owners of the Access List.
                 items:
                   properties:
                     description:
@@ -161,7 +161,7 @@ spec:
                 type: array
               ownership_requires:
                 description: ownership_requires describes the requirements for a user
-                  to be an owner of the access list. For ownership of an access list
+                  to be an owner of the Access List. For ownership of an Access List
                   to be effective, the user must meet the requirements of ownership_requires
                   and must be in the owners list.
                 nullable: true
@@ -183,8 +183,8 @@ spec:
                     type: object
                 type: object
               title:
-                description: title is a plaintext short description of the access
-                  list.
+                description: title is a plaintext short description of the Access
+                  List.
                 type: string
             type: object
           status:
diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_oidcconnectors.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_oidcconnectors.yaml
index 10bbfed040a54..7175f92697fb5 100644
--- a/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_oidcconnectors.yaml
+++ b/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_oidcconnectors.yaml
@@ -65,7 +65,7 @@ spec:
                 type: array
               client_id:
                 description: ClientID is the id of the authentication client (Teleport
-                  Auth server).
+                  Auth Service).
                 type: string
               client_redirect_settings:
                 description: ClientRedirectSettings defines which client redirect
diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_provisiontokens.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_provisiontokens.yaml
index e5ce0efd65371..e0c410c0cfed7 100644
--- a/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_provisiontokens.yaml
+++ b/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_provisiontokens.yaml
@@ -70,8 +70,8 @@ spec:
                       type: array
                     aws_role:
                       description: AWSRole is used for the EC2 join method and is
-                        the ARN of the AWS role that the auth server will assume in
-                        order to call the ec2 API.
+                        the ARN of the AWS role that the Auth Service will assume
+                        in order to call the ec2 API.
                       type: string
                   type: object
                 nullable: true
@@ -192,7 +192,7 @@ spec:
                       against host.  This value should be the hostname of the GHES
                       instance, and should not include the scheme or a path. The instance
                       must be accessible over HTTPS at this hostname and the certificate
-                      must be trusted by the Auth Server.
+                      must be trusted by the Auth Service.
                     type: string
                   enterprise_slug:
                     description: EnterpriseSlug allows the slug of a GitHub Enterprise
diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_roles.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_roles.yaml
index 222f4e9ac3252..7ab8f4da5929f 100644
--- a/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_roles.yaml
+++ b/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_roles.yaml
@@ -298,7 +298,7 @@ spec:
                             type: string
                           type: array
                         description: Annotations is a collection of annotations to
-                          be programmatically appended to pending access requests
+                          be programmatically appended to pending Access Requests
                           at the time of their creation. These annotations serve as
                           a mechanism to propagate extra information to plugins.  Since
                           these annotations support variable interpolation syntax,
@@ -824,7 +824,7 @@ spec:
                             type: string
                           type: array
                         description: Annotations is a collection of annotations to
-                          be programmatically appended to pending access requests
+                          be programmatically appended to pending Access Requests
                           at the time of their creation. These annotations serve as
                           a mechanism to propagate extra information to plugins.  Since
                           these annotations support variable interpolation syntax,
@@ -1133,8 +1133,7 @@ spec:
                       created on a Windows desktop
                     type: boolean
                   create_host_user:
-                    description: CreateHostUser allows users to be automatically created
-                      on a host
+                    description: 'Deprecated: use CreateHostUserMode instead.'
                     type: boolean
                   create_host_user_default_shell:
                     description: CreateHostUserDefaultShell is used to configure the
@@ -1643,7 +1642,7 @@ spec:
                             type: string
                           type: array
                         description: Annotations is a collection of annotations to
-                          be programmatically appended to pending access requests
+                          be programmatically appended to pending Access Requests
                           at the time of their creation. These annotations serve as
                           a mechanism to propagate extra information to plugins.  Since
                           these annotations support variable interpolation syntax,
@@ -2169,7 +2168,7 @@ spec:
                             type: string
                           type: array
                         description: Annotations is a collection of annotations to
-                          be programmatically appended to pending access requests
+                          be programmatically appended to pending Access Requests
                           at the time of their creation. These annotations serve as
                           a mechanism to propagate extra information to plugins.  Since
                           these annotations support variable interpolation syntax,
@@ -2478,8 +2477,7 @@ spec:
                       created on a Windows desktop
                     type: boolean
                   create_host_user:
-                    description: CreateHostUser allows users to be automatically created
-                      on a host
+                    description: 'Deprecated: use CreateHostUserMode instead.'
                     type: boolean
                   create_host_user_default_shell:
                     description: CreateHostUserDefaultShell is used to configure the
diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_rolesv6.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_rolesv6.yaml
index 44d132767d77f..a0d50c80bec2e 100644
--- a/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_rolesv6.yaml
+++ b/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_rolesv6.yaml
@@ -301,7 +301,7 @@ spec:
                             type: string
                           type: array
                         description: Annotations is a collection of annotations to
-                          be programmatically appended to pending access requests
+                          be programmatically appended to pending Access Requests
                           at the time of their creation. These annotations serve as
                           a mechanism to propagate extra information to plugins.  Since
                           these annotations support variable interpolation syntax,
@@ -827,7 +827,7 @@ spec:
                             type: string
                           type: array
                         description: Annotations is a collection of annotations to
-                          be programmatically appended to pending access requests
+                          be programmatically appended to pending Access Requests
                           at the time of their creation. These annotations serve as
                           a mechanism to propagate extra information to plugins.  Since
                           these annotations support variable interpolation syntax,
@@ -1136,8 +1136,7 @@ spec:
                       created on a Windows desktop
                     type: boolean
                   create_host_user:
-                    description: CreateHostUser allows users to be automatically created
-                      on a host
+                    description: 'Deprecated: use CreateHostUserMode instead.'
                     type: boolean
                   create_host_user_default_shell:
                     description: CreateHostUserDefaultShell is used to configure the
diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_rolesv7.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_rolesv7.yaml
index c9a1131acd073..ebf0a0a486337 100644
--- a/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_rolesv7.yaml
+++ b/examples/chart/teleport-cluster/charts/teleport-operator/operator-crds/resources.teleport.dev_rolesv7.yaml
@@ -301,7 +301,7 @@ spec:
                             type: string
                           type: array
                         description: Annotations is a collection of annotations to
-                          be programmatically appended to pending access requests
+                          be programmatically appended to pending Access Requests
                           at the time of their creation. These annotations serve as
                           a mechanism to propagate extra information to plugins.  Since
                           these annotations support variable interpolation syntax,
@@ -827,7 +827,7 @@ spec:
                             type: string
                           type: array
                         description: Annotations is a collection of annotations to
-                          be programmatically appended to pending access requests
+                          be programmatically appended to pending Access Requests
                           at the time of their creation. These annotations serve as
                           a mechanism to propagate extra information to plugins.  Since
                           these annotations support variable interpolation syntax,
@@ -1136,8 +1136,7 @@ spec:
                       created on a Windows desktop
                     type: boolean
                   create_host_user:
-                    description: CreateHostUser allows users to be automatically created
-                      on a host
+                    description: 'Deprecated: use CreateHostUserMode instead.'
                     type: boolean
                   create_host_user_default_shell:
                     description: CreateHostUserDefaultShell is used to configure the
diff --git a/examples/chart/teleport-cluster/templates/auth/serviceaccount.yaml b/examples/chart/teleport-cluster/templates/auth/serviceaccount.yaml
index 0eb96f032e54c..d060ea83844ff 100644
--- a/examples/chart/teleport-cluster/templates/auth/serviceaccount.yaml
+++ b/examples/chart/teleport-cluster/templates/auth/serviceaccount.yaml
@@ -1,4 +1,5 @@
 {{- $auth := mustMergeOverwrite (mustDeepCopy .Values) .Values.auth -}}
+{{- $projectedServiceAccountToken := semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
 {{- if $auth.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
@@ -19,4 +20,7 @@ metadata:
     azure.workload.identity/client-id: "{{ $auth.azure.clientID }}"
     {{- end }}
   {{- end -}}
+{{- if $projectedServiceAccountToken }}
+automountServiceAccountToken: false
+{{- end }}
 {{- end }}
diff --git a/examples/chart/teleport-cluster/templates/proxy/serviceaccount.yaml b/examples/chart/teleport-cluster/templates/proxy/serviceaccount.yaml
index 7f5ecd8c2d6f4..4e26c23852c91 100644
--- a/examples/chart/teleport-cluster/templates/proxy/serviceaccount.yaml
+++ b/examples/chart/teleport-cluster/templates/proxy/serviceaccount.yaml
@@ -1,4 +1,5 @@
 {{- $proxy := mustMergeOverwrite (mustDeepCopy .Values) .Values.proxy -}}
+{{- $projectedServiceAccountToken := semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
 {{- if $proxy.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
@@ -13,4 +14,7 @@ metadata:
 {{- if $proxy.annotations.serviceAccount }}
   annotations: {{- toYaml $proxy.annotations.serviceAccount | nindent 4 }}
 {{- end -}}
+{{- if $projectedServiceAccountToken }}
+automountServiceAccountToken: false
+{{- end }}
 {{- end }}
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap
index c55902c74d534..a1aff5af64057 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap
@@ -8,8 +8,8 @@ adds operator permissions to ClusterRole:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: teleport-cluster
-        app.kubernetes.io/version: 16.4.2
-        helm.sh/chart: teleport-cluster-16.4.2
+        app.kubernetes.io/version: 16.4.6
+        helm.sh/chart: teleport-cluster-16.4.6
         teleport.dev/majorVersion: "16"
       name: RELEASE-NAME
     rules:
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap
index 0428cc9dc368d..ecf6965c8b3eb 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap
@@ -1848,8 +1848,8 @@ sets clusterDomain on Configmap:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: teleport-cluster
-        app.kubernetes.io/version: 16.4.2
-        helm.sh/chart: teleport-cluster-16.4.2
+        app.kubernetes.io/version: 16.4.6
+        helm.sh/chart: teleport-cluster-16.4.6
         teleport.dev/majorVersion: "16"
       name: RELEASE-NAME-auth
       namespace: NAMESPACE
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
index 57e639e992f82..9d5cb7258d941 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
@@ -8,7 +8,7 @@
     - args:
       - --diag-addr=0.0.0.0:3000
       - --apply-on-startup=/etc/teleport/apply-on-startup.yaml
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -141,7 +141,7 @@ should set nodeSelector when set in values:
     - args:
       - --diag-addr=0.0.0.0:3000
       - --apply-on-startup=/etc/teleport/apply-on-startup.yaml
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -238,7 +238,7 @@ should set resources when set in values:
     - args:
       - --diag-addr=0.0.0.0:3000
       - --apply-on-startup=/etc/teleport/apply-on-startup.yaml
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -324,7 +324,7 @@ should set securityContext when set in values:
     - args:
       - --diag-addr=0.0.0.0:3000
       - --apply-on-startup=/etc/teleport/apply-on-startup.yaml
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap
index 1e465befe35d8..792468bc82e58 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap
@@ -567,8 +567,8 @@ sets clusterDomain on Configmap:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: teleport-cluster
-        app.kubernetes.io/version: 16.4.2
-        helm.sh/chart: teleport-cluster-16.4.2
+        app.kubernetes.io/version: 16.4.6
+        helm.sh/chart: teleport-cluster-16.4.6
         teleport.dev/majorVersion: "16"
       name: RELEASE-NAME-proxy
       namespace: NAMESPACE
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
index 114755809b940..dfcf64330c17a 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
@@ -11,8 +11,8 @@ sets clusterDomain on Deployment Pods:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: teleport-cluster
-        app.kubernetes.io/version: 16.4.2
-        helm.sh/chart: teleport-cluster-16.4.2
+        app.kubernetes.io/version: 16.4.6
+        helm.sh/chart: teleport-cluster-16.4.6
         teleport.dev/majorVersion: "16"
       name: RELEASE-NAME-proxy
       namespace: NAMESPACE
@@ -26,7 +26,7 @@ sets clusterDomain on Deployment Pods:
       template:
         metadata:
           annotations:
-            checksum/config: 97b0dfccaf1b8a9c9b39d86d174bb6e353907655020457199e2f263456dd06e4
+            checksum/config: 87177e0131f696376c17d797df17be252ebdc247a7f84bb05b7a5680ebcd205c
             kubernetes.io/pod: test-annotation
             kubernetes.io/pod-different: 4
           labels:
@@ -34,8 +34,8 @@ sets clusterDomain on Deployment Pods:
             app.kubernetes.io/instance: RELEASE-NAME
             app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/name: teleport-cluster
-            app.kubernetes.io/version: 16.4.2
-            helm.sh/chart: teleport-cluster-16.4.2
+            app.kubernetes.io/version: 16.4.6
+            helm.sh/chart: teleport-cluster-16.4.6
             teleport.dev/majorVersion: "16"
         spec:
           affinity:
@@ -44,7 +44,7 @@ sets clusterDomain on Deployment Pods:
           containers:
           - args:
             - --diag-addr=0.0.0.0:3000
-            image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+            image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
             imagePullPolicy: IfNotPresent
             lifecycle:
               preStop:
@@ -105,7 +105,7 @@ sets clusterDomain on Deployment Pods:
             - wait
             - no-resolve
             - RELEASE-NAME-auth-v15.NAMESPACE.svc.test.com
-            image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+            image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
             name: wait-auth-update
           serviceAccountName: RELEASE-NAME-proxy
           terminationGracePeriodSeconds: 60
@@ -137,7 +137,7 @@ should provision initContainer correctly when set in values:
       - wait
       - no-resolve
       - RELEASE-NAME-auth-v15.NAMESPACE.svc.cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       name: wait-auth-update
       resources:
         limits:
@@ -201,7 +201,7 @@ should set nodeSelector when set in values:
     containers:
     - args:
       - --diag-addr=0.0.0.0:3000
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -262,7 +262,7 @@ should set nodeSelector when set in values:
       - wait
       - no-resolve
       - RELEASE-NAME-auth-v15.NAMESPACE.svc.cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       name: wait-auth-update
     nodeSelector:
       environment: security
@@ -313,7 +313,7 @@ should set resources for wait-auth-update initContainer when set in values:
     containers:
     - args:
       - --diag-addr=0.0.0.0:3000
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -381,7 +381,7 @@ should set resources for wait-auth-update initContainer when set in values:
       - wait
       - no-resolve
       - RELEASE-NAME-auth-v15.NAMESPACE.svc.cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       name: wait-auth-update
       resources:
         limits:
@@ -421,7 +421,7 @@ should set resources when set in values:
     containers:
     - args:
       - --diag-addr=0.0.0.0:3000
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -489,7 +489,7 @@ should set resources when set in values:
       - wait
       - no-resolve
       - RELEASE-NAME-auth-v15.NAMESPACE.svc.cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       name: wait-auth-update
       resources:
         limits:
@@ -529,7 +529,7 @@ should set securityContext for initContainers when set in values:
     containers:
     - args:
       - --diag-addr=0.0.0.0:3000
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -597,7 +597,7 @@ should set securityContext for initContainers when set in values:
       - wait
       - no-resolve
       - RELEASE-NAME-auth-v15.NAMESPACE.svc.cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       name: wait-auth-update
       securityContext:
         allowPrivilegeEscalation: false
@@ -637,7 +637,7 @@ should set securityContext when set in values:
     containers:
     - args:
       - --diag-addr=0.0.0.0:3000
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -705,7 +705,7 @@ should set securityContext when set in values:
       - wait
       - no-resolve
       - RELEASE-NAME-auth-v15.NAMESPACE.svc.cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       name: wait-auth-update
       securityContext:
         allowPrivilegeEscalation: false
diff --git a/examples/chart/teleport-cluster/tests/auth_serviceaccount_test.yaml b/examples/chart/teleport-cluster/tests/auth_serviceaccount_test.yaml
index 49e279933a97b..2165131bac9f4 100644
--- a/examples/chart/teleport-cluster/tests/auth_serviceaccount_test.yaml
+++ b/examples/chart/teleport-cluster/tests/auth_serviceaccount_test.yaml
@@ -50,3 +50,25 @@ tests:
       - equal:
           path: metadata.labels.baz
           value: overridden
+
+  - it: does not set automountServiceAccountToken if cluster version is <1.20
+    set:
+      clusterName: helm-lint
+    capabilities:
+      majorVersion: 1
+      minorVersion: 18
+    asserts:
+      - notEqual:
+          path: automountServiceAccountToken
+          value: false
+
+  - it: sets automountServiceAccountToken to false if cluster version is >=1.20
+    set:
+      clusterName: helm-lint
+    capabilities:
+      majorVersion: 1
+      minorVersion: 20
+    asserts:
+      - equal:
+          path: automountServiceAccountToken
+          value: false
diff --git a/examples/chart/teleport-cluster/tests/proxy_serviceaccount_test.yaml b/examples/chart/teleport-cluster/tests/proxy_serviceaccount_test.yaml
index 70198bd939021..fe3dee41bbc00 100644
--- a/examples/chart/teleport-cluster/tests/proxy_serviceaccount_test.yaml
+++ b/examples/chart/teleport-cluster/tests/proxy_serviceaccount_test.yaml
@@ -40,3 +40,25 @@ tests:
       - equal:
           path: metadata.labels.baz
           value: overridden
+
+  - it: does not set automountServiceAccountToken if cluster version is <1.20
+    set:
+      clusterName: helm-lint
+    capabilities:
+      majorVersion: 1
+      minorVersion: 18
+    asserts:
+      - notEqual:
+          path: automountServiceAccountToken
+          value: false
+
+  - it: sets automountServiceAccountToken to false if cluster version is >=1.20
+    set:
+      clusterName: helm-lint
+    capabilities:
+      majorVersion: 1
+      minorVersion: 20
+    asserts:
+      - equal:
+          path: automountServiceAccountToken
+          value: false
diff --git a/examples/chart/teleport-kube-agent/Chart.yaml b/examples/chart/teleport-kube-agent/Chart.yaml
index 151f6cf7a4ad6..dfde28b61027a 100644
--- a/examples/chart/teleport-kube-agent/Chart.yaml
+++ b/examples/chart/teleport-kube-agent/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "16.4.2"
+.version: &version "16.4.6"
 
 name: teleport-kube-agent
 apiVersion: v2
diff --git a/examples/chart/teleport-kube-agent/templates/delete_hook.yaml b/examples/chart/teleport-kube-agent/templates/delete_hook.yaml
index f0a4b2edf6b06..3cf584a323896 100644
--- a/examples/chart/teleport-kube-agent/templates/delete_hook.yaml
+++ b/examples/chart/teleport-kube-agent/templates/delete_hook.yaml
@@ -118,3 +118,6 @@ spec:
         {{- if .Values.securityContext }}
         securityContext: {{- toYaml .Values.securityContext | nindent 10 }}
         {{- end }}
+        {{- if .Values.resources }}
+        resources: {{- toYaml .Values.resources | nindent 10 }}
+        {{- end }}
diff --git a/examples/chart/teleport-kube-agent/templates/hook.yaml b/examples/chart/teleport-kube-agent/templates/hook.yaml
index 3a2f13e98e8f1..efd5124511dab 100644
--- a/examples/chart/teleport-kube-agent/templates/hook.yaml
+++ b/examples/chart/teleport-kube-agent/templates/hook.yaml
@@ -103,4 +103,7 @@ spec:
         {{- if .Values.securityContext }}
         securityContext: {{- toYaml .Values.securityContext | nindent 10 }}
         {{- end }}
+        {{- if .Values.resources }}
+        resources: {{- toYaml .Values.resources | nindent 10 }}
+        {{- end }}
 {{- end}}
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
index 036da91ae15f6..f5e31039e76c1 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
@@ -32,7 +32,7 @@ sets Deployment annotations when specified if action is Upgrade:
               value: "true"
             - name: TELEPORT_KUBE_CLUSTER_DOMAIN
               value: cluster.local
-            image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+            image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
             imagePullPolicy: IfNotPresent
             livenessProbe:
               failureThreshold: 6
@@ -109,7 +109,7 @@ sets Deployment labels when specified if action is Upgrade:
             value: "true"
           - name: TELEPORT_KUBE_CLUSTER_DOMAIN
             value: cluster.local
-          image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+          image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
           imagePullPolicy: IfNotPresent
           livenessProbe:
             failureThreshold: 6
@@ -173,7 +173,7 @@ sets Pod annotations when specified if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -237,7 +237,7 @@ sets Pod labels when specified if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -322,7 +322,7 @@ should add emptyDir for data when existingDataVolume is not set if action is Upg
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -387,7 +387,7 @@ should add insecureSkipProxyTLSVerify to args when set in values if action is Up
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -451,7 +451,7 @@ should correctly configure existingDataVolume when set if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -513,7 +513,7 @@ should expose diag port if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -589,7 +589,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -665,7 +665,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -729,7 +729,7 @@ should have one replica when replicaCount is not set if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -793,7 +793,7 @@ should mount extraVolumes and extraVolumeMounts if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -862,7 +862,7 @@ should mount jamfCredentialsSecret if it already exists and when role is jamf an
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -932,7 +932,7 @@ should mount jamfCredentialsSecret.name when role is jamf and action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1004,7 +1004,7 @@ should mount tls.existingCASecretName and set environment when set in values if
         value: cluster.local
       - name: SSL_CERT_FILE
         value: /etc/teleport-tls-ca/ca.pem
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1078,7 +1078,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu
         value: http://username:password@my.proxy.host:3128
       - name: SSL_CERT_FILE
         value: /etc/teleport-tls-ca/ca.pem
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1148,7 +1148,7 @@ should provision initContainer correctly when set in values if action is Upgrade
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1270,7 +1270,7 @@ should set affinity when set in values if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1334,7 +1334,7 @@ should set default serviceAccountName when not set in values if action is Upgrad
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1411,7 +1411,7 @@ should set environment when extraEnv set in values if action is Upgrade:
         value: cluster.local
       - name: HTTPS_PROXY
         value: http://username:password@my.proxy.host:3128
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1539,7 +1539,7 @@ should set imagePullPolicy when set in values if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: Always
       livenessProbe:
         failureThreshold: 6
@@ -1603,7 +1603,7 @@ should set nodeSelector if set in values if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1669,7 +1669,7 @@ should set not set priorityClassName when not set in values if action is Upgrade
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1745,7 +1745,7 @@ should set preferred affinity when more than one replica is used if action is Up
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1809,7 +1809,7 @@ should set priorityClassName when set in values if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1874,7 +1874,7 @@ should set probeTimeoutSeconds when set in values if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1948,7 +1948,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set if
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2012,7 +2012,7 @@ should set resources when set in values if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2083,7 +2083,7 @@ should set serviceAccountName when set in values if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2147,7 +2147,7 @@ should set tolerations when set in values if action is Upgrade:
         value: "true"
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
index d573f1c5dd79b..42fcb3b5daff5 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
@@ -25,7 +25,7 @@ should create ServiceAccount for post-delete hook by default:
             fieldPath: metadata.namespace
       - name: RELEASE_NAME
         value: RELEASE-NAME
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       name: post-delete-job
       securityContext:
@@ -108,7 +108,7 @@ should not create ServiceAccount for post-delete hook if serviceAccount.create i
                   fieldPath: metadata.namespace
             - name: RELEASE_NAME
               value: RELEASE-NAME
-            image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+            image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
             imagePullPolicy: IfNotPresent
             name: post-delete-job
             securityContext:
@@ -138,7 +138,7 @@ should not create ServiceAccount, Role or RoleBinding for post-delete hook if se
             fieldPath: metadata.namespace
       - name: RELEASE_NAME
         value: RELEASE-NAME
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       name: post-delete-job
       securityContext:
@@ -168,7 +168,7 @@ should set nodeSelector in post-delete hook:
             fieldPath: metadata.namespace
       - name: RELEASE_NAME
         value: RELEASE-NAME
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       name: post-delete-job
       securityContext:
@@ -185,3 +185,40 @@ should set nodeSelector in post-delete hook:
       gravitational.io/k8s-role: node
     restartPolicy: OnFailure
     serviceAccountName: RELEASE-NAME-delete-hook
+should set resources in the Job's pod spec if resources is set in values:
+  1: |
+    containers:
+    - args:
+      - kube-state
+      - delete
+      command:
+      - teleport
+      env:
+      - name: KUBE_NAMESPACE
+        valueFrom:
+          fieldRef:
+            fieldPath: metadata.namespace
+      - name: RELEASE_NAME
+        value: RELEASE-NAME
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
+      imagePullPolicy: IfNotPresent
+      name: post-delete-job
+      resources:
+        limits:
+          cpu: 2
+          memory: 4Gi
+        requests:
+          cpu: 1
+          memory: 2Gi
+      securityContext:
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+          - ALL
+        readOnlyRootFilesystem: true
+        runAsNonRoot: true
+        runAsUser: 9807
+        seccompProfile:
+          type: RuntimeDefault
+    restartPolicy: OnFailure
+    serviceAccountName: RELEASE-NAME-delete-hook
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
index 48563fef64647..dc8114993ae9e 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
@@ -18,7 +18,7 @@ sets Pod annotations when specified:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -90,7 +90,7 @@ sets Pod labels when specified:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -186,7 +186,7 @@ sets StatefulSet labels when specified:
               value: RELEASE-NAME
             - name: TELEPORT_KUBE_CLUSTER_DOMAIN
               value: cluster.local
-            image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+            image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
             imagePullPolicy: IfNotPresent
             livenessProbe:
               failureThreshold: 6
@@ -290,7 +290,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -362,7 +362,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and action
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -454,7 +454,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and is Fre
               value: RELEASE-NAME
             - name: TELEPORT_KUBE_CLUSTER_DOMAIN
               value: cluster.local
-            image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+            image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
             imagePullPolicy: IfNotPresent
             livenessProbe:
               failureThreshold: 6
@@ -536,7 +536,7 @@ should add volumeMount for data volume when using StatefulSet:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -608,7 +608,7 @@ should expose diag port:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -680,7 +680,7 @@ should generate Statefulset when storage is disabled and mode is a Upgrade:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -766,7 +766,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -850,7 +850,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -922,7 +922,7 @@ should have one replica when replicaCount is not set:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -994,7 +994,7 @@ should install Statefulset when storage is disabled and mode is a Fresh Install:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1068,7 +1068,7 @@ should mount extraVolumes and extraVolumeMounts:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1145,7 +1145,7 @@ should mount jamfCredentialsSecret if it already exists and when role is jamf:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1225,7 +1225,7 @@ should mount jamfCredentialsSecret.name when role is jamf:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1307,7 +1307,7 @@ should mount tls.existingCASecretName and set environment when set in values:
         value: cluster.local
       - name: SSL_CERT_FILE
         value: /etc/teleport-tls-ca/ca.pem
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1391,7 +1391,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu
         value: /etc/teleport-tls-ca/ca.pem
       - name: HTTPS_PROXY
         value: http://username:password@my.proxy.host:3128
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1471,7 +1471,7 @@ should not add emptyDir for data when using StatefulSet:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1543,7 +1543,7 @@ should provision initContainer correctly when set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1673,7 +1673,7 @@ should set affinity when set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1745,7 +1745,7 @@ should set default serviceAccountName when not set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1830,7 +1830,7 @@ should set environment when extraEnv set in values:
         value: cluster.local
       - name: HTTPS_PROXY
         value: http://username:password@my.proxy.host:3128
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -1974,7 +1974,7 @@ should set imagePullPolicy when set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: Always
       livenessProbe:
         failureThreshold: 6
@@ -2046,7 +2046,7 @@ should set nodeSelector if set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2132,7 +2132,7 @@ should set preferred affinity when more than one replica is used:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2204,7 +2204,7 @@ should set probeTimeoutSeconds when set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2286,7 +2286,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2358,7 +2358,7 @@ should set resources when set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2437,7 +2437,7 @@ should set serviceAccountName when set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2509,7 +2509,7 @@ should set storage.requests when set in values and action is an Upgrade:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2581,7 +2581,7 @@ should set storage.storageClassName when set in values and action is an Upgrade:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -2653,7 +2653,7 @@ should set tolerations when set in values:
         value: RELEASE-NAME
       - name: TELEPORT_KUBE_CLUSTER_DOMAIN
         value: cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:16.4.2
+      image: public.ecr.aws/gravitational/teleport-distroless:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
index e680ed1466e19..6dcc564ba4623 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
@@ -27,7 +27,7 @@ sets the affinity:
       - --base-image=public.ecr.aws/gravitational/teleport-distroless
       - --version-server=https://my-custom-version-server/v1
       - --version-channel=custom/preview
-      image: public.ecr.aws/gravitational/teleport-kube-agent-updater:16.4.2
+      image: public.ecr.aws/gravitational/teleport-kube-agent-updater:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
@@ -73,7 +73,7 @@ sets the tolerations:
       - --base-image=public.ecr.aws/gravitational/teleport-distroless
       - --version-server=https://my-custom-version-server/v1
       - --version-channel=custom/preview
-      image: public.ecr.aws/gravitational/teleport-kube-agent-updater:16.4.2
+      image: public.ecr.aws/gravitational/teleport-kube-agent-updater:16.4.6
       imagePullPolicy: IfNotPresent
       livenessProbe:
         failureThreshold: 6
diff --git a/examples/chart/teleport-kube-agent/tests/job_test.yaml b/examples/chart/teleport-kube-agent/tests/job_test.yaml
index f694e0644bb8f..843e06898f8f5 100644
--- a/examples/chart/teleport-kube-agent/tests/job_test.yaml
+++ b/examples/chart/teleport-kube-agent/tests/job_test.yaml
@@ -268,4 +268,35 @@ tests:
           value:
             app: RELEASE-NAME
             testLabel: testValue
-    
+
+  - it: should set resources in the Job's pod spec if resources is set in values
+    template: delete_hook.yaml
+    # documentIndex: 0=ServiceAccount 1=Role 2=RoleBinding 3=Job
+    documentIndex: 3
+    values:
+      - ../.lint/backwards-compatibility.yaml
+    set:
+      # These are just sample values to test the chart.
+      # They are not intended to be guidelines or suggestions for running teleport.
+      resources:
+        limits:
+          cpu: 2
+          memory: 4Gi
+        requests:
+          cpu: 1
+          memory: 2Gi
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].resources.limits.cpu
+          value: 2
+      - equal:
+          path: spec.template.spec.containers[0].resources.limits.memory
+          value: 4Gi
+      - equal:
+          path: spec.template.spec.containers[0].resources.requests.cpu
+          value: 1
+      - equal:
+          path: spec.template.spec.containers[0].resources.requests.memory
+          value: 2Gi
+      - matchSnapshot:
+          path: spec.template.spec
diff --git a/gen/proto/go/prehog/v1alpha/teleport.pb.go b/gen/proto/go/prehog/v1alpha/teleport.pb.go
index 81c50940aa947..8efb50e205aae 100644
--- a/gen/proto/go/prehog/v1alpha/teleport.pb.go
+++ b/gen/proto/go/prehog/v1alpha/teleport.pb.go
@@ -431,6 +431,7 @@ const (
 	CTA_CTA_EXTERNAL_AUDIT_STORAGE CTA = 10
 	CTA_CTA_OKTA_USER_SYNC         CTA = 11
 	CTA_CTA_ENTRA_ID               CTA = 12
+	CTA_CTA_OKTA_SCIM              CTA = 13
 )
 
 // Enum value maps for CTA.
@@ -449,6 +450,7 @@ var (
 		10: "CTA_EXTERNAL_AUDIT_STORAGE",
 		11: "CTA_OKTA_USER_SYNC",
 		12: "CTA_ENTRA_ID",
+		13: "CTA_OKTA_SCIM",
 	}
 	CTA_value = map[string]int32{
 		"CTA_UNSPECIFIED":            0,
@@ -464,6 +466,7 @@ var (
 		"CTA_EXTERNAL_AUDIT_STORAGE": 10,
 		"CTA_OKTA_USER_SYNC":         11,
 		"CTA_ENTRA_ID":               12,
+		"CTA_OKTA_SCIM":              13,
 	}
 )
 
@@ -524,6 +527,7 @@ const (
 	IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_MACHINE_ID_KUBERNETES       IntegrationEnrollKind = 22
 	IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_ENTRA_ID                    IntegrationEnrollKind = 23
 	IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_DATADOG_INCIDENT_MANAGEMENT IntegrationEnrollKind = 24
+	IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_SERVICENOW                  IntegrationEnrollKind = 25
 )
 
 // Enum value maps for IntegrationEnrollKind.
@@ -554,6 +558,7 @@ var (
 		22: "INTEGRATION_ENROLL_KIND_MACHINE_ID_KUBERNETES",
 		23: "INTEGRATION_ENROLL_KIND_ENTRA_ID",
 		24: "INTEGRATION_ENROLL_KIND_DATADOG_INCIDENT_MANAGEMENT",
+		25: "INTEGRATION_ENROLL_KIND_SERVICENOW",
 	}
 	IntegrationEnrollKind_value = map[string]int32{
 		"INTEGRATION_ENROLL_KIND_UNSPECIFIED":                 0,
@@ -581,6 +586,7 @@ var (
 		"INTEGRATION_ENROLL_KIND_MACHINE_ID_KUBERNETES":       22,
 		"INTEGRATION_ENROLL_KIND_ENTRA_ID":                    23,
 		"INTEGRATION_ENROLL_KIND_DATADOG_INCIDENT_MANAGEMENT": 24,
+		"INTEGRATION_ENROLL_KIND_SERVICENOW":                  25,
 	}
 )
 
@@ -7507,6 +7513,179 @@ func (x *DatabaseUserPermissionsUpdateEvent) GetNumTablesPermissions() int32 {
 	return 0
 }
 
+// SessionRecordingAccessEvent is emitted when the user accesses a session
+// recording.
+//
+// PostHog event: tp.recording.access
+type SessionRecordingAccessEvent struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// session_type is type of the session, should be
+	// "ssh"/"k8s"/"db"/"app"/"desktop" (matching the values for
+	// api/types.SessionKind).
+	//
+	// PostHog property: tp.session_type
+	SessionType string `protobuf:"bytes,1,opt,name=session_type,json=sessionType,proto3" json:"session_type,omitempty"`
+	// user_name is the anonymized Teleport username, 32 bytes (HMAC-SHA-256)
+	// encoded in base64.
+	//
+	// PostHog property: tp.user_name
+	UserName string `protobuf:"bytes,2,opt,name=user_name,json=userName,proto3" json:"user_name,omitempty"`
+	// format is the format the session recording was accessed.
+	// One of text/json/yaml/pty. pty being the interactive session player.
+	//
+	// PostHog property: tp.recording.format
+	Format string `protobuf:"bytes,3,opt,name=format,proto3" json:"format,omitempty"`
+}
+
+func (x *SessionRecordingAccessEvent) Reset() {
+	*x = SessionRecordingAccessEvent{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_prehog_v1alpha_teleport_proto_msgTypes[96]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SessionRecordingAccessEvent) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionRecordingAccessEvent) ProtoMessage() {}
+
+func (x *SessionRecordingAccessEvent) ProtoReflect() protoreflect.Message {
+	mi := &file_prehog_v1alpha_teleport_proto_msgTypes[96]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionRecordingAccessEvent.ProtoReflect.Descriptor instead.
+func (*SessionRecordingAccessEvent) Descriptor() ([]byte, []int) {
+	return file_prehog_v1alpha_teleport_proto_rawDescGZIP(), []int{96}
+}
+
+func (x *SessionRecordingAccessEvent) GetSessionType() string {
+	if x != nil {
+		return x.SessionType
+	}
+	return ""
+}
+
+func (x *SessionRecordingAccessEvent) GetUserName() string {
+	if x != nil {
+		return x.UserName
+	}
+	return ""
+}
+
+func (x *SessionRecordingAccessEvent) GetFormat() string {
+	if x != nil {
+		return x.Format
+	}
+	return ""
+}
+
+// UserTaskStateEvent is emitted when a UserTask state changes.
+// This can happen when the Task is created, when it's manually
+// resolved by the user or when it changes back to being open
+// when the issue happens again.
+//
+// PostHog event: tp.usertask.state
+type UserTaskStateEvent struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// task_type is the identifier for the type of task.
+	// Eg, discover-ec2
+	//
+	// PostHog property: tp.usertask.task_type
+	TaskType string `protobuf:"bytes,1,opt,name=task_type,json=taskType,proto3" json:"task_type,omitempty"`
+	// issue_type is the identifier for the type of issue that occurred.
+	//
+	// PostHog property: tp.usertask.issue_type
+	IssueType string `protobuf:"bytes,2,opt,name=issue_type,json=issueType,proto3" json:"issue_type,omitempty"`
+	// state identifies the new state for this task.
+	// One of: OPEN, RESOLVED
+	//
+	// PostHog property: tp.usertask.state
+	State string `protobuf:"bytes,3,opt,name=state,proto3" json:"state,omitempty"`
+	// instances_count contains the number of instances that were affected by the issue
+	// This field is only present for the following task_types:
+	// - discover-ec2
+	//
+	// PostHog property: tp.usertask.discover_ec2.instances_count
+	InstancesCount int32 `protobuf:"varint,4,opt,name=instances_count,json=instancesCount,proto3" json:"instances_count,omitempty"`
+}
+
+func (x *UserTaskStateEvent) Reset() {
+	*x = UserTaskStateEvent{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_prehog_v1alpha_teleport_proto_msgTypes[97]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UserTaskStateEvent) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UserTaskStateEvent) ProtoMessage() {}
+
+func (x *UserTaskStateEvent) ProtoReflect() protoreflect.Message {
+	mi := &file_prehog_v1alpha_teleport_proto_msgTypes[97]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UserTaskStateEvent.ProtoReflect.Descriptor instead.
+func (*UserTaskStateEvent) Descriptor() ([]byte, []int) {
+	return file_prehog_v1alpha_teleport_proto_rawDescGZIP(), []int{97}
+}
+
+func (x *UserTaskStateEvent) GetTaskType() string {
+	if x != nil {
+		return x.TaskType
+	}
+	return ""
+}
+
+func (x *UserTaskStateEvent) GetIssueType() string {
+	if x != nil {
+		return x.IssueType
+	}
+	return ""
+}
+
+func (x *UserTaskStateEvent) GetState() string {
+	if x != nil {
+		return x.State
+	}
+	return ""
+}
+
+func (x *UserTaskStateEvent) GetInstancesCount() int32 {
+	if x != nil {
+		return x.InstancesCount
+	}
+	return 0
+}
+
 type SubmitEventRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -7613,13 +7792,15 @@ type SubmitEventRequest struct {
 	//	*SubmitEventRequest_AccessGraphAccessPathChanged
 	//	*SubmitEventRequest_AccessGraphCrownJewelCreate
 	//	*SubmitEventRequest_UiAccessGraphCrownJewelDiffView
+	//	*SubmitEventRequest_SessionRecordingAccess
+	//	*SubmitEventRequest_UserTaskState
 	Event isSubmitEventRequest_Event `protobuf_oneof:"event"`
 }
 
 func (x *SubmitEventRequest) Reset() {
 	*x = SubmitEventRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_prehog_v1alpha_teleport_proto_msgTypes[96]
+		mi := &file_prehog_v1alpha_teleport_proto_msgTypes[98]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -7632,7 +7813,7 @@ func (x *SubmitEventRequest) String() string {
 func (*SubmitEventRequest) ProtoMessage() {}
 
 func (x *SubmitEventRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_prehog_v1alpha_teleport_proto_msgTypes[96]
+	mi := &file_prehog_v1alpha_teleport_proto_msgTypes[98]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -7645,7 +7826,7 @@ func (x *SubmitEventRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SubmitEventRequest.ProtoReflect.Descriptor instead.
 func (*SubmitEventRequest) Descriptor() ([]byte, []int) {
-	return file_prehog_v1alpha_teleport_proto_rawDescGZIP(), []int{96}
+	return file_prehog_v1alpha_teleport_proto_rawDescGZIP(), []int{98}
 }
 
 func (x *SubmitEventRequest) GetClusterName() string {
@@ -8292,6 +8473,20 @@ func (x *SubmitEventRequest) GetUiAccessGraphCrownJewelDiffView() *UIAccessGraph
 	return nil
 }
 
+func (x *SubmitEventRequest) GetSessionRecordingAccess() *SessionRecordingAccessEvent {
+	if x, ok := x.GetEvent().(*SubmitEventRequest_SessionRecordingAccess); ok {
+		return x.SessionRecordingAccess
+	}
+	return nil
+}
+
+func (x *SubmitEventRequest) GetUserTaskState() *UserTaskStateEvent {
+	if x, ok := x.GetEvent().(*SubmitEventRequest_UserTaskState); ok {
+		return x.UserTaskState
+	}
+	return nil
+}
+
 type isSubmitEventRequest_Event interface {
 	isSubmitEventRequest_Event()
 }
@@ -8657,6 +8852,14 @@ type SubmitEventRequest_UiAccessGraphCrownJewelDiffView struct {
 	UiAccessGraphCrownJewelDiffView *UIAccessGraphCrownJewelDiffViewEvent `protobuf:"bytes,92,opt,name=ui_access_graph_crown_jewel_diff_view,json=uiAccessGraphCrownJewelDiffView,proto3,oneof"`
 }
 
+type SubmitEventRequest_SessionRecordingAccess struct {
+	SessionRecordingAccess *SessionRecordingAccessEvent `protobuf:"bytes,93,opt,name=session_recording_access,json=sessionRecordingAccess,proto3,oneof"`
+}
+
+type SubmitEventRequest_UserTaskState struct {
+	UserTaskState *UserTaskStateEvent `protobuf:"bytes,94,opt,name=user_task_state,json=userTaskState,proto3,oneof"`
+}
+
 func (*SubmitEventRequest_UserLogin) isSubmitEventRequest_Event() {}
 
 func (*SubmitEventRequest_SsoCreate) isSubmitEventRequest_Event() {}
@@ -8837,6 +9040,10 @@ func (*SubmitEventRequest_AccessGraphCrownJewelCreate) isSubmitEventRequest_Even
 
 func (*SubmitEventRequest_UiAccessGraphCrownJewelDiffView) isSubmitEventRequest_Event() {}
 
+func (*SubmitEventRequest_SessionRecordingAccess) isSubmitEventRequest_Event() {}
+
+func (*SubmitEventRequest_UserTaskState) isSubmitEventRequest_Event() {}
+
 type SubmitEventResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -8846,7 +9053,7 @@ type SubmitEventResponse struct {
 func (x *SubmitEventResponse) Reset() {
 	*x = SubmitEventResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_prehog_v1alpha_teleport_proto_msgTypes[97]
+		mi := &file_prehog_v1alpha_teleport_proto_msgTypes[99]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -8859,7 +9066,7 @@ func (x *SubmitEventResponse) String() string {
 func (*SubmitEventResponse) ProtoMessage() {}
 
 func (x *SubmitEventResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_prehog_v1alpha_teleport_proto_msgTypes[97]
+	mi := &file_prehog_v1alpha_teleport_proto_msgTypes[99]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -8872,7 +9079,7 @@ func (x *SubmitEventResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SubmitEventResponse.ProtoReflect.Descriptor instead.
 func (*SubmitEventResponse) Descriptor() ([]byte, []int) {
-	return file_prehog_v1alpha_teleport_proto_rawDescGZIP(), []int{97}
+	return file_prehog_v1alpha_teleport_proto_rawDescGZIP(), []int{99}
 }
 
 type SubmitEventsRequest struct {
@@ -8887,7 +9094,7 @@ type SubmitEventsRequest struct {
 func (x *SubmitEventsRequest) Reset() {
 	*x = SubmitEventsRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_prehog_v1alpha_teleport_proto_msgTypes[98]
+		mi := &file_prehog_v1alpha_teleport_proto_msgTypes[100]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -8900,7 +9107,7 @@ func (x *SubmitEventsRequest) String() string {
 func (*SubmitEventsRequest) ProtoMessage() {}
 
 func (x *SubmitEventsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_prehog_v1alpha_teleport_proto_msgTypes[98]
+	mi := &file_prehog_v1alpha_teleport_proto_msgTypes[100]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -8913,7 +9120,7 @@ func (x *SubmitEventsRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SubmitEventsRequest.ProtoReflect.Descriptor instead.
 func (*SubmitEventsRequest) Descriptor() ([]byte, []int) {
-	return file_prehog_v1alpha_teleport_proto_rawDescGZIP(), []int{98}
+	return file_prehog_v1alpha_teleport_proto_rawDescGZIP(), []int{100}
 }
 
 func (x *SubmitEventsRequest) GetEvents() []*SubmitEventRequest {
@@ -8932,7 +9139,7 @@ type SubmitEventsResponse struct {
 func (x *SubmitEventsResponse) Reset() {
 	*x = SubmitEventsResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_prehog_v1alpha_teleport_proto_msgTypes[99]
+		mi := &file_prehog_v1alpha_teleport_proto_msgTypes[101]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -8945,7 +9152,7 @@ func (x *SubmitEventsResponse) String() string {
 func (*SubmitEventsResponse) ProtoMessage() {}
 
 func (x *SubmitEventsResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_prehog_v1alpha_teleport_proto_msgTypes[99]
+	mi := &file_prehog_v1alpha_teleport_proto_msgTypes[101]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -8958,7 +9165,7 @@ func (x *SubmitEventsResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SubmitEventsResponse.ProtoReflect.Descriptor instead.
 func (*SubmitEventsResponse) Descriptor() ([]byte, []int) {
-	return file_prehog_v1alpha_teleport_proto_rawDescGZIP(), []int{99}
+	return file_prehog_v1alpha_teleport_proto_rawDescGZIP(), []int{101}
 }
 
 type HelloTeleportRequest struct {
@@ -8970,7 +9177,7 @@ type HelloTeleportRequest struct {
 func (x *HelloTeleportRequest) Reset() {
 	*x = HelloTeleportRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_prehog_v1alpha_teleport_proto_msgTypes[100]
+		mi := &file_prehog_v1alpha_teleport_proto_msgTypes[102]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -8983,7 +9190,7 @@ func (x *HelloTeleportRequest) String() string {
 func (*HelloTeleportRequest) ProtoMessage() {}
 
 func (x *HelloTeleportRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_prehog_v1alpha_teleport_proto_msgTypes[100]
+	mi := &file_prehog_v1alpha_teleport_proto_msgTypes[102]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -8996,7 +9203,7 @@ func (x *HelloTeleportRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HelloTeleportRequest.ProtoReflect.Descriptor instead.
 func (*HelloTeleportRequest) Descriptor() ([]byte, []int) {
-	return file_prehog_v1alpha_teleport_proto_rawDescGZIP(), []int{100}
+	return file_prehog_v1alpha_teleport_proto_rawDescGZIP(), []int{102}
 }
 
 type HelloTeleportResponse struct {
@@ -9008,7 +9215,7 @@ type HelloTeleportResponse struct {
 func (x *HelloTeleportResponse) Reset() {
 	*x = HelloTeleportResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_prehog_v1alpha_teleport_proto_msgTypes[101]
+		mi := &file_prehog_v1alpha_teleport_proto_msgTypes[103]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -9021,7 +9228,7 @@ func (x *HelloTeleportResponse) String() string {
 func (*HelloTeleportResponse) ProtoMessage() {}
 
 func (x *HelloTeleportResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_prehog_v1alpha_teleport_proto_msgTypes[101]
+	mi := &file_prehog_v1alpha_teleport_proto_msgTypes[103]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -9034,7 +9241,7 @@ func (x *HelloTeleportResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HelloTeleportResponse.ProtoReflect.Descriptor instead.
 func (*HelloTeleportResponse) Descriptor() ([]byte, []int) {
-	return file_prehog_v1alpha_teleport_proto_rawDescGZIP(), []int{101}
+	return file_prehog_v1alpha_teleport_proto_rawDescGZIP(), []int{103}
 }
 
 var File_prehog_v1alpha_teleport_proto protoreflect.FileDescriptor
@@ -10050,625 +10257,653 @@ var file_prehog_v1alpha_teleport_proto_rawDesc = []byte{
 	0x16, 0x6e, 0x75, 0x6d, 0x5f, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x73, 0x5f, 0x70, 0x65, 0x72, 0x6d,
 	0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x14, 0x6e,
 	0x75, 0x6d, 0x54, 0x61, 0x62, 0x6c, 0x65, 0x73, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69,
-	0x6f, 0x6e, 0x73, 0x22, 0xcd, 0x4d, 0x0a, 0x12, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x45, 0x76,
-	0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x6c,
-	0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0b, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x38, 0x0a,
-	0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69,
-	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x3f, 0x0a, 0x0a, 0x75, 0x73, 0x65, 0x72, 0x5f,
-	0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x70, 0x72,
-	0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x73, 0x65,
-	0x72, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x09, 0x75,
-	0x73, 0x65, 0x72, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x3f, 0x0a, 0x0a, 0x73, 0x73, 0x6f, 0x5f,
-	0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x70,
-	0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x53, 0x53,
-	0x4f, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x09,
-	0x73, 0x73, 0x6f, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x4e, 0x0a, 0x0f, 0x72, 0x65, 0x73,
-	0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x23, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x72, 0x65, 0x61,
-	0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x0e, 0x72, 0x65, 0x73, 0x6f, 0x75,
-	0x72, 0x63, 0x65, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x48, 0x0a, 0x0d, 0x73, 0x65, 0x73,
-	0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x21, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x45, 0x76,
-	0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x0c, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74,
-	0x61, 0x72, 0x74, 0x12, 0x4c, 0x0a, 0x0f, 0x75, 0x69, 0x5f, 0x62, 0x61, 0x6e, 0x6e, 0x65, 0x72,
-	0x5f, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70,
-	0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49,
-	0x42, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65, 0x6e, 0x74,
-	0x48, 0x00, 0x52, 0x0d, 0x75, 0x69, 0x42, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x43, 0x6c, 0x69, 0x63,
-	0x6b, 0x12, 0x92, 0x01, 0x0a, 0x29, 0x75, 0x69, 0x5f, 0x6f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64,
-	0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x5f, 0x67, 0x6f, 0x5f, 0x74, 0x6f, 0x5f,
-	0x64, 0x61, 0x73, 0x68, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x5f, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x18,
-	0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x4f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64,
-	0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x47, 0x6f, 0x54, 0x6f, 0x44, 0x61, 0x73, 0x68,
-	0x62, 0x6f, 0x61, 0x72, 0x64, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48,
-	0x00, 0x52, 0x23, 0x75, 0x69, 0x4f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x43, 0x6f, 0x6d, 0x70,
-	0x6c, 0x65, 0x74, 0x65, 0x47, 0x6f, 0x54, 0x6f, 0x44, 0x61, 0x73, 0x68, 0x62, 0x6f, 0x61, 0x72,
-	0x64, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x12, 0x82, 0x01, 0x0a, 0x23, 0x75, 0x69, 0x5f, 0x6f, 0x6e,
-	0x62, 0x6f, 0x61, 0x72, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x5f, 0x66, 0x69, 0x72, 0x73, 0x74, 0x5f,
-	0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x18, 0x0a,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x4f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x41,
+	0x6f, 0x6e, 0x73, 0x22, 0x75, 0x0a, 0x1b, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65,
+	0x63, 0x6f, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x45, 0x76, 0x65,
+	0x6e, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x79,
+	0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f,
+	0x6e, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6e, 0x61,
+	0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x4e, 0x61,
+	0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x22, 0x8f, 0x01, 0x0a, 0x12, 0x55,
+	0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x53, 0x74, 0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e,
+	0x74, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x61, 0x73, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1d,
+	0x0a, 0x0a, 0x69, 0x73, 0x73, 0x75, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x09, 0x69, 0x73, 0x73, 0x75, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x14, 0x0a,
+	0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x73, 0x74,
+	0x61, 0x74, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x73,
+	0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x69, 0x6e,
+	0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x73, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x84, 0x4f, 0x0a,
+	0x12, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6e,
+	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x6c, 0x75, 0x73, 0x74,
+	0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74,
+	0x61, 0x6d, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65,
+	0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70,
+	0x12, 0x3f, 0x0a, 0x0a, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x45,
+	0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x09, 0x75, 0x73, 0x65, 0x72, 0x4c, 0x6f, 0x67, 0x69,
+	0x6e, 0x12, 0x3f, 0x0a, 0x0a, 0x73, 0x73, 0x6f, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x53, 0x53, 0x4f, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65,
+	0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x09, 0x73, 0x73, 0x6f, 0x43, 0x72, 0x65, 0x61,
+	0x74, 0x65, 0x12, 0x4e, 0x0a, 0x0f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x63,
+	0x72, 0x65, 0x61, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x70, 0x72,
+	0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x52, 0x65, 0x73,
+	0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74,
+	0x48, 0x00, 0x52, 0x0e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x72, 0x65, 0x61,
+	0x74, 0x65, 0x12, 0x48, 0x0a, 0x0d, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x74,
+	0x61, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x70, 0x72, 0x65, 0x68,
+	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69,
+	0x6f, 0x6e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x0c,
+	0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x12, 0x4c, 0x0a, 0x0f,
+	0x75, 0x69, 0x5f, 0x62, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x5f, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x18,
+	0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x42, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x43,
+	0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x0d, 0x75, 0x69, 0x42,
+	0x61, 0x6e, 0x6e, 0x65, 0x72, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x12, 0x92, 0x01, 0x0a, 0x29, 0x75,
+	0x69, 0x5f, 0x6f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x6c, 0x65,
+	0x74, 0x65, 0x5f, 0x67, 0x6f, 0x5f, 0x74, 0x6f, 0x5f, 0x64, 0x61, 0x73, 0x68, 0x62, 0x6f, 0x61,
+	0x72, 0x64, 0x5f, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38,
+	0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e,
+	0x55, 0x49, 0x4f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74,
+	0x65, 0x47, 0x6f, 0x54, 0x6f, 0x44, 0x61, 0x73, 0x68, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x43, 0x6c,
+	0x69, 0x63, 0x6b, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x23, 0x75, 0x69, 0x4f, 0x6e,
+	0x62, 0x6f, 0x61, 0x72, 0x64, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x47, 0x6f, 0x54,
+	0x6f, 0x44, 0x61, 0x73, 0x68, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x12,
+	0x82, 0x01, 0x0a, 0x23, 0x75, 0x69, 0x5f, 0x6f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x5f, 0x61,
+	0x64, 0x64, 0x5f, 0x66, 0x69, 0x72, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
+	0x65, 0x5f, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e,
+	0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55,
+	0x49, 0x4f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x41, 0x64, 0x64, 0x46, 0x69, 0x72, 0x73, 0x74,
+	0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65,
+	0x6e, 0x74, 0x48, 0x00, 0x52, 0x1e, 0x75, 0x69, 0x4f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x41,
 	0x64, 0x64, 0x46, 0x69, 0x72, 0x73, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43,
-	0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1e, 0x75, 0x69, 0x4f,
-	0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x41, 0x64, 0x64, 0x46, 0x69, 0x72, 0x73, 0x74, 0x52, 0x65,
-	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x12, 0x92, 0x01, 0x0a, 0x29,
-	0x75, 0x69, 0x5f, 0x6f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x5f, 0x66,
-	0x69, 0x72, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, 0x61,
-	0x74, 0x65, 0x72, 0x5f, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x38, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x2e, 0x55, 0x49, 0x4f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x41, 0x64, 0x64, 0x46, 0x69, 0x72,
-	0x73, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x74, 0x65, 0x72, 0x43,
-	0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x23, 0x75, 0x69, 0x4f,
-	0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x41, 0x64, 0x64, 0x46, 0x69, 0x72, 0x73, 0x74, 0x52, 0x65,
-	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x69, 0x63, 0x6b,
-	0x12, 0x7b, 0x0a, 0x20, 0x75, 0x69, 0x5f, 0x6f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x5f, 0x73,
-	0x65, 0x74, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x75,
-	0x62, 0x6d, 0x69, 0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x70, 0x72, 0x65,
-	0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x4f, 0x6e,
-	0x62, 0x6f, 0x61, 0x72, 0x64, 0x53, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69,
-	0x61, 0x6c, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52,
-	0x1c, 0x75, 0x69, 0x4f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x53, 0x65, 0x74, 0x43, 0x72, 0x65,
-	0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x12, 0x87, 0x01,
-	0x0a, 0x24, 0x75, 0x69, 0x5f, 0x6f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x5f, 0x72, 0x65, 0x67,
-	0x69, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x5f,
-	0x73, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x70,
-	0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49,
-	0x4f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43,
-	0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x45, 0x76,
-	0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x20, 0x75, 0x69, 0x4f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64,
+	0x6c, 0x69, 0x63, 0x6b, 0x12, 0x92, 0x01, 0x0a, 0x29, 0x75, 0x69, 0x5f, 0x6f, 0x6e, 0x62, 0x6f,
+	0x61, 0x72, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x5f, 0x66, 0x69, 0x72, 0x73, 0x74, 0x5f, 0x72, 0x65,
+	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, 0x61, 0x74, 0x65, 0x72, 0x5f, 0x63, 0x6c, 0x69,
+	0x63, 0x6b, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f,
+	0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x4f, 0x6e, 0x62, 0x6f,
+	0x61, 0x72, 0x64, 0x41, 0x64, 0x64, 0x46, 0x69, 0x72, 0x73, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75,
+	0x72, 0x63, 0x65, 0x4c, 0x61, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65,
+	0x6e, 0x74, 0x48, 0x00, 0x52, 0x23, 0x75, 0x69, 0x4f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x41,
+	0x64, 0x64, 0x46, 0x69, 0x72, 0x73, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c,
+	0x61, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x12, 0x7b, 0x0a, 0x20, 0x75, 0x69, 0x5f,
+	0x6f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x63, 0x72, 0x65, 0x64,
+	0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x18, 0x0c, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x4f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x53, 0x65,
+	0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x75, 0x62, 0x6d, 0x69,
+	0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1c, 0x75, 0x69, 0x4f, 0x6e, 0x62, 0x6f,
+	0x61, 0x72, 0x64, 0x53, 0x65, 0x74, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c,
+	0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x12, 0x87, 0x01, 0x0a, 0x24, 0x75, 0x69, 0x5f, 0x6f, 0x6e,
+	0x62, 0x6f, 0x61, 0x72, 0x64, 0x5f, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x63,
+	0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x5f, 0x73, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x18,
+	0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x4f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64,
 	0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67,
-	0x65, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x12, 0x7b, 0x0a, 0x20, 0x75, 0x69, 0x5f, 0x72, 0x65,
-	0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x73, 0x5f, 0x63, 0x6f, 0x6e,
-	0x74, 0x69, 0x6e, 0x75, 0x65, 0x5f, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x18, 0x0e, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x31, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x2e, 0x55, 0x49, 0x52, 0x65, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x43, 0x6f, 0x64,
-	0x65, 0x73, 0x43, 0x6f, 0x6e, 0x74, 0x69, 0x6e, 0x75, 0x65, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45,
-	0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1c, 0x75, 0x69, 0x52, 0x65, 0x63, 0x6f, 0x76, 0x65,
-	0x72, 0x79, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x43, 0x6f, 0x6e, 0x74, 0x69, 0x6e, 0x75, 0x65, 0x43,
-	0x6c, 0x69, 0x63, 0x6b, 0x12, 0x6f, 0x0a, 0x1c, 0x75, 0x69, 0x5f, 0x72, 0x65, 0x63, 0x6f, 0x76,
-	0x65, 0x72, 0x79, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x73, 0x5f, 0x63, 0x6f, 0x70, 0x79, 0x5f, 0x63,
-	0x6c, 0x69, 0x63, 0x6b, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x70, 0x72, 0x65,
+	0x65, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x20,
+	0x75, 0x69, 0x4f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65,
+	0x72, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74,
+	0x12, 0x7b, 0x0a, 0x20, 0x75, 0x69, 0x5f, 0x72, 0x65, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f,
+	0x63, 0x6f, 0x64, 0x65, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x69, 0x6e, 0x75, 0x65, 0x5f, 0x63,
+	0x6c, 0x69, 0x63, 0x6b, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x70, 0x72, 0x65,
 	0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x52, 0x65,
-	0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x43, 0x6f, 0x70, 0x79, 0x43,
-	0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x18, 0x75, 0x69, 0x52,
-	0x65, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x43, 0x6f, 0x70, 0x79,
-	0x43, 0x6c, 0x69, 0x63, 0x6b, 0x12, 0x72, 0x0a, 0x1d, 0x75, 0x69, 0x5f, 0x72, 0x65, 0x63, 0x6f,
-	0x76, 0x65, 0x72, 0x79, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x73, 0x5f, 0x70, 0x72, 0x69, 0x6e, 0x74,
-	0x5f, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x70,
-	0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49,
-	0x52, 0x65, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x50, 0x72, 0x69,
-	0x6e, 0x74, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x19,
-	0x75, 0x69, 0x52, 0x65, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x50,
-	0x72, 0x69, 0x6e, 0x74, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x12, 0x63, 0x0a, 0x19, 0x75, 0x69, 0x5f,
-	0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x65, 0x64,
-	0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70,
-	0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49,
-	0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x53, 0x74, 0x61, 0x72, 0x74, 0x65, 0x64, 0x45,
-	0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x16, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76,
-	0x65, 0x72, 0x53, 0x74, 0x61, 0x72, 0x74, 0x65, 0x64, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x82,
-	0x01, 0x0a, 0x24, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x72,
-	0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e,
-	0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55,
-	0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
-	0x65, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48,
-	0x00, 0x52, 0x20, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73,
-	0x6f, 0x75, 0x72, 0x63, 0x65, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76,
-	0x65, 0x6e, 0x74, 0x12, 0x6f, 0x0a, 0x1d, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74,
-	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, 0x5f, 0x65,
-	0x76, 0x65, 0x6e, 0x74, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x70, 0x72, 0x65,
-	0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x73, 0x65, 0x72,
-	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x49, 0x73, 0x73, 0x75, 0x65,
-	0x64, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1a, 0x75, 0x73, 0x65, 0x72, 0x43, 0x65,
-	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x49, 0x73, 0x73, 0x75, 0x65, 0x64, 0x45,
-	0x76, 0x65, 0x6e, 0x74, 0x12, 0x4d, 0x0a, 0x10, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f,
-	0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x76, 0x32, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21,
-	0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e,
-	0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x45, 0x76, 0x65, 0x6e,
-	0x74, 0x48, 0x00, 0x52, 0x0e, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x72,
-	0x74, 0x56, 0x32, 0x12, 0x76, 0x0a, 0x20, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76,
-	0x65, 0x72, 0x5f, 0x64, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63,
-	0x65, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x15, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e,
-	0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55,
-	0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x53,
-	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1c, 0x75,
-	0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x53,
-	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x7f, 0x0a, 0x23, 0x75,
-	0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x62,
-	0x61, 0x73, 0x65, 0x5f, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x65, 0x76, 0x65,
-	0x6e, 0x74, 0x18, 0x16, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f,
-	0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63,
-	0x6f, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x65, 0x67, 0x69,
-	0x73, 0x74, 0x65, 0x72, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1f, 0x75, 0x69, 0x44,
-	0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52,
-	0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x8f, 0x01, 0x0a,
-	0x29, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x64, 0x61, 0x74,
-	0x61, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x5f,
-	0x6d, 0x74, 0x6c, 0x73, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x17, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x34, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61,
-	0x62, 0x61, 0x73, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x4d, 0x54, 0x4c,
-	0x53, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x24, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63,
-	0x6f, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x75, 0x72, 0x65, 0x4d, 0x74, 0x6c, 0x73, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0xb8,
-	0x01, 0x0a, 0x38, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x64,
-	0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x69,
-	0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x5f, 0x74, 0x6f, 0x6f, 0x6c, 0x73, 0x5f, 0x69, 0x6e,
-	0x73, 0x74, 0x61, 0x6c, 0x6c, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x18, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x41, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x43, 0x6f, 0x6e, 0x74, 0x69,
+	0x6e, 0x75, 0x65, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52,
+	0x1c, 0x75, 0x69, 0x52, 0x65, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x43, 0x6f, 0x64, 0x65, 0x73,
+	0x43, 0x6f, 0x6e, 0x74, 0x69, 0x6e, 0x75, 0x65, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x12, 0x6f, 0x0a,
+	0x1c, 0x75, 0x69, 0x5f, 0x72, 0x65, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, 0x63, 0x6f, 0x64,
+	0x65, 0x73, 0x5f, 0x63, 0x6f, 0x70, 0x79, 0x5f, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x18, 0x0f, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x52, 0x65, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x43,
+	0x6f, 0x64, 0x65, 0x73, 0x43, 0x6f, 0x70, 0x79, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65,
+	0x6e, 0x74, 0x48, 0x00, 0x52, 0x18, 0x75, 0x69, 0x52, 0x65, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79,
+	0x43, 0x6f, 0x64, 0x65, 0x73, 0x43, 0x6f, 0x70, 0x79, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x12, 0x72,
+	0x0a, 0x1d, 0x75, 0x69, 0x5f, 0x72, 0x65, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, 0x63, 0x6f,
+	0x64, 0x65, 0x73, 0x5f, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x5f, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x18,
+	0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x52, 0x65, 0x63, 0x6f, 0x76, 0x65, 0x72,
+	0x79, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x50, 0x72, 0x69, 0x6e, 0x74, 0x43, 0x6c, 0x69, 0x63, 0x6b,
+	0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x19, 0x75, 0x69, 0x52, 0x65, 0x63, 0x6f, 0x76,
+	0x65, 0x72, 0x79, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x50, 0x72, 0x69, 0x6e, 0x74, 0x43, 0x6c, 0x69,
+	0x63, 0x6b, 0x12, 0x63, 0x0a, 0x19, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
+	0x72, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x65, 0x64, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18,
+	0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
+	0x72, 0x53, 0x74, 0x61, 0x72, 0x74, 0x65, 0x64, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52,
+	0x16, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x53, 0x74, 0x61, 0x72, 0x74,
+	0x65, 0x64, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x82, 0x01, 0x0a, 0x24, 0x75, 0x69, 0x5f, 0x64,
+	0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+	0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74,
+	0x18, 0x12, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76,
+	0x65, 0x72, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x20, 0x75, 0x69, 0x44, 0x69,
+	0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x53, 0x65,
+	0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x6f, 0x0a, 0x1d,
+	0x75, 0x73, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x5f, 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x13, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x65, 0x49, 0x73, 0x73, 0x75, 0x65, 0x64, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48,
+	0x00, 0x52, 0x1a, 0x75, 0x73, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
+	0x74, 0x65, 0x49, 0x73, 0x73, 0x75, 0x65, 0x64, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x4d, 0x0a,
+	0x10, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x76,
+	0x32, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e,
+	0x53, 0x74, 0x61, 0x72, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x0e, 0x73, 0x65,
+	0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x56, 0x32, 0x12, 0x76, 0x0a, 0x20,
+	0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x70, 0x6c,
+	0x6f, 0x79, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74,
+	0x18, 0x15, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76,
+	0x65, 0x72, 0x44, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45,
+	0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1c, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76,
+	0x65, 0x72, 0x44, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45,
+	0x76, 0x65, 0x6e, 0x74, 0x12, 0x7f, 0x0a, 0x23, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f,
+	0x76, 0x65, 0x72, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x72, 0x65, 0x67,
+	0x69, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x16, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x2f, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74,
+	0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x45, 0x76, 0x65,
+	0x6e, 0x74, 0x48, 0x00, 0x52, 0x1f, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72,
+	0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72,
+	0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x8f, 0x01, 0x0a, 0x29, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73,
+	0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x63,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x5f, 0x6d, 0x74, 0x6c, 0x73, 0x5f, 0x65, 0x76,
+	0x65, 0x6e, 0x74, 0x18, 0x17, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x70, 0x72, 0x65, 0x68,
+	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73,
+	0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x4d, 0x54, 0x4c, 0x53, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48,
+	0x00, 0x52, 0x24, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74,
+	0x61, 0x62, 0x61, 0x73, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x4d, 0x74,
+	0x6c, 0x73, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0xb8, 0x01, 0x0a, 0x38, 0x75, 0x69, 0x5f, 0x64,
+	0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70, 0x5f,
+	0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79,
+	0x5f, 0x74, 0x6f, 0x6f, 0x6c, 0x73, 0x5f, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x5f, 0x65,
+	0x76, 0x65, 0x6e, 0x74, 0x18, 0x18, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x70, 0x72, 0x65,
+	0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69,
+	0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70, 0x41, 0x63, 0x74,
+	0x69, 0x76, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x54, 0x6f, 0x6f, 0x6c,
+	0x73, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52,
+	0x31, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x65, 0x73, 0x6b, 0x74,
+	0x6f, 0x70, 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72,
+	0x79, 0x54, 0x6f, 0x6f, 0x6c, 0x73, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x45, 0x76, 0x65,
+	0x6e, 0x74, 0x12, 0xae, 0x01, 0x0a, 0x34, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76,
+	0x65, 0x72, 0x5f, 0x64, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x76,
+	0x65, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x5f, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x75, 0x72, 0x65, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x19, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x3e, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
 	0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x65, 0x73,
 	0x6b, 0x74, 0x6f, 0x70, 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74,
-	0x6f, 0x72, 0x79, 0x54, 0x6f, 0x6f, 0x6c, 0x73, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x45,
-	0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x31, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76,
-	0x65, 0x72, 0x44, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70, 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, 0x44,
-	0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x54, 0x6f, 0x6f, 0x6c, 0x73, 0x49, 0x6e, 0x73,
-	0x74, 0x61, 0x6c, 0x6c, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0xae, 0x01, 0x0a, 0x34, 0x75, 0x69,
-	0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x73, 0x6b, 0x74, 0x6f,
-	0x70, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f,
-	0x72, 0x79, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x5f, 0x65, 0x76, 0x65,
-	0x6e, 0x74, 0x18, 0x19, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f,
-	0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63,
-	0x6f, 0x76, 0x65, 0x72, 0x44, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70, 0x41, 0x63, 0x74, 0x69, 0x76,
-	0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x75, 0x72, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x2e, 0x75, 0x69, 0x44, 0x69,
-	0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70, 0x41, 0x63, 0x74,
-	0x69, 0x76, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x75, 0x72, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x95, 0x01, 0x0a, 0x2b, 0x75,
-	0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x61, 0x75, 0x74, 0x6f, 0x5f,
-	0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75,
-	0x72, 0x63, 0x65, 0x73, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x36, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x41, 0x75, 0x74, 0x6f,
-	0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72,
-	0x63, 0x65, 0x73, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x26, 0x75, 0x69, 0x44, 0x69,
-	0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x41, 0x75, 0x74, 0x6f, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76,
-	0x65, 0x72, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x45, 0x76, 0x65,
-	0x6e, 0x74, 0x12, 0x9f, 0x01, 0x0a, 0x2f, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76,
-	0x65, 0x72, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x75, 0x72, 0x65, 0x5f, 0x69, 0x61, 0x6d, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
-	0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x70,
-	0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49,
-	0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x49, 0x41, 0x4d, 0x50, 0x6f, 0x6c, 0x69,
-	0x63, 0x79, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x29, 0x75, 0x69, 0x44, 0x69, 0x73,
-	0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x49, 0x61, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x45,
-	0x76, 0x65, 0x6e, 0x74, 0x12, 0x88, 0x01, 0x0a, 0x26, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63,
-	0x6f, 0x76, 0x65, 0x72, 0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x5f,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18,
-	0x1c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
+	0x6f, 0x72, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x45, 0x76, 0x65, 0x6e,
+	0x74, 0x48, 0x00, 0x52, 0x2e, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x44,
+	0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70, 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, 0x44, 0x69, 0x72, 0x65,
+	0x63, 0x74, 0x6f, 0x72, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x45, 0x76,
+	0x65, 0x6e, 0x74, 0x12, 0x95, 0x01, 0x0a, 0x2b, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f,
+	0x76, 0x65, 0x72, 0x5f, 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
+	0x72, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x5f, 0x65, 0x76,
+	0x65, 0x6e, 0x74, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x70, 0x72, 0x65, 0x68,
+	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73,
+	0x63, 0x6f, 0x76, 0x65, 0x72, 0x41, 0x75, 0x74, 0x6f, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
+	0x72, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x45, 0x76, 0x65, 0x6e,
+	0x74, 0x48, 0x00, 0x52, 0x26, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x41,
+	0x75, 0x74, 0x6f, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x65, 0x64, 0x52, 0x65, 0x73,
+	0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x9f, 0x01, 0x0a, 0x2f,
+	0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x64, 0x61, 0x74, 0x61,
+	0x62, 0x61, 0x73, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x5f, 0x69,
+	0x61, 0x6d, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18,
+	0x1b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
 	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
-	0x72, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x75, 0x72, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x22, 0x75, 0x69, 0x44,
-	0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c,
-	0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12,
-	0x79, 0x0a, 0x21, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x74,
-	0x65, 0x73, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x65,
-	0x76, 0x65, 0x6e, 0x74, 0x18, 0x1d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x70, 0x72, 0x65,
-	0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69,
-	0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x54, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1d, 0x75, 0x69, 0x44,
-	0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x54, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x69, 0x0a, 0x1b, 0x75, 0x69,
-	0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x6c, 0x65,
-	0x74, 0x65, 0x64, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x28, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x70, 0x6c,
-	0x65, 0x74, 0x65, 0x64, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x18, 0x75, 0x69, 0x44,
-	0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x64,
-	0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x42, 0x0a, 0x0b, 0x72, 0x6f, 0x6c, 0x65, 0x5f, 0x63, 0x72,
-	0x65, 0x61, 0x74, 0x65, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x70, 0x72, 0x65,
-	0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x52, 0x6f, 0x6c, 0x65,
-	0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x0a, 0x72,
-	0x6f, 0x6c, 0x65, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x63, 0x0a, 0x18, 0x75, 0x69, 0x5f,
-	0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x6e, 0x65, 0x77, 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x5f,
-	0x63, 0x6c, 0x69, 0x63, 0x6b, 0x18, 0x20, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x70, 0x72,
-	0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x43,
-	0x72, 0x65, 0x61, 0x74, 0x65, 0x4e, 0x65, 0x77, 0x52, 0x6f, 0x6c, 0x65, 0x43, 0x6c, 0x69, 0x63,
-	0x6b, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x14, 0x75, 0x69, 0x43, 0x72, 0x65, 0x61,
-	0x74, 0x65, 0x4e, 0x65, 0x77, 0x52, 0x6f, 0x6c, 0x65, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x12, 0x70,
-	0x0a, 0x1d, 0x75, 0x69, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x6e, 0x65, 0x77, 0x5f,
-	0x72, 0x6f, 0x6c, 0x65, 0x5f, 0x73, 0x61, 0x76, 0x65, 0x5f, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x18,
-	0x21, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e,
-	0x65, 0x77, 0x52, 0x6f, 0x6c, 0x65, 0x53, 0x61, 0x76, 0x65, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45,
-	0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x18, 0x75, 0x69, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65,
-	0x4e, 0x65, 0x77, 0x52, 0x6f, 0x6c, 0x65, 0x53, 0x61, 0x76, 0x65, 0x43, 0x6c, 0x69, 0x63, 0x6b,
-	0x12, 0x76, 0x0a, 0x1f, 0x75, 0x69, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x6e, 0x65,
-	0x77, 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x5f, 0x63, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x5f, 0x63, 0x6c,
-	0x69, 0x63, 0x6b, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x70, 0x72, 0x65, 0x68,
-	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x43, 0x72, 0x65,
-	0x61, 0x74, 0x65, 0x4e, 0x65, 0x77, 0x52, 0x6f, 0x6c, 0x65, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c,
-	0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1a, 0x75, 0x69,
-	0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e, 0x65, 0x77, 0x52, 0x6f, 0x6c, 0x65, 0x43, 0x61, 0x6e,
-	0x63, 0x65, 0x6c, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x12, 0x98, 0x01, 0x0a, 0x2b, 0x75, 0x69, 0x5f,
+	0x72, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75,
+	0x72, 0x65, 0x49, 0x41, 0x4d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x45, 0x76, 0x65, 0x6e, 0x74,
+	0x48, 0x00, 0x52, 0x29, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x61,
+	0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x49,
+	0x61, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x88, 0x01,
+	0x0a, 0x26, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x70, 0x72,
+	0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75,
+	0x72, 0x65, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32,
+	0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e,
+	0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69,
+	0x70, 0x61, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x45, 0x76, 0x65,
+	0x6e, 0x74, 0x48, 0x00, 0x52, 0x22, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72,
+	0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x75, 0x72, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x79, 0x0a, 0x21, 0x75, 0x69, 0x5f, 0x64,
+	0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x74, 0x65, 0x73, 0x74, 0x5f, 0x63, 0x6f, 0x6e,
+	0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x1d, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x54,
+	0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65,
+	0x6e, 0x74, 0x48, 0x00, 0x52, 0x1d, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72,
+	0x54, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76,
+	0x65, 0x6e, 0x74, 0x12, 0x69, 0x0a, 0x1b, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76,
+	0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x65, 0x76, 0x65,
+	0x6e, 0x74, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f,
+	0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63,
+	0x6f, 0x76, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x45, 0x76, 0x65,
+	0x6e, 0x74, 0x48, 0x00, 0x52, 0x18, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72,
+	0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x42,
+	0x0a, 0x0b, 0x72, 0x6f, 0x6c, 0x65, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x18, 0x1f, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x2e, 0x52, 0x6f, 0x6c, 0x65, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x45,
+	0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x0a, 0x72, 0x6f, 0x6c, 0x65, 0x43, 0x72, 0x65, 0x61,
+	0x74, 0x65, 0x12, 0x63, 0x0a, 0x18, 0x75, 0x69, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f,
+	0x6e, 0x65, 0x77, 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x5f, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x18, 0x20,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e, 0x65,
+	0x77, 0x52, 0x6f, 0x6c, 0x65, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48,
+	0x00, 0x52, 0x14, 0x75, 0x69, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e, 0x65, 0x77, 0x52, 0x6f,
+	0x6c, 0x65, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x12, 0x70, 0x0a, 0x1d, 0x75, 0x69, 0x5f, 0x63, 0x72,
+	0x65, 0x61, 0x74, 0x65, 0x5f, 0x6e, 0x65, 0x77, 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x5f, 0x73, 0x61,
+	0x76, 0x65, 0x5f, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x18, 0x21, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d,
+	0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e,
+	0x55, 0x49, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e, 0x65, 0x77, 0x52, 0x6f, 0x6c, 0x65, 0x53,
+	0x61, 0x76, 0x65, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52,
+	0x18, 0x75, 0x69, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e, 0x65, 0x77, 0x52, 0x6f, 0x6c, 0x65,
+	0x53, 0x61, 0x76, 0x65, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x12, 0x76, 0x0a, 0x1f, 0x75, 0x69, 0x5f,
 	0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x6e, 0x65, 0x77, 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x5f,
-	0x76, 0x69, 0x65, 0x77, 0x5f, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x5f, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x18, 0x23, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a,
+	0x63, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x5f, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x18, 0x22, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e, 0x65, 0x77, 0x52,
+	0x6f, 0x6c, 0x65, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76,
+	0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1a, 0x75, 0x69, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e,
+	0x65, 0x77, 0x52, 0x6f, 0x6c, 0x65, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x43, 0x6c, 0x69, 0x63,
+	0x6b, 0x12, 0x98, 0x01, 0x0a, 0x2b, 0x75, 0x69, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f,
+	0x6e, 0x65, 0x77, 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x5f, 0x76, 0x69, 0x65, 0x77, 0x5f, 0x64, 0x6f,
+	0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6c, 0x69, 0x63,
+	0x6b, 0x18, 0x23, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x43, 0x72, 0x65, 0x61, 0x74,
+	0x65, 0x4e, 0x65, 0x77, 0x52, 0x6f, 0x6c, 0x65, 0x56, 0x69, 0x65, 0x77, 0x44, 0x6f, 0x63, 0x75,
+	0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76,
+	0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x25, 0x75, 0x69, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e,
+	0x65, 0x77, 0x52, 0x6f, 0x6c, 0x65, 0x56, 0x69, 0x65, 0x77, 0x44, 0x6f, 0x63, 0x75, 0x6d, 0x65,
+	0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x12, 0x45, 0x0a, 0x0c,
+	0x6b, 0x75, 0x62, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x24, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x20, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x2e, 0x4b, 0x75, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x45,
+	0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x0b, 0x6b, 0x75, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x12, 0x2f, 0x0a, 0x04, 0x73, 0x66, 0x74, 0x70, 0x18, 0x25, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x19, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x2e, 0x53, 0x46, 0x54, 0x50, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x04,
+	0x73, 0x66, 0x74, 0x70, 0x12, 0x56, 0x0a, 0x14, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x5f, 0x6d, 0x65,
+	0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x26, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x2e, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74,
+	0x61, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x12, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x4d,
+	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x57, 0x0a, 0x12,
+	0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x72, 0x74, 0x62, 0x65,
+	0x61, 0x74, 0x18, 0x27, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f,
+	0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72,
+	0x63, 0x65, 0x48, 0x65, 0x61, 0x72, 0x74, 0x62, 0x65, 0x61, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74,
+	0x48, 0x00, 0x52, 0x11, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x48, 0x65, 0x61, 0x72,
+	0x74, 0x62, 0x65, 0x61, 0x74, 0x12, 0x9c, 0x01, 0x0a, 0x2e, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73,
+	0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x5f, 0x61, 0x77, 0x73, 0x5f, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x28, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38,
 	0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e,
-	0x55, 0x49, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e, 0x65, 0x77, 0x52, 0x6f, 0x6c, 0x65, 0x56,
-	0x69, 0x65, 0x77, 0x44, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x25, 0x75, 0x69,
-	0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e, 0x65, 0x77, 0x52, 0x6f, 0x6c, 0x65, 0x56, 0x69, 0x65,
-	0x77, 0x44, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c,
-	0x69, 0x63, 0x6b, 0x12, 0x45, 0x0a, 0x0c, 0x6b, 0x75, 0x62, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x18, 0x24, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x70, 0x72, 0x65, 0x68,
-	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x4b, 0x75, 0x62, 0x65, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x0b, 0x6b,
-	0x75, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2f, 0x0a, 0x04, 0x73, 0x66,
-	0x74, 0x70, 0x18, 0x25, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f,
-	0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x53, 0x46, 0x54, 0x50, 0x45, 0x76,
-	0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x04, 0x73, 0x66, 0x74, 0x70, 0x12, 0x56, 0x0a, 0x14, 0x61,
-	0x67, 0x65, 0x6e, 0x74, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x65, 0x76,
-	0x65, 0x6e, 0x74, 0x18, 0x26, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x72, 0x65, 0x68,
-	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x67, 0x65, 0x6e, 0x74,
-	0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52,
-	0x12, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x76,
-	0x65, 0x6e, 0x74, 0x12, 0x57, 0x0a, 0x12, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f,
-	0x68, 0x65, 0x61, 0x72, 0x74, 0x62, 0x65, 0x61, 0x74, 0x18, 0x27, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x26, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x48, 0x65, 0x61, 0x72, 0x74, 0x62, 0x65,
-	0x61, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x11, 0x72, 0x65, 0x73, 0x6f, 0x75,
-	0x72, 0x63, 0x65, 0x48, 0x65, 0x61, 0x72, 0x74, 0x62, 0x65, 0x61, 0x74, 0x12, 0x9c, 0x01, 0x0a,
-	0x2e, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x74,
-	0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x61, 0x77, 0x73, 0x5f, 0x6f, 0x69, 0x64,
-	0x63, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18,
-	0x28, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
-	0x72, 0x49, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x57, 0x53, 0x4f,
-	0x49, 0x44, 0x43, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48,
-	0x00, 0x52, 0x28, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x49, 0x6e, 0x74,
-	0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x77, 0x73, 0x4f, 0x69, 0x64, 0x63, 0x43,
-	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x83, 0x01, 0x0a, 0x25,
-	0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x64, 0x61, 0x74, 0x61,
-	0x62, 0x61, 0x73, 0x65, 0x5f, 0x72, 0x64, 0x73, 0x5f, 0x65, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x5f,
-	0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x29, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x70, 0x72,
-	0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44,
-	0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52,
-	0x44, 0x53, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52,
-	0x20, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x62,
-	0x61, 0x73, 0x65, 0x52, 0x64, 0x73, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x45, 0x76, 0x65, 0x6e,
-	0x74, 0x12, 0x6b, 0x0a, 0x1d, 0x75, 0x69, 0x5f, 0x63, 0x61, 0x6c, 0x6c, 0x5f, 0x74, 0x6f, 0x5f,
-	0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x5f, 0x65, 0x76, 0x65,
-	0x6e, 0x74, 0x18, 0x2a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f,
-	0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x43, 0x61, 0x6c, 0x6c,
-	0x54, 0x6f, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65,
-	0x6e, 0x74, 0x48, 0x00, 0x52, 0x18, 0x75, 0x69, 0x43, 0x61, 0x6c, 0x6c, 0x54, 0x6f, 0x41, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x54,
-	0x0a, 0x11, 0x61, 0x73, 0x73, 0x69, 0x73, 0x74, 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74,
-	0x69, 0x6f, 0x6e, 0x18, 0x2b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x70, 0x72, 0x65, 0x68,
-	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x73,
-	0x74, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74,
-	0x48, 0x00, 0x52, 0x10, 0x61, 0x73, 0x73, 0x69, 0x73, 0x74, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65,
-	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x79, 0x0a, 0x21, 0x75, 0x69, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x67,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x65, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x5f, 0x73, 0x74,
-	0x61, 0x72, 0x74, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x2d, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x2e, 0x55, 0x49, 0x49, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e,
-	0x72, 0x6f, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x72, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00,
-	0x52, 0x1d, 0x75, 0x69, 0x49, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45,
-	0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x72, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12,
-	0x82, 0x01, 0x0a, 0x24, 0x75, 0x69, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x5f, 0x65, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x6c, 0x65,
-	0x74, 0x65, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30,
+	0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x49, 0x6e, 0x74, 0x65, 0x67, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x57, 0x53, 0x4f, 0x49, 0x44, 0x43, 0x43, 0x6f, 0x6e, 0x6e,
+	0x65, 0x63, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x28, 0x75, 0x69, 0x44, 0x69,
+	0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x49, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x41, 0x77, 0x73, 0x4f, 0x69, 0x64, 0x63, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x45,
+	0x76, 0x65, 0x6e, 0x74, 0x12, 0x83, 0x01, 0x0a, 0x25, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63,
+	0x6f, 0x76, 0x65, 0x72, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x72, 0x64,
+	0x73, 0x5f, 0x65, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x29,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72,
+	0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x44, 0x53, 0x45, 0x6e, 0x72, 0x6f, 0x6c,
+	0x6c, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x20, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63,
+	0x6f, 0x76, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x64, 0x73, 0x45,
+	0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x6b, 0x0a, 0x1d, 0x75, 0x69,
+	0x5f, 0x63, 0x61, 0x6c, 0x6c, 0x5f, 0x74, 0x6f, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f,
+	0x63, 0x6c, 0x69, 0x63, 0x6b, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x2a, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x28, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x2e, 0x55, 0x49, 0x43, 0x61, 0x6c, 0x6c, 0x54, 0x6f, 0x41, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x43, 0x6c, 0x69, 0x63, 0x6b, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x18, 0x75,
+	0x69, 0x43, 0x61, 0x6c, 0x6c, 0x54, 0x6f, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6c, 0x69,
+	0x63, 0x6b, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x54, 0x0a, 0x11, 0x61, 0x73, 0x73, 0x69, 0x73,
+	0x74, 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x2b, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x25, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x73, 0x74, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65,
+	0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x10, 0x61, 0x73, 0x73,
+	0x69, 0x73, 0x74, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x79, 0x0a,
+	0x21, 0x75, 0x69, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f,
+	0x65, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x65, 0x76, 0x65,
+	0x6e, 0x74, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f,
+	0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x49, 0x6e, 0x74, 0x65,
+	0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x53, 0x74, 0x61,
+	0x72, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1d, 0x75, 0x69, 0x49, 0x6e, 0x74,
+	0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x53, 0x74,
+	0x61, 0x72, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x82, 0x01, 0x0a, 0x24, 0x75, 0x69, 0x5f,
+	0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x65, 0x6e, 0x72, 0x6f,
+	0x6c, 0x6c, 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x5f, 0x65, 0x76, 0x65, 0x6e,
+	0x74, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x49, 0x6e, 0x74, 0x65, 0x67,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x43, 0x6f, 0x6d, 0x70,
+	0x6c, 0x65, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x20, 0x75, 0x69, 0x49,
+	0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c,
+	0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x53, 0x0a,
+	0x13, 0x65, 0x64, 0x69, 0x74, 0x6f, 0x72, 0x5f, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x5f, 0x65,
+	0x76, 0x65, 0x6e, 0x74, 0x18, 0x2e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x70, 0x72, 0x65,
+	0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x45, 0x64, 0x69, 0x74,
+	0x6f, 0x72, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52,
+	0x11, 0x65, 0x64, 0x69, 0x74, 0x6f, 0x72, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x45, 0x76, 0x65,
+	0x6e, 0x74, 0x12, 0x3f, 0x0a, 0x0a, 0x62, 0x6f, 0x74, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65,
+	0x18, 0x2f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x42, 0x6f, 0x74, 0x43, 0x72, 0x65, 0x61, 0x74,
+	0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x09, 0x62, 0x6f, 0x74, 0x43, 0x72, 0x65,
+	0x61, 0x74, 0x65, 0x12, 0x7a, 0x0a, 0x1f, 0x75, 0x69, 0x5f, 0x6f, 0x6e, 0x62, 0x6f, 0x61, 0x72,
+	0x64, 0x5f, 0x71, 0x75, 0x65, 0x73, 0x74, 0x69, 0x6f, 0x6e, 0x6e, 0x61, 0x69, 0x72, 0x65, 0x5f,
+	0x73, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x18, 0x30, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x70,
+	0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49,
+	0x4f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x51, 0x75, 0x65, 0x73, 0x74, 0x69, 0x6f, 0x6e, 0x6e,
+	0x61, 0x69, 0x72, 0x65, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48,
+	0x00, 0x52, 0x1c, 0x75, 0x69, 0x4f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x51, 0x75, 0x65, 0x73,
+	0x74, 0x69, 0x6f, 0x6e, 0x6e, 0x61, 0x69, 0x72, 0x65, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x12,
+	0x39, 0x0a, 0x08, 0x62, 0x6f, 0x74, 0x5f, 0x6a, 0x6f, 0x69, 0x6e, 0x18, 0x31, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x1c, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x2e, 0x42, 0x6f, 0x74, 0x4a, 0x6f, 0x69, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48,
+	0x00, 0x52, 0x07, 0x62, 0x6f, 0x74, 0x4a, 0x6f, 0x69, 0x6e, 0x12, 0x51, 0x0a, 0x10, 0x61, 0x73,
+	0x73, 0x69, 0x73, 0x74, 0x5f, 0x65, 0x78, 0x65, 0x63, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x32,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x73, 0x74, 0x45, 0x78, 0x65, 0x63,
+	0x75, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x0f, 0x61, 0x73,
+	0x73, 0x69, 0x73, 0x74, 0x45, 0x78, 0x65, 0x63, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x64, 0x0a,
+	0x17, 0x61, 0x73, 0x73, 0x69, 0x73, 0x74, 0x5f, 0x6e, 0x65, 0x77, 0x5f, 0x63, 0x6f, 0x6e, 0x76,
+	0x65, 0x72, 0x73, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x33, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a,
 	0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e,
-	0x55, 0x49, 0x49, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x72,
-	0x6f, 0x6c, 0x6c, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74,
-	0x48, 0x00, 0x52, 0x20, 0x75, 0x69, 0x49, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x45,
-	0x76, 0x65, 0x6e, 0x74, 0x12, 0x53, 0x0a, 0x13, 0x65, 0x64, 0x69, 0x74, 0x6f, 0x72, 0x5f, 0x63,
-	0x68, 0x61, 0x6e, 0x67, 0x65, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x2e, 0x20, 0x01, 0x28,
+	0x41, 0x73, 0x73, 0x69, 0x73, 0x74, 0x4e, 0x65, 0x77, 0x43, 0x6f, 0x6e, 0x76, 0x65, 0x72, 0x73,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x15, 0x61, 0x73,
+	0x73, 0x69, 0x73, 0x74, 0x4e, 0x65, 0x77, 0x43, 0x6f, 0x6e, 0x76, 0x65, 0x72, 0x73, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x12, 0x65, 0x0a, 0x19, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x75,
+	0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74,
+	0x18, 0x34, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x75,
+	0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48,
+	0x00, 0x52, 0x17, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74,
+	0x69, 0x63, 0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x6e, 0x0a, 0x1c, 0x66, 0x65,
+	0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x72, 0x65, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x64, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x35, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x2a, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x52, 0x65, 0x63, 0x6f, 0x6d, 0x6d, 0x65,
+	0x6e, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1a,
+	0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x52, 0x65, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x64,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x5e, 0x0a, 0x15, 0x61, 0x73,
+	0x73, 0x69, 0x73, 0x74, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x72, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x18, 0x36, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x70, 0x72, 0x65, 0x68,
+	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x73,
+	0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x45, 0x76,
+	0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x13, 0x61, 0x73, 0x73, 0x69, 0x73, 0x74, 0x41, 0x63, 0x63,
+	0x65, 0x73, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x48, 0x0a, 0x0d, 0x61, 0x73,
+	0x73, 0x69, 0x73, 0x74, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x37, 0x20, 0x01, 0x28,
 	0x0b, 0x32, 0x21, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x2e, 0x45, 0x64, 0x69, 0x74, 0x6f, 0x72, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x45,
-	0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x11, 0x65, 0x64, 0x69, 0x74, 0x6f, 0x72, 0x43, 0x68,
-	0x61, 0x6e, 0x67, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x3f, 0x0a, 0x0a, 0x62, 0x6f, 0x74,
-	0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x18, 0x2f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e,
-	0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x42,
-	0x6f, 0x74, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52,
-	0x09, 0x62, 0x6f, 0x74, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x7a, 0x0a, 0x1f, 0x75, 0x69,
-	0x5f, 0x6f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x5f, 0x71, 0x75, 0x65, 0x73, 0x74, 0x69, 0x6f,
-	0x6e, 0x6e, 0x61, 0x69, 0x72, 0x65, 0x5f, 0x73, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x18, 0x30, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x4f, 0x6e, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x51, 0x75,
-	0x65, 0x73, 0x74, 0x69, 0x6f, 0x6e, 0x6e, 0x61, 0x69, 0x72, 0x65, 0x53, 0x75, 0x62, 0x6d, 0x69,
-	0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1c, 0x75, 0x69, 0x4f, 0x6e, 0x62, 0x6f,
-	0x61, 0x72, 0x64, 0x51, 0x75, 0x65, 0x73, 0x74, 0x69, 0x6f, 0x6e, 0x6e, 0x61, 0x69, 0x72, 0x65,
-	0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x12, 0x39, 0x0a, 0x08, 0x62, 0x6f, 0x74, 0x5f, 0x6a, 0x6f,
-	0x69, 0x6e, 0x18, 0x31, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f,
-	0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x42, 0x6f, 0x74, 0x4a, 0x6f, 0x69,
-	0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x07, 0x62, 0x6f, 0x74, 0x4a, 0x6f, 0x69,
-	0x6e, 0x12, 0x51, 0x0a, 0x10, 0x61, 0x73, 0x73, 0x69, 0x73, 0x74, 0x5f, 0x65, 0x78, 0x65, 0x63,
-	0x75, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x32, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x70, 0x72,
-	0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x73, 0x73,
-	0x69, 0x73, 0x74, 0x45, 0x78, 0x65, 0x63, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e,
-	0x74, 0x48, 0x00, 0x52, 0x0f, 0x61, 0x73, 0x73, 0x69, 0x73, 0x74, 0x45, 0x78, 0x65, 0x63, 0x75,
-	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x64, 0x0a, 0x17, 0x61, 0x73, 0x73, 0x69, 0x73, 0x74, 0x5f, 0x6e,
-	0x65, 0x77, 0x5f, 0x63, 0x6f, 0x6e, 0x76, 0x65, 0x72, 0x73, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18,
-	0x33, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x73, 0x74, 0x4e, 0x65, 0x77,
-	0x43, 0x6f, 0x6e, 0x76, 0x65, 0x72, 0x73, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e,
-	0x74, 0x48, 0x00, 0x52, 0x15, 0x61, 0x73, 0x73, 0x69, 0x73, 0x74, 0x4e, 0x65, 0x77, 0x43, 0x6f,
-	0x6e, 0x76, 0x65, 0x72, 0x73, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x65, 0x0a, 0x19, 0x64, 0x65,
-	0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74,
-	0x65, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x34, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e,
-	0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x44,
-	0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74,
-	0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x17, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65,
-	0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e,
-	0x74, 0x12, 0x6e, 0x0a, 0x1c, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x72, 0x65, 0x63,
-	0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x65, 0x76, 0x65, 0x6e,
-	0x74, 0x18, 0x35, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65,
-	0x52, 0x65, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76,
-	0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1a, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x52, 0x65,
-	0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e,
-	0x74, 0x12, 0x5e, 0x0a, 0x15, 0x61, 0x73, 0x73, 0x69, 0x73, 0x74, 0x5f, 0x61, 0x63, 0x63, 0x65,
-	0x73, 0x73, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x36, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x28, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x73, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x13, 0x61, 0x73,
-	0x73, 0x69, 0x73, 0x74, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x12, 0x48, 0x0a, 0x0d, 0x61, 0x73, 0x73, 0x69, 0x73, 0x74, 0x5f, 0x61, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x18, 0x37, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f,
-	0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x73, 0x74,
-	0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x0c, 0x61,
-	0x73, 0x73, 0x69, 0x73, 0x74, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x53, 0x0a, 0x13, 0x64,
-	0x65, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x65, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x5f, 0x65, 0x76, 0x65,
-	0x6e, 0x74, 0x18, 0x38, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f,
-	0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65,
-	0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x11, 0x64,
-	0x65, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x45, 0x76, 0x65, 0x6e, 0x74,
-	0x12, 0x53, 0x0a, 0x13, 0x6c, 0x69, 0x63, 0x65, 0x6e, 0x73, 0x65, 0x5f, 0x6c, 0x69, 0x6d, 0x69,
-	0x74, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x39, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e,
-	0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x4c,
-	0x69, 0x63, 0x65, 0x6e, 0x73, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74,
-	0x48, 0x00, 0x52, 0x11, 0x6c, 0x69, 0x63, 0x65, 0x6e, 0x73, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74,
-	0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x55, 0x0a, 0x12, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f,
-	0x6c, 0x69, 0x73, 0x74, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x18, 0x3a, 0x20, 0x01, 0x28,
+	0x68, 0x61, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x73, 0x74, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45,
+	0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x0c, 0x61, 0x73, 0x73, 0x69, 0x73, 0x74, 0x41, 0x63,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x53, 0x0a, 0x13, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x65,
+	0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x38, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x21, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x45,
+	0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x11, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e,
+	0x72, 0x6f, 0x6c, 0x6c, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x53, 0x0a, 0x13, 0x6c, 0x69, 0x63,
+	0x65, 0x6e, 0x73, 0x65, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74,
+	0x18, 0x39, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x4c, 0x69, 0x63, 0x65, 0x6e, 0x73, 0x65, 0x4c,
+	0x69, 0x6d, 0x69, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x11, 0x6c, 0x69, 0x63,
+	0x65, 0x6e, 0x73, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x55,
+	0x0a, 0x12, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x63, 0x72,
+	0x65, 0x61, 0x74, 0x65, 0x18, 0x3a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x70, 0x72, 0x65,
+	0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65,
+	0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e,
+	0x74, 0x48, 0x00, 0x52, 0x10, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x43,
+	0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x55, 0x0a, 0x12, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f,
+	0x6c, 0x69, 0x73, 0x74, 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x3b, 0x20, 0x01, 0x28,
 	0x0b, 0x32, 0x25, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x65,
+	0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64,
 	0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x10, 0x61, 0x63, 0x63, 0x65,
-	0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x55, 0x0a, 0x12,
-	0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x75, 0x70, 0x64, 0x61,
-	0x74, 0x65, 0x18, 0x3b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f,
+	0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x55, 0x0a, 0x12,
+	0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x64, 0x65, 0x6c, 0x65,
+	0x74, 0x65, 0x18, 0x3c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f,
 	0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73,
-	0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48,
-	0x00, 0x52, 0x10, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64,
-	0x61, 0x74, 0x65, 0x12, 0x55, 0x0a, 0x12, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x69,
-	0x73, 0x74, 0x5f, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x18, 0x3c, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x25, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x65, 0x6c, 0x65, 0x74,
-	0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x10, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73,
-	0x4c, 0x69, 0x73, 0x74, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x68, 0x0a, 0x19, 0x61, 0x63,
-	0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x6d, 0x65, 0x6d, 0x62, 0x65, 0x72,
-	0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x18, 0x3d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e,
-	0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41,
-	0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x43,
-	0x72, 0x65, 0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x16, 0x61, 0x63,
-	0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x43, 0x72,
-	0x65, 0x61, 0x74, 0x65, 0x12, 0x68, 0x0a, 0x19, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c,
-	0x69, 0x73, 0x74, 0x5f, 0x6d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74,
-	0x65, 0x18, 0x3e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c,
-	0x69, 0x73, 0x74, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45,
-	0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x16, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69,
-	0x73, 0x74, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x68,
-	0x0a, 0x19, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x6d, 0x65,
-	0x6d, 0x62, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x18, 0x3f, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x2b, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x4d, 0x65, 0x6d,
-	0x62, 0x65, 0x72, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00,
-	0x52, 0x16, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x4d, 0x65, 0x6d, 0x62,
-	0x65, 0x72, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x69, 0x0a, 0x1a, 0x61, 0x63, 0x63, 0x65,
-	0x73, 0x73, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x73, 0x5f, 0x74,
-	0x6f, 0x5f, 0x75, 0x73, 0x65, 0x72, 0x18, 0x40, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x70,
-	0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63,
-	0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x73, 0x54, 0x6f,
-	0x55, 0x73, 0x65, 0x72, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x16, 0x61, 0x63, 0x63,
-	0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x73, 0x54, 0x6f, 0x55,
-	0x73, 0x65, 0x72, 0x12, 0x81, 0x01, 0x0a, 0x22, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f,
-	0x76, 0x65, 0x72, 0x5f, 0x65, 0x63, 0x32, 0x5f, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65,
-	0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x41, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x33, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x45, 0x43, 0x32, 0x49,
+	0x4c, 0x69, 0x73, 0x74, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48,
+	0x00, 0x52, 0x10, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x65, 0x6c,
+	0x65, 0x74, 0x65, 0x12, 0x68, 0x0a, 0x19, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x69,
+	0x73, 0x74, 0x5f, 0x6d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65,
+	0x18, 0x3d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69,
+	0x73, 0x74, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x45, 0x76,
+	0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x16, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73,
+	0x74, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x68, 0x0a,
+	0x19, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x6d, 0x65, 0x6d,
+	0x62, 0x65, 0x72, 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x3e, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x2b, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x4d, 0x65, 0x6d, 0x62,
+	0x65, 0x72, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52,
+	0x16, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x4d, 0x65, 0x6d, 0x62, 0x65,
+	0x72, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x68, 0x0a, 0x19, 0x61, 0x63, 0x63, 0x65, 0x73,
+	0x73, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x6d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x64, 0x65,
+	0x6c, 0x65, 0x74, 0x65, 0x18, 0x3f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x70, 0x72, 0x65,
+	0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65,
+	0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x44, 0x65, 0x6c, 0x65,
+	0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x16, 0x61, 0x63, 0x63, 0x65, 0x73,
+	0x73, 0x4c, 0x69, 0x73, 0x74, 0x4d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x44, 0x65, 0x6c, 0x65, 0x74,
+	0x65, 0x12, 0x69, 0x0a, 0x1a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x69, 0x73, 0x74,
+	0x5f, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x73, 0x5f, 0x74, 0x6f, 0x5f, 0x75, 0x73, 0x65, 0x72, 0x18,
+	0x40, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73,
+	0x74, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x73, 0x54, 0x6f, 0x55, 0x73, 0x65, 0x72, 0x45, 0x76, 0x65,
+	0x6e, 0x74, 0x48, 0x00, 0x52, 0x16, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74,
+	0x47, 0x72, 0x61, 0x6e, 0x74, 0x73, 0x54, 0x6f, 0x55, 0x73, 0x65, 0x72, 0x12, 0x81, 0x01, 0x0a,
+	0x22, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x65, 0x63, 0x32,
+	0x5f, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x18, 0x41, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x70, 0x72, 0x65, 0x68,
+	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73,
+	0x63, 0x6f, 0x76, 0x65, 0x72, 0x45, 0x43, 0x32, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65,
+	0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00,
+	0x52, 0x1e, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x45, 0x63, 0x32, 0x49,
 	0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1e, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f,
-	0x76, 0x65, 0x72, 0x45, 0x63, 0x32, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x53, 0x65,
-	0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x62, 0x0a, 0x17, 0x75, 0x69, 0x5f, 0x64, 0x69,
-	0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x5f, 0x65, 0x69,
-	0x63, 0x65, 0x18, 0x42, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f,
-	0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63,
-	0x6f, 0x76, 0x65, 0x72, 0x44, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x45, 0x49, 0x43, 0x45, 0x45, 0x76,
-	0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x14, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
-	0x72, 0x44, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x45, 0x69, 0x63, 0x65, 0x12, 0x62, 0x0a, 0x17, 0x75,
-	0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74,
-	0x65, 0x5f, 0x6e, 0x6f, 0x64, 0x65, 0x18, 0x43, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x70,
-	0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49,
-	0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e, 0x6f,
-	0x64, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x14, 0x75, 0x69, 0x44, 0x69, 0x73,
-	0x63, 0x6f, 0x76, 0x65, 0x72, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x12,
-	0x64, 0x0a, 0x17, 0x64, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63,
-	0x74, 0x6f, 0x72, 0x79, 0x5f, 0x73, 0x68, 0x61, 0x72, 0x65, 0x18, 0x44, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x2a, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x2e, 0x44, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f,
-	0x72, 0x79, 0x53, 0x68, 0x61, 0x72, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x15,
-	0x64, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79,
-	0x53, 0x68, 0x61, 0x72, 0x65, 0x12, 0x65, 0x0a, 0x1a, 0x64, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70,
-	0x5f, 0x63, 0x6c, 0x69, 0x70, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x5f, 0x74, 0x72, 0x61, 0x6e, 0x73,
-	0x66, 0x65, 0x72, 0x18, 0x45, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x70, 0x72, 0x65, 0x68,
+	0x12, 0x62, 0x0a, 0x17, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f,
+	0x64, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x5f, 0x65, 0x69, 0x63, 0x65, 0x18, 0x42, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x29, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x65, 0x70,
+	0x6c, 0x6f, 0x79, 0x45, 0x49, 0x43, 0x45, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x14,
+	0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x44, 0x65, 0x70, 0x6c, 0x6f, 0x79,
+	0x45, 0x69, 0x63, 0x65, 0x12, 0x62, 0x0a, 0x17, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f,
+	0x76, 0x65, 0x72, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x6e, 0x6f, 0x64, 0x65, 0x18,
+	0x43, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
+	0x72, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74,
+	0x48, 0x00, 0x52, 0x14, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x43, 0x72,
+	0x65, 0x61, 0x74, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x64, 0x0a, 0x17, 0x64, 0x65, 0x73, 0x6b,
+	0x74, 0x6f, 0x70, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x5f, 0x73, 0x68,
+	0x61, 0x72, 0x65, 0x18, 0x44, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x70, 0x72, 0x65, 0x68,
 	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x44, 0x65, 0x73, 0x6b, 0x74,
-	0x6f, 0x70, 0x43, 0x6c, 0x69, 0x70, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x45, 0x76, 0x65, 0x6e, 0x74,
-	0x48, 0x00, 0x52, 0x18, 0x64, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70, 0x43, 0x6c, 0x69, 0x70, 0x62,
-	0x6f, 0x61, 0x72, 0x64, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x66, 0x65, 0x72, 0x12, 0x52, 0x0a, 0x11,
-	0x74, 0x61, 0x67, 0x5f, 0x65, 0x78, 0x65, 0x63, 0x75, 0x74, 0x65, 0x5f, 0x71, 0x75, 0x65, 0x72,
-	0x79, 0x18, 0x46, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x54, 0x41, 0x47, 0x45, 0x78, 0x65, 0x63,
-	0x75, 0x74, 0x65, 0x51, 0x75, 0x65, 0x72, 0x79, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52,
-	0x0f, 0x74, 0x61, 0x67, 0x45, 0x78, 0x65, 0x63, 0x75, 0x74, 0x65, 0x51, 0x75, 0x65, 0x72, 0x79,
-	0x12, 0x86, 0x01, 0x0a, 0x23, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75,
-	0x64, 0x69, 0x74, 0x5f, 0x73, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68,
-	0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x47, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35,
-	0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e,
-	0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x64, 0x69, 0x74, 0x53, 0x74, 0x6f,
-	0x72, 0x61, 0x67, 0x65, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x20, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6f, 0x70, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x53, 0x68, 0x61, 0x72, 0x65,
+	0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x15, 0x64, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70,
+	0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x53, 0x68, 0x61, 0x72, 0x65, 0x12, 0x65,
+	0x0a, 0x1a, 0x64, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70, 0x5f, 0x63, 0x6c, 0x69, 0x70, 0x62, 0x6f,
+	0x61, 0x72, 0x64, 0x5f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x66, 0x65, 0x72, 0x18, 0x45, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x25, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x2e, 0x44, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70, 0x43, 0x6c, 0x69, 0x70, 0x62,
+	0x6f, 0x61, 0x72, 0x64, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x18, 0x64, 0x65, 0x73,
+	0x6b, 0x74, 0x6f, 0x70, 0x43, 0x6c, 0x69, 0x70, 0x62, 0x6f, 0x61, 0x72, 0x64, 0x54, 0x72, 0x61,
+	0x6e, 0x73, 0x66, 0x65, 0x72, 0x12, 0x52, 0x0a, 0x11, 0x74, 0x61, 0x67, 0x5f, 0x65, 0x78, 0x65,
+	0x63, 0x75, 0x74, 0x65, 0x5f, 0x71, 0x75, 0x65, 0x72, 0x79, 0x18, 0x46, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x24, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x2e, 0x54, 0x41, 0x47, 0x45, 0x78, 0x65, 0x63, 0x75, 0x74, 0x65, 0x51, 0x75, 0x65, 0x72,
+	0x79, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x0f, 0x74, 0x61, 0x67, 0x45, 0x78, 0x65,
+	0x63, 0x75, 0x74, 0x65, 0x51, 0x75, 0x65, 0x72, 0x79, 0x12, 0x86, 0x01, 0x0a, 0x23, 0x65, 0x78,
+	0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x64, 0x69, 0x74, 0x5f, 0x73, 0x74, 0x6f,
+	0x72, 0x61, 0x67, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74,
+	0x65, 0x18, 0x47, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61,
 	0x6c, 0x41, 0x75, 0x64, 0x69, 0x74, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x41, 0x75, 0x74,
-	0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x6b, 0x0a, 0x1a, 0x73, 0x65, 0x63,
-	0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x67, 0x65, 0x74,
-	0x5f, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x48, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e,
-	0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x53,
-	0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x47, 0x65, 0x74,
-	0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x17, 0x73,
-	0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x47, 0x65, 0x74,
-	0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x4c, 0x0a, 0x0f, 0x61, 0x75, 0x64, 0x69, 0x74, 0x5f,
-	0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x72, 0x75, 0x6e, 0x18, 0x49, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x22, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
-	0x2e, 0x41, 0x75, 0x64, 0x69, 0x74, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x75, 0x6e, 0x45, 0x76,
-	0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x0d, 0x61, 0x75, 0x64, 0x69, 0x74, 0x51, 0x75, 0x65, 0x72,
-	0x79, 0x52, 0x75, 0x6e, 0x12, 0x59, 0x0a, 0x15, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72,
-	0x79, 0x5f, 0x66, 0x65, 0x74, 0x63, 0x68, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x4a, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x2e, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x46, 0x65,
-	0x74, 0x63, 0x68, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x13, 0x64, 0x69, 0x73, 0x63,
-	0x6f, 0x76, 0x65, 0x72, 0x79, 0x46, 0x65, 0x74, 0x63, 0x68, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12,
-	0x68, 0x0a, 0x19, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x72,
-	0x65, 0x76, 0x69, 0x65, 0x77, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x18, 0x4b, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65,
-	0x76, 0x69, 0x65, 0x77, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48,
-	0x00, 0x52, 0x16, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x76,
-	0x69, 0x65, 0x77, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x68, 0x0a, 0x19, 0x61, 0x63, 0x63,
-	0x65, 0x73, 0x73, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x76, 0x69, 0x65, 0x77, 0x5f,
-	0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x18, 0x4c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x70,
-	0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63,
-	0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x76, 0x69, 0x65, 0x77, 0x44, 0x65,
-	0x6c, 0x65, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x16, 0x61, 0x63, 0x63,
-	0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x76, 0x69, 0x65, 0x77, 0x44, 0x65, 0x6c,
-	0x65, 0x74, 0x65, 0x12, 0x74, 0x0a, 0x1d, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x69,
-	0x73, 0x74, 0x5f, 0x72, 0x65, 0x76, 0x69, 0x65, 0x77, 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x6c, 0x69,
-	0x61, 0x6e, 0x63, 0x65, 0x18, 0x4d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x70, 0x72, 0x65,
-	0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65,
-	0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x76, 0x69, 0x65, 0x77, 0x43, 0x6f, 0x6d, 0x70,
-	0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1a, 0x61,
-	0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x76, 0x69, 0x65, 0x77, 0x43,
-	0x6f, 0x6d, 0x70, 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x62, 0x0a, 0x18, 0x6d, 0x66, 0x61,
-	0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f,
-	0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x4e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70, 0x72,
-	0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x4d, 0x46, 0x41,
-	0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76,
-	0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x16, 0x6d, 0x66, 0x61, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e,
-	0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x55, 0x0a,
-	0x12, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x5f, 0x73, 0x76, 0x69, 0x64, 0x5f, 0x69, 0x73, 0x73,
-	0x75, 0x65, 0x64, 0x18, 0x4f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x70, 0x72, 0x65, 0x68,
-	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x53, 0x50, 0x49, 0x46, 0x46,
-	0x45, 0x53, 0x56, 0x49, 0x44, 0x49, 0x73, 0x73, 0x75, 0x65, 0x64, 0x45, 0x76, 0x65, 0x6e, 0x74,
-	0x48, 0x00, 0x52, 0x10, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x53, 0x76, 0x69, 0x64, 0x49, 0x73,
-	0x73, 0x75, 0x65, 0x64, 0x12, 0x5c, 0x0a, 0x15, 0x6f, 0x6b, 0x74, 0x61, 0x5f, 0x61, 0x63, 0x63,
-	0x65, 0x73, 0x73, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x73, 0x79, 0x6e, 0x63, 0x18, 0x50, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61,
-	0x6c, 0x70, 0x68, 0x61, 0x2e, 0x4f, 0x6b, 0x74, 0x61, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c,
-	0x69, 0x73, 0x74, 0x53, 0x79, 0x6e, 0x63, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x12,
-	0x6f, 0x6b, 0x74, 0x61, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x79,
-	0x6e, 0x63, 0x12, 0x5e, 0x0a, 0x15, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x75,
-	0x73, 0x65, 0x72, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x18, 0x51, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x28, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x55, 0x73, 0x65, 0x72, 0x43,
-	0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x13, 0x64,
-	0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x55, 0x73, 0x65, 0x72, 0x43, 0x72, 0x65, 0x61, 0x74,
-	0x65, 0x64, 0x12, 0x7f, 0x0a, 0x21, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x75,
-	0x73, 0x65, 0x72, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x5f,
-	0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x18, 0x52, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e,
-	0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x44,
-	0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x55, 0x73, 0x65, 0x72, 0x50, 0x65, 0x72, 0x6d, 0x69,
-	0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e,
-	0x74, 0x48, 0x00, 0x52, 0x1e, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x55, 0x73, 0x65,
-	0x72, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x55, 0x70, 0x64, 0x61,
-	0x74, 0x65, 0x64, 0x12, 0x84, 0x01, 0x0a, 0x23, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f,
-	0x76, 0x65, 0x72, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f,
-	0x76, 0x65, 0x72, 0x79, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x53, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x34, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x43, 0x72, 0x65,
-	0x61, 0x74, 0x65, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1f, 0x75, 0x69, 0x44, 0x69, 0x73,
-	0x63, 0x6f, 0x76, 0x65, 0x72, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x69, 0x73, 0x63, 0x6f,
-	0x76, 0x65, 0x72, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x77, 0x0a, 0x21, 0x75, 0x69,
-	0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x6b, 0x75, 0x62, 0x65, 0x5f, 0x65,
-	0x6b, 0x73, 0x5f, 0x65, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18,
-	0x54, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
-	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
-	0x72, 0x4b, 0x75, 0x62, 0x65, 0x45, 0x4b, 0x53, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x45, 0x76,
-	0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1c, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65,
-	0x72, 0x4b, 0x75, 0x62, 0x65, 0x45, 0x6b, 0x73, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x45, 0x76,
-	0x65, 0x6e, 0x74, 0x12, 0x7d, 0x0a, 0x23, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76,
-	0x65, 0x72, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x70, 0x70, 0x5f, 0x73, 0x65,
-	0x72, 0x76, 0x65, 0x72, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x55, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x2e, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x43, 0x72, 0x65, 0x61,
-	0x74, 0x65, 0x41, 0x70, 0x70, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x45, 0x76, 0x65, 0x6e, 0x74,
-	0x48, 0x00, 0x52, 0x1e, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x43, 0x72,
-	0x65, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x45, 0x76, 0x65,
-	0x6e, 0x74, 0x12, 0x65, 0x0a, 0x18, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x67, 0x72, 0x61,
-	0x70, 0x68, 0x5f, 0x67, 0x69, 0x74, 0x6c, 0x61, 0x62, 0x5f, 0x73, 0x63, 0x61, 0x6e, 0x18, 0x56,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31,
-	0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70,
-	0x68, 0x47, 0x69, 0x74, 0x6c, 0x61, 0x62, 0x53, 0x63, 0x61, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74,
-	0x48, 0x00, 0x52, 0x15, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x47,
-	0x69, 0x74, 0x6c, 0x61, 0x62, 0x53, 0x63, 0x61, 0x6e, 0x12, 0x94, 0x01, 0x0a, 0x29, 0x61, 0x63,
-	0x63, 0x65, 0x73, 0x73, 0x5f, 0x67, 0x72, 0x61, 0x70, 0x68, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65,
-	0x74, 0x73, 0x5f, 0x73, 0x63, 0x61, 0x6e, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
-	0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x57, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e,
+	0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00,
+	0x52, 0x20, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x64, 0x69, 0x74, 0x53,
+	0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61,
+	0x74, 0x65, 0x12, 0x6b, 0x0a, 0x1a, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x72,
+	0x65, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x67, 0x65, 0x74, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74,
+	0x18, 0x48, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79,
+	0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x47, 0x65, 0x74, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x45,
+	0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x17, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79,
+	0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x47, 0x65, 0x74, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12,
+	0x4c, 0x0a, 0x0f, 0x61, 0x75, 0x64, 0x69, 0x74, 0x5f, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x72,
+	0x75, 0x6e, 0x18, 0x49, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f,
+	0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x75, 0x64, 0x69, 0x74, 0x51,
+	0x75, 0x65, 0x72, 0x79, 0x52, 0x75, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x0d,
+	0x61, 0x75, 0x64, 0x69, 0x74, 0x51, 0x75, 0x65, 0x72, 0x79, 0x52, 0x75, 0x6e, 0x12, 0x59, 0x0a,
+	0x15, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, 0x66, 0x65, 0x74, 0x63, 0x68,
+	0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x4a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x70,
+	0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x44, 0x69,
+	0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x46, 0x65, 0x74, 0x63, 0x68, 0x45, 0x76, 0x65, 0x6e,
+	0x74, 0x48, 0x00, 0x52, 0x13, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x46, 0x65,
+	0x74, 0x63, 0x68, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x68, 0x0a, 0x19, 0x61, 0x63, 0x63, 0x65,
+	0x73, 0x73, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x76, 0x69, 0x65, 0x77, 0x5f, 0x63,
+	0x72, 0x65, 0x61, 0x74, 0x65, 0x18, 0x4b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x70, 0x72,
+	0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63, 0x63,
+	0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x76, 0x69, 0x65, 0x77, 0x43, 0x72, 0x65,
+	0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x16, 0x61, 0x63, 0x63, 0x65,
+	0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x76, 0x69, 0x65, 0x77, 0x43, 0x72, 0x65, 0x61,
+	0x74, 0x65, 0x12, 0x68, 0x0a, 0x19, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x69, 0x73,
+	0x74, 0x5f, 0x72, 0x65, 0x76, 0x69, 0x65, 0x77, 0x5f, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x18,
+	0x4c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73,
+	0x74, 0x52, 0x65, 0x76, 0x69, 0x65, 0x77, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x45, 0x76, 0x65,
+	0x6e, 0x74, 0x48, 0x00, 0x52, 0x16, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74,
+	0x52, 0x65, 0x76, 0x69, 0x65, 0x77, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x74, 0x0a, 0x1d,
+	0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x76, 0x69,
+	0x65, 0x77, 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, 0x18, 0x4d, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x52,
+	0x65, 0x76, 0x69, 0x65, 0x77, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, 0x45,
+	0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69,
+	0x73, 0x74, 0x52, 0x65, 0x76, 0x69, 0x65, 0x77, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x69, 0x61, 0x6e,
+	0x63, 0x65, 0x12, 0x62, 0x0a, 0x18, 0x6d, 0x66, 0x61, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e,
+	0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x4e,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x4d, 0x46, 0x41, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74,
+	0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x16,
+	0x6d, 0x66, 0x61, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x55, 0x0a, 0x12, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65,
+	0x5f, 0x73, 0x76, 0x69, 0x64, 0x5f, 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, 0x18, 0x4f, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x25, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+	0x70, 0x68, 0x61, 0x2e, 0x53, 0x50, 0x49, 0x46, 0x46, 0x45, 0x53, 0x56, 0x49, 0x44, 0x49, 0x73,
+	0x73, 0x75, 0x65, 0x64, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x10, 0x73, 0x70, 0x69,
+	0x66, 0x66, 0x65, 0x53, 0x76, 0x69, 0x64, 0x49, 0x73, 0x73, 0x75, 0x65, 0x64, 0x12, 0x5c, 0x0a,
+	0x15, 0x6f, 0x6b, 0x74, 0x61, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x69, 0x73,
+	0x74, 0x5f, 0x73, 0x79, 0x6e, 0x63, 0x18, 0x50, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x70,
+	0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x4f, 0x6b,
+	0x74, 0x61, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x79, 0x6e, 0x63,
+	0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x12, 0x6f, 0x6b, 0x74, 0x61, 0x41, 0x63, 0x63,
+	0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x79, 0x6e, 0x63, 0x12, 0x5e, 0x0a, 0x15, 0x64,
+	0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x63, 0x72, 0x65,
+	0x61, 0x74, 0x65, 0x64, 0x18, 0x51, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x70, 0x72, 0x65,
+	0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x44, 0x61, 0x74, 0x61,
+	0x62, 0x61, 0x73, 0x65, 0x55, 0x73, 0x65, 0x72, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x45,
+	0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x13, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65,
+	0x55, 0x73, 0x65, 0x72, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x12, 0x7f, 0x0a, 0x21, 0x64,
+	0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x65, 0x72,
+	0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64,
+	0x18, 0x52, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65,
+	0x55, 0x73, 0x65, 0x72, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x55,
+	0x70, 0x64, 0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1e, 0x64, 0x61,
+	0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x55, 0x73, 0x65, 0x72, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73,
+	0x73, 0x69, 0x6f, 0x6e, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x12, 0x84, 0x01, 0x0a,
+	0x23, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x63, 0x72, 0x65,
+	0x61, 0x74, 0x65, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x5f, 0x63, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x18, 0x53, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x70, 0x72, 0x65,
+	0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69,
+	0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x69, 0x73, 0x63,
+	0x6f, 0x76, 0x65, 0x72, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x76, 0x65, 0x6e, 0x74,
+	0x48, 0x00, 0x52, 0x1f, 0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x43, 0x72,
+	0x65, 0x61, 0x74, 0x65, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x12, 0x77, 0x0a, 0x21, 0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76,
+	0x65, 0x72, 0x5f, 0x6b, 0x75, 0x62, 0x65, 0x5f, 0x65, 0x6b, 0x73, 0x5f, 0x65, 0x6e, 0x72, 0x6f,
+	0x6c, 0x6c, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x54, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c,
+	0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e,
+	0x55, 0x49, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x4b, 0x75, 0x62, 0x65, 0x45, 0x4b,
+	0x53, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1c,
+	0x75, 0x69, 0x44, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x4b, 0x75, 0x62, 0x65, 0x45, 0x6b,
+	0x73, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x7d, 0x0a, 0x23,
+	0x75, 0x69, 0x5f, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x63, 0x72, 0x65, 0x61,
+	0x74, 0x65, 0x5f, 0x61, 0x70, 0x70, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x65, 0x76,
+	0x65, 0x6e, 0x74, 0x18, 0x55, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x70, 0x72, 0x65, 0x68,
+	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x44, 0x69, 0x73,
+	0x63, 0x6f, 0x76, 0x65, 0x72, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70, 0x53, 0x65,
+	0x72, 0x76, 0x65, 0x72, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1e, 0x75, 0x69, 0x44,
+	0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x70, 0x70,
+	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x65, 0x0a, 0x18, 0x61,
+	0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x67, 0x72, 0x61, 0x70, 0x68, 0x5f, 0x67, 0x69, 0x74, 0x6c,
+	0x61, 0x62, 0x5f, 0x73, 0x63, 0x61, 0x6e, 0x18, 0x56, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e,
 	0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41,
-	0x63, 0x63, 0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74,
-	0x73, 0x53, 0x63, 0x61, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x4b,
-	0x65, 0x79, 0x73, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x24, 0x61, 0x63, 0x63, 0x65,
-	0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x53, 0x63,
-	0x61, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x73,
-	0x12, 0x95, 0x01, 0x0a, 0x2a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x67, 0x72, 0x61, 0x70,
-	0x68, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x5f, 0x73, 0x63, 0x61, 0x6e, 0x5f, 0x73,
-	0x73, 0x68, 0x5f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18,
-	0x58, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
+	0x63, 0x63, 0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x47, 0x69, 0x74, 0x6c, 0x61, 0x62,
+	0x53, 0x63, 0x61, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x15, 0x61, 0x63, 0x63,
+	0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x47, 0x69, 0x74, 0x6c, 0x61, 0x62, 0x53, 0x63,
+	0x61, 0x6e, 0x12, 0x94, 0x01, 0x0a, 0x29, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x67, 0x72,
+	0x61, 0x70, 0x68, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x5f, 0x73, 0x63, 0x61, 0x6e,
+	0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x5f, 0x6b, 0x65, 0x79, 0x73,
+	0x18, 0x57, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x47, 0x72,
+	0x61, 0x70, 0x68, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x53, 0x63, 0x61, 0x6e, 0x41, 0x75,
+	0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x73, 0x45, 0x76, 0x65, 0x6e,
+	0x74, 0x48, 0x00, 0x52, 0x24, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68,
+	0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x53, 0x63, 0x61, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x6f,
+	0x72, 0x69, 0x7a, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x73, 0x12, 0x95, 0x01, 0x0a, 0x2a, 0x61, 0x63,
+	0x63, 0x65, 0x73, 0x73, 0x5f, 0x67, 0x72, 0x61, 0x70, 0x68, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65,
+	0x74, 0x73, 0x5f, 0x73, 0x63, 0x61, 0x6e, 0x5f, 0x73, 0x73, 0x68, 0x5f, 0x70, 0x72, 0x69, 0x76,
+	0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x58, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39,
+	0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e,
+	0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x53, 0x65, 0x63, 0x72, 0x65,
+	0x74, 0x73, 0x53, 0x63, 0x61, 0x6e, 0x53, 0x53, 0x48, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65,
+	0x4b, 0x65, 0x79, 0x73, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x24, 0x61, 0x63, 0x63,
+	0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x53,
+	0x63, 0x61, 0x6e, 0x53, 0x73, 0x68, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79,
+	0x73, 0x12, 0x5c, 0x0a, 0x15, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x67, 0x72, 0x61, 0x70,
+	0x68, 0x5f, 0x61, 0x77, 0x73, 0x5f, 0x73, 0x63, 0x61, 0x6e, 0x18, 0x59, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x27, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+	0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x41, 0x57, 0x53,
+	0x53, 0x63, 0x61, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x12, 0x61, 0x63, 0x63,
+	0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x41, 0x77, 0x73, 0x53, 0x63, 0x61, 0x6e, 0x12,
+	0x7b, 0x0a, 0x20, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x67, 0x72, 0x61, 0x70, 0x68, 0x5f,
+	0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x5f, 0x63, 0x68, 0x61, 0x6e,
+	0x67, 0x65, 0x64, 0x18, 0x5a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x70, 0x72, 0x65, 0x68,
+	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73,
+	0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x50, 0x61, 0x74, 0x68,
+	0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x64, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1c,
+	0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73,
+	0x73, 0x50, 0x61, 0x74, 0x68, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x64, 0x12, 0x78, 0x0a, 0x1f,
+	0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x67, 0x72, 0x61, 0x70, 0x68, 0x5f, 0x63, 0x72, 0x6f,
+	0x77, 0x6e, 0x5f, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x18,
+	0x5b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
 	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x47, 0x72, 0x61,
-	0x70, 0x68, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x53, 0x63, 0x61, 0x6e, 0x53, 0x53, 0x48,
-	0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x73, 0x45, 0x76, 0x65, 0x6e, 0x74,
-	0x48, 0x00, 0x52, 0x24, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x53,
-	0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x53, 0x63, 0x61, 0x6e, 0x53, 0x73, 0x68, 0x50, 0x72, 0x69,
-	0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x73, 0x12, 0x5c, 0x0a, 0x15, 0x61, 0x63, 0x63, 0x65,
-	0x73, 0x73, 0x5f, 0x67, 0x72, 0x61, 0x70, 0x68, 0x5f, 0x61, 0x77, 0x73, 0x5f, 0x73, 0x63, 0x61,
-	0x6e, 0x18, 0x59, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67,
-	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x47,
-	0x72, 0x61, 0x70, 0x68, 0x41, 0x57, 0x53, 0x53, 0x63, 0x61, 0x6e, 0x45, 0x76, 0x65, 0x6e, 0x74,
-	0x48, 0x00, 0x52, 0x12, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x41,
-	0x77, 0x73, 0x53, 0x63, 0x61, 0x6e, 0x12, 0x7b, 0x0a, 0x20, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73,
-	0x5f, 0x67, 0x72, 0x61, 0x70, 0x68, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x70, 0x61,
-	0x74, 0x68, 0x5f, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x64, 0x18, 0x5a, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x31, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x41, 0x63, 0x63,
-	0x65, 0x73, 0x73, 0x50, 0x61, 0x74, 0x68, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x64, 0x45, 0x76,
-	0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1c, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x47, 0x72, 0x61,
-	0x70, 0x68, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x50, 0x61, 0x74, 0x68, 0x43, 0x68, 0x61, 0x6e,
-	0x67, 0x65, 0x64, 0x12, 0x78, 0x0a, 0x1f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x67, 0x72,
-	0x61, 0x70, 0x68, 0x5f, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x5f, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x5f,
-	0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x18, 0x5b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x70,
-	0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x41, 0x63,
-	0x63, 0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65,
-	0x77, 0x65, 0x6c, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00,
-	0x52, 0x1b, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x43, 0x72, 0x6f,
-	0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x86, 0x01,
-	0x0a, 0x25, 0x75, 0x69, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x67, 0x72, 0x61, 0x70,
-	0x68, 0x5f, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x5f, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x5f, 0x64, 0x69,
-	0x66, 0x66, 0x5f, 0x76, 0x69, 0x65, 0x77, 0x18, 0x5c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e,
-	0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55,
-	0x49, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x43, 0x72, 0x6f, 0x77,
-	0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x44, 0x69, 0x66, 0x66, 0x56, 0x69, 0x65, 0x77, 0x45, 0x76,
-	0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1f, 0x75, 0x69, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x47,
-	0x72, 0x61, 0x70, 0x68, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x44, 0x69,
-	0x66, 0x66, 0x56, 0x69, 0x65, 0x77, 0x42, 0x07, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x4a,
+	0x70, 0x68, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x43, 0x72, 0x65, 0x61,
+	0x74, 0x65, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1b, 0x61, 0x63, 0x63, 0x65, 0x73,
+	0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c,
+	0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x86, 0x01, 0x0a, 0x25, 0x75, 0x69, 0x5f, 0x61, 0x63,
+	0x63, 0x65, 0x73, 0x73, 0x5f, 0x67, 0x72, 0x61, 0x70, 0x68, 0x5f, 0x63, 0x72, 0x6f, 0x77, 0x6e,
+	0x5f, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x5f, 0x64, 0x69, 0x66, 0x66, 0x5f, 0x76, 0x69, 0x65, 0x77,
+	0x18, 0x5c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x55, 0x49, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73,
+	0x47, 0x72, 0x61, 0x70, 0x68, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x44,
+	0x69, 0x66, 0x66, 0x56, 0x69, 0x65, 0x77, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x1f,
+	0x75, 0x69, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x47, 0x72, 0x61, 0x70, 0x68, 0x43, 0x72, 0x6f,
+	0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x44, 0x69, 0x66, 0x66, 0x56, 0x69, 0x65, 0x77, 0x12,
+	0x67, 0x0a, 0x18, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x63, 0x6f, 0x72,
+	0x64, 0x69, 0x6e, 0x67, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x5d, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x2b, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64,
+	0x69, 0x6e, 0x67, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00,
+	0x52, 0x16, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x69,
+	0x6e, 0x67, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x4c, 0x0a, 0x0f, 0x75, 0x73, 0x65, 0x72,
+	0x5f, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x5e, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x22, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73, 0x6b, 0x53, 0x74, 0x61, 0x74, 0x65,
+	0x45, 0x76, 0x65, 0x6e, 0x74, 0x48, 0x00, 0x52, 0x0d, 0x75, 0x73, 0x65, 0x72, 0x54, 0x61, 0x73,
+	0x6b, 0x53, 0x74, 0x61, 0x74, 0x65, 0x42, 0x07, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x4a,
 	0x04, 0x08, 0x08, 0x10, 0x09, 0x52, 0x1c, 0x75, 0x69, 0x5f, 0x6f, 0x6e, 0x62, 0x6f, 0x61, 0x72,
 	0x64, 0x5f, 0x67, 0x65, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x6c,
 	0x69, 0x63, 0x6b, 0x22, 0x15, 0x0a, 0x13, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x45, 0x76, 0x65,
@@ -10838,7 +11073,7 @@ var file_prehog_v1alpha_teleport_proto_rawDesc = []byte{
 	0x12, 0x19, 0x0a, 0x15, 0x44, 0x49, 0x53, 0x43, 0x4f, 0x56, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41,
 	0x54, 0x55, 0x53, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x03, 0x12, 0x1b, 0x0a, 0x17, 0x44,
 	0x49, 0x53, 0x43, 0x4f, 0x56, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x41,
-	0x42, 0x4f, 0x52, 0x54, 0x45, 0x44, 0x10, 0x04, 0x2a, 0xc1, 0x02, 0x0a, 0x03, 0x43, 0x54, 0x41,
+	0x42, 0x4f, 0x52, 0x54, 0x45, 0x44, 0x10, 0x04, 0x2a, 0xd4, 0x02, 0x0a, 0x03, 0x43, 0x54, 0x41,
 	0x12, 0x13, 0x0a, 0x0f, 0x43, 0x54, 0x41, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46,
 	0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x43, 0x54, 0x41, 0x5f, 0x41, 0x55, 0x54,
 	0x48, 0x5f, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x4f, 0x52, 0x10, 0x01, 0x12, 0x17, 0x0a,
@@ -10858,139 +11093,143 @@ var file_prehog_v1alpha_teleport_proto_rawDesc = []byte{
 	0x41, 0x4c, 0x5f, 0x41, 0x55, 0x44, 0x49, 0x54, 0x5f, 0x53, 0x54, 0x4f, 0x52, 0x41, 0x47, 0x45,
 	0x10, 0x0a, 0x12, 0x16, 0x0a, 0x12, 0x43, 0x54, 0x41, 0x5f, 0x4f, 0x4b, 0x54, 0x41, 0x5f, 0x55,
 	0x53, 0x45, 0x52, 0x5f, 0x53, 0x59, 0x4e, 0x43, 0x10, 0x0b, 0x12, 0x10, 0x0a, 0x0c, 0x43, 0x54,
-	0x41, 0x5f, 0x45, 0x4e, 0x54, 0x52, 0x41, 0x5f, 0x49, 0x44, 0x10, 0x0c, 0x2a, 0xbb, 0x08, 0x0a,
-	0x15, 0x49, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x72, 0x6f,
-	0x6c, 0x6c, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x27, 0x0a, 0x23, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52,
-	0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e,
-	0x44, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
-	0x21, 0x0a, 0x1d, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45,
-	0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x53, 0x4c, 0x41, 0x43, 0x4b,
-	0x10, 0x01, 0x12, 0x24, 0x0a, 0x20, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f,
-	0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x41, 0x57,
-	0x53, 0x5f, 0x4f, 0x49, 0x44, 0x43, 0x10, 0x02, 0x12, 0x25, 0x0a, 0x21, 0x49, 0x4e, 0x54, 0x45,
-	0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b,
-	0x49, 0x4e, 0x44, 0x5f, 0x50, 0x41, 0x47, 0x45, 0x52, 0x44, 0x55, 0x54, 0x59, 0x10, 0x03, 0x12,
-	0x21, 0x0a, 0x1d, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45,
-	0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x45, 0x4d, 0x41, 0x49, 0x4c,
-	0x10, 0x04, 0x12, 0x20, 0x0a, 0x1c, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f,
-	0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4a, 0x49,
-	0x52, 0x41, 0x10, 0x05, 0x12, 0x23, 0x0a, 0x1f, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54,
-	0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f,
-	0x44, 0x49, 0x53, 0x43, 0x4f, 0x52, 0x44, 0x10, 0x06, 0x12, 0x26, 0x0a, 0x22, 0x49, 0x4e, 0x54,
+	0x41, 0x5f, 0x45, 0x4e, 0x54, 0x52, 0x41, 0x5f, 0x49, 0x44, 0x10, 0x0c, 0x12, 0x11, 0x0a, 0x0d,
+	0x43, 0x54, 0x41, 0x5f, 0x4f, 0x4b, 0x54, 0x41, 0x5f, 0x53, 0x43, 0x49, 0x4d, 0x10, 0x0d, 0x2a,
+	0xe3, 0x08, 0x0a, 0x15, 0x49, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45,
+	0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x27, 0x0a, 0x23, 0x49, 0x4e, 0x54,
 	0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f,
-	0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d, 0x41, 0x54, 0x54, 0x45, 0x52, 0x4d, 0x4f, 0x53, 0x54, 0x10,
-	0x07, 0x12, 0x24, 0x0a, 0x20, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e,
-	0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d, 0x53, 0x5f,
-	0x54, 0x45, 0x41, 0x4d, 0x53, 0x10, 0x08, 0x12, 0x24, 0x0a, 0x20, 0x49, 0x4e, 0x54, 0x45, 0x47,
+	0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44,
+	0x10, 0x00, 0x12, 0x21, 0x0a, 0x1d, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f,
+	0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x53, 0x4c,
+	0x41, 0x43, 0x4b, 0x10, 0x01, 0x12, 0x24, 0x0a, 0x20, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41,
+	0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44,
+	0x5f, 0x41, 0x57, 0x53, 0x5f, 0x4f, 0x49, 0x44, 0x43, 0x10, 0x02, 0x12, 0x25, 0x0a, 0x21, 0x49,
+	0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c,
+	0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x50, 0x41, 0x47, 0x45, 0x52, 0x44, 0x55, 0x54, 0x59,
+	0x10, 0x03, 0x12, 0x21, 0x0a, 0x1d, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f,
+	0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x45, 0x4d,
+	0x41, 0x49, 0x4c, 0x10, 0x04, 0x12, 0x20, 0x0a, 0x1c, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41,
+	0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44,
+	0x5f, 0x4a, 0x49, 0x52, 0x41, 0x10, 0x05, 0x12, 0x23, 0x0a, 0x1f, 0x49, 0x4e, 0x54, 0x45, 0x47,
 	0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49,
-	0x4e, 0x44, 0x5f, 0x4f, 0x50, 0x53, 0x47, 0x45, 0x4e, 0x49, 0x45, 0x10, 0x09, 0x12, 0x20, 0x0a,
-	0x1c, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52,
-	0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4f, 0x4b, 0x54, 0x41, 0x10, 0x0a, 0x12,
-	0x20, 0x0a, 0x1c, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45,
-	0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4a, 0x41, 0x4d, 0x46, 0x10,
-	0x0b, 0x12, 0x26, 0x0a, 0x22, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e,
-	0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d, 0x41, 0x43,
-	0x48, 0x49, 0x4e, 0x45, 0x5f, 0x49, 0x44, 0x10, 0x0c, 0x12, 0x35, 0x0a, 0x31, 0x49, 0x4e, 0x54,
-	0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f,
-	0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x49, 0x44, 0x5f,
-	0x47, 0x49, 0x54, 0x48, 0x55, 0x42, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x10, 0x0d,
-	0x12, 0x2f, 0x0a, 0x2b, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f,
-	0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d, 0x41, 0x43, 0x48,
-	0x49, 0x4e, 0x45, 0x5f, 0x49, 0x44, 0x5f, 0x43, 0x49, 0x52, 0x43, 0x4c, 0x45, 0x43, 0x49, 0x10,
-	0x0e, 0x12, 0x2d, 0x0a, 0x29, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e,
-	0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d, 0x41, 0x43,
-	0x48, 0x49, 0x4e, 0x45, 0x5f, 0x49, 0x44, 0x5f, 0x47, 0x49, 0x54, 0x4c, 0x41, 0x42, 0x10, 0x0f,
-	0x12, 0x2e, 0x0a, 0x2a, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f,
-	0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d, 0x41, 0x43, 0x48,
-	0x49, 0x4e, 0x45, 0x5f, 0x49, 0x44, 0x5f, 0x4a, 0x45, 0x4e, 0x4b, 0x49, 0x4e, 0x53, 0x10, 0x10,
-	0x12, 0x2e, 0x0a, 0x2a, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f,
-	0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d, 0x41, 0x43, 0x48,
-	0x49, 0x4e, 0x45, 0x5f, 0x49, 0x44, 0x5f, 0x41, 0x4e, 0x53, 0x49, 0x42, 0x4c, 0x45, 0x10, 0x11,
-	0x12, 0x2a, 0x0a, 0x26, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f,
-	0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d, 0x41, 0x43, 0x48,
-	0x49, 0x4e, 0x45, 0x5f, 0x49, 0x44, 0x5f, 0x41, 0x57, 0x53, 0x10, 0x12, 0x12, 0x2a, 0x0a, 0x26,
+	0x4e, 0x44, 0x5f, 0x44, 0x49, 0x53, 0x43, 0x4f, 0x52, 0x44, 0x10, 0x06, 0x12, 0x26, 0x0a, 0x22,
+	0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f,
+	0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d, 0x41, 0x54, 0x54, 0x45, 0x52, 0x4d, 0x4f,
+	0x53, 0x54, 0x10, 0x07, 0x12, 0x24, 0x0a, 0x20, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54,
+	0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f,
+	0x4d, 0x53, 0x5f, 0x54, 0x45, 0x41, 0x4d, 0x53, 0x10, 0x08, 0x12, 0x24, 0x0a, 0x20, 0x49, 0x4e,
+	0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c,
+	0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4f, 0x50, 0x53, 0x47, 0x45, 0x4e, 0x49, 0x45, 0x10, 0x09,
+	0x12, 0x20, 0x0a, 0x1c, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f,
+	0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4f, 0x4b, 0x54, 0x41,
+	0x10, 0x0a, 0x12, 0x20, 0x0a, 0x1c, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f,
+	0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4a, 0x41,
+	0x4d, 0x46, 0x10, 0x0b, 0x12, 0x26, 0x0a, 0x22, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54,
+	0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f,
+	0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x49, 0x44, 0x10, 0x0c, 0x12, 0x35, 0x0a, 0x31,
 	0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f,
 	0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f,
-	0x49, 0x44, 0x5f, 0x47, 0x43, 0x50, 0x10, 0x13, 0x12, 0x2c, 0x0a, 0x28, 0x49, 0x4e, 0x54, 0x45,
-	0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b,
-	0x49, 0x4e, 0x44, 0x5f, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x49, 0x44, 0x5f, 0x41,
-	0x5a, 0x55, 0x52, 0x45, 0x10, 0x14, 0x12, 0x30, 0x0a, 0x2c, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52,
-	0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e,
-	0x44, 0x5f, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x49, 0x44, 0x5f, 0x53, 0x50, 0x41,
-	0x43, 0x45, 0x4c, 0x49, 0x46, 0x54, 0x10, 0x15, 0x12, 0x31, 0x0a, 0x2d, 0x49, 0x4e, 0x54, 0x45,
-	0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b,
-	0x49, 0x4e, 0x44, 0x5f, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x49, 0x44, 0x5f, 0x4b,
-	0x55, 0x42, 0x45, 0x52, 0x4e, 0x45, 0x54, 0x45, 0x53, 0x10, 0x16, 0x12, 0x24, 0x0a, 0x20, 0x49,
+	0x49, 0x44, 0x5f, 0x47, 0x49, 0x54, 0x48, 0x55, 0x42, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e,
+	0x53, 0x10, 0x0d, 0x12, 0x2f, 0x0a, 0x2b, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49,
+	0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d,
+	0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x49, 0x44, 0x5f, 0x43, 0x49, 0x52, 0x43, 0x4c, 0x45,
+	0x43, 0x49, 0x10, 0x0e, 0x12, 0x2d, 0x0a, 0x29, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54,
+	0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f,
+	0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x49, 0x44, 0x5f, 0x47, 0x49, 0x54, 0x4c, 0x41,
+	0x42, 0x10, 0x0f, 0x12, 0x2e, 0x0a, 0x2a, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49,
+	0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d,
+	0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x49, 0x44, 0x5f, 0x4a, 0x45, 0x4e, 0x4b, 0x49, 0x4e,
+	0x53, 0x10, 0x10, 0x12, 0x2e, 0x0a, 0x2a, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49,
+	0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d,
+	0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x49, 0x44, 0x5f, 0x41, 0x4e, 0x53, 0x49, 0x42, 0x4c,
+	0x45, 0x10, 0x11, 0x12, 0x2a, 0x0a, 0x26, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49,
+	0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d,
+	0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x49, 0x44, 0x5f, 0x41, 0x57, 0x53, 0x10, 0x12, 0x12,
+	0x2a, 0x0a, 0x26, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45,
+	0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d, 0x41, 0x43, 0x48, 0x49,
+	0x4e, 0x45, 0x5f, 0x49, 0x44, 0x5f, 0x47, 0x43, 0x50, 0x10, 0x13, 0x12, 0x2c, 0x0a, 0x28, 0x49,
 	0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c,
-	0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x45, 0x4e, 0x54, 0x52, 0x41, 0x5f, 0x49, 0x44, 0x10,
-	0x17, 0x12, 0x37, 0x0a, 0x33, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e,
-	0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x44, 0x41, 0x54,
-	0x41, 0x44, 0x4f, 0x47, 0x5f, 0x49, 0x4e, 0x43, 0x49, 0x44, 0x45, 0x4e, 0x54, 0x5f, 0x4d, 0x41,
-	0x4e, 0x41, 0x47, 0x45, 0x4d, 0x45, 0x4e, 0x54, 0x10, 0x18, 0x2a, 0x88, 0x01, 0x0a, 0x12, 0x45,
-	0x64, 0x69, 0x74, 0x6f, 0x72, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75,
-	0x73, 0x12, 0x24, 0x0a, 0x20, 0x45, 0x44, 0x49, 0x54, 0x4f, 0x52, 0x5f, 0x43, 0x48, 0x41, 0x4e,
-	0x47, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43,
-	0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x25, 0x0a, 0x21, 0x45, 0x44, 0x49, 0x54, 0x4f,
-	0x52, 0x5f, 0x43, 0x48, 0x41, 0x4e, 0x47, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f,
-	0x52, 0x4f, 0x4c, 0x45, 0x5f, 0x47, 0x52, 0x41, 0x4e, 0x54, 0x45, 0x44, 0x10, 0x01, 0x12, 0x25,
-	0x0a, 0x21, 0x45, 0x44, 0x49, 0x54, 0x4f, 0x52, 0x5f, 0x43, 0x48, 0x41, 0x4e, 0x47, 0x45, 0x5f,
-	0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x52, 0x4f, 0x4c, 0x45, 0x5f, 0x52, 0x45, 0x4d, 0x4f,
-	0x56, 0x45, 0x44, 0x10, 0x02, 0x2a, 0x3f, 0x0a, 0x07, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65,
-	0x12, 0x17, 0x0a, 0x13, 0x46, 0x45, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50,
-	0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1b, 0x0a, 0x17, 0x46, 0x45, 0x41,
-	0x54, 0x55, 0x52, 0x45, 0x5f, 0x54, 0x52, 0x55, 0x53, 0x54, 0x45, 0x44, 0x5f, 0x44, 0x45, 0x56,
-	0x49, 0x43, 0x45, 0x53, 0x10, 0x01, 0x2a, 0xa0, 0x01, 0x0a, 0x1b, 0x46, 0x65, 0x61, 0x74, 0x75,
-	0x72, 0x65, 0x52, 0x65, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x2d, 0x0a, 0x29, 0x46, 0x45, 0x41, 0x54, 0x55, 0x52,
-	0x45, 0x5f, 0x52, 0x45, 0x43, 0x4f, 0x4d, 0x4d, 0x45, 0x4e, 0x44, 0x41, 0x54, 0x49, 0x4f, 0x4e,
-	0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46,
-	0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x2a, 0x0a, 0x26, 0x46, 0x45, 0x41, 0x54, 0x55, 0x52, 0x45,
-	0x5f, 0x52, 0x45, 0x43, 0x4f, 0x4d, 0x4d, 0x45, 0x4e, 0x44, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f,
-	0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
-	0x01, 0x12, 0x26, 0x0a, 0x22, 0x46, 0x45, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x52, 0x45, 0x43,
+	0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x49,
+	0x44, 0x5f, 0x41, 0x5a, 0x55, 0x52, 0x45, 0x10, 0x14, 0x12, 0x30, 0x0a, 0x2c, 0x49, 0x4e, 0x54,
+	0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f,
+	0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x49, 0x44, 0x5f,
+	0x53, 0x50, 0x41, 0x43, 0x45, 0x4c, 0x49, 0x46, 0x54, 0x10, 0x15, 0x12, 0x31, 0x0a, 0x2d, 0x49,
+	0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c,
+	0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x49,
+	0x44, 0x5f, 0x4b, 0x55, 0x42, 0x45, 0x52, 0x4e, 0x45, 0x54, 0x45, 0x53, 0x10, 0x16, 0x12, 0x24,
+	0x0a, 0x20, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e,
+	0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x45, 0x4e, 0x54, 0x52, 0x41, 0x5f,
+	0x49, 0x44, 0x10, 0x17, 0x12, 0x37, 0x0a, 0x33, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54,
+	0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f,
+	0x44, 0x41, 0x54, 0x41, 0x44, 0x4f, 0x47, 0x5f, 0x49, 0x4e, 0x43, 0x49, 0x44, 0x45, 0x4e, 0x54,
+	0x5f, 0x4d, 0x41, 0x4e, 0x41, 0x47, 0x45, 0x4d, 0x45, 0x4e, 0x54, 0x10, 0x18, 0x12, 0x26, 0x0a,
+	0x22, 0x49, 0x4e, 0x54, 0x45, 0x47, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x45, 0x4e, 0x52,
+	0x4f, 0x4c, 0x4c, 0x5f, 0x4b, 0x49, 0x4e, 0x44, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45,
+	0x4e, 0x4f, 0x57, 0x10, 0x19, 0x2a, 0x88, 0x01, 0x0a, 0x12, 0x45, 0x64, 0x69, 0x74, 0x6f, 0x72,
+	0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x24, 0x0a, 0x20,
+	0x45, 0x44, 0x49, 0x54, 0x4f, 0x52, 0x5f, 0x43, 0x48, 0x41, 0x4e, 0x47, 0x45, 0x5f, 0x53, 0x54,
+	0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44,
+	0x10, 0x00, 0x12, 0x25, 0x0a, 0x21, 0x45, 0x44, 0x49, 0x54, 0x4f, 0x52, 0x5f, 0x43, 0x48, 0x41,
+	0x4e, 0x47, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x52, 0x4f, 0x4c, 0x45, 0x5f,
+	0x47, 0x52, 0x41, 0x4e, 0x54, 0x45, 0x44, 0x10, 0x01, 0x12, 0x25, 0x0a, 0x21, 0x45, 0x44, 0x49,
+	0x54, 0x4f, 0x52, 0x5f, 0x43, 0x48, 0x41, 0x4e, 0x47, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55,
+	0x53, 0x5f, 0x52, 0x4f, 0x4c, 0x45, 0x5f, 0x52, 0x45, 0x4d, 0x4f, 0x56, 0x45, 0x44, 0x10, 0x02,
+	0x2a, 0x3f, 0x0a, 0x07, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x17, 0x0a, 0x13, 0x46,
+	0x45, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49,
+	0x45, 0x44, 0x10, 0x00, 0x12, 0x1b, 0x0a, 0x17, 0x46, 0x45, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f,
+	0x54, 0x52, 0x55, 0x53, 0x54, 0x45, 0x44, 0x5f, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x53, 0x10,
+	0x01, 0x2a, 0xa0, 0x01, 0x0a, 0x1b, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x52, 0x65, 0x63,
+	0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75,
+	0x73, 0x12, 0x2d, 0x0a, 0x29, 0x46, 0x45, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x52, 0x45, 0x43,
 	0x4f, 0x4d, 0x4d, 0x45, 0x4e, 0x44, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, 0x54,
-	0x55, 0x53, 0x5f, 0x44, 0x4f, 0x4e, 0x45, 0x10, 0x02, 0x2a, 0x82, 0x01, 0x0a, 0x0c, 0x4c, 0x69,
-	0x63, 0x65, 0x6e, 0x73, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x1d, 0x0a, 0x19, 0x4c, 0x49,
-	0x43, 0x45, 0x4e, 0x53, 0x45, 0x5f, 0x4c, 0x49, 0x4d, 0x49, 0x54, 0x5f, 0x55, 0x4e, 0x53, 0x50,
-	0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x28, 0x0a, 0x24, 0x4c, 0x49, 0x43,
-	0x45, 0x4e, 0x53, 0x45, 0x5f, 0x4c, 0x49, 0x4d, 0x49, 0x54, 0x5f, 0x44, 0x45, 0x56, 0x49, 0x43,
-	0x45, 0x5f, 0x54, 0x52, 0x55, 0x53, 0x54, 0x5f, 0x54, 0x45, 0x41, 0x4d, 0x5f, 0x4a, 0x41, 0x4d,
-	0x46, 0x10, 0x01, 0x12, 0x29, 0x0a, 0x25, 0x4c, 0x49, 0x43, 0x45, 0x4e, 0x53, 0x45, 0x5f, 0x4c,
-	0x49, 0x4d, 0x49, 0x54, 0x5f, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x54, 0x52, 0x55, 0x53,
-	0x54, 0x5f, 0x54, 0x45, 0x41, 0x4d, 0x5f, 0x55, 0x53, 0x41, 0x47, 0x45, 0x10, 0x02, 0x32, 0xb4,
-	0x02, 0x0a, 0x18, 0x54, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72,
-	0x74, 0x69, 0x6e, 0x67, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x5b, 0x0a, 0x0b, 0x53,
-	0x75, 0x62, 0x6d, 0x69, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x22, 0x2e, 0x70, 0x72, 0x65,
-	0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x53, 0x75, 0x62, 0x6d,
-	0x69, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x23,
-	0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e,
-	0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x22, 0x03, 0x88, 0x02, 0x01, 0x12, 0x5b, 0x0a, 0x0c, 0x53, 0x75, 0x62, 0x6d,
-	0x69, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x23, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f,
+	0x55, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00,
+	0x12, 0x2a, 0x0a, 0x26, 0x46, 0x45, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x52, 0x45, 0x43, 0x4f,
+	0x4d, 0x4d, 0x45, 0x4e, 0x44, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55,
+	0x53, 0x5f, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x01, 0x12, 0x26, 0x0a, 0x22,
+	0x46, 0x45, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x52, 0x45, 0x43, 0x4f, 0x4d, 0x4d, 0x45, 0x4e,
+	0x44, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x44, 0x4f,
+	0x4e, 0x45, 0x10, 0x02, 0x2a, 0x82, 0x01, 0x0a, 0x0c, 0x4c, 0x69, 0x63, 0x65, 0x6e, 0x73, 0x65,
+	0x4c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x1d, 0x0a, 0x19, 0x4c, 0x49, 0x43, 0x45, 0x4e, 0x53, 0x45,
+	0x5f, 0x4c, 0x49, 0x4d, 0x49, 0x54, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49,
+	0x45, 0x44, 0x10, 0x00, 0x12, 0x28, 0x0a, 0x24, 0x4c, 0x49, 0x43, 0x45, 0x4e, 0x53, 0x45, 0x5f,
+	0x4c, 0x49, 0x4d, 0x49, 0x54, 0x5f, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x54, 0x52, 0x55,
+	0x53, 0x54, 0x5f, 0x54, 0x45, 0x41, 0x4d, 0x5f, 0x4a, 0x41, 0x4d, 0x46, 0x10, 0x01, 0x12, 0x29,
+	0x0a, 0x25, 0x4c, 0x49, 0x43, 0x45, 0x4e, 0x53, 0x45, 0x5f, 0x4c, 0x49, 0x4d, 0x49, 0x54, 0x5f,
+	0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x54, 0x52, 0x55, 0x53, 0x54, 0x5f, 0x54, 0x45, 0x41,
+	0x4d, 0x5f, 0x55, 0x53, 0x41, 0x47, 0x45, 0x10, 0x02, 0x32, 0xb4, 0x02, 0x0a, 0x18, 0x54, 0x65,
+	0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x69, 0x6e, 0x67, 0x53,
+	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x5b, 0x0a, 0x0b, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74,
+	0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x22, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76,
+	0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x45, 0x76, 0x65,
+	0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x23, 0x2e, 0x70, 0x72, 0x65, 0x68,
+	0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x53, 0x75, 0x62, 0x6d, 0x69,
+	0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x03,
+	0x88, 0x02, 0x01, 0x12, 0x5b, 0x0a, 0x0c, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x45, 0x76, 0x65,
+	0x6e, 0x74, 0x73, 0x12, 0x23, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61,
+	0x6c, 0x70, 0x68, 0x61, 0x2e, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74,
+	0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f,
 	0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74,
-	0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e,
-	0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x53,
-	0x75, 0x62, 0x6d, 0x69, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x5e, 0x0a, 0x0d, 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x54, 0x65,
-	0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x24, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e,
-	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x54, 0x65, 0x6c,
-	0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x70,
-	0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x48, 0x65,
-	0x6c, 0x6c, 0x6f, 0x54, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0xc9, 0x01, 0x0a, 0x12, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x72,
-	0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x42, 0x0d, 0x54, 0x65,
-	0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x4b, 0x67,
-	0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74,
-	0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x72,
-	0x65, 0x68, 0x6f, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x3b, 0x70, 0x72, 0x65,
-	0x68, 0x6f, 0x67, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0xa2, 0x02, 0x03, 0x50, 0x58, 0x58,
-	0xaa, 0x02, 0x0e, 0x50, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0xca, 0x02, 0x0e, 0x50, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70,
-	0x68, 0x61, 0xe2, 0x02, 0x1a, 0x50, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x5c, 0x56, 0x31, 0x61, 0x6c,
-	0x70, 0x68, 0x61, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea,
-	0x02, 0x0f, 0x50, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68,
-	0x61, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
+	0x12, 0x5e, 0x0a, 0x0d, 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x54, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72,
+	0x74, 0x12, 0x24, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
+	0x68, 0x61, 0x2e, 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x54, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67,
+	0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x2e, 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x54, 0x65,
+	0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
+	0x42, 0xc9, 0x01, 0x0a, 0x12, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2e,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x42, 0x0d, 0x54, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72,
+	0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x4b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
+	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x61, 0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x67, 0x65, 0x6e, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x2f,
+	0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x3b, 0x70, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x76, 0x31,
+	0x61, 0x6c, 0x70, 0x68, 0x61, 0xa2, 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x0e, 0x50, 0x72,
+	0x65, 0x68, 0x6f, 0x67, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0xca, 0x02, 0x0e, 0x50,
+	0x72, 0x65, 0x68, 0x6f, 0x67, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0xe2, 0x02, 0x1a,
+	0x50, 0x72, 0x65, 0x68, 0x6f, 0x67, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x5c, 0x47,
+	0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x0f, 0x50, 0x72, 0x65,
+	0x68, 0x6f, 0x67, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x62, 0x06, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -11006,7 +11245,7 @@ func file_prehog_v1alpha_teleport_proto_rawDescGZIP() []byte {
 }
 
 var file_prehog_v1alpha_teleport_proto_enumTypes = make([]protoimpl.EnumInfo, 13)
-var file_prehog_v1alpha_teleport_proto_msgTypes = make([]protoimpl.MessageInfo, 102)
+var file_prehog_v1alpha_teleport_proto_msgTypes = make([]protoimpl.MessageInfo, 104)
 var file_prehog_v1alpha_teleport_proto_goTypes = []interface{}{
 	(ResourceKind)(0),                // 0: prehog.v1alpha.ResourceKind
 	(UserKind)(0),                    // 1: prehog.v1alpha.UserKind
@@ -11117,14 +11356,16 @@ var file_prehog_v1alpha_teleport_proto_goTypes = []interface{}{
 	(*OktaAccessListSyncEvent)(nil),                           // 106: prehog.v1alpha.OktaAccessListSyncEvent
 	(*DatabaseUserCreatedEvent)(nil),                          // 107: prehog.v1alpha.DatabaseUserCreatedEvent
 	(*DatabaseUserPermissionsUpdateEvent)(nil),                // 108: prehog.v1alpha.DatabaseUserPermissionsUpdateEvent
-	(*SubmitEventRequest)(nil),                                // 109: prehog.v1alpha.SubmitEventRequest
-	(*SubmitEventResponse)(nil),                               // 110: prehog.v1alpha.SubmitEventResponse
-	(*SubmitEventsRequest)(nil),                               // 111: prehog.v1alpha.SubmitEventsRequest
-	(*SubmitEventsResponse)(nil),                              // 112: prehog.v1alpha.SubmitEventsResponse
-	(*HelloTeleportRequest)(nil),                              // 113: prehog.v1alpha.HelloTeleportRequest
-	(*HelloTeleportResponse)(nil),                             // 114: prehog.v1alpha.HelloTeleportResponse
-	(*durationpb.Duration)(nil),                               // 115: google.protobuf.Duration
-	(*timestamppb.Timestamp)(nil),                             // 116: google.protobuf.Timestamp
+	(*SessionRecordingAccessEvent)(nil),                       // 109: prehog.v1alpha.SessionRecordingAccessEvent
+	(*UserTaskStateEvent)(nil),                                // 110: prehog.v1alpha.UserTaskStateEvent
+	(*SubmitEventRequest)(nil),                                // 111: prehog.v1alpha.SubmitEventRequest
+	(*SubmitEventResponse)(nil),                               // 112: prehog.v1alpha.SubmitEventResponse
+	(*SubmitEventsRequest)(nil),                               // 113: prehog.v1alpha.SubmitEventsRequest
+	(*SubmitEventsResponse)(nil),                              // 114: prehog.v1alpha.SubmitEventsResponse
+	(*HelloTeleportRequest)(nil),                              // 115: prehog.v1alpha.HelloTeleportRequest
+	(*HelloTeleportResponse)(nil),                             // 116: prehog.v1alpha.HelloTeleportResponse
+	(*durationpb.Duration)(nil),                               // 117: google.protobuf.Duration
+	(*timestamppb.Timestamp)(nil),                             // 118: google.protobuf.Timestamp
 }
 var file_prehog_v1alpha_teleport_proto_depIdxs = []int32{
 	17,  // 0: prehog.v1alpha.ResourceCreateEvent.database:type_name -> prehog.v1alpha.DiscoveredDatabaseMetadata
@@ -11132,7 +11373,7 @@ var file_prehog_v1alpha_teleport_proto_depIdxs = []int32{
 	20,  // 2: prehog.v1alpha.SessionStartEvent.database:type_name -> prehog.v1alpha.SessionStartDatabaseMetadata
 	21,  // 3: prehog.v1alpha.SessionStartEvent.desktop:type_name -> prehog.v1alpha.SessionStartDesktopMetadata
 	1,   // 4: prehog.v1alpha.SessionStartEvent.user_kind:type_name -> prehog.v1alpha.UserKind
-	115, // 5: prehog.v1alpha.UserCertificateIssuedEvent.ttl:type_name -> google.protobuf.Duration
+	117, // 5: prehog.v1alpha.UserCertificateIssuedEvent.ttl:type_name -> google.protobuf.Duration
 	1,   // 6: prehog.v1alpha.SPIFFESVIDIssuedEvent.user_kind:type_name -> prehog.v1alpha.UserKind
 	2,   // 7: prehog.v1alpha.DiscoverResourceMetadata.resource:type_name -> prehog.v1alpha.DiscoverResource
 	3,   // 8: prehog.v1alpha.DiscoverStepStatus.status:type_name -> prehog.v1alpha.DiscoverStatus
@@ -11218,7 +11459,7 @@ var file_prehog_v1alpha_teleport_proto_depIdxs = []int32{
 	9,   // 88: prehog.v1alpha.LicenseLimitEvent.license_limit:type_name -> prehog.v1alpha.LicenseLimit
 	20,  // 89: prehog.v1alpha.DatabaseUserCreatedEvent.database:type_name -> prehog.v1alpha.SessionStartDatabaseMetadata
 	20,  // 90: prehog.v1alpha.DatabaseUserPermissionsUpdateEvent.database:type_name -> prehog.v1alpha.SessionStartDatabaseMetadata
-	116, // 91: prehog.v1alpha.SubmitEventRequest.timestamp:type_name -> google.protobuf.Timestamp
+	118, // 91: prehog.v1alpha.SubmitEventRequest.timestamp:type_name -> google.protobuf.Timestamp
 	13,  // 92: prehog.v1alpha.SubmitEventRequest.user_login:type_name -> prehog.v1alpha.UserLoginEvent
 	15,  // 93: prehog.v1alpha.SubmitEventRequest.sso_create:type_name -> prehog.v1alpha.SSOCreateEvent
 	16,  // 94: prehog.v1alpha.SubmitEventRequest.resource_create:type_name -> prehog.v1alpha.ResourceCreateEvent
@@ -11308,18 +11549,20 @@ var file_prehog_v1alpha_teleport_proto_depIdxs = []int32{
 	99,  // 178: prehog.v1alpha.SubmitEventRequest.access_graph_access_path_changed:type_name -> prehog.v1alpha.AccessGraphAccessPathChangedEvent
 	101, // 179: prehog.v1alpha.SubmitEventRequest.access_graph_crown_jewel_create:type_name -> prehog.v1alpha.AccessGraphCrownJewelCreateEvent
 	100, // 180: prehog.v1alpha.SubmitEventRequest.ui_access_graph_crown_jewel_diff_view:type_name -> prehog.v1alpha.UIAccessGraphCrownJewelDiffViewEvent
-	109, // 181: prehog.v1alpha.SubmitEventsRequest.events:type_name -> prehog.v1alpha.SubmitEventRequest
-	109, // 182: prehog.v1alpha.TeleportReportingService.SubmitEvent:input_type -> prehog.v1alpha.SubmitEventRequest
-	111, // 183: prehog.v1alpha.TeleportReportingService.SubmitEvents:input_type -> prehog.v1alpha.SubmitEventsRequest
-	113, // 184: prehog.v1alpha.TeleportReportingService.HelloTeleport:input_type -> prehog.v1alpha.HelloTeleportRequest
-	110, // 185: prehog.v1alpha.TeleportReportingService.SubmitEvent:output_type -> prehog.v1alpha.SubmitEventResponse
-	112, // 186: prehog.v1alpha.TeleportReportingService.SubmitEvents:output_type -> prehog.v1alpha.SubmitEventsResponse
-	114, // 187: prehog.v1alpha.TeleportReportingService.HelloTeleport:output_type -> prehog.v1alpha.HelloTeleportResponse
-	185, // [185:188] is the sub-list for method output_type
-	182, // [182:185] is the sub-list for method input_type
-	182, // [182:182] is the sub-list for extension type_name
-	182, // [182:182] is the sub-list for extension extendee
-	0,   // [0:182] is the sub-list for field type_name
+	109, // 181: prehog.v1alpha.SubmitEventRequest.session_recording_access:type_name -> prehog.v1alpha.SessionRecordingAccessEvent
+	110, // 182: prehog.v1alpha.SubmitEventRequest.user_task_state:type_name -> prehog.v1alpha.UserTaskStateEvent
+	111, // 183: prehog.v1alpha.SubmitEventsRequest.events:type_name -> prehog.v1alpha.SubmitEventRequest
+	111, // 184: prehog.v1alpha.TeleportReportingService.SubmitEvent:input_type -> prehog.v1alpha.SubmitEventRequest
+	113, // 185: prehog.v1alpha.TeleportReportingService.SubmitEvents:input_type -> prehog.v1alpha.SubmitEventsRequest
+	115, // 186: prehog.v1alpha.TeleportReportingService.HelloTeleport:input_type -> prehog.v1alpha.HelloTeleportRequest
+	112, // 187: prehog.v1alpha.TeleportReportingService.SubmitEvent:output_type -> prehog.v1alpha.SubmitEventResponse
+	114, // 188: prehog.v1alpha.TeleportReportingService.SubmitEvents:output_type -> prehog.v1alpha.SubmitEventsResponse
+	116, // 189: prehog.v1alpha.TeleportReportingService.HelloTeleport:output_type -> prehog.v1alpha.HelloTeleportResponse
+	187, // [187:190] is the sub-list for method output_type
+	184, // [184:187] is the sub-list for method input_type
+	184, // [184:184] is the sub-list for extension type_name
+	184, // [184:184] is the sub-list for extension extendee
+	0,   // [0:184] is the sub-list for field type_name
 }
 
 func init() { file_prehog_v1alpha_teleport_proto_init() }
@@ -12481,7 +12724,7 @@ func file_prehog_v1alpha_teleport_proto_init() {
 			}
 		}
 		file_prehog_v1alpha_teleport_proto_msgTypes[96].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SubmitEventRequest); i {
+			switch v := v.(*SessionRecordingAccessEvent); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -12493,7 +12736,7 @@ func file_prehog_v1alpha_teleport_proto_init() {
 			}
 		}
 		file_prehog_v1alpha_teleport_proto_msgTypes[97].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SubmitEventResponse); i {
+			switch v := v.(*UserTaskStateEvent); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -12505,7 +12748,7 @@ func file_prehog_v1alpha_teleport_proto_init() {
 			}
 		}
 		file_prehog_v1alpha_teleport_proto_msgTypes[98].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SubmitEventsRequest); i {
+			switch v := v.(*SubmitEventRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -12517,7 +12760,7 @@ func file_prehog_v1alpha_teleport_proto_init() {
 			}
 		}
 		file_prehog_v1alpha_teleport_proto_msgTypes[99].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SubmitEventsResponse); i {
+			switch v := v.(*SubmitEventResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -12529,7 +12772,7 @@ func file_prehog_v1alpha_teleport_proto_init() {
 			}
 		}
 		file_prehog_v1alpha_teleport_proto_msgTypes[100].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HelloTeleportRequest); i {
+			switch v := v.(*SubmitEventsRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -12541,6 +12784,30 @@ func file_prehog_v1alpha_teleport_proto_init() {
 			}
 		}
 		file_prehog_v1alpha_teleport_proto_msgTypes[101].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SubmitEventsResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_prehog_v1alpha_teleport_proto_msgTypes[102].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*HelloTeleportRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_prehog_v1alpha_teleport_proto_msgTypes[103].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*HelloTeleportResponse); i {
 			case 0:
 				return &v.state
@@ -12553,7 +12820,7 @@ func file_prehog_v1alpha_teleport_proto_init() {
 			}
 		}
 	}
-	file_prehog_v1alpha_teleport_proto_msgTypes[96].OneofWrappers = []interface{}{
+	file_prehog_v1alpha_teleport_proto_msgTypes[98].OneofWrappers = []interface{}{
 		(*SubmitEventRequest_UserLogin)(nil),
 		(*SubmitEventRequest_SsoCreate)(nil),
 		(*SubmitEventRequest_ResourceCreate)(nil),
@@ -12643,6 +12910,8 @@ func file_prehog_v1alpha_teleport_proto_init() {
 		(*SubmitEventRequest_AccessGraphAccessPathChanged)(nil),
 		(*SubmitEventRequest_AccessGraphCrownJewelCreate)(nil),
 		(*SubmitEventRequest_UiAccessGraphCrownJewelDiffView)(nil),
+		(*SubmitEventRequest_SessionRecordingAccess)(nil),
+		(*SubmitEventRequest_UserTaskState)(nil),
 	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
@@ -12650,7 +12919,7 @@ func file_prehog_v1alpha_teleport_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_prehog_v1alpha_teleport_proto_rawDesc,
 			NumEnums:      13,
-			NumMessages:   102,
+			NumMessages:   104,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
diff --git a/gen/proto/ts/prehog/v1alpha/teleport_pb.ts b/gen/proto/ts/prehog/v1alpha/teleport_pb.ts
index aad39193e6701..5b089b63528df 100644
--- a/gen/proto/ts/prehog/v1alpha/teleport_pb.ts
+++ b/gen/proto/ts/prehog/v1alpha/teleport_pb.ts
@@ -2529,6 +2529,92 @@ export interface DatabaseUserPermissionsUpdateEvent {
      */
     numTablesPermissions: number;
 }
+/**
+ * SessionRecordingAccessEvent is emitted when the user accesses a session
+ * recording.
+ *
+ * PostHog event: tp.recording.access
+ *
+ * @generated from protobuf message prehog.v1alpha.SessionRecordingAccessEvent
+ */
+export interface SessionRecordingAccessEvent {
+    /**
+     * session_type is type of the session, should be
+     * "ssh"/"k8s"/"db"/"app"/"desktop" (matching the values for
+     * api/types.SessionKind).
+     *
+     * PostHog property: tp.session_type
+     *
+     * @generated from protobuf field: string session_type = 1;
+     */
+    sessionType: string;
+    /**
+     * user_name is the anonymized Teleport username, 32 bytes (HMAC-SHA-256)
+     * encoded in base64.
+     *
+     * PostHog property: tp.user_name
+     *
+     * @generated from protobuf field: string user_name = 2;
+     */
+    userName: string;
+    /**
+     * format is the format the session recording was accessed.
+     * One of text/json/yaml/pty. pty being the interactive session player.
+     *
+     * PostHog property: tp.recording.format
+     *
+     * @generated from protobuf field: string format = 3;
+     */
+    format: string;
+}
+/**
+ * UserTaskStateEvent is emitted when a UserTask state changes.
+ * This can happen when the Task is created, when it's manually
+ * resolved by the user or when it changes back to being open
+ * when the issue happens again.
+ *
+ * PostHog event: tp.usertask.state
+ *
+ * @generated from protobuf message prehog.v1alpha.UserTaskStateEvent
+ */
+export interface UserTaskStateEvent {
+    /**
+     * task_type is the identifier for the type of task.
+     * Eg, discover-ec2
+     *
+     * PostHog property: tp.usertask.task_type
+     *
+     * @generated from protobuf field: string task_type = 1;
+     */
+    taskType: string;
+    /**
+     * issue_type is the identifier for the type of issue that occurred.
+     *
+     * PostHog property: tp.usertask.issue_type
+     *
+     * @generated from protobuf field: string issue_type = 2;
+     */
+    issueType: string;
+    /**
+     * state identifies the new state for this task.
+     * One of: OPEN, RESOLVED
+     *
+     * PostHog property: tp.usertask.state
+     *
+     * @generated from protobuf field: string state = 3;
+     */
+    state: string;
+    /**
+     * instances_count contains the number of instances that were affected by the issue
+     * This field is only present for the following task_types:
+     * - discover-ec2
+     *
+     * PostHog property: tp.usertask.discover_ec2.instances_count
+     *
+     * @generated from protobuf field: int32 instances_count = 4;
+     */
+    instancesCount: number;
+}
 /**
  * @generated from protobuf message prehog.v1alpha.SubmitEventRequest
  */
@@ -3093,6 +3179,18 @@ export interface SubmitEventRequest {
          * @generated from protobuf field: prehog.v1alpha.UIAccessGraphCrownJewelDiffViewEvent ui_access_graph_crown_jewel_diff_view = 92;
          */
         uiAccessGraphCrownJewelDiffView: UIAccessGraphCrownJewelDiffViewEvent;
+    } | {
+        oneofKind: "sessionRecordingAccess";
+        /**
+         * @generated from protobuf field: prehog.v1alpha.SessionRecordingAccessEvent session_recording_access = 93;
+         */
+        sessionRecordingAccess: SessionRecordingAccessEvent;
+    } | {
+        oneofKind: "userTaskState";
+        /**
+         * @generated from protobuf field: prehog.v1alpha.UserTaskStateEvent user_task_state = 94;
+         */
+        userTaskState: UserTaskStateEvent;
     } | {
         oneofKind: undefined;
     };
@@ -3500,7 +3598,11 @@ export enum CTA {
     /**
      * @generated from protobuf enum value: CTA_ENTRA_ID = 12;
      */
-    CTA_ENTRA_ID = 12
+    CTA_ENTRA_ID = 12,
+    /**
+     * @generated from protobuf enum value: CTA_OKTA_SCIM = 13;
+     */
+    CTA_OKTA_SCIM = 13
 }
 /**
  * IntegrationEnrollKind represents the types of integration that
@@ -3608,7 +3710,11 @@ export enum IntegrationEnrollKind {
     /**
      * @generated from protobuf enum value: INTEGRATION_ENROLL_KIND_DATADOG_INCIDENT_MANAGEMENT = 24;
      */
-    DATADOG_INCIDENT_MANAGEMENT = 24
+    DATADOG_INCIDENT_MANAGEMENT = 24,
+    /**
+     * @generated from protobuf enum value: INTEGRATION_ENROLL_KIND_SERVICENOW = 25;
+     */
+    SERVICENOW = 25
 }
 /**
  * EditorChangeStatus is the possible value of an EditorChangeEvent event status
@@ -9626,6 +9732,140 @@ class DatabaseUserPermissionsUpdateEvent$Type extends MessageType {
+    constructor() {
+        super("prehog.v1alpha.SessionRecordingAccessEvent", [
+            { no: 1, name: "session_type", kind: "scalar", T: 9 /*ScalarType.STRING*/ },
+            { no: 2, name: "user_name", kind: "scalar", T: 9 /*ScalarType.STRING*/ },
+            { no: 3, name: "format", kind: "scalar", T: 9 /*ScalarType.STRING*/ }
+        ]);
+    }
+    create(value?: PartialMessage): SessionRecordingAccessEvent {
+        const message = globalThis.Object.create((this.messagePrototype!));
+        message.sessionType = "";
+        message.userName = "";
+        message.format = "";
+        if (value !== undefined)
+            reflectionMergePartial(this, message, value);
+        return message;
+    }
+    internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: SessionRecordingAccessEvent): SessionRecordingAccessEvent {
+        let message = target ?? this.create(), end = reader.pos + length;
+        while (reader.pos < end) {
+            let [fieldNo, wireType] = reader.tag();
+            switch (fieldNo) {
+                case /* string session_type */ 1:
+                    message.sessionType = reader.string();
+                    break;
+                case /* string user_name */ 2:
+                    message.userName = reader.string();
+                    break;
+                case /* string format */ 3:
+                    message.format = reader.string();
+                    break;
+                default:
+                    let u = options.readUnknownField;
+                    if (u === "throw")
+                        throw new globalThis.Error(`Unknown field ${fieldNo} (wire type ${wireType}) for ${this.typeName}`);
+                    let d = reader.skip(wireType);
+                    if (u !== false)
+                        (u === true ? UnknownFieldHandler.onRead : u)(this.typeName, message, fieldNo, wireType, d);
+            }
+        }
+        return message;
+    }
+    internalBinaryWrite(message: SessionRecordingAccessEvent, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter {
+        /* string session_type = 1; */
+        if (message.sessionType !== "")
+            writer.tag(1, WireType.LengthDelimited).string(message.sessionType);
+        /* string user_name = 2; */
+        if (message.userName !== "")
+            writer.tag(2, WireType.LengthDelimited).string(message.userName);
+        /* string format = 3; */
+        if (message.format !== "")
+            writer.tag(3, WireType.LengthDelimited).string(message.format);
+        let u = options.writeUnknownFields;
+        if (u !== false)
+            (u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer);
+        return writer;
+    }
+}
+/**
+ * @generated MessageType for protobuf message prehog.v1alpha.SessionRecordingAccessEvent
+ */
+export const SessionRecordingAccessEvent = new SessionRecordingAccessEvent$Type();
+// @generated message type with reflection information, may provide speed optimized methods
+class UserTaskStateEvent$Type extends MessageType {
+    constructor() {
+        super("prehog.v1alpha.UserTaskStateEvent", [
+            { no: 1, name: "task_type", kind: "scalar", T: 9 /*ScalarType.STRING*/ },
+            { no: 2, name: "issue_type", kind: "scalar", T: 9 /*ScalarType.STRING*/ },
+            { no: 3, name: "state", kind: "scalar", T: 9 /*ScalarType.STRING*/ },
+            { no: 4, name: "instances_count", kind: "scalar", T: 5 /*ScalarType.INT32*/ }
+        ]);
+    }
+    create(value?: PartialMessage): UserTaskStateEvent {
+        const message = globalThis.Object.create((this.messagePrototype!));
+        message.taskType = "";
+        message.issueType = "";
+        message.state = "";
+        message.instancesCount = 0;
+        if (value !== undefined)
+            reflectionMergePartial(this, message, value);
+        return message;
+    }
+    internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: UserTaskStateEvent): UserTaskStateEvent {
+        let message = target ?? this.create(), end = reader.pos + length;
+        while (reader.pos < end) {
+            let [fieldNo, wireType] = reader.tag();
+            switch (fieldNo) {
+                case /* string task_type */ 1:
+                    message.taskType = reader.string();
+                    break;
+                case /* string issue_type */ 2:
+                    message.issueType = reader.string();
+                    break;
+                case /* string state */ 3:
+                    message.state = reader.string();
+                    break;
+                case /* int32 instances_count */ 4:
+                    message.instancesCount = reader.int32();
+                    break;
+                default:
+                    let u = options.readUnknownField;
+                    if (u === "throw")
+                        throw new globalThis.Error(`Unknown field ${fieldNo} (wire type ${wireType}) for ${this.typeName}`);
+                    let d = reader.skip(wireType);
+                    if (u !== false)
+                        (u === true ? UnknownFieldHandler.onRead : u)(this.typeName, message, fieldNo, wireType, d);
+            }
+        }
+        return message;
+    }
+    internalBinaryWrite(message: UserTaskStateEvent, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter {
+        /* string task_type = 1; */
+        if (message.taskType !== "")
+            writer.tag(1, WireType.LengthDelimited).string(message.taskType);
+        /* string issue_type = 2; */
+        if (message.issueType !== "")
+            writer.tag(2, WireType.LengthDelimited).string(message.issueType);
+        /* string state = 3; */
+        if (message.state !== "")
+            writer.tag(3, WireType.LengthDelimited).string(message.state);
+        /* int32 instances_count = 4; */
+        if (message.instancesCount !== 0)
+            writer.tag(4, WireType.Varint).int32(message.instancesCount);
+        let u = options.writeUnknownFields;
+        if (u !== false)
+            (u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer);
+        return writer;
+    }
+}
+/**
+ * @generated MessageType for protobuf message prehog.v1alpha.UserTaskStateEvent
+ */
+export const UserTaskStateEvent = new UserTaskStateEvent$Type();
+// @generated message type with reflection information, may provide speed optimized methods
 class SubmitEventRequest$Type extends MessageType {
     constructor() {
         super("prehog.v1alpha.SubmitEventRequest", [
@@ -9719,7 +9959,9 @@ class SubmitEventRequest$Type extends MessageType {
             { no: 89, name: "access_graph_aws_scan", kind: "message", oneof: "event", T: () => AccessGraphAWSScanEvent },
             { no: 90, name: "access_graph_access_path_changed", kind: "message", oneof: "event", T: () => AccessGraphAccessPathChangedEvent },
             { no: 91, name: "access_graph_crown_jewel_create", kind: "message", oneof: "event", T: () => AccessGraphCrownJewelCreateEvent },
-            { no: 92, name: "ui_access_graph_crown_jewel_diff_view", kind: "message", oneof: "event", T: () => UIAccessGraphCrownJewelDiffViewEvent }
+            { no: 92, name: "ui_access_graph_crown_jewel_diff_view", kind: "message", oneof: "event", T: () => UIAccessGraphCrownJewelDiffViewEvent },
+            { no: 93, name: "session_recording_access", kind: "message", oneof: "event", T: () => SessionRecordingAccessEvent },
+            { no: 94, name: "user_task_state", kind: "message", oneof: "event", T: () => UserTaskStateEvent }
         ]);
     }
     create(value?: PartialMessage): SubmitEventRequest {
@@ -10275,6 +10517,18 @@ class SubmitEventRequest$Type extends MessageType {
                         uiAccessGraphCrownJewelDiffView: UIAccessGraphCrownJewelDiffViewEvent.internalBinaryRead(reader, reader.uint32(), options, (message.event as any).uiAccessGraphCrownJewelDiffView)
                     };
                     break;
+                case /* prehog.v1alpha.SessionRecordingAccessEvent session_recording_access */ 93:
+                    message.event = {
+                        oneofKind: "sessionRecordingAccess",
+                        sessionRecordingAccess: SessionRecordingAccessEvent.internalBinaryRead(reader, reader.uint32(), options, (message.event as any).sessionRecordingAccess)
+                    };
+                    break;
+                case /* prehog.v1alpha.UserTaskStateEvent user_task_state */ 94:
+                    message.event = {
+                        oneofKind: "userTaskState",
+                        userTaskState: UserTaskStateEvent.internalBinaryRead(reader, reader.uint32(), options, (message.event as any).userTaskState)
+                    };
+                    break;
                 default:
                     let u = options.readUnknownField;
                     if (u === "throw")
@@ -10560,6 +10814,12 @@ class SubmitEventRequest$Type extends MessageType {
         /* prehog.v1alpha.UIAccessGraphCrownJewelDiffViewEvent ui_access_graph_crown_jewel_diff_view = 92; */
         if (message.event.oneofKind === "uiAccessGraphCrownJewelDiffView")
             UIAccessGraphCrownJewelDiffViewEvent.internalBinaryWrite(message.event.uiAccessGraphCrownJewelDiffView, writer.tag(92, WireType.LengthDelimited).fork(), options).join();
+        /* prehog.v1alpha.SessionRecordingAccessEvent session_recording_access = 93; */
+        if (message.event.oneofKind === "sessionRecordingAccess")
+            SessionRecordingAccessEvent.internalBinaryWrite(message.event.sessionRecordingAccess, writer.tag(93, WireType.LengthDelimited).fork(), options).join();
+        /* prehog.v1alpha.UserTaskStateEvent user_task_state = 94; */
+        if (message.event.oneofKind === "userTaskState")
+            UserTaskStateEvent.internalBinaryWrite(message.event.userTaskState, writer.tag(94, WireType.LengthDelimited).fork(), options).join();
         let u = options.writeUnknownFields;
         if (u !== false)
             (u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer);
diff --git a/gen/proto/ts/teleport/accesslist/v1/accesslist_pb.ts b/gen/proto/ts/teleport/accesslist/v1/accesslist_pb.ts
index 4ba7f2b2e7f27..11062df8a111e 100644
--- a/gen/proto/ts/teleport/accesslist/v1/accesslist_pb.ts
+++ b/gen/proto/ts/teleport/accesslist/v1/accesslist_pb.ts
@@ -46,7 +46,7 @@ export interface AccessList {
      */
     header?: ResourceHeader;
     /**
-     * spec is the specification for the access list.
+     * spec is the specification for the Access List.
      *
      * @generated from protobuf field: teleport.accesslist.v1.AccessListSpec spec = 2;
      */
@@ -59,32 +59,32 @@ export interface AccessList {
     status?: AccessListStatus;
 }
 /**
- * AccessListSpec is the specification for an access list.
+ * AccessListSpec is the specification for an Access List.
  *
  * @generated from protobuf message teleport.accesslist.v1.AccessListSpec
  */
 export interface AccessListSpec {
     /**
-     * description is an optional plaintext description of the access list.
+     * description is an optional plaintext description of the Access List.
      *
      * @generated from protobuf field: string description = 1;
      */
     description: string;
     /**
-     * owners is a list of owners of the access list.
+     * owners is a list of owners of the Access List.
      *
      * @generated from protobuf field: repeated teleport.accesslist.v1.AccessListOwner owners = 2;
      */
     owners: AccessListOwner[];
     /**
-     * audit describes the frequency that this access list must be audited.
+     * audit describes the frequency that this Access List must be audited.
      *
      * @generated from protobuf field: teleport.accesslist.v1.AccessListAudit audit = 3;
      */
     audit?: AccessListAudit;
     /**
      * membership_requires describes the requirements for a user to be a member of
-     * the access list. For a membership to an access list to be effective, the
+     * the Access List. For a membership to an Access List to be effective, the
      * user must meet the requirements of Membership_requires and must be in the
      * members list.
      *
@@ -93,7 +93,7 @@ export interface AccessListSpec {
     membershipRequires?: AccessListRequires;
     /**
      * ownership_requires describes the requirements for a user to be an owner of
-     * the access list. For ownership of an access list to be effective, the user
+     * the Access List. For ownership of an Access List to be effective, the user
      * must meet the requirements of ownership_requires and must be in the owners
      * list.
      *
@@ -101,26 +101,26 @@ export interface AccessListSpec {
      */
     ownershipRequires?: AccessListRequires;
     /**
-     * grants describes the access granted by membership to this access list.
+     * grants describes the access granted by membership to this Access List.
      *
      * @generated from protobuf field: teleport.accesslist.v1.AccessListGrants grants = 6;
      */
     grants?: AccessListGrants;
     /**
-     * title is a plaintext short description of the access list.
+     * title is a plaintext short description of the Access List.
      *
      * @generated from protobuf field: string title = 8;
      */
     title: string;
     /**
-     * owner_grants describes the access granted by owners to this access list.
+     * owner_grants describes the access granted by owners to this Access List.
      *
      * @generated from protobuf field: teleport.accesslist.v1.AccessListGrants owner_grants = 11;
      */
     ownerGrants?: AccessListGrants;
 }
 /**
- * AccessListOwner is an owner of an access list.
+ * AccessListOwner is an owner of an Access List.
  *
  * @generated from protobuf message teleport.accesslist.v1.AccessListOwner
  */
@@ -147,7 +147,7 @@ export interface AccessListOwner {
     ineligibleStatus: IneligibleStatus;
 }
 /**
- * AccessListAudit describes the audit configuration for an access list.
+ * AccessListAudit describes the audit configuration for an Access List.
  *
  * @generated from protobuf message teleport.accesslist.v1.AccessListAudit
  */
@@ -209,7 +209,7 @@ export interface Notifications {
     start?: Duration;
 }
 /**
- * AccessListRequires describes a requirement section for an access list. A user
+ * AccessListRequires describes a requirement section for an Access List. A user
  * must meet the following criteria to obtain the specific access to the list.
  *
  * @generated from protobuf message teleport.accesslist.v1.AccessListRequires
@@ -230,29 +230,29 @@ export interface AccessListRequires {
     traits: Trait[];
 }
 /**
- * AccessListGrants describes what access is granted by membership to the access
- * list.
+ * AccessListGrants describes what access is granted by membership to the Access
+ * List.
  *
  * @generated from protobuf message teleport.accesslist.v1.AccessListGrants
  */
 export interface AccessListGrants {
     /**
-     * roles are the roles that are granted to users who are members of the access
-     * list.
+     * roles are the roles that are granted to users who are members of the Access
+     * List.
      *
      * @generated from protobuf field: repeated string roles = 1;
      */
     roles: string[];
     /**
      * traits are the traits that are granted to users who are members of the
-     * access list.
+     * Access List.
      *
      * @generated from protobuf field: repeated teleport.trait.v1.Trait traits = 2;
      */
     traits: Trait[];
 }
 /**
- * Member describes a member of an access list.
+ * Member describes a member of an Access List.
  *
  * @generated from protobuf message teleport.accesslist.v1.Member
  */
@@ -264,50 +264,50 @@ export interface Member {
      */
     header?: ResourceHeader;
     /**
-     * spec is the specification for the access list member.
+     * spec is the specification for the Access List member.
      *
      * @generated from protobuf field: teleport.accesslist.v1.MemberSpec spec = 2;
      */
     spec?: MemberSpec;
 }
 /**
- * MemberSpec is the specification for an access list member.
+ * MemberSpec is the specification for an Access List member.
  *
  * @generated from protobuf message teleport.accesslist.v1.MemberSpec
  */
 export interface MemberSpec {
     /**
-     * associated access list
+     * associated Access List
      *
      * @generated from protobuf field: string access_list = 1;
      */
     accessList: string;
     /**
-     * name is the name of the member of the access list.
+     * name is the name of the member of the Access List.
      *
      * @generated from protobuf field: string name = 2;
      */
     name: string;
     /**
-     * joined is when the user joined the access list.
+     * joined is when the user joined the Access List.
      *
      * @generated from protobuf field: google.protobuf.Timestamp joined = 3;
      */
     joined?: Timestamp;
     /**
-     * expires is when the user's membership to the access list expires.
+     * expires is when the user's membership to the Access List expires.
      *
      * @generated from protobuf field: google.protobuf.Timestamp expires = 4;
      */
     expires?: Timestamp;
     /**
-     * reason is the reason this user was added to the access list.
+     * reason is the reason this user was added to the Access List.
      *
      * @generated from protobuf field: string reason = 5;
      */
     reason: string;
     /**
-     * added_by is the user that added this user to the access list.
+     * added_by is the user that added this user to the Access List.
      *
      * @generated from protobuf field: string added_by = 6;
      */
@@ -321,7 +321,7 @@ export interface MemberSpec {
     ineligibleStatus: IneligibleStatus;
 }
 /**
- * Review is a review of an access list.
+ * Review is a review of an Access List.
  *
  * @generated from protobuf message teleport.accesslist.v1.Review
  */
@@ -333,20 +333,20 @@ export interface Review {
      */
     header?: ResourceHeader;
     /**
-     * spec is the specification for the access list review.
+     * spec is the specification for the Access List review.
      *
      * @generated from protobuf field: teleport.accesslist.v1.ReviewSpec spec = 2;
      */
     spec?: ReviewSpec;
 }
 /**
- * ReviewSpec is the specification for an access list review.
+ * ReviewSpec is the specification for an Access List review.
  *
  * @generated from protobuf message teleport.accesslist.v1.ReviewSpec
  */
 export interface ReviewSpec {
     /**
-     * access_list is the name of the access list that this review is for.
+     * access_list is the name of the Access List that this review is for.
      *
      * @generated from protobuf field: string access_list = 1;
      */
@@ -418,7 +418,7 @@ export interface ReviewChanges {
  */
 export interface AccessListStatus {
     /**
-     * member_count is the number of members in the in the access list.
+     * member_count is the number of members in the in the Access List.
      *
      * @generated from protobuf field: optional uint32 member_count = 1;
      */
diff --git a/integration/hsm/hsm_test.go b/integration/hsm/hsm_test.go
index 5c7427b06a148..935a8709e5dfb 100644
--- a/integration/hsm/hsm_test.go
+++ b/integration/hsm/hsm_test.go
@@ -677,7 +677,10 @@ func TestHSMRevert(t *testing.T) {
 	clock.Advance(2 * defaults.HighResPollingPeriod)
 	assert.EventuallyWithT(t, func(t *assert.CollectT) {
 		alerts, err = auth1.process.GetAuthServer().GetClusterAlerts(ctx, types.GetClusterAlertsRequest{})
-		require.NoError(t, err)
+		assert.NoError(t, err)
 		assert.Empty(t, alerts)
+
+		// Keep advancing the clock to make sure the rotation ticker gets fired
+		clock.Advance(2 * defaults.HighResPollingPeriod)
 	}, 5*time.Second, 100*time.Millisecond)
 }
diff --git a/integration/integration_test.go b/integration/integration_test.go
index 592379d74f945..8e27754ca200c 100644
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@@ -4908,6 +4908,13 @@ func testProxyHostKeyCheck(t *testing.T, suite *integrationTestSuite) {
 			_, err = clt.UpsertNode(context.Background(), server)
 			require.NoError(t, err)
 
+			// Wait for the node to be visible before continuing.
+			require.EventuallyWithT(t, func(t *assert.CollectT) {
+				found, err := clt.GetNodes(context.Background(), defaults.Namespace)
+				assert.NoError(t, err)
+				assert.Len(t, found, 2)
+			}, 10*time.Second, 100*time.Millisecond)
+
 			_, err = runCommand(t, instance, []string{"echo hello"}, clientConfig, 1)
 
 			// check if we were able to exec the command or not
@@ -6195,7 +6202,7 @@ func testCmdLabels(t *testing.T, suite *integrationTestSuite) {
 	teleport := suite.NewTeleportWithConfig(t, nil, nil, makeConfig())
 	defer teleport.StopAll()
 
-	// Create and start a reversetunnel node.
+	// Create and start a node.
 	nodeConfig := func() *servicecfg.Config {
 		tconf := suite.defaultServiceConfig()
 		tconf.Hostname = "server-02"
@@ -6207,9 +6214,21 @@ func testCmdLabels(t *testing.T, suite *integrationTestSuite) {
 
 		return tconf
 	}
-	_, err := teleport.StartReverseTunnelNode(nodeConfig())
+	_, err := teleport.StartNode(nodeConfig())
 	require.NoError(t, err)
 
+	slowPrintCommand := func(s string) []string {
+		cmd := make([]string, 0)
+		for i, char := range strings.Split(s, "") {
+			if i != 0 {
+				cmd = append(cmd, "&&")
+			}
+			cmd = append(cmd, "echo", "-n", char, "&&", "sleep", "0.05")
+		}
+
+		return cmd
+	}
+
 	// test label patterns that match both nodes, and each
 	// node individually.
 	tts := []struct {
@@ -6219,10 +6238,11 @@ func testCmdLabels(t *testing.T, suite *integrationTestSuite) {
 		expectLines []string
 	}{
 		{
-			desc:        "Both",
-			command:     []string{"echo", "two"},
+			desc: "Both",
+			// Print slowly so we can confirm that the output isn't interleaved.
+			command:     slowPrintCommand("abcd1234"),
 			labels:      map[string]string{"spam": "eggs"},
-			expectLines: []string{"[server-01] two", "[server-02] two"},
+			expectLines: []string{"[server-01] abcd1234", "[server-02] abcd1234"},
 		},
 		{
 			desc:        "Worker only",
diff --git a/integrations/access/accesslist/app_test.go b/integrations/access/accesslist/app_test.go
index 6d4eab0ada7d6..07a0f4d420a04 100644
--- a/integrations/access/accesslist/app_test.go
+++ b/integrations/access/accesslist/app_test.go
@@ -108,6 +108,10 @@ func (m *mockPluginConfig) GetPluginType() types.PluginType {
 	return types.PluginTypeSlack
 }
 
+func (m *mockPluginConfig) GetTeleportUser() string {
+	return ""
+}
+
 func TestAccessListReminders_Single(t *testing.T) {
 	t.Parallel()
 
diff --git a/integrations/access/accessmonitoring/access_monitoring_rules.go b/integrations/access/accessmonitoring/access_monitoring_rules.go
index 72eb921f3f4e8..7fb2c045d57ea 100644
--- a/integrations/access/accessmonitoring/access_monitoring_rules.go
+++ b/integrations/access/accessmonitoring/access_monitoring_rules.go
@@ -48,6 +48,7 @@ type RuleHandler struct {
 	pluginName string
 
 	fetchRecipientCallback func(ctx context.Context, recipient string) (*common.Recipient, error)
+	onCacheUpdateCallback  func(Operation types.OpType, name string, rule *accessmonitoringrulesv1.AccessMonitoringRule) error
 }
 
 // RuleMap is a concurrent map for access monitoring rules.
@@ -65,6 +66,8 @@ type RuleHandlerConfig struct {
 
 	// FetchRecipientCallback is a callback that maps recipient strings to plugin Recipients.
 	FetchRecipientCallback func(ctx context.Context, recipient string) (*common.Recipient, error)
+	// OnCacheUpdateCallback is a callback that is called when a rule in the cache is created or updated.
+	OnCacheUpdateCallback func(Operation types.OpType, name string, rule *accessmonitoringrulesv1.AccessMonitoringRule) error
 }
 
 // NewRuleHandler returns a new RuleHandler.
@@ -77,6 +80,7 @@ func NewRuleHandler(conf RuleHandlerConfig) *RuleHandler {
 		pluginType:             conf.PluginType,
 		pluginName:             conf.PluginName,
 		fetchRecipientCallback: conf.FetchRecipientCallback,
+		onCacheUpdateCallback:  conf.OnCacheUpdateCallback,
 	}
 }
 
@@ -93,6 +97,9 @@ func (amrh *RuleHandler) InitAccessMonitoringRulesCache(ctx context.Context) err
 			continue
 		}
 		amrh.accessMonitoringRules.rules[amr.GetMetadata().Name] = amr
+		if amrh.onCacheUpdateCallback != nil {
+			amrh.onCacheUpdateCallback(types.OpPut, amr.GetMetadata().Name, amr)
+		}
 	}
 	return nil
 }
@@ -123,6 +130,9 @@ func (amrh *RuleHandler) HandleAccessMonitoringRule(ctx context.Context, event t
 			return nil
 		}
 		amrh.accessMonitoringRules.rules[req.Metadata.Name] = req
+		if amrh.onCacheUpdateCallback != nil {
+			amrh.onCacheUpdateCallback(types.OpPut, req.GetMetadata().Name, req)
+		}
 		return nil
 	case types.OpDelete:
 		delete(amrh.accessMonitoringRules.rules, event.Resource.GetName())
diff --git a/integrations/access/accessrequest/app.go b/integrations/access/accessrequest/app.go
index 1bf8d44178241..893d3db9caba8 100644
--- a/integrations/access/accessrequest/app.go
+++ b/integrations/access/accessrequest/app.go
@@ -22,6 +22,7 @@ import (
 	"context"
 	"fmt"
 	"slices"
+	"strings"
 	"time"
 
 	"github.com/gravitational/trace"
@@ -54,6 +55,9 @@ type App struct {
 	job        lib.ServiceJob
 
 	accessMonitoringRules *accessmonitoring.RuleHandler
+	// teleportUser is the name of the Teleport user that will act as the
+	// access request approver.
+	teleportUser string
 }
 
 // NewApp will create a new access request application.
@@ -88,6 +92,7 @@ func (a *App) Init(baseApp *common.BaseApp) error {
 		PluginName:             a.pluginName,
 		FetchRecipientCallback: a.bot.FetchRecipient,
 	})
+	a.teleportUser = baseApp.Conf.GetTeleportUser()
 
 	return nil
 }
@@ -262,6 +267,11 @@ func (a *App) onPendingRequest(ctx context.Context, req types.AccessRequest) err
 		} else {
 			log.Warning("No channel to post")
 		}
+
+		// Try to approve the request if user is currently on-call.
+		if err := a.tryApproveRequest(ctx, reqID, req); err != nil {
+			log.Warningf("Failed to auto approve request: %v", err)
+		}
 	case trace.IsAlreadyExists(err):
 		// The messages were already sent, nothing to do, we can update the reviews
 	default:
@@ -531,3 +541,44 @@ func (a *App) getResourceNames(ctx context.Context, req types.AccessRequest) ([]
 	}
 	return resourceNames, nil
 }
+
+// tryApproveRequest attempts to automatically approve the access request if the
+// user is on call for the configured service/team.
+func (a *App) tryApproveRequest(ctx context.Context, reqID string, req types.AccessRequest) error {
+	log := logger.Get(ctx).
+		WithField("req_id", reqID).
+		WithField("user", req.GetUser())
+
+	oncallUsers, err := a.bot.FetchOncallUsers(ctx, req)
+	if trace.IsNotImplemented(err) {
+		log.Debugf("Skipping auto-approval because %q bot does not support automatic approvals.", a.pluginName)
+		return nil
+	}
+	if err != nil {
+		return trace.Wrap(err)
+	}
+
+	if !slices.Contains(oncallUsers, req.GetUser()) {
+		log.Debug("Skipping approval because user is not on-call.")
+		return nil
+	}
+
+	if _, err := a.apiClient.SubmitAccessReview(ctx, types.AccessReviewSubmission{
+		RequestID: reqID,
+		Review: types.AccessReview{
+			Author:        a.teleportUser,
+			ProposedState: types.RequestState_APPROVED,
+			Reason:        fmt.Sprintf("Access request has been automatically approved by %q plugin because user %q is on-call.", a.pluginName, req.GetUser()),
+			Created:       time.Now(),
+		},
+	}); err != nil {
+		if strings.HasSuffix(err.Error(), "has already reviewed this request") {
+			log.Debug("Request has already been reviewed.")
+			return nil
+		}
+		return trace.Wrap(err)
+	}
+
+	log.Info("Successfully submitted a request approval.")
+	return nil
+}
diff --git a/integrations/access/accessrequest/app_test.go b/integrations/access/accessrequest/app_test.go
index 70e855ce3a897..dffe5a34dc515 100644
--- a/integrations/access/accessrequest/app_test.go
+++ b/integrations/access/accessrequest/app_test.go
@@ -20,7 +20,9 @@ package accessrequest
 
 import (
 	"context"
+	"fmt"
 	"testing"
+	"time"
 
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
@@ -39,6 +41,22 @@ func (m *mockTeleportClient) GetRole(ctx context.Context, name string) (types.Ro
 	return args.Get(0).(types.Role), args.Error(1)
 }
 
+func (m *mockTeleportClient) SubmitAccessReview(ctx context.Context, review types.AccessReviewSubmission) (types.AccessRequest, error) {
+	review.Review.Created = time.Time{}
+	args := m.Called(ctx, review)
+	return (types.AccessRequest)(nil), args.Error(1)
+}
+
+type mockMessagingBot struct {
+	mock.Mock
+	MessagingBot
+}
+
+func (m *mockMessagingBot) FetchOncallUsers(ctx context.Context, req types.AccessRequest) ([]string, error) {
+	args := m.Called(ctx, req)
+	return args.Get(0).([]string), args.Error(1)
+}
+
 func TestGetLoginsByRole(t *testing.T) {
 	teleportClient := &mockTeleportClient{}
 	teleportClient.On("GetRole", mock.Anything, "admin").Return(&types.RoleV6{
@@ -82,3 +100,72 @@ func TestGetLoginsByRole(t *testing.T) {
 	require.Equal(t, expected, loginsByRole)
 	teleportClient.AssertNumberOfCalls(t, "GetRole", 3)
 }
+
+func TestTryApproveRequest(t *testing.T) {
+	teleportClient := &mockTeleportClient{}
+	bot := &mockMessagingBot{}
+	app := App{
+		apiClient:    teleportClient,
+		bot:          bot,
+		teleportUser: "test-access-plugin",
+		pluginName:   "test",
+	}
+	user := "user@example.com"
+	requestID := "request-0"
+
+	// Example with user on-call
+	bot.On("FetchOncallUsers", mock.Anything, &types.AccessRequestV3{
+		Spec: types.AccessRequestSpecV3{
+			User: user,
+			SystemAnnotations: map[string][]string{
+				"example-auto-approvals": {"team-includes-requester"},
+			},
+		},
+	}).Return([]string{user}, (error)(nil))
+
+	// Example with user not on-call
+	bot.On("FetchOncallUsers", mock.Anything, &types.AccessRequestV3{
+		Spec: types.AccessRequestSpecV3{
+			User: user,
+			SystemAnnotations: map[string][]string{
+				"example-auto-approvals": {"team-not-includes-requester"},
+			},
+		},
+	}).Return([]string{"admin@example.com"}, (error)(nil))
+
+	// Successful review
+	teleportClient.On("SubmitAccessReview", mock.Anything, types.AccessReviewSubmission{
+		RequestID: requestID,
+		Review: types.AccessReview{
+			Author:        app.teleportUser,
+			ProposedState: types.RequestState_APPROVED,
+			Reason:        fmt.Sprintf("Access request has been automatically approved by %q plugin because user %q is on-call.", app.pluginName, user),
+		},
+	}).Return((types.AccessRequest)(nil), (error)(nil))
+
+	ctx := context.Background()
+
+	// Test user is on-call
+	require.NoError(t, app.tryApproveRequest(ctx, requestID, &types.AccessRequestV3{
+		Spec: types.AccessRequestSpecV3{
+			User: user,
+			SystemAnnotations: map[string][]string{
+				"example-auto-approvals": {"team-includes-requester"},
+			},
+		},
+	}))
+	bot.AssertNumberOfCalls(t, "FetchOncallUsers", 1)
+	teleportClient.AssertNumberOfCalls(t, "SubmitAccessReview", 1)
+
+	// Test user is not on-call
+	require.NoError(t, app.tryApproveRequest(ctx, requestID, &types.AccessRequestV3{
+		Spec: types.AccessRequestSpecV3{
+			User: user,
+			SystemAnnotations: map[string][]string{
+				"example-auto-approvals": {"team-not-includes-requester"},
+			},
+		},
+	}))
+	bot.AssertNumberOfCalls(t, "FetchOncallUsers", 2)
+	teleportClient.AssertNumberOfCalls(t, "SubmitAccessReview", 1)
+}
diff --git a/integrations/access/accessrequest/bot.go b/integrations/access/accessrequest/bot.go
index ea92f962bf564..e764c4c805641 100644
--- a/integrations/access/accessrequest/bot.go
+++ b/integrations/access/accessrequest/bot.go
@@ -39,4 +39,6 @@ type MessagingBot interface {
 	UpdateMessages(ctx context.Context, reqID string, data pd.AccessRequestData, messageData SentMessages, reviews []types.AccessReview) error
 	// NotifyUser notifies the user if their access request status has changed
 	NotifyUser(ctx context.Context, reqID string, ard pd.AccessRequestData) error
+	// FetchOncallUsers fetches on-call users filtered by the provided annotations
+	FetchOncallUsers(ctx context.Context, req types.AccessRequest) ([]string, error)
 }
diff --git a/integrations/access/common/annotations.go b/integrations/access/common/annotations.go
index 26a066481850d..c1caf18e7a240 100644
--- a/integrations/access/common/annotations.go
+++ b/integrations/access/common/annotations.go
@@ -26,17 +26,17 @@ import (
 	"github.com/gravitational/teleport/api/types"
 )
 
-// GetServiceNamesFromAnnotations reads systems annotations from an access
-// requests and returns the services to notify/use for approval.
+// GetNamesFromAnnotations reads system annotations from an access request and
+// returns the services/teams to notify/use for approval.
 // The list is sorted and duplicates are removed.
-func GetServiceNamesFromAnnotations(req types.AccessRequest, annotationKey string) ([]string, error) {
-	serviceNames, ok := req.GetSystemAnnotations()[annotationKey]
+func GetNamesFromAnnotations(req types.AccessRequest, annotationKey string) ([]string, error) {
+	names, ok := req.GetSystemAnnotations()[annotationKey]
 	if !ok {
 		return nil, trace.NotFound("request annotation %s is missing", annotationKey)
 	}
-	if len(serviceNames) == 0 {
+	if len(names) == 0 {
 		return nil, trace.BadParameter("request annotation %s is present but empty", annotationKey)
 	}
-	slices.Sort(serviceNames)
-	return slices.Compact(serviceNames), nil
+	slices.Sort(names)
+	return slices.Compact(names), nil
 }
diff --git a/integrations/access/common/annotations_test.go b/integrations/access/common/annotations_test.go
index daa144a733d6a..586df608c51f0 100644
--- a/integrations/access/common/annotations_test.go
+++ b/integrations/access/common/annotations_test.go
@@ -27,7 +27,7 @@ import (
 	"github.com/gravitational/teleport/api/types"
 )
 
-func TestGetServiceNamesFromAnnotations(t *testing.T) {
+func TestGetNamesFromAnnotations(t *testing.T) {
 	testAnnotationKey := "test-key"
 	tests := []struct {
 		name        string
@@ -75,7 +75,7 @@ func TestGetServiceNamesFromAnnotations(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			request := &types.AccessRequestV3{Spec: types.AccessRequestSpecV3{SystemAnnotations: tt.annotations}}
-			got, err := GetServiceNamesFromAnnotations(request, testAnnotationKey)
+			got, err := GetNamesFromAnnotations(request, testAnnotationKey)
 			tt.assertErr(t, err)
 			require.ElementsMatch(t, tt.want, got)
 		})
diff --git a/integrations/access/common/config.go b/integrations/access/common/config.go
index 0a3dd48ba5465..8e564559f0ade 100644
--- a/integrations/access/common/config.go
+++ b/integrations/access/common/config.go
@@ -37,6 +37,9 @@ type PluginConfiguration interface {
 	GetRecipients() RawRecipientsMap
 	NewBot(clusterName string, webProxyAddr string) (MessagingBot, error)
 	GetPluginType() types.PluginType
+	// GetTeleportUser returns the name of the teleport user that acts as the
+	// access request approver.
+	GetTeleportUser() string
 }
 
 type BaseConfig struct {
@@ -44,6 +47,9 @@ type BaseConfig struct {
 	Recipients RawRecipientsMap   `toml:"role_to_recipients"`
 	Log        logger.Config      `toml:"log"`
 	PluginType types.PluginType
+	// TeleportUser is the name of the teleport user that acts as the
+	// access request approver.
+	TeleportUser string
 }
 
 func (c BaseConfig) GetRecipients() RawRecipientsMap {
@@ -90,6 +96,12 @@ func (c BaseConfig) GetPluginType() types.PluginType {
 	return c.PluginType
 }
 
+// GetTeleportUser returns the name of the teleport user that acts as the
+// access request approver.
+func (c BaseConfig) GetTeleportUser() string {
+	return c.TeleportUser
+}
+
 // GenericAPIConfig holds common configuration use by a messaging service.
 // MessagingBots requiring more custom configuration (MSTeams for example) can
 // implement their own APIConfig instead.
diff --git a/integrations/access/datadog/README.md b/integrations/access/datadog/README.md
index 568e21df2e65d..466d2456e158f 100644
--- a/integrations/access/datadog/README.md
+++ b/integrations/access/datadog/README.md
@@ -1,6 +1,6 @@
 # Teleport Datadog Incident Management plugin
 
 The Teleport Access API provides a simple Datadog Incident Management plugin that
-creates incidents in Datadog when an access request is created. You can find the
+creates incidents in Datadog when an Access Request is created. You can find the
 Teleport Access API in the main Teleport repository and the Datadog Incident
 Management plugin in `https://github.com/gravitational/teleport/tree/master/integrations/access/datadog`.
diff --git a/integrations/access/datadog/bot.go b/integrations/access/datadog/bot.go
index c7587480318b3..e92dbbb524a20 100644
--- a/integrations/access/datadog/bot.go
+++ b/integrations/access/datadog/bot.go
@@ -22,6 +22,7 @@ import (
 	"context"
 	"fmt"
 	"net/url"
+	"slices"
 	"strings"
 	"text/template"
 
@@ -32,6 +33,7 @@ import (
 	"github.com/gravitational/teleport/integrations/access/accessrequest"
 	"github.com/gravitational/teleport/integrations/access/common"
 	"github.com/gravitational/teleport/integrations/lib"
+	"github.com/gravitational/teleport/integrations/lib/logger"
 	pd "github.com/gravitational/teleport/integrations/lib/plugindata"
 )
 
@@ -153,6 +155,45 @@ func (b Bot) FetchRecipient(ctx context.Context, name string) (*common.Recipient
 	}, nil
 }
 
+// FetchOncallUsers fetches on-call users filtered by the provided annotations.
+func (b Bot) FetchOncallUsers(ctx context.Context, req types.AccessRequest) ([]string, error) {
+	log := logger.Get(ctx)
+
+	annotationKey := types.TeleportNamespace + types.ReqAnnotationApproveSchedulesLabel
+	teamNames, err := common.GetNamesFromAnnotations(req, annotationKey)
+	if err != nil {
+		log.Debug("Automatic approvals annotation is empty or unspecified.")
+		return nil, nil
+	}
+
+	// Fetch all on-call teams
+	oncallTeams, err := b.datadog.GetOncallTeams(ctx)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	var oncallUserIDs []string
+	for _, oncallTeam := range oncallTeams.Data {
+		// Filter the list of teams to only the teams that match the datadog annotation.
+		if !slices.Contains(teamNames, oncallTeam.Attributes.Handle) &&
+			!slices.Contains(teamNames, oncallTeam.Attributes.Name) {
+			continue
+		}
+		// Collect users that are on-call for the specified team.
+		for _, oncallUser := range oncallTeam.Relationships.OncallUsers.Data {
+			oncallUserIDs = append(oncallUserIDs, oncallUser.ID)
+		}
+	}
+
+	var oncallUserEmails []string
+	for _, user := range oncallTeams.Included {
+		if slices.Contains(oncallUserIDs, user.ID) {
+			oncallUserEmails = append(oncallUserEmails, user.Attributes.Email)
+		}
+	}
+	return oncallUserEmails, nil
+}
+
 func buildIncidentSummary(clusterName, reqID string, reqData pd.AccessRequestData, webProxyURL *url.URL) (string, error) {
 	var requestLink string
 	if webProxyURL != nil {
diff --git a/integrations/access/datadog/client.go b/integrations/access/datadog/client.go
index 2dbf0131a2a04..340df77418533 100644
--- a/integrations/access/datadog/client.go
+++ b/integrations/access/datadog/client.go
@@ -58,6 +58,10 @@ type Datadog struct {
 	// simpler to integrate with the existing framework. Consider using the official
 	// datadog api client package: https://github.com/DataDog/datadog-api-client-go.
 	client *resty.Client
+
+	// TODO: Remove clientUnstable once on-call API is merged into official API.
+	// See: https://docs.datadoghq.com/api/latest/
+	clientUnstable *resty.Client
 }
 
 // NewDatadogClient creates a new Datadog client for managing incidents.
@@ -83,9 +87,30 @@ func NewDatadogClient(conf DatadogConfig, webProxyAddr string, statusSink common
 		}).
 		OnAfterResponse(onAfterDatadogResponse(statusSink))
 
+	apiEndpointUnstable, err := url.JoinPath(conf.APIEndpoint, APIUnstable)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	clientUnstable := resty.NewWithClient(&http.Client{
+		Timeout: datadogHTTPTimeout,
+		Transport: &http.Transport{
+			MaxConnsPerHost:     datadogMaxConns,
+			MaxIdleConnsPerHost: datadogMaxConns,
+		}}).
+		SetBaseURL(apiEndpointUnstable).
+		SetHeader("Accept", "application/json").
+		SetHeader("Content-Type", "application/json").
+		SetHeader("DD-API-KEY", conf.APIKey).
+		SetHeader("DD-APPLICATION-KEY", conf.ApplicationKey).
+		OnBeforeRequest(func(_ *resty.Client, req *resty.Request) error {
+			req.SetError(&ErrorResult{})
+			return nil
+		}).OnAfterResponse(onAfterDatadogResponse(statusSink))
+
 	return &Datadog{
-		DatadogConfig: conf,
-		client:        client,
+		DatadogConfig:  conf,
+		client:         client,
+		clientUnstable: clientUnstable,
 	}, nil
 }
 
@@ -129,6 +154,8 @@ func (d *Datadog) CheckHealth(ctx context.Context) error {
 		return trace.Wrap(err)
 	}
 	for _, permission := range result.Data {
+		// TODO: Verify on-call/teams permissions once required permissions have
+		// been published.
 		if permission.Attributes.Name == IncidentWritePermissions {
 			if permission.Attributes.Restricted {
 				return trace.AccessDenied("missing incident_write permissions")
@@ -250,3 +277,13 @@ func (d *Datadog) ResolveIncident(ctx context.Context, incidentID, state string)
 		Patch("incidents/{incident_id}")
 	return trace.Wrap(err)
 }
+
+// GetOncallTeams gets current on call teams.
+func (d *Datadog) GetOncallTeams(ctx context.Context) (OncallTeamsBody, error) {
+	var result OncallTeamsBody
+	_, err := d.clientUnstable.NewRequest().
+		SetContext(ctx).
+		SetResult(&result).
+		Get("on-call/teams")
+	return result, trace.Wrap(err)
+}
diff --git a/integrations/access/datadog/cmd/teleport-datadog/example_config.toml b/integrations/access/datadog/cmd/teleport-datadog/example_config.toml
index b224619e4a56a..c5375158e678b 100644
--- a/integrations/access/datadog/cmd/teleport-datadog/example_config.toml
+++ b/integrations/access/datadog/cmd/teleport-datadog/example_config.toml
@@ -29,7 +29,7 @@ api_key = "api_key"
 # Datadog Application Key accepts a key value or a filepath if the value starts with a '/'.
 application_key = "application_key"
 
-# Datadog Severity specivies the severity level of incidents.
+# Datadog Severity specifies the severity level of incidents.
 severity = "SEV-3"
 
 [role_to_recipients]
diff --git a/integrations/access/datadog/config.go b/integrations/access/datadog/config.go
index c05b611e1afb8..a3bf188b42ee7 100644
--- a/integrations/access/datadog/config.go
+++ b/integrations/access/datadog/config.go
@@ -36,6 +36,10 @@ const (
 	APIEndpointDefaultURL = "https://api.datadoghq.com"
 	// APIVersion specifies the api version.
 	APIVersion = "api/v2"
+	// APIUnstable specifies the unstable api endpoint.
+	//
+	// TODO: Remove once on-call API is merged into official API.
+	APIUnstable = "api/unstable"
 	// SeverityDefault specifies the default incident severity.
 	SeverityDefault = "SEV-3"
 )
diff --git a/integrations/access/datadog/testlib/fake_datadog.go b/integrations/access/datadog/testlib/fake_datadog.go
index 86880379c1b1a..64ef2e35b93b7 100644
--- a/integrations/access/datadog/testlib/fake_datadog.go
+++ b/integrations/access/datadog/testlib/fake_datadog.go
@@ -25,6 +25,7 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"runtime/debug"
+	"strconv"
 	"strings"
 	"sync"
 	"sync/atomic"
@@ -46,6 +47,7 @@ type FakeDatadog struct {
 	objects               sync.Map
 	incidentIDCounter     uint64
 	incidentNoteIDCounter uint64
+	userIDCounter         uint64
 }
 
 func NewFakeDatadog(concurrency int) *FakeDatadog {
@@ -60,11 +62,16 @@ func NewFakeDatadog(concurrency int) *FakeDatadog {
 
 	// Ignore api version for tests
 	const apiPrefix = "/" + datadog.APIVersion
+	const unstablePrefix = "/" + datadog.APIUnstable
 	router.NotFound = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if strings.HasPrefix(r.URL.Path, apiPrefix) {
 			http.StripPrefix(apiPrefix, router).ServeHTTP(w, r)
 			return
 		}
+		if strings.HasPrefix(r.URL.Path, unstablePrefix) {
+			http.StripPrefix(unstablePrefix, router).ServeHTTP(w, r)
+			return
+		}
 		http.NotFound(w, r)
 	})
 
@@ -136,6 +143,58 @@ func NewFakeDatadog(concurrency int) *FakeDatadog {
 		panicIf(err)
 	})
 
+	router.GET("/on-call/teams", func(rw http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+		rw.Header().Add("Content-Type", "application/json")
+
+		oncallTeams, found := mock.GetOncallTeams()
+		if !found {
+			rw.WriteHeader(http.StatusNotFound)
+			err := json.NewEncoder(rw).Encode(&datadog.ErrorResult{Errors: []string{"On-call Teams not found"}})
+			panicIf(err)
+			return
+		}
+
+		body := datadog.OncallTeamsBody{
+			Data:     []datadog.OncallTeamsData{},
+			Included: []datadog.OncallTeamsIncluded{},
+		}
+
+		for team, users := range oncallTeams {
+			oncallUsers := make([]datadog.OncallUsersData, 0, len(users))
+
+			for _, user := range users {
+				userID := strconv.FormatUint(atomic.AddUint64(&mock.userIDCounter, 1), 10)
+				oncallUsers = append(oncallUsers, datadog.OncallUsersData{
+					Metadata: datadog.Metadata{
+						ID: userID,
+					},
+				})
+				body.Included = append(body.Included, datadog.OncallTeamsIncluded{
+					Metadata: datadog.Metadata{
+						ID: userID,
+					},
+					Attributes: datadog.OncallTeamsIncludedAttributes{
+						Email: user,
+					},
+				})
+			}
+
+			body.Data = append(body.Data, datadog.OncallTeamsData{
+				Attributes: datadog.OncallTeamsAttributes{
+					Handle: team,
+				},
+				Relationships: datadog.OncallTeamsRelationships{
+					OncallUsers: datadog.OncallUsers{
+						Data: oncallUsers,
+					},
+				},
+			})
+		}
+
+		err := json.NewEncoder(rw).Encode(body)
+		panicIf(err)
+	})
+
 	return mock
 }
 
@@ -201,6 +260,25 @@ func (d *FakeDatadog) CheckNewIncidentNote(ctx context.Context) (datadog.Timelin
 	}
 }
 
+func (d *FakeDatadog) StoreOncallTeams(teamName string, users []string) map[string][]string {
+	oncallTeams, ok := d.GetOncallTeams()
+	if !ok {
+		oncallTeams = make(map[string][]string)
+	}
+	oncallTeams[teamName] = users
+
+	d.objects.Store("on-call-teams", oncallTeams)
+	return oncallTeams
+}
+
+func (d *FakeDatadog) GetOncallTeams() (map[string][]string, bool) {
+	if obj, ok := d.objects.Load("on-call-teams"); ok {
+		oncallTeams, ok := obj.(map[string][]string)
+		return oncallTeams, ok
+	}
+	return nil, false
+}
+
 func panicIf(err error) {
 	if err != nil {
 		log.Panicf("%v at %v", err, string(debug.Stack()))
diff --git a/integrations/access/datadog/testlib/suite.go b/integrations/access/datadog/testlib/suite.go
index c3947bd8ac1c0..9d3225954bd78 100644
--- a/integrations/access/datadog/testlib/suite.go
+++ b/integrations/access/datadog/testlib/suite.go
@@ -38,6 +38,10 @@ import (
 	"github.com/gravitational/teleport/integrations/lib/testing/integration"
 )
 
+const (
+	ApprovalTeamName = "teleport-approval"
+)
+
 // DatadogBaseSuite is the Datadog Incident Management plugin test suite.
 // It implements the testify.TestingSuite interface.
 type DatadogBaseSuite struct {
@@ -484,7 +488,7 @@ func (s *DatadogSuiteEnterprise) TestApprovalByReview() {
 	content = note.Data.Attributes.Content.Content
 	assert.Contains(t, content, integration.Reviewer2UserName+" reviewed the request", "note must contain a review author")
 
-	// Validate the alert got resolved, and a final note was added describing the resolution.
+	// Validate the incident got resolved, and a final note was added describing the resolution.
 	pluginData := s.checkPluginData(ctx, req.GetName(), func(data accessrequest.PluginData) bool {
 		return data.ReviewsCount == 2 && data.ResolutionTag != plugindata.Unresolved
 	})
@@ -551,7 +555,7 @@ func (s *DatadogSuiteEnterprise) TestDenialByReview() {
 	content = note.Data.Attributes.Content.Content
 	assert.Contains(t, content, integration.Reviewer2UserName+" reviewed the request", "note must contain a review author")
 
-	// Validate the alert got resolved, and a final note was added describing the resolution.
+	// Validate the incident got resolved, and a final note was added describing the resolution.
 	pluginData := s.checkPluginData(ctx, req.GetName(), func(data accessrequest.PluginData) bool {
 		return data.ReviewsCount == 2 && data.ResolutionTag != plugindata.Unresolved
 	})
@@ -569,3 +573,86 @@ func (s *DatadogSuiteEnterprise) TestDenialByReview() {
 	require.NoError(t, err)
 	assert.Equal(t, "resolved", incidentUpdate.Data.Attributes.Fields.State.Value)
 }
+
+// TestAutoApprovalWhenNotOnCall tests that access requests are not automatically
+// approved when the user is not on-call.
+func (s *DatadogSuiteEnterprise) TestAutoApprovalWhenNotOnCall() {
+	t := s.T()
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
+	t.Cleanup(cancel)
+
+	// Test setup: store an on-call team matching the annotation, but with a different
+	// user than the requesting user.
+	s.fakeDatadog.StoreOncallTeams(ApprovalTeamName, []string{"not-on-call@example.com"})
+
+	// Test setup: store an on-call team with the requesting user, but with a team
+	// that does not match the annotation.
+	s.fakeDatadog.StoreOncallTeams("dev-team", []string{integration.RequesterOSSUserName})
+	s.AnnotateRequesterRoleAccessRequests(
+		ctx,
+		types.TeleportNamespace+types.ReqAnnotationApproveSchedulesLabel,
+		[]string{ApprovalTeamName},
+	)
+
+	s.startApp()
+
+	// Test setup: we create an access request and wait for its incident.
+	req := s.CreateAccessRequest(ctx, integration.RequesterOSSUserName, []string{
+		integration.Reviewer1UserName,
+	})
+
+	// Validate the incident has been created in Datadog and its ID is stored in
+	// the plugin_data.
+	_ = s.checkPluginData(ctx, req.GetName(), func(data accessrequest.PluginData) bool {
+		return len(data.SentMessages) > 0
+	})
+
+	_, err := s.fakeDatadog.CheckNewIncident(ctx)
+	require.NoError(t, err, "no new incidents stored")
+
+	// Fetch updated access request
+	req, err = s.Ruler().GetAccessRequest(ctx, req.GetName())
+	require.NoError(t, err)
+
+	require.Empty(t, req.GetReviews(), "no review should be submitted automatically")
+}
+
+// TestAutoApprovalWhenOnCall tests that access requests are automatically
+// approved when the user is on-call.
+func (s *DatadogSuiteEnterprise) TestAutoApprovalWhenOnCall() {
+	t := s.T()
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
+	t.Cleanup(cancel)
+
+	// Test setup: store an on-call team with the requesting user in it.
+	s.fakeDatadog.StoreOncallTeams(ApprovalTeamName, []string{integration.RequesterOSSUserName})
+	s.AnnotateRequesterRoleAccessRequests(
+		ctx,
+		types.TeleportNamespace+types.ReqAnnotationApproveSchedulesLabel,
+		[]string{ApprovalTeamName},
+	)
+
+	s.startApp()
+
+	// Test setup: we create an access request and wait for its incident.
+	req := s.CreateAccessRequest(ctx, integration.RequesterOSSUserName, []string{
+		integration.Reviewer1UserName,
+	})
+
+	// Validate the incident has been created in Datadog and its ID is stored in
+	// the plugin_data.
+	_ = s.checkPluginData(ctx, req.GetName(), func(data accessrequest.PluginData) bool {
+		return len(data.SentMessages) > 0
+	})
+
+	_, err := s.fakeDatadog.CheckNewIncident(ctx)
+	require.NoError(t, err, "no new incidents stored")
+
+	// Fetch updated access request
+	req, err = s.Ruler().GetAccessRequest(ctx, req.GetName())
+	require.NoError(t, err)
+
+	reviews := req.GetReviews()
+	require.Len(t, reviews, 1, "a review should be submitted automatically")
+	require.Equal(t, types.RequestState_APPROVED, reviews[0].ProposedState)
+}
diff --git a/integrations/access/datadog/types.go b/integrations/access/datadog/types.go
index a224804311500..194aa2f884a15 100644
--- a/integrations/access/datadog/types.go
+++ b/integrations/access/datadog/types.go
@@ -117,6 +117,53 @@ type TimelineContent struct {
 	Content string `json:"content,omitempty"`
 }
 
+// OncallTeamsBody contains the response body for an on-call teams request.
+type OncallTeamsBody struct {
+	Data     []OncallTeamsData     `json:"data,omitempty"`
+	Included []OncallTeamsIncluded `json:"included,omitempty"`
+}
+
+// OncallTeamsData contains the on-call teams data.
+type OncallTeamsData struct {
+	Metadata
+	Attributes    OncallTeamsAttributes    `json:"attributes,omitempty"`
+	Relationships OncallTeamsRelationships `json:"relationships,omitempty"`
+}
+
+// OncallTeamsAttributes contains the on-call teams attributes.
+type OncallTeamsAttributes struct {
+	Name   string `json:"name,omitempty"`
+	Handle string `json:"handle,omitempty"`
+}
+
+// OncallTeamsRelationships contains the on-call teams relationships.
+type OncallTeamsRelationships struct {
+	OncallUsers OncallUsers `json:"oncall_users,omitempty"`
+}
+
+// OncallUsers contains the list of on-call users.
+type OncallUsers struct {
+	Data []OncallUsersData `json:"data,omitempty"`
+}
+
+// OncallUsersData contains the on-call user data.
+type OncallUsersData struct {
+	Metadata
+}
+
+// OncallTeamsIncluded contains the on-call teams included related resources.
+type OncallTeamsIncluded struct {
+	Metadata
+	Attributes OncallTeamsIncludedAttributes `json:"attributes,omitempty"`
+}
+
+// OncallTeamsIncludedAttributes contains the on-call teams included related resource
+// attributes.
+type OncallTeamsIncludedAttributes struct {
+	Email string `json:"email,omitempty"`
+	Name  string `json:"name,omitempty"`
+}
+
 // ErrorResult contains the error response.
 type ErrorResult struct {
 	Errors []string `json:"errors"`
diff --git a/integrations/access/discord/bot.go b/integrations/access/discord/bot.go
index 40309f3104220..ca231bdf83a93 100644
--- a/integrations/access/discord/bot.go
+++ b/integrations/access/discord/bot.go
@@ -231,3 +231,8 @@ func (b DiscordBot) FetchRecipient(ctx context.Context, name string) (*common.Re
 		Data: nil,
 	}, nil
 }
+
+// FetchOncallUsers fetches on-call users filtered by the provided annotations.
+func (b DiscordBot) FetchOncallUsers(ctx context.Context, req types.AccessRequest) ([]string, error) {
+	return nil, trace.NotImplemented("fetch oncall users not implemented for plugin")
+}
diff --git a/integrations/access/mattermost/bot.go b/integrations/access/mattermost/bot.go
index dbfbc2052af05..078286545c863 100644
--- a/integrations/access/mattermost/bot.go
+++ b/integrations/access/mattermost/bot.go
@@ -519,6 +519,11 @@ func (b Bot) FetchRecipient(ctx context.Context, name string) (*common.Recipient
 	}, nil
 }
 
+// FetchOncallUsers fetches on-call users filtered by the provided annotations.
+func (b Bot) FetchOncallUsers(ctx context.Context, req types.AccessRequest) ([]string, error) {
+	return nil, trace.NotImplemented("fetch oncall users not implemented for plugin")
+}
+
 func userResult(resp *resty.Response) (User, error) {
 	result := resp.Result()
 	ptr, ok := result.(*User)
diff --git a/integrations/access/opsgenie/app.go b/integrations/access/opsgenie/app.go
index cfa53e1322352..45ab138811dac 100644
--- a/integrations/access/opsgenie/app.go
+++ b/integrations/access/opsgenie/app.go
@@ -308,13 +308,13 @@ func (a *App) getNotifySchedulesAndTeams(ctx context.Context, req types.AccessRe
 	log := logger.Get(ctx)
 
 	scheduleAnnotationKey := types.TeleportNamespace + types.ReqAnnotationNotifySchedulesLabel
-	schedules, err = common.GetServiceNamesFromAnnotations(req, scheduleAnnotationKey)
+	schedules, err = common.GetNamesFromAnnotations(req, scheduleAnnotationKey)
 	if err != nil {
 		log.Debugf("No schedules to notify in %s", scheduleAnnotationKey)
 	}
 
 	teamAnnotationKey := types.TeleportNamespace + types.ReqAnnotationTeamsLabel
-	teams, err = common.GetServiceNamesFromAnnotations(req, teamAnnotationKey)
+	teams, err = common.GetNamesFromAnnotations(req, teamAnnotationKey)
 	if err != nil {
 		log.Debugf("No teams to notify in %s", teamAnnotationKey)
 	}
@@ -328,7 +328,7 @@ func (a *App) getNotifySchedulesAndTeams(ctx context.Context, req types.AccessRe
 
 func (a *App) getOnCallServiceNames(req types.AccessRequest) ([]string, error) {
 	annotationKey := types.TeleportNamespace + types.ReqAnnotationApproveSchedulesLabel
-	return common.GetServiceNamesFromAnnotations(req, annotationKey)
+	return common.GetNamesFromAnnotations(req, annotationKey)
 }
 
 func (a *App) tryNotifyService(ctx context.Context, req types.AccessRequest) (bool, error) {
diff --git a/integrations/access/opsgenie/bot.go b/integrations/access/opsgenie/bot.go
index 745d34fb6c549..1a8b32dc0b487 100644
--- a/integrations/access/opsgenie/bot.go
+++ b/integrations/access/opsgenie/bot.go
@@ -139,3 +139,8 @@ func createScheduleRecipient(ctx context.Context, name string) (*common.Recipien
 		Kind: common.RecipientKindSchedule,
 	}, nil
 }
+
+// FetchOncallUsers fetches on-call users filtered by the provided annotations.
+func (b Bot) FetchOncallUsers(ctx context.Context, req types.AccessRequest) ([]string, error) {
+	return nil, trace.NotImplemented("fetch oncall users not implemented for plugin")
+}
diff --git a/integrations/access/pagerduty/app.go b/integrations/access/pagerduty/app.go
index 6453f0e16f917..56cf380c46981 100644
--- a/integrations/access/pagerduty/app.go
+++ b/integrations/access/pagerduty/app.go
@@ -78,7 +78,6 @@ func NewApp(conf Config) (*App, error) {
 		teleport:   conf.Client,
 		statusSink: conf.StatusSink,
 	}
-
 	app.mainJob = lib.NewServiceJob(app.run)
 
 	return app, nil
@@ -173,7 +172,7 @@ func (a *App) init(ctx context.Context) error {
 		}
 	}
 
-	a.accessMonitoringRules = accessmonitoring.NewRuleHandler(accessmonitoring.RuleHandlerConfig{
+	amrhConf := accessmonitoring.RuleHandlerConfig{
 		Client:     a.teleport,
 		PluginType: types.PluginTypePagerDuty,
 		PluginName: pluginName,
@@ -184,7 +183,11 @@ func (a *App) init(ctx context.Context) error {
 				Kind: common.RecipientKindSchedule,
 			}, nil
 		},
-	})
+	}
+	if a.conf.OnAccessMonitoringRuleCacheUpdateCallback != nil {
+		amrhConf.OnCacheUpdateCallback = a.conf.OnAccessMonitoringRuleCacheUpdateCallback
+	}
+	a.accessMonitoringRules = accessmonitoring.NewRuleHandler(amrhConf)
 
 	if pong, err = a.checkTeleportVersion(ctx); err != nil {
 		return trace.Wrap(err)
@@ -340,7 +343,7 @@ func (a *App) getNotifyServiceName(ctx context.Context, req types.AccessRequest)
 		return recipientSetService.ToSlice()[0].Name, nil
 	}
 	annotationKey := a.conf.Pagerduty.RequestAnnotations.NotifyService
-	// We cannot use common.GetServiceNamesFromAnnotations here as it sorts the
+	// We cannot use common.GetNamesFromAnnotations here as it sorts the
 	// list and might change the first element.
 	// The proper way would be to support notifying multiple services
 	slice, ok := req.GetSystemAnnotations()[annotationKey]
@@ -359,7 +362,7 @@ func (a *App) getNotifyServiceName(ctx context.Context, req types.AccessRequest)
 
 func (a *App) getOnCallServiceNames(req types.AccessRequest) ([]string, error) {
 	annotationKey := a.conf.Pagerduty.RequestAnnotations.Services
-	return common.GetServiceNamesFromAnnotations(req, annotationKey)
+	return common.GetNamesFromAnnotations(req, annotationKey)
 }
 
 func (a *App) tryNotifyService(ctx context.Context, req types.AccessRequest) (bool, error) {
diff --git a/integrations/access/pagerduty/config.go b/integrations/access/pagerduty/config.go
index f76e9d2f955f2..8bf7060652b01 100644
--- a/integrations/access/pagerduty/config.go
+++ b/integrations/access/pagerduty/config.go
@@ -24,6 +24,8 @@ import (
 	"github.com/gravitational/trace"
 	"github.com/pelletier/go-toml"
 
+	accessmonitoringrulesv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/accessmonitoringrules/v1"
+	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/integrations/access/common"
 	"github.com/gravitational/teleport/integrations/access/common/teleport"
 	"github.com/gravitational/teleport/integrations/lib"
@@ -47,6 +49,10 @@ type Config struct {
 	// TeleportUser is the name of the Teleport user that will act
 	// as the access request approver
 	TeleportUser string
+
+	// OnAccessMonitoringRuleCacheUpdateCallback is used for checking when
+	// the Rule cache is updated in tests
+	OnAccessMonitoringRuleCacheUpdateCallback func(Operation types.OpType, name string, rule *accessmonitoringrulesv1.AccessMonitoringRule) error
 }
 
 type PagerdutyConfig struct {
diff --git a/integrations/access/pagerduty/testlib/suite.go b/integrations/access/pagerduty/testlib/suite.go
index c379c85219a5c..b68c4d7e8d706 100644
--- a/integrations/access/pagerduty/testlib/suite.go
+++ b/integrations/access/pagerduty/testlib/suite.go
@@ -430,6 +430,15 @@ func (s *PagerdutySuiteOSS) TestRecipientsFromAccessMonitoringRule() {
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
 	t.Cleanup(cancel)
 
+	const ruleName = "test-pagerduty-amr"
+	var collectedNames []string
+	var mu sync.Mutex
+	s.appConfig.OnAccessMonitoringRuleCacheUpdateCallback = func(_ types.OpType, name string, _ *accessmonitoringrulesv1.AccessMonitoringRule) error {
+		mu.Lock()
+		collectedNames = append(collectedNames, name)
+		mu.Unlock()
+		return nil
+	}
 	s.startApp()
 
 	_, err := s.ClientByName(integration.RulerUserName).
@@ -438,7 +447,7 @@ func (s *PagerdutySuiteOSS) TestRecipientsFromAccessMonitoringRule() {
 			Kind:    types.KindAccessMonitoringRule,
 			Version: types.V1,
 			Metadata: &v1.Metadata{
-				Name: "test-pagerduty-amr",
+				Name: ruleName,
 			},
 			Spec: &accessmonitoringrulesv1.AccessMonitoringRuleSpec{
 				Subjects:  []string{types.KindAccessRequest},
@@ -453,6 +462,14 @@ func (s *PagerdutySuiteOSS) TestRecipientsFromAccessMonitoringRule() {
 		})
 	assert.NoError(t, err)
 
+	// Incident creation may happen before plugins Access Monitoring Rule cache
+	// has been updated with new rule. Retry until the new cache picks up the rule.
+	require.EventuallyWithT(t, func(t *assert.CollectT) {
+		mu.Lock()
+		require.Contains(t, collectedNames, ruleName)
+		mu.Unlock()
+	}, 3*time.Second, time.Millisecond*100, "new access monitoring rule did not begin applying")
+
 	// Test execution: create an access request
 	req := s.CreateAccessRequest(ctx, integration.RequesterOSSUserName, nil)
 
@@ -463,16 +480,16 @@ func (s *PagerdutySuiteOSS) TestRecipientsFromAccessMonitoringRule() {
 	})
 
 	incident, err := s.fakePagerduty.CheckNewIncident(ctx)
-	require.NoError(t, err, "no new incidents stored")
-
+	assert.NoError(t, err, "no new incidents stored")
 	assert.Equal(t, incident.ID, pluginData.IncidentID)
-	assert.Equal(t, s.pdNotifyService2.ID, pluginData.ServiceID)
 
 	assert.Equal(t, pagerduty.PdIncidentKeyPrefix+"/"+req.GetName(), incident.IncidentKey)
 	assert.Equal(t, "triggered", incident.Status)
 
+	assert.Equal(t, s.pdNotifyService2.ID, pluginData.ServiceID)
+
 	assert.NoError(t, s.ClientByName(integration.RulerUserName).
-		AccessMonitoringRulesClient().DeleteAccessMonitoringRule(ctx, "test-pagerduty-amr"))
+		AccessMonitoringRulesClient().DeleteAccessMonitoringRule(ctx, ruleName))
 }
 
 func (s *PagerdutyBaseSuite) assertNewEvent(ctx context.Context, watcher types.Watcher, opType types.OpType, resourceKind, resourceName string) types.Event {
diff --git a/integrations/access/servicenow/app.go b/integrations/access/servicenow/app.go
index 82548ff5cfc8c..e1a94d60e1a2b 100644
--- a/integrations/access/servicenow/app.go
+++ b/integrations/access/servicenow/app.go
@@ -366,7 +366,7 @@ func (a *App) onDeletedRequest(ctx context.Context, reqID string) error {
 
 func (a *App) getOnCallServiceNames(req types.AccessRequest) ([]string, error) {
 	annotationKey := types.TeleportNamespace + types.ReqAnnotationApproveSchedulesLabel
-	return common.GetServiceNamesFromAnnotations(req, annotationKey)
+	return common.GetNamesFromAnnotations(req, annotationKey)
 }
 
 // createIncident posts an incident with request information.
diff --git a/integrations/access/servicenow/bot.go b/integrations/access/servicenow/bot.go
index 71fe94aa6933d..60ebac045e3cc 100644
--- a/integrations/access/servicenow/bot.go
+++ b/integrations/access/servicenow/bot.go
@@ -120,3 +120,8 @@ func (b *Bot) UpdateMessages(ctx context.Context, reqID string, data pd.AccessRe
 func (b *Bot) FetchRecipient(ctx context.Context, recipient string) (*common.Recipient, error) {
 	return nil, trace.NotImplemented("ServiceNow plugin does not use recipients")
 }
+
+// FetchOncallUsers fetches on-call users filtered by the provided annotations.
+func (b Bot) FetchOncallUsers(ctx context.Context, req types.AccessRequest) ([]string, error) {
+	return nil, trace.NotImplemented("fetch oncall users not implemented for plugin")
+}
diff --git a/integrations/access/slack/bot.go b/integrations/access/slack/bot.go
index 0c6969d0bd35a..dff6c17bbad27 100644
--- a/integrations/access/slack/bot.go
+++ b/integrations/access/slack/bot.go
@@ -278,6 +278,11 @@ func (b Bot) FetchRecipient(ctx context.Context, name string) (*common.Recipient
 	}, nil
 }
 
+// FetchOncallUsers fetches on-call users filtered by the provided annotations.
+func (b Bot) FetchOncallUsers(ctx context.Context, req types.AccessRequest) ([]string, error) {
+	return nil, trace.NotImplemented("fetch oncall users not implemented for plugin")
+}
+
 // slackAccessListReminderMsgSection builds an access list reminder Slack message section (obeys markdown).
 func (b Bot) slackAccessListReminderMsgSection(accessList *accesslist.AccessList) []BlockItem {
 	nextAuditDate := accessList.Spec.Audit.NextAuditDate
diff --git a/integrations/event-handler/app.go b/integrations/event-handler/app.go
index 6a44e76aa4221..08fa5aabb881f 100644
--- a/integrations/event-handler/app.go
+++ b/integrations/event-handler/app.go
@@ -35,12 +35,12 @@ import (
 type App struct {
 	// Fluentd represents the instance of Fluentd client
 	Fluentd *FluentdClient
-	// EventWatcher represents the instance of TeleportEventWatcher
-	EventWatcher *TeleportEventsWatcher
 	// State represents the instance of the persistent state
 	State *State
 	// cmd is start command CLI config
 	Config *StartCmdConfig
+	// client is the teleport api client
+	client TeleportSearchEventsClient
 	// eventsJob represents main audit log event consumer job
 	eventsJob *EventsJob
 	// sessionEventsJob represents session events consumer job
@@ -82,9 +82,6 @@ func (a *App) Run(ctx context.Context) error {
 	a.SpawnCritical(a.sessionEventsJob.processMissingRecordings)
 	<-a.Process.Done()
 
-	lastWindow := a.EventWatcher.getWindowStartTime()
-	a.State.SetLastWindowTime(&lastWindow)
-
 	return a.Err()
 }
 
@@ -122,7 +119,7 @@ func (a *App) SendEvent(ctx context.Context, url string, e *TeleportEvent) error
 				break
 			}
 
-			log.Error("Error sending event to fluentd: ", err)
+			log.Debug("Error sending event to fluentd: ", err)
 
 			bErr := backoff.Do(ctx)
 			if bErr != nil {
@@ -131,10 +128,14 @@ func (a *App) SendEvent(ctx context.Context, url string, e *TeleportEvent) error
 
 			backoffCount--
 			if backoffCount < 0 {
-				if !lib.IsCanceled(err) {
-					return trace.Wrap(err)
+				if lib.IsCanceled(err) {
+					return nil
 				}
-				return nil
+				log.WithFields(logrus.Fields{
+					"error":    err.Error(), // omitting the stack trace (too verbose)
+					"attempts": sendBackoffNumTries,
+				}).Error("failed to send event to fluentd")
+				return trace.Wrap(err)
 			}
 		}
 	}
@@ -151,64 +152,29 @@ func (a *App) SendEvent(ctx context.Context, url string, e *TeleportEvent) error
 
 // init initializes application state
 func (a *App) init(ctx context.Context) error {
-	log := logger.Get(ctx)
-
 	a.Config.Dump(ctx)
 
-	s, err := NewState(a.Config)
-	if err != nil {
-		return trace.Wrap(err)
-	}
-
-	err = a.setStartTime(ctx, s)
-	if err != nil {
-		return trace.Wrap(err)
-	}
-
-	f, err := NewFluentdClient(&a.Config.FluentdConfig)
+	var err error
+	a.client, err = newClient(ctx, a.Config)
 	if err != nil {
 		return trace.Wrap(err)
 	}
 
-	latestCursor, err := s.GetCursor()
+	a.State, err = NewState(a.Config)
 	if err != nil {
 		return trace.Wrap(err)
 	}
 
-	latestID, err := s.GetID()
+	err = a.setStartTime(ctx, a.State)
 	if err != nil {
 		return trace.Wrap(err)
 	}
 
-	startTime, err := s.GetStartTime()
+	a.Fluentd, err = NewFluentdClient(&a.Config.FluentdConfig)
 	if err != nil {
 		return trace.Wrap(err)
 	}
 
-	lastWindowTime, err := s.GetLastWindowTime()
-	if err != nil {
-		return trace.Wrap(err)
-	}
-	// if lastWindowTime is nil, set it to startTime
-	// lastWindowTime is used to track the last window of events ingested
-	// and is updated on exit
-	if lastWindowTime == nil {
-		lastWindowTime = startTime
-	}
-
-	t, err := NewTeleportEventsWatcher(ctx, a.Config, *lastWindowTime, latestCursor, latestID)
-	if err != nil {
-		return trace.Wrap(err)
-	}
-
-	a.State = s
-	a.Fluentd = f
-	a.EventWatcher = t
-
-	log.WithField("cursor", latestCursor).Info("Using initial cursor value")
-	log.WithField("id", latestID).Info("Using initial ID value")
-	log.WithField("value", startTime).Info("Using start time from state")
-
 	return nil
 }
 
diff --git a/integrations/event-handler/events_job.go b/integrations/event-handler/events_job.go
index 54229b1daf563..645866ec34752 100644
--- a/integrations/event-handler/events_job.go
+++ b/integrations/event-handler/events_job.go
@@ -16,21 +16,29 @@ package main
 
 import (
 	"context"
+	"sync/atomic"
 	"time"
 
 	"github.com/gravitational/trace"
 	limiter "github.com/sethvargo/go-limiter"
 	"github.com/sethvargo/go-limiter/memorystore"
+	log "github.com/sirupsen/logrus"
+	"google.golang.org/protobuf/types/known/timestamppb"
 
+	auditlogpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/auditlog/v1"
+	"github.com/gravitational/teleport/api/internalutils/stream"
 	"github.com/gravitational/teleport/integrations/lib"
 	"github.com/gravitational/teleport/integrations/lib/logger"
+	"github.com/gravitational/teleport/lib/events/export"
 )
 
 // EventsJob incapsulates audit log event consumption logic
 type EventsJob struct {
 	lib.ServiceJob
-	app *App
-	rl  limiter.Store
+	app             *App
+	rl              limiter.Store
+	eventsProcessed atomic.Uint64
+	targetDate      atomic.Pointer[time.Time]
 }
 
 // NewEventsJob creates new EventsJob structure
@@ -51,6 +59,25 @@ func (j *EventsJob) run(ctx context.Context) error {
 		return nil
 	})
 
+	// set up background logging of event processing rate
+	go func() {
+		logTicker := time.NewTicker(time.Minute)
+		defer logTicker.Stop()
+
+		for {
+			select {
+			case <-logTicker.C:
+				ll := log.WithField("events_per_minute", j.eventsProcessed.Swap(0))
+				if td := j.targetDate.Load(); td != nil {
+					ll = ll.WithField("date", td.Format(time.DateOnly))
+				}
+				ll.Info("event processing")
+			case <-ctx.Done():
+				return
+			}
+		}
+	}()
+
 	store, err := memorystore.New(&memorystore.Config{
 		Tokens:   uint64(j.app.Config.LockFailedAttemptsCount),
 		Interval: j.app.Config.LockPeriod,
@@ -62,65 +89,198 @@ func (j *EventsJob) run(ctx context.Context) error {
 	j.rl = store
 
 	j.SetReady(true)
+	defer j.app.Terminate()
 
 	for {
 		err := j.runPolling(ctx)
+		if err == nil || ctx.Err() != nil {
+			log.Debug("watch loop exiting")
+			return trace.Wrap(err)
+		}
 
-		switch {
-		case trace.IsConnectionProblem(err):
-			log.WithError(err).Error("Failed to connect to Teleport Auth server. Reconnecting...")
-		case trace.IsEOF(err):
-			log.WithError(err).Error("Watcher stream closed. Reconnecting...")
-		case lib.IsCanceled(err):
-			log.Debug("Watcher context is canceled")
-			j.app.Terminate()
+		log.WithError(err).Error("unexpected error in watch loop. reconnecting in 5s...")
+
+		select {
+		case <-time.After(time.Second * 5):
+		case <-ctx.Done():
 			return nil
-		default:
-			j.app.Terminate()
-			if err == nil {
-				return nil
-			}
-			log.WithError(err).Error("Watcher event loop failed")
-			return trace.Wrap(err)
 		}
 	}
 }
 
 // runPolling runs actual event queue polling
 func (j *EventsJob) runPolling(ctx context.Context) error {
-	log := logger.Get(ctx)
+	cursorV2State := j.app.State.GetCursorV2State()
+	if cursorV2State.IsEmpty() {
+		// we haven't started using the newer bulk event export API yet. check if the upstream implements it by
+		// performing a fake request. if it does not, we'll need to fallback to using the legacy API.
+		chunks := j.app.client.GetEventExportChunks(ctx, &auditlogpb.GetEventExportChunksRequest{
+			// target a date 2 days in the future to be confident that we're querying a valid but
+			// empty date range, even in the context of reasonable clock drift.
+			Date: timestamppb.New(time.Now().AddDate(0, 0, 2)),
+		})
+
+		if err := stream.Drain(chunks); err != nil {
+			if trace.IsNotImplemented(err) {
+				// fallback to legacy behavior
+				return j.runLegacyPolling(ctx)
+			}
+			return trace.Wrap(err)
+		}
+
+		// the new API is implemented, check if there is preexisting legacy cursor state.
+		legacyStates, err := j.app.State.GetLegacyCursorValues()
+		if err != nil {
+			return trace.Wrap(err)
+		}
 
-	evtCh, errCh := j.app.EventWatcher.Events(ctx)
+		if !legacyStates.IsEmpty() {
+			// cursorV2 state isn't totally compatible, but we can skip ahead to the same target date as
+			// was being tracked by the legacy cursor.
+			cursorV2State.Dates[normalizeDate(legacyStates.WindowStartTime)] = export.DateExporterState{}
+		}
+	}
 
-	logTicker := time.NewTicker(time.Minute)
-	defer logTicker.Stop()
+	startTime, err := j.app.State.GetStartTime()
+	if err != nil {
+		return trace.Wrap(err)
+	}
 
-	var eventsProcessed int
+	idleCh := make(chan struct{}, 1)
+
+	// a minimum concurrency of 3 for the date exporter is enforced because 3 is the largest number of chunks we'd
+	// expect to show up simultaneously due to normal ongoing activity. as concurrency is scaled up we apply a quarter
+	// of the value of the global concurrency limit to the exporter. this has been shown in manual scale testing to be
+	// a fairly optimal ratio relative to session processing concurrency (which uses the concurrency limit directly).
+	// using the global concurrency limit directly results in a lot of stalled chunks because each chunk will typically
+	// contain a large number of sessions that need to be processed.
+	concurrency := max(j.app.Config.Concurrency/4, 3)
+
+	exporter, err := export.NewExporter(export.ExporterConfig{
+		Client:    j.app.client,
+		StartDate: *startTime,
+		Export:    j.handleEventV2,
+		OnIdle: func(_ context.Context) {
+			select {
+			case idleCh <- struct{}{}:
+			default:
+			}
+		},
+		PreviousState: cursorV2State,
+		Concurrency:   concurrency,
+		BacklogSize:   2,
+		MaxBackoff:    time.Second * 90,
+		PollInterval:  time.Second * 16,
+	})
+	if err != nil {
+		return trace.Wrap(err)
+	}
+
+	// the exporter manages retries internally once successfully created, so from here on out
+	// we just want to periodically sync state to disk until the event exporter closes.
+	cursorTicker := time.NewTicker(time.Millisecond * 666)
+	defer cursorTicker.Stop()
 
 	for {
 		select {
-		case err := <-errCh:
-			log.WithField("err", err).Error("Error ingesting Audit Log")
-			return trace.Wrap(err)
-
-		case evt := <-evtCh:
-			if evt == nil {
+		case <-cursorTicker.C:
+			date := exporter.GetCurrentDate()
+			j.targetDate.Store(&date)
+			if err := j.app.State.SetCursorV2State(exporter.GetState()); err != nil {
+				log.WithError(err).Error("Failed to save cursor_v2 values, will retry")
+			}
+		case <-ctx.Done():
+			exporter.Close()
+			<-exporter.Done()
+			// optimistically attempt one last save
+			j.app.State.SetCursorV2State(exporter.GetState())
+			return nil
+		case <-idleCh:
+			// the exporter is idle, which means it has caught up to the present.
+			if j.app.Config.ExitOnLastEvent {
+				exporter.Close()
+				<-exporter.Done()
+				// optimistically attempt one last save
+				j.app.State.SetCursorV2State(exporter.GetState())
 				return nil
 			}
+		}
+	}
+}
 
-			err := j.handleEvent(ctx, evt)
-			if err != nil {
-				return trace.Wrap(err)
-			}
+// runLegacyPolling handles event processing via the old API.
+func (j *EventsJob) runLegacyPolling(ctx context.Context) error {
+	ctx, cancel := context.WithCancel(ctx)
+	defer cancel()
 
-			eventsProcessed++
-		case <-logTicker.C:
-			log.WithField("events_per_minute", eventsProcessed).Info("event processing rate")
-			eventsProcessed = 0
-		case <-ctx.Done():
-			return ctx.Err()
+	log := logger.Get(ctx)
+
+	lc, err := j.app.State.GetLegacyCursorValues()
+	if err != nil {
+		return trace.Wrap(err)
+	}
+
+	if lc.IsEmpty() {
+		st, err := j.app.State.GetStartTime()
+		if err != nil {
+			return trace.Wrap(err)
 		}
+		lc.WindowStartTime = *st
 	}
+
+	eventWatcher := NewLegacyEventsWatcher(j.app.Config, j.app.client, *lc, j.handleEvent)
+
+	// periodically sync cursor values to disk
+	go func() {
+		ticker := time.NewTicker(time.Millisecond * 666)
+		defer ticker.Stop()
+
+		lastCursorValues := *lc
+		for {
+			select {
+			case <-ticker.C:
+				currentCursorValues := eventWatcher.GetCursorValues()
+				date := normalizeDate(currentCursorValues.WindowStartTime)
+				j.targetDate.Store(&date)
+				if currentCursorValues.Equals(lastCursorValues) {
+					continue
+				}
+				if err := j.app.State.SetLegacyCursorValues(currentCursorValues); err != nil {
+					log.WithError(err).Error("Failed to save cursor values, will retry")
+					continue
+				}
+				lastCursorValues = currentCursorValues
+			case <-ctx.Done():
+				// optimistically attempt one last save. this is good practice, but note that
+				// we don't promise not to emit duplicate events post-restart, so this we don't
+				// bother checking for errors here.
+				j.app.State.SetLegacyCursorValues(eventWatcher.GetCursorValues())
+				return
+			}
+		}
+	}()
+
+	return eventWatcher.ExportEvents(ctx)
+}
+
+// handleEventV2 processes an event from the newer export API.
+func (j *EventsJob) handleEventV2(ctx context.Context, evt *auditlogpb.ExportEventUnstructured) error {
+
+	// filter out unwanted event types (in the v1 event export logic this was an internal behavior
+	// of the event processing helper since it would perform conversion prior to storing the event
+	// in its internal buffer).
+	if _, ok := j.app.Config.SkipEventTypes[evt.Event.Type]; ok {
+		return nil
+	}
+
+	// convert the event to teleport-event-exporter's internal representation
+	event, err := NewTeleportEvent(evt.Event)
+	if err != nil {
+		return trace.Wrap(err)
+	}
+
+	// remaining handling logic is common to v1 and v2 event export
+	return j.handleEvent(ctx, event)
 }
 
 // handleEvent processes an event
@@ -144,13 +304,7 @@ func (j *EventsJob) handleEvent(ctx context.Context, evt *TeleportEvent) error {
 		}
 	}
 
-	// Save last event id and cursor to disk
-	if err := j.app.State.SetID(evt.ID); err != nil {
-		return trace.Wrap(err)
-	}
-	if err := j.app.State.SetCursor(evt.Cursor); err != nil {
-		return trace.Wrap(err)
-	}
+	j.eventsProcessed.Add(1)
 
 	return nil
 }
@@ -176,7 +330,7 @@ func (j *EventsJob) TryLockUser(ctx context.Context, evt *TeleportEvent) error {
 		return nil
 	}
 
-	err = j.app.EventWatcher.UpsertLock(ctx, evt.FailedLoginData.User, evt.FailedLoginData.Login, j.app.Config.LockFor)
+	err = upsertLock(ctx, j.app.client, evt.FailedLoginData.User, evt.FailedLoginData.Login, j.app.Config.LockFor)
 	if err != nil {
 		return trace.Wrap(err)
 	}
diff --git a/integrations/event-handler/helpers.go b/integrations/event-handler/helpers.go
new file mode 100644
index 0000000000000..793b4c00262e3
--- /dev/null
+++ b/integrations/event-handler/helpers.go
@@ -0,0 +1,126 @@
+/*
+Copyright 2024 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/gravitational/trace"
+	log "github.com/sirupsen/logrus"
+
+	"github.com/gravitational/teleport/api/client"
+	"github.com/gravitational/teleport/api/client/proto"
+	auditlogpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/auditlog/v1"
+	"github.com/gravitational/teleport/api/types"
+	"github.com/gravitational/teleport/api/types/events"
+	"github.com/gravitational/teleport/integrations/lib"
+	"github.com/gravitational/teleport/integrations/lib/credentials"
+	"github.com/gravitational/teleport/lib/events/export"
+)
+
+// TeleportSearchEventsClient is an interface for client.Client, required for testing
+type TeleportSearchEventsClient interface {
+	export.Client
+	// SearchEvents searches for events in the audit log and returns them using their protobuf representation.
+	SearchEvents(ctx context.Context, fromUTC, toUTC time.Time, namespace string, eventTypes []string, limit int, order types.EventOrder, startKey string) ([]events.AuditEvent, string, error)
+	// StreamSessionEvents returns session events stream for a given session ID using their protobuf representation.
+	StreamSessionEvents(ctx context.Context, sessionID string, startIndex int64) (chan events.AuditEvent, chan error)
+	// SearchUnstructuredEvents searches for events in the audit log and returns them using an unstructured representation (structpb.Struct).
+	SearchUnstructuredEvents(ctx context.Context, fromUTC, toUTC time.Time, namespace string, eventTypes []string, limit int, order types.EventOrder, startKey string) ([]*auditlogpb.EventUnstructured, string, error)
+	// StreamUnstructuredSessionEvents returns session events stream for a given session ID using an unstructured representation (structpb.Struct).
+	StreamUnstructuredSessionEvents(ctx context.Context, sessionID string, startIndex int64) (chan *auditlogpb.EventUnstructured, chan error)
+	UpsertLock(ctx context.Context, lock types.Lock) error
+	Ping(ctx context.Context) (proto.PingResponse, error)
+	Close() error
+}
+
+// newClient performs teleport api client setup, including credentials loading, validation, and
+// setup of credentials refresh if needed.
+func newClient(ctx context.Context, c *StartCmdConfig) (*client.Client, error) {
+	var creds []client.Credentials
+	switch {
+	case c.TeleportIdentityFile != "" && !c.TeleportRefreshEnabled:
+		creds = []client.Credentials{client.LoadIdentityFile(c.TeleportIdentityFile)}
+	case c.TeleportIdentityFile != "" && c.TeleportRefreshEnabled:
+		cred, err := lib.NewIdentityFileWatcher(ctx, c.TeleportIdentityFile, c.TeleportRefreshInterval)
+		if err != nil {
+			return nil, trace.Wrap(err)
+		}
+		creds = []client.Credentials{cred}
+	case c.TeleportCert != "" && c.TeleportKey != "" && c.TeleportCA != "":
+		creds = []client.Credentials{client.LoadKeyPair(c.TeleportCert, c.TeleportKey, c.TeleportCA)}
+	default:
+		return nil, trace.BadParameter("no credentials configured")
+	}
+
+	if validCred, err := credentials.CheckIfExpired(creds); err != nil {
+		log.Warn(err)
+		if !validCred {
+			return nil, trace.BadParameter(
+				"No valid credentials found, this likely means credentials are expired. In this case, please sign new credentials and increase their TTL if needed.",
+			)
+		}
+		log.Info("At least one non-expired credential has been found, continuing startup")
+	}
+
+	clientConfig := client.Config{
+		Addrs:       []string{c.TeleportAddr},
+		Credentials: creds,
+	}
+
+	teleportClient, err := client.New(ctx, clientConfig)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	return teleportClient, nil
+}
+
+// upsertLock is a helper used to create or update the event handler's auto lock.
+func upsertLock(ctx context.Context, clt TeleportSearchEventsClient, user string, login string, period time.Duration) error {
+	var expires *time.Time
+
+	if period > 0 {
+		t := time.Now()
+		t = t.Add(period)
+		expires = &t
+	}
+
+	lock := &types.LockV2{
+		Metadata: types.Metadata{
+			Name: fmt.Sprintf("event-handler-auto-lock-%v-%v", user, login),
+		},
+		Spec: types.LockSpecV2{
+			Target: types.LockTarget{
+				Login: login,
+				User:  user,
+			},
+			Message: lockMessage,
+			Expires: expires,
+		},
+	}
+
+	return clt.UpsertLock(ctx, lock)
+}
+
+// normalizeDate normalizes a timestamp to the beginning of the day in UTC.
+func normalizeDate(t time.Time) time.Time {
+	t = t.UTC()
+	return time.Date(t.Year(), t.Month(), t.Day(), 0, 0, 0, 0, time.UTC)
+}
diff --git a/integrations/event-handler/teleport_events_watcher.go b/integrations/event-handler/legacy_events_watcher.go
similarity index 57%
rename from integrations/event-handler/teleport_events_watcher.go
rename to integrations/event-handler/legacy_events_watcher.go
index 0221b44aaefaf..2279bd779d9b6 100644
--- a/integrations/event-handler/teleport_events_watcher.go
+++ b/integrations/event-handler/legacy_events_watcher.go
@@ -18,21 +18,16 @@ package main
 
 import (
 	"context"
-	"fmt"
 	"sync"
+	"sync/atomic"
 	"time"
 
 	"github.com/gravitational/trace"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/time/rate"
 
-	"github.com/gravitational/teleport/api/client"
-	"github.com/gravitational/teleport/api/client/proto"
 	auditlogpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/auditlog/v1"
 	"github.com/gravitational/teleport/api/types"
-	"github.com/gravitational/teleport/api/types/events"
-	"github.com/gravitational/teleport/integrations/lib"
-	"github.com/gravitational/teleport/integrations/lib/credentials"
 	"github.com/gravitational/teleport/integrations/lib/logger"
 )
 
@@ -41,23 +36,25 @@ const (
 	lockMessage = "User is locked due to too many failed login attempts"
 )
 
-// TeleportSearchEventsClient is an interface for client.Client, required for testing
-type TeleportSearchEventsClient interface {
-	// SearchEvents searches for events in the audit log and returns them using their protobuf representation.
-	SearchEvents(ctx context.Context, fromUTC, toUTC time.Time, namespace string, eventTypes []string, limit int, order types.EventOrder, startKey string) ([]events.AuditEvent, string, error)
-	// StreamSessionEvents returns session events stream for a given session ID using their protobuf representation.
-	StreamSessionEvents(ctx context.Context, sessionID string, startIndex int64) (chan events.AuditEvent, chan error)
-	// SearchUnstructuredEvents searches for events in the audit log and returns them using an unstructured representation (structpb.Struct).
-	SearchUnstructuredEvents(ctx context.Context, fromUTC, toUTC time.Time, namespace string, eventTypes []string, limit int, order types.EventOrder, startKey string) ([]*auditlogpb.EventUnstructured, string, error)
-	// StreamUnstructuredSessionEvents returns session events stream for a given session ID using an unstructured representation (structpb.Struct).
-	StreamUnstructuredSessionEvents(ctx context.Context, sessionID string, startIndex int64) (chan *auditlogpb.EventUnstructured, chan error)
-	UpsertLock(ctx context.Context, lock types.Lock) error
-	Ping(ctx context.Context) (proto.PingResponse, error)
-	Close() error
+// LegacyCursorValue represents the cursor data used by the LegacyEventsWatcher to
+// resume from where it left off.
+type LegacyCursorValues struct {
+	Cursor          string
+	ID              string
+	WindowStartTime time.Time
 }
 
-// TeleportEventsWatcher represents wrapper around Teleport client to work with events
-type TeleportEventsWatcher struct {
+// IsEmpty returns true if all cursor values are empty.
+func (c *LegacyCursorValues) IsEmpty() bool {
+	return c.Cursor == "" && c.ID == "" && c.WindowStartTime.IsZero()
+}
+
+func (c *LegacyCursorValues) Equals(other LegacyCursorValues) bool {
+	return c.Cursor == other.Cursor && c.ID == other.ID && c.WindowStartTime.Equal(other.WindowStartTime)
+}
+
+// LegacyEventsWatcher represents wrapper around Teleport client to work with events
+type LegacyEventsWatcher struct {
 	// client is an instance of GRPC Teleport client
 	client TeleportSearchEventsClient
 	// cursor current page cursor value
@@ -69,94 +66,74 @@ type TeleportEventsWatcher struct {
 	// pos current virtual cursor position within a batch
 	pos int
 	// batch current events batch
-	batch []*TeleportEvent
+	batch []*LegacyTeleportEvent
 	// config is teleport config
 	config *StartCmdConfig
+	// export is the callback that is invoked for each event. it is retried indefinitely
+	// until it returns nil.
+	export func(context.Context, *TeleportEvent) error
+
+	// exportedCursor is a pointer to the cursor values of the most recently
+	// exported event. the values mirror above fields, but those are only accessible
+	// to the main event processing goroutine. these values are meant to be read
+	// by concurrently.
+	exportedCursor atomic.Pointer[LegacyCursorValues]
 
 	// windowStartTime is event time frame start
 	windowStartTime   time.Time
 	windowStartTimeMu sync.Mutex
 }
 
-// NewTeleportEventsWatcher builds Teleport client instance
-func NewTeleportEventsWatcher(
-	ctx context.Context,
+// NewLegacyEventsWatcher builds Teleport client instance
+func NewLegacyEventsWatcher(
 	c *StartCmdConfig,
-	windowStartTime time.Time,
-	cursor string,
-	id string,
-) (*TeleportEventsWatcher, error) {
-	var creds []client.Credentials
-	switch {
-	case c.TeleportIdentityFile != "" && !c.TeleportRefreshEnabled:
-		creds = []client.Credentials{client.LoadIdentityFile(c.TeleportIdentityFile)}
-	case c.TeleportIdentityFile != "" && c.TeleportRefreshEnabled:
-		cred, err := lib.NewIdentityFileWatcher(ctx, c.TeleportIdentityFile, c.TeleportRefreshInterval)
-		if err != nil {
-			return nil, trace.Wrap(err)
-		}
-		creds = []client.Credentials{cred}
-	case c.TeleportCert != "" && c.TeleportKey != "" && c.TeleportCA != "":
-		creds = []client.Credentials{client.LoadKeyPair(c.TeleportCert, c.TeleportKey, c.TeleportCA)}
-	default:
-		return nil, trace.BadParameter("no credentials configured")
-	}
-
-	if validCred, err := credentials.CheckIfExpired(creds); err != nil {
-		log.Warn(err)
-		if !validCred {
-			return nil, trace.BadParameter(
-				"No valid credentials found, this likely means credentials are expired. In this case, please sign new credentials and increase their TTL if needed.",
-			)
-		}
-		log.Info("At least one non-expired credential has been found, continuing startup")
-	}
-
-	config := client.Config{
-		Addrs:       []string{c.TeleportAddr},
-		Credentials: creds,
-	}
-
-	teleportClient, err := client.New(ctx, config)
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-
-	tc := TeleportEventsWatcher{
-		client:          teleportClient,
+	client TeleportSearchEventsClient,
+	cursorValues LegacyCursorValues,
+	export func(context.Context, *TeleportEvent) error,
+) *LegacyEventsWatcher {
+	w := &LegacyEventsWatcher{
+		client:          client,
 		pos:             -1,
-		cursor:          cursor,
+		cursor:          cursorValues.Cursor,
 		config:          c,
-		id:              id,
-		windowStartTime: windowStartTime,
+		export:          export,
+		id:              cursorValues.ID,
+		windowStartTime: cursorValues.WindowStartTime,
 	}
 
-	return &tc, nil
+	w.exportedCursor.Store(&cursorValues)
+
+	return w
 }
 
 // Close closes connection to Teleport
-func (t *TeleportEventsWatcher) Close() {
+func (t *LegacyEventsWatcher) Close() {
 	t.client.Close()
 }
 
+func (t *LegacyEventsWatcher) GetCursorValues() LegacyCursorValues {
+	// exported cursor values ptr is never nil
+	return *t.exportedCursor.Load()
+}
+
 // flipPage flips the current page
-func (t *TeleportEventsWatcher) flipPage() bool {
+func (t *LegacyEventsWatcher) flipPage() bool {
 	if t.nextCursor == "" {
 		return false
 	}
 
 	t.cursor = t.nextCursor
 	t.pos = -1
-	t.batch = make([]*TeleportEvent, 0)
+	t.batch = make([]*LegacyTeleportEvent, 0)
 
 	return true
 }
 
 // fetch fetches the page and sets the position to the event after latest known
-func (t *TeleportEventsWatcher) fetch(ctx context.Context) error {
+func (t *LegacyEventsWatcher) fetch(ctx context.Context) error {
 	log := logger.Get(ctx)
 	// Zero batch
-	t.batch = make([]*TeleportEvent, 0, t.config.BatchSize)
+	t.batch = make([]*LegacyTeleportEvent, 0, t.config.BatchSize)
 	nextCursor, err := t.getEvents(ctx)
 	if err != nil {
 		return trace.Wrap(err)
@@ -183,7 +160,6 @@ func (t *TeleportEventsWatcher) fetch(ctx context.Context) error {
 		for i, e := range t.batch {
 			if e.ID == t.id {
 				pos = i + 1
-				t.id = e.ID
 			}
 		}
 	}
@@ -200,8 +176,9 @@ func (t *TeleportEventsWatcher) fetch(ctx context.Context) error {
 // It returns a slice of events, a cursor for the next page and an error.
 // If the cursor is out of the range, it advances the windowStartTime to the next day.
 // It only advances the windowStartTime if no events are found until the last complete day.
-func (t *TeleportEventsWatcher) getEvents(ctx context.Context) (string, error) {
-	rangeSplitByDay := splitRangeByDay(t.getWindowStartTime(), time.Now().UTC(), t.config.WindowSize)
+func (t *LegacyEventsWatcher) getEvents(ctx context.Context) (string, error) {
+	wst := t.getWindowStartTime()
+	rangeSplitByDay := splitRangeByDay(wst, time.Now().UTC(), t.config.WindowSize)
 	for i := 1; i < len(rangeSplitByDay); i++ {
 		startTime := rangeSplitByDay[i-1]
 		endTime := rangeSplitByDay[i]
@@ -217,7 +194,7 @@ func (t *TeleportEventsWatcher) getEvents(ctx context.Context) (string, error) {
 				log.WithField("event", e).Debug("Skipping event")
 				continue
 			}
-			evt, err := NewTeleportEvent(e, t.cursor)
+			evt, err := NewLegacyTeleportEvent(e, t.cursor, wst)
 			if err != nil {
 				return "", trace.Wrap(err)
 			}
@@ -238,7 +215,7 @@ func (t *TeleportEventsWatcher) getEvents(ctx context.Context) (string, error) {
 	return t.cursor, nil
 }
 
-func (t *TeleportEventsWatcher) canSkipToNextWindow(i int, rangeSplitByDay []time.Time, cursor string) bool {
+func (t *LegacyEventsWatcher) canSkipToNextWindow(i int, rangeSplitByDay []time.Time, cursor string) bool {
 	if cursor != "" {
 		return false
 
@@ -267,7 +244,7 @@ func (t *TeleportEventsWatcher) canSkipToNextWindow(i int, rangeSplitByDay []tim
 
 // getEvents calls Teleport client and loads events from the audit log.
 // It returns a slice of events, a cursor for the next page and an error.
-func (t *TeleportEventsWatcher) getEventsInWindow(ctx context.Context, from, to time.Time) ([]*auditlogpb.EventUnstructured, string, error) {
+func (t *LegacyEventsWatcher) getEventsInWindow(ctx context.Context, from, to time.Time) ([]*auditlogpb.EventUnstructured, string, error) {
 	evts, cursor, err := t.client.SearchUnstructuredEvents(
 		ctx,
 		from,
@@ -291,7 +268,7 @@ func splitRangeByDay(from, to time.Time, windowSize time.Duration) []time.Time {
 }
 
 // pause sleeps for timeout seconds
-func (t *TeleportEventsWatcher) pause(ctx context.Context) error {
+func (t *LegacyEventsWatcher) pause(ctx context.Context) error {
 	log := logger.Get(ctx)
 	log.Debugf("No new events, pause for %v seconds", t.config.Timeout)
 
@@ -303,13 +280,13 @@ func (t *TeleportEventsWatcher) pause(ctx context.Context) error {
 	}
 }
 
-// Next returns next event from a batch or requests next batch if it has been ended
-func (t *TeleportEventsWatcher) Events(ctx context.Context) (chan *TeleportEvent, chan error) {
-	ch := make(chan *TeleportEvent, t.config.BatchSize)
+// ExportEvents exports events from Teleport to the export function provided on initialization. The atomic
+// cursor value is updated after each successful export call, and failed export calls are retried indefinitely.
+func (t *LegacyEventsWatcher) ExportEvents(ctx context.Context) error {
+	ch := make(chan *LegacyTeleportEvent, t.config.BatchSize)
 	e := make(chan error, 1)
 
 	go func() {
-		defer close(ch)
 		defer close(e)
 
 		logLimiter := rate.NewLimiter(rate.Every(time.Minute), 6)
@@ -396,48 +373,46 @@ func (t *TeleportEventsWatcher) Events(ctx context.Context) (chan *TeleportEvent
 		}
 	}()
 
-	return ch, e
-}
-
-// StreamSessionEvents returns session event stream, that's the simple delegate to an API function
-func (t *TeleportEventsWatcher) StreamUnstructuredSessionEvents(ctx context.Context, id string, index int64) (chan *auditlogpb.EventUnstructured, chan error) {
-	return t.client.StreamUnstructuredSessionEvents(ctx, id, index)
-}
-
-// UpsertLock upserts user lock
-func (t *TeleportEventsWatcher) UpsertLock(ctx context.Context, user string, login string, period time.Duration) error {
-	var expires *time.Time
-
-	if period > 0 {
-		t := time.Now()
-		t = t.Add(period)
-		expires = &t
-	}
+	for {
+		select {
+		case evt := <-ch:
+		Export:
+			for {
+				// retry export of event indefinitely until event export either succeeds or
+				// exporter is closed.
+				err := t.export(ctx, evt.TeleportEvent)
+				if err == nil {
+					break Export
+				}
 
-	lock := &types.LockV2{
-		Metadata: types.Metadata{
-			Name: fmt.Sprintf("event-handler-auto-lock-%v-%v", user, login),
-		},
-		Spec: types.LockSpecV2{
-			Target: types.LockTarget{
-				Login: login,
-				User:  user,
-			},
-			Message: lockMessage,
-			Expires: expires,
-		},
+				log.WithError(err).Error("Failed to export event, retrying...")
+				select {
+				case <-ctx.Done():
+					return trace.Wrap(ctx.Err())
+				case <-time.After(5 * time.Second): // TODO(fspmarshall): add real backoff
+				}
+			}
+			// store updated cursor values after successful export
+			t.exportedCursor.Store(&LegacyCursorValues{
+				Cursor:          evt.Cursor,
+				ID:              evt.ID,
+				WindowStartTime: evt.Window,
+			})
+		case <-ctx.Done():
+			return trace.Wrap(ctx.Err())
+		case err := <-e:
+			return trace.Wrap(err)
+		}
 	}
-
-	return t.client.UpsertLock(ctx, lock)
 }
 
-func (t *TeleportEventsWatcher) getWindowStartTime() time.Time {
+func (t *LegacyEventsWatcher) getWindowStartTime() time.Time {
 	t.windowStartTimeMu.Lock()
 	defer t.windowStartTimeMu.Unlock()
 	return t.windowStartTime
 }
 
-func (t *TeleportEventsWatcher) setWindowStartTime(time time.Time) {
+func (t *LegacyEventsWatcher) setWindowStartTime(time time.Time) {
 	t.windowStartTimeMu.Lock()
 	defer t.windowStartTimeMu.Unlock()
 	t.windowStartTime = time
diff --git a/integrations/event-handler/teleport_events_watcher_test.go b/integrations/event-handler/legacy_events_watcher_test.go
similarity index 80%
rename from integrations/event-handler/teleport_events_watcher_test.go
rename to integrations/event-handler/legacy_events_watcher_test.go
index 38b7e6e8f6a45..e106b03815234 100644
--- a/integrations/event-handler/teleport_events_watcher_test.go
+++ b/integrations/event-handler/legacy_events_watcher_test.go
@@ -31,10 +31,12 @@ import (
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/types/events"
 	libevents "github.com/gravitational/teleport/lib/events"
+	"github.com/gravitational/teleport/lib/events/export"
 )
 
 // mockTeleportEventWatcher is Teleport client mock
 type mockTeleportEventWatcher struct {
+	export.Client
 	mu sync.Mutex
 	// events is the mock list of events
 	events []events.AuditEvent
@@ -133,27 +135,25 @@ func (c *mockTeleportEventWatcher) Close() error {
 	return nil
 }
 
-func newTeleportEventWatcher(t *testing.T, eventsClient TeleportSearchEventsClient, startTime time.Time, skipEventTypesRaw []string) *TeleportEventsWatcher {
+func newTeleportEventWatcher(t *testing.T, eventsClient TeleportSearchEventsClient, startTime time.Time, skipEventTypesRaw []string, exportFn func(context.Context, *TeleportEvent) error) *LegacyEventsWatcher {
 	skipEventTypes := map[string]struct{}{}
 	for _, eventType := range skipEventTypesRaw {
 		skipEventTypes[eventType] = struct{}{}
 	}
-	client := &TeleportEventsWatcher{
-		client: eventsClient,
-		pos:    -1,
-		config: &StartCmdConfig{
-			IngestConfig: IngestConfig{
-				BatchSize:           5,
-				ExitOnLastEvent:     true,
-				SkipEventTypes:      skipEventTypes,
-				SkipSessionTypesRaw: skipEventTypesRaw,
-				WindowSize:          24 * time.Hour,
-			},
-		},
-		windowStartTime: startTime,
+
+	cursor := LegacyCursorValues{
+		WindowStartTime: startTime,
 	}
 
-	return client
+	return NewLegacyEventsWatcher(&StartCmdConfig{
+		IngestConfig: IngestConfig{
+			BatchSize:           5,
+			ExitOnLastEvent:     true,
+			SkipEventTypes:      skipEventTypes,
+			SkipSessionTypesRaw: skipEventTypesRaw,
+			WindowSize:          24 * time.Hour,
+		},
+	}, eventsClient, cursor, exportFn)
 }
 
 func TestEvents(t *testing.T) {
@@ -175,10 +175,19 @@ func TestEvents(t *testing.T) {
 
 	// Add the 20 events to a mock event watcher.
 	mockEventWatcher := &mockTeleportEventWatcher{events: testAuditEvents}
-	client := newTeleportEventWatcher(t, mockEventWatcher, time.Now().Add(-48*time.Hour), nil)
 
-	// Start the events goroutine
-	chEvt, chErr := client.Events(ctx)
+	chEvt, chErr := make(chan *TeleportEvent, 128), make(chan error, 1)
+	client := newTeleportEventWatcher(t, mockEventWatcher, time.Now().Add(-48*time.Hour), nil, func(ctx context.Context, evt *TeleportEvent) error {
+		select {
+		case chEvt <- evt:
+			return nil
+		case <-ctx.Done():
+			return ctx.Err()
+		}
+	})
+	go func() {
+		chErr <- client.ExportEvents(ctx)
+	}()
 
 	// Collect all 20 events
 	for i := 0; i < 20; i++ {
@@ -197,34 +206,14 @@ func TestEvents(t *testing.T) {
 		}
 	}
 
-	// Both channels should be closed once the last event is reached.
+	// watcher should exit automatically
 	select {
-	case _, ok := <-chEvt:
-		require.False(t, ok, "Events channel should be closed")
+	case evt := <-chEvt:
+		t.Fatalf("received unexpected event while waiting for watcher exit: %v", evt)
+	case err := <-chErr:
+		require.NoError(t, err)
 	case <-time.After(2 * time.Second):
-		t.Fatalf("No events received within deadline")
-	}
-
-	select {
-	case _, ok := <-chErr:
-		require.False(t, ok, "Error channel should be closed")
-	case <-time.After(2 * time.Second):
-		t.Fatalf("No events received within deadline")
-	}
-
-	// Both channels should be closed
-	select {
-	case _, ok := <-chEvt:
-		require.False(t, ok, "Events channel should be closed")
-	case <-time.After(2 * time.Second):
-		t.Fatalf("No events received within deadline")
-	}
-
-	select {
-	case _, ok := <-chErr:
-		require.False(t, ok, "Error channel should be closed")
-	case <-time.After(2 * time.Second):
-		t.Fatalf("No events received within deadline")
+		t.Fatalf("timeout waiting for watcher to exit")
 	}
 }
 
@@ -248,33 +237,28 @@ func TestEventsError(t *testing.T) {
 	// Add the 20 events to a mock event watcher.
 	mockErr := trace.Errorf("error")
 	mockEventWatcher := &mockTeleportEventWatcher{events: testAuditEvents, mockSearchErr: mockErr}
-	client := newTeleportEventWatcher(t, mockEventWatcher, time.Now().Add(-48*time.Hour), nil)
 
-	// Start the events goroutine
-	chEvt, chErr := client.Events(ctx)
+	chEvt, chErr := make(chan *TeleportEvent, 128), make(chan error, 1)
+	client := newTeleportEventWatcher(t, mockEventWatcher, time.Now().Add(-48*time.Hour), nil, func(ctx context.Context, evt *TeleportEvent) error {
+		select {
+		case chEvt <- evt:
+			return nil
+		case <-ctx.Done():
+			return ctx.Err()
+		}
+	})
+	go func() {
+		chErr <- client.ExportEvents(ctx)
+	}()
 
 	select {
-	case err, ok := <-chErr:
-		require.True(t, ok, "Channel unexpectedly close")
+	case evt := <-chEvt:
+		t.Fatalf("received unexpected event while waiting for watcher exit: %v", evt)
+	case err := <-chErr:
 		require.ErrorIs(t, err, mockErr)
 	case <-time.After(2 * time.Second):
 		t.Fatalf("No events received within deadline")
 	}
-
-	// Both channels should be closed
-	select {
-	case _, ok := <-chEvt:
-		require.False(t, ok, "Events channel should be closed")
-	case <-time.After(2 * time.Second):
-		t.Fatalf("No events received within deadline")
-	}
-
-	select {
-	case _, ok := <-chErr:
-		require.False(t, ok, "Error channel should be closed")
-	case <-time.After(2 * time.Second):
-		t.Fatalf("No events received within deadline")
-	}
 }
 
 func TestUpdatePage(t *testing.T) {
@@ -295,11 +279,21 @@ func TestUpdatePage(t *testing.T) {
 	defer cancel()
 
 	mockEventWatcher := &mockTeleportEventWatcher{}
-	client := newTeleportEventWatcher(t, mockEventWatcher, time.Now().Add(-1*time.Hour), nil)
+
+	chEvt, chErr := make(chan *TeleportEvent, 128), make(chan error, 1)
+	client := newTeleportEventWatcher(t, mockEventWatcher, time.Now().Add(-1*time.Hour), nil, func(ctx context.Context, evt *TeleportEvent) error {
+		select {
+		case chEvt <- evt:
+			return nil
+		case <-ctx.Done():
+			return ctx.Err()
+		}
+	})
 	client.config.ExitOnLastEvent = false
 
-	// Start the events goroutine
-	chEvt, chErr := client.Events(ctx)
+	go func() {
+		chErr <- client.ExportEvents(ctx)
+	}()
 
 	// Add an incomplete page of 3 events and collect them.
 	mockEventWatcher.setEvents(testAuditEvents[:3])
@@ -379,27 +373,13 @@ func TestUpdatePage(t *testing.T) {
 	mockEventWatcher.setSearchEventsError(mockErr)
 
 	select {
-	case err, ok := <-chErr:
-		require.True(t, ok, "Channel unexpectedly close")
+	case evt := <-chEvt:
+		t.Fatalf("received unexpected event while waiting for watcher exit: %v", evt)
+	case err := <-chErr:
 		require.ErrorIs(t, err, mockErr)
 	case <-time.After(2 * time.Second):
 		t.Fatalf("No events received within deadline")
 	}
-
-	// Both channels should be closed
-	select {
-	case _, ok := <-chEvt:
-		require.False(t, ok, "Events channel should be closed")
-	case <-time.After(2 * time.Second):
-		t.Fatalf("No events received within deadline")
-	}
-
-	select {
-	case _, ok := <-chErr:
-		require.False(t, ok, "Error channel should be closed")
-	case <-time.After(2 * time.Second):
-		t.Fatalf("No events received within deadline")
-	}
 }
 
 func TestValidateConfig(t *testing.T) {
@@ -576,10 +556,19 @@ func TestEventsWithWindowSkip(t *testing.T) {
 
 	// Add the 20 events to a mock event watcher.
 	mockEventWatcher := &mockTeleportEventWatcher{events: testAuditEvents}
-	client := newTeleportEventWatcher(t, mockEventWatcher, time.Now().Add(-48*time.Hour), []string{libevents.UserCreateEvent})
 
-	// Start the events goroutine
-	chEvt, chErr := client.Events(ctx)
+	chEvt, chErr := make(chan *TeleportEvent, 128), make(chan error, 1)
+	client := newTeleportEventWatcher(t, mockEventWatcher, time.Now().Add(-48*time.Hour), []string{libevents.UserCreateEvent}, func(ctx context.Context, evt *TeleportEvent) error {
+		select {
+		case chEvt <- evt:
+			return nil
+		case <-ctx.Done():
+			return ctx.Err()
+		}
+	})
+	go func() {
+		chErr <- client.ExportEvents(ctx)
+	}()
 
 	// Collect all 10 first events
 	for i := 0; i < 10; i++ {
@@ -614,33 +603,13 @@ func TestEventsWithWindowSkip(t *testing.T) {
 		}
 	}
 
-	// Both channels should be closed once the last event is reached.
+	// watcher should exit automatically
 	select {
-	case _, ok := <-chEvt:
-		require.False(t, ok, "Events channel should be closed")
+	case evt := <-chEvt:
+		t.Fatalf("received unexpected event while waiting for watcher exit: %v", evt)
+	case err := <-chErr:
+		require.NoError(t, err)
 	case <-time.After(2 * time.Second):
-		t.Fatalf("No events received within deadline")
-	}
-
-	select {
-	case _, ok := <-chErr:
-		require.False(t, ok, "Error channel should be closed")
-	case <-time.After(2 * time.Second):
-		t.Fatalf("No events received within deadline")
-	}
-
-	// Both channels should be closed
-	select {
-	case _, ok := <-chEvt:
-		require.False(t, ok, "Events channel should be closed")
-	case <-time.After(2 * time.Second):
-		t.Fatalf("No events received within deadline")
-	}
-
-	select {
-	case _, ok := <-chErr:
-		require.False(t, ok, "Error channel should be closed")
-	case <-time.After(2 * time.Second):
-		t.Fatalf("No events received within deadline")
+		t.Fatalf("timeout waiting for watcher to exit")
 	}
 }
diff --git a/integrations/event-handler/session_events_job.go b/integrations/event-handler/session_events_job.go
index 4013f419183e0..8a009333bc3d9 100644
--- a/integrations/event-handler/session_events_job.go
+++ b/integrations/event-handler/session_events_job.go
@@ -16,11 +16,13 @@ package main
 
 import (
 	"context"
+	"sync/atomic"
 	"time"
 
 	"github.com/gravitational/trace"
 	"github.com/jonboulle/clockwork"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/time/rate"
 
 	"github.com/gravitational/teleport/api/utils/retryutils"
 	"github.com/gravitational/teleport/integrations/lib"
@@ -28,6 +30,14 @@ import (
 	"github.com/gravitational/teleport/integrations/lib/logger"
 )
 
+const (
+	// sessionBacklogMultiplier is used to calculate the allowed "backlog" of sessions waiting to be processed
+	// before session processing starts to block primary event ingestion. a multiplier of 16x the concurrency
+	// setting was selected based on real-world testing and seems to be a decent middle ground, preventing explosive
+	// growth of session cursors on disk without unduly blocking in the event of minor perf hickups.
+	sessionBacklogMultiplier = 16
+)
+
 // session is the utility struct used for session ingestion
 type session struct {
 	// ID current ID
@@ -41,17 +51,22 @@ type session struct {
 // SessionEventsJob incapsulates session events consumption logic
 type SessionEventsJob struct {
 	lib.ServiceJob
-	app       *App
-	sessions  chan session
-	semaphore chan struct{}
+	app                    *App
+	sessions               chan session
+	semaphore              chan struct{}
+	logLimiter             *rate.Limiter
+	backpressureLogLimiter *rate.Limiter
+	sessionsProcessed      atomic.Uint64
 }
 
 // NewSessionEventsJob creates new EventsJob structure
 func NewSessionEventsJob(app *App) *SessionEventsJob {
 	j := &SessionEventsJob{
-		app:       app,
-		semaphore: make(chan struct{}, app.Config.Concurrency),
-		sessions:  make(chan session),
+		app:                    app,
+		semaphore:              make(chan struct{}, app.Config.Concurrency),
+		sessions:               make(chan session, app.Config.Concurrency*sessionBacklogMultiplier),
+		logLimiter:             rate.NewLimiter(rate.Every(time.Second), 1),
+		backpressureLogLimiter: rate.NewLimiter(rate.Every(time.Minute), 1),
 	}
 
 	j.ServiceJob = lib.NewServiceJob(j.run)
@@ -71,6 +86,21 @@ func (j *SessionEventsJob) run(ctx context.Context) error {
 		return nil
 	})
 
+	// set up background logging of session processing rate
+	go func() {
+		logTicker := time.NewTicker(time.Minute)
+		defer logTicker.Stop()
+
+		for {
+			select {
+			case <-logTicker.C:
+				log.WithField("sessions_per_minute", j.sessionsProcessed.Swap(0)).Info("session processing")
+			case <-ctx.Done():
+				return
+			}
+		}
+	}()
+
 	if err := j.restartPausedSessions(); err != nil {
 		log.WithError(err).Error("Restarting paused sessions")
 	}
@@ -82,7 +112,9 @@ func (j *SessionEventsJob) run(ctx context.Context) error {
 		case s := <-j.sessions:
 			logger := log.WithField("id", s.ID).WithField("index", s.Index)
 
-			logger.Info("Starting session ingest")
+			if j.logLimiter.Allow() {
+				logger.Debug("Starting session ingest")
+			}
 
 			select {
 			case j.semaphore <- struct{}{}:
@@ -172,6 +204,8 @@ func (j *SessionEventsJob) processSession(ctx context.Context, s session, proces
 			}
 			return trace.Wrap(err)
 		default:
+			// increment the number of sessions processed
+			j.sessionsProcessed.Add(1)
 			// No errors, we've finished processing the session.
 			return nil
 		}
@@ -241,10 +275,12 @@ func (j *SessionEventsJob) restartPausedSessions() error {
 		return nil
 	}
 
+	logrus.WithField("count", len(sessions)).Debug("Restarting paused sessions")
+
 	for id, idx := range sessions {
 		func(id string, idx int64) {
 			j.app.SpawnCritical(func(ctx context.Context) error {
-				logrus.WithField("id", id).WithField("index", idx).Info("Restarting session ingestion")
+				logrus.WithField("id", id).WithField("index", idx).Debug("Restarting session ingestion")
 
 				s := session{ID: id, Index: idx}
 
@@ -268,8 +304,10 @@ func (j *SessionEventsJob) restartPausedSessions() error {
 // consumeSession ingests session
 func (j *SessionEventsJob) consumeSession(ctx context.Context, s session) (bool, error) {
 	url := j.app.Config.FluentdSessionURL + "." + s.ID + ".log"
-	chEvt, chErr := j.app.EventWatcher.StreamUnstructuredSessionEvents(ctx, s.ID, s.Index)
+	chEvt, chErr := j.app.client.StreamUnstructuredSessionEvents(ctx, s.ID, s.Index)
 
+	cursorSyncLimiter := rate.NewLimiter(rate.Every(time.Second), 1)
+	cursorSyncLimiter.Allow() // start the limiter off in a drained state
 Loop:
 	for {
 		select {
@@ -278,11 +316,13 @@ Loop:
 
 		case evt, ok := <-chEvt:
 			if !ok {
-				logrus.WithField("id", s.ID).Info("Finished session events ingest")
+				if j.logLimiter.Allow() {
+					logrus.WithField("id", s.ID).Debug("Finished session events ingest")
+				}
 				break Loop // Break the main loop
 			}
 
-			e, err := NewTeleportEvent(evt, "")
+			e, err := NewTeleportEvent(evt)
 			if err != nil {
 				return false, trace.Wrap(err)
 			}
@@ -299,10 +339,12 @@ Loop:
 				}
 			}
 
-			// Set session index
-			err = j.app.State.SetSessionIndex(s.ID, e.Index)
-			if err != nil {
-				return true, trace.Wrap(err)
+			if cursorSyncLimiter.Allow() {
+				// Set session index
+				err = j.app.State.SetSessionIndex(s.ID, e.Index)
+				if err != nil {
+					return true, trace.Wrap(err)
+				}
 			}
 		case <-ctx.Done():
 			if lib.IsCanceled(ctx.Err()) {
@@ -327,17 +369,26 @@ func (j *SessionEventsJob) RegisterSession(ctx context.Context, e *TeleportEvent
 
 	s := session{ID: e.SessionID, Index: 0, UploadTime: e.Time}
 
-	go func() {
-		select {
-		case j.sessions <- s:
-			return
-		case <-ctx.Done():
-			if !lib.IsCanceled(ctx.Err()) {
-				logrus.Error(ctx.Err())
-			}
-			return
-		}
-	}()
+	select {
+	case j.sessions <- s:
+		return nil
+	default:
+	}
 
-	return nil
+	if j.backpressureLogLimiter.Allow() {
+		logrus.Warn("backpressure in session processing, consider increasing concurrency if this issue persists")
+	}
+
+	select {
+	case j.sessions <- s:
+		return nil
+	case <-ctx.Done():
+		if !lib.IsCanceled(ctx.Err()) {
+			logrus.Error(ctx.Err())
+		}
+		// from the caller's perspective this isn't really an error since we did
+		// successfully sync session index to disk... session will be ingested
+		// on a subsequent run.
+		return nil
+	}
 }
diff --git a/integrations/event-handler/session_events_job_test.go b/integrations/event-handler/session_events_job_test.go
index 3f8c7ef1b3644..b0ae8caca8e43 100644
--- a/integrations/event-handler/session_events_job_test.go
+++ b/integrations/event-handler/session_events_job_test.go
@@ -29,19 +29,15 @@ import (
 // if no events are found.
 func TestConsumeSessionNoEventsFound(t *testing.T) {
 	sessionID := "test"
-	j := &SessionEventsJob{
-		app: &App{
-			Config: &StartCmdConfig{},
-			EventWatcher: &TeleportEventsWatcher{
-				client: &mockClient{},
-			},
-			State: &State{
-				dv: diskv.New(diskv.Options{
-					BasePath: t.TempDir(),
-				}),
-			},
+	j := NewSessionEventsJob(&App{
+		Config: &StartCmdConfig{},
+		State: &State{
+			dv: diskv.New(diskv.Options{
+				BasePath: t.TempDir(),
+			}),
 		},
-	}
+		client: &mockClient{},
+	})
 	_, err := j.consumeSession(context.Background(), session{ID: sessionID})
 	require.NoError(t, err)
 }
diff --git a/integrations/event-handler/state.go b/integrations/event-handler/state.go
index 0706f0ef8a561..b541049c727d9 100644
--- a/integrations/event-handler/state.go
+++ b/integrations/event-handler/state.go
@@ -24,6 +24,7 @@ import (
 	"net"
 	"os"
 	"path"
+	"path/filepath"
 	"strings"
 	"syscall"
 	"time"
@@ -33,6 +34,7 @@ import (
 	"github.com/sirupsen/logrus"
 
 	"github.com/gravitational/teleport/integrations/lib/logger"
+	"github.com/gravitational/teleport/lib/events/export"
 
 	"github.com/gravitational/teleport/integrations/event-handler/lib"
 )
@@ -50,6 +52,9 @@ const (
 	// cursorName is the cursor variable name
 	cursorName = "cursor"
 
+	// cursorV2Dir is the cursor v2 directory
+	cursorV2Dir = "cursor_v2"
+
 	// idName is the id variable name
 	idName = "id"
 
@@ -67,6 +72,12 @@ const (
 type State struct {
 	// dv is a diskv instance
 	dv *diskv.Diskv
+
+	// cursorV2 is an export cursor. if the event handler was started before
+	// introduction of the v2 cursor or is talking to an auth that does not
+	// implement the newer bulk export apis, the v1 cursor stored in the above
+	// dv may be the source of truth still.
+	cursorV2 *export.Cursor
 }
 
 // NewCursor creates new cursor instance
@@ -85,7 +96,17 @@ func NewState(c *StartCmdConfig) (*State, error) {
 		CacheSizeMax: cacheSizeMaxBytes,
 	})
 
-	s := State{dv}
+	cursorV2, err := export.NewCursor(export.CursorConfig{
+		Dir: filepath.Join(dir, cursorV2Dir),
+	})
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	s := State{
+		dv:       dv,
+		cursorV2: cursorV2,
+	}
 
 	return &s, nil
 }
@@ -130,6 +151,56 @@ func createStorageDir(c *StartCmdConfig) (string, error) {
 	return dir, nil
 }
 
+func (s *State) GetCursorV2State() export.ExporterState {
+	return s.cursorV2.GetState()
+}
+
+func (s *State) SetCursorV2State(state export.ExporterState) error {
+	return s.cursorV2.Sync(state)
+}
+
+func (s *State) GetLegacyCursorValues() (*LegacyCursorValues, error) {
+	latestCursor, err := s.GetCursor()
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	latestID, err := s.GetID()
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	lastWindowTime, err := s.GetLastWindowTime()
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	var windowStartTime time.Time
+	if lastWindowTime != nil {
+		windowStartTime = *lastWindowTime
+	}
+
+	lcv := &LegacyCursorValues{
+		Cursor:          latestCursor,
+		ID:              latestID,
+		WindowStartTime: windowStartTime,
+	}
+
+	return lcv, nil
+}
+
+func (s *State) SetLegacyCursorValues(v LegacyCursorValues) error {
+	if err := s.SetCursor(v.Cursor); err != nil {
+		return trace.Wrap(err)
+	}
+
+	if err := s.SetID(v.ID); err != nil {
+		return trace.Wrap(err)
+	}
+
+	return s.SetLastWindowTime(&v.WindowStartTime)
+}
+
 // GetStartTime gets current start time
 func (s *State) GetStartTime() (*time.Time, error) {
 	return s.getTimeKey(startTimeName)
diff --git a/integrations/event-handler/teleport_event.go b/integrations/event-handler/teleport_event.go
index 36833e16971b2..bb094eb0fb716 100644
--- a/integrations/event-handler/teleport_event.go
+++ b/integrations/event-handler/teleport_event.go
@@ -37,10 +37,8 @@ const (
 type TeleportEvent struct {
 	// event is the event
 	Event []byte
-	// cursor is the event ID (real/generated when empty)
+	// ID is the event ID (real/generated when empty)
 	ID string
-	// cursor is the current cursor value
-	Cursor string
 	// Type is an event type
 	Type string
 	// Time is an event timestamp
@@ -64,19 +62,26 @@ type TeleportEvent struct {
 	}
 }
 
+// LegacyTeleportEvent extends TeleportEvent with cursor and window values (used by the
+// legacy event watcher to manage its cursor values).
+type LegacyTeleportEvent struct {
+	*TeleportEvent
+	Cursor string
+	Window time.Time
+}
+
 // NewTeleportEvent creates TeleportEvent using AuditEvent as a source
-func NewTeleportEvent(e *auditlogpb.EventUnstructured, cursor string) (*TeleportEvent, error) {
+func NewTeleportEvent(e *auditlogpb.EventUnstructured) (*TeleportEvent, error) {
 	payload, err := e.Unstructured.MarshalJSON()
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
 	evt := &TeleportEvent{
-		Cursor: cursor,
-		Type:   e.GetType(),
-		Time:   e.Time.AsTime(),
-		Index:  e.GetIndex(),
-		ID:     e.Id,
-		Event:  payload,
+		Type:  e.GetType(),
+		Time:  e.Time.AsTime(),
+		Index: e.GetIndex(),
+		ID:    e.Id,
+		Event: payload,
 	}
 
 	switch e.GetType() {
@@ -92,6 +97,19 @@ func NewTeleportEvent(e *auditlogpb.EventUnstructured, cursor string) (*Teleport
 	return evt, nil
 }
 
+func NewLegacyTeleportEvent(e *auditlogpb.EventUnstructured, cursor string, window time.Time) (*LegacyTeleportEvent, error) {
+	evt, err := NewTeleportEvent(e)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	return &LegacyTeleportEvent{
+		TeleportEvent: evt,
+		Cursor:        cursor,
+		Window:        window,
+	}, nil
+}
+
 // setSessionID sets session id for session end event
 func (e *TeleportEvent) setSessionID(evt *auditlogpb.EventUnstructured) error {
 	sessionUploadEvt := &events.SessionUpload{}
diff --git a/integrations/event-handler/teleport_event_test.go b/integrations/event-handler/teleport_event_test.go
index a109247ebe613..3810784a242ea 100644
--- a/integrations/event-handler/teleport_event_test.go
+++ b/integrations/event-handler/teleport_event_test.go
@@ -44,11 +44,10 @@ func TestNew(t *testing.T) {
 	protoEvent, err := eventToProto(events.AuditEvent(e))
 	require.NoError(t, err)
 
-	event, err := NewTeleportEvent(protoEvent, "cursor")
+	event, err := NewTeleportEvent(protoEvent)
 	require.NoError(t, err)
 	assert.Equal(t, "test", event.ID)
 	assert.Equal(t, "mock", event.Type)
-	assert.Equal(t, "cursor", event.Cursor)
 }
 
 func TestGenID(t *testing.T) {
@@ -57,7 +56,7 @@ func TestGenID(t *testing.T) {
 	protoEvent, err := eventToProto(events.AuditEvent(e))
 	require.NoError(t, err)
 
-	event, err := NewTeleportEvent(protoEvent, "cursor")
+	event, err := NewTeleportEvent(protoEvent)
 	require.NoError(t, err)
 	assert.NotEmpty(t, event.ID)
 }
@@ -75,7 +74,7 @@ func TestSessionEnd(t *testing.T) {
 	protoEvent, err := eventToProto(events.AuditEvent(e))
 	require.NoError(t, err)
 
-	event, err := NewTeleportEvent(protoEvent, "cursor")
+	event, err := NewTeleportEvent(protoEvent)
 	require.NoError(t, err)
 	assert.NotEmpty(t, event.ID)
 	assert.NotEmpty(t, event.SessionID)
@@ -95,7 +94,7 @@ func TestFailedLogin(t *testing.T) {
 	protoEvent, err := eventToProto(events.AuditEvent(e))
 	require.NoError(t, err)
 
-	event, err := NewTeleportEvent(protoEvent, "cursor")
+	event, err := NewTeleportEvent(protoEvent)
 	require.NoError(t, err)
 	assert.NotEmpty(t, event.ID)
 	assert.True(t, event.IsFailedLogin)
@@ -114,7 +113,7 @@ func TestSuccessLogin(t *testing.T) {
 	protoEvent, err := eventToProto(events.AuditEvent(e))
 	require.NoError(t, err)
 
-	event, err := NewTeleportEvent(protoEvent, "cursor")
+	event, err := NewTeleportEvent(protoEvent)
 	require.NoError(t, err)
 	assert.NotEmpty(t, event.ID)
 	assert.False(t, event.IsFailedLogin)
diff --git a/integrations/operator/config/crd/bases/resources.teleport.dev_accesslists.yaml b/integrations/operator/config/crd/bases/resources.teleport.dev_accesslists.yaml
index f73fc63729992..60c0a57843c12 100644
--- a/integrations/operator/config/crd/bases/resources.teleport.dev_accesslists.yaml
+++ b/integrations/operator/config/crd/bases/resources.teleport.dev_accesslists.yaml
@@ -36,7 +36,7 @@ spec:
             description: AccessList resource definition v1 from Teleport
             properties:
               audit:
-                description: audit describes the frequency that this access list must
+                description: audit describes the frequency that this Access List must
                   be audited.
                 nullable: true
                 properties:
@@ -74,16 +74,16 @@ spec:
                 type: object
               description:
                 description: description is an optional plaintext description of the
-                  access list.
+                  Access List.
                 type: string
               grants:
                 description: grants describes the access granted by membership to
-                  this access list.
+                  this Access List.
                 nullable: true
                 properties:
                   roles:
                     description: roles are the roles that are granted to users who
-                      are members of the access list.
+                      are members of the Access List.
                     items:
                       type: string
                     nullable: true
@@ -94,13 +94,13 @@ spec:
                         type: string
                       type: array
                     description: traits are the traits that are granted to users who
-                      are members of the access list.
+                      are members of the Access List.
                     type: object
                 type: object
               membership_requires:
                 description: membership_requires describes the requirements for a
-                  user to be a member of the access list. For a membership to an access
-                  list to be effective, the user must meet the requirements of Membership_requires
+                  user to be a member of the Access List. For a membership to an Access
+                  List to be effective, the user must meet the requirements of Membership_requires
                   and must be in the members list.
                 nullable: true
                 properties:
@@ -122,12 +122,12 @@ spec:
                 type: object
               owner_grants:
                 description: owner_grants describes the access granted by owners to
-                  this access list.
+                  this Access List.
                 nullable: true
                 properties:
                   roles:
                     description: roles are the roles that are granted to users who
-                      are members of the access list.
+                      are members of the Access List.
                     items:
                       type: string
                     nullable: true
@@ -138,11 +138,11 @@ spec:
                         type: string
                       type: array
                     description: traits are the traits that are granted to users who
-                      are members of the access list.
+                      are members of the Access List.
                     type: object
                 type: object
               owners:
-                description: owners is a list of owners of the access list.
+                description: owners is a list of owners of the Access List.
                 items:
                   properties:
                     description:
@@ -161,7 +161,7 @@ spec:
                 type: array
               ownership_requires:
                 description: ownership_requires describes the requirements for a user
-                  to be an owner of the access list. For ownership of an access list
+                  to be an owner of the Access List. For ownership of an Access List
                   to be effective, the user must meet the requirements of ownership_requires
                   and must be in the owners list.
                 nullable: true
@@ -183,8 +183,8 @@ spec:
                     type: object
                 type: object
               title:
-                description: title is a plaintext short description of the access
-                  list.
+                description: title is a plaintext short description of the Access
+                  List.
                 type: string
             type: object
           status:
diff --git a/integrations/operator/config/crd/bases/resources.teleport.dev_oidcconnectors.yaml b/integrations/operator/config/crd/bases/resources.teleport.dev_oidcconnectors.yaml
index 10bbfed040a54..7175f92697fb5 100644
--- a/integrations/operator/config/crd/bases/resources.teleport.dev_oidcconnectors.yaml
+++ b/integrations/operator/config/crd/bases/resources.teleport.dev_oidcconnectors.yaml
@@ -65,7 +65,7 @@ spec:
                 type: array
               client_id:
                 description: ClientID is the id of the authentication client (Teleport
-                  Auth server).
+                  Auth Service).
                 type: string
               client_redirect_settings:
                 description: ClientRedirectSettings defines which client redirect
diff --git a/integrations/operator/config/crd/bases/resources.teleport.dev_provisiontokens.yaml b/integrations/operator/config/crd/bases/resources.teleport.dev_provisiontokens.yaml
index e5ce0efd65371..e0c410c0cfed7 100644
--- a/integrations/operator/config/crd/bases/resources.teleport.dev_provisiontokens.yaml
+++ b/integrations/operator/config/crd/bases/resources.teleport.dev_provisiontokens.yaml
@@ -70,8 +70,8 @@ spec:
                       type: array
                     aws_role:
                       description: AWSRole is used for the EC2 join method and is
-                        the ARN of the AWS role that the auth server will assume in
-                        order to call the ec2 API.
+                        the ARN of the AWS role that the Auth Service will assume
+                        in order to call the ec2 API.
                       type: string
                   type: object
                 nullable: true
@@ -192,7 +192,7 @@ spec:
                       against host.  This value should be the hostname of the GHES
                       instance, and should not include the scheme or a path. The instance
                       must be accessible over HTTPS at this hostname and the certificate
-                      must be trusted by the Auth Server.
+                      must be trusted by the Auth Service.
                     type: string
                   enterprise_slug:
                     description: EnterpriseSlug allows the slug of a GitHub Enterprise
diff --git a/integrations/operator/config/crd/bases/resources.teleport.dev_roles.yaml b/integrations/operator/config/crd/bases/resources.teleport.dev_roles.yaml
index 222f4e9ac3252..7ab8f4da5929f 100644
--- a/integrations/operator/config/crd/bases/resources.teleport.dev_roles.yaml
+++ b/integrations/operator/config/crd/bases/resources.teleport.dev_roles.yaml
@@ -298,7 +298,7 @@ spec:
                             type: string
                           type: array
                         description: Annotations is a collection of annotations to
-                          be programmatically appended to pending access requests
+                          be programmatically appended to pending Access Requests
                           at the time of their creation. These annotations serve as
                           a mechanism to propagate extra information to plugins.  Since
                           these annotations support variable interpolation syntax,
@@ -824,7 +824,7 @@ spec:
                             type: string
                           type: array
                         description: Annotations is a collection of annotations to
-                          be programmatically appended to pending access requests
+                          be programmatically appended to pending Access Requests
                           at the time of their creation. These annotations serve as
                           a mechanism to propagate extra information to plugins.  Since
                           these annotations support variable interpolation syntax,
@@ -1133,8 +1133,7 @@ spec:
                       created on a Windows desktop
                     type: boolean
                   create_host_user:
-                    description: CreateHostUser allows users to be automatically created
-                      on a host
+                    description: 'Deprecated: use CreateHostUserMode instead.'
                     type: boolean
                   create_host_user_default_shell:
                     description: CreateHostUserDefaultShell is used to configure the
@@ -1643,7 +1642,7 @@ spec:
                             type: string
                           type: array
                         description: Annotations is a collection of annotations to
-                          be programmatically appended to pending access requests
+                          be programmatically appended to pending Access Requests
                           at the time of their creation. These annotations serve as
                           a mechanism to propagate extra information to plugins.  Since
                           these annotations support variable interpolation syntax,
@@ -2169,7 +2168,7 @@ spec:
                             type: string
                           type: array
                         description: Annotations is a collection of annotations to
-                          be programmatically appended to pending access requests
+                          be programmatically appended to pending Access Requests
                           at the time of their creation. These annotations serve as
                           a mechanism to propagate extra information to plugins.  Since
                           these annotations support variable interpolation syntax,
@@ -2478,8 +2477,7 @@ spec:
                       created on a Windows desktop
                     type: boolean
                   create_host_user:
-                    description: CreateHostUser allows users to be automatically created
-                      on a host
+                    description: 'Deprecated: use CreateHostUserMode instead.'
                     type: boolean
                   create_host_user_default_shell:
                     description: CreateHostUserDefaultShell is used to configure the
diff --git a/integrations/operator/config/crd/bases/resources.teleport.dev_rolesv6.yaml b/integrations/operator/config/crd/bases/resources.teleport.dev_rolesv6.yaml
index 44d132767d77f..a0d50c80bec2e 100644
--- a/integrations/operator/config/crd/bases/resources.teleport.dev_rolesv6.yaml
+++ b/integrations/operator/config/crd/bases/resources.teleport.dev_rolesv6.yaml
@@ -301,7 +301,7 @@ spec:
                             type: string
                           type: array
                         description: Annotations is a collection of annotations to
-                          be programmatically appended to pending access requests
+                          be programmatically appended to pending Access Requests
                           at the time of their creation. These annotations serve as
                           a mechanism to propagate extra information to plugins.  Since
                           these annotations support variable interpolation syntax,
@@ -827,7 +827,7 @@ spec:
                             type: string
                           type: array
                         description: Annotations is a collection of annotations to
-                          be programmatically appended to pending access requests
+                          be programmatically appended to pending Access Requests
                           at the time of their creation. These annotations serve as
                           a mechanism to propagate extra information to plugins.  Since
                           these annotations support variable interpolation syntax,
@@ -1136,8 +1136,7 @@ spec:
                       created on a Windows desktop
                     type: boolean
                   create_host_user:
-                    description: CreateHostUser allows users to be automatically created
-                      on a host
+                    description: 'Deprecated: use CreateHostUserMode instead.'
                     type: boolean
                   create_host_user_default_shell:
                     description: CreateHostUserDefaultShell is used to configure the
diff --git a/integrations/operator/config/crd/bases/resources.teleport.dev_rolesv7.yaml b/integrations/operator/config/crd/bases/resources.teleport.dev_rolesv7.yaml
index c9a1131acd073..ebf0a0a486337 100644
--- a/integrations/operator/config/crd/bases/resources.teleport.dev_rolesv7.yaml
+++ b/integrations/operator/config/crd/bases/resources.teleport.dev_rolesv7.yaml
@@ -301,7 +301,7 @@ spec:
                             type: string
                           type: array
                         description: Annotations is a collection of annotations to
-                          be programmatically appended to pending access requests
+                          be programmatically appended to pending Access Requests
                           at the time of their creation. These annotations serve as
                           a mechanism to propagate extra information to plugins.  Since
                           these annotations support variable interpolation syntax,
@@ -827,7 +827,7 @@ spec:
                             type: string
                           type: array
                         description: Annotations is a collection of annotations to
-                          be programmatically appended to pending access requests
+                          be programmatically appended to pending Access Requests
                           at the time of their creation. These annotations serve as
                           a mechanism to propagate extra information to plugins.  Since
                           these annotations support variable interpolation syntax,
@@ -1136,8 +1136,7 @@ spec:
                       created on a Windows desktop
                     type: boolean
                   create_host_user:
-                    description: CreateHostUser allows users to be automatically created
-                      on a host
+                    description: 'Deprecated: use CreateHostUserMode instead.'
                     type: boolean
                   create_host_user_default_shell:
                     description: CreateHostUserDefaultShell is used to configure the
diff --git a/integrations/operator/crdgen/testdata/golden/resources.teleport.dev_accesslists.yaml b/integrations/operator/crdgen/testdata/golden/resources.teleport.dev_accesslists.yaml
index f73fc63729992..60c0a57843c12 100644
--- a/integrations/operator/crdgen/testdata/golden/resources.teleport.dev_accesslists.yaml
+++ b/integrations/operator/crdgen/testdata/golden/resources.teleport.dev_accesslists.yaml
@@ -36,7 +36,7 @@ spec:
             description: AccessList resource definition v1 from Teleport
             properties:
               audit:
-                description: audit describes the frequency that this access list must
+                description: audit describes the frequency that this Access List must
                   be audited.
                 nullable: true
                 properties:
@@ -74,16 +74,16 @@ spec:
                 type: object
               description:
                 description: description is an optional plaintext description of the
-                  access list.
+                  Access List.
                 type: string
               grants:
                 description: grants describes the access granted by membership to
-                  this access list.
+                  this Access List.
                 nullable: true
                 properties:
                   roles:
                     description: roles are the roles that are granted to users who
-                      are members of the access list.
+                      are members of the Access List.
                     items:
                       type: string
                     nullable: true
@@ -94,13 +94,13 @@ spec:
                         type: string
                       type: array
                     description: traits are the traits that are granted to users who
-                      are members of the access list.
+                      are members of the Access List.
                     type: object
                 type: object
               membership_requires:
                 description: membership_requires describes the requirements for a
-                  user to be a member of the access list. For a membership to an access
-                  list to be effective, the user must meet the requirements of Membership_requires
+                  user to be a member of the Access List. For a membership to an Access
+                  List to be effective, the user must meet the requirements of Membership_requires
                   and must be in the members list.
                 nullable: true
                 properties:
@@ -122,12 +122,12 @@ spec:
                 type: object
               owner_grants:
                 description: owner_grants describes the access granted by owners to
-                  this access list.
+                  this Access List.
                 nullable: true
                 properties:
                   roles:
                     description: roles are the roles that are granted to users who
-                      are members of the access list.
+                      are members of the Access List.
                     items:
                       type: string
                     nullable: true
@@ -138,11 +138,11 @@ spec:
                         type: string
                       type: array
                     description: traits are the traits that are granted to users who
-                      are members of the access list.
+                      are members of the Access List.
                     type: object
                 type: object
               owners:
-                description: owners is a list of owners of the access list.
+                description: owners is a list of owners of the Access List.
                 items:
                   properties:
                     description:
@@ -161,7 +161,7 @@ spec:
                 type: array
               ownership_requires:
                 description: ownership_requires describes the requirements for a user
-                  to be an owner of the access list. For ownership of an access list
+                  to be an owner of the Access List. For ownership of an Access List
                   to be effective, the user must meet the requirements of ownership_requires
                   and must be in the owners list.
                 nullable: true
@@ -183,8 +183,8 @@ spec:
                     type: object
                 type: object
               title:
-                description: title is a plaintext short description of the access
-                  list.
+                description: title is a plaintext short description of the Access
+                  List.
                 type: string
             type: object
           status:
diff --git a/integrations/operator/crdgen/testdata/protofiles/teleport/accesslist/v1/accesslist.proto b/integrations/operator/crdgen/testdata/protofiles/teleport/accesslist/v1/accesslist.proto
index fabe0525bab0f..b83034160a9e7 100644
--- a/integrations/operator/crdgen/testdata/protofiles/teleport/accesslist/v1/accesslist.proto
+++ b/integrations/operator/crdgen/testdata/protofiles/teleport/accesslist/v1/accesslist.proto
@@ -30,50 +30,50 @@ message AccessList {
   // header is the header for the resource.
   teleport.header.v1.ResourceHeader header = 1;
 
-  // spec is the specification for the access list.
+  // spec is the specification for the Access List.
   AccessListSpec spec = 2;
 
   // status contains dynamically calculated fields.
   AccessListStatus status = 3;
 }
 
-// AccessListSpec is the specification for an access list.
+// AccessListSpec is the specification for an Access List.
 message AccessListSpec {
   reserved 7, 9, 10;
   reserved "members", "membership", "ownership";
 
-  // description is an optional plaintext description of the access list.
+  // description is an optional plaintext description of the Access List.
   string description = 1;
 
-  // owners is a list of owners of the access list.
+  // owners is a list of owners of the Access List.
   repeated AccessListOwner owners = 2;
 
-  // audit describes the frequency that this access list must be audited.
+  // audit describes the frequency that this Access List must be audited.
   AccessListAudit audit = 3;
 
   // membership_requires describes the requirements for a user to be a member of
-  // the access list. For a membership to an access list to be effective, the
+  // the Access List. For a membership to an Access List to be effective, the
   // user must meet the requirements of Membership_requires and must be in the
   // members list.
   AccessListRequires membership_requires = 4;
 
   // ownership_requires describes the requirements for a user to be an owner of
-  // the access list. For ownership of an access list to be effective, the user
+  // the Access List. For ownership of an Access List to be effective, the user
   // must meet the requirements of ownership_requires and must be in the owners
   // list.
   AccessListRequires ownership_requires = 5;
 
-  // grants describes the access granted by membership to this access list.
+  // grants describes the access granted by membership to this Access List.
   AccessListGrants grants = 6;
 
-  // title is a plaintext short description of the access list.
+  // title is a plaintext short description of the Access List.
   string title = 8;
 
-  // owner_grants describes the access granted by owners to this access list.
+  // owner_grants describes the access granted by owners to this Access List.
   AccessListGrants owner_grants = 11;
 }
 
-// AccessListOwner is an owner of an access list.
+// AccessListOwner is an owner of an Access List.
 message AccessListOwner {
   // name is the username of the owner.
   string name = 1;
@@ -87,7 +87,7 @@ message AccessListOwner {
   IneligibleStatus ineligible_status = 3;
 }
 
-// AccessListAudit describes the audit configuration for an access list.
+// AccessListAudit describes the audit configuration for an Access List.
 message AccessListAudit {
   reserved 1;
   reserved "frequency";
@@ -139,7 +139,7 @@ message Notifications {
   google.protobuf.Duration start = 1;
 }
 
-// AccessListRequires describes a requirement section for an access list. A user
+// AccessListRequires describes a requirement section for an Access List. A user
 // must meet the following criteria to obtain the specific access to the list.
 message AccessListRequires {
   // roles are the user roles that must be present for the user to obtain
@@ -150,48 +150,48 @@ message AccessListRequires {
   repeated teleport.trait.v1.Trait traits = 2;
 }
 
-// AccessListGrants describes what access is granted by membership to the access
-// list.
+// AccessListGrants describes what access is granted by membership to the Access
+// List.
 message AccessListGrants {
-  // roles are the roles that are granted to users who are members of the access
-  // list.
+  // roles are the roles that are granted to users who are members of the Access
+  // List.
   repeated string roles = 1;
 
   // traits are the traits that are granted to users who are members of the
-  // access list.
+  // Access List.
   repeated teleport.trait.v1.Trait traits = 2;
 }
 
-// Member describes a member of an access list.
+// Member describes a member of an Access List.
 message Member {
   // header is the header for the resource.
   teleport.header.v1.ResourceHeader header = 1;
 
-  // spec is the specification for the access list member.
+  // spec is the specification for the Access List member.
   MemberSpec spec = 2;
 }
 
-// MemberSpec is the specification for an access list member.
+// MemberSpec is the specification for an Access List member.
 message MemberSpec {
   reserved 8;
   reserved "membership";
 
-  // associated access list
+  // associated Access List
   string access_list = 1;
 
-  // name is the name of the member of the access list.
+  // name is the name of the member of the Access List.
   string name = 2;
 
-  // joined is when the user joined the access list.
+  // joined is when the user joined the Access List.
   google.protobuf.Timestamp joined = 3;
 
-  // expires is when the user's membership to the access list expires.
+  // expires is when the user's membership to the Access List expires.
   google.protobuf.Timestamp expires = 4;
 
-  // reason is the reason this user was added to the access list.
+  // reason is the reason this user was added to the Access List.
   string reason = 5;
 
-  // added_by is the user that added this user to the access list.
+  // added_by is the user that added this user to the Access List.
   string added_by = 6;
 
   // ineligible_status describes if this member is eligible or not
@@ -217,18 +217,18 @@ enum IneligibleStatus {
   INELIGIBLE_STATUS_EXPIRED = 4;
 }
 
-// Review is a review of an access list.
+// Review is a review of an Access List.
 message Review {
   // header is the header for the resource.
   teleport.header.v1.ResourceHeader header = 1;
 
-  // spec is the specification for the access list review.
+  // spec is the specification for the Access List review.
   ReviewSpec spec = 2;
 }
 
-// ReviewSpec is the specification for an access list review.
+// ReviewSpec is the specification for an Access List review.
 message ReviewSpec {
-  // access_list is the name of the access list that this review is for.
+  // access_list is the name of the Access List that this review is for.
   string access_list = 1;
 
   // reviewers are the users who performed the review.
@@ -268,6 +268,6 @@ message ReviewChanges {
 
 // AccessListStatus contains dynamic fields calculated during retrieval.
 message AccessListStatus {
-  // member_count is the number of members in the in the access list.
+  // member_count is the number of members in the in the Access List.
   optional uint32 member_count = 1;
 }
diff --git a/integrations/terraform/Makefile b/integrations/terraform/Makefile
index be736c2d1c7d0..fd695fa37f8bf 100644
--- a/integrations/terraform/Makefile
+++ b/integrations/terraform/Makefile
@@ -46,7 +46,7 @@ $(BUILDDIR)/terraform-provider-teleport_%: terraform-provider-teleport-v$(VERSIO
 
 CUSTOM_IMPORTS_TMP_DIR ?= /tmp/protoc-gen-terraform/custom-imports
 # This version must match the version installed by .github/workflows/lint.yaml
-PROTOC_GEN_TERRAFORM_VERSION ?= v2.2.0
+PROTOC_GEN_TERRAFORM_VERSION ?= v3.0.0
 PROTOC_GEN_TERRAFORM_EXISTS := $(shell protoc-gen-terraform version 2>&1 >/dev/null | grep 'protoc-gen-terraform $(PROTOC_GEN_TERRAFORM_VERSION)')
 
 .PHONY: gen-tfschema
diff --git a/integrations/terraform/examples/resources/teleport_app/resource.tf b/integrations/terraform/examples/resources/teleport_app/resource.tf
index 95fee7c7f6106..92cfd8b7fdc60 100644
--- a/integrations/terraform/examples/resources/teleport_app/resource.tf
+++ b/integrations/terraform/examples/resources/teleport_app/resource.tf
@@ -1,6 +1,7 @@
 # Teleport App
 
 resource "teleport_app" "example" {
+  version = "v3"
   metadata = {
     name        = "example"
     description = "Test app"
@@ -12,4 +13,4 @@ resource "teleport_app" "example" {
   spec = {
     uri = "localhost:3000"
   }
-}
\ No newline at end of file
+}
diff --git a/integrations/terraform/examples/resources/teleport_auth_preference/resource.tf b/integrations/terraform/examples/resources/teleport_auth_preference/resource.tf
index e3430eb6e8e9f..4135f5ac33990 100644
--- a/integrations/terraform/examples/resources/teleport_auth_preference/resource.tf
+++ b/integrations/terraform/examples/resources/teleport_auth_preference/resource.tf
@@ -1,6 +1,7 @@
 # AuthPreference resource
 
 resource "teleport_auth_preference" "example" {
+  version = "v2"
   metadata = {
     description = "Auth preference"
     labels = {
diff --git a/integrations/terraform/examples/resources/teleport_cluster_maintenance_config/resource.tf b/integrations/terraform/examples/resources/teleport_cluster_maintenance_config/resource.tf
index 188ebb79e9b39..4e0b1084e57fc 100644
--- a/integrations/terraform/examples/resources/teleport_cluster_maintenance_config/resource.tf
+++ b/integrations/terraform/examples/resources/teleport_cluster_maintenance_config/resource.tf
@@ -1,6 +1,7 @@
 # Teleport Cluster Networking config
 
 resource "teleport_cluster_maintenance_config" "example" {
+  version = "v1"
   metadata = {
     description = "Maintenance config"
   }
diff --git a/integrations/terraform/examples/resources/teleport_cluster_networking_config/resource.tf b/integrations/terraform/examples/resources/teleport_cluster_networking_config/resource.tf
index 1dbddbe058f20..ac65550a97df6 100644
--- a/integrations/terraform/examples/resources/teleport_cluster_networking_config/resource.tf
+++ b/integrations/terraform/examples/resources/teleport_cluster_networking_config/resource.tf
@@ -1,6 +1,7 @@
 # Teleport Cluster Networking config
 
 resource "teleport_cluster_networking_config" "example" {
+  version = "v2"
   metadata = {
     description = "Networking config"
     labels = {
@@ -12,4 +13,4 @@ resource "teleport_cluster_networking_config" "example" {
   spec = {
     client_idle_timeout = "1h"
   }
-}
\ No newline at end of file
+}
diff --git a/integrations/terraform/examples/resources/teleport_database/resource.tf b/integrations/terraform/examples/resources/teleport_database/resource.tf
index 816edf69c5b03..b1373bbe44bae 100644
--- a/integrations/terraform/examples/resources/teleport_database/resource.tf
+++ b/integrations/terraform/examples/resources/teleport_database/resource.tf
@@ -1,6 +1,7 @@
 # Teleport Database
 
 resource "teleport_database" "example" {
+  version = "v3"
   metadata = {
     name        = "example"
     description = "Test database"
@@ -13,4 +14,4 @@ resource "teleport_database" "example" {
     protocol = "postgres"
     uri      = "localhost"
   }
-}
\ No newline at end of file
+}
diff --git a/integrations/terraform/examples/resources/teleport_github_connector/resource.tf b/integrations/terraform/examples/resources/teleport_github_connector/resource.tf
index b5c612860baac..627683ed100c3 100644
--- a/integrations/terraform/examples/resources/teleport_github_connector/resource.tf
+++ b/integrations/terraform/examples/resources/teleport_github_connector/resource.tf
@@ -3,6 +3,7 @@
 variable "github_secret" {}
 
 resource "teleport_github_connector" "github" {
+  version = "v3"
   # This section tells Terraform that role example must be created before the GitHub connector
   depends_on = [
     teleport_role.example
diff --git a/integrations/terraform/examples/resources/teleport_oidc_connector/resource.tf b/integrations/terraform/examples/resources/teleport_oidc_connector/resource.tf
index 0aa2b0d4aebfc..39821186025b4 100644
--- a/integrations/terraform/examples/resources/teleport_oidc_connector/resource.tf
+++ b/integrations/terraform/examples/resources/teleport_oidc_connector/resource.tf
@@ -5,6 +5,7 @@
 variable "oidc_secret" {}
 
 resource "teleport_oidc_connector" "example" {
+  version = "v3"
   metadata = {
     name = "example"
     labels = {
diff --git a/integrations/terraform/examples/resources/teleport_role/resource.tf b/integrations/terraform/examples/resources/teleport_role/resource.tf
index 175df0ee32c3a..c5ac6c920e5d9 100644
--- a/integrations/terraform/examples/resources/teleport_role/resource.tf
+++ b/integrations/terraform/examples/resources/teleport_role/resource.tf
@@ -1,6 +1,7 @@
 # Teleport Role resource
 
 resource "teleport_role" "example" {
+  version = "v7"
   metadata = {
     name        = "example"
     description = "Example Teleport Role"
@@ -47,4 +48,4 @@ resource "teleport_role" "example" {
       logins = ["anonymous"]
     }
   }
-}
\ No newline at end of file
+}
diff --git a/integrations/terraform/examples/resources/teleport_saml_connector/resource.tf b/integrations/terraform/examples/resources/teleport_saml_connector/resource.tf
index 7d8bd2512f978..6b76d50b2339d 100644
--- a/integrations/terraform/examples/resources/teleport_saml_connector/resource.tf
+++ b/integrations/terraform/examples/resources/teleport_saml_connector/resource.tf
@@ -3,6 +3,7 @@
 # Please note that the SAML connector will work in Teleport Enterprise only.
 
 resource "teleport_saml_connector" "example" {
+  version = "v2"
   # This block will tell Terraform to never update private key from our side if a keys are managed 
   # from an outside of Terraform.
 
diff --git a/integrations/terraform/examples/resources/teleport_session_recording_config/resource.tf b/integrations/terraform/examples/resources/teleport_session_recording_config/resource.tf
index 2bfea90774ada..c095c498a1d2a 100644
--- a/integrations/terraform/examples/resources/teleport_session_recording_config/resource.tf
+++ b/integrations/terraform/examples/resources/teleport_session_recording_config/resource.tf
@@ -1,6 +1,7 @@
 # Teleport session recording config
 
 resource "teleport_session_recording_config" "example" {
+  version = "v2"
   metadata = {
     description = "Session recording config"
     labels = {
@@ -12,4 +13,4 @@ resource "teleport_session_recording_config" "example" {
   spec = {
     proxy_checks_host_keys = true
   }
-}
\ No newline at end of file
+}
diff --git a/integrations/terraform/examples/resources/teleport_user/resource.tf b/integrations/terraform/examples/resources/teleport_user/resource.tf
index a8084960807c1..c7acb7098fb52 100644
--- a/integrations/terraform/examples/resources/teleport_user/resource.tf
+++ b/integrations/terraform/examples/resources/teleport_user/resource.tf
@@ -1,6 +1,7 @@
 # Teleport User resource
 
 resource "teleport_user" "example" {
+  version = "v2"
   # Tells Terraform that the role could not be destroyed while this user exists
   depends_on = [
     teleport_role.example
@@ -40,4 +41,4 @@ resource "teleport_user" "example" {
       username     = "example"
     }]
   }
-}
\ No newline at end of file
+}
diff --git a/integrations/terraform/protoc-gen-terraform-accesslist.yaml b/integrations/terraform/protoc-gen-terraform-accesslist.yaml
index 60196357c103d..7f4cc2094530f 100644
--- a/integrations/terraform/protoc-gen-terraform-accesslist.yaml
+++ b/integrations/terraform/protoc-gen-terraform-accesslist.yaml
@@ -17,6 +17,7 @@ import_path_overrides:
     "timestamppb": "google.golang.org/protobuf/types/known/timestamppb"
     "v1": "github.com/gravitational/teleport/api/gen/proto/go/teleport/header/v1"
     "v11": "github.com/gravitational/teleport/api/gen/proto/go/teleport/trait/v1"
+    "github_com_gravitational_teleport_integrations_terraform_tfschema": "github.com/gravitational/teleport/integrations/terraform/tfschema"
 
 # id field is required for integration tests. It is not used by provider.
 # We have to add it manually (might be removed in the future versions).
diff --git a/integrations/terraform/protoc-gen-terraform-accessmonitoringrules.yaml b/integrations/terraform/protoc-gen-terraform-accessmonitoringrules.yaml
index 5fa62cbd3e473..dee4e2fe6063d 100644
--- a/integrations/terraform/protoc-gen-terraform-accessmonitoringrules.yaml
+++ b/integrations/terraform/protoc-gen-terraform-accessmonitoringrules.yaml
@@ -16,6 +16,7 @@ import_path_overrides:
     "durationpb": "google.golang.org/protobuf/types/known/durationpb"
     "timestamppb": "google.golang.org/protobuf/types/known/timestamppb"
     "v1": "github.com/gravitational/teleport/api/gen/proto/go/teleport/header/v1"
+    "github_com_gravitational_teleport_integrations_terraform_tfschema": "github.com/gravitational/teleport/integrations/terraform/tfschema"
 
 # id field is required for integration tests. It is not used by provider.
 # We have to add it manually (might be removed in the future versions).
diff --git a/integrations/terraform/protoc-gen-terraform-statichostuser.yaml b/integrations/terraform/protoc-gen-terraform-statichostuser.yaml
index f2e2330394307..43692ff0296ef 100644
--- a/integrations/terraform/protoc-gen-terraform-statichostuser.yaml
+++ b/integrations/terraform/protoc-gen-terraform-statichostuser.yaml
@@ -17,6 +17,7 @@ import_path_overrides:
     "timestamppb": "google.golang.org/protobuf/types/known/timestamppb"
     "v1": "github.com/gravitational/teleport/api/gen/proto/go/teleport/header/v1"
     "v11": "github.com/gravitational/teleport/api/gen/proto/go/teleport/label/v1"
+    "github_com_gravitational_teleport_integrations_terraform_tfschema": "github.com/gravitational/teleport/integrations/terraform/tfschema"
 
 
 # id field is required for integration tests. It is not used by provider.
@@ -69,4 +70,4 @@ validators:
     - github_com_gravitational_teleport_integrations_terraform_tfschema.MustTimeBeInFuture()
 
 custom_types:
-  "StaticHostUser.metadata.expires": Timestamp
\ No newline at end of file
+  "StaticHostUser.metadata.expires": Timestamp
diff --git a/integrations/terraform/provider/resource_teleport_bot.go b/integrations/terraform/provider/resource_teleport_bot.go
index 9e125a07f47cd..640e513af1211 100644
--- a/integrations/terraform/provider/resource_teleport_bot.go
+++ b/integrations/terraform/provider/resource_teleport_bot.go
@@ -89,7 +89,7 @@ func GenSchemaBot(ctx context.Context) (tfsdk.Schema, diag.Diagnostics) {
 			// Implementation note: This needs RequiresReplace() to handle
 			// updates properly but we aren't able to attach plan modifiers to
 			// fields from schema methods here. See ModifyPlan below.
-			"traits": tfschema.GenSchemaTraits(ctx),
+			"traits": tfschema.GenSchemaTraits(ctx, tfsdk.Attribute{}),
 		},
 	}, nil
 }
diff --git a/integrations/terraform/tfschema/accesslist/v1/accesslist_terraform.go b/integrations/terraform/tfschema/accesslist/v1/accesslist_terraform.go
index 8683faf239d31..ef0bd9464ef7a 100644
--- a/integrations/terraform/tfschema/accesslist/v1/accesslist_terraform.go
+++ b/integrations/terraform/tfschema/accesslist/v1/accesslist_terraform.go
@@ -29,6 +29,7 @@ import (
 	github_com_gravitational_teleport_api_gen_proto_go_teleport_header_v1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/header/v1"
 	_ "github.com/gravitational/teleport/api/gen/proto/go/teleport/trait/v1"
 	github_com_gravitational_teleport_api_gen_proto_go_teleport_trait_v1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/trait/v1"
+	github_com_gravitational_teleport_integrations_terraform_tfschema "github.com/gravitational/teleport/integrations/terraform/tfschema"
 	github_com_hashicorp_terraform_plugin_framework_attr "github.com/hashicorp/terraform-plugin-framework/attr"
 	github_com_hashicorp_terraform_plugin_framework_diag "github.com/hashicorp/terraform-plugin-framework/diag"
 	github_com_hashicorp_terraform_plugin_framework_tfsdk "github.com/hashicorp/terraform-plugin-framework/tfsdk"
@@ -60,7 +61,11 @@ func GenSchemaAccessList(ctx context.Context) (github_com_hashicorp_terraform_pl
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 						},
-						"expires": GenSchemaTimestamp(ctx),
+						"expires": GenSchemaTimestamp(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "expires is a global expiry time header can be set on any resource in the system.",
+							Optional:    true,
+							Validators:  []github_com_hashicorp_terraform_plugin_framework_tfsdk.AttributeValidator{github_com_gravitational_teleport_integrations_terraform_tfschema.MustTimeBeInFuture()},
+						}),
 						"labels": {
 							Description: "labels is a set of labels.",
 							Optional:    true,
@@ -113,9 +118,17 @@ func GenSchemaAccessList(ctx context.Context) (github_com_hashicorp_terraform_pl
 			Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
 				"audit": {
 					Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
-						"next_audit_date": GenSchemaTimestamp(ctx),
+						"next_audit_date": GenSchemaTimestamp(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Computed:      true,
+							Description:   "next_audit_date is when the next audit date should be done by.",
+							Optional:      true,
+							PlanModifiers: []github_com_hashicorp_terraform_plugin_framework_tfsdk.AttributePlanModifier{github_com_hashicorp_terraform_plugin_framework_tfsdk.UseStateForUnknown()},
+						}),
 						"notifications": {
-							Attributes:  github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{"start": GenSchemaDuration(ctx)}),
+							Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{"start": GenSchemaDuration(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+								Description: "start specifies when to start notifying users that the next audit date is coming up.",
+								Optional:    true,
+							})}),
 							Description: "notifications is the configuration for notifying users.",
 							Optional:    true,
 						},
@@ -136,18 +149,18 @@ func GenSchemaAccessList(ctx context.Context) (github_com_hashicorp_terraform_pl
 							Required:    true,
 						},
 					}),
-					Description: "audit describes the frequency that this access list must be audited.",
+					Description: "audit describes the frequency that this Access List must be audited.",
 					Required:    true,
 				},
 				"description": {
-					Description: "description is an optional plaintext description of the access list.",
+					Description: "description is an optional plaintext description of the Access List.",
 					Optional:    true,
 					Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 				},
 				"grants": {
 					Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
 						"roles": {
-							Description: "roles are the roles that are granted to users who are members of the access list.",
+							Description: "roles are the roles that are granted to users who are members of the Access List.",
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 						},
@@ -164,11 +177,11 @@ func GenSchemaAccessList(ctx context.Context) (github_com_hashicorp_terraform_pl
 									Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 								},
 							}),
-							Description: "traits are the traits that are granted to users who are members of the access list.",
+							Description: "traits are the traits that are granted to users who are members of the Access List.",
 							Optional:    true,
 						},
 					}),
-					Description: "grants describes the access granted by membership to this access list.",
+					Description: "grants describes the access granted by membership to this Access List.",
 					Required:    true,
 				},
 				"membership_requires": {
@@ -195,13 +208,13 @@ func GenSchemaAccessList(ctx context.Context) (github_com_hashicorp_terraform_pl
 							Optional:    true,
 						},
 					}),
-					Description: "membership_requires describes the requirements for a user to be a member of the access list. For a membership to an access list to be effective, the user must meet the requirements of Membership_requires and must be in the members list.",
+					Description: "membership_requires describes the requirements for a user to be a member of the Access List. For a membership to an Access List to be effective, the user must meet the requirements of Membership_requires and must be in the members list.",
 					Optional:    true,
 				},
 				"owner_grants": {
 					Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
 						"roles": {
-							Description: "roles are the roles that are granted to users who are members of the access list.",
+							Description: "roles are the roles that are granted to users who are members of the Access List.",
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 						},
@@ -218,11 +231,11 @@ func GenSchemaAccessList(ctx context.Context) (github_com_hashicorp_terraform_pl
 									Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 								},
 							}),
-							Description: "traits are the traits that are granted to users who are members of the access list.",
+							Description: "traits are the traits that are granted to users who are members of the Access List.",
 							Optional:    true,
 						},
 					}),
-					Description: "owner_grants describes the access granted by owners to this access list.",
+					Description: "owner_grants describes the access granted by owners to this Access List.",
 					Optional:    true,
 				},
 				"owners": {
@@ -238,7 +251,7 @@ func GenSchemaAccessList(ctx context.Context) (github_com_hashicorp_terraform_pl
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 						},
 					}),
-					Description: "owners is a list of owners of the access list.",
+					Description: "owners is a list of owners of the Access List.",
 					Required:    true,
 				},
 				"ownership_requires": {
@@ -265,16 +278,16 @@ func GenSchemaAccessList(ctx context.Context) (github_com_hashicorp_terraform_pl
 							Optional:    true,
 						},
 					}),
-					Description: "ownership_requires describes the requirements for a user to be an owner of the access list. For ownership of an access list to be effective, the user must meet the requirements of ownership_requires and must be in the owners list.",
+					Description: "ownership_requires describes the requirements for a user to be an owner of the Access List. For ownership of an Access List to be effective, the user must meet the requirements of ownership_requires and must be in the owners list.",
 					Optional:    true,
 				},
 				"title": {
-					Description: "title is a plaintext short description of the access list.",
+					Description: "title is a plaintext short description of the Access List.",
 					Optional:    true,
 					Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 				},
 			}),
-			Description: "spec is the specification for the access list.",
+			Description: "spec is the specification for the Access List.",
 			Optional:    true,
 		},
 	}}, nil
diff --git a/integrations/terraform/tfschema/accessmonitoringrules/v1/access_monitoring_rules_terraform.go b/integrations/terraform/tfschema/accessmonitoringrules/v1/access_monitoring_rules_terraform.go
index 3475cce7e39cf..d39013ed90e70 100644
--- a/integrations/terraform/tfschema/accessmonitoringrules/v1/access_monitoring_rules_terraform.go
+++ b/integrations/terraform/tfschema/accessmonitoringrules/v1/access_monitoring_rules_terraform.go
@@ -27,6 +27,7 @@ import (
 	github_com_gravitational_teleport_api_gen_proto_go_teleport_accessmonitoringrules_v1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/accessmonitoringrules/v1"
 	_ "github.com/gravitational/teleport/api/gen/proto/go/teleport/header/v1"
 	github_com_gravitational_teleport_api_gen_proto_go_teleport_header_v1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/header/v1"
+	github_com_gravitational_teleport_integrations_terraform_tfschema "github.com/gravitational/teleport/integrations/terraform/tfschema"
 	github_com_hashicorp_terraform_plugin_framework_attr "github.com/hashicorp/terraform-plugin-framework/attr"
 	github_com_hashicorp_terraform_plugin_framework_diag "github.com/hashicorp/terraform-plugin-framework/diag"
 	github_com_hashicorp_terraform_plugin_framework_tfsdk "github.com/hashicorp/terraform-plugin-framework/tfsdk"
@@ -63,7 +64,11 @@ func GenSchemaAccessMonitoringRule(ctx context.Context) (github_com_hashicorp_te
 					Optional:    true,
 					Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 				},
-				"expires": GenSchemaTimestamp(ctx),
+				"expires": GenSchemaTimestamp(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+					Description: "expires is a global expiry time header can be set on any resource in the system.",
+					Optional:    true,
+					Validators:  []github_com_hashicorp_terraform_plugin_framework_tfsdk.AttributeValidator{github_com_gravitational_teleport_integrations_terraform_tfschema.MustTimeBeInFuture()},
+				}),
 				"labels": {
 					Description: "labels is a set of labels.",
 					Optional:    true,
diff --git a/integrations/terraform/tfschema/custom_types.go b/integrations/terraform/tfschema/custom_types.go
index 794b06773867d..c6baa4d8515b5 100644
--- a/integrations/terraform/tfschema/custom_types.go
+++ b/integrations/terraform/tfschema/custom_types.go
@@ -31,15 +31,16 @@ import (
 )
 
 // GenSchemaBoolOptions returns Terraform schema for BoolOption type
-func GenSchemaBoolOption(_ context.Context) tfsdk.Attribute {
+func GenSchemaBoolOption(_ context.Context, attr tfsdk.Attribute) tfsdk.Attribute {
 	return tfsdk.Attribute{
-		Optional: true,
-		Type:     types.BoolType,
+		Optional:    true,
+		Type:        types.BoolType,
+		Description: attr.Description,
 	}
 }
 
 // GenSchemaBoolOptions returns Terraform schema for Traits type
-func GenSchemaTraits(_ context.Context) tfsdk.Attribute {
+func GenSchemaTraits(_ context.Context, attr tfsdk.Attribute) tfsdk.Attribute {
 	return tfsdk.Attribute{
 		Optional: true,
 		Type: types.MapType{
@@ -47,12 +48,13 @@ func GenSchemaTraits(_ context.Context) tfsdk.Attribute {
 				ElemType: types.StringType,
 			},
 		},
+		Description: attr.Description,
 	}
 }
 
 // GenSchemaBoolOptions returns Terraform schema for Labels type
-func GenSchemaLabels(ctx context.Context) tfsdk.Attribute {
-	return GenSchemaTraits(ctx)
+func GenSchemaLabels(ctx context.Context, attr tfsdk.Attribute) tfsdk.Attribute {
+	return GenSchemaTraits(ctx, attr)
 }
 
 func CopyFromBoolOption(diags diag.Diagnostics, tf attr.Value, o **apitypes.BoolOption) {
@@ -196,12 +198,13 @@ func CopyToTraits(diags diag.Diagnostics, o wrappers.Traits, t attr.Type, v attr
 }
 
 // GenSchemaStrings returns Terraform schema for Strings type
-func GenSchemaStrings(_ context.Context) tfsdk.Attribute {
+func GenSchemaStrings(_ context.Context, attr tfsdk.Attribute) tfsdk.Attribute {
 	return tfsdk.Attribute{
 		Optional: true,
 		Type: types.ListType{
 			ElemType: types.StringType,
 		},
+		Description: attr.Description,
 	}
 }
 
diff --git a/integrations/terraform/tfschema/resource153/custom_types.go b/integrations/terraform/tfschema/resource153/custom_types.go
index cc717e01f71e9..ba247900392a9 100644
--- a/integrations/terraform/tfschema/resource153/custom_types.go
+++ b/integrations/terraform/tfschema/resource153/custom_types.go
@@ -29,10 +29,11 @@ import (
 	"github.com/gravitational/teleport/integrations/terraform/tfschema"
 )
 
-func GenSchemaTimestamp(_ context.Context) tfsdk.Attribute {
+func GenSchemaTimestamp(_ context.Context, attr tfsdk.Attribute) tfsdk.Attribute {
 	return tfsdk.Attribute{
-		Optional: true,
-		Type:     tfschema.UseRFC3339Time(),
+		Optional:    true,
+		Type:        tfschema.UseRFC3339Time(),
+		Description: attr.Description,
 	}
 }
 
@@ -66,10 +67,11 @@ func CopyToTimestamp(diags diag.Diagnostics, o *timestamppb.Timestamp, t attr.Ty
 	return value
 }
 
-func GenSchemaDuration(_ context.Context) tfsdk.Attribute {
+func GenSchemaDuration(_ context.Context, attr tfsdk.Attribute) tfsdk.Attribute {
 	return tfsdk.Attribute{
-		Optional: true,
-		Type:     tfschema.DurationType{},
+		Optional:    true,
+		Type:        tfschema.DurationType{},
+		Description: attr.Description,
 	}
 }
 
diff --git a/integrations/terraform/tfschema/token/custom_types.go b/integrations/terraform/tfschema/token/custom_types.go
index cc8ab839276b2..ea6da6cd0a60c 100644
--- a/integrations/terraform/tfschema/token/custom_types.go
+++ b/integrations/terraform/tfschema/token/custom_types.go
@@ -31,15 +31,16 @@ import (
 )
 
 // GenSchemaLabels returns Terraform schema for Labels type
-func GenSchemaLabels(ctx context.Context) tfsdk.Attribute {
-	return tfschema.GenSchemaLabels(ctx)
+func GenSchemaLabels(ctx context.Context, attr tfsdk.Attribute) tfsdk.Attribute {
+	return tfschema.GenSchemaLabels(ctx, attr)
 }
 
 // GenSchemaBoolOptionsNullable returns Terraform schema for BoolOption type
-func GenSchemaBoolOptionNullable(_ context.Context) tfsdk.Attribute {
+func GenSchemaBoolOptionNullable(_ context.Context, attr tfsdk.Attribute) tfsdk.Attribute {
 	return tfsdk.Attribute{
-		Optional: true,
-		Type:     types.BoolType,
+		Optional:    true,
+		Type:        types.BoolType,
+		Description: attr.Description,
 	}
 }
 
diff --git a/integrations/terraform/tfschema/token/types_terraform.go b/integrations/terraform/tfschema/token/types_terraform.go
index fb3164fdf517f..eb44f685afbcf 100644
--- a/integrations/terraform/tfschema/token/types_terraform.go
+++ b/integrations/terraform/tfschema/token/types_terraform.go
@@ -123,7 +123,7 @@ func GenSchemaProvisionTokenV2(ctx context.Context) (github_com_hashicorp_terraf
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 						},
 						"aws_role": {
-							Description: "AWSRole is used for the EC2 join method and is the ARN of the AWS role that the auth server will assume in order to call the ec2 API.",
+							Description: "AWSRole is used for the EC2 join method and is the ARN of the AWS role that the Auth Service will assume in order to call the ec2 API.",
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 						},
@@ -264,7 +264,7 @@ func GenSchemaProvisionTokenV2(ctx context.Context) (github_com_hashicorp_terraf
 							Optional:    true,
 						},
 						"enterprise_server_host": {
-							Description: "EnterpriseServerHost allows joining from runners associated with a GitHub Enterprise Server instance. When unconfigured, tokens will be validated against github.com, but when configured to the host of a GHES instance, then the tokens will be validated against host.  This value should be the hostname of the GHES instance, and should not include the scheme or a path. The instance must be accessible over HTTPS at this hostname and the certificate must be trusted by the Auth Server.",
+							Description: "EnterpriseServerHost allows joining from runners associated with a GitHub Enterprise Server instance. When unconfigured, tokens will be validated against github.com, but when configured to the host of a GHES instance, then the tokens will be validated against host.  This value should be the hostname of the GHES instance, and should not include the scheme or a path. The instance must be accessible over HTTPS at this hostname and the certificate must be trusted by the Auth Service.",
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 						},
@@ -301,9 +301,12 @@ func GenSchemaProvisionTokenV2(ctx context.Context) (github_com_hashicorp_terraf
 									Optional:    true,
 									Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 								},
-								"environment_protected": GenSchemaBoolOptionNullable(ctx),
+								"environment_protected": GenSchemaBoolOptionNullable(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+									Description: "EnvironmentProtected is true if the Git ref is protected, false otherwise.",
+									Optional:    true,
+								}),
 								"namespace_path": {
-									Description: "NamespacePath is used to limit access to jobs in a group or user's projects. Example: `mygroup`  This field supports simple \"glob-style\" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character.",
+									Description: "NamespacePath is used to limit access to jobs in a group or user's projects. Example: `mygroup`  This field supports \"glob-style\" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character.",
 									Optional:    true,
 									Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 								},
@@ -313,7 +316,7 @@ func GenSchemaProvisionTokenV2(ctx context.Context) (github_com_hashicorp_terraf
 									Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 								},
 								"project_path": {
-									Description: "ProjectPath is used to limit access to jobs belonging to an individual project. Example: `mygroup/myproject`  This field supports simple \"glob-style\" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character.",
+									Description: "ProjectPath is used to limit access to jobs belonging to an individual project. Example: `mygroup/myproject`  This field supports \"glob-style\" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character.",
 									Optional:    true,
 									Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 								},
@@ -323,18 +326,21 @@ func GenSchemaProvisionTokenV2(ctx context.Context) (github_com_hashicorp_terraf
 									Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 								},
 								"ref": {
-									Description: "Ref allows access to be limited to jobs triggered by a specific git ref. Ensure this is used in combination with ref_type.  This field supports simple \"glob-style\" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character.",
+									Description: "Ref allows access to be limited to jobs triggered by a specific git ref. Ensure this is used in combination with ref_type.  This field supports \"glob-style\" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character.",
 									Optional:    true,
 									Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 								},
-								"ref_protected": GenSchemaBoolOptionNullable(ctx),
+								"ref_protected": GenSchemaBoolOptionNullable(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+									Description: "RefProtected is true if the Git ref is protected, false otherwise.",
+									Optional:    true,
+								}),
 								"ref_type": {
 									Description: "RefType allows access to be limited to jobs triggered by a specific git ref type. Example: `branch` or `tag`",
 									Optional:    true,
 									Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 								},
 								"sub": {
-									Description: "Sub roughly uniquely identifies the workload. Example: `project_path:mygroup/my-project:ref_type:branch:ref:main` project_path:GROUP/PROJECT:ref_type:TYPE:ref:BRANCH_NAME  This field supports simple \"glob-style\" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character.",
+									Description: "Sub roughly uniquely identifies the workload. Example: `project_path:mygroup/my-project:ref_type:branch:ref:main` project_path:GROUP/PROJECT:ref_type:TYPE:ref:BRANCH_NAME  This field supports \"glob-style\" matching: - Use '*' to match zero or more characters. - Use '?' to match any single character.",
 									Optional:    true,
 									Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 								},
@@ -442,8 +448,14 @@ func GenSchemaProvisionTokenV2(ctx context.Context) (github_com_hashicorp_terraf
 					Description: "Spacelift allows the configuration of options specific to the \"spacelift\" join method.",
 					Optional:    true,
 				},
-				"suggested_agent_matcher_labels": GenSchemaLabels(ctx),
-				"suggested_labels":               GenSchemaLabels(ctx),
+				"suggested_agent_matcher_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+					Description: "SuggestedAgentMatcherLabels is a set of labels to be used by agents to match on resources. When an agent uses this token, the agent should monitor resources that match those labels. For databases, this means adding the labels to `db_service.resources.labels`. Currently, only node-join scripts create a configuration according to the suggestion.",
+					Optional:    true,
+				}),
+				"suggested_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+					Description: "SuggestedLabels is a set of labels that resources should set when using this token to enroll themselves in the cluster. Currently, only node-join scripts create a configuration according to the suggestion.",
+					Optional:    true,
+				}),
 				"terraform_cloud": {
 					Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
 						"allow": {
diff --git a/integrations/terraform/tfschema/types_terraform.go b/integrations/terraform/tfschema/types_terraform.go
index f6268945bc1c2..5c7886edaa3ba 100644
--- a/integrations/terraform/tfschema/types_terraform.go
+++ b/integrations/terraform/tfschema/types_terraform.go
@@ -294,6 +294,11 @@ func GenSchemaDatabaseV3(ctx context.Context) (github_com_hashicorp_terraform_pl
 									Optional:    true,
 									Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 								},
+								"security_groups": {
+									Description: "SecurityGroups is a list of attached security groups for the RDS instance.",
+									Optional:    true,
+									Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
+								},
 								"subnets": {
 									Description: "Subnets is a list of subnets for the RDS instance.",
 									Optional:    true,
@@ -1196,7 +1201,10 @@ func GenSchemaSessionRecordingConfigV2(ctx context.Context) (github_com_hashicor
 					PlanModifiers: []github_com_hashicorp_terraform_plugin_framework_tfsdk.AttributePlanModifier{github_com_hashicorp_terraform_plugin_framework_tfsdk.UseStateForUnknown()},
 					Type:          github_com_hashicorp_terraform_plugin_framework_types.StringType,
 				},
-				"proxy_checks_host_keys": GenSchemaBoolOption(ctx),
+				"proxy_checks_host_keys": GenSchemaBoolOption(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+					Description: "ProxyChecksHostKeys is used to control if the proxy will check host keys when in recording mode.",
+					Optional:    true,
+				}),
 			}),
 			Description: "Spec is a SessionRecordingConfig specification",
 			Optional:    true,
@@ -1271,9 +1279,18 @@ func GenSchemaAuthPreferenceV2(ctx context.Context) (github_com_hashicorp_terraf
 		},
 		"spec": {
 			Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
-				"allow_headless":     GenSchemaBoolOption(ctx),
-				"allow_local_auth":   GenSchemaBoolOption(ctx),
-				"allow_passwordless": GenSchemaBoolOption(ctx),
+				"allow_headless": GenSchemaBoolOption(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+					Description: "AllowHeadless enables/disables headless support. Headless authentication requires Webauthn to work. Defaults to true if the Webauthn is configured, defaults to false otherwise.",
+					Optional:    true,
+				}),
+				"allow_local_auth": GenSchemaBoolOption(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+					Description: "AllowLocalAuth is true if local authentication is enabled.",
+					Optional:    true,
+				}),
+				"allow_passwordless": GenSchemaBoolOption(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+					Description: "AllowPasswordless enables/disables passwordless support. Passwordless requires Webauthn to work. Defaults to true if the Webauthn is configured, defaults to false otherwise.",
+					Optional:    true,
+				}),
 				"connector_name": {
 					Description: "ConnectorName is the name of the OIDC or SAML connector. If this value is not set the first connector in the backend will be used.",
 					Optional:    true,
@@ -1305,7 +1322,10 @@ func GenSchemaAuthPreferenceV2(ctx context.Context) (github_com_hashicorp_terraf
 					Description: "DeviceTrust holds settings related to trusted device verification. Requires Teleport Enterprise.",
 					Optional:    true,
 				},
-				"disconnect_expired_cert": GenSchemaBoolOption(ctx),
+				"disconnect_expired_cert": GenSchemaBoolOption(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+					Description: "DisconnectExpiredCert provides disconnect expired certificate setting - if true, connections with expired client certificates will get disconnected",
+					Optional:    true,
+				}),
 				"hardware_key": {
 					Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
 						"piv_slot": {
@@ -1335,7 +1355,10 @@ func GenSchemaAuthPreferenceV2(ctx context.Context) (github_com_hashicorp_terraf
 				},
 				"idp": {
 					Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{"saml": {
-						Attributes:  github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{"enabled": GenSchemaBoolOption(ctx)}),
+						Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{"enabled": GenSchemaBoolOption(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "Enabled is set to true if this option allows access to the Teleport SAML IdP.",
+							Optional:    true,
+						})}),
 						Description: "SAML are options related to the Teleport SAML IdP.",
 						Optional:    true,
 					}}),
@@ -1375,7 +1398,7 @@ func GenSchemaAuthPreferenceV2(ctx context.Context) (github_com_hashicorp_terraf
 				},
 				"second_factor": {
 					Computed:      true,
-					Description:   "SecondFactor is the type of second factor.",
+					Description:   "SecondFactor is the type of mult-factor.",
 					Optional:      true,
 					PlanModifiers: []github_com_hashicorp_terraform_plugin_framework_tfsdk.AttributePlanModifier{github_com_hashicorp_terraform_plugin_framework_tfsdk.UseStateForUnknown()},
 					Type:          github_com_hashicorp_terraform_plugin_framework_types.StringType,
@@ -1390,7 +1413,7 @@ func GenSchemaAuthPreferenceV2(ctx context.Context) (github_com_hashicorp_terraf
 				"u2f": {
 					Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
 						"app_id": {
-							Description: "AppID returns the application ID for universal second factor.",
+							Description: "AppID returns the application ID for universal mult-factor.",
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 						},
@@ -1400,7 +1423,7 @@ func GenSchemaAuthPreferenceV2(ctx context.Context) (github_com_hashicorp_terraf
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 						},
 						"facets": {
-							Description: "Facets returns the facets for universal second factor. Deprecated: Kept for backwards compatibility reasons, but Facets have no effect since Teleport v10, when Webauthn replaced the U2F implementation.",
+							Description: "Facets returns the facets for universal mult-factor. Deprecated: Kept for backwards compatibility reasons, but Facets have no effect since Teleport v10, when Webauthn replaced the U2F implementation.",
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 						},
@@ -1421,7 +1444,7 @@ func GenSchemaAuthPreferenceV2(ctx context.Context) (github_com_hashicorp_terraf
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 						},
 						"rp_id": {
-							Description: "RPID is the ID of the Relying Party. It should be set to the domain name of the Teleport installation.  IMPORTANT: RPID must never change in the lifetime of the cluster, because it's recorded in the registration data on the WebAuthn device. If the RPID changes, all existing WebAuthn key registrations will become invalid and all users who use WebAuthn as the second factor will need to re-register.",
+							Description: "RPID is the ID of the Relying Party. It should be set to the domain name of the Teleport installation.  IMPORTANT: RPID must never change in the lifetime of the cluster, because it's recorded in the registration data on the WebAuthn device. If the RPID changes, all existing WebAuthn key registrations will become invalid and all users who use WebAuthn as the multi-factor will need to re-register.",
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 						},
@@ -1508,7 +1531,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 			Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
 				"allow": {
 					Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
-						"app_labels": GenSchemaLabels(ctx),
+						"app_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "AppLabels is a map of labels used as part of the RBAC system.",
+							Optional:    true,
+						}),
 						"app_labels_expression": {
 							Description: "AppLabelsExpression is a predicate expression used to allow/deny access to Apps.",
 							Optional:    true,
@@ -1524,13 +1550,19 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 						},
-						"cluster_labels": GenSchemaLabels(ctx),
+						"cluster_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "ClusterLabels is a map of node labels (used to dynamically grant access to clusters).",
+							Optional:    true,
+						}),
 						"cluster_labels_expression": {
 							Description: "ClusterLabelsExpression is a predicate expression used to allow/deny access to remote Teleport clusters.",
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 						},
-						"db_labels": GenSchemaLabels(ctx),
+						"db_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "DatabaseLabels are used in RBAC system to allow/deny access to databases.",
+							Optional:    true,
+						}),
 						"db_labels_expression": {
 							Description: "DatabaseLabelsExpression is a predicate expression used to allow/deny access to Databases.",
 							Optional:    true,
@@ -1543,7 +1575,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 						},
 						"db_permissions": {
 							Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.ListNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
-								"match": GenSchemaLabels(ctx),
+								"match": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+									Description: "Match is a list of object labels that must be matched for the permission to be granted.",
+									Optional:    true,
+								}),
 								"permissions": {
 									Description: "Permission is the list of string representations of the permission to be given, e.g. SELECT, INSERT, UPDATE, ...",
 									Optional:    true,
@@ -1558,7 +1593,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 						},
-						"db_service_labels": GenSchemaLabels(ctx),
+						"db_service_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "DatabaseServiceLabels are used in RBAC system to allow/deny access to Database Services.",
+							Optional:    true,
+						}),
 						"db_service_labels_expression": {
 							Description: "DatabaseServiceLabelsExpression is a predicate expression used to allow/deny access to Database Services.",
 							Optional:    true,
@@ -1579,7 +1617,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 						},
-						"group_labels": GenSchemaLabels(ctx),
+						"group_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "GroupLabels is a map of labels used as part of the RBAC system.",
+							Optional:    true,
+						}),
 						"group_labels_expression": {
 							Description: "GroupLabelsExpression is a predicate expression used to allow/deny access to user groups.",
 							Optional:    true,
@@ -1647,7 +1688,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 						},
-						"kubernetes_labels": GenSchemaLabels(ctx),
+						"kubernetes_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "KubernetesLabels is a map of kubernetes cluster labels used for RBAC.",
+							Optional:    true,
+						}),
 						"kubernetes_labels_expression": {
 							Description: "KubernetesLabelsExpression is a predicate expression used to allow/deny access to kubernetes clusters.",
 							Optional:    true,
@@ -1693,7 +1737,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 						},
-						"node_labels": GenSchemaLabels(ctx),
+						"node_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "NodeLabels is a map of node labels (used to dynamically grant access to nodes).",
+							Optional:    true,
+						}),
 						"node_labels_expression": {
 							Description: "NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes.",
 							Optional:    true,
@@ -1701,7 +1748,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 						},
 						"request": {
 							Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
-								"annotations": GenSchemaTraits(ctx),
+								"annotations": GenSchemaTraits(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+									Description: "Annotations is a collection of annotations to be programmatically appended to pending Access Requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins.  Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.",
+									Optional:    true,
+								}),
 								"claims_to_roles": {
 									Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.ListNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
 										"claim": {
@@ -1898,7 +1948,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 							Description: "SPIFFE is used to allow or deny access to a role holder to generating a SPIFFE SVID.",
 							Optional:    true,
 						},
-						"windows_desktop_labels": GenSchemaLabels(ctx),
+						"windows_desktop_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "WindowsDesktopLabels are used in the RBAC system to allow/deny access to Windows desktops.",
+							Optional:    true,
+						}),
 						"windows_desktop_labels_expression": {
 							Description: "WindowsDesktopLabelsExpression is a predicate expression used to allow/deny access to Windows desktops.",
 							Optional:    true,
@@ -1915,7 +1968,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 				},
 				"deny": {
 					Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
-						"app_labels": GenSchemaLabels(ctx),
+						"app_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "AppLabels is a map of labels used as part of the RBAC system.",
+							Optional:    true,
+						}),
 						"app_labels_expression": {
 							Description: "AppLabelsExpression is a predicate expression used to allow/deny access to Apps.",
 							Optional:    true,
@@ -1931,13 +1987,19 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 						},
-						"cluster_labels": GenSchemaLabels(ctx),
+						"cluster_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "ClusterLabels is a map of node labels (used to dynamically grant access to clusters).",
+							Optional:    true,
+						}),
 						"cluster_labels_expression": {
 							Description: "ClusterLabelsExpression is a predicate expression used to allow/deny access to remote Teleport clusters.",
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 						},
-						"db_labels": GenSchemaLabels(ctx),
+						"db_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "DatabaseLabels are used in RBAC system to allow/deny access to databases.",
+							Optional:    true,
+						}),
 						"db_labels_expression": {
 							Description: "DatabaseLabelsExpression is a predicate expression used to allow/deny access to Databases.",
 							Optional:    true,
@@ -1950,7 +2012,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 						},
 						"db_permissions": {
 							Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.ListNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
-								"match": GenSchemaLabels(ctx),
+								"match": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+									Description: "Match is a list of object labels that must be matched for the permission to be granted.",
+									Optional:    true,
+								}),
 								"permissions": {
 									Description: "Permission is the list of string representations of the permission to be given, e.g. SELECT, INSERT, UPDATE, ...",
 									Optional:    true,
@@ -1965,7 +2030,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 						},
-						"db_service_labels": GenSchemaLabels(ctx),
+						"db_service_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "DatabaseServiceLabels are used in RBAC system to allow/deny access to Database Services.",
+							Optional:    true,
+						}),
 						"db_service_labels_expression": {
 							Description: "DatabaseServiceLabelsExpression is a predicate expression used to allow/deny access to Database Services.",
 							Optional:    true,
@@ -1986,7 +2054,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 						},
-						"group_labels": GenSchemaLabels(ctx),
+						"group_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "GroupLabels is a map of labels used as part of the RBAC system.",
+							Optional:    true,
+						}),
 						"group_labels_expression": {
 							Description: "GroupLabelsExpression is a predicate expression used to allow/deny access to user groups.",
 							Optional:    true,
@@ -2054,7 +2125,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 						},
-						"kubernetes_labels": GenSchemaLabels(ctx),
+						"kubernetes_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "KubernetesLabels is a map of kubernetes cluster labels used for RBAC.",
+							Optional:    true,
+						}),
 						"kubernetes_labels_expression": {
 							Description: "KubernetesLabelsExpression is a predicate expression used to allow/deny access to kubernetes clusters.",
 							Optional:    true,
@@ -2096,7 +2170,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.ListType{ElemType: github_com_hashicorp_terraform_plugin_framework_types.StringType},
 						},
-						"node_labels": GenSchemaLabels(ctx),
+						"node_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "NodeLabels is a map of node labels (used to dynamically grant access to nodes).",
+							Optional:    true,
+						}),
 						"node_labels_expression": {
 							Description: "NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes.",
 							Optional:    true,
@@ -2104,7 +2181,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 						},
 						"request": {
 							Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
-								"annotations": GenSchemaTraits(ctx),
+								"annotations": GenSchemaTraits(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+									Description: "Annotations is a collection of annotations to be programmatically appended to pending Access Requests at the time of their creation. These annotations serve as a mechanism to propagate extra information to plugins.  Since these annotations support variable interpolation syntax, they also offer a mechanism for forwarding claims from an external identity provider, to a plugin via `{{external.trait_name}}` style substitutions.",
+									Optional:    true,
+								}),
 								"claims_to_roles": {
 									Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.ListNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
 										"claim": {
@@ -2301,7 +2381,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 							Description: "SPIFFE is used to allow or deny access to a role holder to generating a SPIFFE SVID.",
 							Optional:    true,
 						},
-						"windows_desktop_labels": GenSchemaLabels(ctx),
+						"windows_desktop_labels": GenSchemaLabels(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "WindowsDesktopLabels are used in the RBAC system to allow/deny access to Windows desktops.",
+							Optional:    true,
+						}),
 						"windows_desktop_labels_expression": {
 							Description: "WindowsDesktopLabelsExpression is a predicate expression used to allow/deny access to Windows desktops.",
 							Optional:    true,
@@ -2356,14 +2439,23 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 							Optional:    true,
 							Type:        DurationType{},
 						},
-						"create_db_user": GenSchemaBoolOption(ctx),
+						"create_db_user": GenSchemaBoolOption(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "CreateDatabaseUser enabled automatic database user creation.",
+							Optional:    true,
+						}),
 						"create_db_user_mode": {
 							Description: "CreateDatabaseUserMode allows users to be automatically created on a database when not set to off. 0 is \"unspecified\", 1 is \"off\", 2 is \"keep\", 3 is \"best_effort_drop\".",
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.Int64Type,
 						},
-						"create_desktop_user": GenSchemaBoolOption(ctx),
-						"create_host_user":    GenSchemaBoolOption(ctx),
+						"create_desktop_user": GenSchemaBoolOption(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "CreateDesktopUser allows users to be automatically created on a Windows desktop",
+							Optional:    true,
+						}),
+						"create_host_user": GenSchemaBoolOption(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "Deprecated: use CreateHostUserMode instead.",
+							Optional:    true,
+						}),
 						"create_host_user_default_shell": {
 							Description: "CreateHostUserDefaultShell is used to configure the default shell for newly provisioned host users.",
 							Optional:    true,
@@ -2374,8 +2466,14 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.Int64Type,
 						},
-						"desktop_clipboard":         GenSchemaBoolOption(ctx),
-						"desktop_directory_sharing": GenSchemaBoolOption(ctx),
+						"desktop_clipboard": GenSchemaBoolOption(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "DesktopClipboard indicates whether clipboard sharing is allowed between the user's workstation and the remote desktop. It defaults to true unless explicitly set to false.",
+							Optional:    true,
+						}),
+						"desktop_directory_sharing": GenSchemaBoolOption(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "DesktopDirectorySharing indicates whether directory sharing is allowed between the user's workstation and the remote desktop. It defaults to false unless explicitly set to true.",
+							Optional:    true,
+						}),
 						"device_trust_mode": {
 							Description: "DeviceTrustMode is the device authorization mode used for the resources associated with the role. See DeviceTrust.Mode.",
 							Optional:    true,
@@ -2400,7 +2498,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 						},
 						"idp": {
 							Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{"saml": {
-								Attributes:  github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{"enabled": GenSchemaBoolOption(ctx)}),
+								Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{"enabled": GenSchemaBoolOption(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+									Description: "Enabled is set to true if this option allows access to the Teleport SAML IdP.",
+									Optional:    true,
+								})}),
 								Description: "SAML are options related to the Teleport SAML IdP.",
 								Optional:    true,
 							}}),
@@ -2449,7 +2550,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.BoolType,
 						},
-						"port_forwarding": GenSchemaBoolOption(ctx),
+						"port_forwarding": GenSchemaBoolOption(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "PortForwarding defines if the certificate will have \"permit-port-forwarding\" in the certificate. PortForwarding is \"yes\" if not set, that's why this is a pointer",
+							Optional:    true,
+						}),
 						"record_session": {
 							Attributes: github_com_hashicorp_terraform_plugin_framework_tfsdk.SingleNestedAttributes(map[string]github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
 								"default": {
@@ -2457,7 +2561,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 									Optional:    true,
 									Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 								},
-								"desktop": GenSchemaBoolOption(ctx),
+								"desktop": GenSchemaBoolOption(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+									Description: "Desktop indicates whether desktop sessions should be recorded. It defaults to true unless explicitly set to false.",
+									Optional:    true,
+								}),
 								"ssh": {
 									Description: "SSH indicates the session mode used on SSH sessions.",
 									Optional:    true,
@@ -2482,7 +2589,10 @@ func GenSchemaRoleV6(ctx context.Context) (github_com_hashicorp_terraform_plugin
 							Optional:    true,
 							Type:        github_com_hashicorp_terraform_plugin_framework_types.Int64Type,
 						},
-						"ssh_file_copy": GenSchemaBoolOption(ctx),
+						"ssh_file_copy": GenSchemaBoolOption(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+							Description: "SSHFileCopy indicates whether remote file operations via SCP or SFTP are allowed over an SSH session. It defaults to true unless explicitly set to false.",
+							Optional:    true,
+						}),
 					}),
 					Description: "Options is for OpenSSH options like agent forwarding.",
 					Optional:    true,
@@ -2632,7 +2742,10 @@ func GenSchemaUserV2(ctx context.Context) (github_com_hashicorp_terraform_plugin
 					Description: "SAMLIdentities lists associated SAML identities that let user log in using externally verified identity",
 					Optional:    true,
 				},
-				"traits": GenSchemaTraits(ctx),
+				"traits": GenSchemaTraits(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+					Description: "Traits are key/value pairs received from an identity provider (through OIDC claims or SAML assertions) or from a system administrator for local accounts. Traits are used to populate role variables.",
+					Optional:    true,
+				}),
 				"trusted_device_ids": {
 					Description: "TrustedDeviceIDs contains the IDs of trusted devices enrolled by the user.  Note that SSO users are transient and thus may contain an empty TrustedDeviceIDs field, even though the user->device association exists under the Device Trust subsystem. Do not rely on this field to determine device associations or ownership, it exists for legacy/informative purposes only.  Managed by the Device Trust subsystem, avoid manual edits.",
 					Optional:    true,
@@ -2763,7 +2876,7 @@ func GenSchemaOIDCConnectorV3(ctx context.Context) (github_com_hashicorp_terrafo
 					Optional:    true,
 				},
 				"client_id": {
-					Description: "ClientID is the id of the authentication client (Teleport Auth server).",
+					Description: "ClientID is the id of the authentication client (Teleport Auth Service).",
 					Optional:    true,
 					Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 				},
@@ -2830,7 +2943,10 @@ func GenSchemaOIDCConnectorV3(ctx context.Context) (github_com_hashicorp_terrafo
 					Optional:    true,
 					Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 				},
-				"redirect_url": GenSchemaStrings(ctx),
+				"redirect_url": GenSchemaStrings(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+					Description: "RedirectURLs is a list of callback URLs which the identity provider can use to redirect the client back to the Teleport Proxy to complete authentication. This list should match the URLs on the provider's side. The URL used for a given auth request will be chosen to match the requesting Proxy's public address. If there is no match, the first url in the list will be used.",
+					Optional:    true,
+				}),
 				"scope": {
 					Description: "Scope specifies additional scopes set by provider.",
 					Optional:    true,
@@ -4197,6 +4313,33 @@ func CopyDatabaseV3FromTerraform(_ context.Context, tf github_com_hashicorp_terr
 															}
 														}
 													}
+													{
+														a, ok := tf.Attrs["security_groups"]
+														if !ok {
+															diags.Append(attrReadMissingDiag{"DatabaseV3.Spec.AWS.RDS.SecurityGroups"})
+														} else {
+															v, ok := a.(github_com_hashicorp_terraform_plugin_framework_types.List)
+															if !ok {
+																diags.Append(attrReadConversionFailureDiag{"DatabaseV3.Spec.AWS.RDS.SecurityGroups", "github.com/hashicorp/terraform-plugin-framework/types.List"})
+															} else {
+																obj.SecurityGroups = make([]string, len(v.Elems))
+																if !v.Null && !v.Unknown {
+																	for k, a := range v.Elems {
+																		v, ok := a.(github_com_hashicorp_terraform_plugin_framework_types.String)
+																		if !ok {
+																			diags.Append(attrReadConversionFailureDiag{"DatabaseV3.Spec.AWS.RDS.SecurityGroups", "github_com_hashicorp_terraform_plugin_framework_types.String"})
+																		} else {
+																			var t string
+																			if !v.Null && !v.Unknown {
+																				t = string(v.Value)
+																			}
+																			obj.SecurityGroups[k] = t
+																		}
+																	}
+																}
+															}
+														}
+													}
 												}
 											}
 										}
@@ -6115,6 +6258,59 @@ func CopyDatabaseV3ToTerraform(ctx context.Context, obj *github_com_gravitationa
 															tf.Attrs["vpc_id"] = v
 														}
 													}
+													{
+														a, ok := tf.AttrTypes["security_groups"]
+														if !ok {
+															diags.Append(attrWriteMissingDiag{"DatabaseV3.Spec.AWS.RDS.SecurityGroups"})
+														} else {
+															o, ok := a.(github_com_hashicorp_terraform_plugin_framework_types.ListType)
+															if !ok {
+																diags.Append(attrWriteConversionFailureDiag{"DatabaseV3.Spec.AWS.RDS.SecurityGroups", "github.com/hashicorp/terraform-plugin-framework/types.ListType"})
+															} else {
+																c, ok := tf.Attrs["security_groups"].(github_com_hashicorp_terraform_plugin_framework_types.List)
+																if !ok {
+																	c = github_com_hashicorp_terraform_plugin_framework_types.List{
+
+																		ElemType: o.ElemType,
+																		Elems:    make([]github_com_hashicorp_terraform_plugin_framework_attr.Value, len(obj.SecurityGroups)),
+																		Null:     true,
+																	}
+																} else {
+																	if c.Elems == nil {
+																		c.Elems = make([]github_com_hashicorp_terraform_plugin_framework_attr.Value, len(obj.SecurityGroups))
+																	}
+																}
+																if obj.SecurityGroups != nil {
+																	t := o.ElemType
+																	if len(obj.SecurityGroups) != len(c.Elems) {
+																		c.Elems = make([]github_com_hashicorp_terraform_plugin_framework_attr.Value, len(obj.SecurityGroups))
+																	}
+																	for k, a := range obj.SecurityGroups {
+																		v, ok := tf.Attrs["security_groups"].(github_com_hashicorp_terraform_plugin_framework_types.String)
+																		if !ok {
+																			i, err := t.ValueFromTerraform(ctx, github_com_hashicorp_terraform_plugin_go_tftypes.NewValue(t.TerraformType(ctx), nil))
+																			if err != nil {
+																				diags.Append(attrWriteGeneralError{"DatabaseV3.Spec.AWS.RDS.SecurityGroups", err})
+																			}
+																			v, ok = i.(github_com_hashicorp_terraform_plugin_framework_types.String)
+																			if !ok {
+																				diags.Append(attrWriteConversionFailureDiag{"DatabaseV3.Spec.AWS.RDS.SecurityGroups", "github.com/hashicorp/terraform-plugin-framework/types.String"})
+																			}
+																			v.Null = string(a) == ""
+																		}
+																		v.Value = string(a)
+																		v.Unknown = false
+																		c.Elems[k] = v
+																	}
+																	if len(obj.SecurityGroups) > 0 {
+																		c.Null = false
+																	}
+																}
+																c.Unknown = false
+																tf.Attrs["security_groups"] = c
+															}
+														}
+													}
 												}
 												v.Unknown = false
 												tf.Attrs["rds"] = v
diff --git a/integrations/terraform/tfschema/userprovisioning/v2/statichostuser_terraform.go b/integrations/terraform/tfschema/userprovisioning/v2/statichostuser_terraform.go
index e327611eb1849..b99710f286648 100644
--- a/integrations/terraform/tfschema/userprovisioning/v2/statichostuser_terraform.go
+++ b/integrations/terraform/tfschema/userprovisioning/v2/statichostuser_terraform.go
@@ -29,6 +29,7 @@ import (
 	_ "github.com/gravitational/teleport/api/gen/proto/go/teleport/label/v1"
 	github_com_gravitational_teleport_api_gen_proto_go_teleport_label_v1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/label/v1"
 	github_com_gravitational_teleport_api_gen_proto_go_teleport_userprovisioning_v2 "github.com/gravitational/teleport/api/gen/proto/go/teleport/userprovisioning/v2"
+	github_com_gravitational_teleport_integrations_terraform_tfschema "github.com/gravitational/teleport/integrations/terraform/tfschema"
 	github_com_hashicorp_terraform_plugin_framework_attr "github.com/hashicorp/terraform-plugin-framework/attr"
 	github_com_hashicorp_terraform_plugin_framework_diag "github.com/hashicorp/terraform-plugin-framework/diag"
 	github_com_hashicorp_terraform_plugin_framework_tfsdk "github.com/hashicorp/terraform-plugin-framework/tfsdk"
@@ -65,7 +66,11 @@ func GenSchemaStaticHostUser(ctx context.Context) (github_com_hashicorp_terrafor
 					Optional:    true,
 					Type:        github_com_hashicorp_terraform_plugin_framework_types.StringType,
 				},
-				"expires": GenSchemaTimestamp(ctx),
+				"expires": GenSchemaTimestamp(ctx, github_com_hashicorp_terraform_plugin_framework_tfsdk.Attribute{
+					Description: "expires is a global expiry time header can be set on any resource in the system.",
+					Optional:    true,
+					Validators:  []github_com_hashicorp_terraform_plugin_framework_tfsdk.AttributeValidator{github_com_gravitational_teleport_integrations_terraform_tfschema.MustTimeBeInFuture()},
+				}),
 				"labels": {
 					Description: "labels is a set of labels.",
 					Optional:    true,
diff --git a/lib/auth/auth.go b/lib/auth/auth.go
index 72ce2125f3b33..8b66ba87e389b 100644
--- a/lib/auth/auth.go
+++ b/lib/auth/auth.go
@@ -487,9 +487,9 @@ func NewServer(cfg *InitConfig, opts ...ServerOption) (*Server, error) {
 				log.Warnf("missing connected resources gauge for keep alive %s (this is a bug)", s)
 			}
 		}),
-		inventory.WithOnDisconnect(func(s string) {
+		inventory.WithOnDisconnect(func(s string, c int) {
 			if g, ok := connectedResourceGauges[s]; ok {
-				g.Dec()
+				g.Sub(float64(c))
 			} else {
 				log.Warnf("missing connected resources gauge for keep alive %s (this is a bug)", s)
 			}
@@ -722,6 +722,14 @@ var (
 		},
 	)
 
+	roleCount = prometheus.NewGauge(
+		prometheus.GaugeOpts{
+			Namespace: teleport.MetricNamespace,
+			Name:      "roles_total",
+			Help:      "Number of roles that exist in the cluster",
+		},
+	)
+
 	registeredAgents = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Namespace: teleport.MetricNamespace,
@@ -806,6 +814,7 @@ var (
 		accessRequestsCreatedMetric,
 		registeredAgentsInstallMethod,
 		userCertificatesGeneratedMetric,
+		roleCount,
 	}
 )
 
@@ -1269,87 +1278,115 @@ func (a *Server) periodicSyncUpgradeWindowStartHour() {
 	}
 }
 
+// periodicIntervalKey is used to uniquely identify the subintervals registered with
+// the interval.MultiInterval instance that we use for managing periodics operations.
+
+type periodicIntervalKey int
+
+const (
+	heartbeatCheckKey periodicIntervalKey = 1 + iota
+	rotationCheckKey
+	metricsKey
+	releaseCheckKey
+	localReleaseCheckKey
+	instancePeriodicsKey
+	dynamicLabelsCheckKey
+	desktopCheckKey
+	upgradeWindowCheckKey
+	roleCountKey
+)
+
 // runPeriodicOperations runs some periodic bookkeeping operations
 // performed by auth server
 func (a *Server) runPeriodicOperations() {
-	ctx := context.TODO()
+	firstReleaseCheck := utils.FullJitter(time.Hour * 6)
+
+	// this environment variable is "unstable" since it will be deprecated
+	// by an upcoming tctl command. currently exists for testing purposes only.
+	if os.Getenv("TELEPORT_UNSTABLE_VC_SYNC_ON_START") == "yes" {
+		firstReleaseCheck = utils.HalfJitter(time.Second * 10)
+	}
+
 	// run periodic functions with a semi-random period
 	// to avoid contention on the database in case if there are multiple
 	// auth servers running - so they don't compete trying
 	// to update the same resources.
 	r := insecurerand.New(insecurerand.NewSource(a.GetClock().Now().UnixNano()))
 	period := defaults.HighResPollingPeriod + time.Duration(r.Intn(int(defaults.HighResPollingPeriod/time.Second)))*time.Second
-	log.Debugf("Ticking with period: %v.", period)
-	a.lock.RLock()
-	ticker := a.clock.NewTicker(period)
-	a.lock.RUnlock()
-	// Create a ticker with jitter
-	heartbeatCheckTicker := interval.New(interval.Config{
-		Duration: apidefaults.ServerKeepAliveTTL() * 2,
-		Jitter:   retryutils.NewSeventhJitter(),
-	})
-	promTicker := interval.New(interval.Config{
-		FirstDuration: 5 * time.Second,
-		Duration:      defaults.PrometheusScrapeInterval,
-		Jitter:        retryutils.NewSeventhJitter(),
-	})
-	missedKeepAliveCount := 0
-	defer ticker.Stop()
-	defer heartbeatCheckTicker.Stop()
-	defer promTicker.Stop()
 
-	firstReleaseCheck := utils.FullJitter(time.Hour * 6)
+	ticker := interval.NewMulti(
+		a.GetClock(),
+		interval.SubInterval[periodicIntervalKey]{
+			Key:      rotationCheckKey,
+			Duration: period,
+		},
+		interval.SubInterval[periodicIntervalKey]{
+			Key:           metricsKey,
+			Duration:      defaults.PrometheusScrapeInterval,
+			FirstDuration: 5 * time.Second,
+			Jitter:        retryutils.NewSeventhJitter(),
+		},
+		interval.SubInterval[periodicIntervalKey]{
+			Key:           instancePeriodicsKey,
+			Duration:      9 * time.Minute,
+			FirstDuration: utils.HalfJitter(time.Minute),
+			Jitter:        retryutils.NewSeventhJitter(),
+		},
+		interval.SubInterval[periodicIntervalKey]{
+			Key:           roleCountKey,
+			Duration:      12 * time.Hour,
+			FirstDuration: utils.FullJitter(time.Minute),
+			Jitter:        retryutils.NewSeventhJitter(),
+		},
+	)
 
-	// this environment variable is "unstable" since it will be deprecated
-	// by an upcoming tctl command. currently exists for testing purposes only.
-	if os.Getenv("TELEPORT_UNSTABLE_VC_SYNC_ON_START") == "yes" {
-		firstReleaseCheck = utils.HalfJitter(time.Second * 10)
-	}
+	defer ticker.Stop()
 
-	// note the use of FullJitter for the releases check interval. this lets us ensure
-	// that frequent restarts don't prevent checks from happening despite the infrequent
-	// effective check rate.
-	releaseCheck := interval.New(interval.Config{
-		Duration:      time.Hour * 24,
-		FirstDuration: firstReleaseCheck,
-		Jitter:        retryutils.NewFullJitter(),
-	})
-	defer releaseCheck.Stop()
-
-	// more frequent release check that just re-calculates alerts based on previously
-	// pulled versioning info.
-	localReleaseCheck := interval.New(interval.Config{
-		Duration:      time.Minute * 10,
-		FirstDuration: utils.HalfJitter(time.Second * 10),
-		Jitter:        retryutils.NewHalfJitter(),
-	})
-	defer localReleaseCheck.Stop()
+	missedKeepAliveCount := 0
 
-	instancePeriodics := interval.New(interval.Config{
-		Duration:      time.Minute * 9,
-		FirstDuration: utils.HalfJitter(time.Minute),
-		Jitter:        retryutils.NewSeventhJitter(),
-	})
-	defer instancePeriodics.Stop()
+	// Prevent some periodic operations from running for dashboard tenants.
+	if !services.IsDashboard(*modules.GetModules().Features().ToProto()) {
+		ticker.Push(interval.SubInterval[periodicIntervalKey]{
+			Key:           dynamicLabelsCheckKey,
+			Duration:      dynamicLabelCheckPeriod,
+			FirstDuration: utils.HalfJitter(10 * time.Second),
+			Jitter:        retryutils.NewSeventhJitter(),
+		})
+		ticker.Push(interval.SubInterval[periodicIntervalKey]{
+			Key:      heartbeatCheckKey,
+			Duration: apidefaults.ServerKeepAliveTTL() * 2,
+			Jitter:   retryutils.NewSeventhJitter(),
+		})
+		ticker.Push(interval.SubInterval[periodicIntervalKey]{
+			Key:           releaseCheckKey,
+			Duration:      24 * time.Hour,
+			FirstDuration: firstReleaseCheck,
+			// note the use of FullJitter for the releases check interval. this lets us ensure
+			// that frequent restarts don't prevent checks from happening despite the infrequent
+			// effective check rate.
+			Jitter: retryutils.NewFullJitter(),
+		})
+		// more frequent release check that just re-calculates alerts based on previously
+		// pulled versioning info.
+		ticker.Push(interval.SubInterval[periodicIntervalKey]{
+			Key:           localReleaseCheckKey,
+			Duration:      10 * time.Minute,
+			FirstDuration: utils.HalfJitter(10 * time.Second),
+			Jitter:        retryutils.NewHalfJitter(),
+		})
+	}
 
-	var ossDesktopsCheck <-chan time.Time
 	if modules.GetModules().IsOSSBuild() {
-		ossDesktopsCheck = interval.New(interval.Config{
+		ticker.Push(interval.SubInterval[periodicIntervalKey]{
+			Key:           desktopCheckKey,
 			Duration:      OSSDesktopsCheckPeriod,
-			FirstDuration: utils.HalfJitter(time.Second * 10),
+			FirstDuration: utils.HalfJitter(10 * time.Second),
 			Jitter:        retryutils.NewHalfJitter(),
-		}).Next()
-	} else if err := a.DeleteClusterAlert(ctx, OSSDesktopsAlertID); err != nil && !trace.IsNotFound(err) {
+		})
+	} else if err := a.DeleteClusterAlert(a.closeCtx, OSSDesktopsAlertID); err != nil && !trace.IsNotFound(err) {
 		log.Warnf("Can't delete OSS non-AD desktops limit alert: %v", err)
 	}
 
-	dynamicLabelsCheck := interval.New(interval.Config{
-		Duration:      dynamicLabelCheckPeriod,
-		FirstDuration: utils.HalfJitter(time.Second * 10),
-		Jitter:        retryutils.NewSeventhJitter(),
-	})
-	defer dynamicLabelsCheck.Stop()
-
 	// isolate the schedule of potentially long-running refreshRemoteClusters() from other tasks
 	go func() {
 		// reasonably small interval to ensure that users observe clusters as online within 1 minute of adding them.
@@ -1364,7 +1401,7 @@ func (a *Server) runPeriodicOperations() {
 			case <-a.closeCtx.Done():
 				return
 			case <-remoteClustersRefresh.Next():
-				a.refreshRemoteClusters(ctx, r)
+				a.refreshRemoteClusters(a.closeCtx, r)
 			}
 		}
 	}()
@@ -1372,60 +1409,118 @@ func (a *Server) runPeriodicOperations() {
 	// cloud auth servers need to periodically sync the upgrade window
 	// from the cloud db.
 	if modules.GetModules().Features().Cloud {
-		go a.periodicSyncUpgradeWindowStartHour()
-	}
-
-	// disable periodics that are not required for cloud dashboard tenants
-	if services.IsDashboard(*modules.GetModules().Features().ToProto()) {
-		releaseCheck.Stop()
-		localReleaseCheck.Stop()
-		heartbeatCheckTicker.Stop()
-		dynamicLabelsCheck.Stop()
+		ticker.Push(interval.SubInterval[periodicIntervalKey]{
+			Key:           upgradeWindowCheckKey,
+			Duration:      3 * time.Minute,
+			FirstDuration: utils.FullJitter(30 * time.Second),
+			Jitter:        retryutils.NewSeventhJitter(),
+		})
 	}
 
 	for {
 		select {
 		case <-a.closeCtx.Done():
 			return
-		case <-ticker.Chan():
-			err := a.autoRotateCertAuthorities(ctx)
-			if err != nil {
-				if trace.IsCompareFailed(err) {
-					log.Debugf("Cert authority has been updated concurrently: %v.", err)
-				} else {
-					log.Errorf("Failed to perform cert rotation check: %v.", err)
-				}
-			}
-		case <-heartbeatCheckTicker.Next():
-			nodes, err := a.GetNodes(ctx, apidefaults.Namespace)
-			if err != nil {
-				log.Errorf("Failed to load nodes for heartbeat metric calculation: %v", err)
-			}
-			for _, node := range nodes {
-				if services.NodeHasMissedKeepAlives(node) {
-					missedKeepAliveCount++
-				}
+		case tick := <-ticker.Next():
+			switch tick.Key {
+			case rotationCheckKey:
+				go func() {
+					if err := a.autoRotateCertAuthorities(a.closeCtx); err != nil {
+						if trace.IsCompareFailed(err) {
+							log.Debugf("Cert authority has been updated concurrently: %v.", err)
+						} else {
+							log.Errorf("Failed to perform cert rotation check: %v.", err)
+						}
+					}
+				}()
+			case heartbeatCheckKey:
+				go func() {
+					req := &proto.ListUnifiedResourcesRequest{Kinds: []string{types.KindNode}, SortBy: types.SortBy{Field: types.ResourceKind}}
+
+					for {
+						_, next, err := a.UnifiedResourceCache.IterateUnifiedResources(a.closeCtx,
+							func(rwl types.ResourceWithLabels) (bool, error) {
+								srv, ok := rwl.(types.Server)
+								if !ok {
+									return false, nil
+								}
+								if services.NodeHasMissedKeepAlives(srv) {
+									missedKeepAliveCount++
+								}
+								return false, nil
+							},
+							req,
+						)
+						if err != nil {
+							log.Errorf("Failed to load nodes for heartbeat metric calculation: %v", err)
+							return
+						}
+
+						req.StartKey = next
+						if req.StartKey == "" {
+							break
+						}
+					}
+
+					// Update prometheus gauge
+					heartbeatsMissedByAuth.Set(float64(missedKeepAliveCount))
+				}()
+			case metricsKey:
+				go a.updateAgentMetrics()
+			case releaseCheckKey:
+				go a.syncReleaseAlerts(a.closeCtx, true)
+			case localReleaseCheckKey:
+				go a.syncReleaseAlerts(a.closeCtx, false)
+			case instancePeriodicsKey:
+				go a.doInstancePeriodics(a.closeCtx)
+			case desktopCheckKey:
+				go a.syncDesktopsLimitAlert(a.closeCtx)
+			case dynamicLabelsCheckKey:
+				go a.syncDynamicLabelsAlert(a.closeCtx)
+			case upgradeWindowCheckKey:
+				go a.periodicSyncUpgradeWindowStartHour()
+			case roleCountKey:
+				go a.tallyRoles(a.closeCtx)
 			}
-			// Update prometheus gauge
-			heartbeatsMissedByAuth.Set(float64(missedKeepAliveCount))
-		case <-promTicker.Next():
-			a.updateAgentMetrics()
-		case <-releaseCheck.Next():
-			a.syncReleaseAlerts(ctx, true)
-		case <-localReleaseCheck.Next():
-			a.syncReleaseAlerts(ctx, false)
-		case <-instancePeriodics.Next():
-			// instance periodics are rate-limited and may be time-consuming in large
-			// clusters, so launch them in the background.
-			go a.doInstancePeriodics(ctx)
-		case <-ossDesktopsCheck:
-			a.syncDesktopsLimitAlert(ctx)
-		case <-dynamicLabelsCheck.Next():
-			a.syncDynamicLabelsAlert(ctx)
 		}
 	}
 }
 
+func (a *Server) tallyRoles(ctx context.Context) {
+	var count = 0
+	log.Debug("tallying roles")
+	defer func() {
+		log.Debugf("tallying roles completed, role_count=%d", count)
+	}()
+
+	req := &proto.ListRolesRequest{Limit: 20}
+
+	readLimiter := time.NewTicker(20 * time.Millisecond)
+	defer readLimiter.Stop()
+
+	for {
+		resp, err := a.Cache.ListRoles(ctx, req)
+		if err != nil {
+			return
+		}
+
+		count += len(resp.Roles)
+		req.StartKey = resp.NextKey
+
+		if req.StartKey == "" {
+			break
+		}
+
+		select {
+		case <-readLimiter.C:
+		case <-ctx.Done():
+			return
+		}
+	}
+
+	roleCount.Set(float64(count))
+}
+
 func (a *Server) doInstancePeriodics(ctx context.Context) {
 	const slowRate = time.Millisecond * 200 // 5 reads per second
 	const fastRate = time.Millisecond * 5   // 200 reads per second
@@ -6066,6 +6161,7 @@ func (a *Server) Ping(ctx context.Context) (proto.PingResponse, error) {
 		return proto.PingResponse{}, trace.Wrap(err)
 	}
 	features := modules.GetModules().Features().ToProto()
+	licenseExpiry := modules.GetModules().LicenseExpiry()
 
 	return proto.PingResponse{
 		ClusterName:     cn.GetClusterName(),
@@ -6074,6 +6170,7 @@ func (a *Server) Ping(ctx context.Context) (proto.PingResponse, error) {
 		ProxyPublicAddr: a.getProxyPublicAddr(),
 		IsBoring:        modules.GetModules().IsBoringBinary(),
 		LoadAllCAs:      a.loadAllCAs,
+		LicenseExpiry:   &licenseExpiry,
 	}, nil
 }
 
diff --git a/lib/auth/auth_with_roles.go b/lib/auth/auth_with_roles.go
index 0e3389bcfbf90..aab4709018164 100644
--- a/lib/auth/auth_with_roles.go
+++ b/lib/auth/auth_with_roles.go
@@ -280,12 +280,12 @@ func (a *ServerWithRoles) CreateSessionTracker(ctx context.Context, tracker type
 	return tracker, nil
 }
 
-func (a *ServerWithRoles) filterSessionTracker(ctx context.Context, joinerRoles []types.Role, tracker types.SessionTracker, verb string) bool {
+func (a *ServerWithRoles) filterSessionTracker(joinerRoles []types.Role, tracker types.SessionTracker, verb string) bool {
 	// Apply RFD 45 RBAC rules to the session if it's SSH.
 	// This is a bit of a hack. It converts to the old legacy format
 	// which we don't have all data for, luckily the fields we don't have aren't made available
 	// to the RBAC filter anyway.
-	if tracker.GetKind() == types.KindSSHSession {
+	if tracker.GetSessionKind() == types.SSHSessionKind {
 		ruleCtx := &services.Context{User: a.context.User}
 		ruleCtx.SSHSession = &session.Session{
 			Kind:           tracker.GetSessionKind(),
@@ -436,7 +436,7 @@ func (a *ServerWithRoles) GetSessionTracker(ctx context.Context, sessionID strin
 		return nil, trace.Wrap(err)
 	}
 
-	ok := a.filterSessionTracker(ctx, joinerRoles, tracker, types.VerbRead)
+	ok := a.filterSessionTracker(joinerRoles, tracker, types.VerbRead)
 	if !ok {
 		return nil, trace.NotFound("session %v not found", sessionID)
 	}
@@ -463,7 +463,7 @@ func (a *ServerWithRoles) GetActiveSessionTrackers(ctx context.Context) ([]types
 	}
 
 	for _, sess := range sessions {
-		ok := a.filterSessionTracker(ctx, joinerRoles, sess, types.VerbList)
+		ok := a.filterSessionTracker(joinerRoles, sess, types.VerbList)
 		if ok {
 			filteredSessions = append(filteredSessions, sess)
 		}
@@ -491,7 +491,7 @@ func (a *ServerWithRoles) GetActiveSessionTrackersWithFilter(ctx context.Context
 	}
 
 	for _, sess := range sessions {
-		ok := a.filterSessionTracker(ctx, joinerRoles, sess, types.VerbList)
+		ok := a.filterSessionTracker(joinerRoles, sess, types.VerbList)
 		if ok {
 			filteredSessions = append(filteredSessions, sess)
 		}
@@ -2222,11 +2222,7 @@ func enforceEnterpriseJoinMethodCreation(token types.ProvisionToken) error {
 
 // emitTokenEvent is called by Create/Upsert Token in order to emit any relevant
 // events.
-func emitTokenEvent(
-	ctx context.Context,
-	e apievents.Emitter,
-	roles types.SystemRoles,
-	joinMethod types.JoinMethod,
+func emitTokenEvent(ctx context.Context, e apievents.Emitter, token types.ProvisionToken,
 ) {
 	userMetadata := authz.ClientUserMetadata(ctx)
 	if err := e.EmitAuditEvent(ctx, &apievents.ProvisionTokenCreate{
@@ -2234,9 +2230,14 @@ func emitTokenEvent(
 			Type: events.ProvisionTokenCreateEvent,
 			Code: events.ProvisionTokenCreateCode,
 		},
+		ResourceMetadata: apievents.ResourceMetadata{
+			Name:      token.GetSafeName(),
+			Expires:   token.Expiry(),
+			UpdatedBy: userMetadata.GetUser(),
+		},
 		UserMetadata: userMetadata,
-		Roles:        roles,
-		JoinMethod:   joinMethod,
+		Roles:        token.GetRoles(),
+		JoinMethod:   token.GetJoinMethod(),
 	}); err != nil {
 		log.WithError(err).Warn("Failed to emit join token create event.")
 	}
@@ -2260,12 +2261,11 @@ func (a *ServerWithRoles) UpsertToken(ctx context.Context, token types.Provision
 		return trace.Wrap(err)
 	}
 
-	emitTokenEvent(ctx, a.authServer.emitter, token.GetRoles(), token.GetJoinMethod())
+	emitTokenEvent(ctx, a.authServer.emitter, token)
 	return nil
 }
 
 func (a *ServerWithRoles) CreateToken(ctx context.Context, token types.ProvisionToken) error {
-	jm := token.GetJoinMethod()
 	if err := a.action(apidefaults.Namespace, types.KindToken, types.VerbCreate); err != nil {
 		return trace.Wrap(err)
 	}
@@ -2282,7 +2282,7 @@ func (a *ServerWithRoles) CreateToken(ctx context.Context, token types.Provision
 		return trace.Wrap(err)
 	}
 
-	emitTokenEvent(ctx, a.authServer.emitter, token.GetRoles(), jm)
+	emitTokenEvent(ctx, a.authServer.emitter, token)
 	return nil
 }
 
diff --git a/lib/auth/auth_with_roles_test.go b/lib/auth/auth_with_roles_test.go
index 3d695b1929f65..f04a171c486ba 100644
--- a/lib/auth/auth_with_roles_test.go
+++ b/lib/auth/auth_with_roles_test.go
@@ -6040,7 +6040,41 @@ func TestGetActiveSessionTrackers(t *testing.T) {
 		require.NoError(t, err)
 
 		return getActiveSessionsTestCase{"no access with match expression", tracker, role, false}
-	}()}
+	}(), func() getActiveSessionsTestCase {
+		tracker, err := types.NewSessionTracker(types.SessionTrackerSpecV1{
+			SessionID: "1",
+			Kind:      string(types.SSHSessionKind),
+		})
+		require.NoError(t, err)
+
+		role, err := types.NewRoleWithVersion("dev", types.V3, types.RoleSpecV6{
+			Allow: types.RoleConditions{
+				AppLabels:        types.Labels{"*": []string{"*"}},
+				DatabaseLabels:   types.Labels{"*": []string{"*"}},
+				KubernetesLabels: types.Labels{"*": []string{"*"}},
+				KubernetesResources: []types.KubernetesResource{
+					{Kind: types.KindKubePod, Name: "*", Namespace: "*", Verbs: []string{"*"}},
+				},
+				NodeLabels:           types.Labels{"*": []string{"*"}},
+				NodeLabelsExpression: `contains(user.spec.traits["cluster_ids"], labels["cluster_id"]) || contains(user.spec.traits["sub"], labels["owner"])`,
+				Logins:               []string{"{{external.sub}}"},
+				WindowsDesktopLabels: types.Labels{"cluster_id": []string{"{{external.cluster_ids}}"}},
+				WindowsDesktopLogins: []string{"{{external.sub}}", "{{external.windows_logins}}"},
+			},
+			Deny: types.RoleConditions{
+				Rules: []types.Rule{
+					{
+						Resources: []string{types.KindDatabaseServer, types.KindAppServer, types.KindSession, types.KindSSHSession, types.KindKubeService, types.KindSessionTracker},
+						Verbs:     []string{"list", "read"},
+					},
+				},
+			},
+		})
+		require.NoError(t, err)
+
+		return getActiveSessionsTestCase{"filter bug v3 role", tracker, role, false}
+	}(),
+	}
 
 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
diff --git a/lib/auth/authclient/api.go b/lib/auth/authclient/api.go
index 755ae4226146c..710427d8615e3 100644
--- a/lib/auth/authclient/api.go
+++ b/lib/auth/authclient/api.go
@@ -755,6 +755,9 @@ type ReadDiscoveryAccessPoint interface {
 
 	// GetProxies returns a list of registered proxies.
 	GetProxies() ([]types.Server, error)
+
+	// GetUserTask gets a single User Task by its name.
+	GetUserTask(ctx context.Context, name string) (*usertasksv1.UserTask, error)
 }
 
 // DiscoveryAccessPoint is an API interface implemented by a certificate authority (CA) to be
@@ -1178,6 +1181,8 @@ type Cache interface {
 	GetUserTask(ctx context.Context, name string) (*usertasksv1.UserTask, error)
 	// ListUserTasks returns the user tasks resources.
 	ListUserTasks(ctx context.Context, pageSize int64, nextToken string) ([]*usertasksv1.UserTask, string, error)
+	// ListUserTasksByIntegration returns the user tasks resources filtered by an integration.
+	ListUserTasksByIntegration(ctx context.Context, pageSize int64, nextToken string, integration string) ([]*usertasksv1.UserTask, string, error)
 
 	// NotificationGetter defines list methods for notifications.
 	services.NotificationGetter
diff --git a/lib/auth/crownjewel/crownjewelv1/service.go b/lib/auth/crownjewel/crownjewelv1/service.go
index 83f6251f7377c..2029c652885d7 100644
--- a/lib/auth/crownjewel/crownjewelv1/service.go
+++ b/lib/auth/crownjewel/crownjewelv1/service.go
@@ -143,7 +143,7 @@ func (s *Service) emitCreateAuditEvent(ctx context.Context, req *crownjewelv1.Cr
 		},
 		CrownJewelQuery: req.GetSpec().GetQuery(),
 	}); auditErr != nil {
-		slog.WarnContext(ctx, "Failed to emit crown jewel create event.", "error", err)
+		slog.WarnContext(ctx, "Failed to emit crown jewel create event.", "error", auditErr)
 	}
 }
 
@@ -236,7 +236,7 @@ func (s *Service) emitUpdateAuditEvent(ctx context.Context, old, new *crownjewel
 		CurrentCrownJewelQuery: old.GetSpec().GetQuery(),
 		UpdatedCrownJewelQuery: new.GetSpec().GetQuery(),
 	}); auditErr != nil {
-		slog.WarnContext(ctx, "Failed to emit crown jewel update event.", "error", err)
+		slog.WarnContext(ctx, "Failed to emit crown jewel update event.", "error", auditErr)
 	}
 }
 
@@ -314,7 +314,7 @@ func (s *Service) DeleteCrownJewel(ctx context.Context, req *crownjewelv1.Delete
 			UpdatedBy: authCtx.Identity.GetIdentity().Username,
 		},
 	}); auditErr != nil {
-		slog.WarnContext(ctx, "Failed to emit crown jewel delete event.", "error", err)
+		slog.WarnContext(ctx, "Failed to emit crown jewel delete event.", "error", auditErr)
 	}
 
 	if err != nil {
diff --git a/lib/auth/grpcserver.go b/lib/auth/grpcserver.go
index 556c5b8b08fc1..feb9e222cb219 100644
--- a/lib/auth/grpcserver.go
+++ b/lib/auth/grpcserver.go
@@ -111,6 +111,7 @@ import (
 	"github.com/gravitational/teleport/lib/services/local"
 	"github.com/gravitational/teleport/lib/session"
 	"github.com/gravitational/teleport/lib/srv/server/installer"
+	usagereporter "github.com/gravitational/teleport/lib/usagereporter/teleport"
 	"github.com/gravitational/teleport/lib/utils"
 )
 
@@ -5325,6 +5326,9 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) {
 		Authorizer: cfg.Authorizer,
 		Backend:    cfg.AuthServer.Services,
 		Cache:      cfg.AuthServer.Cache,
+		// This must be a function because cfg.AuthServer.UsageReporter is changed after `NewGRPCServer` is called.
+		// It starts as a DiscardUsageReporter, but when running in Cloud, gets replaced by a real reporter.
+		UsageReporter: func() usagereporter.UsageReporter { return cfg.AuthServer.UsageReporter },
 	})
 	if err != nil {
 		return nil, trace.Wrap(err)
diff --git a/lib/auth/helpers_mfa.go b/lib/auth/helpers_mfa.go
index 853c3ae8e5e15..eca034791db4c 100644
--- a/lib/auth/helpers_mfa.go
+++ b/lib/auth/helpers_mfa.go
@@ -29,6 +29,7 @@ import (
 
 	"github.com/gravitational/teleport/api/client/proto"
 	mfav1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/mfa/v1"
+	"github.com/gravitational/teleport/api/mfa"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/lib/auth/mocku2f"
 	wantypes "github.com/gravitational/teleport/lib/auth/webauthntypes"
@@ -77,7 +78,8 @@ func NewTestDeviceFromChallenge(c *proto.MFARegisterChallenge, opts ...TestDevic
 // RegisterTestDevice creates and registers a TestDevice.
 // TOTP devices require a clock option.
 func RegisterTestDevice(
-	ctx context.Context, clt authClientI, devName string, devType proto.DeviceType, authenticator *TestDevice, opts ...TestDeviceOpt) (*TestDevice, error) {
+	ctx context.Context, clt authClientI, devName string, devType proto.DeviceType, authenticator *TestDevice, opts ...TestDeviceOpt,
+) (*TestDevice, error) {
 	dev := &TestDevice{} // Remaining parameters set during registration
 	for _, opt := range opts {
 		opt(dev)
@@ -101,13 +103,17 @@ type authClientI interface {
 	AddMFADeviceSync(context.Context, *proto.AddMFADeviceSyncRequest) (*proto.AddMFADeviceSyncResponse, error)
 }
 
-func (d *TestDevice) registerDevice(
-	ctx context.Context, authClient authClientI, devName string, devType proto.DeviceType, authenticator *TestDevice) error {
-	// Re-authenticate using MFA.
-	authnChal, err := authClient.CreateAuthenticateChallenge(ctx, &proto.CreateAuthenticateChallengeRequest{
-		Request: &proto.CreateAuthenticateChallengeRequest_ContextUser{
-			ContextUser: &proto.ContextUser{},
+func (d *TestDevice) registerDevice(ctx context.Context, authClient authClientI, devName string, devType proto.DeviceType, authenticator *TestDevice) error {
+	mfaCeremony := &mfa.Ceremony{
+		PromptConstructor: func(opts ...mfa.PromptOpt) mfa.Prompt {
+			return mfa.PromptFunc(func(ctx context.Context, chal *proto.MFAAuthenticateChallenge) (*proto.MFAAuthenticateResponse, error) {
+				return authenticator.SolveAuthn(chal)
+			})
 		},
+		CreateAuthenticateChallenge: authClient.CreateAuthenticateChallenge,
+	}
+
+	authnSolved, err := mfaCeremony.Run(ctx, &proto.CreateAuthenticateChallengeRequest{
 		ChallengeExtensions: &mfav1.ChallengeExtensions{
 			Scope: mfav1.ChallengeScope_CHALLENGE_SCOPE_MANAGE_DEVICES,
 		},
@@ -115,10 +121,6 @@ func (d *TestDevice) registerDevice(
 	if err != nil {
 		return trace.Wrap(err)
 	}
-	authnSolved, err := authenticator.SolveAuthn(authnChal)
-	if err != nil {
-		return trace.Wrap(err)
-	}
 
 	// Acquire and solve registration challenge.
 	usage := proto.DeviceUsage_DEVICE_USAGE_MFA
@@ -213,7 +215,6 @@ func (d *TestDevice) solveRegister(c *proto.MFARegisterChallenge) (*proto.MFAReg
 	default:
 		return nil, trace.BadParameter("unexpected challenge type: %T", c.Request)
 	}
-
 }
 
 func (d *TestDevice) solveRegisterWebauthn(c *proto.MFARegisterChallenge) (*proto.MFARegisterResponse, error) {
diff --git a/lib/auth/init.go b/lib/auth/init.go
index efb4f41e3e927..2203b353a2857 100644
--- a/lib/auth/init.go
+++ b/lib/auth/init.go
@@ -342,9 +342,9 @@ func Init(ctx context.Context, cfg InitConfig, opts ...ServerOption) (*Server, e
 	if err := backend.RunWhileLocked(ctx,
 		backend.RunWhileLockedConfig{
 			LockConfiguration: backend.LockConfiguration{
-				Backend:  cfg.Backend,
-				LockName: domainName,
-				TTL:      30 * time.Second,
+				Backend:            cfg.Backend,
+				LockNameComponents: []string{domainName},
+				TTL:                30 * time.Second,
 			},
 			RefreshLockInterval: 20 * time.Second,
 		}, func(ctx context.Context) error {
@@ -1105,6 +1105,25 @@ func createPresetDatabaseObjectImportRule(ctx context.Context, rules services.Da
 		return trace.Wrap(err, "failed listing available database object import rules")
 	}
 	if len(importRules) > 0 {
+		// If the single rule is the old preset, we assume the user hasn't used
+		// DB DAC feature yet since the old preset alone is usually not enough
+		// to make things work. Replace it with the new preset.
+		//
+		// Creating and updating the database object import rule is handled on
+		// a best-effort basis, so it’s not included in backend migrations.
+		//
+		// TODO(greedy52) DELETE in 18.0
+		if len(importRules) == 1 && databaseobjectimportrule.IsOldImportAllObjectsRulePreset(importRules[0]) {
+			rule := databaseobjectimportrule.NewPresetImportAllObjectsRule()
+			if rule == nil {
+				return nil
+			}
+
+			_, err = rules.UpsertDatabaseObjectImportRule(ctx, rule)
+			if err != nil {
+				return trace.Wrap(err, "failed to update the default database object import rule")
+			}
+		}
 		return nil
 	}
 
diff --git a/lib/auth/init_test.go b/lib/auth/init_test.go
index 45f2b0d88da87..0de1c8bd8a1aa 100644
--- a/lib/auth/init_test.go
+++ b/lib/auth/init_test.go
@@ -38,11 +38,14 @@ import (
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/crypto/ssh"
+	"google.golang.org/protobuf/proto"
 	kyaml "k8s.io/apimachinery/pkg/util/yaml"
 
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/constants"
+	dbobjectimportrulev1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/dbobjectimportrule/v1"
 	"github.com/gravitational/teleport/api/types"
+	"github.com/gravitational/teleport/api/types/label"
 	apisshutils "github.com/gravitational/teleport/api/utils/sshutils"
 	"github.com/gravitational/teleport/lib"
 	"github.com/gravitational/teleport/lib/auth/state"
@@ -53,6 +56,7 @@ import (
 	"github.com/gravitational/teleport/lib/modules"
 	"github.com/gravitational/teleport/lib/observability/tracing"
 	"github.com/gravitational/teleport/lib/services"
+	"github.com/gravitational/teleport/lib/srv/db/common/databaseobjectimportrule"
 	"github.com/gravitational/teleport/lib/sshutils"
 	"github.com/gravitational/teleport/lib/utils"
 	"github.com/gravitational/teleport/lib/utils/proxy"
@@ -1884,3 +1888,107 @@ func TestTeleportProcessAuthVersionUpgradeCheck(t *testing.T) {
 		})
 	}
 }
+
+type mockDatabaseObjectImportRules struct {
+	services.DatabaseObjectImportRules
+	listRules []*dbobjectimportrulev1.DatabaseObjectImportRule
+	created   *dbobjectimportrulev1.DatabaseObjectImportRule
+	upserted  *dbobjectimportrulev1.DatabaseObjectImportRule
+}
+
+func (m *mockDatabaseObjectImportRules) ListDatabaseObjectImportRules(context.Context, int, string) ([]*dbobjectimportrulev1.DatabaseObjectImportRule, string, error) {
+	return m.listRules, "", nil
+}
+func (m *mockDatabaseObjectImportRules) CreateDatabaseObjectImportRule(ctx context.Context, rule *dbobjectimportrulev1.DatabaseObjectImportRule) (*dbobjectimportrulev1.DatabaseObjectImportRule, error) {
+	m.created = rule
+	return rule, nil
+}
+func (m *mockDatabaseObjectImportRules) UpsertDatabaseObjectImportRule(ctx context.Context, rule *dbobjectimportrulev1.DatabaseObjectImportRule) (*dbobjectimportrulev1.DatabaseObjectImportRule, error) {
+	m.upserted = rule
+	return rule, nil
+}
+
+func Test_createPresetDatabaseObjectImportRule(t *testing.T) {
+	presetRule := databaseobjectimportrule.NewPresetImportAllObjectsRule()
+	require.NotNil(t, presetRule)
+
+	customRule, err := databaseobjectimportrule.NewDatabaseObjectImportRule("dev_rule", &dbobjectimportrulev1.DatabaseObjectImportRuleSpec{
+		Priority:       100,
+		DatabaseLabels: label.FromMap(map[string][]string{"env": {"dev"}}),
+		Mappings: []*dbobjectimportrulev1.DatabaseObjectImportRuleMapping{{
+			Match: &dbobjectimportrulev1.DatabaseObjectImportMatch{
+				TableNames: []string{"*"},
+			},
+			AddLabels: map[string]string{
+				"env": "dev",
+			},
+			Scope: &dbobjectimportrulev1.DatabaseObjectImportScope{
+				SchemaNames: []string{"public"},
+			},
+		}},
+	})
+	require.NoError(t, err)
+
+	oldPresetRule, err := databaseobjectimportrule.NewDatabaseObjectImportRule("import_all_objects", &dbobjectimportrulev1.DatabaseObjectImportRuleSpec{
+		DatabaseLabels: label.FromMap(map[string][]string{"*": {"*"}}),
+		Mappings: []*dbobjectimportrulev1.DatabaseObjectImportRuleMapping{
+			{
+				Match:     &dbobjectimportrulev1.DatabaseObjectImportMatch{TableNames: []string{"*"}},
+				AddLabels: map[string]string{"kind": "table"},
+			},
+			{
+				Match:     &dbobjectimportrulev1.DatabaseObjectImportMatch{ViewNames: []string{"*"}},
+				AddLabels: map[string]string{"kind": "view"},
+			},
+			{
+				Match:     &dbobjectimportrulev1.DatabaseObjectImportMatch{ProcedureNames: []string{"*"}},
+				AddLabels: map[string]string{"kind": "procedure"},
+			},
+		},
+	})
+	require.NoError(t, err)
+
+	tests := []struct {
+		name          string
+		existingRules []*dbobjectimportrulev1.DatabaseObjectImportRule
+		expectCreate  *dbobjectimportrulev1.DatabaseObjectImportRule
+		expectUpsert  *dbobjectimportrulev1.DatabaseObjectImportRule
+	}{
+		{
+			name:         "create preset in new cluster",
+			expectCreate: presetRule,
+		},
+		{
+			name:          "no action with custom rule",
+			existingRules: []*dbobjectimportrulev1.DatabaseObjectImportRule{customRule},
+		},
+		{
+			name:          "no action with old preset and custom rule",
+			existingRules: []*dbobjectimportrulev1.DatabaseObjectImportRule{oldPresetRule, customRule},
+		},
+		{
+			name:          "no action with preset rule",
+			existingRules: []*dbobjectimportrulev1.DatabaseObjectImportRule{presetRule},
+		},
+		{
+			name:          "migrate old preset to new",
+			existingRules: []*dbobjectimportrulev1.DatabaseObjectImportRule{oldPresetRule},
+			expectUpsert:  presetRule,
+		},
+	}
+
+	for _, test := range tests {
+		test := test
+		t.Run(test.name, func(t *testing.T) {
+			t.Parallel()
+			m := &mockDatabaseObjectImportRules{
+				listRules: test.existingRules,
+			}
+
+			err := createPresetDatabaseObjectImportRule(context.Background(), m)
+			require.NoError(t, err)
+			require.True(t, proto.Equal(test.expectCreate, m.created))
+			require.True(t, proto.Equal(test.expectUpsert, m.upserted))
+		})
+	}
+}
diff --git a/lib/auth/integration/integrationv1/awsoidc.go b/lib/auth/integration/integrationv1/awsoidc.go
index 1e56a1b90e91e..7911daf0d3a40 100644
--- a/lib/auth/integration/integrationv1/awsoidc.go
+++ b/lib/auth/integration/integrationv1/awsoidc.go
@@ -315,7 +315,7 @@ func (s *AWSOIDCService) ListDatabases(ctx context.Context, req *integrationpb.L
 		return nil, trace.Wrap(err)
 	}
 
-	listDBsResp, err := awsoidc.ListDatabases(ctx, listDBsClient, awsoidc.ListDatabasesRequest{
+	listDBsResp, err := awsoidc.ListDatabases(ctx, listDBsClient, s.logger, awsoidc.ListDatabasesRequest{
 		Region:    req.Region,
 		RDSType:   req.RdsType,
 		Engines:   req.Engines,
diff --git a/lib/auth/machineid/machineidv1/spiffe_federation_syncer.go b/lib/auth/machineid/machineidv1/spiffe_federation_syncer.go
index fc390ed97fb9b..e07559e980dac 100644
--- a/lib/auth/machineid/machineidv1/spiffe_federation_syncer.go
+++ b/lib/auth/machineid/machineidv1/spiffe_federation_syncer.go
@@ -165,9 +165,9 @@ func (s *SPIFFEFederationSyncer) Run(ctx context.Context) error {
 	for {
 		err := backend.RunWhileLocked(ctx, backend.RunWhileLockedConfig{
 			LockConfiguration: backend.LockConfiguration{
-				Backend:  s.cfg.Backend,
-				LockName: "spiffe_federation_syncer",
-				TTL:      time.Minute,
+				Backend:            s.cfg.Backend,
+				LockNameComponents: []string{"spiffe_federation_syncer"},
+				TTL:                time.Minute,
 				// It doesn't matter too much if the syncer isn't running for
 				// a short period of time so we can take a relaxed approach to
 				// retrying to grab the lock.
diff --git a/lib/auth/machineid/machineidv1/spiffe_federation_syncer_test.go b/lib/auth/machineid/machineidv1/spiffe_federation_syncer_test.go
index 1a1ecc5a3af5d..8ee0994810098 100644
--- a/lib/auth/machineid/machineidv1/spiffe_federation_syncer_test.go
+++ b/lib/auth/machineid/machineidv1/spiffe_federation_syncer_test.go
@@ -152,7 +152,7 @@ func TestSPIFFEFederationSyncer(t *testing.T) {
 			return
 		}
 		assert.Equal(t, string(marshaledBundle1), got.Status.CurrentBundle)
-	}, time.Second*5, time.Millisecond*100)
+	}, time.Second*10, time.Millisecond*200)
 
 	// Create a second SPIFFEFederation and wait for it to be synced
 	created2, err := store.CreateSPIFFEFederation(ctx, &machineidv1pb.SPIFFEFederation{
@@ -184,7 +184,7 @@ func TestSPIFFEFederationSyncer(t *testing.T) {
 			return
 		}
 		assert.Equal(t, string(marshaledBundle2), got.Status.CurrentBundle)
-	}, time.Second*5, time.Millisecond*100)
+	}, time.Second*10, time.Millisecond*200)
 
 	cancel()
 	select {
diff --git a/lib/auth/server_info.go b/lib/auth/server_info.go
index ec958d82112ea..abee67875e071 100644
--- a/lib/auth/server_info.go
+++ b/lib/auth/server_info.go
@@ -20,57 +20,99 @@ package auth
 
 import (
 	"context"
+	"log/slog"
 	"maps"
 	"time"
 
 	"github.com/gravitational/trace"
+	"github.com/jonboulle/clockwork"
 
 	"github.com/gravitational/teleport/api/client/proto"
-	"github.com/gravitational/teleport/api/defaults"
+	apidefaults "github.com/gravitational/teleport/api/defaults"
 	"github.com/gravitational/teleport/api/internalutils/stream"
 	"github.com/gravitational/teleport/api/types"
+	"github.com/gravitational/teleport/api/utils/retryutils"
+	"github.com/gravitational/teleport/lib/defaults"
+	"github.com/gravitational/teleport/lib/utils"
 )
 
+const serverInfoBatchSize = 100
+const timeBetweenServerInfoBatches = 10 * time.Second
+const timeBetweenServerInfoLoops = 10 * time.Minute
+
+// ServerInfoAccessPoint is the subset of the auth server interface needed to
+// reconcile server info resources.
+type ServerInfoAccessPoint interface {
+	// GetNodeStream returns a stream of nodes.
+	GetNodeStream(ctx context.Context, namespace string) stream.Stream[types.Server]
+	// GetServerInfo returns a ServerInfo by name.
+	GetServerInfo(ctx context.Context, name string) (types.ServerInfo, error)
+	// UpdateLabels updates the labels on an instance over the inventory control
+	// stream.
+	UpdateLabels(ctx context.Context, req proto.InventoryUpdateLabelsRequest) error
+	// GetClock returns the server clock.
+	GetClock() clockwork.Clock
+}
+
 // ReconcileServerInfos periodically reconciles the labels of ServerInfo
 // resources with their corresponding Teleport SSH servers.
-func (a *Server) ReconcileServerInfos(ctx context.Context) error {
-	const batchSize = 100
-	const timeBetweenBatches = 10 * time.Second
-	const timeBetweenReconciliationLoops = 10 * time.Minute
-	clock := a.GetClock()
+func ReconcileServerInfos(ctx context.Context, ap ServerInfoAccessPoint) error {
+	retry, err := retryutils.NewLinear(retryutils.LinearConfig{
+		First:  utils.FullJitter(defaults.MaxWatcherBackoff / 10),
+		Step:   defaults.MaxWatcherBackoff / 5,
+		Max:    defaults.MaxWatcherBackoff,
+		Jitter: retryutils.NewHalfJitter(),
+		Clock:  ap.GetClock(),
+	})
+	if err != nil {
+		return trace.Wrap(err)
+	}
 
 	for {
-		var failedUpdates int
-		// Iterate over nodes in batches.
-		nodeStream := a.GetNodeStream(ctx, defaults.Namespace)
-		var nodes []types.Server
-
-		for moreNodes := true; moreNodes; {
-			nodes, moreNodes = stream.Take(nodeStream, batchSize)
-			updates, err := a.setLabelsOnNodes(ctx, nodes)
-			if err != nil {
-				return trace.Wrap(err)
-			}
-			failedUpdates += updates
-
-			select {
-			case <-clock.After(timeBetweenBatches):
-			case <-ctx.Done():
-				return nil
-			}
+		err := retry.For(ctx, func() error { return trace.Wrap(reconcileServerInfos(ctx, ap)) })
+		if err != nil {
+			return trace.Wrap(err)
+		}
+		retry.Reset()
+		select {
+		case <-ap.GetClock().After(timeBetweenServerInfoLoops):
+		case <-ctx.Done():
+			return nil
 		}
+	}
+}
+
+func reconcileServerInfos(ctx context.Context, ap ServerInfoAccessPoint) error {
+	var failedUpdates int
+	// Iterate over nodes in batches.
+	nodeStream := ap.GetNodeStream(ctx, apidefaults.Namespace)
 
-		// Log number of nodes that we couldn't find a control stream for.
-		if failedUpdates > 0 {
-			log.Debugf("unable to update labels on %v node(s) due to missing control stream", failedUpdates)
+	for {
+		nodes, moreNodes := stream.Take(nodeStream, serverInfoBatchSize)
+		updates, err := setLabelsOnNodes(ctx, ap, nodes)
+		if err != nil {
+			return trace.Wrap(err)
+		}
+		failedUpdates += updates
+		if !moreNodes {
+			break
 		}
 
 		select {
-		case <-clock.After(timeBetweenReconciliationLoops):
+		case <-ap.GetClock().After(timeBetweenServerInfoBatches):
 		case <-ctx.Done():
 			return nil
 		}
 	}
+	if err := nodeStream.Done(); err != nil {
+		return trace.Wrap(err)
+	}
+
+	// Log number of nodes that we couldn't find a control stream for.
+	if failedUpdates > 0 {
+		slog.DebugContext(ctx, "unable to update labels on nodes due to missing control stream", "failed_updates", failedUpdates)
+	}
+	return nil
 }
 
 // getServerInfoNames gets the names of ServerInfos that could exist for a
@@ -86,7 +128,7 @@ func getServerInfoNames(node types.Server) []string {
 	return append(names, types.ServerInfoNameFromNodeName(node.GetName()))
 }
 
-func (a *Server) setLabelsOnNodes(ctx context.Context, nodes []types.Server) (failedUpdates int, err error) {
+func setLabelsOnNodes(ctx context.Context, ap ServerInfoAccessPoint, nodes []types.Server) (failedUpdates int, err error) {
 	for _, node := range nodes {
 		// EICE Node labels can't be updated using the Inventory Control Stream because there's no reverse tunnel.
 		// Labels are updated by the DiscoveryService during 'Server.handleEC2Instances'.
@@ -99,7 +141,7 @@ func (a *Server) setLabelsOnNodes(ctx context.Context, nodes []types.Server) (fa
 		serverInfoNames := getServerInfoNames(node)
 		serverInfos := make([]types.ServerInfo, 0, len(serverInfoNames))
 		for _, name := range serverInfoNames {
-			si, err := a.GetServerInfo(ctx, name)
+			si, err := ap.GetServerInfo(ctx, name)
 			if err == nil {
 				serverInfos = append(serverInfos, si)
 			} else if !trace.IsNotFound(err) {
@@ -111,7 +153,7 @@ func (a *Server) setLabelsOnNodes(ctx context.Context, nodes []types.Server) (fa
 		}
 
 		// Didn't find control stream for node, save count for logging.
-		if err := a.updateLabelsOnNode(ctx, node, serverInfos); trace.IsNotFound(err) {
+		if err := updateLabelsOnNode(ctx, ap, node, serverInfos); trace.IsNotFound(err) {
 			failedUpdates++
 		} else if err != nil {
 			return failedUpdates, trace.Wrap(err)
@@ -120,14 +162,14 @@ func (a *Server) setLabelsOnNodes(ctx context.Context, nodes []types.Server) (fa
 	return failedUpdates, nil
 }
 
-func (a *Server) updateLabelsOnNode(ctx context.Context, node types.Server, serverInfos []types.ServerInfo) error {
+func updateLabelsOnNode(ctx context.Context, ap ServerInfoAccessPoint, node types.Server, serverInfos []types.ServerInfo) error {
 	// Merge labels from server infos. Later label sets should override earlier
 	// ones if they conflict.
 	newLabels := make(map[string]string)
 	for _, si := range serverInfos {
 		maps.Copy(newLabels, si.GetNewLabels())
 	}
-	err := a.UpdateLabels(ctx, proto.InventoryUpdateLabelsRequest{
+	err := ap.UpdateLabels(ctx, proto.InventoryUpdateLabelsRequest{
 		ServerID: node.GetName(),
 		Kind:     proto.LabelUpdateKind_SSHServerCloudLabels,
 		Labels:   newLabels,
diff --git a/lib/auth/server_info_test.go b/lib/auth/server_info_test.go
index 11b19753dc53c..b87433c7986f8 100644
--- a/lib/auth/server_info_test.go
+++ b/lib/auth/server_info_test.go
@@ -22,67 +22,78 @@ import (
 	"context"
 	"testing"
 
+	"github.com/gravitational/trace"
 	"github.com/jonboulle/clockwork"
 	"github.com/stretchr/testify/require"
 
-	"github.com/gravitational/teleport"
-	"github.com/gravitational/teleport/api/client"
 	"github.com/gravitational/teleport/api/client/proto"
+	"github.com/gravitational/teleport/api/internalutils/stream"
 	"github.com/gravitational/teleport/api/types"
+	"github.com/gravitational/teleport/lib/defaults"
+	"github.com/gravitational/teleport/lib/utils"
 )
 
-type mockUpstream struct {
-	client.UpstreamInventoryControlStream
-	updatedLabels map[string]string
+type mockServerInfoAccessPoint struct {
+	clock         clockwork.FakeClock
+	nodes         []types.Server
+	nodesErr      error
+	serverInfos   map[string]types.ServerInfo
+	serverInfoErr error
+	updatedLabels map[string]map[string]string
 }
 
-func (m *mockUpstream) Send(_ context.Context, msg proto.DownstreamInventoryMessage) error {
-	if labelMsg, ok := msg.(proto.DownstreamInventoryUpdateLabels); ok {
-		m.updatedLabels = labelMsg.Labels
+func newMockServerInfoAccessPoint() *mockServerInfoAccessPoint {
+	return &mockServerInfoAccessPoint{
+		clock:         clockwork.NewFakeClock(),
+		serverInfos:   make(map[string]types.ServerInfo),
+		updatedLabels: make(map[string]map[string]string),
 	}
-	return nil
 }
 
-func (m *mockUpstream) Recv() <-chan proto.UpstreamInventoryMessage {
-	return make(chan proto.UpstreamInventoryMessage)
+func (m *mockServerInfoAccessPoint) GetNodeStream(_ context.Context, _ string) stream.Stream[types.Server] {
+	if m.nodesErr != nil {
+		return stream.Fail[types.Server](m.nodesErr)
+	}
+	return stream.Slice(m.nodes)
 }
 
-func (m *mockUpstream) Done() <-chan struct{} {
-	return make(chan struct{})
+func (m *mockServerInfoAccessPoint) GetServerInfo(_ context.Context, name string) (types.ServerInfo, error) {
+	if m.serverInfoErr != nil {
+		return nil, m.serverInfoErr
+	}
+	si, ok := m.serverInfos[name]
+	if !ok {
+		return nil, trace.NotFound("no server info named %q", name)
+	}
+	return si, nil
 }
 
-func (m *mockUpstream) Close() error {
+func (m *mockServerInfoAccessPoint) UpdateLabels(_ context.Context, req proto.InventoryUpdateLabelsRequest) error {
+	m.updatedLabels[req.ServerID] = req.Labels
 	return nil
 }
 
-// TestReconcileLabels verifies that an SSH server's labels can be updated by
-// upserting a corresponding ServerInfo to the auth server.
-func TestReconcileLabels(t *testing.T) {
+func (m *mockServerInfoAccessPoint) GetClock() clockwork.Clock {
+	return m.clock
+}
+
+func TestReconcileServerInfo(t *testing.T) {
 	t.Parallel()
 
 	const serverName = "test-server"
-	ctx, cancel := context.WithCancel(context.Background())
-	t.Cleanup(cancel)
 
-	// Create auth server and fake inventory stream.
-	clock := clockwork.NewFakeClock()
-	pack, err := newTestPack(ctx, t.TempDir(), WithClock(clock))
-	require.NoError(t, err)
-	t.Cleanup(func() {
-		require.NoError(t, pack.a.Close())
-		require.NoError(t, pack.bk.Close())
+	awsServerInfo, err := types.NewServerInfo(types.Metadata{
+		Name: types.ServerInfoNameFromAWS("my-account", "my-instance"),
+	}, types.ServerInfoSpecV1{
+		NewLabels: map[string]string{"a": "1", "b": "2"},
 	})
-	upstream := &mockUpstream{}
-	t.Cleanup(func() {
-		require.NoError(t, upstream.Close())
+	require.NoError(t, err)
+	regularServerInfo, err := types.NewServerInfo(types.Metadata{
+		Name: types.ServerInfoNameFromNodeName(serverName),
+	}, types.ServerInfoSpecV1{
+		NewLabels: map[string]string{"b": "3", "c": "4"},
 	})
-	require.NoError(t, pack.a.RegisterInventoryControlStream(upstream, proto.UpstreamInventoryHello{
-		Version:  teleport.Version,
-		ServerID: serverName,
-		Services: []types.SystemRole{types.RoleNode},
-	}))
-
-	// Create server.
+	require.NoError(t, err)
 	server, err := types.NewServer(serverName, types.KindNode, types.ServerSpecV2{
 		CloudMetadata: &types.CloudMetadata{
 			AWS: &types.AWSInfo{
@@ -92,29 +103,75 @@ func TestReconcileLabels(t *testing.T) {
 		},
 	})
 	require.NoError(t, err)
-	_, err = pack.a.UpsertNode(ctx, server)
-	require.NoError(t, err)
 
-	// Update the server's labels.
-	awsServerInfo, err := types.NewServerInfo(types.Metadata{
-		Name: types.ServerInfoNameFromAWS("my-account", "my-instance"),
-	}, types.ServerInfoSpecV1{
-		NewLabels: map[string]string{"a": "1", "b": "2"},
+	t.Run("ok", func(t *testing.T) {
+		ctx, cancel := context.WithCancel(context.Background())
+		t.Cleanup(cancel)
+
+		ap := newMockServerInfoAccessPoint()
+		ap.nodes = []types.Server{server}
+		ap.serverInfos = map[string]types.ServerInfo{
+			awsServerInfo.GetName():     awsServerInfo,
+			regularServerInfo.GetName(): regularServerInfo,
+		}
+
+		utils.RunTestBackgroundTask(ctx, t, &utils.TestBackgroundTask{
+			Name: "ReconcileServerInfos",
+			Task: func(ctx context.Context) error {
+				return trace.Wrap(ReconcileServerInfos(ctx, ap))
+			},
+		})
+
+		// Wait until the reconciler finishes processing a batch.
+		ap.clock.BlockUntil(1)
+		// Check that the right labels were updated.
+		require.Equal(t, map[string]string{
+			"aws/a":     "1",
+			"aws/b":     "2",
+			"dynamic/b": "3",
+			"dynamic/c": "4",
+		}, ap.updatedLabels[serverName])
 	})
-	require.NoError(t, err)
-	require.NoError(t, pack.a.UpsertServerInfo(ctx, awsServerInfo))
 
-	regularServerInfo, err := types.NewServerInfo(types.Metadata{
-		Name: types.ServerInfoNameFromNodeName(serverName),
-	}, types.ServerInfoSpecV1{
-		NewLabels: map[string]string{"b": "3", "c": "4"},
+	t.Run("restart on error", func(t *testing.T) {
+		ctx, cancel := context.WithCancel(context.Background())
+		t.Cleanup(cancel)
+
+		ap := newMockServerInfoAccessPoint()
+		ap.nodes = []types.Server{server}
+		ap.nodesErr = trace.Errorf("an error")
+		ap.serverInfos = map[string]types.ServerInfo{
+			awsServerInfo.GetName():     awsServerInfo,
+			regularServerInfo.GetName(): regularServerInfo,
+		}
+
+		utils.RunTestBackgroundTask(ctx, t, &utils.TestBackgroundTask{
+			Name: "ReconcileServerInfos",
+			Task: func(ctx context.Context) error {
+				return trace.Wrap(ReconcileServerInfos(ctx, ap))
+			},
+		})
+
+		// Block until we hit the retryer.
+		ap.clock.BlockUntil(1)
+		// Return the error at a different place and advance to the next batch.
+		ap.nodesErr = nil
+		ap.serverInfoErr = trace.Errorf("an error")
+		ap.clock.Advance(defaults.MaxWatcherBackoff)
+		// Block until we hit the retryer again.
+		ap.clock.BlockUntil(1)
+		// Clear the error and allow a successful run.
+		ap.serverInfoErr = nil
+		ap.clock.Advance(defaults.MaxWatcherBackoff)
+		// Block until we hit the loop waiter (meaning the server infos were
+		// successfully processed).
+		ap.clock.BlockUntil(1)
+		// Check that the right labels were updated.
+		require.Equal(t, map[string]string{
+			"aws/a":     "1",
+			"aws/b":     "2",
+			"dynamic/b": "3",
+			"dynamic/c": "4",
+		}, ap.updatedLabels[serverName])
 	})
-	require.NoError(t, err)
-	require.NoError(t, pack.a.UpsertServerInfo(ctx, regularServerInfo))
-
-	go pack.a.ReconcileServerInfos(ctx)
-	// Wait until the reconciler finishes processing the serverinfo.
-	clock.BlockUntil(1)
-	// Check that labels were received downstream.
-	require.Equal(t, map[string]string{"aws/a": "1", "aws/b": "2", "dynamic/b": "3", "dynamic/c": "4"}, upstream.updatedLabels)
 }
diff --git a/lib/auth/tls_test.go b/lib/auth/tls_test.go
index cf5b3d998059a..5c1597f35b6d7 100644
--- a/lib/auth/tls_test.go
+++ b/lib/auth/tls_test.go
@@ -4356,6 +4356,10 @@ func TestGRPCServer_CreateTokenV2(t *testing.T) {
 						Type: events.ProvisionTokenCreateEvent,
 						Code: events.ProvisionTokenCreateCode,
 					},
+					ResourceMetadata: eventtypes.ResourceMetadata{
+						Name:      "*******",
+						UpdatedBy: "token-creator",
+					},
 					UserMetadata: eventtypes.UserMetadata{
 						User:     "token-creator",
 						UserKind: eventtypes.UserKind_USER_KIND_HUMAN,
@@ -4385,6 +4389,10 @@ func TestGRPCServer_CreateTokenV2(t *testing.T) {
 						Type: events.ProvisionTokenCreateEvent,
 						Code: events.ProvisionTokenCreateCode,
 					},
+					ResourceMetadata: eventtypes.ResourceMetadata{
+						Name:      "*****************luster",
+						UpdatedBy: "token-creator",
+					},
 					UserMetadata: eventtypes.UserMetadata{
 						User:     "token-creator",
 						UserKind: eventtypes.UserKind_USER_KIND_HUMAN,
@@ -4507,6 +4515,10 @@ func TestGRPCServer_UpsertTokenV2(t *testing.T) {
 						Type: events.ProvisionTokenCreateEvent,
 						Code: events.ProvisionTokenCreateCode,
 					},
+					ResourceMetadata: eventtypes.ResourceMetadata{
+						Name:      "*******",
+						UpdatedBy: "token-upserter",
+					},
 					UserMetadata: eventtypes.UserMetadata{
 						User:     "token-upserter",
 						UserKind: eventtypes.UserKind_USER_KIND_HUMAN,
@@ -4536,6 +4548,10 @@ func TestGRPCServer_UpsertTokenV2(t *testing.T) {
 						Type: events.ProvisionTokenCreateEvent,
 						Code: events.ProvisionTokenCreateCode,
 					},
+					ResourceMetadata: eventtypes.ResourceMetadata{
+						Name:      "*****************luster",
+						UpdatedBy: "token-upserter",
+					},
 					UserMetadata: eventtypes.UserMetadata{
 						User:     "token-upserter",
 						UserKind: eventtypes.UserKind_USER_KIND_HUMAN,
@@ -4567,6 +4583,10 @@ func TestGRPCServer_UpsertTokenV2(t *testing.T) {
 						Type: events.ProvisionTokenCreateEvent,
 						Code: events.ProvisionTokenCreateCode,
 					},
+					ResourceMetadata: eventtypes.ResourceMetadata{
+						Name:      "**************",
+						UpdatedBy: "token-upserter",
+					},
 					UserMetadata: eventtypes.UserMetadata{
 						User:     "token-upserter",
 						UserKind: eventtypes.UserKind_USER_KIND_HUMAN,
diff --git a/lib/auth/usertasks/usertasksv1/service.go b/lib/auth/usertasks/usertasksv1/service.go
index abbd9e5002708..d36e411f8c233 100644
--- a/lib/auth/usertasks/usertasksv1/service.go
+++ b/lib/auth/usertasks/usertasksv1/service.go
@@ -26,8 +26,10 @@ import (
 
 	usertasksv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/usertasks/v1"
 	"github.com/gravitational/teleport/api/types"
+	"github.com/gravitational/teleport/api/types/usertasks"
 	"github.com/gravitational/teleport/lib/authz"
 	"github.com/gravitational/teleport/lib/services"
+	usagereporter "github.com/gravitational/teleport/lib/usagereporter/teleport"
 )
 
 // ServiceConfig holds configuration options for the UserTask gRPC service.
@@ -40,6 +42,9 @@ type ServiceConfig struct {
 
 	// Cache is the cache for storing UserTask.
 	Cache Reader
+
+	// UsageReporter is the reporter for sending usage without it be related to an API call.
+	UsageReporter func() usagereporter.UsageReporter
 }
 
 // CheckAndSetDefaults checks the ServiceConfig fields and returns an error if
@@ -55,6 +60,9 @@ func (s *ServiceConfig) CheckAndSetDefaults() error {
 	if s.Cache == nil {
 		return trace.BadParameter("cache is required")
 	}
+	if s.UsageReporter == nil {
+		return trace.BadParameter("usage reporter is required")
+	}
 
 	return nil
 }
@@ -62,6 +70,7 @@ func (s *ServiceConfig) CheckAndSetDefaults() error {
 // Reader contains the methods defined for cache access.
 type Reader interface {
 	ListUserTasks(ctx context.Context, pageSize int64, nextToken string) ([]*usertasksv1.UserTask, string, error)
+	ListUserTasksByIntegration(ctx context.Context, pageSize int64, nextToken string, integration string) ([]*usertasksv1.UserTask, string, error)
 	GetUserTask(ctx context.Context, name string) (*usertasksv1.UserTask, error)
 }
 
@@ -69,9 +78,10 @@ type Reader interface {
 type Service struct {
 	usertasksv1.UnimplementedUserTaskServiceServer
 
-	authorizer authz.Authorizer
-	backend    services.UserTasks
-	cache      Reader
+	authorizer    authz.Authorizer
+	backend       services.UserTasks
+	cache         Reader
+	usageReporter func() usagereporter.UsageReporter
 }
 
 // NewService returns a new UserTask gRPC service.
@@ -81,9 +91,10 @@ func NewService(cfg ServiceConfig) (*Service, error) {
 	}
 
 	return &Service{
-		authorizer: cfg.Authorizer,
-		backend:    cfg.Backend,
-		cache:      cfg.Cache,
+		authorizer:    cfg.Authorizer,
+		backend:       cfg.Backend,
+		cache:         cfg.Cache,
+		usageReporter: cfg.UsageReporter,
 	}, nil
 }
 
@@ -103,9 +114,23 @@ func (s *Service) CreateUserTask(ctx context.Context, req *usertasksv1.CreateUse
 		return nil, trace.Wrap(err)
 	}
 
+	s.usageReporter().AnonymizeAndSubmit(userTaskToUserTaskStateEvent(req.GetUserTask()))
+
 	return rsp, nil
 }
 
+func userTaskToUserTaskStateEvent(ut *usertasksv1.UserTask) *usagereporter.UserTaskStateEvent {
+	ret := &usagereporter.UserTaskStateEvent{
+		TaskType:  ut.GetSpec().GetTaskType(),
+		IssueType: ut.GetSpec().GetTaskType(),
+		State:     ut.GetSpec().GetState(),
+	}
+	if ut.GetSpec().GetTaskType() == usertasks.TaskTypeDiscoverEC2 {
+		ret.InstancesCount = int32(len(ut.GetSpec().GetDiscoverEc2().GetInstances()))
+	}
+	return ret
+}
+
 // ListUserTasks returns a list of user tasks.
 func (s *Service) ListUserTasks(ctx context.Context, req *usertasksv1.ListUserTasksRequest) (*usertasksv1.ListUserTasksResponse, error) {
 	authCtx, err := s.authorizer.Authorize(ctx)
@@ -128,6 +153,28 @@ func (s *Service) ListUserTasks(ctx context.Context, req *usertasksv1.ListUserTa
 	}, nil
 }
 
+// ListUserTasksByIntegration returns a list of user tasks filtered by an integration.
+func (s *Service) ListUserTasksByIntegration(ctx context.Context, req *usertasksv1.ListUserTasksByIntegrationRequest) (*usertasksv1.ListUserTasksResponse, error) {
+	authCtx, err := s.authorizer.Authorize(ctx)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	if err := authCtx.CheckAccessToKind(types.KindUserTask, types.VerbRead, types.VerbList); err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	rsp, nextToken, err := s.cache.ListUserTasksByIntegration(ctx, req.PageSize, req.PageToken, req.Integration)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	return &usertasksv1.ListUserTasksResponse{
+		UserTasks:     rsp,
+		NextPageToken: nextToken,
+	}, nil
+}
+
 // GetUserTask returns user task resource.
 func (s *Service) GetUserTask(ctx context.Context, req *usertasksv1.GetUserTaskRequest) (*usertasksv1.UserTask, error) {
 	authCtx, err := s.authorizer.Authorize(ctx)
@@ -159,11 +206,20 @@ func (s *Service) UpdateUserTask(ctx context.Context, req *usertasksv1.UpdateUse
 		return nil, trace.Wrap(err)
 	}
 
+	existingUserTask, err := s.backend.GetUserTask(ctx, req.GetUserTask().GetMetadata().GetName())
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
 	rsp, err := s.backend.UpdateUserTask(ctx, req.UserTask)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
 
+	if existingUserTask.GetSpec().GetState() != req.GetUserTask().GetSpec().GetState() {
+		s.usageReporter().AnonymizeAndSubmit(userTaskToUserTaskStateEvent(req.GetUserTask()))
+	}
+
 	return rsp, nil
 }
 
@@ -178,11 +234,29 @@ func (s *Service) UpsertUserTask(ctx context.Context, req *usertasksv1.UpsertUse
 		return nil, trace.Wrap(err)
 	}
 
+	var emitStateChangeEvent bool
+
+	existingUserTask, err := s.backend.GetUserTask(ctx, req.GetUserTask().GetMetadata().GetName())
+	switch {
+	case trace.IsNotFound(err):
+		emitStateChangeEvent = true
+
+	case err != nil:
+		return nil, trace.Wrap(err)
+
+	default:
+		emitStateChangeEvent = existingUserTask.GetSpec().GetState() != req.GetUserTask().GetSpec().GetState()
+	}
+
 	rsp, err := s.backend.UpsertUserTask(ctx, req.UserTask)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
 
+	if emitStateChangeEvent {
+		s.usageReporter().AnonymizeAndSubmit(userTaskToUserTaskStateEvent(req.GetUserTask()))
+	}
+
 	return rsp, nil
 
 }
diff --git a/lib/auth/usertasks/usertasksv1/service_test.go b/lib/auth/usertasks/usertasksv1/service_test.go
index 3b9627c1ada73..d2e014476e0ee 100644
--- a/lib/auth/usertasks/usertasksv1/service_test.go
+++ b/lib/auth/usertasks/usertasksv1/service_test.go
@@ -29,15 +29,18 @@ import (
 
 	usertasksv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/usertasks/v1"
 	"github.com/gravitational/teleport/api/types"
+	"github.com/gravitational/teleport/api/types/usertasks"
 	"github.com/gravitational/teleport/lib/authz"
 	"github.com/gravitational/teleport/lib/backend/memory"
 	"github.com/gravitational/teleport/lib/services"
 	"github.com/gravitational/teleport/lib/services/local"
+	usagereporter "github.com/gravitational/teleport/lib/usagereporter/teleport"
 	"github.com/gravitational/teleport/lib/utils"
 )
 
 func TestServiceAccess(t *testing.T) {
 	t.Parallel()
+	testReporter := &mockUsageReporter{}
 
 	testCases := []struct {
 		name          string
@@ -64,6 +67,10 @@ func TestServiceAccess(t *testing.T) {
 			name:         "ListUserTasks",
 			allowedVerbs: []string{types.VerbRead, types.VerbList},
 		},
+		{
+			name:         "ListUserTasksByIntegration",
+			allowedVerbs: []string{types.VerbRead, types.VerbList},
+		},
 		{
 			name:         "GetUserTask",
 			allowedVerbs: []string{types.VerbRead},
@@ -74,7 +81,7 @@ func TestServiceAccess(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			for _, verbs := range utils.Combinations(tt.allowedVerbs) {
 				t.Run(fmt.Sprintf("verbs=%v", verbs), func(t *testing.T) {
-					service := newService(t, fakeChecker{allowedVerbs: verbs})
+					service := newService(t, fakeChecker{allowedVerbs: verbs}, testReporter)
 					err := callMethod(t, service, tt.name)
 					// expect access denied except with full set of verbs.
 					if len(verbs) == len(tt.allowedVerbs) {
@@ -101,6 +108,53 @@ func TestServiceAccess(t *testing.T) {
 	})
 }
 
+func TestUsageEvents(t *testing.T) {
+	rwVerbs := []string{types.VerbList, types.VerbCreate, types.VerbRead, types.VerbUpdate, types.VerbDelete}
+	testReporter := &mockUsageReporter{}
+	service := newService(t, fakeChecker{allowedVerbs: rwVerbs}, testReporter)
+	ctx := context.Background()
+
+	ut1, err := usertasks.NewDiscoverEC2UserTask(&usertasksv1.UserTaskSpec{
+		Integration: "my-integration",
+		TaskType:    "discover-ec2",
+		IssueType:   "ec2-ssm-invocation-failure",
+		State:       "OPEN",
+		DiscoverEc2: &usertasksv1.DiscoverEC2{
+			AccountId: "123456789012",
+			Region:    "us-east-1",
+			Instances: map[string]*usertasksv1.DiscoverEC2Instance{
+				"i-123": &usertasksv1.DiscoverEC2Instance{
+					InstanceId:      "i-123",
+					DiscoveryConfig: "dc01",
+					DiscoveryGroup:  "dg01",
+				},
+			},
+		},
+	})
+	require.NoError(t, err)
+
+	_, err = service.CreateUserTask(ctx, &usertasksv1.CreateUserTaskRequest{UserTask: ut1})
+	require.NoError(t, err)
+	// Usage reporting happens when user task is created, so we expect to see an event.
+	require.Len(t, testReporter.emittedEvents, 1)
+
+	ut1.Spec.DiscoverEc2.Instances["i-345"] = &usertasksv1.DiscoverEC2Instance{
+		InstanceId:      "i-345",
+		DiscoveryConfig: "dc01",
+		DiscoveryGroup:  "dg01",
+	}
+	_, err = service.UpsertUserTask(ctx, &usertasksv1.UpsertUserTaskRequest{UserTask: ut1})
+	require.NoError(t, err)
+	// State was not updated, so usage events must not increase.
+	require.Len(t, testReporter.emittedEvents, 1)
+
+	ut1.Spec.State = "RESOLVED"
+	_, err = service.UpdateUserTask(ctx, &usertasksv1.UpdateUserTaskRequest{UserTask: ut1})
+	require.NoError(t, err)
+	// State was updated, so usage events include this new usage report.
+	require.Len(t, testReporter.emittedEvents, 2)
+}
+
 // callMethod calls a method with given name in the UserTask service
 func callMethod(t *testing.T, service *Service, method string) error {
 	for _, desc := range usertasksv1.UserTaskService_ServiceDesc.Methods {
@@ -128,7 +182,7 @@ func (f fakeChecker) CheckAccessToRule(_ services.RuleContext, _ string, resourc
 	return trace.AccessDenied("access denied to rule=%v/verb=%v", resource, verb)
 }
 
-func newService(t *testing.T, checker services.AccessChecker) *Service {
+func newService(t *testing.T, checker services.AccessChecker, usageReporter usagereporter.UsageReporter) *Service {
 	t.Helper()
 
 	b, err := memory.New(memory.Config{})
@@ -149,10 +203,23 @@ func newService(t *testing.T, checker services.AccessChecker) *Service {
 	})
 
 	service, err := NewService(ServiceConfig{
-		Authorizer: authorizer,
-		Backend:    backendService,
-		Cache:      backendService,
+		Authorizer:    authorizer,
+		Backend:       backendService,
+		Cache:         backendService,
+		UsageReporter: func() usagereporter.UsageReporter { return usageReporter },
 	})
 	require.NoError(t, err)
 	return service
 }
+
+type mockUsageReporter struct {
+	emittedEvents []*usagereporter.UserTaskStateEvent
+}
+
+func (m *mockUsageReporter) AnonymizeAndSubmit(events ...usagereporter.Anonymizable) {
+	for _, e := range events {
+		if userTaskEvent, ok := e.(*usagereporter.UserTaskStateEvent); ok {
+			m.emittedEvents = append(m.emittedEvents, userTaskEvent)
+		}
+	}
+}
diff --git a/lib/auth/webauthncli/prompt.go b/lib/auth/webauthncli/prompt.go
index e356545216f27..d2a59d01385fb 100644
--- a/lib/auth/webauthncli/prompt.go
+++ b/lib/auth/webauthncli/prompt.go
@@ -40,6 +40,10 @@ type DefaultPrompt struct {
 	AcknowledgeTouchMessage               string
 	PromptCredentialMessage               string
 
+	// StdinFunc allows tests to override prompt.Stdin().
+	// If nil prompt.Stdin() is used.
+	StdinFunc func() prompt.StdinReader
+
 	ctx context.Context
 	out io.Writer
 
@@ -61,9 +65,16 @@ func NewDefaultPrompt(ctx context.Context, out io.Writer) *DefaultPrompt {
 	}
 }
 
+func (p *DefaultPrompt) stdin() prompt.StdinReader {
+	if p.StdinFunc == nil {
+		return prompt.Stdin()
+	}
+	return p.StdinFunc()
+}
+
 // PromptPIN prompts the user for a PIN.
 func (p *DefaultPrompt) PromptPIN() (string, error) {
-	return prompt.Password(p.ctx, p.out, prompt.Stdin(), p.PINMessage)
+	return prompt.Password(p.ctx, p.out, p.stdin(), p.PINMessage)
 }
 
 // PromptTouch prompts the user for a security key touch, using different
@@ -105,7 +116,7 @@ func (p *DefaultPrompt) PromptCredential(creds []*CredentialInfo) (*CredentialIn
 	}
 
 	for {
-		numOrName, err := prompt.Input(p.ctx, p.out, prompt.Stdin(), p.PromptCredentialMessage)
+		numOrName, err := prompt.Input(p.ctx, p.out, p.stdin(), p.PromptCredentialMessage)
 		if err != nil {
 			return nil, trace.Wrap(err)
 		}
diff --git a/lib/automaticupgrades/channel.go b/lib/automaticupgrades/channel.go
index 275f8d93b69d1..347a268ec5e2f 100644
--- a/lib/automaticupgrades/channel.go
+++ b/lib/automaticupgrades/channel.go
@@ -99,6 +99,15 @@ func (c Channels) DefaultVersion(ctx context.Context) (string, error) {
 	return targetVersion, trace.Wrap(err)
 }
 
+// DefaultChannel returns the default upgrade channel.
+func (c Channels) DefaultChannel() (*Channel, error) {
+	defaultChannel, ok := c[DefaultChannelName]
+	if ok && defaultChannel != nil {
+		return defaultChannel, nil
+	}
+	return NewDefaultChannel()
+}
+
 // Channel describes an automatic update channel configuration.
 // It can be configured to serve a static version, or forward version requests
 // to an upstream version server. Forwarded results are cached for 1 minute.
diff --git a/lib/automaticupgrades/channel_test.go b/lib/automaticupgrades/channel_test.go
index 8a32951822e0b..484b82bce4f97 100644
--- a/lib/automaticupgrades/channel_test.go
+++ b/lib/automaticupgrades/channel_test.go
@@ -115,6 +115,46 @@ func Test_Channels_CheckAndSetDefaults(t *testing.T) {
 	})
 }
 
+func Test_Channels_DefaultChannel(t *testing.T) {
+	channels := make(Channels)
+	require.NoError(t, channels.CheckAndSetDefaults())
+
+	defaultChannel, err := NewDefaultChannel()
+	require.NoError(t, err)
+
+	customDefaultChannel := &Channel{ForwardURL: "asdf"}
+	tests := []struct {
+		desc     string
+		channels Channels
+		want     *Channel
+	}{
+		{
+			desc: "nil channels",
+			want: defaultChannel,
+		},
+		{
+			desc:     "default channels",
+			channels: channels,
+			want:     defaultChannel,
+		},
+		{
+			desc: "configured channels",
+			channels: Channels{
+				DefaultChannelName: customDefaultChannel,
+			},
+			want: customDefaultChannel,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.desc, func(t *testing.T) {
+			got, err := test.channels.DefaultChannel()
+			require.NoError(t, err)
+			require.Equal(t, test.want, got)
+		})
+	}
+}
+
 func Test_Channel_CheckAndSetDefaults(t *testing.T) {
 
 	tests := []struct {
diff --git a/lib/backend/dynamo/dynamodbbk.go b/lib/backend/dynamo/dynamodbbk.go
index 425bcb5f7f596..98b192dcbcfba 100644
--- a/lib/backend/dynamo/dynamodbbk.go
+++ b/lib/backend/dynamo/dynamodbbk.go
@@ -916,7 +916,7 @@ const (
 // prependPrefix adds leading 'teleport/' to the key for backwards compatibility
 // with previous implementation of DynamoDB backend
 func prependPrefix(key backend.Key) string {
-	return keyPrefix + string(key)
+	return keyPrefix + key.String()
 }
 
 // trimPrefix removes leading 'teleport' from the key
diff --git a/lib/backend/dynamo/dynamodbbk_test.go b/lib/backend/dynamo/dynamodbbk_test.go
index 0b5c05897bfcb..b467ec6599511 100644
--- a/lib/backend/dynamo/dynamodbbk_test.go
+++ b/lib/backend/dynamo/dynamodbbk_test.go
@@ -31,6 +31,7 @@ import (
 	"github.com/gravitational/trace"
 	"github.com/jonboulle/clockwork"
 	log "github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"github.com/gravitational/teleport/lib/backend"
@@ -222,3 +223,21 @@ func TestCreateTable(t *testing.T) {
 		})
 	}
 }
+
+func TestKeyPrefix(t *testing.T) {
+	t.Run("leading separator in key", func(t *testing.T) {
+		prefixed := prependPrefix(backend.NewKey("test", "llama"))
+		assert.Equal(t, "teleport/test/llama", prefixed)
+
+		key := trimPrefix(prefixed)
+		assert.Equal(t, "/test/llama", key.String())
+	})
+
+	t.Run("no leading separator in key", func(t *testing.T) {
+		prefixed := prependPrefix(backend.Key(".locks/test/llama"))
+		assert.Equal(t, "teleport.locks/test/llama", prefixed)
+
+		key := trimPrefix(prefixed)
+		assert.Equal(t, ".locks/test/llama", key.String())
+	})
+}
diff --git a/lib/backend/etcdbk/etcd.go b/lib/backend/etcdbk/etcd.go
index 0da60f497b6f4..437cb6ca52f43 100644
--- a/lib/backend/etcdbk/etcd.go
+++ b/lib/backend/etcdbk/etcd.go
@@ -1106,10 +1106,10 @@ func fromType(eventType mvccpb.Event_EventType) types.OpType {
 	}
 }
 
-func (b *EtcdBackend) trimPrefix(in backend.Key) backend.Key {
-	return in.TrimPrefix(backend.Key(b.cfg.Key))
+func (b *EtcdBackend) trimPrefix(in []byte) backend.Key {
+	return backend.Key(in).TrimPrefix(backend.Key(b.cfg.Key))
 }
 
 func (b *EtcdBackend) prependPrefix(in backend.Key) string {
-	return b.cfg.Key + string(in)
+	return b.cfg.Key + in.String()
 }
diff --git a/lib/backend/etcdbk/etcd_test.go b/lib/backend/etcdbk/etcd_test.go
index 540a0a1391fc5..814e11d9544d0 100644
--- a/lib/backend/etcdbk/etcd_test.go
+++ b/lib/backend/etcdbk/etcd_test.go
@@ -29,6 +29,7 @@ import (
 
 	"github.com/gravitational/trace"
 	"github.com/jonboulle/clockwork"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"github.com/gravitational/teleport/lib/backend"
@@ -258,3 +259,29 @@ func etcdTestEndpoint() string {
 	}
 	return "https://127.0.0.1:2379"
 }
+
+func TestKeyPrefix(t *testing.T) {
+	prefixes := []string{"teleport", "/teleport", "/teleport/"}
+
+	for _, prefix := range prefixes {
+		t.Run("prefix="+prefix, func(t *testing.T) {
+			bk := EtcdBackend{cfg: &Config{Key: prefix}}
+
+			t.Run("leading separator in key", func(t *testing.T) {
+				prefixed := bk.prependPrefix(backend.NewKey("test", "llama"))
+				assert.Equal(t, prefix+"/test/llama", prefixed)
+
+				key := bk.trimPrefix([]byte(prefixed))
+				assert.Equal(t, "/test/llama", key.String())
+			})
+
+			t.Run("no leading separator in key", func(t *testing.T) {
+				prefixed := bk.prependPrefix(backend.Key(".locks/test/llama"))
+				assert.Equal(t, prefix+".locks/test/llama", prefixed)
+
+				key := bk.trimPrefix([]byte(prefixed))
+				assert.Equal(t, ".locks/test/llama", key.String())
+			})
+		})
+	}
+}
diff --git a/lib/backend/firestore/firestorebk.go b/lib/backend/firestore/firestorebk.go
index 50138ae9fda87..3eb27e5183665 100644
--- a/lib/backend/firestore/firestorebk.go
+++ b/lib/backend/firestore/firestorebk.go
@@ -20,6 +20,7 @@ package firestore
 
 import (
 	"bytes"
+	"cmp"
 	"context"
 	"encoding/base64"
 	"errors"
@@ -77,6 +78,9 @@ type Config struct {
 	DisableExpiredDocumentPurge bool `json:"disable_expired_document_purge,omitempty"`
 	// EndPoint is used to point the Firestore clients at emulated Firestore storage.
 	EndPoint string `json:"endpoint,omitempty"`
+	// DatabaseID is the identifier of a specific Firestore database to use. If not specified, the
+	// default database for the ProjectID is used.
+	DatabaseID string `json:"database_id,omitempty"`
 }
 
 type backendConfig struct {
@@ -310,14 +314,14 @@ func (t ownerCredentials) GetRequestMetadata(context.Context, ...string) (map[st
 func (t ownerCredentials) RequireTransportSecurity() bool { return false }
 
 // CreateFirestoreClients creates a firestore admin and normal client given the supplied parameters
-func CreateFirestoreClients(ctx context.Context, projectID string, endPoint string, credentialsFile string) (*apiv1.FirestoreAdminClient, *firestore.Client, error) {
+func CreateFirestoreClients(ctx context.Context, projectID, database string, endpoint string, credentialsFile string) (*apiv1.FirestoreAdminClient, *firestore.Client, error) {
 	var args []option.ClientOption
 
-	if endPoint != "" {
+	if endpoint != "" {
 		args = append(args,
 			option.WithTelemetryDisabled(),
 			option.WithoutAuthentication(),
-			option.WithEndpoint(endPoint),
+			option.WithEndpoint(endpoint),
 			option.WithGRPCDialOption(grpc.WithTransportCredentials(insecure.NewCredentials())),
 			option.WithGRPCDialOption(grpc.WithPerRPCCredentials(ownerCredentials{})),
 		)
@@ -325,11 +329,21 @@ func CreateFirestoreClients(ctx context.Context, projectID string, endPoint stri
 		args = append(args, option.WithCredentialsFile(credentialsFile))
 	}
 
-	firestoreClient, err := firestore.NewClient(ctx, projectID, args...)
+	firestoreAdminClient, err := apiv1.NewFirestoreAdminClient(ctx, args...)
 	if err != nil {
 		return nil, nil, ConvertGRPCError(err)
 	}
-	firestoreAdminClient, err := apiv1.NewFirestoreAdminClient(ctx, args...)
+
+	if database == "" {
+		firestoreClient, err := firestore.NewClient(ctx, projectID, args...)
+		if err != nil {
+			return nil, nil, ConvertGRPCError(err)
+		}
+
+		return firestoreAdminClient, firestoreClient, nil
+	}
+
+	firestoreClient, err := firestore.NewClientWithDatabase(ctx, projectID, database, args...)
 	if err != nil {
 		return nil, nil, ConvertGRPCError(err)
 	}
@@ -373,7 +387,7 @@ func New(ctx context.Context, params backend.Params, options Options) (*Backend,
 	}
 
 	closeCtx, cancel := context.WithCancel(ctx)
-	firestoreAdminClient, firestoreClient, err := CreateFirestoreClients(closeCtx, cfg.ProjectID, cfg.EndPoint, cfg.CredentialsPath)
+	firestoreAdminClient, firestoreClient, err := CreateFirestoreClients(closeCtx, cfg.ProjectID, cfg.DatabaseID, cfg.EndPoint, cfg.CredentialsPath)
 	if err != nil {
 		cancel()
 		return nil, trace.Wrap(err)
@@ -1084,7 +1098,8 @@ func ConvertGRPCError(err error, args ...interface{}) error {
 }
 
 func (b *Backend) getIndexParent() string {
-	return "projects/" + b.ProjectID + "/databases/(default)/collectionGroups/" + b.CollectionName
+	database := cmp.Or(b.backendConfig.Config.DatabaseID, "(default)")
+	return "projects/" + b.ProjectID + "/databases/" + database + "/collectionGroups/" + b.CollectionName
 }
 
 func (b *Backend) ensureIndexes(adminSvc *apiv1.FirestoreAdminClient) error {
diff --git a/lib/backend/key.go b/lib/backend/key.go
index 4c7f25c604edc..1dcb213d5c93e 100644
--- a/lib/backend/key.go
+++ b/lib/backend/key.go
@@ -52,6 +52,11 @@ func (k Key) String() string {
 	return string(k)
 }
 
+// IsZero reports whether k represents the zero key.
+func (k Key) IsZero() bool {
+	return len(k) == 0
+}
+
 // HasPrefix reports whether the key begins with prefix.
 func (k Key) HasPrefix(prefix Key) bool {
 	return bytes.HasPrefix(k, prefix)
diff --git a/lib/backend/key_test.go b/lib/backend/key_test.go
index d554fb6922357..894c39f49aff0 100644
--- a/lib/backend/key_test.go
+++ b/lib/backend/key_test.go
@@ -473,3 +473,10 @@ func TestKeyCompare(t *testing.T) {
 		})
 	}
 }
+
+func TestKeyIsZero(t *testing.T) {
+	assert.True(t, backend.Key{}.IsZero())
+	assert.True(t, backend.NewKey().IsZero())
+	assert.False(t, backend.NewKey("a", "b").IsZero())
+	assert.False(t, backend.ExactKey("a", "b").IsZero())
+}
diff --git a/lib/backend/helpers.go b/lib/backend/lock.go
similarity index 89%
rename from lib/backend/helpers.go
rename to lib/backend/lock.go
index 29bdbbd32f62f..20f425b697ee6 100644
--- a/lib/backend/helpers.go
+++ b/lib/backend/lock.go
@@ -21,11 +21,13 @@ package backend
 import (
 	"bytes"
 	"context"
+	"log/slog"
 	"time"
 
 	"github.com/google/uuid"
 	"github.com/gravitational/trace"
-	log "github.com/sirupsen/logrus"
+
+	logutils "github.com/gravitational/teleport/lib/utils/log"
 )
 
 const (
@@ -52,8 +54,14 @@ func randomID() ([]byte, error) {
 }
 
 type LockConfiguration struct {
-	Backend  Backend
+	// Backend to create the lock in.
+	Backend Backend
+	// LockName the precomputed lock name.
+	// TODO(tross) DELETE WHEN teleport.e is updated to use LockNameComponents.
 	LockName string
+	// LockNameComponents are subcomponents to be used when constructing
+	// the lock name.
+	LockNameComponents []string
 	// TTL defines when lock will be released automatically
 	TTL time.Duration
 	// RetryInterval defines interval which is used to retry locking after
@@ -65,9 +73,14 @@ func (l *LockConfiguration) CheckAndSetDefaults() error {
 	if l.Backend == nil {
 		return trace.BadParameter("missing Backend")
 	}
-	if l.LockName == "" {
-		return trace.BadParameter("missing LockName")
+	if l.LockName == "" && len(l.LockNameComponents) == 0 {
+		return trace.BadParameter("missing LockName/LockNameComponents")
+	}
+
+	if len(l.LockNameComponents) == 0 {
+		l.LockNameComponents = []string{l.LockName}
 	}
+
 	if l.TTL == 0 {
 		return trace.BadParameter("missing TTL")
 	}
@@ -83,7 +96,7 @@ func AcquireLock(ctx context.Context, cfg LockConfiguration) (Lock, error) {
 	if err != nil {
 		return Lock{}, trace.Wrap(err)
 	}
-	key := lockKey(cfg.LockName)
+	key := lockKey(cfg.LockNameComponents...)
 	id, err := randomID()
 	if err != nil {
 		return Lock{}, trace.Wrap(err)
@@ -205,7 +218,7 @@ func RunWhileLocked(ctx context.Context, cfg RunWhileLockedConfig, fn func(conte
 			case <-cfg.Backend.Clock().After(refreshAfter):
 				if err := lock.resetTTL(ctx, cfg.Backend); err != nil {
 					cancelFunction()
-					log.Errorf("%v", err)
+					slog.ErrorContext(ctx, "failed to reset lock ttl", "error", err, "lock", logutils.StringerAttr(lock.key))
 					return
 				}
 			case <-stopRefresh:
diff --git a/lib/backend/helpers_test.go b/lib/backend/lock_test.go
similarity index 67%
rename from lib/backend/helpers_test.go
rename to lib/backend/lock_test.go
index b652ee157e83a..0a84550c2a58e 100644
--- a/lib/backend/helpers_test.go
+++ b/lib/backend/lock_test.go
@@ -23,9 +23,24 @@ import (
 	"time"
 
 	"github.com/google/go-cmp/cmp"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
+func TestLockKey(t *testing.T) {
+	t.Run("empty parts", func(t *testing.T) {
+		key := lockKey()
+		assert.Equal(t, ".locks", key.String())
+		assert.Equal(t, [][]byte{[]byte(".locks")}, key.Components())
+	})
+
+	t.Run("with parts", func(t *testing.T) {
+		key := lockKey("test", "llama")
+		assert.Equal(t, ".locks/test/llama", key.String())
+		assert.Equal(t, [][]byte{[]byte(".locks"), []byte("test"), []byte("llama")}, key.Components())
+	})
+}
+
 func TestLockConfiguration_CheckAndSetDefaults(t *testing.T) {
 	type mockBackend struct {
 		Backend
@@ -38,30 +53,30 @@ func TestLockConfiguration_CheckAndSetDefaults(t *testing.T) {
 		{
 			name: "minimum valid",
 			in: LockConfiguration{
-				Backend:  mockBackend{},
-				LockName: "lock",
-				TTL:      30 * time.Second,
+				Backend:            mockBackend{},
+				LockNameComponents: []string{"lock"},
+				TTL:                30 * time.Second,
 			},
 			want: LockConfiguration{
-				Backend:       mockBackend{},
-				LockName:      "lock",
-				TTL:           30 * time.Second,
-				RetryInterval: 250 * time.Millisecond,
+				Backend:            mockBackend{},
+				LockNameComponents: []string{"lock"},
+				TTL:                30 * time.Second,
+				RetryInterval:      250 * time.Millisecond,
 			},
 		},
 		{
 			name: "set RetryAcquireLockTimeout",
 			in: LockConfiguration{
-				Backend:       mockBackend{},
-				LockName:      "lock",
-				TTL:           30 * time.Second,
-				RetryInterval: 10 * time.Second,
+				Backend:            mockBackend{},
+				LockNameComponents: []string{"lock"},
+				TTL:                30 * time.Second,
+				RetryInterval:      10 * time.Second,
 			},
 			want: LockConfiguration{
-				Backend:       mockBackend{},
-				LockName:      "lock",
-				TTL:           30 * time.Second,
-				RetryInterval: 10 * time.Second,
+				Backend:            mockBackend{},
+				LockNameComponents: []string{"lock"},
+				TTL:                30 * time.Second,
+				RetryInterval:      10 * time.Second,
 			},
 		},
 		{
@@ -82,9 +97,9 @@ func TestLockConfiguration_CheckAndSetDefaults(t *testing.T) {
 		{
 			name: "missing TTL",
 			in: LockConfiguration{
-				Backend:  mockBackend{},
-				LockName: "lock",
-				TTL:      0,
+				Backend:            mockBackend{},
+				LockNameComponents: []string{"lock"},
+				TTL:                0,
 			},
 			wantErr: "missing TTL",
 		},
@@ -111,9 +126,9 @@ func TestRunWhileLockedConfigCheckAndSetDefaults(t *testing.T) {
 	ttl := 1 * time.Minute
 	minimumValidConfig := RunWhileLockedConfig{
 		LockConfiguration: LockConfiguration{
-			Backend:  mockBackend{},
-			LockName: lockName,
-			TTL:      ttl,
+			Backend:            mockBackend{},
+			LockNameComponents: []string{lockName},
+			TTL:                ttl,
 		},
 	}
 	tests := []struct {
@@ -129,10 +144,10 @@ func TestRunWhileLockedConfigCheckAndSetDefaults(t *testing.T) {
 			},
 			want: RunWhileLockedConfig{
 				LockConfiguration: LockConfiguration{
-					Backend:       mockBackend{},
-					LockName:      lockName,
-					TTL:           ttl,
-					RetryInterval: 250 * time.Millisecond,
+					Backend:            mockBackend{},
+					LockNameComponents: []string{lockName},
+					TTL:                ttl,
+					RetryInterval:      250 * time.Millisecond,
 				},
 				ReleaseCtxTimeout: time.Second,
 				// defaults to halft of TTL.
@@ -144,6 +159,7 @@ func TestRunWhileLockedConfigCheckAndSetDefaults(t *testing.T) {
 			input: func() RunWhileLockedConfig {
 				cfg := minimumValidConfig
 				cfg.LockName = ""
+				cfg.LockNameComponents = nil
 				return cfg
 			},
 			wantErr: "missing LockName",
diff --git a/lib/backend/test/suite.go b/lib/backend/test/suite.go
index 94a088eb6b7f1..cde543cca62de 100644
--- a/lib/backend/test/suite.go
+++ b/lib/backend/test/suite.go
@@ -838,7 +838,7 @@ func testLocking(t *testing.T, newBackend Constructor) {
 	defer requireNoAsyncErrors()
 
 	// Given a lock named `tok1` on the backend...
-	lock, err := backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockName: tok1, TTL: ttl})
+	lock, err := backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockNameComponents: []string{tok1}, TTL: ttl})
 	require.NoError(t, err)
 
 	//  When I asynchronously release the lock...
@@ -853,7 +853,7 @@ func testLocking(t *testing.T, newBackend Constructor) {
 	}()
 
 	// ...and simultaneously attempt to create a new lock with the same name
-	lock, err = backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockName: tok1, TTL: ttl})
+	lock, err = backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockNameComponents: []string{tok1}, TTL: ttl})
 
 	// expect that the asynchronous Release() has executed - we're using the
 	// change in the value of the marker value as a proxy for the Release().
@@ -865,7 +865,7 @@ func testLocking(t *testing.T, newBackend Constructor) {
 	require.NoError(t, lock.Release(ctx, uut))
 
 	// Given a lock with the same name as previously-existing, manually-released lock
-	lock, err = backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockName: tok1, TTL: ttl})
+	lock, err = backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockNameComponents: []string{tok1}, TTL: ttl})
 	require.NoError(t, err)
 	atomic.StoreInt32(&marker, 7)
 
@@ -880,7 +880,7 @@ func testLocking(t *testing.T, newBackend Constructor) {
 	}()
 
 	// ...and simultaneously try to acquire another lock with the same name
-	lock, err = backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockName: tok1, TTL: ttl})
+	lock, err = backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockNameComponents: []string{tok1}, TTL: ttl})
 
 	// expect that the asynchronous Release() has executed - we're using the
 	// change in the value of the marker value as a proxy for the call to
@@ -894,9 +894,9 @@ func testLocking(t *testing.T, newBackend Constructor) {
 
 	// Given a pair of locks named `tok1` and `tok2`
 	y := int32(0)
-	lock1, err := backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockName: tok1, TTL: ttl})
+	lock1, err := backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockNameComponents: []string{tok1}, TTL: ttl})
 	require.NoError(t, err)
-	lock2, err := backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockName: tok2, TTL: ttl})
+	lock2, err := backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockNameComponents: []string{tok2}, TTL: ttl})
 	require.NoError(t, err)
 
 	//  When I asynchronously release the locks...
@@ -913,7 +913,7 @@ func testLocking(t *testing.T, newBackend Constructor) {
 		}
 	}()
 
-	lock, err = backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockName: tok1, TTL: ttl})
+	lock, err = backend.AcquireLock(ctx, backend.LockConfiguration{Backend: uut, LockNameComponents: []string{tok1}, TTL: ttl})
 	require.NoError(t, err)
 	require.Equal(t, int32(15), atomic.LoadInt32(&y))
 	require.NoError(t, lock.Release(ctx, uut))
diff --git a/lib/cache/cache.go b/lib/cache/cache.go
index 927e50b387ecf..6540919dbd22b 100644
--- a/lib/cache/cache.go
+++ b/lib/cache/cache.go
@@ -2959,6 +2959,19 @@ func (c *Cache) ListUserTasks(ctx context.Context, pageSize int64, nextKey strin
 	return rg.reader.ListUserTasks(ctx, pageSize, nextKey)
 }
 
+// ListUserTasksByIntegration returns a list of UserTask resources filtered by an integration.
+func (c *Cache) ListUserTasksByIntegration(ctx context.Context, pageSize int64, nextKey string, integration string) ([]*usertasksv1.UserTask, string, error) {
+	ctx, span := c.Tracer.Start(ctx, "cache/ListUserTasksByIntegration")
+	defer span.End()
+
+	rg, err := readCollectionCache(c, c.collections.userTasks)
+	if err != nil {
+		return nil, "", trace.Wrap(err)
+	}
+	defer rg.Release()
+	return rg.reader.ListUserTasksByIntegration(ctx, pageSize, nextKey, integration)
+}
+
 // GetUserTask returns the specified UserTask resource.
 func (c *Cache) GetUserTask(ctx context.Context, name string) (*usertasksv1.UserTask, error) {
 	ctx, span := c.Tracer.Start(ctx, "cache/GetUserTask")
diff --git a/lib/cache/collections.go b/lib/cache/collections.go
index e82d3eeb50680..84a02648881cd 100644
--- a/lib/cache/collections.go
+++ b/lib/cache/collections.go
@@ -197,6 +197,7 @@ type crownjewelsGetter interface {
 
 type userTasksGetter interface {
 	ListUserTasks(ctx context.Context, pageSize int64, nextToken string) ([]*usertasksv1.UserTask, string, error)
+	ListUserTasksByIntegration(ctx context.Context, pageSize int64, nextToken string, integration string) ([]*usertasksv1.UserTask, string, error)
 	GetUserTask(ctx context.Context, name string) (*usertasksv1.UserTask, error)
 }
 
diff --git a/lib/client/api.go b/lib/client/api.go
index fcfb0d0ee9d46..a3f33038d0f8d 100644
--- a/lib/client/api.go
+++ b/lib/client/api.go
@@ -38,7 +38,6 @@ import (
 	"time"
 	"unicode/utf8"
 
-	"github.com/coreos/go-semver/semver"
 	"github.com/gravitational/trace"
 	"github.com/sirupsen/logrus"
 	"go.opentelemetry.io/otel/attribute"
@@ -47,6 +46,7 @@ import (
 	"golang.org/x/crypto/ssh/agent"
 	"golang.org/x/net/http2"
 	"golang.org/x/sync/errgroup"
+	"golang.org/x/term"
 	"google.golang.org/grpc"
 
 	"github.com/gravitational/teleport"
@@ -75,6 +75,7 @@ import (
 	wancli "github.com/gravitational/teleport/lib/auth/webauthncli"
 	"github.com/gravitational/teleport/lib/authz"
 	libmfa "github.com/gravitational/teleport/lib/client/mfa"
+	"github.com/gravitational/teleport/lib/client/sso"
 	"github.com/gravitational/teleport/lib/client/terminal"
 	"github.com/gravitational/teleport/lib/defaults"
 	"github.com/gravitational/teleport/lib/devicetrust"
@@ -91,6 +92,7 @@ import (
 	"github.com/gravitational/teleport/lib/tlsca"
 	"github.com/gravitational/teleport/lib/utils"
 	"github.com/gravitational/teleport/lib/utils/agentconn"
+	logutils "github.com/gravitational/teleport/lib/utils/log"
 )
 
 const (
@@ -495,6 +497,14 @@ type Config struct {
 
 	// SSHDialTimeout is the timeout value that should be used for SSH connections.
 	SSHDialTimeout time.Duration
+
+	// StdinFunc allows tests to override prompt.Stdin().
+	// If nil prompt.Stdin() is used.
+	StdinFunc func() prompt.StdinReader
+
+	// HasTouchIDCredentialsFunc allows tests to override touchid.HasCredentials.
+	// If nil touchid.HasCredentials is used.
+	HasTouchIDCredentialsFunc func(rpID, user string) bool
 }
 
 // CachePolicy defines cache policy for local clients
@@ -1239,6 +1249,20 @@ func NewClient(c *Config) (tc *TeleportClient, err error) {
 	return tc, nil
 }
 
+func (tc *TeleportClient) stdin() prompt.StdinReader {
+	if tc.StdinFunc == nil {
+		return prompt.Stdin()
+	}
+	return tc.StdinFunc()
+}
+
+func (tc *TeleportClient) hasTouchIDCredentials(rpID, user string) bool {
+	if tc.HasTouchIDCredentialsFunc == nil {
+		return touchid.HasCredentials(rpID, user)
+	}
+	return tc.HasTouchIDCredentialsFunc(rpID, user)
+}
+
 func (tc *TeleportClient) ProfileStatus() (*ProfileStatus, error) {
 	status, err := tc.ClientStore.ReadProfileStatus(tc.WebProxyAddr)
 	if err != nil {
@@ -1482,7 +1506,7 @@ func (tc *TeleportClient) ReissueUserCerts(ctx context.Context, cachePolicy Cert
 // (according to RBAC), IssueCertsWithMFA will:
 // - for SSH certs, return the existing Key from the keystore.
 // - for TLS certs, fall back to ReissueUserCerts.
-func (tc *TeleportClient) IssueUserCertsWithMFA(ctx context.Context, params ReissueParams, mfaPromptOpts ...mfa.PromptOpt) (*Key, error) {
+func (tc *TeleportClient) IssueUserCertsWithMFA(ctx context.Context, params ReissueParams) (*Key, error) {
 	ctx, span := tc.Tracer.Start(
 		ctx,
 		"teleportClient/IssueUserCertsWithMFA",
@@ -1496,7 +1520,7 @@ func (tc *TeleportClient) IssueUserCertsWithMFA(ctx context.Context, params Reis
 	}
 	defer clusterClient.Close()
 
-	key, _, err := clusterClient.IssueUserCertsWithMFA(ctx, params, tc.NewMFAPrompt(mfaPromptOpts...))
+	key, _, err := clusterClient.IssueUserCertsWithMFA(ctx, params)
 	return key, trace.Wrap(err)
 }
 
@@ -2730,6 +2754,33 @@ func (tc *TeleportClient) runCommandOnNodes(ctx context.Context, clt *ClusterCli
 
 	g, gctx := errgroup.WithContext(ctx)
 	g.SetLimit(commandLimit(ctx, clt.AuthClient, mfaRequiredCheck.Required))
+
+	// Get the width of the terminal so we can wrap properly.
+	var width int
+	if stdoutFile, ok := tc.Stdout.(*os.File); ok {
+		conn, err := stdoutFile.SyscallConn()
+		if err != nil {
+			return trace.Wrap(err)
+		}
+		ctrlErr := conn.Control(func(fd uintptr) {
+			width, _, err = term.GetSize(int(fd))
+			// If stdout is not a terminal, continue with a zero width instead
+			// of failing.
+			if err != nil {
+				width = 0
+			}
+		})
+		if ctrlErr != nil {
+			return trace.Wrap(ctrlErr)
+		}
+	}
+
+	stdout := logutils.NewSharedWriter(tc.Stdout)
+	stderr := stdout
+	if tc.Stdout != tc.Stderr {
+		stderr = logutils.NewSharedWriter(tc.Stderr)
+	}
+
 	for _, node := range nodes {
 		node := node
 		g.Go(func() error {
@@ -2764,7 +2815,12 @@ func (tc *TeleportClient) runCommandOnNodes(ctx context.Context, clt *ClusterCli
 			displayName := nodeName(node)
 			fmt.Printf("Running command on %v:\n", displayName)
 
-			if err := nodeClient.RunCommand(ctx, command, WithLabeledOutput()); err != nil && tc.ExitStatus == 0 {
+			if err := nodeClient.RunCommand(
+				ctx,
+				command,
+				WithLabeledOutput(width),
+				WithOutput(stdout, stderr),
+			); err != nil && tc.ExitStatus == 0 {
 				fmt.Fprintln(tc.Stderr, err)
 				return nil
 			}
@@ -3510,19 +3566,13 @@ func (tc *TeleportClient) getSSHLoginFunc(pr *webclient.PingResponse) (SSHLoginF
 		}
 	case constants.OIDC:
 		oidc := pr.Auth.OIDC
-		return func(ctx context.Context, priv *keys.PrivateKey) (*authclient.SSHLoginResponse, error) {
-			return tc.ssoLogin(ctx, priv, oidc.Name, oidc.Display, constants.OIDC)
-		}, nil
+		return tc.SSOLoginFn(oidc.Name, oidc.Display, constants.OIDC), nil
 	case constants.SAML:
 		saml := pr.Auth.SAML
-		return func(ctx context.Context, priv *keys.PrivateKey) (*authclient.SSHLoginResponse, error) {
-			return tc.ssoLogin(ctx, priv, saml.Name, saml.Display, constants.SAML)
-		}, nil
+		return tc.SSOLoginFn(saml.Name, saml.Display, constants.SAML), nil
 	case constants.Github:
 		github := pr.Auth.Github
-		return func(ctx context.Context, priv *keys.PrivateKey) (*authclient.SSHLoginResponse, error) {
-			return tc.ssoLogin(ctx, priv, github.Name, github.Display, constants.Github)
-		}, nil
+		return tc.SSOLoginFn(github.Name, github.Display, constants.Github), nil
 	default:
 		return nil, trace.BadParameter("unsupported authentication type: %q", pr.Auth.Type)
 	}
@@ -3576,7 +3626,7 @@ func (tc *TeleportClient) pwdlessLoginWeb(ctx context.Context, priv *keys.Privat
 		user = tc.Username
 	}
 
-	sshLogin, err := tc.newSSHLogin(priv)
+	sshLogin, err := tc.NewSSHLogin(priv)
 	if err != nil {
 		return nil, nil, trace.Wrap(err)
 	}
@@ -3624,7 +3674,7 @@ func (tc *TeleportClient) directLoginWeb(ctx context.Context, secondFactorType c
 		}
 	}
 
-	sshLogin, err := tc.newSSHLogin(priv)
+	sshLogin, err := tc.NewSSHLogin(priv)
 	if err != nil {
 		return nil, nil, trace.Wrap(err)
 	}
@@ -3646,23 +3696,20 @@ func (tc *TeleportClient) mfaLocalLoginWeb(ctx context.Context, priv *keys.Priva
 		return nil, nil, trace.Wrap(err)
 	}
 
-	sshLogin, err := tc.newSSHLogin(priv)
+	sshLogin, err := tc.NewSSHLogin(priv)
 	if err != nil {
 		return nil, nil, trace.Wrap(err)
 	}
 
 	clt, session, err := SSHAgentMFAWebSessionLogin(ctx, SSHLoginMFA{
-		SSHLogin:  sshLogin,
-		User:      tc.Username,
-		Password:  password,
-		PromptMFA: tc.NewMFAPrompt(),
+		SSHLogin:             sshLogin,
+		User:                 tc.Username,
+		Password:             password,
+		MFAPromptConstructor: tc.NewMFAPrompt,
 	})
 	return clt, session, trace.Wrap(err)
 }
 
-// hasTouchIDCredentials provides indirection for tests.
-var hasTouchIDCredentials = touchid.HasCredentials
-
 // canDefaultToPasswordless checks without user interaction
 // if there is any registered passwordless login.
 func (tc *TeleportClient) canDefaultToPasswordless(pr *webclient.PingResponse) bool {
@@ -3685,7 +3732,7 @@ func (tc *TeleportClient) canDefaultToPasswordless(pr *webclient.PingResponse) b
 		user = tc.Username
 	}
 
-	return hasTouchIDCredentials(pr.Auth.Webauthn.RPID, user)
+	return tc.hasTouchIDCredentials(pr.Auth.Webauthn.RPID, user)
 }
 
 // SSHLoginFunc is a function which carries out authn with an auth server and returns an auth response.
@@ -3814,8 +3861,8 @@ func (tc *TeleportClient) GetNewLoginKey(ctx context.Context) (priv *keys.Privat
 	return priv, nil
 }
 
-// new SSHLogin generates a new SSHLogin using the given login key.
-func (tc *TeleportClient) newSSHLogin(priv *keys.PrivateKey) (SSHLogin, error) {
+// NewSSHLogin generates a new SSHLogin using the given login key.
+func (tc *TeleportClient) NewSSHLogin(priv *keys.PrivateKey) (SSHLogin, error) {
 	return SSHLogin{
 		ProxyAddr:            tc.WebProxyAddr,
 		PubKey:               priv.MarshalSSHPublicKey(),
@@ -3845,7 +3892,7 @@ func (tc *TeleportClient) pwdlessLogin(ctx context.Context, priv *keys.PrivateKe
 		user = tc.Username
 	}
 
-	sshLogin, err := tc.newSSHLogin(priv)
+	sshLogin, err := tc.NewSSHLogin(priv)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
@@ -3911,7 +3958,7 @@ func (tc *TeleportClient) directLogin(ctx context.Context, secondFactorType cons
 		}
 	}
 
-	sshLogin, err := tc.newSSHLogin(priv)
+	sshLogin, err := tc.NewSSHLogin(priv)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
@@ -3941,16 +3988,16 @@ func (tc *TeleportClient) mfaLocalLogin(ctx context.Context, priv *keys.PrivateK
 		return nil, trace.Wrap(err)
 	}
 
-	sshLogin, err := tc.newSSHLogin(priv)
+	sshLogin, err := tc.NewSSHLogin(priv)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
 
 	response, err := SSHAgentMFALogin(ctx, SSHLoginMFA{
-		SSHLogin:  sshLogin,
-		User:      tc.Username,
-		Password:  password,
-		PromptMFA: tc.NewMFAPrompt(),
+		SSHLogin:             sshLogin,
+		User:                 tc.Username,
+		Password:             password,
+		MFAPromptConstructor: tc.NewMFAPrompt,
 	})
 
 	return response, trace.Wrap(err)
@@ -3994,55 +4041,41 @@ func (tc *TeleportClient) headlessLogin(ctx context.Context, priv *keys.PrivateK
 // SSOLoginFunc is a function used in tests to mock SSO logins.
 type SSOLoginFunc func(ctx context.Context, connectorID string, priv *keys.PrivateKey, protocol string) (*authclient.SSHLoginResponse, error)
 
-// TODO(atburke): DELETE in v17.0.0
-func versionSupportsKeyPolicyMessage(proxyVersion *semver.Version) bool {
-	switch proxyVersion.Major {
-	case 15:
-		return !proxyVersion.LessThan(*semver.New("15.2.5"))
-	case 14:
-		return !proxyVersion.LessThan(*semver.New("14.3.17"))
-	case 13:
-		return !proxyVersion.LessThan(*semver.New("13.4.22"))
-	default:
-		return proxyVersion.Major > 15
-	}
-}
+// SSOLoginFn returns a function that will carry out SSO login. A browser window will be opened
+// for the user to authenticate through SSO. On completion they will be redirected to a success
+// page and the resulting login session will be captured and returned.
+func (tc *TeleportClient) SSOLoginFn(connectorID, connectorName, connectorType string) SSHLoginFunc {
+	return func(ctx context.Context, priv *keys.PrivateKey) (*authclient.SSHLoginResponse, error) {
+		if tc.MockSSOLogin != nil {
+			// sso login response is being mocked for testing purposes
+			return tc.MockSSOLogin(ctx, connectorID, priv, connectorType)
+		}
 
-// samlLogin opens browser window and uses OIDC or SAML redirect cycle with browser
-func (tc *TeleportClient) ssoLogin(ctx context.Context, priv *keys.PrivateKey, connectorID, connectorName, protocol string) (*authclient.SSHLoginResponse, error) {
-	if tc.MockSSOLogin != nil {
-		// sso login response is being mocked for testing purposes
-		return tc.MockSSOLogin(ctx, connectorID, priv, protocol)
-	}
+		// Set SAMLSingleLogoutEnabled from server settings.
+		pr, err := tc.Ping(ctx)
+		if err != nil {
+			return nil, trace.Wrap(err)
+		}
+		if connectorType == constants.SAML && pr.Auth.SAML != nil {
+			tc.SAMLSingleLogoutEnabled = pr.Auth.SAML.SingleLogoutEnabled
+		}
 
-	sshLogin, err := tc.newSSHLogin(priv)
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
+		rdConfig, err := tc.ssoRedirectorConfig(ctx, connectorName)
+		if err != nil {
+			return nil, trace.Wrap(err)
+		}
 
-	pr, err := tc.Ping(ctx)
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-	proxyVersion := semver.New(pr.ServerVersion)
+		rd, err := sso.NewRedirector(rdConfig)
+		if err != nil {
+			return nil, trace.Wrap(err)
+		}
+		defer rd.Close()
 
-	if protocol == constants.SAML && pr.Auth.SAML != nil {
-		tc.SAMLSingleLogoutEnabled = pr.Auth.SAML.SingleLogoutEnabled
-	}
+		ssoCeremony := sso.NewCLICeremony(rd, tc.ssoLoginInitFn(priv, connectorID, connectorType))
 
-	// ask the CA (via proxy) to sign our public key:
-	response, err := SSHAgentSSOLogin(ctx, SSHLoginSSO{
-		SSHLogin:                      sshLogin,
-		ConnectorID:                   connectorID,
-		ConnectorName:                 connectorName,
-		Protocol:                      protocol,
-		BindAddr:                      tc.BindAddr,
-		CallbackAddr:                  tc.CallbackAddr,
-		Browser:                       tc.Browser,
-		PrivateKeyPolicy:              tc.PrivateKeyPolicy,
-		ProxySupportsKeyPolicyMessage: versionSupportsKeyPolicyMessage(proxyVersion),
-	}, nil)
-	return response, trace.Wrap(err)
+		resp, err := ssoCeremony.Run(ctx)
+		return resp, trace.Wrap(err)
+	}
 }
 
 func (tc *TeleportClient) GetSAMLSingleLogoutURL(ctx context.Context, clt *ClusterClient, profile *ProfileStatus) (string, error) {
@@ -4068,7 +4101,7 @@ func (tc *TeleportClient) SAMLSingleLogout(ctx context.Context, SAMLSingleLogout
 	relayState := parsed.Query().Get("RelayState")
 	_, connectorName, _ := strings.Cut(relayState, ",")
 
-	err = OpenURLInBrowser(tc.Browser, SAMLSingleLogoutURL)
+	err = sso.OpenURLInBrowser(tc.Browser, SAMLSingleLogoutURL)
 	// If no browser was opened.
 	if err != nil || tc.Browser == teleport.BrowserNone {
 		fmt.Fprintf(os.Stderr, "Open the following link to log out of %s: %v\n", connectorName, SAMLSingleLogoutURL)
@@ -4235,7 +4268,7 @@ func (tc *TeleportClient) ShowMOTD(ctx context.Context) error {
 		fmt.Fprintln(tc.Stderr, motd.Text)
 
 		// If possible, prompt the user for acknowledement before continuing.
-		if stdin := prompt.Stdin(); stdin.IsTerminal() {
+		if stdin := tc.stdin(); stdin.IsTerminal() {
 			// We're re-using the password reader for user acknowledgment for
 			// aesthetic purposes, because we want to hide any garbage the
 			// user might enter at the prompt. Whatever the user enters will
@@ -4616,11 +4649,11 @@ func (tc *TeleportClient) AskOTP(ctx context.Context) (token string, err error)
 	)
 	defer span.End()
 
-	stdin := prompt.Stdin()
+	stdin := tc.stdin()
 	if !stdin.IsTerminal() {
 		return "", trace.Wrap(prompt.ErrNotTerminal, "cannot perform OTP login without a terminal")
 	}
-	return prompt.Password(ctx, tc.Stderr, prompt.Stdin(), "Enter your OTP token")
+	return prompt.Password(ctx, tc.Stderr, stdin, "Enter your OTP token")
 }
 
 // AskPassword prompts the user to enter the password
@@ -4632,7 +4665,7 @@ func (tc *TeleportClient) AskPassword(ctx context.Context) (pwd string, err erro
 	)
 	defer span.End()
 
-	stdin := prompt.Stdin()
+	stdin := tc.stdin()
 	if !stdin.IsTerminal() {
 		return "", trace.Wrap(prompt.ErrNotTerminal, "cannot perform password login without a terminal")
 	}
@@ -5082,7 +5115,7 @@ func (tc *TeleportClient) HeadlessApprove(ctx context.Context, headlessAuthentic
 	fmt.Fprintf(tc.Stdout, "Headless login attempt from IP address %q requires approval.\nContact your administrator if you didn't initiate this login attempt.\n", headlessAuthn.ClientIpAddress)
 
 	if confirm {
-		ok, err := prompt.Confirmation(ctx, tc.Stdout, prompt.Stdin(), "Approve?")
+		ok, err := prompt.Confirmation(ctx, tc.Stdout, tc.stdin(), "Approve?")
 		if err != nil {
 			return trace.Wrap(err)
 		}
@@ -5093,10 +5126,7 @@ func (tc *TeleportClient) HeadlessApprove(ctx context.Context, headlessAuthentic
 		}
 	}
 
-	chal, err := rootClient.CreateAuthenticateChallenge(ctx, &proto.CreateAuthenticateChallengeRequest{
-		Request: &proto.CreateAuthenticateChallengeRequest_ContextUser{
-			ContextUser: &proto.ContextUser{},
-		},
+	mfaResp, err := tc.NewMFACeremony().Run(ctx, &proto.CreateAuthenticateChallengeRequest{
 		ChallengeExtensions: &mfav1.ChallengeExtensions{
 			Scope: mfav1.ChallengeScope_CHALLENGE_SCOPE_HEADLESS_LOGIN,
 		},
@@ -5105,11 +5135,6 @@ func (tc *TeleportClient) HeadlessApprove(ctx context.Context, headlessAuthentic
 		return trace.Wrap(err)
 	}
 
-	resp, err := tc.PromptMFA(ctx, chal)
-	if err != nil {
-		return trace.Wrap(err)
-	}
-
-	err = rootClient.UpdateHeadlessAuthenticationState(ctx, headlessAuthenticationID, types.HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_APPROVED, resp)
+	err = rootClient.UpdateHeadlessAuthenticationState(ctx, headlessAuthenticationID, types.HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_APPROVED, mfaResp)
 	return trace.Wrap(err)
 }
diff --git a/lib/client/api_login_test.go b/lib/client/api_login_test.go
index 6945068150194..04cf604bc10a9 100644
--- a/lib/client/api_login_test.go
+++ b/lib/client/api_login_test.go
@@ -63,102 +63,81 @@ func TestTeleportClient_Login_local(t *testing.T) {
 
 	silenceLogger(t)
 
-	clock := clockwork.NewFakeClockAt(time.Now())
-	sa := newStandaloneTeleport(t, clock)
-	username := sa.Username
-	password := sa.Password
-	webID := sa.WebAuthnID
-	device := sa.Device
-	otpKey := sa.OTPKey
-
-	// Prepare client config, it won't change throughout the test.
-	cfg := client.MakeDefaultConfig()
-	cfg.Stdout = io.Discard
-	cfg.Stderr = io.Discard
-	cfg.Stdin = &bytes.Buffer{}
-	cfg.Username = username
-	cfg.HostLogin = username
-	cfg.AddKeysToAgent = client.AddKeysToAgentNo
-	// Replace "127.0.0.1" with "localhost". The proxy address becomes the origin
-	// for Webauthn requests, and Webauthn doesn't take IP addresses.
-	cfg.WebProxyAddr = strings.Replace(sa.ProxyWebAddr, "127.0.0.1", "localhost", 1 /* n */)
-	cfg.KeysDir = t.TempDir()
-	cfg.InsecureSkipVerify = true
-
-	// Reset functions after tests.
-	oldStdin := prompt.Stdin()
-	oldHasCredentials := *client.HasTouchIDCredentials
-
-	t.Cleanup(func() {
-		prompt.SetStdin(oldStdin)
-		*client.HasTouchIDCredentials = oldHasCredentials
-	})
+	type webauthnFunc func(ctx context.Context, origin string, assertion *wantypes.CredentialAssertion, prompt wancli.LoginPrompt) (*proto.MFAAuthenticateResponse, error)
 
 	waitForCancelFn := func(ctx context.Context) (string, error) {
 		<-ctx.Done() // wait for timeout
 		return "", ctx.Err()
 	}
-	noopWebauthnFn := func(ctx context.Context, origin string, assertion *wantypes.CredentialAssertion, prompt wancli.LoginPrompt) (*proto.MFAAuthenticateResponse, error) {
-		<-ctx.Done() // wait for timeout
-		return nil, ctx.Err()
+	noopWebauthnFn := func(_ *mocku2f.Key, _ []byte) webauthnFunc {
+		return func(ctx context.Context, _ string, _ *wantypes.CredentialAssertion, _ wancli.LoginPrompt) (*proto.MFAAuthenticateResponse, error) {
+			<-ctx.Done() // wait for timeout
+			return nil, ctx.Err()
+		}
 	}
 
-	solveOTP := func(ctx context.Context) (string, error) {
-		return totp.GenerateCode(otpKey, clock.Now())
+	solveOTP := func(otpKey string, clock clockwork.Clock) func(ctx context.Context) (string, error) {
+		return func(ctx context.Context) (string, error) {
+			return totp.GenerateCode(otpKey, clock.Now())
+		}
 	}
-	solveWebauthn := func(ctx context.Context, origin string, assertion *wantypes.CredentialAssertion, prompt wancli.LoginPrompt) (*proto.MFAAuthenticateResponse, error) {
-		car, err := device.SignAssertion(origin, assertion)
-		if err != nil {
-			return nil, err
+	solveWebauthn := func(device *mocku2f.Key, _ []byte) webauthnFunc {
+		return func(ctx context.Context, origin string, assertion *wantypes.CredentialAssertion, prompt wancli.LoginPrompt) (*proto.MFAAuthenticateResponse, error) {
+			ackTouch, err := prompt.PromptTouch()
+			if err != nil {
+				return nil, err
+			}
+
+			car, err := device.SignAssertion(origin, assertion)
+			if err != nil {
+				return nil, err
+			}
+			ackTouch()
+			return &proto.MFAAuthenticateResponse{
+				Response: &proto.MFAAuthenticateResponse_Webauthn{
+					Webauthn: wantypes.CredentialAssertionResponseToProto(car),
+				},
+			}, nil
 		}
-		return &proto.MFAAuthenticateResponse{
-			Response: &proto.MFAAuthenticateResponse_Webauthn{
-				Webauthn: wantypes.CredentialAssertionResponseToProto(car),
-			},
-		}, nil
 	}
-	solvePwdless := func(ctx context.Context, origin string, assertion *wantypes.CredentialAssertion, prompt wancli.LoginPrompt) (*proto.MFAAuthenticateResponse, error) {
-		resp, err := solveWebauthn(ctx, origin, assertion, prompt)
-		if err == nil {
-			resp.GetWebauthn().Response.UserHandle = webID
+	solvePwdless := func(device *mocku2f.Key, webID []byte) webauthnFunc {
+		return func(ctx context.Context, origin string, assertion *wantypes.CredentialAssertion, prompt wancli.LoginPrompt) (*proto.MFAAuthenticateResponse, error) {
+			resp, err := solveWebauthn(device, webID)(ctx, origin, assertion, prompt)
+			if err == nil {
+				resp.GetWebauthn().Response.UserHandle = webID
+			}
+			return resp, err
 		}
-		return resp, err
 	}
 
 	const pin = "pin123"
 	userPINFn := func(ctx context.Context) (string, error) {
 		return pin, nil
 	}
-	solvePIN := func(ctx context.Context, origin string, assertion *wantypes.CredentialAssertion, prompt wancli.LoginPrompt) (*proto.MFAAuthenticateResponse, error) {
-		// Ask and verify the PIN. Usually the authenticator would verify the PIN,
-		// but we are faking it here.
-		got, err := prompt.PromptPIN()
-		switch {
-		case err != nil:
-			return nil, err
-		case got != pin:
-			return nil, errors.New("invalid PIN")
-		}
-
-		// Realistically, this would happen too.
-		ackTouch, err := prompt.PromptTouch()
-		if err != nil {
-			return nil, err
-		}
+	solvePIN := func(device *mocku2f.Key, webID []byte) webauthnFunc {
+		return func(ctx context.Context, origin string, assertion *wantypes.CredentialAssertion, prompt wancli.LoginPrompt) (*proto.MFAAuthenticateResponse, error) {
+			// Ask and verify the PIN. Usually the authenticator would verify the PIN,
+			// but we are faking it here.
+			got, err := prompt.PromptPIN()
+			switch {
+			case err != nil:
+				return nil, err
+			case got != pin:
+				return nil, errors.New("invalid PIN")
+			}
 
-		resp, err := solveWebauthn(ctx, origin, assertion, prompt)
-		if err != nil {
-			return nil, err
+			resp, err := solveWebauthn(device, webID)(ctx, origin, assertion, prompt)
+			if err != nil {
+				return nil, err
+			}
+			return resp, nil
 		}
-		return resp, ackTouch()
 	}
 
-	ctx := context.Background()
 	tests := []struct {
 		name                    string
-		secondFactor            constants.SecondFactorType
-		inputReader             *prompt.FakeReader
-		solveWebauthn           func(ctx context.Context, origin string, assertion *wantypes.CredentialAssertion, prompt wancli.LoginPrompt) (*proto.MFAAuthenticateResponse, error)
+		makeInputReader         func(pass, otpKey string, clock clockwork.Clock) *prompt.FakeReader
+		makeSolveWebauthn       func(device *mocku2f.Key, webID []byte) webauthnFunc
 		authConnector           string
 		allowStdinHijack        bool
 		preferOTP               bool
@@ -166,91 +145,115 @@ func TestTeleportClient_Login_local(t *testing.T) {
 		authenticatorAttachment wancli.AuthenticatorAttachment
 	}{
 		{
-			name:             "OTP device login with hijack",
-			secondFactor:     constants.SecondFactorOptional,
-			inputReader:      prompt.NewFakeReader().AddString(password).AddReply(solveOTP),
-			solveWebauthn:    noopWebauthnFn,
-			allowStdinHijack: true,
+			name: "OTP device login with hijack",
+			makeInputReader: func(pass, otpKey string, clock clockwork.Clock) *prompt.FakeReader {
+				return prompt.NewFakeReader().
+					AddString(pass).
+					AddReply(solveOTP(otpKey, clock))
+			},
+			makeSolveWebauthn: noopWebauthnFn,
+			allowStdinHijack:  true,
 		},
 		{
-			name:             "Webauthn device login with hijack",
-			secondFactor:     constants.SecondFactorOptional,
-			inputReader:      prompt.NewFakeReader().AddString(password).AddReply(waitForCancelFn),
-			solveWebauthn:    solveWebauthn,
-			allowStdinHijack: true,
+			name: "Webauthn device login with hijack",
+			makeInputReader: func(pass, _ string, _ clockwork.Clock) *prompt.FakeReader {
+				return prompt.NewFakeReader().
+					AddString(pass).
+					AddReply(waitForCancelFn)
+			},
+			makeSolveWebauthn: solveWebauthn,
+			allowStdinHijack:  true,
 		},
 		{
-			name:             "Webauthn device with PIN and hijack", // a bit hypothetical, but _could_ happen.
-			secondFactor:     constants.SecondFactorOptional,
-			inputReader:      prompt.NewFakeReader().AddString(password).AddReply(waitForCancelFn).AddReply(userPINFn),
-			solveWebauthn:    solvePIN,
-			allowStdinHijack: true,
+			name: "Webauthn device with PIN and hijack", // a bit hypothetical, but _could_ happen.
+			makeInputReader: func(pass, _ string, _ clockwork.Clock) *prompt.FakeReader {
+				return prompt.NewFakeReader().
+					AddString(pass).
+					AddReply(waitForCancelFn).
+					AddReply(userPINFn)
+			},
+
+			makeSolveWebauthn: solvePIN,
+			allowStdinHijack:  true,
 		},
 		{
-			name:         "OTP preferred",
-			secondFactor: constants.SecondFactorOptional,
-			inputReader:  prompt.NewFakeReader().AddString(password).AddReply(solveOTP),
-			solveWebauthn: func(ctx context.Context, origin string, assertion *wantypes.CredentialAssertion, prompt wancli.LoginPrompt) (*proto.MFAAuthenticateResponse, error) {
-				panic("this should not be called")
+			name: "OTP preferred",
+			makeInputReader: func(pass, otpKey string, clock clockwork.Clock) *prompt.FakeReader {
+				return prompt.NewFakeReader().
+					AddString(pass).
+					AddReply(solveOTP(otpKey, clock))
+			},
+			makeSolveWebauthn: func(_ *mocku2f.Key, _ []byte) webauthnFunc {
+				return func(ctx context.Context, origin string, assertion *wantypes.CredentialAssertion, prompt wancli.LoginPrompt) (*proto.MFAAuthenticateResponse, error) {
+					panic("this should not be called")
+				}
 			},
 			preferOTP: true,
 		},
 		{
-			name:         "Webauthn device login",
-			secondFactor: constants.SecondFactorOptional,
-			inputReader: prompt.NewFakeReader().
-				AddString(password).
-				AddReply(func(ctx context.Context) (string, error) {
-					panic("this should not be called")
-				}),
-			solveWebauthn: solveWebauthn,
+			name: "Webauthn device login",
+			makeInputReader: func(pass, _ string, _ clockwork.Clock) *prompt.FakeReader {
+				return prompt.NewFakeReader().
+					AddString(pass).
+					AddReply(func(ctx context.Context) (string, error) {
+						panic("this should not be called")
+					})
+			},
+			makeSolveWebauthn: solveWebauthn,
 		},
 		{
-			name:          "passwordless login",
-			secondFactor:  constants.SecondFactorOptional,
-			inputReader:   prompt.NewFakeReader(), // no inputs
-			solveWebauthn: solvePwdless,
-			authConnector: constants.PasswordlessConnector,
+			name: "passwordless login",
+			makeInputReader: func(_, _ string, _ clockwork.Clock) *prompt.FakeReader {
+				return prompt.NewFakeReader() // no inputs
+			},
+			makeSolveWebauthn: solvePwdless,
+			authConnector:     constants.PasswordlessConnector,
 		},
 		{
-			name:                  "default to passwordless if registered",
-			secondFactor:          constants.SecondFactorOptional,
-			inputReader:           prompt.NewFakeReader(), // no inputs
-			solveWebauthn:         solvePwdless,
+			name: "default to passwordless if registered",
+			makeInputReader: func(_, _ string, _ clockwork.Clock) *prompt.FakeReader {
+				return prompt.NewFakeReader() // no inputs
+			},
+			makeSolveWebauthn:     solvePwdless,
 			hasTouchIDCredentials: true,
 		},
 		{
-			name:         "cross-platform attachment doesn't default to passwordless",
-			secondFactor: constants.SecondFactorOptional,
-			inputReader: prompt.NewFakeReader().
-				AddString(password).
-				AddReply(func(ctx context.Context) (string, error) {
-					panic("this should not be called")
-				}),
-			solveWebauthn:           solveWebauthn,
+			name: "cross-platform attachment doesn't default to passwordless",
+			makeInputReader: func(pass, _ string, _ clockwork.Clock) *prompt.FakeReader {
+				return prompt.NewFakeReader().
+					AddString(pass).
+					AddReply(func(ctx context.Context) (string, error) {
+						panic("this should not be called")
+					})
+			},
+			makeSolveWebauthn:       solveWebauthn,
 			hasTouchIDCredentials:   true,
 			authenticatorAttachment: wancli.AttachmentCrossPlatform,
 		},
 		{
-			name:         "local connector doesn't default to passwordless",
-			secondFactor: constants.SecondFactorOptional,
-			inputReader: prompt.NewFakeReader().
-				AddString(password).
-				AddReply(func(ctx context.Context) (string, error) {
-					panic("this should not be called")
-				}),
-			solveWebauthn:         solveWebauthn,
+			name: "local connector doesn't default to passwordless",
+			makeInputReader: func(pass, _ string, _ clockwork.Clock) *prompt.FakeReader {
+				return prompt.NewFakeReader().
+					AddString(pass).
+					AddReply(func(ctx context.Context) (string, error) {
+						panic("this should not be called")
+					})
+			},
+			makeSolveWebauthn:     solveWebauthn,
 			authConnector:         constants.LocalConnector,
 			hasTouchIDCredentials: true,
 		},
 		{
-			name:         "OTP preferred doesn't default to passwordless",
-			secondFactor: constants.SecondFactorOptional,
-			inputReader: prompt.NewFakeReader().
-				AddString(password).
-				AddReply(solveOTP),
-			solveWebauthn: func(ctx context.Context, origin string, assertion *wantypes.CredentialAssertion, prompt wancli.LoginPrompt) (*proto.MFAAuthenticateResponse, error) {
-				panic("this should not be called")
+			name: "OTP preferred doesn't default to passwordless",
+			makeInputReader: func(pass, otpKey string, clock clockwork.Clock) *prompt.FakeReader {
+				return prompt.NewFakeReader().
+					AddString(pass).
+					AddReply(solveOTP(otpKey, clock))
+			},
+			makeSolveWebauthn: func(_ *mocku2f.Key, _ []byte) webauthnFunc {
+				return func(ctx context.Context, origin string, assertion *wantypes.CredentialAssertion, prompt wancli.LoginPrompt) (*proto.MFAAuthenticateResponse, error) {
+					panic("this should not be called")
+				}
 			},
 			preferOTP:             true,
 			hasTouchIDCredentials: true,
@@ -258,37 +261,58 @@ func TestTeleportClient_Login_local(t *testing.T) {
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			ctx, cancel := context.WithTimeout(ctx, 5*time.Second)
-			defer cancel()
-
-			prompt.SetStdin(test.inputReader)
-			*client.HasTouchIDCredentials = func(rpid, user string) bool {
-				return test.hasTouchIDCredentials
-			}
-			authServer := sa.Auth.GetAuthServer()
-			pref, err := authServer.GetAuthPreference(ctx)
-			require.NoError(t, err)
-			if pref.GetSecondFactor() != test.secondFactor {
-				pref.SetSecondFactor(test.secondFactor)
-				_, err = authServer.UpsertAuthPreference(ctx, pref)
-				require.NoError(t, err)
-			}
-
+			t.Parallel()
+
+			// Start Teleport.
+			clock := clockwork.NewFakeClockAt(time.Now())
+			sa := newStandaloneTeleport(t, clock)
+			username := sa.Username
+			password := sa.Password
+			webID := sa.WebAuthnID
+			device := sa.Device
+			otpKey := sa.OTPKey
+
+			// Prepare client config.
+			cfg := client.MakeDefaultConfig()
+			cfg.Stdout = io.Discard
+			cfg.Stderr = io.Discard
+			cfg.Stdin = &bytes.Buffer{}
+			cfg.Username = username
+			cfg.HostLogin = username
+			cfg.AddKeysToAgent = client.AddKeysToAgentNo
+			// Replace "127.0.0.1" with "localhost". The proxy address becomes the origin
+			// for Webauthn requests, and Webauthn doesn't take IP addresses.
+			cfg.WebProxyAddr = strings.Replace(sa.ProxyWebAddr, "127.0.0.1", "localhost", 1 /* n */)
+			cfg.KeysDir = t.TempDir()
+			cfg.InsecureSkipVerify = true
+
+			// Prepare the client proper.
 			tc, err := client.NewClient(cfg)
 			require.NoError(t, err)
 			tc.AllowStdinHijack = test.allowStdinHijack
 			tc.AuthConnector = test.authConnector
 			tc.PreferOTP = test.preferOTP
 			tc.AuthenticatorAttachment = test.authenticatorAttachment
+			inputReader := test.makeInputReader(password, otpKey, clock)
+			tc.StdinFunc = func() prompt.StdinReader { return inputReader }
 
+			solveWebauthn := test.makeSolveWebauthn(device, webID)
 			tc.WebauthnLogin = func(
 				ctx context.Context,
 				origin string, assertion *wantypes.CredentialAssertion, prompt wancli.LoginPrompt, _ *wancli.LoginOpts,
 			) (*proto.MFAAuthenticateResponse, string, error) {
-				resp, err := test.solveWebauthn(ctx, origin, assertion, prompt)
+				resp, err := solveWebauthn(ctx, origin, assertion, prompt)
 				return resp, "", err
 			}
 
+			tc.HasTouchIDCredentialsFunc = func(_, _ string) bool {
+				return test.hasTouchIDCredentials
+			}
+
+			ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+			defer cancel()
+
+			// Test.
 			clock.Advance(30 * time.Second)
 			_, err = tc.Login(ctx)
 			require.NoError(t, err)
diff --git a/lib/client/client.go b/lib/client/client.go
index 825b0ebfa9115..bdf6b05f55c3d 100644
--- a/lib/client/client.go
+++ b/lib/client/client.go
@@ -424,68 +424,93 @@ func (c *NodeClient) RunInteractiveShell(ctx context.Context, mode types.Session
 
 // lineLabeledWriter is an io.Writer that prepends a label to each line it writes.
 type lineLabeledWriter struct {
-	linePrefix        []byte
-	w                 io.Writer
-	shouldWritePrefix bool
+	linePrefix    string
+	w             io.Writer
+	maxLineLength int
+	buf           *bytes.Buffer
 }
 
-func newLineLabeledWriter(w io.Writer, label string) io.Writer {
-	return &lineLabeledWriter{
-		linePrefix:        []byte(fmt.Sprintf("[%v] ", label)),
-		w:                 w,
-		shouldWritePrefix: true,
-	}
-}
+const defaultLabeledLineLength = 1024
 
-func (lw *lineLabeledWriter) writeChunk(b []byte, bytesWritten int, newline bool) (int, error) {
-	n, err := lw.w.Write(b)
-	bytesWritten += n
-	if err != nil {
-		return bytesWritten, trace.Wrap(err)
+func newLineLabeledWriter(w io.Writer, label string, maxLineLength int) (io.WriteCloser, error) {
+	prefix := "[" + label + "] "
+	if maxLineLength == 0 {
+		maxLineLength = defaultLabeledLineLength
 	}
-	if newline {
-		n, err = lw.w.Write([]byte("\n"))
-		bytesWritten += n
+	if maxLineLength <= len(prefix) {
+		return nil, trace.BadParameter("maxLineLength of %v is too short", maxLineLength)
 	}
-	return bytesWritten, trace.Wrap(err)
+
+	buf := &bytes.Buffer{}
+	buf.Grow(maxLineLength + 1)
+	return &lineLabeledWriter{
+		linePrefix:    prefix,
+		w:             w,
+		maxLineLength: maxLineLength,
+		buf:           buf,
+	}, nil
 }
 
+// Write writes data to the output writer. The underlying writer will only
+// receive complete lines at a time.
 func (lw *lineLabeledWriter) Write(input []byte) (int, error) {
 	bytesWritten := 0
-	var line []byte
 	rest := input
-	var found bool
-	for {
-		line, rest, found = bytes.Cut(rest, []byte("\n"))
-		// Write the prefix unless we're either continuing a line from the last
-		// write or we're at the end.
-		if lw.shouldWritePrefix && (len(line) > 0 || found) {
-			// Write the prefix on its own to not mess with the eventual returned
-			// number of bytes written.
-			if _, err := lw.w.Write(lw.linePrefix); err != nil {
-				return bytesWritten, trace.Wrap(err)
-			}
+
+	for len(rest) > 0 {
+		origLine := rest
+		var line []byte
+		var writeLine bool
+		line, rest, writeLine = bytes.Cut(origLine, []byte("\n"))
+		// If the buffer is empty and we receive new data, it's a new line and
+		// we should add the prefix.
+		if lw.buf.Len() == 0 && (len(line) > 0 || writeLine) {
+			lw.buf.WriteString(lw.linePrefix)
 		}
-		var err error
-		if bytesWritten, err = lw.writeChunk(line, bytesWritten, found); err != nil {
-			return bytesWritten, trace.Wrap(err)
+
+		// If we overflowed a line, cut a little earlier.
+		if lw.buf.Len()+len(line) > lw.maxLineLength {
+			linePortion := lw.maxLineLength - lw.buf.Len()
+			line = origLine[:linePortion]
+			rest = origLine[linePortion:]
+			writeLine = true
+			// We inserted this newline, don't count it later.
+			bytesWritten--
 		}
-		lw.shouldWritePrefix = true
 
-		if !found {
-			// If there were leftovers, the line will continue on the next write, so
-			// skip the first prefix next time.
-			lw.shouldWritePrefix = len(line) == 0
-			break
+		lw.buf.Write(line)
+		bytesWritten += len(line)
+		// If we hit a newline (or overflowed into one), flush the buffer.
+		if writeLine {
+			lw.buf.WriteString("\n")
+			bytesWritten++
+			_, err := lw.buf.WriteTo(lw.w)
+			if err != nil {
+				return bytesWritten, trace.Wrap(err)
+			}
 		}
 	}
 
 	return bytesWritten, nil
 }
 
+// Close flushes the rest of the buffer to the output writer.
+func (lw *lineLabeledWriter) Close() error {
+	if lw.buf.Len() == 0 {
+		return nil
+	}
+	// End whatever line we're on to prevent clobbering.
+	lw.buf.WriteString("\n")
+	_, err := lw.buf.WriteTo(lw.w)
+	return trace.Wrap(err)
+}
+
 // RunCommandOptions is a set of options for NodeClient.RunCommand.
 type RunCommandOptions struct {
-	labelLines bool
+	labelLines    bool
+	maxLineLength int
+	stdout        io.Writer
+	stderr        io.Writer
 }
 
 // RunCommandOption is a functional argument for NodeClient.RunCommand.
@@ -493,9 +518,19 @@ type RunCommandOption func(opts *RunCommandOptions)
 
 // WithLabeledOutput labels each line of output from a command with the node's
 // hostname.
-func WithLabeledOutput() RunCommandOption {
+func WithLabeledOutput(maxLineLength int) RunCommandOption {
 	return func(opts *RunCommandOptions) {
 		opts.labelLines = true
+		opts.maxLineLength = maxLineLength
+	}
+}
+
+// WithOutput sends command output to the given stdout and stderr instead of
+// the node client's.
+func WithOutput(stdout, stderr io.Writer) RunCommandOption {
+	return func(opts *RunCommandOptions) {
+		opts.stdout = stdout
+		opts.stderr = stderr
 	}
 }
 
@@ -508,18 +543,40 @@ func (c *NodeClient) RunCommand(ctx context.Context, command []string, opts ...R
 	)
 	defer span.End()
 
-	var options RunCommandOptions
+	options := RunCommandOptions{
+		stdout: c.TC.Stdout,
+		stderr: c.TC.Stderr,
+	}
 	for _, opt := range opts {
 		opt(&options)
 	}
 
 	// Set up output streams
-	stdout := c.TC.Stdout
-	stderr := c.TC.Stderr
+	stdout := options.stdout
+	stderr := options.stderr
 	if c.hostname != "" {
 		if options.labelLines {
-			stdout = newLineLabeledWriter(c.TC.Stdout, c.hostname)
-			stderr = newLineLabeledWriter(c.TC.Stderr, c.hostname)
+			var err error
+			stdoutWriter, err := newLineLabeledWriter(
+				options.stdout,
+				c.hostname,
+				options.maxLineLength,
+			)
+			if err != nil {
+				return trace.Wrap(err)
+			}
+			defer stdoutWriter.Close()
+			stdout = stdoutWriter
+			stderrWriter, err := newLineLabeledWriter(
+				options.stderr,
+				c.hostname,
+				options.maxLineLength,
+			)
+			if err != nil {
+				return trace.Wrap(err)
+			}
+			defer stderrWriter.Close()
+			stderr = stderrWriter
 		}
 
 		if c.sshLogDir != "" {
diff --git a/lib/client/client_test.go b/lib/client/client_test.go
index 432f51a47de17..4aaa1f516d27f 100644
--- a/lib/client/client_test.go
+++ b/lib/client/client_test.go
@@ -304,14 +304,15 @@ func (l wrappedListener) Accept() (net.Conn, error) {
 func TestLineLabeledWriter(t *testing.T) {
 	t.Parallel()
 	tests := []struct {
-		name     string
-		inputs   []string
-		expected string
+		name       string
+		inputs     []string
+		lineLength int
+		expected   string
 	}{
 		{
 			name:     "typical input",
 			inputs:   []string{"this is\nsome test\ninput"},
-			expected: "[label] this is\n[label] some test\n[label] input",
+			expected: "[label] this is\n[label] some test\n[label] input\n",
 		},
 		{
 			name:     "don't add empty line at end",
@@ -321,7 +322,7 @@ func TestLineLabeledWriter(t *testing.T) {
 		{
 			name:     "blank lines in middle",
 			inputs:   []string{"this\n\nis\n\nsome input"},
-			expected: "[label] this\n[label] \n[label] is\n[label] \n[label] some input",
+			expected: "[label] this\n[label] \n[label] is\n[label] \n[label] some input\n",
 		},
 		{
 			name:     "line break between writes",
@@ -331,18 +332,31 @@ func TestLineLabeledWriter(t *testing.T) {
 		{
 			name:     "line break immediately on second write",
 			inputs:   []string{"line 1", "\nline 2"},
-			expected: "[label] line 1\n[label] line 2",
+			expected: "[label] line 1\n[label] line 2\n",
 		},
 		{
 			name:     "line continues between writes",
-			inputs:   []string{"this is all ", "one continuous line"},
-			expected: "[label] this is all one continuous line",
+			inputs:   []string{"this is all ", "one continuous line ", "until\nnow"},
+			expected: "[label] this is all one continuous line until\n[label] now\n",
+		},
+		{
+			name:       "long lines wrapped",
+			inputs:     []string{"1234\nabcdefghijklmnopqrstuvwxyz\n1234"},
+			lineLength: 16,
+			expected:   "[label] 1234\n[label] abcdefgh\n[label] ijklmnop\n[label] qrstuvwx\n[label] yz\n[label] 1234\n",
+		},
+		{
+			name:       "exact length lines",
+			inputs:     []string{"abcdefgh", "\nijklmnop"},
+			lineLength: 16,
+			expected:   "[label] abcdefgh\n[label] ijklmnop\n",
 		},
 	}
 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {
 			var buf bytes.Buffer
-			w := newLineLabeledWriter(&buf, "label")
+			w, err := newLineLabeledWriter(&buf, "label", tc.lineLength)
+			require.NoError(t, err)
 
 			totalBytes := 0
 			expectedBytes := 0
@@ -352,6 +366,7 @@ func TestLineLabeledWriter(t *testing.T) {
 				totalBytes += n
 				expectedBytes += len(line)
 			}
+			assert.NoError(t, w.Close())
 			assert.Equal(t, expectedBytes, totalBytes)
 			assert.Equal(t, tc.expected, buf.String())
 		})
diff --git a/lib/client/cluster_client.go b/lib/client/cluster_client.go
index 024e646ffb2d9..3aa8a679c050d 100644
--- a/lib/client/cluster_client.go
+++ b/lib/client/cluster_client.go
@@ -20,6 +20,7 @@ package client
 
 import (
 	"context"
+	"errors"
 	"net"
 	"time"
 
@@ -299,7 +300,7 @@ func (c *ClusterClient) SessionSSHConfig(ctx context.Context, user string, targe
 	}
 
 	log.Debug("Attempting to issue a single-use user certificate with an MFA check.")
-	key, err = c.performMFACeremony(ctx,
+	key, err = c.performSessionMFACeremony(ctx,
 		mfaClt,
 		ReissueParams{
 			NodeName:       nodeName(TargetNode{Addr: target.Addr}),
@@ -307,7 +308,6 @@ func (c *ClusterClient) SessionSSHConfig(ctx context.Context, user string, targe
 			MFACheck:       target.MFACheck,
 		},
 		key,
-		c.tc.NewMFAPrompt(),
 	)
 	if err != nil {
 		return nil, trace.Wrap(err)
@@ -368,32 +368,43 @@ func (c *ClusterClient) prepareUserCertsRequest(params ReissueParams, key *Key)
 	}, nil
 }
 
-// performMFACeremony runs the mfa ceremony to completion.
+// performSessionMFACeremony runs the mfa ceremony to completion.
 // If successful the returned [Key] will be authorized to connect to the target.
-func (c *ClusterClient) performMFACeremony(ctx context.Context, rootClient *ClusterClient, params ReissueParams, key *Key, mfaPrompt mfa.Prompt) (*Key, error) {
+func (c *ClusterClient) performSessionMFACeremony(ctx context.Context, rootClient *ClusterClient, params ReissueParams, key *Key) (*Key, error) {
 	certsReq, err := rootClient.prepareUserCertsRequest(params, key)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
 
-	key, _, err = PerformMFACeremony(ctx, PerformMFACeremonyParams{
+	mfaRequiredReq := params.isMFARequiredRequest(c.tc.HostLogin)
+
+	var promptOpts []mfa.PromptOpt
+	switch {
+	case params.NodeName != "":
+		promptOpts = append(promptOpts, mfa.WithPromptReasonSessionMFA("Node", params.NodeName))
+	case params.KubernetesCluster != "":
+		promptOpts = append(promptOpts, mfa.WithPromptReasonSessionMFA("Kubernetes cluster", params.KubernetesCluster))
+	case params.RouteToDatabase.ServiceName != "":
+		promptOpts = append(promptOpts, mfa.WithPromptReasonSessionMFA("Database", params.RouteToDatabase.ServiceName))
+	case params.RouteToApp.Name != "":
+		promptOpts = append(promptOpts, mfa.WithPromptReasonSessionMFA("Application", params.RouteToApp.Name))
+	}
+
+	key, _, err = PerformSessionMFACeremony(ctx, PerformSessionMFACeremonyParams{
 		CurrentAuthClient: c.AuthClient,
 		RootAuthClient:    rootClient.AuthClient,
-		MFAPrompt:         mfaPrompt,
+		MFACeremony:       c.tc.NewMFACeremony(),
 		MFAAgainstRoot:    c.cluster == rootClient.cluster,
-		MFARequiredReq:    params.isMFARequiredRequest(c.tc.HostLogin),
-		ChallengeExtensions: mfav1.ChallengeExtensions{
-			Scope: mfav1.ChallengeScope_CHALLENGE_SCOPE_USER_SESSION,
-		},
-		CertsReq: certsReq,
-		Key:      key,
-	})
+		MFARequiredReq:    mfaRequiredReq,
+		CertsReq:          certsReq,
+		Key:               key,
+	}, promptOpts...)
 	return key, trace.Wrap(err)
 }
 
 // IssueUserCertsWithMFA generates a single-use certificate for the user. If MFA is required
 // to access the resource the provided [mfa.Prompt] will be used to perform the MFA ceremony.
-func (c *ClusterClient) IssueUserCertsWithMFA(ctx context.Context, params ReissueParams, mfaPrompt mfa.Prompt) (*Key, proto.MFARequired, error) {
+func (c *ClusterClient) IssueUserCertsWithMFA(ctx context.Context, params ReissueParams) (*Key, proto.MFARequired, error) {
 	ctx, span := c.Tracer.Start(
 		ctx,
 		"ClusterClient/IssueUserCertsWithMFA",
@@ -489,7 +500,7 @@ func (c *ClusterClient) IssueUserCertsWithMFA(ctx context.Context, params Reissu
 	}
 
 	// Perform the MFA ceremony and retrieve a new key.
-	key, err := c.performMFACeremony(ctx, certClient, params, key, mfaPrompt)
+	key, err := c.performSessionMFACeremony(ctx, certClient, params, key)
 	if err != nil {
 		return nil, proto.MFARequired_MFA_REQUIRED_YES, trace.Wrap(err)
 	}
@@ -498,39 +509,36 @@ func (c *ClusterClient) IssueUserCertsWithMFA(ctx context.Context, params Reissu
 	return key, proto.MFARequired_MFA_REQUIRED_YES, nil
 }
 
-// PerformMFARootClient is a subset of Auth methods required for MFA.
-// Used by [PerformMFACeremony].
-type PerformMFARootClient interface {
+// PerformSessionMFARootClient is a subset of Auth methods required for MFA.
+// Used by [PerformSessionMFACeremony].
+type PerformSessionMFARootClient interface {
 	CreateAuthenticateChallenge(ctx context.Context, req *proto.CreateAuthenticateChallengeRequest) (*proto.MFAAuthenticateChallenge, error)
 	GenerateUserCerts(ctx context.Context, req proto.UserCertsRequest) (*proto.Certs, error)
 }
 
-// PerformMFACurrentClient is a subset of Auth methods required for MFA.
-// Used by [PerformMFACeremony].
-type PerformMFACurrentClient interface {
+// PerformSessionMFACurrentClient is a subset of Auth methods required for MFA.
+// Used by [PerformSessionMFACeremony].
+type PerformSessionMFACurrentClient interface {
 	IsMFARequired(ctx context.Context, req *proto.IsMFARequiredRequest) (*proto.IsMFARequiredResponse, error)
 }
 
-// PerformMFACeremonyParams are the input parameters for [PerformMFACeremony].
-type PerformMFACeremonyParams struct {
+// PerformSessionMFACeremonyParams are the input parameters for [PerformSessionMFACeremony].
+type PerformSessionMFACeremonyParams struct {
 	// CurrentAuthClient is the Auth client for the target cluster.
 	// Unused if MFAAgainstRoot is true.
-	CurrentAuthClient PerformMFACurrentClient
+	CurrentAuthClient PerformSessionMFACurrentClient
 	// RootAuthClient is the Auth client for the root cluster.
 	// This is the client used to acquire the authn challenge and issue the user
 	// certificates.
-	RootAuthClient PerformMFARootClient
-	// MFAPrompt is used to prompt the user for an MFA solution.
-	MFAPrompt mfa.Prompt
+	RootAuthClient PerformSessionMFARootClient
+	// MFACeremony handles the MFA ceremony.
+	MFACeremony *mfa.Ceremony
 
 	// MFAAgainstRoot tells whether to run the MFA required check against root or
 	// current cluster.
 	MFAAgainstRoot bool
 	// MFARequiredReq is the request for the MFA verification check.
 	MFARequiredReq *proto.IsMFARequiredRequest
-	// ChallengeExtensions is used to provide additional extensions to apply to the
-	// MFA challenge used in the ceremony. The scope extension must be supplied.
-	ChallengeExtensions mfav1.ChallengeExtensions
 	// CertsReq is the request for new certificates.
 	CertsReq *proto.UserCertsRequest
 
@@ -539,7 +547,7 @@ type PerformMFACeremonyParams struct {
 	Key *Key
 }
 
-// PerformMFACeremony issues single-use certificates via GenerateUserCerts,
+// PerformSessionMFACeremony issues single-use certificates via GenerateUserCerts,
 // following its recommended RPC flow.
 //
 // It is a lower-level, less opinionated variant of
@@ -555,10 +563,9 @@ type PerformMFACeremonyParams struct {
 //  4. Call RootAuthClient.GenerateUserCerts
 //
 // Returns the modified params.Key and the GenerateUserCertsResponse, or an error.
-func PerformMFACeremony(ctx context.Context, params PerformMFACeremonyParams) (*Key, *proto.Certs, error) {
+func PerformSessionMFACeremony(ctx context.Context, params PerformSessionMFACeremonyParams, promptOpts ...mfa.PromptOpt) (*Key, *proto.Certs, error) {
 	rootClient := params.RootAuthClient
 	currentClient := params.CurrentAuthClient
-
 	mfaRequiredReq := params.MFARequiredReq
 
 	// If connecting to a host in a leaf cluster and MFA failed check to see
@@ -576,8 +583,8 @@ func PerformMFACeremony(ctx context.Context, params PerformMFACeremonyParams) (*
 		mfaRequiredReq = nil // Already checked, don't check again at root.
 	}
 
-	// Acquire MFA challenge.
-	authnChal, err := rootClient.CreateAuthenticateChallenge(ctx, &proto.CreateAuthenticateChallengeRequest{
+	params.MFACeremony.CreateAuthenticateChallenge = rootClient.CreateAuthenticateChallenge
+	mfaResp, err := params.MFACeremony.Run(ctx, &proto.CreateAuthenticateChallengeRequest{
 		Request: &proto.CreateAuthenticateChallengeRequest_ContextUser{
 			ContextUser: &proto.ContextUser{},
 		},
@@ -585,32 +592,24 @@ func PerformMFACeremony(ctx context.Context, params PerformMFACeremonyParams) (*
 		ChallengeExtensions: &mfav1.ChallengeExtensions{
 			Scope: mfav1.ChallengeScope_CHALLENGE_SCOPE_USER_SESSION,
 		},
-	})
-	if err != nil {
-		return nil, nil, trace.Wrap(err)
-	}
-
-	log.Debugf("MFA requirement from CreateAuthenticateChallenge, MFARequired=%s", authnChal.GetMFARequired())
-	if authnChal.MFARequired == proto.MFARequired_MFA_REQUIRED_NO {
+	}, promptOpts...)
+	if errors.Is(err, &mfa.ErrMFANotRequired) {
 		return nil, nil, trace.Wrap(services.ErrSessionMFANotRequired)
+	} else if err != nil {
+		return nil, nil, trace.Wrap(err)
 	}
 
-	if authnChal.TOTP == nil && authnChal.WebauthnChallenge == nil {
-		// TODO(Joerger): CreateAuthenticateChallenge should return
-		// this error directly instead of an empty challenge, without
-		// regressing https://github.com/gravitational/teleport/issues/36482.
+	// If mfaResp is nil, the ceremony was a no-op (no devices registered).
+	// TODO(Joerger): CreateAuthenticateChallenge, should return
+	// this error directly instead of an empty challenge, without
+	// regressing https://github.com/gravitational/teleport/issues/36482.
+	if mfaResp == nil {
 		return nil, nil, trace.Wrap(authclient.ErrNoMFADevices)
 	}
 
-	// Prompt user for solution (eg, security key touch).
-	authnSolved, err := params.MFAPrompt.Run(ctx, authnChal)
-	if err != nil {
-		return nil, nil, trace.Wrap(ceremonyFailedErr{err})
-	}
-
 	// Issue certificate.
 	certsReq := params.CertsReq
-	certsReq.MFAResponse = authnSolved
+	certsReq.MFAResponse = mfaResp
 	certsReq.Purpose = proto.UserCertsRequest_CERT_PURPOSE_SINGLE_USE_CERTS
 	log.Debug("Issuing single-use certificate from unary GenerateUserCerts")
 	newCerts, err := rootClient.GenerateUserCerts(ctx, *certsReq)
diff --git a/lib/client/cluster_client_test.go b/lib/client/cluster_client_test.go
index b23e2dbcf25c6..43d2a2dea5284 100644
--- a/lib/client/cluster_client_test.go
+++ b/lib/client/cluster_client_test.go
@@ -31,6 +31,7 @@ import (
 	"github.com/gravitational/teleport/api/mfa"
 	webauthnpb "github.com/gravitational/teleport/api/types/webauthn"
 	"github.com/gravitational/teleport/lib/auth/authclient"
+	libmfa "github.com/gravitational/teleport/lib/client/mfa"
 	"github.com/gravitational/teleport/lib/fixtures"
 	"github.com/gravitational/teleport/lib/observability/tracing"
 	"github.com/gravitational/teleport/lib/services"
@@ -191,7 +192,8 @@ func TestIssueUserCertsWithMFA(t *testing.T) {
 				require.Nil(t, key)
 				require.Equal(t, proto.MFARequired_MFA_REQUIRED_YES, mfaRequired)
 			},
-		}, {
+		},
+		{
 			name:        "db no mfa",
 			mfaRequired: proto.MFARequired_MFA_REQUIRED_NO,
 			params: ReissueParams{
@@ -315,7 +317,12 @@ func TestIssueUserCertsWithMFA(t *testing.T) {
 			clt := &ClusterClient{
 				tc: &TeleportClient{
 					localAgent: agent,
-					Config:     Config{SiteName: "test"},
+					Config: Config{
+						SiteName: "test",
+						MFAPromptConstructor: func(cfg *libmfa.PromptConfig) mfa.Prompt {
+							return test.prompt
+						},
+					},
 				},
 				ProxyClient: &proxy.Client{},
 				AuthClient: fakeAuthClient{
@@ -370,7 +377,7 @@ func TestIssueUserCertsWithMFA(t *testing.T) {
 
 			ctx := context.Background()
 
-			key, mfaRequired, err := clt.IssueUserCertsWithMFA(ctx, test.params, test.prompt)
+			key, mfaRequired, err := clt.IssueUserCertsWithMFA(ctx, test.params)
 			test.assertion(t, key, mfaRequired, err)
 		})
 	}
diff --git a/lib/client/export_test.go b/lib/client/export_test.go
index cd74528139cc3..16997c4a2f890 100644
--- a/lib/client/export_test.go
+++ b/lib/client/export_test.go
@@ -18,8 +18,6 @@
 
 package client
 
-var HasTouchIDCredentials = &hasTouchIDCredentials
-
 func (tc *TeleportClient) SetDTAttemptLoginIgnorePing(val bool) {
 	tc.dtAttemptLoginIgnorePing = val
 }
diff --git a/lib/client/local_proxy_middleware.go b/lib/client/local_proxy_middleware.go
index 90a2713658a3a..f4d8a1113b33d 100644
--- a/lib/client/local_proxy_middleware.go
+++ b/lib/client/local_proxy_middleware.go
@@ -36,7 +36,6 @@ import (
 
 	"github.com/gravitational/teleport/api/client/proto"
 	"github.com/gravitational/teleport/api/constants"
-	"github.com/gravitational/teleport/api/mfa"
 	"github.com/gravitational/teleport/api/utils/keys"
 	"github.com/gravitational/teleport/lib/auth/authclient"
 	"github.com/gravitational/teleport/lib/defaults"
@@ -238,7 +237,7 @@ func (c *DBCertIssuer) IssueCert(ctx context.Context) (tls.Certificate, error) {
 			return trace.Wrap(err)
 		}
 
-		newKey, mfaRequired, err := clusterClient.IssueUserCertsWithMFA(ctx, dbCertParams, c.Client.NewMFAPrompt(mfa.WithPromptReasonSessionMFA("database", c.RouteToApp.ServiceName)))
+		newKey, mfaRequired, err := clusterClient.IssueUserCertsWithMFA(ctx, dbCertParams)
 		if err != nil {
 			return trace.Wrap(err)
 		}
@@ -315,7 +314,7 @@ func (c *AppCertIssuer) IssueCert(ctx context.Context) (tls.Certificate, error)
 			return trace.Wrap(err)
 		}
 
-		newKey, mfaRequired, err := clusterClient.IssueUserCertsWithMFA(ctx, appCertParams, c.Client.NewMFAPrompt(mfa.WithPromptReasonSessionMFA("application", c.RouteToApp.Name)))
+		newKey, mfaRequired, err := clusterClient.IssueUserCertsWithMFA(ctx, appCertParams)
 		if err != nil {
 			return trace.Wrap(err)
 		}
diff --git a/lib/client/mfa.go b/lib/client/mfa.go
index 3dc94018fa8af..90c6f975d3a1c 100644
--- a/lib/client/mfa.go
+++ b/lib/client/mfa.go
@@ -21,11 +21,34 @@ package client
 import (
 	"context"
 
+	"github.com/gravitational/trace"
+
 	"github.com/gravitational/teleport/api/client/proto"
 	"github.com/gravitational/teleport/api/mfa"
 	libmfa "github.com/gravitational/teleport/lib/client/mfa"
 )
 
+// NewMFACeremony returns a new MFA ceremony configured for this client.
+func (tc *TeleportClient) NewMFACeremony() *mfa.Ceremony {
+	return &mfa.Ceremony{
+		CreateAuthenticateChallenge: tc.createAuthenticateChallenge,
+		PromptConstructor:           tc.NewMFAPrompt,
+	}
+}
+
+// createAuthenticateChallenge creates and returns MFA challenges for a users registered MFA devices.
+func (tc *TeleportClient) createAuthenticateChallenge(ctx context.Context, req *proto.CreateAuthenticateChallengeRequest) (*proto.MFAAuthenticateChallenge, error) {
+	clusterClient, err := tc.ConnectToCluster(ctx)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	rootClient, err := clusterClient.ConnectToRootCluster(ctx)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	return rootClient.CreateAuthenticateChallenge(ctx, req)
+}
+
 // WebauthnLoginFunc is a function that performs WebAuthn login.
 // Mimics the signature of [webauthncli.Login].
 type WebauthnLoginFunc = libmfa.WebauthnLoginFunc
@@ -34,7 +57,14 @@ type WebauthnLoginFunc = libmfa.WebauthnLoginFunc
 func (tc *TeleportClient) NewMFAPrompt(opts ...mfa.PromptOpt) mfa.Prompt {
 	cfg := tc.newPromptConfig(opts...)
 
-	var prompt mfa.Prompt = libmfa.NewCLIPrompt(cfg, tc.Stderr)
+	var prompt mfa.Prompt = libmfa.NewCLIPromptV2(&libmfa.CLIPromptConfig{
+		PromptConfig:     *cfg,
+		Writer:           tc.Stderr,
+		PreferOTP:        tc.PreferOTP,
+		AllowStdinHijack: tc.AllowStdinHijack,
+		StdinFunc:        tc.StdinFunc,
+	})
+
 	if tc.MFAPromptConstructor != nil {
 		prompt = tc.MFAPromptConstructor(cfg)
 	}
@@ -42,17 +72,9 @@ func (tc *TeleportClient) NewMFAPrompt(opts ...mfa.PromptOpt) mfa.Prompt {
 	return prompt
 }
 
-// PromptMFA runs a standard MFA prompt from client settings.
-func (tc *TeleportClient) PromptMFA(ctx context.Context, chal *proto.MFAAuthenticateChallenge) (*proto.MFAAuthenticateResponse, error) {
-	return tc.NewMFAPrompt().Run(ctx, chal)
-}
-
 func (tc *TeleportClient) newPromptConfig(opts ...mfa.PromptOpt) *libmfa.PromptConfig {
 	cfg := libmfa.NewPromptConfig(tc.WebProxyAddr, opts...)
 	cfg.AuthenticatorAttachment = tc.AuthenticatorAttachment
-	cfg.PreferOTP = tc.PreferOTP
-	cfg.AllowStdinHijack = tc.AllowStdinHijack
-
 	if tc.WebauthnLogin != nil {
 		cfg.WebauthnLoginFunc = tc.WebauthnLogin
 		cfg.WebauthnSupported = true
diff --git a/lib/client/mfa/cli.go b/lib/client/mfa/cli.go
index 1684578c6e0b3..a5e4cc8f26178 100644
--- a/lib/client/mfa/cli.go
+++ b/lib/client/mfa/cli.go
@@ -22,6 +22,8 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"log/slog"
+	"os"
 	"runtime"
 	"sync"
 
@@ -35,110 +37,132 @@ import (
 	"github.com/gravitational/teleport/lib/auth/webauthnwin"
 )
 
+// CLIPromptConfig contains CLI prompt config options.
+type CLIPromptConfig struct {
+	PromptConfig
+	// Writer is where the prompt outputs the prompt. Defaults to os.Stderr.
+	Writer io.Writer
+	// AllowStdinHijack allows stdin hijack during MFA prompts.
+	// Stdin hijack provides a better login UX, but it can be difficult to reason
+	// about and is often a source of bugs.
+	// Do not set this options unless you deeply understand what you are doing.
+	// If false then only the strongest auth method is prompted.
+	AllowStdinHijack bool
+	// PreferOTP favors OTP challenges, if applicable.
+	// Takes precedence over AuthenticatorAttachment settings.
+	PreferOTP bool
+	// StdinFunc allows tests to override prompt.Stdin().
+	// If nil prompt.Stdin() is used.
+	StdinFunc func() prompt.StdinReader
+}
+
 // CLIPrompt is the default CLI mfa prompt implementation.
 type CLIPrompt struct {
-	cfg    PromptConfig
-	writer io.Writer
+	cfg CLIPromptConfig
 }
 
 // NewCLIPrompt returns a new CLI mfa prompt with the config and writer.
+// TODO(Joerger): Delete once /e is no longer dependent on it.
 func NewCLIPrompt(cfg *PromptConfig, writer io.Writer) *CLIPrompt {
+	// If no config is provided, use defaults (zero value).
+	if cfg == nil {
+		cfg = new(PromptConfig)
+	}
+	return NewCLIPromptV2(&CLIPromptConfig{
+		PromptConfig: *cfg,
+		Writer:       writer,
+	})
+}
+
+// NewCLIPromptV2 returns a new CLI mfa prompt with the given config.
+// TODO(Joerger): this is V2 because /e depends on a different function
+// signature for NewCLIPrompt, so this requires a couple follow up PRs to fix.
+func NewCLIPromptV2(cfg *CLIPromptConfig) *CLIPrompt {
+	// If no config is provided, use defaults (zero value).
+	if cfg == nil {
+		cfg = new(CLIPromptConfig)
+	}
 	return &CLIPrompt{
-		cfg:    *cfg,
-		writer: writer,
+		cfg: *cfg,
+	}
+}
+
+func (c *CLIPrompt) stdin() prompt.StdinReader {
+	if c.cfg.StdinFunc == nil {
+		return prompt.Stdin()
+	}
+	return c.cfg.StdinFunc()
+}
+
+func (c *CLIPrompt) writer() io.Writer {
+	if c.cfg.Writer == nil {
+		return os.Stderr
 	}
+	return c.cfg.Writer
 }
 
 // Run prompts the user to complete an MFA authentication challenge.
 func (c *CLIPrompt) Run(ctx context.Context, chal *proto.MFAAuthenticateChallenge) (*proto.MFAAuthenticateResponse, error) {
 	if c.cfg.PromptReason != "" {
-		fmt.Fprintln(c.writer, c.cfg.PromptReason)
+		fmt.Fprintln(c.writer(), c.cfg.PromptReason)
 	}
 
-	runOpts, err := c.cfg.GetRunOptions(ctx, chal)
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
+	promptOTP := chal.TOTP != nil
+	promptWebauthn := chal.WebauthnChallenge != nil
 
 	// No prompt to run, no-op.
-	if !runOpts.PromptTOTP && !runOpts.PromptWebauthn {
+	if !promptOTP && !promptWebauthn {
 		return &proto.MFAAuthenticateResponse{}, nil
 	}
 
-	// Depending on the run opts, we may spawn a TOTP goroutine, webauth goroutine, or both.
-	spawnGoroutines := func(ctx context.Context, wg *sync.WaitGroup, respC chan<- MFAGoroutineResponse) {
-		dualPrompt := runOpts.PromptTOTP && runOpts.PromptWebauthn
-
-		// Print the prompt message directly here in case of dualPrompt.
-		// This avoids problems with a goroutine failing before any message is
-		// printed.
-		if dualPrompt {
-			var message string
-			if runtime.GOOS == constants.WindowsOS {
-				message = "Follow the OS dialogs for platform authentication, or enter an OTP code here:"
-				webauthnwin.SetPromptPlatformMessage("")
-			} else {
-				message = fmt.Sprintf("Tap any %ssecurity key or enter a code from a %sOTP device", c.promptDevicePrefix(), c.promptDevicePrefix())
-			}
-			fmt.Fprintln(c.writer, message)
+	// Check off unsupported methods.
+	if promptWebauthn && !c.cfg.WebauthnSupported {
+		promptWebauthn = false
+		slog.DebugContext(ctx, "hardware device MFA not supported by your platform")
+		if !promptOTP {
+			return nil, trace.BadParameter("hardware device MFA not supported by your platform, please register an OTP device")
 		}
+	}
 
-		// Fire TOTP goroutine.
-		var otpCancelAndWait func()
-		if runOpts.PromptTOTP {
-			otpCtx, otpCancel := context.WithCancel(ctx)
-			otpDone := make(chan struct{})
-			otpCancelAndWait = func() {
-				otpCancel()
-				<-otpDone
-			}
+	// Prefer whatever method is requested by the client.
+	if c.cfg.PreferOTP && promptOTP {
+		promptWebauthn = false
+	}
 
-			wg.Add(1)
-			go func() {
-				defer func() {
-					wg.Done()
-					otpCancel()
-					close(otpDone)
-				}()
-
-				quiet := c.cfg.Quiet || dualPrompt
-				resp, err := c.promptTOTP(otpCtx, quiet)
-				respC <- MFAGoroutineResponse{Resp: resp, Err: trace.Wrap(err, "TOTP authentication failed")}
-			}()
-		}
+	// Use stronger auth methods if hijack is not allowed.
+	if !c.cfg.AllowStdinHijack && promptWebauthn {
+		promptOTP = false
+	}
 
-		// Fire Webauthn goroutine.
-		if runOpts.PromptWebauthn {
-			wg.Add(1)
-			go func() {
-				defer func() {
-					wg.Done()
-					// Important for dual-prompt, harmless otherwise.
-					webauthnwin.ResetPromptPlatformMessage()
-				}()
-
-				// Get webauthn prompt and wrap with otp context handler.
-				prompt := &webauthnPromptWithOTP{
-					LoginPrompt:      c.getWebauthnPrompt(ctx, dualPrompt),
-					otpCancelAndWait: otpCancelAndWait,
-				}
-
-				resp, err := c.promptWebauthn(ctx, chal, prompt)
-				respC <- MFAGoroutineResponse{Resp: resp, Err: trace.Wrap(err, "Webauthn authentication failed")}
-			}()
-		}
+	// If a specific webauthn attachment was requested, skip OTP.
+	// Otherwise, allow dual prompt with OTP.
+	if promptWebauthn && c.cfg.AuthenticatorAttachment != wancli.AttachmentAuto {
+		promptOTP = false
 	}
 
-	return HandleMFAPromptGoroutines(ctx, spawnGoroutines)
+	switch {
+	case promptOTP && promptWebauthn:
+		resp, err := c.promptWebauthnAndOTP(ctx, chal)
+		return resp, trace.Wrap(err)
+	case promptWebauthn:
+		resp, err := c.promptWebauthn(ctx, chal, c.getWebauthnPrompt(ctx))
+		return resp, trace.Wrap(err)
+	case promptOTP:
+		resp, err := c.promptOTP(ctx, c.cfg.Quiet)
+		return resp, trace.Wrap(err)
+	default:
+		// We shouldn't reach this case as we would have hit the no-op case above.
+		return nil, trace.BadParameter("no MFA methods to prompt")
+	}
 }
 
-func (c *CLIPrompt) promptTOTP(ctx context.Context, quiet bool) (*proto.MFAAuthenticateResponse, error) {
+func (c *CLIPrompt) promptOTP(ctx context.Context, quiet bool) (*proto.MFAAuthenticateResponse, error) {
 	var msg string
 	if !quiet {
 		msg = fmt.Sprintf("Enter an OTP code from a %sdevice", c.promptDevicePrefix())
 	}
 
-	otp, err := prompt.Password(ctx, c.writer, prompt.Stdin(), msg)
+	otp, err := prompt.Password(ctx, c.writer(), c.stdin(), msg)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
@@ -150,22 +174,16 @@ func (c *CLIPrompt) promptTOTP(ctx context.Context, quiet bool) (*proto.MFAAuthe
 	}, nil
 }
 
-func (c *CLIPrompt) getWebauthnPrompt(ctx context.Context, dualPrompt bool) wancli.LoginPrompt {
-	writer := c.writer
+func (c *CLIPrompt) getWebauthnPrompt(ctx context.Context) *wancli.DefaultPrompt {
+	writer := c.writer()
 	if c.cfg.Quiet {
 		writer = io.Discard
 	}
 
 	prompt := wancli.NewDefaultPrompt(ctx, writer)
+	prompt.StdinFunc = c.cfg.StdinFunc
 	prompt.SecondTouchMessage = fmt.Sprintf("Tap your %ssecurity key to complete login", c.promptDevicePrefix())
 	prompt.FirstTouchMessage = fmt.Sprintf("Tap any %ssecurity key", c.promptDevicePrefix())
-
-	// Skip when both OTP and WebAuthn are possible, as the prompt happens
-	// externally.
-	if dualPrompt {
-		prompt.FirstTouchMessage = ""
-	}
-
 	return prompt
 }
 
@@ -186,6 +204,66 @@ func (c *CLIPrompt) promptDevicePrefix() string {
 	return ""
 }
 
+func (c *CLIPrompt) promptWebauthnAndOTP(ctx context.Context, chal *proto.MFAAuthenticateChallenge) (*proto.MFAAuthenticateResponse, error) {
+	spawnGoroutines := func(ctx context.Context, wg *sync.WaitGroup, respC chan<- MFAGoroutineResponse) {
+		var message string
+		if runtime.GOOS == constants.WindowsOS {
+			message = "Follow the OS dialogs for platform authentication, or enter an OTP code here:"
+			webauthnwin.SetPromptPlatformMessage("")
+		} else {
+			message = fmt.Sprintf("Tap any %ssecurity key or enter a code from a %sOTP device", c.promptDevicePrefix(), c.promptDevicePrefix())
+		}
+		fmt.Fprintln(c.writer(), message)
+
+		// Fire OTP goroutine.
+		var otpCancelAndWait func()
+		otpCtx, otpCancel := context.WithCancel(ctx)
+		otpDone := make(chan struct{})
+		otpCancelAndWait = func() {
+			otpCancel()
+			<-otpDone
+		}
+
+		wg.Add(1)
+		go func() {
+			defer func() {
+				wg.Done()
+				otpCancel()
+				close(otpDone)
+			}()
+
+			resp, err := c.promptOTP(otpCtx, true /*quiet*/)
+			respC <- MFAGoroutineResponse{Resp: resp, Err: trace.Wrap(err, "TOTP authentication failed")}
+		}()
+
+		// Fire Webauthn goroutine.
+		wg.Add(1)
+		go func() {
+			defer func() {
+				wg.Done()
+				// Important for dual-prompt.
+				webauthnwin.ResetPromptPlatformMessage()
+			}()
+
+			// Skip FirstTouchMessage when both OTP and WebAuthn are possible,
+			// as the prompt happens externally.
+			defaultPrompt := c.getWebauthnPrompt(ctx)
+			defaultPrompt.FirstTouchMessage = ""
+
+			// Wrap the prompt with otp context handler.
+			prompt := &webauthnPromptWithOTP{
+				LoginPrompt:      defaultPrompt,
+				otpCancelAndWait: otpCancelAndWait,
+			}
+
+			resp, err := c.promptWebauthn(ctx, chal, prompt)
+			respC <- MFAGoroutineResponse{Resp: resp, Err: trace.Wrap(err, "Webauthn authentication failed")}
+		}()
+	}
+
+	return HandleMFAPromptGoroutines(ctx, spawnGoroutines)
+}
+
 // webauthnPromptWithOTP implements wancli.LoginPrompt for MFA logins.
 // In most cases authenticators shouldn't require PINs or additional touches for
 // MFA, but the implementation exists in case we find some unusual
@@ -197,6 +275,13 @@ type webauthnPromptWithOTP struct {
 	otpCancelAndWait     func()
 }
 
+func (w *webauthnPromptWithOTP) cancelOTP() {
+	if w.otpCancelAndWait == nil {
+		return
+	}
+	w.otpCancelAndWaitOnce.Do(w.otpCancelAndWait)
+}
+
 func (w *webauthnPromptWithOTP) PromptTouch() (wancli.TouchAcknowledger, error) {
 	ack, err := w.LoginPrompt.PromptTouch()
 	if err != nil {
@@ -207,10 +292,16 @@ func (w *webauthnPromptWithOTP) PromptTouch() (wancli.TouchAcknowledger, error)
 		err := ack()
 
 		// Stop the OTP goroutine when the first touch is acknowledged.
-		if w.otpCancelAndWait != nil {
-			w.otpCancelAndWaitOnce.Do(w.otpCancelAndWait)
-		}
+		w.cancelOTP()
 
 		return trace.Wrap(err)
 	}, nil
 }
+
+func (w *webauthnPromptWithOTP) PromptPIN() (string, error) {
+	// Stop the OTP goroutine before asking for PIN, in case it wasn't already
+	// stopped through PromptTouch.
+	w.cancelOTP()
+
+	return w.LoginPrompt.PromptPIN()
+}
diff --git a/lib/client/mfa/cli_test.go b/lib/client/mfa/cli_test.go
index 0f0d6cc8323b2..54e0fcfd92fd9 100644
--- a/lib/client/mfa/cli_test.go
+++ b/lib/client/mfa/cli_test.go
@@ -239,7 +239,6 @@ Enter your security key PIN:
 			prompt.SetStdin(stdin)
 
 			cfg := mfa.NewPromptConfig("proxy.example.com")
-			cfg.AllowStdinHijack = true
 			cfg.WebauthnSupported = true
 			if tc.makeWebauthnLoginFunc != nil {
 				cfg.WebauthnLoginFunc = tc.makeWebauthnLoginFunc(stdin)
@@ -261,7 +260,11 @@ Enter your security key PIN:
 			buffer := make([]byte, 0, 100)
 			out := bytes.NewBuffer(buffer)
 
-			prompt := mfa.NewCLIPrompt(cfg, out)
+			prompt := mfa.NewCLIPromptV2(&mfa.CLIPromptConfig{
+				PromptConfig:     *cfg,
+				Writer:           out,
+				AllowStdinHijack: true,
+			})
 			resp, err := prompt.Run(ctx, tc.challenge)
 
 			if tc.expectErr != nil {
diff --git a/lib/client/mfa/prompt.go b/lib/client/mfa/prompt.go
index 93a9645e2faf3..4f99487810833 100644
--- a/lib/client/mfa/prompt.go
+++ b/lib/client/mfa/prompt.go
@@ -43,7 +43,8 @@ type WebauthnLoginFunc func(
 	opts *wancli.LoginOpts,
 ) (*proto.MFAAuthenticateResponse, string, error)
 
-// PromptConfig contains common mfa prompt config options.
+// PromptConfig contains common mfa prompt config options shared by
+// different implementations of [mfa.Prompt].
 type PromptConfig struct {
 	mfa.PromptConfig
 	// ProxyAddress is the address of the authenticating proxy. required.
diff --git a/lib/client/mfa_test.go b/lib/client/mfa_test.go
index 00f4d7e75b026..845e9b1f975e5 100644
--- a/lib/client/mfa_test.go
+++ b/lib/client/mfa_test.go
@@ -21,7 +21,6 @@ package client_test
 import (
 	"context"
 	"errors"
-	"os"
 	"testing"
 	"time"
 
@@ -73,7 +72,7 @@ func TestPromptMFAChallenge_usingNonRegisteredDevice(t *testing.T) {
 	tests := []struct {
 		name            string
 		challenge       *proto.MFAAuthenticateChallenge
-		customizePrompt func(p *mfa.PromptConfig)
+		customizePrompt func(p *mfa.CLIPromptConfig)
 	}{
 		{
 			name:      "webauthn only",
@@ -82,7 +81,7 @@ func TestPromptMFAChallenge_usingNonRegisteredDevice(t *testing.T) {
 		{
 			name:      "webauthn and OTP",
 			challenge: challengeWebauthnOTP,
-			customizePrompt: func(p *mfa.PromptConfig) {
+			customizePrompt: func(p *mfa.CLIPromptConfig) {
 				p.AllowStdinHijack = true // required for OTP+WebAuthn prompt.
 			},
 		},
@@ -109,11 +108,15 @@ func TestPromptMFAChallenge_usingNonRegisteredDevice(t *testing.T) {
 				return nil, "", wancli.ErrUsingNonRegisteredDevice
 			}
 
+			cliConfig := &mfa.CLIPromptConfig{
+				PromptConfig: *promptConfig,
+			}
+
 			if test.customizePrompt != nil {
-				test.customizePrompt(promptConfig)
+				test.customizePrompt(cliConfig)
 			}
 
-			_, err := mfa.NewCLIPrompt(promptConfig, os.Stderr).Run(ctx, test.challenge)
+			_, err := mfa.NewCLIPromptV2(cliConfig).Run(ctx, test.challenge)
 			if !errors.Is(err, wancli.ErrUsingNonRegisteredDevice) {
 				t.Errorf("PromptMFAChallenge returned err=%q, want %q", err, wancli.ErrUsingNonRegisteredDevice)
 			}
diff --git a/lib/client/presence.go b/lib/client/presence.go
index edf101e74994c..8ad63cc997bc6 100644
--- a/lib/client/presence.go
+++ b/lib/client/presence.go
@@ -76,46 +76,60 @@ func RunPresenceTask(ctx context.Context, term io.Writer, maintainer PresenceMai
 		return trace.Wrap(err)
 	}
 
-	for {
-		select {
-		case <-ticker.Chan():
+	mfaCeremony := &mfa.Ceremony{
+		PromptConstructor: func(po ...mfa.PromptOpt) mfa.Prompt {
+			return mfa.PromptFunc(func(ctx context.Context, chal *proto.MFAAuthenticateChallenge) (*proto.MFAAuthenticateResponse, error) {
+				fmt.Fprint(term, "\r\nTeleport > Please tap your MFA key\r\n")
+
+				mfaResp, err := mfaPrompt.Run(ctx, chal)
+				if err != nil {
+					fmt.Fprintf(term, "\r\nTeleport > Failed to confirm presence: %v\r\n", err)
+					return nil, trace.Wrap(err)
+				}
+
+				fmt.Fprint(term, "\r\nTeleport > Received MFA presence confirmation\r\n")
+				return mfaResp, nil
+			})
+		},
+		CreateAuthenticateChallenge: func(ctx context.Context, _ *proto.CreateAuthenticateChallengeRequest) (*proto.MFAAuthenticateChallenge, error) {
 			req := &proto.PresenceMFAChallengeSend{
 				Request: &proto.PresenceMFAChallengeSend_ChallengeRequest{
 					ChallengeRequest: &proto.PresenceMFAChallengeRequest{SessionID: sessionID},
 				},
 			}
 
-			err = stream.Send(req)
-			if err != nil {
-				return trace.Wrap(err)
+			if err := stream.Send(req); err != nil {
+				return nil, trace.Wrap(err)
 			}
 
 			challenge, err := stream.Recv()
 			if err != nil {
-				return trace.Wrap(err)
+				return nil, trace.Wrap(err)
 			}
 
-			fmt.Fprint(term, "\r\nTeleport > Please tap your MFA key\r\n")
-
 			// This is here to enforce the usage of a MFA device.
 			// We don't support TOTP for live presence.
 			challenge.TOTP = nil
 
-			solution, err := mfaPrompt.Run(ctx, challenge)
+			return challenge, nil
+		},
+	}
+
+	for {
+		select {
+		case <-ticker.Chan():
+			mfaResp, err := mfaCeremony.Run(ctx, nil /* req is not needed for MaintainSessionPresence */)
 			if err != nil {
-				fmt.Fprintf(term, "\r\nTeleport > Failed to confirm presence: %v\r\n", err)
 				return trace.Wrap(err)
 			}
 
-			fmt.Fprint(term, "\r\nTeleport > Received MFA presence confirmation\r\n")
-
-			req = &proto.PresenceMFAChallengeSend{
+			resp := &proto.PresenceMFAChallengeSend{
 				Request: &proto.PresenceMFAChallengeSend_ChallengeResponse{
-					ChallengeResponse: solution,
+					ChallengeResponse: mfaResp,
 				},
 			}
 
-			err = stream.Send(req)
+			err = stream.Send(resp)
 			if err != nil {
 				return trace.Wrap(err)
 			}
diff --git a/lib/client/redirect.go b/lib/client/redirect.go
index 1e88f4b1cde6e..43302c34c9eb1 100644
--- a/lib/client/redirect.go
+++ b/lib/client/redirect.go
@@ -18,390 +18,24 @@
 
 package client
 
-import (
-	"context"
-	"encoding/json"
-	"net"
-	"net/http"
-	"net/http/httptest"
-	"net/url"
-
-	"github.com/google/uuid"
-	"github.com/gravitational/trace"
-
-	apidefaults "github.com/gravitational/teleport/api/defaults"
-	apiutils "github.com/gravitational/teleport/api/utils"
-	"github.com/gravitational/teleport/api/utils/keys"
-	"github.com/gravitational/teleport/lib/auth/authclient"
-	"github.com/gravitational/teleport/lib/defaults"
-	"github.com/gravitational/teleport/lib/secret"
-	"github.com/gravitational/teleport/lib/utils"
-)
+import "github.com/gravitational/teleport/lib/client/sso"
 
+// TODO: delete once e ref is updated.
 const (
-	// LoginSuccessRedirectURL is a redirect URL when login was successful without errors.
-	LoginSuccessRedirectURL = "/web/msg/info/login_success"
-
-	// LoginTerminalRedirectURL is a redirect URL when login requires extra
-	// action in the terminal, but was otherwise successful in the browser (ex.
-	// need a hardware key tap).
-	LoginTerminalRedirectURL = "/web/msg/info/login_terminal"
-
 	// LoginFailedRedirectURL is the default redirect URL when an SSO error was encountered.
-	LoginFailedRedirectURL = "/web/msg/error/login"
+	LoginFailedRedirectURL = sso.LoginFailedRedirectURL
 
 	// LoginFailedBadCallbackRedirectURL is a redirect URL when an SSO error specific to
 	// auth connector's callback was encountered.
-	LoginFailedBadCallbackRedirectURL = "/web/msg/error/login/callback"
+	LoginFailedBadCallbackRedirectURL = sso.LoginFailedBadCallbackRedirectURL
 
 	// LoginFailedUnauthorizedRedirectURL is a redirect URL for when an SSO authenticates successfully,
 	// but the user has no matching roles in Teleport.
-	LoginFailedUnauthorizedRedirectURL = "/web/msg/error/login/auth"
-
-	// LoginClose is a redirect URL that will close the tab performing the SSO
-	// login. It's used when a second tab will be opened due to the first
-	// failing (such as an unmet hardware key policy) and the first should be
-	// ignored.
-	LoginClose = "/web/msg/info/login_close"
+	LoginFailedUnauthorizedRedirectURL = sso.LoginFailedUnauthorizedRedirectURL
 
 	// SAMLSingleLogoutFailedRedirectURL is the default redirect URL when an error was encountered during SAML Single Logout.
-	SAMLSingleLogoutFailedRedirectURL = "/web/msg/error/slo"
+	SAMLSingleLogoutFailedRedirectURL = sso.SAMLSingleLogoutFailedRedirectURL
 
 	// DefaultLoginURL is the default login page.
-	DefaultLoginURL = "/web/login"
+	DefaultLoginURL = sso.DefaultLoginURL
 )
-
-// Redirector handles SSH redirect flow with the Teleport server
-type Redirector struct {
-	// SSHLoginSSO contains SSH login parameters
-	SSHLoginSSO
-	server *httptest.Server
-	mux    *http.ServeMux
-	// redirectURL will be set based on the response from the Teleport
-	// proxy server, will contain target redirect URL
-	// to launch SSO workflow
-	redirectURL utils.SyncString
-	// key is a secret key used to encode/decode
-	// the data with the server, it is used so that other
-	// programs running on the same computer can't easilly sniff
-	// the data
-	key secret.Key
-	// shortPath is a link-shortener path presented to the user
-	// it is used to open up the browser window, notice
-	// that redirectURL will be set later
-	shortPath string
-	// responseC is a channel to receive responses
-	responseC chan *authclient.SSHLoginResponse
-	// errorC will contain errors
-	errorC chan error
-	// proxyClient is HTTP client to the Teleport Proxy
-	proxyClient *WebClient
-	// proxyURL is a URL to the Teleport Proxy
-	proxyURL *url.URL
-	// context is a close context
-	context context.Context
-	// cancel broadcasts cancel
-	cancel context.CancelFunc
-	// RedirectorConfig allows customization of Redirector
-	RedirectorConfig
-	// callbackAddr is the alternate URL to give to the user during login,
-	// if present.
-	callbackAddr string
-}
-
-// RedirectorConfig allows customization of Redirector
-type RedirectorConfig struct {
-	// SSOLoginConsoleRequestFn allows customizing issuance of SSOLoginConsoleReq. Optional.
-	SSOLoginConsoleRequestFn func(req SSOLoginConsoleReq) (*SSOLoginConsoleResponse, error)
-}
-
-// NewRedirector returns new local web server redirector
-func NewRedirector(ctx context.Context, login SSHLoginSSO, config *RedirectorConfig) (*Redirector, error) {
-	clt, proxyURL, err := initClient(login.ProxyAddr, login.Insecure, login.Pool, login.ExtraHeaders)
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-
-	// Create secret key that will be sent with the request and then used the
-	// decrypt the response from the server.
-	key, err := secret.NewKey()
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-
-	var callbackAddr string
-	if login.CallbackAddr != "" {
-		callbackURL, err := apiutils.ParseURL(login.CallbackAddr)
-		if err != nil {
-			return nil, trace.Wrap(err)
-		}
-		// Default to HTTPS if no scheme is specified.
-		// This will allow users to specify an insecure HTTP URL but
-		// the backend will verify if the callback URL is allowed.
-		if callbackURL.Scheme == "" {
-			callbackURL.Scheme = "https"
-		}
-		callbackAddr = callbackURL.String()
-	}
-
-	ctxCancel, cancel := context.WithCancel(ctx)
-	rd := &Redirector{
-		context:      ctxCancel,
-		cancel:       cancel,
-		proxyClient:  clt,
-		proxyURL:     proxyURL,
-		SSHLoginSSO:  login,
-		mux:          http.NewServeMux(),
-		key:          key,
-		shortPath:    "/" + uuid.New().String(),
-		responseC:    make(chan *authclient.SSHLoginResponse, 1),
-		errorC:       make(chan error, 1),
-		callbackAddr: callbackAddr,
-	}
-
-	if config != nil {
-		rd.RedirectorConfig = *config
-	}
-
-	if rd.SSOLoginConsoleRequestFn == nil {
-		rd.SSOLoginConsoleRequestFn = rd.issueSSOLoginConsoleRequest
-	}
-
-	// callback is a callback URL communicated to the Teleport proxy,
-	// after SAML/OIDC login, the teleport will redirect user's browser
-	// to this laptop-local URL
-	rd.mux.Handle("/callback", rd.wrapCallback(rd.callback))
-	// short path is a link-shortener style URL
-	// that will redirect to the Teleport-Proxy supplied address
-	rd.mux.HandleFunc(rd.shortPath, func(w http.ResponseWriter, r *http.Request) {
-		http.Redirect(w, r, rd.redirectURL.Value(), http.StatusFound)
-	})
-	return rd, nil
-}
-
-// Start launches local http server on the machine,
-// initiates SSO login request sequence with the Teleport Proxy
-func (rd *Redirector) Start() error {
-	if rd.BindAddr != "" {
-		log.Debugf("Binding to %v.", rd.BindAddr)
-		listener, err := net.Listen("tcp", rd.BindAddr)
-		if err != nil {
-			return trace.Wrap(err, "%v: could not bind to %v, make sure the address is host:port format for ipv4 and [ipv6]:port format for ipv6, and the address is not in use", err, rd.BindAddr)
-		}
-		rd.server = &httptest.Server{
-			Listener: listener,
-			Config: &http.Server{
-				Handler:           rd.mux,
-				ReadTimeout:       apidefaults.DefaultIOTimeout,
-				ReadHeaderTimeout: defaults.ReadHeadersTimeout,
-				WriteTimeout:      apidefaults.DefaultIOTimeout,
-				IdleTimeout:       apidefaults.DefaultIdleTimeout,
-			},
-		}
-		rd.server.Start()
-	} else {
-		rd.server = httptest.NewServer(rd.mux)
-	}
-	log.Infof("Waiting for response at: %v.", rd.server.URL)
-
-	// communicate callback redirect URL to the Teleport Proxy
-	u, err := url.Parse(rd.baseURL() + "/callback")
-	if err != nil {
-		return trace.Wrap(err)
-	}
-	u.RawQuery = url.Values{"secret_key": {rd.key.String()}}.Encode()
-
-	req := SSOLoginConsoleReq{
-		RedirectURL:          u.String(),
-		PublicKey:            rd.PubKey,
-		CertTTL:              rd.TTL,
-		ConnectorID:          rd.ConnectorID,
-		Compatibility:        rd.Compatibility,
-		RouteToCluster:       rd.RouteToCluster,
-		KubernetesCluster:    rd.KubernetesCluster,
-		AttestationStatement: rd.AttestationStatement,
-	}
-
-	response, err := rd.SSOLoginConsoleRequestFn(req)
-	if err != nil {
-		return trace.Wrap(err)
-	}
-
-	// notice late binding of the redirect URL here, it is referenced
-	// in the callback handler, but is known only after the request
-	// is sent to the Teleport Proxy, that's why
-	// redirectURL is a SyncString
-	rd.redirectURL.Set(response.RedirectURL)
-	return nil
-}
-
-// issueSSOLoginConsoleRequest is default implementation, but may be overridden via RedirectorConfig.IssueSSOLoginConsoleRequest.
-func (rd *Redirector) issueSSOLoginConsoleRequest(req SSOLoginConsoleReq) (*SSOLoginConsoleResponse, error) {
-	out, err := rd.proxyClient.PostJSON(rd.context, rd.proxyClient.Endpoint("webapi", rd.Protocol, "login", "console"), req)
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-
-	var re SSOLoginConsoleResponse
-	err = json.Unmarshal(out.Bytes(), &re)
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-
-	return &re, nil
-}
-
-// Done is called when redirector is closed
-// or parent context is closed
-func (rd *Redirector) Done() <-chan struct{} {
-	return rd.context.Done()
-}
-
-// ClickableURL returns a short clickable redirect URL
-func (rd *Redirector) ClickableURL() string {
-	if rd.server == nil {
-		return ""
-	}
-	return utils.ClickableURL(rd.baseURL() + rd.shortPath)
-}
-
-func (rd *Redirector) baseURL() string {
-	if rd.callbackAddr != "" {
-		return rd.callbackAddr
-	}
-	return rd.server.URL
-}
-
-// ResponseC returns a channel with response
-func (rd *Redirector) ResponseC() <-chan *authclient.SSHLoginResponse {
-	return rd.responseC
-}
-
-// ErrorC returns a channel with error
-func (rd *Redirector) ErrorC() <-chan error {
-	return rd.errorC
-}
-
-// callback is used by Teleport proxy to send back credentials
-// issued by Teleport proxy
-func (rd *Redirector) callback(w http.ResponseWriter, r *http.Request) (*authclient.SSHLoginResponse, error) {
-	if r.URL.Path != "/callback" {
-		return nil, trace.NotFound("path not found")
-	}
-
-	r.ParseForm()
-	if r.Form.Has("err") {
-		err := r.Form.Get("err")
-		return nil, trace.Errorf("identity provider callback failed with error: %v", err)
-	}
-
-	// Decrypt ciphertext to get login response.
-	plaintext, err := rd.key.Open([]byte(r.Form.Get("response")))
-	if err != nil {
-		return nil, trace.BadParameter("failed to decrypt response: in %v, err: %v", r.URL.String(), err)
-	}
-
-	var re authclient.SSHLoginResponse
-	err = json.Unmarshal(plaintext, &re)
-	if err != nil {
-		return nil, trace.BadParameter("failed to decrypt response: in %v, err: %v", r.URL.String(), err)
-	}
-
-	return &re, nil
-}
-
-// Close closes redirector and releases all resources
-func (rd *Redirector) Close() error {
-	rd.cancel()
-	if rd.server != nil {
-		rd.server.Close()
-	}
-	return nil
-}
-
-// wrapCallback is a helper wrapper method that wraps callback HTTP handler
-// and sends a result to the channel and redirect users to error page
-func (rd *Redirector) wrapCallback(fn func(http.ResponseWriter, *http.Request) (*authclient.SSHLoginResponse, error)) http.Handler {
-	// Generate possible redirect URLs from the proxy URL.
-	clone := *rd.proxyURL
-	clone.Path = LoginFailedRedirectURL
-	errorURL := clone.String()
-	clone.Path = LoginSuccessRedirectURL
-	successURL := clone.String()
-	clone.Path = LoginClose
-	closeURL := clone.String()
-	clone.Path = LoginTerminalRedirectURL
-
-	connectorName := rd.ConnectorName
-	if connectorName == "" {
-		connectorName = rd.ConnectorID
-	}
-	query := clone.Query()
-	query.Set("auth", connectorName)
-	clone.RawQuery = query.Encode()
-	terminalRedirectURL := clone.String()
-
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Add("Allow", "GET, OPTIONS, POST")
-		// CORS protects the _response_, and our response is always just a
-		// redirect to info/login_success or error/login so it's fine to share
-		// with the world; we could use the proxy URL as the origin, but that
-		// would break setups where the proxy public address that tsh is using
-		// is not the "main" one that ends up being used for the redirect after
-		// the IdP login
-		w.Header().Add("Access-Control-Allow-Origin", "*")
-		switch r.Method {
-		default:
-			w.WriteHeader(http.StatusMethodNotAllowed)
-			return
-		case http.MethodOptions:
-			w.WriteHeader(http.StatusOK)
-			return
-		case http.MethodGet, http.MethodPost:
-		}
-
-		response, err := fn(w, r)
-		if err != nil {
-			if trace.IsNotFound(err) {
-				http.NotFound(w, r)
-				return
-			}
-			select {
-			case rd.errorC <- err:
-			case <-rd.context.Done():
-			}
-			redirectURL := errorURL
-			// A second SSO login attempt will be initiated if a key policy requirement was not satisfied.
-			if requiredPolicy, err := keys.ParsePrivateKeyPolicyError(err); err == nil && rd.ProxySupportsKeyPolicyMessage {
-				switch requiredPolicy {
-				case keys.PrivateKeyPolicyHardwareKey, keys.PrivateKeyPolicyHardwareKeyTouch:
-					// No user interaction required.
-					redirectURL = closeURL
-				case keys.PrivateKeyPolicyHardwareKeyPIN, keys.PrivateKeyPolicyHardwareKeyTouchAndPIN:
-					// The user is prompted to enter their PIN in terminal.
-					redirectURL = terminalRedirectURL
-				}
-			}
-			http.Redirect(w, r, redirectURL, http.StatusFound)
-			return
-		}
-		select {
-		case rd.responseC <- response:
-			redirectURL := successURL
-			switch rd.PrivateKeyPolicy {
-			case keys.PrivateKeyPolicyHardwareKey:
-				// login should complete without user interaction, success.
-			case keys.PrivateKeyPolicyHardwareKeyPIN:
-				// The user is prompted to enter their PIN before this step,
-				// so we can go straight to success screen.
-			case keys.PrivateKeyPolicyHardwareKeyTouch, keys.PrivateKeyPolicyHardwareKeyTouchAndPIN:
-				// The user is prompted to touch their hardware key after
-				// this redirect, so display the terminal redirect screen.
-				redirectURL = terminalRedirectURL
-			}
-			http.Redirect(w, r, redirectURL, http.StatusFound)
-		case <-rd.context.Done():
-			http.Redirect(w, r, errorURL, http.StatusFound)
-		}
-	})
-}
diff --git a/lib/client/sso.go b/lib/client/sso.go
new file mode 100644
index 0000000000000..4a601e5041bfd
--- /dev/null
+++ b/lib/client/sso.go
@@ -0,0 +1,99 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see .
+ */
+
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"os"
+
+	"github.com/gravitational/trace"
+
+	"github.com/gravitational/teleport/api/utils/keys"
+	"github.com/gravitational/teleport/api/utils/prompt"
+	"github.com/gravitational/teleport/lib/client/sso"
+	"github.com/gravitational/teleport/lib/utils"
+)
+
+// ssoRedirectorConfig returns a standard configured sso redirector for login.
+// A display name for the SSO connector can optionally be provided for minor UI improvements.
+func (tc *TeleportClient) ssoRedirectorConfig(ctx context.Context, connectorDisplayName string) (sso.RedirectorConfig, error) {
+	if tc.CallbackAddr != "" && !utils.AsBool(os.Getenv("TELEPORT_LOGIN_SKIP_REMOTE_HOST_WARNING")) {
+		const callbackPrompt = "Logging in from a remote host means that credentials will be stored on " +
+			"the remote host. Make sure that you trust the provided callback host " +
+			"(%v) and that it resolves to the provided bind addr (%v). Continue?"
+		ok, err := prompt.Confirmation(ctx, os.Stderr, prompt.NewContextReader(os.Stdin),
+			fmt.Sprintf(callbackPrompt, tc.CallbackAddr, tc.BindAddr),
+		)
+		if err != nil {
+			return sso.RedirectorConfig{}, trace.Wrap(err)
+		}
+		if !ok {
+			return sso.RedirectorConfig{}, trace.BadParameter("Login canceled.")
+		}
+	}
+
+	return sso.RedirectorConfig{
+		ProxyAddr:            tc.WebProxyAddr,
+		BindAddr:             tc.BindAddr,
+		CallbackAddr:         tc.CallbackAddr,
+		Browser:              tc.Browser,
+		PrivateKeyPolicy:     tc.PrivateKeyPolicy,
+		ConnectorDisplayName: connectorDisplayName,
+	}, nil
+}
+
+func (tc *TeleportClient) ssoLoginInitFn(priv *keys.PrivateKey, connectorID, connectorType string) sso.CeremonyInit {
+	return func(ctx context.Context, clientCallbackURL string) (redirectURL string, err error) {
+		sshLogin, err := tc.NewSSHLogin(priv)
+		if err != nil {
+			return "", trace.Wrap(err)
+		}
+
+		// initiate SSO login through the Proxy.
+		req := SSOLoginConsoleReq{
+			RedirectURL:          clientCallbackURL,
+			PublicKey:            sshLogin.PubKey,
+			AttestationStatement: sshLogin.AttestationStatement,
+			CertTTL:              sshLogin.TTL,
+			ConnectorID:          connectorID,
+			Compatibility:        sshLogin.Compatibility,
+			RouteToCluster:       sshLogin.RouteToCluster,
+			KubernetesCluster:    sshLogin.KubernetesCluster,
+		}
+
+		clt, _, err := initClient(sshLogin.ProxyAddr, sshLogin.Insecure, sshLogin.Pool, sshLogin.ExtraHeaders)
+		if err != nil {
+			return "", trace.Wrap(err)
+		}
+
+		out, err := clt.PostJSON(ctx, clt.Endpoint("webapi", connectorType, "login", "console"), req)
+		if err != nil {
+			return "", trace.Wrap(err)
+		}
+
+		var re SSOLoginConsoleResponse
+		if err := json.Unmarshal(out.Bytes(), &re); err != nil {
+			return "", trace.Wrap(err)
+		}
+
+		return re.RedirectURL, nil
+	}
+}
diff --git a/lib/client/sso/ceremony.go b/lib/client/sso/ceremony.go
new file mode 100644
index 0000000000000..cb5b57c5a3183
--- /dev/null
+++ b/lib/client/sso/ceremony.go
@@ -0,0 +1,63 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see .
+ */
+
+package sso
+
+import (
+	"context"
+
+	"github.com/gravitational/trace"
+
+	"github.com/gravitational/teleport/lib/auth/authclient"
+)
+
+// Ceremony is a customizable SSO login ceremony.
+type Ceremony struct {
+	clientCallbackURL   string
+	Init                CeremonyInit
+	HandleRedirect      func(ctx context.Context, redirectURL string) error
+	GetCallbackResponse func(ctx context.Context) (*authclient.SSHLoginResponse, error)
+}
+
+// CeremonyInit initializes an SSO login ceremony.
+type CeremonyInit func(ctx context.Context, clientCallbackURL string) (redirectURL string, err error)
+
+// Run the SSO ceremony.
+func (c *Ceremony) Run(ctx context.Context) (*authclient.SSHLoginResponse, error) {
+	redirectURL, err := c.Init(ctx, c.clientCallbackURL)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	if err := c.HandleRedirect(ctx, redirectURL); err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	resp, err := c.GetCallbackResponse(ctx)
+	return resp, trace.Wrap(err)
+}
+
+// NewCLICeremony creates a new CLI SSO ceremony from the given redirector.
+func NewCLICeremony(rd *Redirector, init CeremonyInit) *Ceremony {
+	return &Ceremony{
+		clientCallbackURL:   rd.ClientCallbackURL,
+		Init:                init,
+		HandleRedirect:      rd.OpenRedirect,
+		GetCallbackResponse: rd.WaitForResponse,
+	}
+}
diff --git a/lib/client/sso/ceremony_test.go b/lib/client/sso/ceremony_test.go
new file mode 100644
index 0000000000000..0851ac1b4daf2
--- /dev/null
+++ b/lib/client/sso/ceremony_test.go
@@ -0,0 +1,100 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see .
+ */
+
+package sso_test
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"regexp"
+	"testing"
+	"text/template"
+
+	"github.com/gravitational/trace"
+	"github.com/stretchr/testify/require"
+
+	"github.com/gravitational/teleport"
+	"github.com/gravitational/teleport/lib/client/sso"
+	"github.com/gravitational/teleport/lib/web"
+)
+
+func TestCLICeremony(t *testing.T) {
+	mockProxy := newMockProxy(t)
+	username := "alice"
+
+	// Capture stderr.
+	stderr := bytes.NewBuffer([]byte{})
+
+	// Create a basic redirector.
+	rd, err := sso.NewRedirector(sso.RedirectorConfig{
+		ProxyAddr: mockProxy.URL,
+		Browser:   teleport.BrowserNone,
+		Stderr:    stderr,
+	})
+	require.NoError(t, err)
+	t.Cleanup(rd.Close)
+
+	// Construct a fake ssh login response with the redirector's client callback URL.
+	successResponseURL, err := web.ConstructSSHResponse(web.AuthParams{
+		ClientRedirectURL: rd.ClientCallbackURL,
+		Username:          username,
+	})
+	require.NoError(t, err)
+
+	// Open a mock IdP server which will handle a redirect and result in the expected IdP session payload.
+	mockIdPServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		http.Redirect(w, r, successResponseURL.String(), http.StatusPermanentRedirect)
+	}))
+	t.Cleanup(mockIdPServer.Close)
+
+	ceremony := sso.NewCLICeremony(rd, func(ctx context.Context, clientCallbackURL string) (redirectURL string, err error) {
+		return mockIdPServer.URL, nil
+	})
+
+	template.New("Failed to open a browser window for login: %v\n")
+
+	// Modify handle redirect to also browse to the clickable URL printed to stderr.
+	baseHandleRedirect := ceremony.HandleRedirect
+	ceremony.HandleRedirect = func(ctx context.Context, redirectURL string) error {
+		if err := baseHandleRedirect(ctx, redirectURL); err != nil {
+			return trace.Wrap(err)
+		}
+
+		// Read the clickable url from stderr and navigate to it
+		// using a simplified regexp for http://127.0.0.1:/
+		clickableURLPattern := "http://127.0.0.1:.*/.*[0-9a-f]"
+		clickableURL := regexp.MustCompile(clickableURLPattern).Find(stderr.Bytes())
+
+		resp, err := http.Get(string(clickableURL))
+		require.NoError(t, err)
+		defer resp.Body.Close()
+
+		// User should be redirected to success screen.
+		body, err := io.ReadAll(resp.Body)
+		require.NoError(t, err)
+		require.Equal(t, sso.LoginSuccessRedirectURL, string(body))
+		return nil
+	}
+
+	loginResp, err := ceremony.Run(context.Background())
+	require.NoError(t, err)
+	require.Equal(t, username, loginResp.Username)
+}
diff --git a/lib/client/sso/redirector.go b/lib/client/sso/redirector.go
new file mode 100644
index 0000000000000..0becda83a9b8c
--- /dev/null
+++ b/lib/client/sso/redirector.go
@@ -0,0 +1,469 @@
+/*
+ * Teleport
+ * Copyright (C) 2024 Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see .
+ */
+
+package sso
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"log/slog"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"os"
+	"os/exec"
+	"runtime"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/gravitational/trace"
+
+	"github.com/gravitational/teleport"
+	"github.com/gravitational/teleport/api/constants"
+	apidefaults "github.com/gravitational/teleport/api/defaults"
+	apiutils "github.com/gravitational/teleport/api/utils"
+	"github.com/gravitational/teleport/api/utils/keys"
+	"github.com/gravitational/teleport/lib/auth/authclient"
+	"github.com/gravitational/teleport/lib/defaults"
+	"github.com/gravitational/teleport/lib/secret"
+	"github.com/gravitational/teleport/lib/utils"
+)
+
+const (
+	// LoginSuccessRedirectURL is a redirect URL when login was successful without errors.
+	LoginSuccessRedirectURL = "/web/msg/info/login_success"
+
+	// LoginTerminalRedirectURL is a redirect URL when login requires extra
+	// action in the terminal, but was otherwise successful in the browser (ex.
+	// need a hardware key tap).
+	LoginTerminalRedirectURL = "/web/msg/info/login_terminal"
+
+	// LoginFailedRedirectURL is the default redirect URL when an SSO error was encountered.
+	LoginFailedRedirectURL = "/web/msg/error/login"
+
+	// LoginFailedBadCallbackRedirectURL is a redirect URL when an SSO error specific to
+	// auth connector's callback was encountered.
+	LoginFailedBadCallbackRedirectURL = "/web/msg/error/login/callback"
+
+	// LoginFailedUnauthorizedRedirectURL is a redirect URL for when an SSO authenticates successfully,
+	// but the user has no matching roles in Teleport.
+	LoginFailedUnauthorizedRedirectURL = "/web/msg/error/login/auth"
+
+	// LoginClose is a redirect URL that will close the tab performing the SSO
+	// login. It's used when a second tab will be opened due to the first
+	// failing (such as an unmet hardware key policy) and the first should be
+	// ignored.
+	LoginClose = "/web/msg/info/login_close"
+
+	// SAMLSingleLogoutFailedRedirectURL is the default redirect URL when an error was encountered during SAML Single Logout.
+	SAMLSingleLogoutFailedRedirectURL = "/web/msg/error/slo"
+
+	// DefaultLoginURL is the default login page.
+	DefaultLoginURL = "/web/login"
+)
+
+// RedirectorConfig is configuration for an sso redirector.
+type RedirectorConfig struct {
+	// ProxyAddr is the Teleport proxy address to use as the base redirect address
+	// at the end of an SSO ceremony. e.g. https:///web/msg/info/login_success
+	// required.
+	ProxyAddr string
+
+	// BindAddr is an optional host:port address to bind the local callback listener
+	// to instead of localhost:
+	BindAddr string
+	// CallbackAddr is an optional base URL to use as a callback address for the
+	// local callback listener instead of localhost. If supplied, BindAddr must
+	// be set to match it.
+	CallbackAddr string
+	// Browser can be used to pass the name of a browser to override the system
+	// default (not currently implemented), or set to 'none' to suppress
+	// browser opening entirely.
+	Browser string
+	// PrivateKeyPolicy is a key policy to follow during login.
+	PrivateKeyPolicy keys.PrivateKeyPolicy
+	// ConnectorDisplayName is an optional display name which may be used in some
+	// redirect URL pages.
+	ConnectorDisplayName string
+	// Stderr is used output a clickable redirect URL for the user to complete login.
+	Stderr io.Writer
+}
+
+// Redirector handles SSH redirect flow with the Teleport server
+type Redirector struct {
+	RedirectorConfig
+
+	server *httptest.Server
+	mux    *http.ServeMux
+
+	// ClientCallbackURL is set once the redirector's local http server is running.
+	ClientCallbackURL string
+
+	// key is a secret key used to encode/decode
+	// the data with the server, it is used so that other
+	// programs running on the same computer can't easilly sniff
+	// the data
+	key secret.Key
+	// responseC is a channel to receive responses
+	responseC chan *authclient.SSHLoginResponse
+	// errorC will contain errors
+	errorC chan error
+	// doneC will be closed when the redirector is closed.
+	doneC chan struct{}
+	// proxyURL is a URL to the Teleport Proxy
+	proxyURL *url.URL
+}
+
+// NewRedirector returns new local web server redirector
+func NewRedirector(config RedirectorConfig) (*Redirector, error) {
+	if config.ProxyAddr == "" {
+		return nil, trace.BadParameter("missing required field ProxyAddr")
+	}
+
+	// Add protocol if it's not present.
+	proxyAddr := config.ProxyAddr
+	if !strings.HasPrefix(proxyAddr, "https://") && !strings.HasPrefix(proxyAddr, "http://") {
+		proxyAddr = "https://" + proxyAddr
+	}
+
+	proxyURL, err := url.Parse(proxyAddr)
+	if err != nil {
+		return nil, trace.Wrap(err, "'%v' is not a valid proxy address", config.ProxyAddr)
+	}
+
+	if config.Stderr == nil {
+		config.Stderr = os.Stderr
+	}
+
+	// Create secret key that will be sent with the request and then used the
+	// decrypt the response from the server.
+	key, err := secret.NewKey()
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	// parse and format CallbackAddr.
+	if config.CallbackAddr != "" {
+		callbackURL, err := apiutils.ParseURL(config.CallbackAddr)
+		if err != nil {
+			return nil, trace.Wrap(err)
+		}
+		// Default to HTTPS if no scheme is specified.
+		// This will allow users to specify an insecure HTTP URL but
+		// the backend will verify if the callback URL is allowed.
+		if callbackURL.Scheme == "" {
+			callbackURL.Scheme = "https"
+		}
+		config.CallbackAddr = callbackURL.String()
+	}
+
+	rd := &Redirector{
+		RedirectorConfig: config,
+		proxyURL:         proxyURL,
+		mux:              http.NewServeMux(),
+		key:              key,
+		responseC:        make(chan *authclient.SSHLoginResponse, 1),
+		errorC:           make(chan error, 1),
+		doneC:            make(chan struct{}),
+	}
+
+	// callback is a callback URL communicated to the Teleport proxy,
+	// after SAML/OIDC login, the teleport will redirect user's browser
+	// to this laptop-local URL
+	rd.mux.Handle("/callback", rd.wrapCallback(rd.callback))
+
+	if err := rd.startServer(); err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	return rd, nil
+}
+
+// startServer starts an http server to handle the sso client callback.
+func (rd *Redirector) startServer() error {
+	if rd.BindAddr != "" {
+		slog.DebugContext(context.Background(), "Binding to provided bind address.", "addr", rd.BindAddr)
+		listener, err := net.Listen("tcp", rd.BindAddr)
+		if err != nil {
+			return trace.Wrap(err, "%v: could not bind to %v, make sure the address is host:port format for ipv4 and [ipv6]:port format for ipv6, and the address is not in use", err, rd.BindAddr)
+		}
+		rd.server = &httptest.Server{
+			Listener: listener,
+			Config: &http.Server{
+				Handler:           rd.mux,
+				ReadTimeout:       apidefaults.DefaultIOTimeout,
+				ReadHeaderTimeout: defaults.ReadHeadersTimeout,
+				WriteTimeout:      apidefaults.DefaultIOTimeout,
+				IdleTimeout:       apidefaults.DefaultIdleTimeout,
+			},
+		}
+		rd.server.Start()
+	} else {
+		rd.server = httptest.NewServer(rd.mux)
+	}
+
+	// Prepare callback URL.
+	u, err := url.Parse(rd.baseURL() + "/callback")
+	if err != nil {
+		return trace.Wrap(err)
+	}
+	u.RawQuery = url.Values{"secret_key": {rd.key.String()}}.Encode()
+	rd.ClientCallbackURL = u.String()
+
+	return nil
+}
+
+// OpenRedirect opens the redirect URL in a new browser window.
+func (rd *Redirector) OpenRedirect(ctx context.Context, redirectURL string) error {
+	clickableURL := rd.clickableURL(redirectURL)
+
+	// If a command was found to launch the browser, create and start it.
+	if err := OpenURLInBrowser(rd.Browser, clickableURL); err != nil {
+		fmt.Fprintf(rd.Stderr, "Failed to open a browser window for login: %v\n", err)
+	}
+
+	// Print the URL to the screen, in case the command that launches the browser did not run.
+	// If Browser is set to the special string teleport.BrowserNone, no browser will be opened.
+	if rd.Browser == teleport.BrowserNone {
+		fmt.Fprintf(rd.Stderr, "Use the following URL to authenticate:\n %v\n", clickableURL)
+	} else {
+		fmt.Fprintf(rd.Stderr, "If browser window does not open automatically, open it by ")
+		fmt.Fprintf(rd.Stderr, "clicking on the link:\n %v\n", clickableURL)
+	}
+
+	return nil
+}
+
+// clickableURL returns a short, clickable URL that will redirect
+// the browser to the SSO redirect URL.
+func (rd *Redirector) clickableURL(redirectURL string) string {
+	// shortPath is a link-shortener path presented to the user
+	// it is used to open up the browser window, notice
+	// that redirectURL will be set later
+	shortPath := "/" + uuid.New().String()
+
+	// short path is a link-shortener style URL
+	// that will redirect to the Teleport-Proxy supplied address
+	rd.mux.HandleFunc(shortPath, func(w http.ResponseWriter, r *http.Request) {
+		http.Redirect(w, r, redirectURL, http.StatusFound)
+	})
+
+	return utils.ClickableURL(rd.baseURL() + shortPath)
+}
+
+func (rd *Redirector) baseURL() string {
+	if rd.CallbackAddr != "" {
+		return rd.CallbackAddr
+	}
+	return rd.server.URL
+}
+
+// OpenURLInBrowser opens a URL in a web browser.
+func OpenURLInBrowser(browser string, URL string) error {
+	var execCmd *exec.Cmd
+	if browser != teleport.BrowserNone {
+		switch runtime.GOOS {
+		// macOS.
+		case constants.DarwinOS:
+			path, err := exec.LookPath(teleport.OpenBrowserDarwin)
+			if err == nil {
+				execCmd = exec.Command(path, URL)
+			}
+		// Windows.
+		case constants.WindowsOS:
+			path, err := exec.LookPath(teleport.OpenBrowserWindows)
+			if err == nil {
+				execCmd = exec.Command(path, "url.dll,FileProtocolHandler", URL)
+			}
+		// Linux or any other operating system.
+		default:
+			path, err := exec.LookPath(teleport.OpenBrowserLinux)
+			if err == nil {
+				execCmd = exec.Command(path, URL)
+			}
+		}
+	}
+	if execCmd != nil {
+		if err := execCmd.Start(); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// WaitForResponse waits for a response from the callback handler.
+func (rd *Redirector) WaitForResponse(ctx context.Context) (*authclient.SSHLoginResponse, error) {
+	slog.InfoContext(ctx, "Waiting for response", "callback_url", rd.server.URL)
+	select {
+	case err := <-rd.ErrorC():
+		slog.DebugContext(ctx, "Got an error", "err", err)
+		return nil, trace.Wrap(err)
+	case response := <-rd.ResponseC():
+		slog.DebugContext(ctx, "Got response from browser.")
+		return response, nil
+	case <-time.After(defaults.SSOCallbackTimeout):
+		slog.DebugContext(ctx, "Timed out waiting for callback", "timeout", defaults.SSOCallbackTimeout)
+		return nil, trace.Wrap(trace.Errorf("timed out waiting for callback"))
+	case <-rd.Done():
+		slog.DebugContext(ctx, "Redirector closed")
+		return nil, trace.Errorf("redirector closed")
+	case <-ctx.Done():
+		slog.DebugContext(ctx, "Canceled by user.")
+		return nil, trace.Wrap(ctx.Err(), "canceled by user")
+	}
+}
+
+// Done is called when redirector is closed
+// or parent context is closed
+func (rd *Redirector) Done() <-chan struct{} {
+	return rd.doneC
+}
+
+// ResponseC returns a channel with response
+func (rd *Redirector) ResponseC() <-chan *authclient.SSHLoginResponse {
+	return rd.responseC
+}
+
+// ErrorC returns a channel with error
+func (rd *Redirector) ErrorC() <-chan error {
+	return rd.errorC
+}
+
+// callback is used by Teleport proxy to send back credentials
+// issued by Teleport proxy
+func (rd *Redirector) callback(w http.ResponseWriter, r *http.Request) (*authclient.SSHLoginResponse, error) {
+	if r.URL.Path != "/callback" {
+		return nil, trace.NotFound("path not found")
+	}
+
+	r.ParseForm()
+	if r.Form.Has("err") {
+		err := r.Form.Get("err")
+		return nil, trace.Errorf("identity provider callback failed with error: %v", err)
+	}
+
+	// Decrypt ciphertext to get login response.
+	plaintext, err := rd.key.Open([]byte(r.Form.Get("response")))
+	if err != nil {
+		return nil, trace.BadParameter("failed to decrypt response: in %v, err: %v", r.URL.String(), err)
+	}
+
+	var re authclient.SSHLoginResponse
+	err = json.Unmarshal(plaintext, &re)
+	if err != nil {
+		return nil, trace.BadParameter("failed to decrypt response: in %v, err: %v", r.URL.String(), err)
+	}
+
+	return &re, nil
+}
+
+// Close closes redirector and releases all resources
+func (rd *Redirector) Close() {
+	close(rd.doneC)
+	rd.server.Close()
+}
+
+// wrapCallback is a helper wrapper method that wraps callback HTTP handler
+// and sends a result to the channel and redirect users to error page
+func (rd *Redirector) wrapCallback(fn func(http.ResponseWriter, *http.Request) (*authclient.SSHLoginResponse, error)) http.Handler {
+	// Generate possible redirect URLs from the proxy URL.
+	clone := *rd.proxyURL
+	clone.Path = LoginFailedRedirectURL
+	errorURL := clone.String()
+	clone.Path = LoginSuccessRedirectURL
+	successURL := clone.String()
+	clone.Path = LoginClose
+	closeURL := clone.String()
+
+	clone.Path = LoginTerminalRedirectURL
+	if rd.ConnectorDisplayName != "" {
+		query := clone.Query()
+		query.Set("auth", rd.ConnectorDisplayName)
+		clone.RawQuery = query.Encode()
+	}
+	terminalRedirectURL := clone.String()
+
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Add("Allow", "GET, OPTIONS, POST")
+		// CORS protects the _response_, and our response is always just a
+		// redirect to info/login_success or error/login so it's fine to share
+		// with the world; we could use the proxy URL as the origin, but that
+		// would break setups where the proxy public address that tsh is using
+		// is not the "main" one that ends up being used for the redirect after
+		// the IdP login
+		w.Header().Add("Access-Control-Allow-Origin", "*")
+		switch r.Method {
+		default:
+			w.WriteHeader(http.StatusMethodNotAllowed)
+			return
+		case http.MethodOptions:
+			w.WriteHeader(http.StatusOK)
+			return
+		case http.MethodGet, http.MethodPost:
+		}
+
+		response, err := fn(w, r)
+		if err != nil {
+			if trace.IsNotFound(err) {
+				http.NotFound(w, r)
+				return
+			}
+			select {
+			case rd.errorC <- err:
+			case <-rd.Done():
+			}
+			redirectURL := errorURL
+			// A second SSO login attempt will be initiated if a key policy requirement was not satisfied.
+			if requiredPolicy, err := keys.ParsePrivateKeyPolicyError(err); err == nil {
+				switch requiredPolicy {
+				case keys.PrivateKeyPolicyHardwareKey, keys.PrivateKeyPolicyHardwareKeyTouch:
+					// No user interaction required.
+					redirectURL = closeURL
+				case keys.PrivateKeyPolicyHardwareKeyPIN, keys.PrivateKeyPolicyHardwareKeyTouchAndPIN:
+					// The user is prompted to enter their PIN in terminal.
+					redirectURL = terminalRedirectURL
+				}
+			}
+			http.Redirect(w, r, redirectURL, http.StatusFound)
+			return
+		}
+		select {
+		case rd.responseC <- response:
+			redirectURL := successURL
+			switch rd.PrivateKeyPolicy {
+			case keys.PrivateKeyPolicyHardwareKey:
+				// login should complete without user interaction, success.
+			case keys.PrivateKeyPolicyHardwareKeyPIN:
+				// The user is prompted to enter their PIN before this step,
+				// so we can go straight to success screen.
+			case keys.PrivateKeyPolicyHardwareKeyTouch, keys.PrivateKeyPolicyHardwareKeyTouchAndPIN:
+				// The user is prompted to touch their hardware key after
+				// this redirect, so display the terminal redirect screen.
+				redirectURL = terminalRedirectURL
+			}
+			http.Redirect(w, r, redirectURL, http.StatusFound)
+		case <-rd.Done():
+			http.Redirect(w, r, errorURL, http.StatusFound)
+		}
+	})
+}
diff --git a/lib/client/sso/redirector_test.go b/lib/client/sso/redirector_test.go
new file mode 100644
index 0000000000000..e684caf2e98ff
--- /dev/null
+++ b/lib/client/sso/redirector_test.go
@@ -0,0 +1,268 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see .
+ */
+
+package sso_test
+
+import (
+	"context"
+	"errors"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/gravitational/teleport/api/utils/keys"
+	"github.com/gravitational/teleport/lib/client/sso"
+	"github.com/gravitational/teleport/lib/web"
+)
+
+func TestRedirector(t *testing.T) {
+	ctx := context.Background()
+	username := "alice"
+
+	mockProxy := newMockProxy(t)
+
+	// Create a basic redirector.
+	rd, err := sso.NewRedirector(sso.RedirectorConfig{
+		ProxyAddr: mockProxy.URL,
+	})
+	require.NoError(t, err)
+	t.Cleanup(rd.Close)
+
+	// Ensure that ClientCallbackURL is a valid url.
+	_, err = url.Parse(rd.ClientCallbackURL)
+	require.NoError(t, err)
+
+	// Construct a fake ssh login response with the redirector's client callback URL.
+	successResponseURL, err := web.ConstructSSHResponse(web.AuthParams{
+		ClientRedirectURL: rd.ClientCallbackURL,
+		Username:          username,
+	})
+	require.NoError(t, err)
+
+	newErrorResponseURL := func(err error) string {
+		failureResponseURL, _ := url.Parse(rd.ClientCallbackURL)
+		query := failureResponseURL.Query()
+		query.Set("err", err.Error())
+		failureResponseURL.RawQuery = query.Encode()
+		return failureResponseURL.String()
+	}
+
+	for _, tt := range []struct {
+		name             string
+		idpHandler       http.HandlerFunc
+		privateKeyPolicy keys.PrivateKeyPolicy
+		expectRedirect   string
+		assertErr        require.ErrorAssertionFunc
+	}{
+		{
+			name: "OK login success",
+			idpHandler: func(w http.ResponseWriter, r *http.Request) {
+				http.Redirect(w, r, successResponseURL.String(), http.StatusPermanentRedirect)
+			},
+			expectRedirect: sso.LoginSuccessRedirectURL,
+			assertErr:      require.NoError,
+		},
+		{
+			name: "NOK no login response",
+			idpHandler: func(w http.ResponseWriter, r *http.Request) {
+				// No response or error encoded.
+				http.Redirect(w, r, rd.ClientCallbackURL, http.StatusPermanentRedirect)
+			},
+			expectRedirect: sso.LoginFailedRedirectURL,
+			assertErr:      require.Error,
+		},
+		{
+			name: "NOK server error",
+			idpHandler: func(w http.ResponseWriter, r *http.Request) {
+				// Encode a login error in the client callback URL.
+				http.Redirect(w, r, newErrorResponseURL(errors.New("login failed")), http.StatusPermanentRedirect)
+			},
+			expectRedirect: sso.LoginFailedRedirectURL,
+			assertErr: func(t require.TestingT, err error, v ...interface{}) {
+				require.ErrorContains(t, err, "login failed", "expected login failed error but got %v", err)
+			},
+		},
+		{
+			name: "NOK indirect server failure",
+			idpHandler: func(w http.ResponseWriter, r *http.Request) {
+				// The client may redirect straight to the proxy if the client callback is misformed
+				// or from other indirect login failures.
+				proxyRedirectURL, err := url.Parse(mockProxy.URL)
+				require.NoError(t, err)
+
+				proxyRedirectURL.Path = sso.LoginFailedBadCallbackRedirectURL
+				http.Redirect(w, r, proxyRedirectURL.String(), http.StatusPermanentRedirect)
+			},
+			expectRedirect: sso.LoginFailedBadCallbackRedirectURL,
+			assertErr: func(t require.TestingT, err error, v ...interface{}) {
+				// The sso login will timeout due to the client callback never being redirected to.
+				require.ErrorIs(t, err, context.DeadlineExceeded)
+			},
+		},
+		// PrivateKeyPolicy tests
+		{
+			name: "OK close redirect failed hardware_key login",
+			idpHandler: func(w http.ResponseWriter, r *http.Request) {
+				// Encode a private key policy error in the client callback URL.
+				err := keys.NewPrivateKeyPolicyError(keys.PrivateKeyPolicyHardwareKey)
+				http.Redirect(w, r, newErrorResponseURL(err), http.StatusPermanentRedirect)
+			},
+			expectRedirect: sso.LoginClose,
+			assertErr: func(tt require.TestingT, err error, i ...interface{}) {
+				policy, err := keys.ParsePrivateKeyPolicyError(err)
+				require.NoError(t, err, "expected private key policy error but got %v", err)
+				require.Equal(t, keys.PrivateKeyPolicyHardwareKey, policy)
+			},
+		},
+		{
+			name: "OK close redirect failed hardware_key_touch login",
+			idpHandler: func(w http.ResponseWriter, r *http.Request) {
+				// Encode a private key policy error in the client callback URL.
+				err := keys.NewPrivateKeyPolicyError(keys.PrivateKeyPolicyHardwareKeyTouch)
+				http.Redirect(w, r, newErrorResponseURL(err), http.StatusPermanentRedirect)
+			},
+			expectRedirect: sso.LoginClose,
+			assertErr: func(tt require.TestingT, err error, i ...interface{}) {
+				policy, err := keys.ParsePrivateKeyPolicyError(err)
+				require.NoError(t, err, "expected private key policy error but got %v", err)
+				require.Equal(t, keys.PrivateKeyPolicyHardwareKeyTouch, policy)
+			},
+		},
+		{
+			name: "OK terminal redirect on failed hardware_key_pin login",
+			idpHandler: func(w http.ResponseWriter, r *http.Request) {
+				// Encode a private key policy error in the client callback URL.
+				err := keys.NewPrivateKeyPolicyError(keys.PrivateKeyPolicyHardwareKeyPIN)
+				http.Redirect(w, r, newErrorResponseURL(err), http.StatusPermanentRedirect)
+			},
+			expectRedirect: sso.LoginTerminalRedirectURL,
+			assertErr: func(tt require.TestingT, err error, i ...interface{}) {
+				policy, err := keys.ParsePrivateKeyPolicyError(err)
+				require.NoError(t, err, "expected private key policy error but got %v", err)
+				require.Equal(t, keys.PrivateKeyPolicyHardwareKeyPIN, policy)
+			},
+		},
+		{
+			name: "OK terminal redirect on failed hardware_key_touch_and_pin login",
+			idpHandler: func(w http.ResponseWriter, r *http.Request) {
+				// Encode a private key policy error in the client callback URL.
+				err := keys.NewPrivateKeyPolicyError(keys.PrivateKeyPolicyHardwareKeyTouchAndPIN)
+				http.Redirect(w, r, newErrorResponseURL(err), http.StatusPermanentRedirect)
+			},
+			expectRedirect: sso.LoginTerminalRedirectURL,
+			assertErr: func(tt require.TestingT, err error, i ...interface{}) {
+				policy, err := keys.ParsePrivateKeyPolicyError(err)
+				require.NoError(t, err, "expected private key policy error but got %v", err)
+				require.Equal(t, keys.PrivateKeyPolicyHardwareKeyTouchAndPIN, policy)
+			},
+		},
+		{
+			name: "OK success redirect on success with hardware_key",
+			idpHandler: func(w http.ResponseWriter, r *http.Request) {
+				http.Redirect(w, r, successResponseURL.String(), http.StatusPermanentRedirect)
+			},
+			privateKeyPolicy: keys.PrivateKeyPolicyHardwareKey,
+			expectRedirect:   sso.LoginSuccessRedirectURL,
+			assertErr:        require.NoError,
+		},
+		{
+			name: "OK success redirect on success with hardware_key_pin",
+			idpHandler: func(w http.ResponseWriter, r *http.Request) {
+				http.Redirect(w, r, successResponseURL.String(), http.StatusPermanentRedirect)
+			},
+			privateKeyPolicy: keys.PrivateKeyPolicyHardwareKeyPIN,
+			expectRedirect:   sso.LoginSuccessRedirectURL,
+			assertErr:        require.NoError,
+		},
+		{
+			name: "OK terminal redirect on success with hardware_key_touch",
+			idpHandler: func(w http.ResponseWriter, r *http.Request) {
+				http.Redirect(w, r, successResponseURL.String(), http.StatusPermanentRedirect)
+			},
+			privateKeyPolicy: keys.PrivateKeyPolicyHardwareKeyTouch,
+			expectRedirect:   sso.LoginTerminalRedirectURL,
+			assertErr:        require.NoError,
+		},
+		{
+			name: "OK terminal redirect on success with hardware_key_touch_and_pin",
+			idpHandler: func(w http.ResponseWriter, r *http.Request) {
+				http.Redirect(w, r, successResponseURL.String(), http.StatusPermanentRedirect)
+			},
+			privateKeyPolicy: keys.PrivateKeyPolicyHardwareKeyTouchAndPIN,
+			expectRedirect:   sso.LoginTerminalRedirectURL,
+			assertErr:        require.NoError,
+		},
+	} {
+		t.Run(tt.name, func(t *testing.T) {
+			rd.PrivateKeyPolicy = tt.privateKeyPolicy
+
+			// Open a mock IdP server which will handle a redirect and result in the expected IdP session payload.
+			mockIdPServer := httptest.NewServer(tt.idpHandler)
+			t.Cleanup(mockIdPServer.Close)
+
+			// connecting to the mockIdPServer should redirect to the client callback, parsing the login response.
+			// We should be redirected to the sso success page.
+			resp, err := http.Get(mockIdPServer.URL)
+			require.NoError(t, err)
+			defer resp.Body.Close()
+
+			body, err := io.ReadAll(resp.Body)
+			require.NoError(t, err)
+			require.Equal(t, tt.expectRedirect, string(body))
+
+			// Sending a request to the IdP server should result in a redirector callback result.
+			ctx, cancel := context.WithTimeout(ctx, time.Second)
+			defer cancel()
+
+			loginResponse, err := rd.WaitForResponse(ctx)
+			tt.assertErr(t, err)
+
+			if err == nil {
+				require.Equal(t, username, loginResponse.Username)
+			}
+		})
+	}
+}
+
+// create a mock proxy server which echos the final proxy redirect destination page. e.g. sso success page.
+func newMockProxy(t *testing.T) *httptest.Server {
+	mux := http.NewServeMux()
+	mux.HandleFunc(sso.LoginSuccessRedirectURL, func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte(sso.LoginSuccessRedirectURL))
+	})
+	mux.HandleFunc(sso.LoginFailedRedirectURL, func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte(sso.LoginFailedRedirectURL))
+	})
+	mux.HandleFunc(sso.LoginFailedBadCallbackRedirectURL, func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte(sso.LoginFailedBadCallbackRedirectURL))
+	})
+	mux.HandleFunc(sso.LoginClose, func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte(sso.LoginClose))
+	})
+	mux.HandleFunc(sso.LoginTerminalRedirectURL, func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte(sso.LoginTerminalRedirectURL))
+	})
+	srv := httptest.NewServer(mux)
+	t.Cleanup(srv.Close)
+	return srv
+}
diff --git a/lib/client/weblogin.go b/lib/client/weblogin.go
index ca3d60eac3442..d0a32626a743e 100644
--- a/lib/client/weblogin.go
+++ b/lib/client/weblogin.go
@@ -32,8 +32,6 @@ import (
 	"net/http/cookiejar"
 	"net/url"
 	"os"
-	"os/exec"
-	"runtime"
 	"time"
 
 	"github.com/go-webauthn/webauthn/protocol"
@@ -44,19 +42,15 @@ import (
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/client/proto"
 	"github.com/gravitational/teleport/api/client/webclient"
-	"github.com/gravitational/teleport/api/constants"
 	"github.com/gravitational/teleport/api/mfa"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/utils/keys"
-	"github.com/gravitational/teleport/api/utils/prompt"
 	"github.com/gravitational/teleport/lib/auth/authclient"
 	wancli "github.com/gravitational/teleport/lib/auth/webauthncli"
 	wantypes "github.com/gravitational/teleport/lib/auth/webauthntypes"
-	libmfa "github.com/gravitational/teleport/lib/client/mfa"
 	"github.com/gravitational/teleport/lib/defaults"
 	"github.com/gravitational/teleport/lib/httplib"
 	"github.com/gravitational/teleport/lib/httplib/csrf"
-	"github.com/gravitational/teleport/lib/utils"
 	websession "github.com/gravitational/teleport/lib/web/session"
 )
 
@@ -243,28 +237,12 @@ type SSHLogin struct {
 // SSHLoginSSO contains SSH login parameters for SSO login.
 type SSHLoginSSO struct {
 	SSHLogin
-	// ConnectorID is the OIDC or SAML connector ID to use
+	// ConnectorID is the SSO Auth connector ID to use.
 	ConnectorID string
-	// ConnectorName is the display name of the connector.
+	// ConnectorName is the display name of the SSO Auth connector.
 	ConnectorName string
-	// Protocol is an optional protocol selection
-	Protocol string
-	// BindAddr is an optional host:port address to bind
-	// to for SSO login flows
-	BindAddr string
-	// CallbackAddr is the optional base URL to give to the user when performing
-	// SSO redirect flows.
-	CallbackAddr string
-	// Browser can be used to pass the name of a browser to override the system
-	// default (not currently implemented), or set to 'none' to suppress
-	// browser opening entirely.
-	Browser string
-	// PrivateKeyPolicy is a key policy to follow during login.
-	PrivateKeyPolicy keys.PrivateKeyPolicy
-	// ProxySupportsKeyPolicyMessage lets the tsh redirector give users more
-	// useful messages in the web UI if the proxy supports them.
-	// TODO(atburke): DELETE in v17.0.0
-	ProxySupportsKeyPolicyMessage bool
+	// ConnectorType is the type of SSO Auth connector.
+	ConnectorType string
 }
 
 // SSHLoginDirect contains SSH login parameters for direct (user/pass/OTP)
@@ -282,9 +260,8 @@ type SSHLoginDirect struct {
 // SSHLoginMFA contains SSH login parameters for MFA login.
 type SSHLoginMFA struct {
 	SSHLogin
-	// PromptMFA is a customizable MFA prompt function.
-	// Defaults to [mfa.NewPrompt().Run]
-	PromptMFA mfa.Prompt
+	// MFAPromptConstructor is a custom MFA prompt constructor to use when prompting for MFA.
+	MFAPromptConstructor mfa.PromptConstructor
 	// User is the login username.
 	User string
 	// Password is the login password.
@@ -389,65 +366,6 @@ func initClient(proxyAddr string, insecure bool, pool *x509.CertPool, extraHeade
 	return clt, u, nil
 }
 
-// SSHAgentSSOLogin is used by tsh to fetch user credentials using OpenID Connect (OIDC) or SAML.
-func SSHAgentSSOLogin(ctx context.Context, login SSHLoginSSO, config *RedirectorConfig) (*authclient.SSHLoginResponse, error) {
-	if login.CallbackAddr != "" && !utils.AsBool(os.Getenv("TELEPORT_LOGIN_SKIP_REMOTE_HOST_WARNING")) {
-		const callbackPrompt = "Logging in from a remote host means that credentials will be stored on " +
-			"the remote host. Make sure that you trust the provided callback host " +
-			"(%v) and that it resolves to the provided bind addr (%v). Continue?"
-		ok, err := prompt.Confirmation(ctx, os.Stderr, prompt.NewContextReader(os.Stdin),
-			fmt.Sprintf(callbackPrompt, login.CallbackAddr, login.BindAddr),
-		)
-		if err != nil {
-			return nil, trace.Wrap(err)
-		}
-		if !ok {
-			return nil, trace.BadParameter("Login canceled.")
-		}
-	}
-	rd, err := NewRedirector(ctx, login, config)
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-
-	if err := rd.Start(); err != nil {
-		return nil, trace.Wrap(err)
-	}
-	defer rd.Close()
-
-	clickableURL := rd.ClickableURL()
-
-	// If a command was found to launch the browser, create and start it.
-	err = OpenURLInBrowser(login.Browser, clickableURL)
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "Failed to open a browser window for login: %v\n", err)
-	}
-
-	// Print the URL to the screen, in case the command that launches the browser did not run.
-	// If Browser is set to the special string teleport.BrowserNone, no browser will be opened.
-	if login.Browser == teleport.BrowserNone {
-		fmt.Fprintf(os.Stderr, "Use the following URL to authenticate:\n %v\n", clickableURL)
-	} else {
-		fmt.Fprintf(os.Stderr, "If browser window does not open automatically, open it by ")
-		fmt.Fprintf(os.Stderr, "clicking on the link:\n %v\n", clickableURL)
-	}
-
-	select {
-	case err := <-rd.ErrorC():
-		log.Debugf("Got an error: %v.", err)
-		return nil, trace.Wrap(err)
-	case response := <-rd.ResponseC():
-		log.Debugf("Got response from browser.")
-		return response, nil
-	case <-time.After(defaults.SSOCallbackTimeout):
-		log.Debugf("Timed out waiting for callback after %v.", defaults.SSOCallbackTimeout)
-		return nil, trace.Wrap(trace.Errorf("timed out waiting for callback"))
-	case <-rd.Done():
-		log.Debugf("Canceled by user.")
-		return nil, trace.Wrap(ctx.Err(), "canceled by user")
-	}
-}
-
 // SSHAgentLogin is used by tsh to fetch local user credentials.
 func SSHAgentLogin(ctx context.Context, login SSHLoginDirect) (*authclient.SSHLoginResponse, error) {
 	clt, _, err := initClient(login.ProxyAddr, login.Insecure, login.Pool, login.ExtraHeaders)
@@ -460,11 +378,11 @@ func SSHAgentLogin(ctx context.Context, login SSHLoginDirect) (*authclient.SSHLo
 		Password:             login.Password,
 		OTPToken:             login.OTPToken,
 		PubKey:               login.PubKey,
+		AttestationStatement: login.AttestationStatement,
 		TTL:                  login.TTL,
 		Compatibility:        login.Compatibility,
 		RouteToCluster:       login.RouteToCluster,
 		KubernetesCluster:    login.KubernetesCluster,
-		AttestationStatement: login.AttestationStatement,
 	})
 	if err != nil {
 		return nil, trace.Wrap(err)
@@ -479,40 +397,6 @@ func SSHAgentLogin(ctx context.Context, login SSHLoginDirect) (*authclient.SSHLo
 	return &out, nil
 }
 
-// OpenURLInBrowser opens a URL in a web browser.
-func OpenURLInBrowser(browser string, URL string) error {
-	var execCmd *exec.Cmd
-	if browser != teleport.BrowserNone {
-		switch runtime.GOOS {
-		// macOS.
-		case constants.DarwinOS:
-			path, err := exec.LookPath(teleport.OpenBrowserDarwin)
-			if err == nil {
-				execCmd = exec.Command(path, URL)
-			}
-		// Windows.
-		case constants.WindowsOS:
-			path, err := exec.LookPath(teleport.OpenBrowserWindows)
-			if err == nil {
-				execCmd = exec.Command(path, "url.dll,FileProtocolHandler", URL)
-			}
-		// Linux or any other operating system.
-		default:
-			path, err := exec.LookPath(teleport.OpenBrowserLinux)
-			if err == nil {
-				execCmd = exec.Command(path, URL)
-			}
-		}
-	}
-	if execCmd != nil {
-		if err := execCmd.Start(); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
 // SSHAgentHeadlessLogin begins the headless login ceremony, returning new user certificates if successful.
 func SSHAgentHeadlessLogin(ctx context.Context, login SSHLoginHeadless) (*authclient.SSHLoginResponse, error) {
 	clt, _, err := initClient(login.ProxyAddr, login.Insecure, login.Pool, login.ExtraHeaders)
@@ -633,35 +517,7 @@ func SSHAgentMFALogin(ctx context.Context, login SSHLoginMFA) (*authclient.SSHLo
 		return nil, trace.Wrap(err)
 	}
 
-	beginReq := MFAChallengeRequest{
-		User: login.User,
-		Pass: login.Password,
-	}
-	challengeJSON, err := clt.PostJSON(ctx, clt.Endpoint("webapi", "mfa", "login", "begin"), beginReq)
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-
-	challenge := &MFAAuthenticateChallenge{}
-	if err := json.Unmarshal(challengeJSON.Bytes(), challenge); err != nil {
-		return nil, trace.Wrap(err)
-	}
-
-	// Convert to auth gRPC proto challenge.
-	chal := &proto.MFAAuthenticateChallenge{}
-	if challenge.TOTPChallenge {
-		chal.TOTP = &proto.TOTPChallenge{}
-	}
-	if challenge.WebauthnChallenge != nil {
-		chal.WebauthnChallenge = wantypes.CredentialAssertionToProto(challenge.WebauthnChallenge)
-	}
-
-	promptMFA := login.PromptMFA
-	if promptMFA == nil {
-		promptMFA = libmfa.NewCLIPrompt(libmfa.NewPromptConfig(login.ProxyAddr), os.Stderr)
-	}
-
-	respPB, err := promptMFA.Run(ctx, chal)
+	mfaResp, err := newMFALoginCeremony(clt, login).Run(ctx, nil)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
@@ -677,7 +533,7 @@ func SSHAgentMFALogin(ctx context.Context, login SSHLoginMFA) (*authclient.SSHLo
 		AttestationStatement: login.AttestationStatement,
 	}
 	// Convert back from auth gRPC proto response.
-	switch r := respPB.Response.(type) {
+	switch r := mfaResp.Response.(type) {
 	case *proto.MFAAuthenticateResponse_TOTP:
 		challengeResp.TOTPCode = r.TOTP.Code
 	case *proto.MFAAuthenticateResponse_Webauthn:
@@ -695,6 +551,37 @@ func SSHAgentMFALogin(ctx context.Context, login SSHLoginMFA) (*authclient.SSHLo
 	return loginResp, trace.Wrap(json.Unmarshal(loginRespJSON.Bytes(), loginResp))
 }
 
+func newMFALoginCeremony(clt *WebClient, login SSHLoginMFA) *mfa.Ceremony {
+	return &mfa.Ceremony{
+		CreateAuthenticateChallenge: func(ctx context.Context, req *proto.CreateAuthenticateChallengeRequest) (*proto.MFAAuthenticateChallenge, error) {
+			beginReq := MFAChallengeRequest{
+				User: login.User,
+				Pass: login.Password,
+			}
+			challengeJSON, err := clt.PostJSON(ctx, clt.Endpoint("webapi", "mfa", "login", "begin"), beginReq)
+			if err != nil {
+				return nil, trace.Wrap(err)
+			}
+
+			challenge := &MFAAuthenticateChallenge{}
+			if err := json.Unmarshal(challengeJSON.Bytes(), challenge); err != nil {
+				return nil, trace.Wrap(err)
+			}
+
+			// Convert to auth gRPC proto challenge.
+			chal := &proto.MFAAuthenticateChallenge{}
+			if challenge.TOTPChallenge {
+				chal.TOTP = &proto.TOTPChallenge{}
+			}
+			if challenge.WebauthnChallenge != nil {
+				chal.WebauthnChallenge = wantypes.CredentialAssertionToProto(challenge.WebauthnChallenge)
+			}
+			return chal, nil
+		},
+		PromptConstructor: login.MFAPromptConstructor,
+	}
+}
+
 // HostCredentials is used to fetch host credentials for a node.
 func HostCredentials(ctx context.Context, proxyAddr string, insecure bool, req types.RegisterUsingTokenRequest) (*proto.Certs, error) {
 	clt, _, err := initClient(proxyAddr, insecure, nil, nil)
@@ -831,35 +718,7 @@ func SSHAgentMFAWebSessionLogin(ctx context.Context, login SSHLoginMFA) (*WebCli
 		return nil, nil, trace.Wrap(err)
 	}
 
-	beginReq := MFAChallengeRequest{
-		User: login.User,
-		Pass: login.Password,
-	}
-	challengeJSON, err := clt.PostJSON(ctx, clt.Endpoint("webapi", "mfa", "login", "begin"), beginReq)
-	if err != nil {
-		return nil, nil, trace.Wrap(err)
-	}
-
-	challenge := &MFAAuthenticateChallenge{}
-	if err := json.Unmarshal(challengeJSON.Bytes(), challenge); err != nil {
-		return nil, nil, trace.Wrap(err)
-	}
-
-	// Convert to auth gRPC proto challenge.
-	chal := &proto.MFAAuthenticateChallenge{}
-	if challenge.TOTPChallenge {
-		chal.TOTP = &proto.TOTPChallenge{}
-	}
-	if challenge.WebauthnChallenge != nil {
-		chal.WebauthnChallenge = wantypes.CredentialAssertionToProto(challenge.WebauthnChallenge)
-	}
-
-	promptMFA := login.PromptMFA
-	if promptMFA == nil {
-		promptMFA = libmfa.NewCLIPrompt(libmfa.NewPromptConfig(login.ProxyAddr), os.Stderr)
-	}
-
-	respPB, err := promptMFA.Run(ctx, chal)
+	mfaResp, err := newMFALoginCeremony(clt, login).Run(ctx, nil)
 	if err != nil {
 		return nil, nil, trace.Wrap(err)
 	}
@@ -868,7 +727,7 @@ func SSHAgentMFAWebSessionLogin(ctx context.Context, login SSHLoginMFA) (*WebCli
 		User: login.User,
 	}
 	// Convert back from auth gRPC proto response.
-	switch r := respPB.Response.(type) {
+	switch r := mfaResp.Response.(type) {
 	case *proto.MFAAuthenticateResponse_Webauthn:
 		challengeResp.WebauthnAssertionResponse = wantypes.CredentialAssertionResponseFromProto(r.Webauthn)
 	default:
diff --git a/lib/cloud/clients.go b/lib/cloud/clients.go
index 18ddbb29f1c3a..bc21d126b9903 100644
--- a/lib/cloud/clients.go
+++ b/lib/cloud/clients.go
@@ -107,6 +107,8 @@ type GCPClients interface {
 	GetGCPSQLAdminClient(context.Context) (gcp.SQLAdminClient, error)
 	// GetGCPGKEClient returns GKE client.
 	GetGCPGKEClient(context.Context) (gcp.GKEClient, error)
+	// GetGCPProjectsClient returns Projects client.
+	GetGCPProjectsClient(context.Context) (gcp.ProjectsClient, error)
 	// GetGCPInstancesClient returns instances client.
 	GetGCPInstancesClient(context.Context) (gcp.InstancesClient, error)
 }
@@ -266,6 +268,7 @@ func NewClients(opts ...ClientsOption) (Clients, error) {
 		gcpClients: gcpClients{
 			gcpSQLAdmin:  newClientCache[gcp.SQLAdminClient](gcp.NewSQLAdminClient),
 			gcpGKE:       newClientCache[gcp.GKEClient](gcp.NewGKEClient),
+			gcpProjects:  newClientCache[gcp.ProjectsClient](gcp.NewProjectsClient),
 			gcpInstances: newClientCache[gcp.InstancesClient](gcp.NewInstancesClient),
 		},
 		azureClients: azClients,
@@ -324,6 +327,8 @@ type gcpClients struct {
 	gcpSQLAdmin *clientCache[gcp.SQLAdminClient]
 	// gcpGKE is the cached GCP Cloud GKE client.
 	gcpGKE *clientCache[gcp.GKEClient]
+	// gcpProjects is the cached GCP Cloud Projects client.
+	gcpProjects *clientCache[gcp.ProjectsClient]
 	// gcpInstances is the cached GCP instances client.
 	gcpInstances *clientCache[gcp.InstancesClient]
 }
@@ -659,6 +664,11 @@ func (c *cloudClients) GetGCPGKEClient(ctx context.Context) (gcp.GKEClient, erro
 	return c.gcpGKE.GetClient(ctx)
 }
 
+// GetGCPProjectsClient returns Project client.
+func (c *cloudClients) GetGCPProjectsClient(ctx context.Context) (gcp.ProjectsClient, error) {
+	return c.gcpProjects.GetClient(ctx)
+}
+
 // GetGCPInstancesClient returns instances client.
 func (c *cloudClients) GetGCPInstancesClient(ctx context.Context) (gcp.InstancesClient, error) {
 	return c.gcpInstances.GetClient(ctx)
@@ -1022,6 +1032,7 @@ type TestCloudClients struct {
 	STS                     stsiface.STSAPI
 	GCPSQL                  gcp.SQLAdminClient
 	GCPGKE                  gcp.GKEClient
+	GCPProjects             gcp.ProjectsClient
 	GCPInstances            gcp.InstancesClient
 	EC2                     ec2iface.EC2API
 	SSM                     ssmiface.SSMAPI
@@ -1234,6 +1245,11 @@ func (c *TestCloudClients) GetGCPGKEClient(ctx context.Context) (gcp.GKEClient,
 	return c.GCPGKE, nil
 }
 
+// GetGCPGKEClient returns GKE client.
+func (c *TestCloudClients) GetGCPProjectsClient(ctx context.Context) (gcp.ProjectsClient, error) {
+	return c.GCPProjects, nil
+}
+
 // GetGCPInstancesClient returns instances client.
 func (c *TestCloudClients) GetGCPInstancesClient(ctx context.Context) (gcp.InstancesClient, error) {
 	return c.GCPInstances, nil
diff --git a/lib/cloud/gcp/projects.go b/lib/cloud/gcp/projects.go
new file mode 100644
index 0000000000000..ee5b178be9f9c
--- /dev/null
+++ b/lib/cloud/gcp/projects.go
@@ -0,0 +1,105 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see .
+ */
+
+package gcp
+
+import (
+	"context"
+
+	"github.com/gravitational/trace"
+	"google.golang.org/api/cloudresourcemanager/v1"
+)
+
+// Project is a GCP project.
+type Project struct {
+	// ID is the project ID.
+	ID string
+	// Name is the project name.
+	Name string
+}
+
+// ProjectsClient is an interface to interact with GCP Projects API.
+type ProjectsClient interface {
+	// ListProjects lists the GCP projects that the authenticated user has access to.
+	ListProjects(ctx context.Context) ([]Project, error)
+}
+
+// ProjectsClientConfig is the client configuration for ProjectsClient.
+type ProjectsClientConfig struct {
+	// Client is the GCP client for resourcemanager service.
+	Client *cloudresourcemanager.Service
+}
+
+// CheckAndSetDefaults check and set defaults for ProjectsClientConfig.
+func (c *ProjectsClientConfig) CheckAndSetDefaults(ctx context.Context) (err error) {
+	if c.Client == nil {
+		c.Client, err = cloudresourcemanager.NewService(ctx)
+		if err != nil {
+			return trace.Wrap(err)
+		}
+	}
+	return nil
+}
+
+// NewProjectsClient returns a ProjectsClient interface wrapping resourcemanager.ProjectsClient
+// for interacting with GCP Projects API.
+func NewProjectsClient(ctx context.Context) (ProjectsClient, error) {
+	var cfg ProjectsClientConfig
+	client, err := NewProjectsClientWithConfig(ctx, cfg)
+	return client, trace.Wrap(err)
+}
+
+// NewProjectsClientWithConfig returns a ProjectsClient interface wrapping resourcemanager.ProjectsClient
+// for interacting with GCP Projects API.
+func NewProjectsClientWithConfig(ctx context.Context, cfg ProjectsClientConfig) (ProjectsClient, error) {
+	if err := cfg.CheckAndSetDefaults(ctx); err != nil {
+		return nil, trace.Wrap(err)
+	}
+	return &projectsClient{cfg}, nil
+}
+
+type projectsClient struct {
+	ProjectsClientConfig
+}
+
+// ListProjects lists the GCP Projects that the authenticated user has access to.
+func (g *projectsClient) ListProjects(ctx context.Context) ([]Project, error) {
+
+	var pageToken string
+	var projects []Project
+	for {
+		projectsCall, err := g.Client.Projects.List().PageToken(pageToken).Do()
+		if err != nil {
+			return nil, trace.Wrap(err)
+		}
+		for _, project := range projectsCall.Projects {
+			projects = append(projects,
+				Project{
+					ID:   project.ProjectId,
+					Name: project.Name,
+				},
+			)
+		}
+		if projectsCall.NextPageToken == "" {
+			break
+		}
+		pageToken = projectsCall.NextPageToken
+	}
+
+	return projects, nil
+}
diff --git a/lib/config/configuration_test.go b/lib/config/configuration_test.go
index be5c0bdce0e1c..9506232b47e81 100644
--- a/lib/config/configuration_test.go
+++ b/lib/config/configuration_test.go
@@ -4347,6 +4347,53 @@ func TestDiscoveryConfig(t *testing.T) {
 				ProjectIDs: []string{"p1", "p2"},
 			}},
 		},
+		{
+			desc:          "GCP section is filled with wildcard project ids",
+			expectError:   require.NoError,
+			expectEnabled: require.True,
+			mutate: func(cfg cfgMap) {
+				cfg["discovery_service"].(cfgMap)["enabled"] = "yes"
+				cfg["discovery_service"].(cfgMap)["gcp"] = []cfgMap{
+					{
+						"types":     []string{"gke"},
+						"locations": []string{"eucentral1"},
+						"tags": cfgMap{
+							"discover_teleport": "yes",
+						},
+						"project_ids": []string{"*"},
+					},
+				}
+			},
+			expectedGCPMatchers: []types.GCPMatcher{{
+				Types:     []string{"gke"},
+				Locations: []string{"eucentral1"},
+				Labels: map[string]apiutils.Strings{
+					"discover_teleport": []string{"yes"},
+				},
+				Tags: map[string]apiutils.Strings{
+					"discover_teleport": []string{"yes"},
+				},
+				ProjectIDs: []string{"*"},
+			}},
+		},
+		{
+			desc:          "GCP section mixes wildcard and specific project ids",
+			expectError:   require.Error,
+			expectEnabled: require.True,
+			mutate: func(cfg cfgMap) {
+				cfg["discovery_service"].(cfgMap)["enabled"] = "yes"
+				cfg["discovery_service"].(cfgMap)["gcp"] = []cfgMap{
+					{
+						"types":     []string{"gke"},
+						"locations": []string{"eucentral1"},
+						"tags": cfgMap{
+							"discover_teleport": "yes",
+						},
+						"project_ids": []string{"p1", "*"},
+					},
+				}
+			},
+		},
 		{
 			desc:          "GCP section is filled with installer",
 			expectError:   require.NoError,
diff --git a/lib/devicetrust/enroll/auto_enroll.go b/lib/devicetrust/enroll/auto_enroll.go
index 4cc6663a8a9c0..4ed5a94383610 100644
--- a/lib/devicetrust/enroll/auto_enroll.go
+++ b/lib/devicetrust/enroll/auto_enroll.go
@@ -20,26 +20,31 @@ package enroll
 
 import (
 	"context"
+	"errors"
+	"os"
+	"strconv"
 
 	"github.com/gravitational/trace"
 
 	devicepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/devicetrust/v1"
-	"github.com/gravitational/teleport/lib/devicetrust/native"
 )
 
+// ErrAutoEnrollDisabled signifies that auto-enroll is disabled in the current
+// device.
+// Setting the TELEPORT_DEVICE_AUTO_ENROLL_DISABLED=1 environment disables
+// auto-enroll.
+var ErrAutoEnrollDisabled = errors.New("auto-enroll disabled")
+
 // AutoEnrollCeremony is the auto-enrollment version of [Ceremony].
 type AutoEnrollCeremony struct {
 	*Ceremony
-
-	CollectDeviceData func(mode native.CollectDataMode) (*devicepb.DeviceCollectedData, error)
 }
 
 // NewAutoEnrollCeremony creates a new [AutoEnrollCeremony] based on the regular
 // ceremony provided by [NewCeremony].
 func NewAutoEnrollCeremony() *AutoEnrollCeremony {
 	return &AutoEnrollCeremony{
-		Ceremony:          NewCeremony(),
-		CollectDeviceData: native.CollectDeviceData,
+		Ceremony: NewCeremony(),
 	}
 }
 
@@ -53,18 +58,28 @@ func AutoEnroll(ctx context.Context, devicesClient devicepb.DeviceTrustServiceCl
 // [devicepb.DeviceTrustServiceClient.CreateDeviceEnrollToken] and enrolls the
 // device using a regular [Ceremony].
 func (c *AutoEnrollCeremony) Run(ctx context.Context, devicesClient devicepb.DeviceTrustServiceClient) (*devicepb.Device, error) {
-	cd, err := c.CollectDeviceData(native.CollectedDataAlwaysEscalate)
+	const autoEnrollDisabledKey = "TELEPORT_DEVICE_AUTO_ENROLL_DISABLED"
+	if disabled, _ := strconv.ParseBool(os.Getenv(autoEnrollDisabledKey)); disabled {
+		return nil, trace.Wrap(ErrAutoEnrollDisabled)
+	}
+
+	// Creating the init message straight away aborts the process cleanly if the
+	// device cannot create the device key (for example, if it lacks a TPM).
+	// This avoids a situation where we ask for escalation, like a sudo prompt or
+	// admin credentials, then fail a few steps after the prompt.
+	init, err := c.EnrollDeviceInit()
 	if err != nil {
-		return nil, trace.Wrap(err, "collecting device data")
+		return nil, trace.Wrap(err)
 	}
 
 	token, err := devicesClient.CreateDeviceEnrollToken(ctx, &devicepb.CreateDeviceEnrollTokenRequest{
-		DeviceData: cd,
+		DeviceData: init.DeviceData,
 	})
 	if err != nil {
 		return nil, trace.Wrap(err, "creating auto-token")
 	}
+	init.Token = token.Token
 
-	dev, err := c.Ceremony.Run(ctx, devicesClient, false, token.Token)
+	dev, err := c.run(ctx, devicesClient, false /* debug */, init)
 	return dev, trace.Wrap(err)
 }
diff --git a/lib/devicetrust/enroll/auto_enroll_test.go b/lib/devicetrust/enroll/auto_enroll_test.go
index 4b29db639247d..77a6678a9949a 100644
--- a/lib/devicetrust/enroll/auto_enroll_test.go
+++ b/lib/devicetrust/enroll/auto_enroll_test.go
@@ -59,7 +59,6 @@ func TestAutoEnrollCeremony_Run(t *testing.T) {
 					SignChallenge:           test.dev.SignChallenge,
 					SolveTPMEnrollChallenge: test.dev.SolveTPMEnrollChallenge,
 				},
-				CollectDeviceData: test.dev.CollectDeviceData,
 			}
 
 			dev, err := c.Run(ctx, devices)
@@ -68,3 +67,10 @@ func TestAutoEnrollCeremony_Run(t *testing.T) {
 		})
 	}
 }
+
+func TestAutoEnroll_disabledByEnv(t *testing.T) {
+	t.Setenv("TELEPORT_DEVICE_AUTO_ENROLL_DISABLED", "1")
+
+	_, err := enroll.AutoEnroll(context.Background(), nil /* devicesClient */)
+	assert.ErrorIs(t, err, enroll.ErrAutoEnrollDisabled, "AutoEnroll() error mismatch")
+}
diff --git a/lib/devicetrust/enroll/enroll.go b/lib/devicetrust/enroll/enroll.go
index 0e7175a99f25e..12cab64499b58 100644
--- a/lib/devicetrust/enroll/enroll.go
+++ b/lib/devicetrust/enroll/enroll.go
@@ -171,6 +171,15 @@ func (c *Ceremony) Run(ctx context.Context, devicesClient devicepb.DeviceTrustSe
 	}
 	init.Token = enrollToken
 
+	return c.run(ctx, devicesClient, debug, init)
+}
+
+func (c *Ceremony) run(ctx context.Context, devicesClient devicepb.DeviceTrustServiceClient, debug bool, init *devicepb.EnrollDeviceInit) (*devicepb.Device, error) {
+	// Sanity check.
+	if init.GetToken() == "" {
+		return nil, trace.BadParameter("enroll init message lacks enrollment token")
+	}
+
 	stream, err := devicesClient.EnrollDevice(ctx)
 	if err != nil {
 		return nil, trace.Wrap(devicetrust.HandleUnimplemented(err))
diff --git a/lib/events/athena/athena.go b/lib/events/athena/athena.go
index 4e25219aca4f7..c72c92daf91cc 100644
--- a/lib/events/athena/athena.go
+++ b/lib/events/athena/athena.go
@@ -125,6 +125,12 @@ type Config struct {
 	BatchMaxItems int
 	// BatchMaxInterval defined interval at which parquet files will be created (optional).
 	BatchMaxInterval time.Duration
+	// ConsumerLockName defines a name of a SQS consumer lock (optional).
+	// If provided, it will be prefixed with "athena/" to avoid accidental
+	// collision with existing locks.
+	ConsumerLockName string
+	// ConsumerDisabled defines if SQS consumer should be disabled (optional).
+	ConsumerDisabled bool
 
 	// Clock is a clock interface, used in tests.
 	Clock clockwork.Clock
@@ -417,6 +423,16 @@ func (cfg *Config) SetFromURL(url *url.URL) error {
 		}
 		cfg.BatchMaxInterval = dur
 	}
+	if consumerLockName := url.Query().Get("consumerLockName"); consumerLockName != "" {
+		cfg.ConsumerLockName = consumerLockName
+	}
+	if val := url.Query().Get("consumerDisabled"); val != "" {
+		boolVal, err := strconv.ParseBool(val)
+		if err != nil {
+			return trace.BadParameter("invalid consumerDisabled value: %v", err)
+		}
+		cfg.ConsumerDisabled = boolVal
+	}
 
 	return nil
 }
@@ -484,20 +500,23 @@ func New(ctx context.Context, cfg Config) (*Log, error) {
 		return nil, trace.Wrap(err)
 	}
 
-	consumerCtx, consumerCancel := context.WithCancel(ctx)
-
-	consumer, err := newConsumer(cfg, consumerCancel)
-	if err != nil {
-		return nil, trace.Wrap(err)
-	}
-
 	l := &Log{
-		publisher:      newPublisherFromAthenaConfig(cfg),
-		querier:        querier,
-		consumerCloser: consumer,
+		publisher: newPublisherFromAthenaConfig(cfg),
+		querier:   querier,
 	}
 
-	go consumer.run(consumerCtx)
+	if !cfg.ConsumerDisabled {
+		consumerCtx, consumerCancel := context.WithCancel(ctx)
+
+		consumer, err := newConsumer(cfg, consumerCancel)
+		if err != nil {
+			return nil, trace.Wrap(err)
+		}
+
+		l.consumerCloser = consumer
+
+		go consumer.run(consumerCtx)
+	}
 
 	return l, nil
 }
@@ -527,6 +546,10 @@ func (l *Log) Close() error {
 	return trace.Wrap(l.consumerCloser.Close())
 }
 
+func (l *Log) IsConsumerDisabled() bool {
+	return l.consumerCloser == nil
+}
+
 var isAlphanumericOrUnderscoreRe = regexp.MustCompile("^[a-zA-Z0-9_]+$")
 
 func isAlphanumericOrUnderscore(s string) bool {
diff --git a/lib/events/athena/athena_test.go b/lib/events/athena/athena_test.go
index e0e52d8903b73..541a9d3b92980 100644
--- a/lib/events/athena/athena_test.go
+++ b/lib/events/athena/athena_test.go
@@ -93,13 +93,15 @@ func TestConfig_SetFromURL(t *testing.T) {
 		},
 		{
 			name: "params to batcher",
-			url:  "athena://db.tbl/?queueURL=https://queueURL&batchMaxItems=1000&batchMaxInterval=10s",
+			url:  "athena://db.tbl/?queueURL=https://queueURL&batchMaxItems=1000&batchMaxInterval=10s&consumerLockName=mylock&consumerDisabled=true",
 			want: Config{
 				TableName:        "tbl",
 				Database:         "db",
 				QueueURL:         "https://queueURL",
 				BatchMaxItems:    1000,
 				BatchMaxInterval: 10 * time.Second,
+				ConsumerLockName: "mylock",
+				ConsumerDisabled: true,
 			},
 		},
 		{
@@ -187,6 +189,7 @@ func TestConfig_CheckAndSetDefaults(t *testing.T) {
 				GetQueryResultsInterval:    100 * time.Millisecond,
 				BatchMaxItems:              20000,
 				BatchMaxInterval:           1 * time.Minute,
+				ConsumerLockName:           "",
 				PublisherConsumerAWSConfig: dummyAWSCfg,
 				StorerQuerierAWSConfig:     dummyAWSCfg,
 				Backend:                    mockBackend{},
@@ -212,6 +215,7 @@ func TestConfig_CheckAndSetDefaults(t *testing.T) {
 				GetQueryResultsInterval:    100 * time.Millisecond,
 				BatchMaxItems:              20000,
 				BatchMaxInterval:           1 * time.Minute,
+				ConsumerLockName:           "",
 				PublisherConsumerAWSConfig: dummyAWSCfg,
 				StorerQuerierAWSConfig:     dummyAWSCfg,
 				Backend:                    mockBackend{},
diff --git a/lib/events/athena/consumer.go b/lib/events/athena/consumer.go
index 7d70e1cbabc4b..0ee6f43a68492 100644
--- a/lib/events/athena/consumer.go
+++ b/lib/events/athena/consumer.go
@@ -79,6 +79,7 @@ type consumer struct {
 	storeLocationBucket string
 	batchMaxItems       int
 	batchMaxInterval    time.Duration
+	consumerLockName    string
 
 	// perDateFileParquetWriter returns file writer per date.
 	// Added in config to allow testing.
@@ -157,6 +158,7 @@ func newConsumer(cfg Config, cancelFn context.CancelFunc) (*consumer, error) {
 		storeLocationBucket: cfg.locationS3Bucket,
 		batchMaxItems:       cfg.BatchMaxItems,
 		batchMaxInterval:    cfg.BatchMaxInterval,
+		consumerLockName:    cfg.ConsumerLockName,
 		collectConfig:       collectCfg,
 		sqsDeleter:          sqsClient,
 		queueURL:            cfg.QueueURL,
@@ -255,10 +257,14 @@ func (c *consumer) runContinuouslyOnSingleAuth(ctx context.Context, eventsProces
 		case <-ctx.Done():
 			return
 		default:
+			lockName := []string{"athena", c.consumerLockName}
+			if c.consumerLockName == "" {
+				lockName = []string{"athena_lock"}
+			}
 			err := backend.RunWhileLocked(ctx, backend.RunWhileLockedConfig{
 				LockConfiguration: backend.LockConfiguration{
-					Backend:  c.backend,
-					LockName: "athena_lock",
+					Backend:            c.backend,
+					LockNameComponents: lockName,
 					// TTL is higher then batchMaxInterval because we want to optimize
 					// for low backend writes.
 					TTL: 5 * c.batchMaxInterval,
diff --git a/lib/events/export/cursor.go b/lib/events/export/cursor.go
new file mode 100644
index 0000000000000..8dff088d00831
--- /dev/null
+++ b/lib/events/export/cursor.go
@@ -0,0 +1,276 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see .
+ */
+
+package export
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"path/filepath"
+	"slices"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/gravitational/trace"
+
+	"github.com/gravitational/teleport"
+)
+
+const (
+	// completedName is the completed file name
+	completedName = "completed-chunks"
+
+	// chunkSuffix is the suffix for per-chunk cursor files
+	chunkSuffix = ".chunk"
+)
+
+// CursorConfig configures a cursor.
+type CursorConfig struct {
+	// Dir is the cursor directory. This directory will be created if it does not exist
+	// and should not be used for any other purpose.
+	Dir string
+}
+
+// CheckAndSetDefaults validates configuration and sets default values for optional parameters.
+func (c *CursorConfig) CheckAndSetDefaults() error {
+	if c.Dir == "" {
+		return trace.BadParameter("missing required parameter Dir in CursorConfig")
+	}
+
+	return nil
+}
+
+// Cursor manages an event export cursor directory and keeps a copy of its state in-memory,
+// improving the efficiency of updates by only writing diffs to disk. the cursor directory
+// contains a sub-directory per date. each date's state is tracked using an append-only list
+// of completed chunks, along with a per-chunk cursor file. cursor directories are not intended
+// for true concurrent use, but concurrent use in the context of a graceful restart won't have
+// any consequences more dire than duplicate events.
+type Cursor struct {
+	cfg   CursorConfig
+	mu    sync.Mutex
+	state ExporterState
+}
+
+// NewCursor creates a new cursor, loading any preexisting state from disk.
+func NewCursor(cfg CursorConfig) (*Cursor, error) {
+	if err := cfg.CheckAndSetDefaults(); err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	state, err := loadInitialState(cfg.Dir)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	return &Cursor{
+		cfg:   cfg,
+		state: *state,
+	}, nil
+}
+
+// GetState gets the current state as seen by this cursor.
+func (c *Cursor) GetState() ExporterState {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	return c.state.Clone()
+}
+
+// Sync synchronizes the cursor's in-memory state with the provided state, writing any diffs to disk.
+func (c *Cursor) Sync(newState ExporterState) error {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	for d, s := range newState.Dates {
+		if err := c.syncDate(d, s); err != nil {
+			return trace.Wrap(err)
+		}
+	}
+
+	for d := range c.state.Dates {
+		if _, ok := newState.Dates[d]; !ok {
+			if err := c.deleteDate(d); err != nil {
+				return trace.Wrap(err)
+			}
+		}
+	}
+
+	return nil
+}
+
+func (c *Cursor) syncDate(date time.Time, state DateExporterState) error {
+	// ensure date directory exists. the existence of the date directory
+	// is meaningful even if it contains no files.
+	dateDir := filepath.Join(c.cfg.Dir, date.Format(time.DateOnly))
+	if err := os.MkdirAll(dateDir, teleport.SharedDirMode); err != nil {
+		return trace.ConvertSystemError(err)
+	}
+
+	// open completed file in append mode
+	completedFile, err := os.OpenFile(filepath.Join(dateDir, completedName), os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+	if err != nil {
+		return trace.ConvertSystemError(err)
+	}
+	defer completedFile.Close()
+
+	current, ok := c.state.Dates[date]
+	if !ok {
+		current = DateExporterState{
+			Cursors: make(map[string]string),
+		}
+	}
+	defer func() {
+		c.state.Dates[date] = current
+	}()
+
+	for _, chunk := range state.Completed {
+		if slices.Contains(current.Completed, chunk) {
+			// already written to disk
+			continue
+		}
+
+		// add chunk to completed file
+		if _, err := fmt.Fprintln(completedFile, chunk); err != nil {
+			return trace.ConvertSystemError(err)
+		}
+
+		// ensure chunk is flushed to disk successfully before removing the cursor file
+		// and updating in-memory state.
+		if err := completedFile.Sync(); err != nil {
+			return trace.ConvertSystemError(err)
+		}
+
+		// delete cursor file if it exists
+		if err := os.Remove(filepath.Join(dateDir, chunk+chunkSuffix)); err != nil && !os.IsNotExist(err) {
+			return trace.ConvertSystemError(err)
+		}
+
+		// update current state
+		current.Completed = append(current.Completed, chunk)
+		delete(current.Cursors, chunk)
+	}
+
+	for chunk, cursor := range state.Cursors {
+		if current.Cursors[chunk] == cursor {
+			continue
+		}
+
+		// write cursor file
+		if err := os.WriteFile(filepath.Join(dateDir, chunk+chunkSuffix), []byte(cursor), 0644); err != nil {
+			return trace.ConvertSystemError(err)
+		}
+
+		// update current state
+		current.Cursors[chunk] = cursor
+	}
+
+	return nil
+}
+
+func (c *Cursor) deleteDate(date time.Time) error {
+	if _, ok := c.state.Dates[date]; !ok {
+		return nil
+	}
+
+	// delete the date directory and all its contents
+	if err := os.RemoveAll(filepath.Join(c.cfg.Dir, date.Format(time.DateOnly))); err != nil {
+		return trace.ConvertSystemError(err)
+	}
+
+	delete(c.state.Dates, date)
+
+	return nil
+}
+
+func loadInitialState(dir string) (*ExporterState, error) {
+	state := ExporterState{
+		Dates: make(map[time.Time]DateExporterState),
+	}
+	// list subdirectories of the cursors v2 directory
+	entries, err := os.ReadDir(dir)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return &state, nil
+		}
+		return nil, trace.ConvertSystemError(err)
+	}
+
+	for _, entry := range entries {
+		if !entry.IsDir() {
+			// ignore non-directories
+			continue
+		}
+
+		// attempt to parse dir name as date
+		date, err := time.Parse(time.DateOnly, entry.Name())
+		if err != nil {
+			// ignore non-date directories
+			continue
+		}
+
+		dateState := DateExporterState{
+			Cursors: make(map[string]string),
+		}
+
+		dateEntries, err := os.ReadDir(filepath.Join(dir, entry.Name()))
+		if err != nil {
+			return nil, trace.ConvertSystemError(err)
+		}
+
+		for _, dateEntry := range dateEntries {
+			if dateEntry.IsDir() {
+				continue
+			}
+
+			if dateEntry.Name() == completedName {
+				// load the completed file
+				b, err := os.ReadFile(filepath.Join(dir, entry.Name(), completedName))
+				if err != nil {
+					return nil, trace.ConvertSystemError(err)
+				}
+
+				// split the completed file into whitespace-separated chunks
+				dateState.Completed = strings.Fields(string(b))
+				continue
+			}
+
+			if !strings.HasSuffix(dateEntry.Name(), chunkSuffix) {
+				continue
+			}
+
+			chunk := strings.TrimSuffix(dateEntry.Name(), chunkSuffix)
+			b, err := os.ReadFile(filepath.Join(dir, entry.Name(), dateEntry.Name()))
+			if err != nil {
+				return nil, trace.ConvertSystemError(err)
+			}
+
+			if cc := bytes.TrimSpace(b); len(cc) != 0 {
+				dateState.Cursors[chunk] = string(cc)
+			}
+		}
+
+		// note that some dates may not contain any chunks. we still want to track the
+		// fact that these dates have had their dirs initialized since that still indicates
+		// how far we've gotten in the export process.
+		state.Dates[date] = dateState
+	}
+
+	return &state, nil
+}
diff --git a/lib/events/export/cursor_test.go b/lib/events/export/cursor_test.go
new file mode 100644
index 0000000000000..9853141139345
--- /dev/null
+++ b/lib/events/export/cursor_test.go
@@ -0,0 +1,243 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see .
+ */
+
+package export
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/gravitational/teleport"
+)
+
+// testState is a helper for easily/cleanly representing a cursor/exporter state as a literal when
+// writing tests. the values of the inner mapping are generally strings, but some helpers support
+// using []string for the completed key.
+type testState map[string]map[string]any
+
+// writeRawState writes the test state to a directory structure. unlike `newState`, this helper
+// is designed to inject non-conforming data, so it will accept non-date dir names and expects a string
+// value for the completed key.
+func writeRawState(t *testing.T, dir string, ts testState) {
+	for d, s := range ts {
+		dateDir := filepath.Join(dir, d)
+		require.NoError(t, os.MkdirAll(dateDir, teleport.SharedDirMode))
+
+		for k, v := range s {
+			fileName := filepath.Join(dateDir, k)
+			require.NoError(t, os.WriteFile(fileName, []byte(v.(string)), 0644))
+		}
+	}
+}
+
+// newState converts a testState into a real ExporterState. this helper only works
+// with a well-formed testState.
+func newState(t *testing.T, ts testState) ExporterState {
+	state := ExporterState{
+		Dates: make(map[time.Time]DateExporterState),
+	}
+	for d, s := range ts {
+		date, err := time.Parse(time.DateOnly, d)
+		require.NoError(t, err)
+
+		dateState := DateExporterState{
+			Cursors:   make(map[string]string),
+			Completed: []string{}, // avoids require.Equal rejecting nil slices as unequal to empty slices
+		}
+
+	Entries:
+		for k, v := range s {
+			if k == completedName {
+				dateState.Completed = v.([]string)
+				continue Entries
+			}
+			dateState.Cursors[k] = v.(string)
+		}
+
+		state.Dates[date] = dateState
+	}
+	return state
+}
+
+func syncAndVerifyState(t *testing.T, cursor *Cursor, ts testState) {
+	state := newState(t, ts)
+
+	// sync the state
+	require.NoError(t, cursor.Sync(state))
+
+	// verify in-memory state is as expected
+	require.Equal(t, state, cursor.GetState())
+
+	// attempt to load the state from disk
+	loaded, err := NewCursor(CursorConfig{
+		Dir: cursor.cfg.Dir,
+	})
+	require.NoError(t, err)
+
+	// verify that the loaded state is the same as the original state
+	require.Equal(t, state, loaded.GetState())
+}
+
+// verifyRawState asserts that the raw state on disk matches the provided test state. chunk names
+// need to be suffixed to match and the completed key should be a string.
+func verifyRawState(t *testing.T, dir string, ts testState) {
+	for d, s := range ts {
+		dateDir := filepath.Join(dir, d)
+		for k, v := range s {
+			fileName := filepath.Join(dateDir, k)
+			data, err := os.ReadFile(fileName)
+			require.NoError(t, err)
+
+			require.Equal(t, v.(string), string(data))
+		}
+	}
+}
+
+// TestCursorBasics verifies basic syncing/loading of cursor state.
+func TestCursorBasics(t *testing.T) {
+	dir := t.TempDir()
+
+	cursor, err := NewCursor(CursorConfig{
+		Dir: dir,
+	})
+	require.NoError(t, err)
+	state := cursor.GetState()
+	require.True(t, state.IsEmpty())
+
+	// sync and verify a typical state
+	syncAndVerifyState(t, cursor, testState{
+		"2021-01-01": {
+			completedName: []string{"chunk1", "chunk2"},
+		},
+		"2021-01-02": {
+			completedName: []string{"chunk1", "chunk2"},
+			"chunk3":      "cursor1",
+			"chunk4":      "cursor2",
+		},
+		"2021-01-03": {
+			"chunk3": "cursor1",
+			"chunk4": "cursor2",
+		},
+		"2021-01-04": {},
+	})
+
+	verifyRawState(t, dir, testState{
+		"2021-01-01": {
+			completedName: "chunk1\nchunk2\n",
+		},
+		"2021-01-02": {
+			completedName:          "chunk1\nchunk2\n",
+			"chunk3" + chunkSuffix: "cursor1",
+			"chunk4" + chunkSuffix: "cursor2",
+		},
+		"2021-01-03": {
+			"chunk3" + chunkSuffix: "cursor1",
+			"chunk4" + chunkSuffix: "cursor2",
+		},
+		"2021-01-04": {},
+	})
+
+	// sync and verify updated state
+	syncAndVerifyState(t, cursor, testState{
+		"2021-01-01": {
+			completedName: []string{"chunk1", "chunk2", "chunk3"},
+		},
+		"2021-01-02": {
+			completedName: []string{"chunk1", "chunk2"},
+			"chunk3":      "cursor1",
+			"chunk4":      "cursor2",
+			"chunk5":      "cursor4",
+		},
+		"2021-01-03": {
+			"chunk3": "cursor2",
+			"chunk4": "cursor3",
+		},
+		"2021-01-04": {},
+		"2021-01-05": {},
+	})
+
+	verifyRawState(t, dir, testState{
+		"2021-01-01": {
+			completedName: "chunk1\nchunk2\nchunk3\n",
+		},
+		"2021-01-02": {
+			completedName:          "chunk1\nchunk2\n",
+			"chunk3" + chunkSuffix: "cursor1",
+			"chunk4" + chunkSuffix: "cursor2",
+			"chunk5" + chunkSuffix: "cursor4",
+		},
+		"2021-01-03": {
+			"chunk3" + chunkSuffix: "cursor2",
+			"chunk4" + chunkSuffix: "cursor3",
+		},
+		"2021-01-04": {},
+		"2021-01-05": {},
+	})
+
+	// sync & verify heavily truncated state
+	syncAndVerifyState(t, cursor, testState{
+		"2021-01-05": {},
+	})
+
+	verifyRawState(t, dir, testState{
+		"2021-01-05": {},
+	})
+}
+
+func TestCursorBadState(t *testing.T) {
+	dir := t.TempDir()
+
+	writeRawState(t, dir, testState{
+		"2021-01-01": {
+			completedName: "\n\nchunk1\n\n", // extra whitespace should be ignored
+		},
+		"not-a-date": {
+			completedName: "chunk1",
+			"no-suffix":   "cursor1", // unknown suffix should be ignored
+		},
+		"2021-01-02": {
+			completedName:          "\n", // whitespace-only completed file should count as empty
+			"chunk1" + chunkSuffix: "cursor1",
+			"chunk2" + chunkSuffix: "cursor2\n", // extra whitespace should be ignored
+			"chunk3" + chunkSuffix: " ",         // whitespace-only cursor file should count as empty
+			"no-suffix":            "cursor3",   // unknown suffix should be ignored
+		},
+	})
+
+	expected := newState(t, testState{
+		"2021-01-01": {
+			completedName: []string{"chunk1"},
+		},
+		"2021-01-02": {
+			"chunk1": "cursor1",
+			"chunk2": "cursor2",
+		},
+	})
+
+	loaded, err := NewCursor(CursorConfig{
+		Dir: dir,
+	})
+	require.NoError(t, err)
+
+	// verify that the loaded state is the same as expected state
+	require.Equal(t, expected, loaded.GetState())
+}
diff --git a/lib/events/export/date_exporter.go b/lib/events/export/date_exporter.go
index cee3e3a36278c..698c67d8c156e 100644
--- a/lib/events/export/date_exporter.go
+++ b/lib/events/export/date_exporter.go
@@ -117,6 +117,24 @@ type DateExporterState struct {
 	Cursors map[string]string
 }
 
+// IsEmpty returns true if no state is defined.
+func (s *DateExporterState) IsEmpty() bool {
+	return len(s.Completed) == 0 && len(s.Cursors) == 0
+}
+
+// Clone returns a deep copy of the date exporter state.
+func (s *DateExporterState) Clone() DateExporterState {
+	cloned := DateExporterState{
+		Completed: make([]string, len(s.Completed)),
+		Cursors:   make(map[string]string, len(s.Cursors)),
+	}
+	copy(cloned.Completed, s.Completed)
+	for chunk, cursor := range s.Cursors {
+		cloned.Cursors[chunk] = cursor
+	}
+	return cloned
+}
+
 // DateExporter is a utility for exporting events for a given date using the chunked event export APIs. Note that
 // it is specifically designed to prioritize performance and ensure that events aren't missed. It may not yield events
 // in time order, and does not provide a mechanism to decide when export for a given date should be considered complete,
diff --git a/lib/events/export/exporter.go b/lib/events/export/exporter.go
new file mode 100644
index 0000000000000..779e0231edce0
--- /dev/null
+++ b/lib/events/export/exporter.go
@@ -0,0 +1,447 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see .
+ */
+
+package export
+
+import (
+	"context"
+	"log/slog"
+	"slices"
+	"sync"
+	"time"
+
+	"github.com/gravitational/trace"
+	"golang.org/x/time/rate"
+
+	auditlogpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/auditlog/v1"
+	"github.com/gravitational/teleport/api/utils/retryutils"
+	"github.com/gravitational/teleport/lib/utils"
+	"github.com/gravitational/teleport/lib/utils/interval"
+)
+
+type ExporterState struct {
+	// Dates is a map of dates to their respective state. Note that an empty
+	// state for a date is still meaningful and either indicates that the date
+	// itself contains no events, or that no progress has been made against that
+	// date yet.
+	Dates map[time.Time]DateExporterState
+}
+
+// IsEmpty returns true if no state is defined.
+func (s *ExporterState) IsEmpty() bool {
+	return len(s.Dates) == 0
+}
+
+// Clone creates a deep copy of the exporter state.
+func (s *ExporterState) Clone() ExporterState {
+	out := ExporterState{
+		Dates: make(map[time.Time]DateExporterState, len(s.Dates)),
+	}
+	for date, state := range s.Dates {
+		out.Dates[date] = state.Clone()
+	}
+	return out
+}
+
+// ExporterConfig configured an exporter.
+type ExporterConfig struct {
+	// Client is the audit event client used to fetch and export events.
+	Client Client
+	// StartDate is the date from which to start exporting events.
+	StartDate time.Time
+	// Export is the callback used to export events. Must be safe for concurrent use if
+	// the Concurrency parameter is greater than 1.
+	Export func(ctx context.Context, event *auditlogpb.ExportEventUnstructured) error
+	// OnIdle is an optional callback that gets invoked periodically when the exporter is idle. Note that it is
+	// safe to close the exporter or inspect its state from within this callback, but waiting on the exporter's
+	// Done channel within this callback will deadlock. This callback is an asynchronous signal and additional
+	// events may be discovered concurrently with its invocation.
+	OnIdle func(ctx context.Context)
+	// PreviousState is an optional parameter used to resume from a previous date export run.
+	PreviousState ExporterState
+	// Concurrency sets the maximum number of event chunks that will be processed concurrently
+	// for a given date (defaults to 1). Note that the total number of inflight chunk processing
+	// may be up to Conurrency * (BacklogSize + 1).
+	Concurrency int
+	// BacklogSize optionally overrides the default size of the export backlog (i.e. the number of
+	// previous dates for which polling continues after initial idleness). default is 1.
+	BacklogSize int
+	// MaxBackoff optionally overrides the default maximum backoff applied when errors are hit.
+	MaxBackoff time.Duration
+	// PollInterval optionally overrides the default poll interval used to fetch event chunks.
+	PollInterval time.Duration
+}
+
+// CheckAndSetDefaults validates configuration and sets default values for optional parameters.
+func (cfg *ExporterConfig) CheckAndSetDefaults() error {
+	if cfg.Client == nil {
+		return trace.BadParameter("missing required parameter Client in ExporterConfig")
+	}
+	if cfg.StartDate.IsZero() {
+		return trace.BadParameter("missing required parameter StartDate in ExporterConfig")
+	}
+	if cfg.Export == nil {
+		return trace.BadParameter("missing required parameter Export in ExporterConfig")
+	}
+	if cfg.Concurrency == 0 {
+		cfg.Concurrency = 1
+	}
+	if cfg.BacklogSize == 0 {
+		cfg.BacklogSize = 1
+	}
+	if cfg.MaxBackoff == 0 {
+		cfg.MaxBackoff = 90 * time.Second
+	}
+	if cfg.PollInterval == 0 {
+		cfg.PollInterval = 16 * time.Second
+	}
+	return nil
+}
+
+// Exporter is a utility for exporting events starting from a given date using the chunked event export APIs. Note that
+// it is specifically designed to prioritize performance and ensure that events aren't missed. Events may not be yielded
+// in time order. Export of events is performed by consuming all currently available events for a given date, then moving
+// to the next date. In order to account for replication delays, a backlog of previous dates are also polled.
+type Exporter struct {
+	cfg         ExporterConfig
+	mu          sync.Mutex
+	current     *DateExporter
+	currentDate time.Time
+	previous    map[time.Time]*DateExporter
+	cancel      context.CancelFunc
+	idle        chan struct{}
+	done        chan struct{}
+}
+
+// NewExporter creates a new exporter and begins background processing of events. Processing will continue indefinitely
+// until Exporter.Close is called.
+func NewExporter(cfg ExporterConfig) (*Exporter, error) {
+	if err := cfg.CheckAndSetDefaults(); err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+
+	e := &Exporter{
+		cfg:      cfg,
+		cancel:   cancel,
+		idle:     make(chan struct{}, 1),
+		done:     make(chan struct{}),
+		previous: make(map[time.Time]*DateExporter, len(cfg.PreviousState.Dates)),
+	}
+
+	// start initial event processing
+	var initError error
+	e.withLock(func() {
+		var resumed int
+		for date, state := range cfg.PreviousState.Dates {
+			date = normalizeDate(date)
+			if cfg.StartDate.After(date) {
+				// skip dates that are older than the start date
+				continue
+			}
+			if err := e.resumeExportLocked(ctx, date, state); err != nil {
+				initError = err
+				return
+			}
+			slog.InfoContext(ctx, "resumed event export", "date", date.Format(time.DateOnly))
+			resumed++
+		}
+
+		if resumed == 0 {
+			// no previous state at/after start date, start at the beginning
+			if err := e.startExportLocked(ctx, cfg.StartDate); err != nil {
+				initError = err
+				return
+			}
+			slog.InfoContext(ctx, "started event export", "date", cfg.StartDate.Format(time.DateOnly))
+		}
+	})
+	if initError != nil {
+		e.Close()
+		return nil, trace.Wrap(initError)
+	}
+
+	go e.run(ctx)
+	return e, nil
+
+}
+
+// Close terminates all event processing. Note that shutdown is asynchronous. Any operation that needs to wait for export to fully
+// terminate should wait on Done after calling Close.
+func (e *Exporter) Close() {
+	e.cancel()
+}
+
+// Done provides a channel that will be closed when the exporter has completed processing all inflight dates. When saving the
+// final state of the exporter for future resumption, this channel must be waited upon before state is loaded. Note that the date
+// exporter never termiantes unless Close is called, so waiting on Done is only meaningful after Close has been called.
+func (e *Exporter) Done() <-chan struct{} {
+	return e.done
+}
+
+// GetCurrentDate returns the current target date. Note that earlier dates may also be being processed concurrently.
+func (e *Exporter) GetCurrentDate() time.Time {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	return e.currentDate
+}
+
+// GetState loads the current state of the exporter. Note that there may be concurrent export operations
+// in progress, meaning that by the time state is observed it may already be outdated.
+func (e *Exporter) GetState() ExporterState {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	state := ExporterState{
+		Dates: make(map[time.Time]DateExporterState, len(e.previous)+1),
+	}
+
+	// Add the current date state.
+	state.Dates[e.currentDate] = e.current.GetState()
+
+	for date, exporter := range e.previous {
+		state.Dates[date] = exporter.GetState()
+	}
+
+	return state
+}
+
+func (e *Exporter) run(ctx context.Context) {
+	defer func() {
+		// on exit we close all date exporters and block on their completion
+		// before signaling that we are done.
+		var doneChans []<-chan struct{}
+		e.withLock(func() {
+			doneChans = make([]<-chan struct{}, 0, len(e.previous)+1)
+			e.current.Close()
+			doneChans = append(doneChans, e.current.Done())
+			for _, exporter := range e.previous {
+				exporter.Close()
+				doneChans = append(doneChans, exporter.Done())
+			}
+		})
+
+		for _, done := range doneChans {
+			<-done
+		}
+		close(e.done)
+	}()
+
+	poll := interval.New(interval.Config{
+		Duration:      e.cfg.PollInterval,
+		FirstDuration: utils.FullJitter(e.cfg.PollInterval / 2),
+		Jitter:        retryutils.NewSeventhJitter(),
+	})
+	defer poll.Stop()
+
+	logLimiter := rate.NewLimiter(rate.Every(time.Minute), 1)
+
+	for {
+		idle, err := e.poll(ctx)
+		if err != nil && logLimiter.Allow() {
+			var dates []string
+			e.withLock(func() {
+				dates = make([]string, 0, len(e.previous)+1)
+				dates = append(dates, e.currentDate.Format(time.DateOnly))
+				for date := range e.previous {
+					dates = append(dates, date.Format(time.DateOnly))
+				}
+			})
+			slices.Sort(dates)
+			slog.WarnContext(ctx, "event export poll failed", "error", err, "dates", dates)
+		}
+
+		if idle && e.cfg.OnIdle != nil {
+			e.cfg.OnIdle(ctx)
+		}
+
+		select {
+		case <-e.idle:
+		case <-poll.Next():
+		case <-ctx.Done():
+			return
+		}
+	}
+}
+
+// poll advances the exporter to the next date if the current date is idle and in the past, and prunes any idle exporters that
+// are outside of the target backlog range. if the exporter is caught up with the current date and all sub-exporters are idle,
+// poll returns true. otherwise, poll returns false.
+func (e *Exporter) poll(ctx context.Context) (bool, error) {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+
+	var caughtUp bool
+	if e.current.IsIdle() {
+		if normalizeDate(time.Now()).After(e.currentDate) {
+			nextDate := e.currentDate.AddDate(0, 0, 1)
+			// current date is idle and in the past, advance to the next date
+			if err := e.startExportLocked(ctx, nextDate); err != nil {
+				return false, trace.Wrap(err)
+			}
+			slog.InfoContext(ctx, "advanced to next event export target", "date", nextDate.Format(time.DateOnly))
+		} else {
+			caughtUp = true
+		}
+	}
+
+	// prune any dangling exporters that appear idle
+	e.pruneBacklogLocked(ctx)
+
+	if !caughtUp {
+		return false, nil
+	}
+
+	// check if all backlog exporters are idle
+	for _, exporter := range e.previous {
+		if !exporter.IsIdle() {
+			return false, nil
+		}
+	}
+
+	// all exporters are idle and we are caught up with the current date
+	return true, nil
+}
+
+// pruneBacklogLocked prunes any idle exporters that are outside of the target backlog range.
+func (e *Exporter) pruneBacklogLocked(ctx context.Context) {
+	if len(e.previous) <= e.cfg.BacklogSize {
+		return
+	}
+
+	dates := make([]time.Time, 0, len(e.previous))
+	for date := range e.previous {
+		dates = append(dates, date)
+	}
+
+	// sort dates with most recent first
+	slices.SortFunc(dates, func(a, b time.Time) int {
+		if a.After(b) {
+			return -1
+		}
+		if b.After(a) {
+			return 1
+		}
+		return 0
+	})
+
+	// close any idle exporters that are older than the backlog size
+	for _, date := range dates[e.cfg.BacklogSize:] {
+		if !e.previous[date].IsIdle() {
+			continue
+		}
+
+		e.previous[date].Close()
+
+		doneC := e.previous[date].Done()
+
+		var closing bool
+		e.withoutLock(func() {
+			select {
+			case <-doneC:
+			case <-ctx.Done():
+				closing = true
+			}
+		})
+
+		if closing {
+			return
+		}
+
+		delete(e.previous, date)
+
+		slog.InfoContext(ctx, "halted historical event export", "date", date.Format(time.DateOnly))
+	}
+}
+
+// startExport starts export of events for the given date.
+func (e *Exporter) startExportLocked(ctx context.Context, date time.Time) error {
+	return e.resumeExportLocked(ctx, date, DateExporterState{})
+}
+
+// resumeExport resumes export of events for the given date with the given state.
+func (e *Exporter) resumeExportLocked(ctx context.Context, date time.Time, state DateExporterState) error {
+	date = normalizeDate(date)
+
+	// check if the date is already being exported
+	if _, ok := e.previous[date]; ok || e.currentDate.Equal(date) {
+		return nil
+	}
+
+	onIdle := func(ctx context.Context) {
+		var isCurrent bool
+		e.withLock(func() {
+			isCurrent = e.currentDate.Equal(date)
+		})
+		if !isCurrent {
+			// idle callbacks from an exporter in the backlog
+			// can be ignored.
+			return
+		}
+
+		// current date is idle, wake up the poll loop
+		select {
+		case e.idle <- struct{}{}:
+		default:
+		}
+	}
+
+	// set up exporter
+	exporter, err := NewDateExporter(DateExporterConfig{
+		Client:        e.cfg.Client,
+		Date:          date,
+		Export:        e.cfg.Export,
+		OnIdle:        onIdle,
+		PreviousState: state,
+		Concurrency:   e.cfg.Concurrency,
+		MaxBackoff:    e.cfg.MaxBackoff,
+		PollInterval:  e.cfg.PollInterval,
+	})
+	if err != nil {
+		return trace.Wrap(err)
+	}
+
+	// if a current export is in progress and is newer than this export,
+	// add this export to the backlog.
+	if e.current != nil && e.currentDate.After(date) {
+		// historical export is being started, add to backlog
+		e.previous[date] = exporter
+		return nil
+	}
+
+	// bump previous export to backlog
+	if e.current != nil {
+		e.previous[e.currentDate] = e.current
+	}
+	e.current = exporter
+	e.currentDate = date
+
+	return nil
+}
+
+func (e *Exporter) withLock(fn func()) {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	fn()
+}
+
+func (e *Exporter) withoutLock(fn func()) {
+	e.mu.Unlock()
+	defer e.mu.Lock()
+	fn()
+}
diff --git a/lib/events/export/exporter_test.go b/lib/events/export/exporter_test.go
new file mode 100644
index 0000000000000..436cd3ecccf52
--- /dev/null
+++ b/lib/events/export/exporter_test.go
@@ -0,0 +1,163 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see .
+ */
+
+package export
+
+import (
+	"context"
+	"fmt"
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/require"
+
+	auditlogpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/auditlog/v1"
+)
+
+const day = time.Hour * 24
+
+// TestExporterBasics tests the basic functionality of the exporter with and without random flake.
+func TestExporterBasics(t *testing.T) {
+	t.Parallel()
+
+	now := normalizeDate(time.Now())
+	startDate := now.Add(-7 * day)
+
+	for _, randomFlake := range []bool{false, true} {
+
+		// empty case verified export of a time range larger than backlog size with no events in it.
+		t.Run(fmt.Sprintf("case=empty,randomFlake=%v", randomFlake), func(t *testing.T) {
+			t.Parallel()
+			clt := newFakeClient()
+			clt.setRandomFlake(randomFlake)
+
+			testExportAll(t, exportTestCase{
+				clt:       clt,
+				startDate: startDate,
+				expected:  []*auditlogpb.ExportEventUnstructured{},
+			})
+		})
+
+		// sparse case verifies export of a time range with gaps larger than the backlog size.
+		t.Run(fmt.Sprintf("case=sparse,randomFlake=%v", randomFlake), func(t *testing.T) {
+			t.Parallel()
+
+			clt := newFakeClient()
+			clt.setRandomFlake(randomFlake)
+
+			var allEvents []*auditlogpb.ExportEventUnstructured
+			allEvents = append(allEvents, addEvents(t, clt, startDate, 1, 1)...)
+			allEvents = append(allEvents, addEvents(t, clt, startDate.Add(4*day), 3, 2)...)
+
+			testExportAll(t, exportTestCase{
+				clt:       clt,
+				startDate: startDate,
+				expected:  allEvents,
+			})
+		})
+
+		// dense case verifies export of a time range with many events in every date.
+		t.Run(fmt.Sprintf("case=dense,randomFlake=%v", randomFlake), func(t *testing.T) {
+			t.Parallel()
+
+			clt := newFakeClient()
+			clt.setRandomFlake(randomFlake)
+
+			var allEvents []*auditlogpb.ExportEventUnstructured
+			allEvents = append(allEvents, addEvents(t, clt, startDate, 100, 1)...)
+			allEvents = append(allEvents, addEvents(t, clt, startDate.Add(day), 50, 2)...)
+			allEvents = append(allEvents, addEvents(t, clt, startDate.Add(2*day), 5, 20)...)
+			allEvents = append(allEvents, addEvents(t, clt, startDate.Add(3*day), 20, 5)...)
+			allEvents = append(allEvents, addEvents(t, clt, startDate.Add(4*day), 14, 7)...)
+			allEvents = append(allEvents, addEvents(t, clt, startDate.Add(5*day), 7, 14)...)
+			allEvents = append(allEvents, addEvents(t, clt, startDate.Add(6*day), 1, 100)...)
+
+			testExportAll(t, exportTestCase{
+				clt:       clt,
+				startDate: startDate,
+				expected:  allEvents,
+			})
+		})
+	}
+}
+
+// addEvents is a helper for generating events in tests. It both inserts the specified event chunks/counts into the fake client
+// and returns the generated events for comparison.
+func addEvents(t *testing.T, clt *fakeClient, date time.Time, chunks, eventsPerChunk int) []*auditlogpb.ExportEventUnstructured {
+	var allEvents []*auditlogpb.ExportEventUnstructured
+	for i := 0; i < chunks; i++ {
+		chunk := makeEventChunk(t, date, eventsPerChunk)
+		allEvents = append(allEvents, chunk...)
+		clt.addChunk(date.Format(time.DateOnly), uuid.NewString(), chunk)
+	}
+
+	return allEvents
+}
+
+type exportTestCase struct {
+	clt       Client
+	startDate time.Time
+	expected  []*auditlogpb.ExportEventUnstructured
+}
+
+// testExportAll verifies that the expected events are exported by the exporter given
+// the supplied client state.
+func testExportAll(t *testing.T, tc exportTestCase) {
+	var exportedMu sync.Mutex
+	var exported []*auditlogpb.ExportEventUnstructured
+
+	exportFn := func(ctx context.Context, event *auditlogpb.ExportEventUnstructured) error {
+		exportedMu.Lock()
+		defer exportedMu.Unlock()
+		exported = append(exported, event)
+		return nil
+	}
+
+	getExported := func() []*auditlogpb.ExportEventUnstructured {
+		exportedMu.Lock()
+		defer exportedMu.Unlock()
+		return append([]*auditlogpb.ExportEventUnstructured(nil), exported...)
+	}
+
+	var idleOnce sync.Once
+	idleCh := make(chan struct{})
+
+	exporter, err := NewExporter(ExporterConfig{
+		Client:       tc.clt,
+		StartDate:    tc.startDate,
+		Export:       exportFn,
+		OnIdle:       func(_ context.Context) { idleOnce.Do(func() { close(idleCh) }) },
+		Concurrency:  2,
+		BacklogSize:  2,
+		MaxBackoff:   600 * time.Millisecond,
+		PollInterval: 200 * time.Millisecond,
+	})
+	require.NoError(t, err)
+	defer exporter.Close()
+
+	timeout := time.After(30 * time.Second)
+	select {
+	case <-idleCh:
+	case <-timeout:
+		require.FailNow(t, "timeout waiting for exporter to become idle")
+	}
+
+	require.ElementsMatch(t, tc.expected, getExported())
+}
diff --git a/lib/events/export/helpers.go b/lib/events/export/helpers.go
new file mode 100644
index 0000000000000..35f7fe0997fd5
--- /dev/null
+++ b/lib/events/export/helpers.go
@@ -0,0 +1,27 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see .
+ */
+
+package export
+
+import "time"
+
+// normalizeDate normalizes a timestamp to the beginning of the day in UTC.
+func normalizeDate(t time.Time) time.Time {
+	t = t.UTC()
+	return time.Date(t.Year(), t.Month(), t.Day(), 0, 0, 0, 0, time.UTC)
+}
diff --git a/lib/events/firestoreevents/firestoreevents.go b/lib/events/firestoreevents/firestoreevents.go
index 8c1d4d4f97855..f3914cc7ff43f 100644
--- a/lib/events/firestoreevents/firestoreevents.go
+++ b/lib/events/firestoreevents/firestoreevents.go
@@ -19,6 +19,7 @@
 package firestoreevents
 
 import (
+	"cmp"
 	"context"
 	"encoding/json"
 	"errors"
@@ -202,6 +203,8 @@ func (cfg *EventsConfig) SetFromURL(url *url.URL) error {
 	}
 	cfg.ProjectID = projectIDParamString
 
+	cfg.DatabaseID = url.Query().Get("databaseID")
+
 	eventRetentionPeriodParamString := url.Query().Get(eventRetentionPeriodPropertyKey)
 	if eventRetentionPeriodParamString == "" {
 		cfg.RetentionPeriod = defaultEventRetentionPeriod
@@ -286,7 +289,7 @@ func New(cfg EventsConfig) (*Log, error) {
 	})
 	l.Info("Initializing event backend.")
 	closeCtx, cancel := context.WithCancel(context.Background())
-	firestoreAdminClient, firestoreClient, err := firestorebk.CreateFirestoreClients(closeCtx, cfg.ProjectID, cfg.EndPoint, cfg.CredentialsPath)
+	firestoreAdminClient, firestoreClient, err := firestorebk.CreateFirestoreClients(closeCtx, cfg.ProjectID, cfg.DatabaseID, cfg.EndPoint, cfg.CredentialsPath)
 	if err != nil {
 		cancel()
 		return nil, trace.Wrap(err)
@@ -576,7 +579,8 @@ type searchEventsFilter struct {
 }
 
 func (l *Log) getIndexParent() string {
-	return "projects/" + l.ProjectID + "/databases/(default)/collectionGroups/" + l.CollectionName
+	database := cmp.Or(l.Config.DatabaseID, "(default)")
+	return "projects/" + l.ProjectID + "/databases/" + database + "/collectionGroups/" + l.CollectionName
 }
 
 func (l *Log) ensureIndexes(adminSvc *apiv1.FirestoreAdminClient) error {
diff --git a/lib/integrations/awsoidc/deployservice.go b/lib/integrations/awsoidc/deployservice.go
index 31c86ce6b9a96..b9fbc4b99c458 100644
--- a/lib/integrations/awsoidc/deployservice.go
+++ b/lib/integrations/awsoidc/deployservice.go
@@ -29,13 +29,14 @@ import (
 	"github.com/aws/aws-sdk-go-v2/aws/retry"
 	"github.com/aws/aws-sdk-go-v2/service/ecs"
 	ecsTypes "github.com/aws/aws-sdk-go-v2/service/ecs/types"
+	"github.com/coreos/go-semver/semver"
 	"github.com/gravitational/trace"
 
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/utils/retryutils"
 	"github.com/gravitational/teleport/lib/integrations/awsoidc/tags"
-	"github.com/gravitational/teleport/lib/modules"
+	"github.com/gravitational/teleport/lib/utils/teleportassets"
 )
 
 var (
@@ -55,11 +56,6 @@ var (
 )
 
 const (
-	// distrolessTeleportOSS is the distroless image of the OSS version of Teleport
-	distrolessTeleportOSS = "public.ecr.aws/gravitational/teleport-distroless"
-	// distrolessTeleportEnt is the distroless image of the Enterprise version of Teleport
-	distrolessTeleportEnt = "public.ecr.aws/gravitational/teleport-ent-distroless"
-
 	// clusterStatusActive is the string representing an ACTIVE ECS Cluster.
 	clusterStatusActive = "ACTIVE"
 	// clusterStatusInactive is the string representing an INACTIVE ECS Cluster.
@@ -472,7 +468,10 @@ type upsertTaskRequest struct {
 
 // upsertTask ensures a TaskDefinition with TaskName exists
 func upsertTask(ctx context.Context, clt DeployServiceClient, req upsertTaskRequest) (*ecsTypes.TaskDefinition, error) {
-	taskAgentContainerImage := getDistrolessTeleportImage(req.TeleportVersionTag)
+	taskAgentContainerImage, err := getDistrolessTeleportImage(req.TeleportVersionTag)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
 
 	taskDefIn := &ecs.RegisterTaskDefinitionInput{
 		Family: aws.String(req.TaskName),
@@ -760,10 +759,11 @@ func upsertService(ctx context.Context, clt DeployServiceClient, req upsertServi
 }
 
 // getDistrolessTeleportImage returns the distroless teleport image string
-func getDistrolessTeleportImage(version string) string {
-	teleportImage := distrolessTeleportOSS
-	if modules.GetModules().BuildType() == modules.BuildEnterprise {
-		teleportImage = distrolessTeleportEnt
+func getDistrolessTeleportImage(version string) (string, error) {
+	semVer, err := semver.NewVersion(version)
+	if err != nil {
+		return "", trace.BadParameter("invalid version tag %s", version)
 	}
-	return fmt.Sprintf("%s:%s", teleportImage, version)
+
+	return teleportassets.DistrolessImage(*semVer), nil
 }
diff --git a/lib/integrations/awsoidc/deployservice_test.go b/lib/integrations/awsoidc/deployservice_test.go
index 10d62e7da5ba9..1211b82696d2e 100644
--- a/lib/integrations/awsoidc/deployservice_test.go
+++ b/lib/integrations/awsoidc/deployservice_test.go
@@ -238,7 +238,9 @@ func TestUpsertTask(t *testing.T) {
 		},
 	}
 
-	taskDefinition, err := upsertTask(ctx, mockClient, upsertTaskRequest{})
+	semVer := *teleport.SemVersion
+	semVer.PreRelease = ""
+	taskDefinition, err := upsertTask(ctx, mockClient, upsertTaskRequest{TeleportVersionTag: semVer.String()})
 	require.NoError(t, err)
 	require.Equal(t, expected, taskDefinition.ContainerDefinitions[0].Environment)
 }
diff --git a/lib/integrations/awsoidc/deployservice_update.go b/lib/integrations/awsoidc/deployservice_update.go
index a23e6c6c0829c..88addf06120ae 100644
--- a/lib/integrations/awsoidc/deployservice_update.go
+++ b/lib/integrations/awsoidc/deployservice_update.go
@@ -71,7 +71,10 @@ func UpdateDeployService(ctx context.Context, clt DeployServiceClient, log *slog
 		return trace.Wrap(err)
 	}
 
-	teleportImage := getDistrolessTeleportImage(req.TeleportVersionTag)
+	teleportImage, err := getDistrolessTeleportImage(req.TeleportVersionTag)
+	if err != nil {
+		return trace.Wrap(err)
+	}
 	services, err := getManagedServices(ctx, clt, log, req.TeleportClusterName, req.OwnershipTags)
 	if err != nil {
 		return trace.Wrap(err)
@@ -105,6 +108,7 @@ func updateServiceContainerImage(ctx context.Context, clt DeployServiceClient, l
 	// There is no need to update the ecs service if the ecs service is already
 	// running the latest stable version of teleport.
 	if currentTeleportImage == teleportImage {
+		log.InfoContext(ctx, "ECS service version already matches, not updating")
 		return nil
 	}
 
diff --git a/lib/integrations/awsoidc/deployservice_update_test.go b/lib/integrations/awsoidc/deployservice_update_test.go
index 91bd4ada8ae71..88910688903bd 100644
--- a/lib/integrations/awsoidc/deployservice_update_test.go
+++ b/lib/integrations/awsoidc/deployservice_update_test.go
@@ -162,7 +162,9 @@ func TestUpdateDeployServices(t *testing.T) {
 	clusterName := "my-cluster"
 	integrationName := "my-integration"
 	ownershipTags := tags.DefaultResourceCreationTags(clusterName, integrationName)
-	teleportVersion := teleport.Version
+	semVer := *teleport.SemVersion
+	semVer.PreRelease = ""
+	teleportVersion := semVer.String()
 	log := utils.NewSlogLoggerForTests().With("test", t.Name())
 
 	t.Run("only legacy service present", func(t *testing.T) {
diff --git a/lib/integrations/awsoidc/listdatabases.go b/lib/integrations/awsoidc/listdatabases.go
index d6b8af3720b6a..8298ec7aef609 100644
--- a/lib/integrations/awsoidc/listdatabases.go
+++ b/lib/integrations/awsoidc/listdatabases.go
@@ -20,6 +20,7 @@ package awsoidc
 
 import (
 	"context"
+	"log/slog"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/rds"
@@ -116,14 +117,14 @@ var listDatabasesPageSize int32 = 50
 // https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html
 // https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html
 // It returns a list of Databases and an optional NextToken that can be used to fetch the next page
-func ListDatabases(ctx context.Context, clt ListDatabasesClient, req ListDatabasesRequest) (*ListDatabasesResponse, error) {
+func ListDatabases(ctx context.Context, clt ListDatabasesClient, log *slog.Logger, req ListDatabasesRequest) (*ListDatabasesResponse, error) {
 	if err := req.CheckAndSetDefaults(); err != nil {
 		return nil, trace.Wrap(err)
 	}
 
 	all := &ListDatabasesResponse{}
 	for {
-		res, err := listDatabases(ctx, clt, req)
+		res, err := listDatabases(ctx, clt, log, req)
 		if err != nil {
 			return nil, trace.Wrap(err)
 		}
@@ -140,7 +141,7 @@ func ListDatabases(ctx context.Context, clt ListDatabasesClient, req ListDatabas
 	}
 }
 
-func listDatabases(ctx context.Context, clt ListDatabasesClient, req ListDatabasesRequest) (*ListDatabasesResponse, error) {
+func listDatabases(ctx context.Context, clt ListDatabasesClient, log *slog.Logger, req ListDatabasesRequest) (*ListDatabasesResponse, error) {
 	// Uses https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html
 	if req.RDSType == rdsTypeInstance {
 		ret, err := listDBInstances(ctx, clt, req)
@@ -151,7 +152,7 @@ func listDatabases(ctx context.Context, clt ListDatabasesClient, req ListDatabas
 	}
 
 	// Uses https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html
-	ret, err := listDBClusters(ctx, clt, req)
+	ret, err := listDBClusters(ctx, clt, log, req)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
@@ -199,7 +200,7 @@ func listDBInstances(ctx context.Context, clt ListDatabasesClient, req ListDatab
 	return ret, nil
 }
 
-func listDBClusters(ctx context.Context, clt ListDatabasesClient, req ListDatabasesRequest) (*ListDatabasesResponse, error) {
+func listDBClusters(ctx context.Context, clt ListDatabasesClient, log *slog.Logger, req ListDatabasesRequest) (*ListDatabasesResponse, error) {
 	describeDBClusterInput := &rds.DescribeDBClustersInput{
 		Filters: []rdsTypes.Filter{
 			{Name: &filterEngine, Values: req.Engines},
@@ -231,16 +232,23 @@ func listDBClusters(ctx context.Context, clt ListDatabasesClient, req ListDataba
 		// To get this value, a member of the cluster is fetched and its Network Information is used to
 		// populate the RDS Cluster information.
 		// All the members have the same network information, so picking one at random should not matter.
-		clusterInstance, err := fetchSingleRDSDBInstance(ctx, clt, req, aws.ToString(db.DBClusterIdentifier))
+		instances, err := fetchRDSClusterInstances(ctx, clt, req, aws.ToString(db.DBClusterIdentifier))
 		if err != nil {
 			return nil, trace.Wrap(err)
 		}
+		if len(instances) == 0 {
+			log.InfoContext(ctx, "Skipping RDS cluster because it has no instances",
+				"cluster", aws.ToString(db.DBClusterIdentifier),
+			)
+			continue
+		}
+		instance := &instances[0]
 
-		if req.VpcId != "" && !subnetGroupIsInVPC(clusterInstance.DBSubnetGroup, req.VpcId) {
+		if req.VpcId != "" && !subnetGroupIsInVPC(instance.DBSubnetGroup, req.VpcId) {
 			continue
 		}
 
-		awsDB, err := common.NewDatabaseFromRDSV2Cluster(&db, clusterInstance)
+		awsDB, err := common.NewDatabaseFromRDSV2Cluster(&db, instance)
 		if err != nil {
 			return nil, trace.Wrap(err)
 		}
@@ -251,7 +259,7 @@ func listDBClusters(ctx context.Context, clt ListDatabasesClient, req ListDataba
 	return ret, nil
 }
 
-func fetchSingleRDSDBInstance(ctx context.Context, clt ListDatabasesClient, req ListDatabasesRequest, clusterID string) (*rdsTypes.DBInstance, error) {
+func fetchRDSClusterInstances(ctx context.Context, clt ListDatabasesClient, req ListDatabasesRequest, clusterID string) ([]rdsTypes.DBInstance, error) {
 	describeDBInstanceInput := &rds.DescribeDBInstancesInput{
 		Filters: []rdsTypes.Filter{
 			{Name: &filterDBClusterID, Values: []string{clusterID}},
@@ -262,12 +270,7 @@ func fetchSingleRDSDBInstance(ctx context.Context, clt ListDatabasesClient, req
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
-
-	if len(rdsDBs.DBInstances) == 0 {
-		return nil, trace.BadParameter("database cluster %s has no instance", clusterID)
-	}
-
-	return &rdsDBs.DBInstances[0], nil
+	return rdsDBs.DBInstances, nil
 }
 
 // subnetGroupIsInVPC is a simple helper to check if a db subnet group is in
diff --git a/lib/integrations/awsoidc/listdatabases_test.go b/lib/integrations/awsoidc/listdatabases_test.go
index e470762bbc862..6f831668e4f85 100644
--- a/lib/integrations/awsoidc/listdatabases_test.go
+++ b/lib/integrations/awsoidc/listdatabases_test.go
@@ -32,6 +32,7 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/gravitational/teleport/api/types"
+	"github.com/gravitational/teleport/lib/utils"
 )
 
 func stringPointer(s string) *string {
@@ -140,6 +141,7 @@ func TestListDatabases(t *testing.T) {
 
 		t.Run("without vpc filter", func(t *testing.T) {
 			t.Parallel()
+			logger := utils.NewSlogLoggerForTests().With("test", t.Name())
 			// First page must return pageSize number of DBs
 			req := ListDatabasesRequest{
 				Region:    "us-east-1",
@@ -149,14 +151,14 @@ func TestListDatabases(t *testing.T) {
 				NextToken: "",
 			}
 			for i := 0; i < totalDBs/int(listDatabasesPageSize); i++ {
-				resp, err := ListDatabases(ctx, mockListClient, req)
+				resp, err := ListDatabases(ctx, mockListClient, logger, req)
 				require.NoError(t, err)
 				require.Len(t, resp.Databases, int(listDatabasesPageSize))
 				require.NotEmpty(t, resp.NextToken)
 				req.NextToken = resp.NextToken
 			}
 			// Last page must return remaining databases and an empty token.
-			resp, err := ListDatabases(ctx, mockListClient, req)
+			resp, err := ListDatabases(ctx, mockListClient, logger, req)
 			require.NoError(t, err)
 			require.Len(t, resp.Databases, totalDBs%int(listDatabasesPageSize))
 			require.Empty(t, resp.NextToken)
@@ -164,10 +166,11 @@ func TestListDatabases(t *testing.T) {
 
 		t.Run("with vpc filter", func(t *testing.T) {
 			t.Parallel()
+			logger := utils.NewSlogLoggerForTests().With("test", t.Name())
 			// First page must return at least pageSize number of DBs
 			var gotDatabases []types.Database
 			wantVPC := "vpc-2"
-			resp, err := ListDatabases(ctx, mockListClient, ListDatabasesRequest{
+			resp, err := ListDatabases(ctx, mockListClient, logger, ListDatabasesRequest{
 				Region:    "us-east-1",
 				RDSType:   "instance",
 				Engines:   []string{"postgres"},
@@ -188,7 +191,7 @@ func TestListDatabases(t *testing.T) {
 			gotDatabases = append(gotDatabases, resp.Databases...)
 
 			// Second page must return pageSize number of DBs
-			resp, err = ListDatabases(ctx, mockListClient, ListDatabasesRequest{
+			resp, err = ListDatabases(ctx, mockListClient, logger, ListDatabasesRequest{
 				Region:    "us-east-1",
 				RDSType:   "instance",
 				Engines:   []string{"postgres"},
@@ -202,7 +205,7 @@ func TestListDatabases(t *testing.T) {
 			gotDatabases = append(gotDatabases, resp.Databases...)
 
 			// Third page must return only the remaining DBs and an empty nextToken
-			resp, err = ListDatabases(ctx, mockListClient, ListDatabasesRequest{
+			resp, err = ListDatabases(ctx, mockListClient, logger, ListDatabasesRequest{
 				Region:    "us-east-1",
 				RDSType:   "instance",
 				Engines:   []string{"postgres"},
@@ -318,6 +321,11 @@ func TestListDatabases(t *testing.T) {
 						Subnets: []rdsTypes.Subnet{{SubnetIdentifier: aws.String("subnet-b")}},
 						VpcId:   aws.String("vpc-2"),
 					},
+					VpcSecurityGroups: []rdsTypes.VpcSecurityGroupMembership{
+						{VpcSecurityGroupId: aws.String("")},
+						{VpcSecurityGroupId: aws.String("sg-1")},
+						{VpcSecurityGroupId: aws.String("sg-2")},
+					},
 					Endpoint: &rdsTypes.Endpoint{
 						Address: stringPointer("endpoint.amazonaws.com"),
 						Port:    aws.Int32(5432),
@@ -353,6 +361,10 @@ func TestListDatabases(t *testing.T) {
 								ResourceID: "db-123",
 								VPCID:      "vpc-2",
 								Subnets:    []string{"subnet-b"},
+								SecurityGroups: []string{
+									"sg-1",
+									"sg-2",
+								},
 							},
 						},
 					},
@@ -574,23 +586,77 @@ func TestListDatabases(t *testing.T) {
 		},
 
 		{
-			name: "cluster exists but no instance exists, returns an error",
+			name: "listing clusters returns all valid clusters and ignores the others",
 			req: ListDatabasesRequest{
 				Region:    "us-east-1",
 				RDSType:   "cluster",
 				Engines:   []string{"postgres"},
 				NextToken: "",
 			},
-			mockClusters: []rdsTypes.DBCluster{{
-				Status:              stringPointer("available"),
+			mockInstances: []rdsTypes.DBInstance{{
 				DBClusterIdentifier: stringPointer("my-dbc"),
-				DbClusterResourceId: stringPointer("db-123"),
-				Engine:              stringPointer("aurora-postgresql"),
-				Endpoint:            stringPointer("aurora-instance-1.abcdefghijklmnop.us-west-1.rds.amazonaws.com"),
-				Port:                &clusterPort,
-				DBClusterArn:        stringPointer("arn:aws:iam::123456789012:role/MyARN"),
+				DBSubnetGroup: &rdsTypes.DBSubnetGroup{
+					Subnets: []rdsTypes.Subnet{{SubnetIdentifier: aws.String("subnet-999")}},
+					VpcId:   aws.String("vpc-999"),
+				},
 			}},
-			errCheck: trace.IsBadParameter,
+			mockClusters: []rdsTypes.DBCluster{
+				{
+					Status:              stringPointer("available"),
+					DBClusterIdentifier: stringPointer("my-empty-cluster"),
+					DbClusterResourceId: stringPointer("db-456"),
+					Engine:              stringPointer("aurora-mysql"),
+					Endpoint:            stringPointer("aurora-instance-1.abcdefghijklmnop.us-west-1.rds.amazonaws.com"),
+					Port:                &clusterPort,
+					DBClusterArn:        stringPointer("arn:aws:iam::123456789012:role/MyARN"),
+				},
+				{
+					Status:              stringPointer("available"),
+					DBClusterIdentifier: stringPointer("my-dbc"),
+					DbClusterResourceId: stringPointer("db-123"),
+					Engine:              stringPointer("aurora-postgresql"),
+					Endpoint:            stringPointer("aurora-instance-2.abcdefghijklmnop.us-west-1.rds.amazonaws.com"),
+					Port:                &clusterPort,
+					DBClusterArn:        stringPointer("arn:aws:iam::123456789012:role/MyARN"),
+				},
+			},
+			respCheck: func(t *testing.T, ldr *ListDatabasesResponse) {
+				require.Len(t, ldr.Databases, 1, "expected 1 database, got %d", len(ldr.Databases))
+				require.Empty(t, ldr.NextToken, "expected an empty NextToken")
+				expectedDB, err := types.NewDatabaseV3(
+					types.Metadata{
+						Name:        "my-dbc",
+						Description: "Aurora cluster in ",
+						Labels: map[string]string{
+							"account-id":         "123456789012",
+							"endpoint-type":      "primary",
+							"engine":             "aurora-postgresql",
+							"engine-version":     "",
+							"region":             "",
+							"status":             "available",
+							"vpc-id":             "vpc-999",
+							"teleport.dev/cloud": "AWS",
+						},
+					},
+					types.DatabaseSpecV3{
+						Protocol: "postgres",
+						URI:      "aurora-instance-2.abcdefghijklmnop.us-west-1.rds.amazonaws.com:5432",
+						AWS: types.AWS{
+							AccountID: "123456789012",
+							RDS: types.RDS{
+								ClusterID:  "my-dbc",
+								InstanceID: "aurora-instance-2",
+								ResourceID: "db-123",
+								Subnets:    []string{"subnet-999"},
+								VPCID:      "vpc-999",
+							},
+						},
+					},
+				)
+				require.NoError(t, err)
+				require.Empty(t, cmp.Diff(expectedDB, ldr.Databases[0]))
+			},
+			errCheck: noErrorFunc,
 		},
 		{
 			name: "no region",
@@ -628,7 +694,8 @@ func TestListDatabases(t *testing.T) {
 				dbInstances: tt.mockInstances,
 				dbClusters:  tt.mockClusters,
 			}
-			resp, err := ListDatabases(ctx, mockListClient, tt.req)
+			logger := utils.NewSlogLoggerForTests().With("test", t.Name())
+			resp, err := ListDatabases(ctx, mockListClient, logger, tt.req)
 			require.True(t, tt.errCheck(err), "unexpected err: %v", err)
 			if err != nil {
 				return
diff --git a/lib/integrations/externalauditstorage/configurator.go b/lib/integrations/externalauditstorage/configurator.go
index dd63222b5bc20..050298f9e13e0 100644
--- a/lib/integrations/externalauditstorage/configurator.go
+++ b/lib/integrations/externalauditstorage/configurator.go
@@ -108,7 +108,6 @@ func (o *Options) setDefaults(ctx context.Context, region string) error {
 			ctx,
 			config.WithRegion(region),
 			config.WithUseFIPSEndpoint(useFips),
-			config.WithRetryMaxAttempts(10),
 		)
 		if err != nil {
 			return trace.Wrap(err)
diff --git a/lib/inventory/controller.go b/lib/inventory/controller.go
index 61d9da851bc16..e401c4e239c01 100644
--- a/lib/inventory/controller.go
+++ b/lib/inventory/controller.go
@@ -25,6 +25,7 @@ import (
 	"time"
 
 	"github.com/gravitational/trace"
+	"github.com/jonboulle/clockwork"
 	log "github.com/sirupsen/logrus"
 
 	"github.com/gravitational/teleport/api/client"
@@ -104,7 +105,7 @@ type controllerOptions struct {
 	maxKeepAliveErrs   int
 	authID             string
 	onConnectFunc      func(string)
-	onDisconnectFunc   func(string)
+	onDisconnectFunc   func(string, int)
 }
 
 func (options *controllerOptions) SetDefaults() {
@@ -126,11 +127,11 @@ func (options *controllerOptions) SetDefaults() {
 	}
 
 	if options.onConnectFunc == nil {
-		options.onConnectFunc = func(s string) {}
+		options.onConnectFunc = func(string) {}
 	}
 
 	if options.onDisconnectFunc == nil {
-		options.onDisconnectFunc = func(s string) {}
+		options.onDisconnectFunc = func(string, int) {}
 	}
 }
 
@@ -153,12 +154,12 @@ func WithOnConnect(f func(heartbeatKind string)) ControllerOption {
 	}
 }
 
-// WithOnDisconnect sets a function to be called every time an existing
-// instance disconnects from the inventory control stream. The value
-// provided to the callback is the keep alive type of the disconnected
-// resource. The callback should return quickly so as not to prevent
-// processing of heartbeats.
-func WithOnDisconnect(f func(heartbeatKind string)) ControllerOption {
+// WithOnDisconnect sets a function to be called every time an existing instance
+// disconnects from the inventory control stream. The values provided to the
+// callback are the keep alive type of the disconnected resource, as well as a
+// count of how many resources disconnected at once. The callback should return
+// quickly so as not to prevent processing of heartbeats.
+func WithOnDisconnect(f func(heartbeatKind string, amount int)) ControllerOption {
 	return func(opts *controllerOptions) {
 		opts.onDisconnectFunc = f
 	}
@@ -199,7 +200,7 @@ type Controller struct {
 	usageReporter              usagereporter.UsageReporter
 	testEvents                 chan testEvent
 	onConnectFunc              func(string)
-	onDisconnectFunc           func(string)
+	onDisconnectFunc           func(string, int)
 	closeContext               context.Context
 	cancel                     context.CancelFunc
 }
@@ -262,12 +263,14 @@ func (c *Controller) RegisterControlStream(stream client.UpstreamInventoryContro
 	// as much as possible. this is intended to mitigate load spikes on auth restart, and is reasonably
 	// safe to do since the instance resource is not directly relied upon for use of any particular teleport
 	// service.
-	ticker := interval.NewMulti(interval.SubInterval[intervalKey]{
-		Key:              instanceHeartbeatKey,
-		VariableDuration: c.instanceHBVariableDuration,
-		FirstDuration:    fullJitter(c.instanceHBVariableDuration.Duration()),
-		Jitter:           seventhJitter,
-	})
+	ticker := interval.NewMulti(
+		clockwork.NewRealClock(),
+		interval.SubInterval[intervalKey]{
+			Key:              instanceHeartbeatKey,
+			VariableDuration: c.instanceHBVariableDuration,
+			FirstDuration:    fullJitter(c.instanceHBVariableDuration.Duration()),
+			Jitter:           seventhJitter,
+		})
 	handle := newUpstreamHandle(stream, hello, ticker)
 	c.store.Insert(handle)
 	go c.handleControlStream(handle)
@@ -321,7 +324,10 @@ func (c *Controller) handleControlStream(handle *upstreamHandle) {
 
 	defer func() {
 		if handle.goodbye.GetDeleteResources() {
-			log.WithField("apps", len(handle.appServers)).Debug("Cleaning up resources in response to instance termination")
+			log.WithFields(log.Fields{
+				"apps":      len(handle.appServers),
+				"server_id": handle.Hello().ServerID,
+			}).Debug("Cleaning up resources in response to instance termination")
 			for _, app := range handle.appServers {
 				if err := c.auth.DeleteApplicationServer(c.closeContext, apidefaults.Namespace, app.resource.GetHostID(), app.resource.GetName()); err != nil && !trace.IsNotFound(err) {
 					log.Warnf("Failed to remove app server %q on termination: %v.", handle.Hello().ServerID, err)
@@ -338,11 +344,11 @@ func (c *Controller) handleControlStream(handle *upstreamHandle) {
 		handle.ticker.Stop()
 
 		if handle.sshServer != nil {
-			c.onDisconnectFunc(constants.KeepAliveNode)
+			c.onDisconnectFunc(constants.KeepAliveNode, 1)
 		}
 
-		for range handle.appServers {
-			c.onDisconnectFunc(constants.KeepAliveApp)
+		if len(handle.appServers) > 0 {
+			c.onDisconnectFunc(constants.KeepAliveApp, len(handle.appServers))
 		}
 
 		clear(handle.appServers)
@@ -674,6 +680,7 @@ func (c *Controller) keepAliveAppServer(handle *upstreamHandle, now time.Time) e
 
 				if shouldRemove {
 					c.testEvent(appKeepAliveDel)
+					c.onDisconnectFunc(constants.KeepAliveApp, 1)
 					delete(handle.appServers, name)
 				}
 			} else {
diff --git a/lib/inventory/controller_test.go b/lib/inventory/controller_test.go
index 323bc712e21b0..66c7bd3ca5940 100644
--- a/lib/inventory/controller_test.go
+++ b/lib/inventory/controller_test.go
@@ -144,11 +144,14 @@ func TestSSHServerBasics(t *testing.T) {
 		expectAddr: wantAddr,
 	}
 
+	rc := &resourceCounter{}
 	controller := NewController(
 		auth,
 		usagereporter.DiscardUsageReporter{},
 		withServerKeepAlive(time.Millisecond*200),
 		withTestEventsChannel(events),
+		WithOnConnect(rc.onConnect),
+		WithOnDisconnect(rc.onDisconnect),
 	)
 	defer controller.Close()
 
@@ -282,6 +285,9 @@ func TestSSHServerBasics(t *testing.T) {
 	// here).
 	require.Equal(t, int64(0), controller.instanceHBVariableDuration.Count())
 
+	// verify that metrics have been updated correctly
+	require.Zero(t, 0, rc.count())
+
 	// verify that the peer address of the control stream was used to override
 	// zero-value IPs for heartbeats.
 	auth.mu.Lock()
@@ -305,11 +311,14 @@ func TestAppServerBasics(t *testing.T) {
 
 	auth := &fakeAuth{}
 
+	rc := &resourceCounter{}
 	controller := NewController(
 		auth,
 		usagereporter.DiscardUsageReporter{},
 		withServerKeepAlive(time.Millisecond*200),
 		withTestEventsChannel(events),
+		WithOnConnect(rc.onConnect),
+		WithOnDisconnect(rc.onDisconnect),
 	)
 	defer controller.Close()
 
@@ -500,6 +509,9 @@ func TestAppServerBasics(t *testing.T) {
 	// always *before* closure is propagated to downstream handle, hence being safe to load
 	// here).
 	require.Equal(t, int64(0), controller.instanceHBVariableDuration.Count())
+
+	// verify that metrics have been updated correctly
+	require.Zero(t, rc.count())
 }
 
 // TestInstanceHeartbeat verifies basic expected behaviors for instance heartbeat.
@@ -897,7 +909,6 @@ func TestGoodbye(t *testing.T) {
 }
 
 func TestGetSender(t *testing.T) {
-
 	controller := NewController(
 		&fakeAuth{},
 		usagereporter.DiscardUsageReporter{},
@@ -1008,3 +1019,37 @@ func awaitEvents(t *testing.T, ch <-chan testEvent, opts ...eventOption) {
 		}
 	}
 }
+
+type resourceCounter struct {
+	mu sync.Mutex
+	c  map[string]int
+}
+
+func (r *resourceCounter) onConnect(typ string) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	if r.c == nil {
+		r.c = make(map[string]int)
+	}
+	r.c[typ]++
+}
+
+func (r *resourceCounter) onDisconnect(typ string, amount int) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	if r.c == nil {
+		r.c = make(map[string]int)
+	}
+	r.c[typ] -= amount
+}
+
+func (r *resourceCounter) count() int {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	var count int
+	for _, v := range r.c {
+		count += v
+	}
+	return count
+}
diff --git a/lib/jwt/jwt.go b/lib/jwt/jwt.go
index 696b444e4b39c..e6b6b63b48a45 100644
--- a/lib/jwt/jwt.go
+++ b/lib/jwt/jwt.go
@@ -206,7 +206,13 @@ func (k *Key) Sign(p SignParams) (string, error) {
 		Traits:   p.Traits,
 	}
 
-	return k.sign(claims, nil)
+	// RFC 7517 requires that `kid` be present in the JWT header if there are multiple keys in the JWKS.
+	// We ignore the error because go-jose omits the kid if it is empty.
+	so := &jose.SignerOptions{}
+	if v, ok := k.config.PublicKey.(*rsa.PublicKey); ok {
+		so.WithHeader("kid", KeyID(v))
+	}
+	return k.sign(claims, so)
 }
 
 // awsOIDCCustomClaims defines the require claims for the JWT token used in AWS OIDC Integration.
diff --git a/lib/jwt/jwt_test.go b/lib/jwt/jwt_test.go
index 1c30979f8d406..5aafe35a5d27d 100644
--- a/lib/jwt/jwt_test.go
+++ b/lib/jwt/jwt_test.go
@@ -57,6 +57,13 @@ func TestSignAndVerify(t *testing.T) {
 	})
 	require.NoError(t, err)
 
+	//decode the signed token
+	decodedToken, err := josejwt.ParseSigned(token)
+	require.NoError(t, err)
+
+	// verify that the kid header is present, and not empty
+	require.NotEmpty(t, decodedToken.Headers[0].KeyID)
+
 	// Verify that the token can be validated and values match expected values.
 	claims, err := key.Verify(VerifyParams{
 		Username: "foo@example.com",
diff --git a/lib/kube/kubeconfig/context_overwrite.go b/lib/kube/kubeconfig/context_overwrite.go
index bc2b1e68f5d70..6ad52c2342c09 100644
--- a/lib/kube/kubeconfig/context_overwrite.go
+++ b/lib/kube/kubeconfig/context_overwrite.go
@@ -105,3 +105,16 @@ func executeKubeContextTemplate(tmpl *template.Template, clusterName, kubeName s
 	err := tmpl.Execute(&buf, contextEntry)
 	return buf.String(), trace.Wrap(err)
 }
+
+// ContextNameFromTemplate generates a kubernetes context name from the given template.
+func ContextNameFromTemplate(temp string, clusterName, kubeName string) (string, error) {
+	tmpl, err := parseContextOverrideTemplate(temp)
+	if err != nil {
+		return "", trace.Wrap(err)
+	}
+	if tmpl == nil {
+		return ContextName(clusterName, kubeName), nil
+	}
+	s, err := executeKubeContextTemplate(tmpl, clusterName, kubeName)
+	return s, trace.Wrap(err)
+}
diff --git a/lib/modules/modules.go b/lib/modules/modules.go
index 6265e999e90cb..c52d6c0a42d42 100644
--- a/lib/modules/modules.go
+++ b/lib/modules/modules.go
@@ -290,6 +290,8 @@ type Modules interface {
 	EnableAccessGraph()
 	// EnableAccessMonitoring enables the usage of access monitoring.
 	EnableAccessMonitoring()
+	// LicenseExpiry returns the expiry date of the enterprise license, if applicable.
+	LicenseExpiry() time.Time
 }
 
 const (
@@ -379,6 +381,12 @@ func (p *defaultModules) PrintVersion() {
 	fmt.Printf("Teleport v%s git:%s %s\n", teleport.Version, teleport.Gitref, runtime.Version())
 }
 
+// LicenseExpiry returns the expiry date of the enterprise license, if applicable.
+// Returns the zero value for time.Time for OSS.
+func (p *defaultModules) LicenseExpiry() time.Time {
+	return time.Time{}
+}
+
 // Features returns supported features for default modules which is applied for OSS users
 // todo (michellescripts) remove deprecated features
 func (p *defaultModules) Features() Features {
diff --git a/lib/reversetunnel/localsite.go b/lib/reversetunnel/localsite.go
index 3f81379178c15..b903cba67d20b 100644
--- a/lib/reversetunnel/localsite.go
+++ b/lib/reversetunnel/localsite.go
@@ -517,6 +517,11 @@ with the cluster.`
 		toAddr = params.To.String()
 	}
 
+	// Prefer providing the hostname over an address.
+	if params.TargetServer != nil {
+		toAddr = params.TargetServer.GetHostname()
+	}
+
 	return fmt.Sprintf(errorMessageTemplate, params.ConnType, toAddr, connStr, err)
 }
 
@@ -613,7 +618,8 @@ func (s *localSite) getConn(params reversetunnelclient.DialParams) (conn net.Con
 		return newMetricConn(conn, dt, dialStart, s.srv.Clock), true, nil
 	}
 
-	if s.tryProxyPeering(params) {
+	peeringEnabled := s.tryProxyPeering(params)
+	if peeringEnabled {
 		s.log.Info("Dialing over peer proxy")
 		conn, peerErr = s.peerClient.DialNode(
 			params.ProxyIDs, params.ServerID, params.From, params.To, params.ConnType,
@@ -623,20 +629,28 @@ func (s *localSite) getConn(params reversetunnelclient.DialParams) (conn net.Con
 		}
 	}
 
-	err = trace.NewAggregate(tunnelErr, peerErr)
-	tunnelMsg := getTunnelErrorMessage(params, "reverse tunnel", err)
+	// If a connection via tunnel failed directly and via a remote peer,
+	// then update the tunnel message to indicate that tunnels were not
+	// found in either place. Avoid aggregating the local and peer errors
+	// to reduce duplicate data since this message makes its way back to
+	// users and can be confusing.
+	msg := "reverse tunnel"
+	if peeringEnabled {
+		msg = "local and peer reverse tunnels"
+	}
+	tunnelMsg := getTunnelErrorMessage(params, msg, tunnelErr)
 
 	// Skip direct dial when the tunnel error is not a not found error. This
 	// means the agent is tunneling but the connection failed for some reason.
 	if !trace.IsNotFound(tunnelErr) {
-		return nil, false, trace.ConnectionProblem(err, tunnelMsg)
+		return nil, false, trace.ConnectionProblem(tunnelErr, tunnelMsg)
 	}
 
 	skip, err := s.skipDirectDial(params)
 	if err != nil {
 		return nil, false, trace.Wrap(err)
 	} else if skip {
-		return nil, false, trace.ConnectionProblem(err, tunnelMsg)
+		return nil, false, trace.ConnectionProblem(tunnelErr, tunnelMsg)
 	}
 
 	// If no tunnel connection was found, dial to the target host.
diff --git a/lib/secretsscanner/scanner/scan.go b/lib/secretsscanner/scanner/scan.go
index 664b6fcef8e67..79de0b89f0552 100644
--- a/lib/secretsscanner/scanner/scan.go
+++ b/lib/secretsscanner/scanner/scan.go
@@ -113,6 +113,10 @@ func (s *Scanner) findPrivateKeys(ctx context.Context, root, deviceID string, pr
 	logger := s.log.With("root", root)
 
 	err := filepath.WalkDir(root, func(path string, info fs.DirEntry, err error) error {
+		// check if the context is done before processing the file.
+		if ctx.Err() != nil {
+			return ctx.Err()
+		}
 		if err != nil {
 			logger.DebugContext(ctx, "error walking directory", "path", path, "error", err)
 			return fs.SkipDir
diff --git a/lib/service/awsoidc.go b/lib/service/awsoidc.go
index a733c85609570..872380aba5101 100644
--- a/lib/service/awsoidc.go
+++ b/lib/service/awsoidc.go
@@ -48,7 +48,7 @@ const (
 	maxConcurrentUpdates = 3
 )
 
-func (process *TeleportProcess) initAWSOIDCDeployServiceUpdater() error {
+func (process *TeleportProcess) initAWSOIDCDeployServiceUpdater(channels automaticupgrades.Channels) error {
 	// start process only after teleport process has started
 	if _, err := process.WaitForEvent(process.GracefulExitContext(), TeleportReadyEvent); err != nil {
 		return trace.Wrap(err)
@@ -68,11 +68,7 @@ func (process *TeleportProcess) initAWSOIDCDeployServiceUpdater() error {
 		return nil
 	}
 
-	// TODO: use the proxy channel if available?
-	// This would require to pass the proxy configuration there, but would avoid
-	// future inconsistencies: if the proxy is manually configured to serve a
-	// static version, it will not be picked up by the AWS OIDC deploy updater.
-	upgradeChannel, err := automaticupgrades.NewDefaultChannel()
+	upgradeChannel, err := channels.DefaultChannel()
 	if err != nil {
 		return trace.Wrap(err)
 	}
@@ -128,6 +124,10 @@ func (cfg *AWSOIDCDeployServiceUpdaterConfig) CheckAndSetDefaults() error {
 		return trace.BadParameter("teleport cluster version required")
 	}
 
+	if cfg.UpgradeChannel == nil {
+		return trace.BadParameter("automatic upgrades channel required")
+	}
+
 	if cfg.Log == nil {
 		cfg.Log = slog.Default().With(teleport.ComponentKey, teleport.Component(teleport.ComponentProxy, "aws_oidc_deploy_service_updater"))
 	}
@@ -307,7 +307,11 @@ func (updater *AWSOIDCDeployServiceUpdater) updateAWSOIDCDeployService(ctx conte
 		}
 	}()
 
-	updater.Log.DebugContext(ctx, "Updating AWS OIDC Deploy Service", "integration", integration.GetName(), "region", awsRegion)
+	updater.Log.DebugContext(ctx, "Updating AWS OIDC Deploy Service",
+		"integration", integration.GetName(),
+		"region", awsRegion,
+		"new_version", teleportVersion,
+	)
 	if err := awsoidc.UpdateDeployService(ctx, awsOIDCDeployServiceClient, updater.Log, awsoidc.UpdateServiceRequest{
 		TeleportClusterName: updater.TeleportClusterName,
 		TeleportVersionTag:  teleportVersion,
diff --git a/lib/service/service.go b/lib/service/service.go
index 9c452e8599016..cc3e455855635 100644
--- a/lib/service/service.go
+++ b/lib/service/service.go
@@ -1185,10 +1185,6 @@ func NewTeleport(cfg *servicecfg.Config) (*TeleportProcess, error) {
 		process.logger.InfoContext(process.ExitContext(), "Configured upgrade window exporter for external upgrader.", "kind", upgraderKind)
 	}
 
-	if process.Config.Proxy.Enabled {
-		process.RegisterFunc("update.aws-oidc.deploy.service", process.initAWSOIDCDeployServiceUpdater)
-	}
-
 	serviceStarted := false
 
 	if !cfg.DiagnosticAddr.IsEmpty() {
@@ -2333,7 +2329,7 @@ func (process *TeleportProcess) initAuthService() error {
 	})
 
 	process.RegisterFunc("auth.server_info", func() error {
-		return trace.Wrap(authServer.ReconcileServerInfos(process.GracefulExitContext()))
+		return trace.Wrap(auth.ReconcileServerInfos(process.GracefulExitContext(), authServer))
 	})
 	// execute this when process is asked to exit:
 	process.OnExit("auth.shutdown", func(payload any) {
@@ -3666,11 +3662,12 @@ func (process *TeleportProcess) getAdditionalPrincipals(role types.SystemRole) (
 }
 
 // initProxy gets called if teleport runs with 'proxy' role enabled.
-// this means it will do four things:
+// this means it will do several things:
 //  1. serve a web UI
 //  2. proxy SSH connections to nodes running with 'node' role
 //  3. take care of reverse tunnels
 //  4. optionally proxy kubernetes connections
+//  5. optionally check for automatic upgrades for deployments created by AWS OIDC integrations
 func (process *TeleportProcess) initProxy() error {
 	// If no TLS key was provided for the web listener, generate a self-signed cert
 	if len(process.Config.Proxy.KeyPairs) == 0 &&
@@ -3695,6 +3692,10 @@ func (process *TeleportProcess) initProxy() error {
 
 		return nil
 	})
+	process.RegisterFunc("update.aws-oidc.deploy.service", func() error {
+		err := process.initAWSOIDCDeployServiceUpdater(process.Config.Proxy.AutomaticUpgradesChannels)
+		return trace.Wrap(err)
+	})
 	return nil
 }
 
@@ -4754,7 +4755,7 @@ func (process *TeleportProcess) initProxyEndpoint(conn *Connector) error {
 		if cfg.Proxy.SSHAddr.Addr != "" {
 			sshListenerAddr = cfg.Proxy.SSHAddr.Addr
 		}
-		logger.InfoContext(process.ExitContext(), " Stating SSH proxy service", "version", teleport.Version, "git_ref", teleport.Gitref, "listen_address", sshListenerAddr)
+		logger.InfoContext(process.ExitContext(), " Starting SSH proxy service", "version", teleport.Version, "git_ref", teleport.Gitref, "listen_address", sshListenerAddr)
 
 		// start ssh server
 		go func() {
diff --git a/lib/service/service_test.go b/lib/service/service_test.go
index e68b0a90b21fd..b94d776627999 100644
--- a/lib/service/service_test.go
+++ b/lib/service/service_test.go
@@ -540,6 +540,16 @@ func TestAthenaAuditLogSetup(t *testing.T) {
 				require.True(t, ok, "invalid logger type, got %T", v)
 			},
 		},
+		{
+			name:          "valid athena config with disabled consumer",
+			uris:          []string{sampleAthenaURI + "&consumerDisabled=true"},
+			externalAudit: externalAuditStorageDisabled,
+			wantFn: func(t *testing.T, alog events.AuditLogger) {
+				v, ok := alog.(*athena.Log)
+				require.True(t, ok, "invalid logger type, got %T", v)
+				require.True(t, v.IsConsumerDisabled(), "consumer is not disabled")
+			},
+		},
 		{
 			name:          "config with rate limit - should use events.SearchEventsLimiter",
 			uris:          []string{sampleAthenaURI + "&limiterRefillAmount=3&limiterBurst=2"},
@@ -1775,12 +1785,16 @@ func TestInitDatabaseService(t *testing.T) {
 
 			cfg := servicecfg.MakeDefaultConfig()
 			cfg.DataDir = t.TempDir()
+			cfg.DebugService = servicecfg.DebugConfig{
+				Enabled: false,
+			}
 			cfg.Auth.StorageConfig.Params["path"] = t.TempDir()
 			cfg.Hostname = "default.example.com"
 			cfg.Auth.Enabled = true
 			cfg.SetAuthServerAddress(utils.NetAddr{AddrNetwork: "tcp", Addr: "127.0.0.1:0"})
 			cfg.Auth.ListenAddr = utils.NetAddr{AddrNetwork: "tcp", Addr: "127.0.0.1:0"}
 			cfg.Auth.StorageConfig.Params["path"] = t.TempDir()
+			cfg.Auth.SessionRecordingConfig.SetMode(types.RecordOff)
 			cfg.Proxy.Enabled = true
 			cfg.Proxy.DisableWebInterface = true
 			cfg.Proxy.WebAddr = utils.NetAddr{AddrNetwork: "tcp", Addr: "localhost:0"}
diff --git a/lib/services/access_checker.go b/lib/services/access_checker.go
index 9d78b2b49ba8c..8091ef220e39e 100644
--- a/lib/services/access_checker.go
+++ b/lib/services/access_checker.go
@@ -1035,6 +1035,7 @@ func (a *accessChecker) HostUsers(s types.Server) (*HostUsersInfo, error) {
 		}
 
 		createHostUserMode := role.GetOptions().CreateHostUserMode
+		//nolint:staticcheck // this field is preserved for existing deployments, but shouldn't be used going forward
 		createHostUser := role.GetOptions().CreateHostUser
 		if createHostUserMode == types.CreateHostUserMode_HOST_USER_MODE_UNSPECIFIED {
 			createHostUserMode = types.CreateHostUserMode_HOST_USER_MODE_OFF
diff --git a/lib/services/local/access.go b/lib/services/local/access.go
index 915ccd94d2eba..ffd1a6517a462 100644
--- a/lib/services/local/access.go
+++ b/lib/services/local/access.go
@@ -360,9 +360,9 @@ func (s *AccessService) DeleteAllLocks(ctx context.Context) error {
 func (s *AccessService) ReplaceRemoteLocks(ctx context.Context, clusterName string, newRemoteLocks []types.Lock) error {
 	return backend.RunWhileLocked(ctx, backend.RunWhileLockedConfig{
 		LockConfiguration: backend.LockConfiguration{
-			Backend:  s.Backend,
-			LockName: "ReplaceRemoteLocks/" + clusterName,
-			TTL:      time.Minute,
+			Backend:            s.Backend,
+			LockNameComponents: []string{"ReplaceRemoteLocks", clusterName},
+			TTL:                time.Minute,
 		},
 	}, func(ctx context.Context) error {
 		remoteLocksKey := backend.ExactKey(locksPrefix, clusterName)
diff --git a/lib/services/local/access_list.go b/lib/services/local/access_list.go
index 97317a4648999..3ad7dbb0f79ea 100644
--- a/lib/services/local/access_list.go
+++ b/lib/services/local/access_list.go
@@ -20,7 +20,6 @@ package local
 
 import (
 	"context"
-	"strings"
 	"time"
 
 	"github.com/google/go-cmp/cmp"
@@ -198,7 +197,7 @@ func (a *AccessListService) runOpWithLock(ctx context.Context, accessList *acces
 	action := updateAccessList
 	if !modules.GetModules().Features().GetEntitlement(entitlements.Identity).Enabled {
 		action = func() error {
-			err := a.service.RunWhileLocked(ctx, createAccessListLimitLockName, accessListLockTTL,
+			err := a.service.RunWhileLocked(ctx, []string{createAccessListLimitLockName}, accessListLockTTL,
 				func(ctx context.Context, _ backend.Backend) error {
 					if err := a.VerifyAccessListCreateLimit(ctx, accessList.GetName()); err != nil {
 						return trace.Wrap(err)
@@ -466,7 +465,7 @@ func (a *AccessListService) UpsertAccessListWithMembers(ctx context.Context, acc
 	action := reconcileMembers
 	if !modules.GetModules().Features().GetEntitlement(entitlements.Identity).Enabled {
 		action = func() error {
-			return a.service.RunWhileLocked(ctx, createAccessListLimitLockName, 2*accessListLockTTL,
+			return a.service.RunWhileLocked(ctx, []string{createAccessListLimitLockName}, 2*accessListLockTTL,
 				func(ctx context.Context, _ backend.Backend) error {
 					if err := a.VerifyAccessListCreateLimit(ctx, accessList.GetName()); err != nil {
 						return trace.Wrap(err)
@@ -651,8 +650,8 @@ func (a *AccessListService) DeleteAllAccessListReviews(ctx context.Context) erro
 	return trace.Wrap(a.reviewService.DeleteAllResources(ctx))
 }
 
-func lockName(accessListName string) string {
-	return strings.Join([]string{"access_list", accessListName}, string(backend.Separator))
+func lockName(accessListName string) []string {
+	return []string{"access_list", accessListName}
 }
 
 // VerifyAccessListCreateLimit ensures creating access list is limited to no more than 1 (updating is allowed).
diff --git a/lib/services/local/generic/generic.go b/lib/services/local/generic/generic.go
index 35c95058ba3ef..ba3a69d9afe85 100644
--- a/lib/services/local/generic/generic.go
+++ b/lib/services/local/generic/generic.go
@@ -256,8 +256,6 @@ func (s *Service[T]) ListResourcesWithFilter(ctx context.Context, pageSize int,
 		pageSize = int(s.pageLimit)
 	}
 
-	limit := pageSize + 1
-
 	var resources []T
 	var lastKey backend.Key
 	if err := backend.IterateRange(
@@ -265,7 +263,7 @@ func (s *Service[T]) ListResourcesWithFilter(ctx context.Context, pageSize int,
 		s.backend,
 		rangeStart,
 		rangeEnd,
-		limit,
+		pageSize+1,
 		func(items []backend.Item) (stop bool, err error) {
 			for _, item := range items {
 				resource, err := s.unmarshalFunc(item.Value, services.WithRevision(item.Revision), services.WithRevision(item.Revision))
@@ -275,12 +273,12 @@ func (s *Service[T]) ListResourcesWithFilter(ctx context.Context, pageSize int,
 				if matcher(resource) {
 					lastKey = item.Key
 					resources = append(resources, resource)
-				}
-				if len(resources) == pageSize {
-					break
+					if len(resources) >= pageSize+1 {
+						return true, nil
+					}
 				}
 			}
-			return limit == len(resources), nil
+			return false, nil
 		}); err != nil {
 		return nil, "", trace.Wrap(err)
 	}
@@ -498,14 +496,14 @@ func (s *Service[T]) MakeKey(name string) backend.Key {
 }
 
 // RunWhileLocked will run the given function in a backend lock. This is a wrapper around the backend.RunWhileLocked function.
-func (s *Service[T]) RunWhileLocked(ctx context.Context, lockName string, ttl time.Duration, fn func(context.Context, backend.Backend) error) error {
+func (s *Service[T]) RunWhileLocked(ctx context.Context, lockNameComponents []string, ttl time.Duration, fn func(context.Context, backend.Backend) error) error {
 	return trace.Wrap(backend.RunWhileLocked(ctx,
 		backend.RunWhileLockedConfig{
 			LockConfiguration: backend.LockConfiguration{
-				Backend:       s.backend,
-				LockName:      lockName,
-				TTL:           ttl,
-				RetryInterval: s.runWhileLockedRetryInterval,
+				Backend:            s.backend,
+				LockNameComponents: lockNameComponents,
+				TTL:                ttl,
+				RetryInterval:      s.runWhileLockedRetryInterval,
 			},
 		}, func(ctx context.Context) error {
 			return fn(ctx, s.backend)
diff --git a/lib/services/local/generic/generic_test.go b/lib/services/local/generic/generic_test.go
index b550be9b0dec6..9b761d2124dd8 100644
--- a/lib/services/local/generic/generic_test.go
+++ b/lib/services/local/generic/generic_test.go
@@ -20,11 +20,16 @@ package generic
 
 import (
 	"context"
+	"fmt"
+	"math/rand/v2"
+	"strconv"
+	"sync/atomic"
 	"testing"
 	"time"
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
+	"github.com/google/uuid"
 	"github.com/gravitational/trace"
 	"github.com/jonboulle/clockwork"
 	"github.com/stretchr/testify/require"
@@ -39,6 +44,7 @@ import (
 // testResource for testing the generic service.
 type testResource struct {
 	types.ResourceHeader
+	Spec testResourceSpec
 }
 
 func newTestResource(name string) *testResource {
@@ -56,6 +62,28 @@ func newTestResource(name string) *testResource {
 	return tr
 }
 
+type testResourceSpec struct {
+	PropA string
+}
+
+func newTestResourceWithSpec(name string, specPropA string) *testResource {
+	tr := &testResource{
+		ResourceHeader: types.ResourceHeader{
+			Metadata: types.Metadata{
+				Name: name,
+			},
+			Kind:    "test_resource",
+			Version: types.V1,
+		},
+		Spec: testResourceSpec{
+			PropA: specPropA,
+		},
+	}
+
+	tr.CheckAndSetDefaults()
+	return tr
+}
+
 // marshalResource marshals a generic resource.
 func marshalResource(resource *testResource, opts ...services.MarshalOption) ([]byte, error) {
 	if err := resource.CheckAndSetDefaults(); err != nil {
@@ -259,7 +287,7 @@ func TestGenericCRUD(t *testing.T) {
 	require.ErrorIs(t, err, trace.NotFound(`generic resource "doesnotexist" doesn't exist`))
 
 	// Test running while locked.
-	err = service.RunWhileLocked(ctx, "test-lock", time.Second*5, func(ctx context.Context, backend backend.Backend) error {
+	err = service.RunWhileLocked(ctx, []string{"test-lock"}, time.Second*5, func(ctx context.Context, backend backend.Backend) error {
 		item, err := backend.Get(ctx, service.MakeKey(r1.GetName()))
 		require.NoError(t, err)
 
@@ -436,6 +464,81 @@ func TestGenericListResourcesWithFilter(t *testing.T) {
 	require.Equal(t, "", nextKey)
 }
 
+func TestGenericListResourcesWithFilterForScale(t *testing.T) {
+	ctx := context.Background()
+
+	memBackend, err := memory.New(memory.Config{
+		Context: ctx,
+		Clock:   clockwork.NewFakeClock(),
+	})
+	require.NoError(t, err)
+
+	service, err := NewService(&ServiceConfig[*testResource]{
+		Backend:       memBackend,
+		ResourceKind:  "generic resource",
+		PageLimit:     200,
+		BackendPrefix: "my-prefix",
+		UnmarshalFunc: unmarshalResource,
+		MarshalFunc:   marshalResource,
+	})
+	require.NoError(t, err)
+
+	totalResourcesPerProp := 100
+	totalProps := 100
+	var totalResources []*testResource
+	for i := 0; i < totalResourcesPerProp; i++ {
+		for j := 0; j < totalProps; j++ {
+			r := newTestResourceWithSpec(uuid.NewString(), strconv.Itoa(j))
+			totalResources = append(totalResources, r)
+		}
+	}
+
+	r := rand.New(rand.NewPCG(uint64(82), uint64(123)))
+	r.Shuffle(len(totalResources), func(i, j int) {
+		totalResources[i], totalResources[j] = totalResources[j], totalResources[i]
+	})
+
+	for _, r := range totalResources {
+		_, err = service.UpsertResource(ctx, r)
+		require.NoError(t, err)
+	}
+
+	pageSizes := []int{1, 2, 3, 5, 7, 100_000}
+	for _, pageSize := range pageSizes {
+		testingProp := strconv.Itoa(r.IntN(totalProps))
+		t.Run(fmt.Sprintf("pageSize=%d,prop=%s", pageSize, testingProp), func(t *testing.T) {
+			var startingKey string
+			var foundResourcesPropAEquals []*testResource
+			for {
+				var totalMatchedElements atomic.Uint64
+				page, nextKey, err := service.ListResourcesWithFilter(ctx, pageSize, startingKey, func(r *testResource) bool {
+					if r.Spec.PropA == testingProp {
+						totalMatchedElements.Add(1)
+						return true
+					}
+
+					return false
+				})
+				require.NoError(t, err)
+				// At most, there's an extra comparison to ensure the next key is valid and there are actually more elements.
+				require.LessOrEqual(t, totalMatchedElements.Load(), uint64(pageSize+1))
+				foundResourcesPropAEquals = append(foundResourcesPropAEquals, page...)
+
+				// A page must never contain more items than the page size limit.
+				require.LessOrEqual(t, len(page), pageSize)
+				if nextKey == "" {
+					// A page can contain 0 elements but only when there's no matching elements.
+					// This is never true for our current test setup.
+					require.NotEmpty(t, page)
+					break
+				}
+				startingKey = nextKey
+			}
+			require.Len(t, foundResourcesPropAEquals, totalResourcesPerProp)
+		})
+	}
+}
+
 func TestGenericValidation(t *testing.T) {
 
 	ctx := context.Background()
diff --git a/lib/services/local/saml_idp_service_provider.go b/lib/services/local/saml_idp_service_provider.go
index 16299f40aff18..e57901e1a036e 100644
--- a/lib/services/local/saml_idp_service_provider.go
+++ b/lib/services/local/saml_idp_service_provider.go
@@ -143,7 +143,7 @@ func (s *SAMLIdPServiceProviderService) CreateSAMLIdPServiceProvider(ctx context
 		return trace.Wrap(err)
 	}
 
-	return trace.Wrap(s.svc.RunWhileLocked(ctx, samlIDPServiceProviderModifyLock, samlIDPServiceProviderModifyLockTTL,
+	return trace.Wrap(s.svc.RunWhileLocked(ctx, []string{samlIDPServiceProviderModifyLock}, samlIDPServiceProviderModifyLockTTL,
 		func(ctx context.Context, backend backend.Backend) error {
 			if err := s.ensureEntityIDIsUnique(ctx, sp); err != nil {
 				return trace.Wrap(err)
@@ -181,7 +181,7 @@ func (s *SAMLIdPServiceProviderService) UpdateSAMLIdPServiceProvider(ctx context
 		return trace.Wrap(err)
 	}
 
-	return trace.Wrap(s.svc.RunWhileLocked(ctx, samlIDPServiceProviderModifyLock, samlIDPServiceProviderModifyLockTTL,
+	return trace.Wrap(s.svc.RunWhileLocked(ctx, []string{samlIDPServiceProviderModifyLock}, samlIDPServiceProviderModifyLockTTL,
 		func(ctx context.Context, backend backend.Backend) error {
 			if err := s.ensureEntityIDIsUnique(ctx, sp); err != nil {
 				return trace.Wrap(err)
diff --git a/lib/services/local/user_task.go b/lib/services/local/user_task.go
index abb9ec60e937f..23495b109f028 100644
--- a/lib/services/local/user_task.go
+++ b/lib/services/local/user_task.go
@@ -58,6 +58,13 @@ func (s *UserTasksService) ListUserTasks(ctx context.Context, pagesize int64, la
 	return r, nextToken, trace.Wrap(err)
 }
 
+func (s *UserTasksService) ListUserTasksByIntegration(ctx context.Context, pagesize int64, lastKey string, integration string) ([]*usertasksv1.UserTask, string, error) {
+	r, nextToken, err := s.service.ListResourcesWithFilter(ctx, int(pagesize), lastKey, func(ut *usertasksv1.UserTask) bool {
+		return ut.GetSpec().GetIntegration() == integration
+	})
+	return r, nextToken, trace.Wrap(err)
+}
+
 func (s *UserTasksService) GetUserTask(ctx context.Context, name string) (*usertasksv1.UserTask, error) {
 	r, err := s.service.GetResource(ctx, name)
 	return r, trace.Wrap(err)
diff --git a/lib/services/local/users.go b/lib/services/local/users.go
index 436522c99441b..fa918503c6873 100644
--- a/lib/services/local/users.go
+++ b/lib/services/local/users.go
@@ -1235,6 +1235,10 @@ func (s *IdentityService) upsertUserStatusMFADevice(ctx context.Context, user st
 		user,
 		false, /*withSecrets*/
 		func(u types.User) (bool, error) {
+			// If the user already has the weakest device, don't update.
+			if u.GetWeakestDevice() == mfaState {
+				return false, nil
+			}
 			u.SetWeakestDevice(mfaState)
 			return true, nil
 		})
diff --git a/lib/services/local/users_test.go b/lib/services/local/users_test.go
index 6b0baf2039892..f5e33f50c372e 100644
--- a/lib/services/local/users_test.go
+++ b/lib/services/local/users_test.go
@@ -1362,6 +1362,7 @@ func TestWeakestMFADeviceKind(t *testing.T) {
 	got, err = identity.GetUser(ctx, "bob", false)
 	require.NoError(t, err)
 	require.Equal(t, types.MFADeviceKind_MFA_DEVICE_KIND_TOTP, got.GetWeakestDevice())
+	oldRevision := got.GetMetadata().Revision
 
 	u2fDev := &types.MFADevice{
 		Metadata: types.Metadata{
@@ -1382,6 +1383,7 @@ func TestWeakestMFADeviceKind(t *testing.T) {
 	got, err = identity.GetUser(ctx, "bob", false)
 	require.NoError(t, err)
 	require.Equal(t, types.MFADeviceKind_MFA_DEVICE_KIND_TOTP, got.GetWeakestDevice())
+	require.Equal(t, oldRevision, got.GetMetadata().Revision, "revision should not change")
 
 	// Create webauthn device but state should still be MFA_DEVICE_KIND_TOTP
 	// because it shows the weakest state.
@@ -1408,6 +1410,7 @@ func TestWeakestMFADeviceKind(t *testing.T) {
 	got, err = identity.GetUser(ctx, "bob", false)
 	require.NoError(t, err)
 	require.Equal(t, types.MFADeviceKind_MFA_DEVICE_KIND_TOTP, got.GetWeakestDevice())
+	require.Equal(t, oldRevision, got.GetMetadata().Revision, "revision should not change")
 
 	// Delete the TOTP device and the state should be MFA_DEVICE_KIND_WEBAUTHN
 	err = identity.DeleteMFADevice(ctx, "bob", totpDevice.Id)
@@ -1416,6 +1419,7 @@ func TestWeakestMFADeviceKind(t *testing.T) {
 	got, err = identity.GetUser(ctx, "bob", false)
 	require.NoError(t, err)
 	require.Equal(t, types.MFADeviceKind_MFA_DEVICE_KIND_WEBAUTHN, got.GetWeakestDevice())
+	oldRevision = got.GetMetadata().Revision
 
 	// Delete the U2F device and the state should be MFA_DEVICE_KIND_WEBAUTHN
 	err = identity.DeleteMFADevice(ctx, "bob", u2fDev.Id)
@@ -1424,6 +1428,7 @@ func TestWeakestMFADeviceKind(t *testing.T) {
 	got, err = identity.GetUser(ctx, "bob", false)
 	require.NoError(t, err)
 	require.Equal(t, types.MFADeviceKind_MFA_DEVICE_KIND_WEBAUTHN, got.GetWeakestDevice())
+	require.Equal(t, oldRevision, got.GetMetadata().Revision, "revision should not change")
 
 	// Delete the Webauthn device and the state should be MFA_DEVICE_KIND_UNSET
 	err = identity.DeleteMFADevice(ctx, "bob", webauthnDevice.Id)
diff --git a/lib/services/user_task.go b/lib/services/user_task.go
index 64f3ae2d54c6c..892794fb514c0 100644
--- a/lib/services/user_task.go
+++ b/lib/services/user_task.go
@@ -34,6 +34,8 @@ type UserTasks interface {
 	GetUserTask(ctx context.Context, name string) (*usertasksv1.UserTask, error)
 	// ListUserTasks returns the user tasks resources.
 	ListUserTasks(ctx context.Context, pageSize int64, nextToken string) ([]*usertasksv1.UserTask, string, error)
+	// ListUserTasksByIntegration returns the user tasks resources filtered by integration.
+	ListUserTasksByIntegration(ctx context.Context, pageSize int64, nextToken string, integration string) ([]*usertasksv1.UserTask, string, error)
 	// UpdateUserTask updates the user tasks resource.
 	UpdateUserTask(context.Context, *usertasksv1.UserTask) (*usertasksv1.UserTask, error)
 	// DeleteUserTask deletes the user tasks resource by name.
diff --git a/lib/srv/app/aws/handler.go b/lib/srv/app/aws/handler.go
index f98b3222891a7..8e2d0933bb441 100644
--- a/lib/srv/app/aws/handler.go
+++ b/lib/srv/app/aws/handler.go
@@ -22,6 +22,7 @@ import (
 	"bytes"
 	"context"
 	"io"
+	"log/slog"
 	"net/http"
 	"net/url"
 	"strings"
@@ -53,8 +54,12 @@ type signerHandler struct {
 
 // SignerHandlerConfig is the awsSignerHandler configuration.
 type SignerHandlerConfig struct {
+	// LegacyLogger is the old logger.
+	// Should be removed gradually.
+	// Deprecated: use Log instead.
+	LegacyLogger logrus.FieldLogger
 	// Log is a logger for the handler.
-	Log logrus.FieldLogger
+	Log *slog.Logger
 	// RoundTripper is an http.RoundTripper instance used for requests.
 	RoundTripper http.RoundTripper
 	// SigningService is used to sign requests before forwarding them.
@@ -77,8 +82,11 @@ func (cfg *SignerHandlerConfig) CheckAndSetDefaults() error {
 		}
 		cfg.RoundTripper = tr
 	}
+	if cfg.LegacyLogger == nil {
+		cfg.LegacyLogger = logrus.WithField(teleport.ComponentKey, "aws:signer")
+	}
 	if cfg.Log == nil {
-		cfg.Log = logrus.WithField(teleport.ComponentKey, "aws:signer")
+		cfg.Log = slog.With(teleport.ComponentKey, "aws:signer")
 	}
 	if cfg.Clock == nil {
 		cfg.Clock = clockwork.NewRealClock()
@@ -106,7 +114,7 @@ func NewAWSSignerHandler(ctx context.Context, config SignerHandlerConfig) (http.
 	var err error
 	handler.fwd, err = reverseproxy.New(
 		reverseproxy.WithRoundTripper(config.RoundTripper),
-		reverseproxy.WithLogger(config.Log),
+		reverseproxy.WithLogger(config.LegacyLogger),
 		reverseproxy.WithErrorHandler(handler.formatForwardResponseError),
 	)
 
@@ -115,7 +123,7 @@ func NewAWSSignerHandler(ctx context.Context, config SignerHandlerConfig) (http.
 
 // formatForwardResponseError converts an error to a status code and writes the code to a response.
 func (s *signerHandler) formatForwardResponseError(rw http.ResponseWriter, r *http.Request, err error) {
-	s.Log.WithError(err).Debugf("Failed to process request.")
+	s.Log.DebugContext(r.Context(), "Failed to process request", "error", err)
 	common.SetTeleportAPIErrorHeader(rw, err)
 
 	// Convert trace error type to HTTP and write response.
@@ -217,7 +225,7 @@ func (s *signerHandler) emitAudit(sessCtx *common.SessionContext, req *http.Requ
 	}
 	if auditErr != nil {
 		// log but don't return the error, because we already handed off request/response handling to the oxy forwarder.
-		s.Log.WithError(auditErr).Warn("Failed to emit audit event.")
+		s.Log.WarnContext(req.Context(), "Failed to emit audit event.", "error", auditErr)
 	}
 }
 
diff --git a/lib/srv/app/azure/credential.go b/lib/srv/app/azure/credential.go
index fede72eb6f37b..e653bb2a2917f 100644
--- a/lib/srv/app/azure/credential.go
+++ b/lib/srv/app/azure/credential.go
@@ -89,7 +89,7 @@ func findDefaultCredentialProvider(ctx context.Context, logger *slog.Logger) (cr
 	defaultWorkloadIdentity, err := azidentity.NewWorkloadIdentityCredential(nil)
 	if err != nil {
 		// If no workload identity is found, fall back to regular managed identity.
-		logger.With("error", err).DebugContext(ctx, "Failed to load azure workload identity.")
+		logger.DebugContext(ctx, "Failed to load azure workload identity.", "error", err)
 		logger.InfoContext(ctx, "Using azure managed identity.")
 		return managedIdentityCredentialProvider{}, nil
 	}
diff --git a/lib/srv/app/azure/handler.go b/lib/srv/app/azure/handler.go
index d405a59a9422e..0affaef32e6e8 100644
--- a/lib/srv/app/azure/handler.go
+++ b/lib/srv/app/azure/handler.go
@@ -51,11 +51,12 @@ const ComponentKey = "azure:fwd"
 type HandlerConfig struct {
 	// RoundTripper is the underlying transport given to an oxy Forwarder.
 	RoundTripper http.RoundTripper
-	// Log is the Logger.
-	// TODO(greedy52) replace with slog.
-	Log logrus.FieldLogger
-	// Logger is the slog.Logger.
-	Logger *slog.Logger
+	// LegacyLogger is the old logger.
+	// Should be removed gradually.
+	// Deprecated: use Log instead.
+	LegacyLogger logrus.FieldLogger
+	// Log is a logger for the handler.
+	Log *slog.Logger
 	// Clock is used to override time in tests.
 	Clock clockwork.Clock
 
@@ -75,14 +76,14 @@ func (s *HandlerConfig) CheckAndSetDefaults(ctx context.Context) error {
 	if s.Clock == nil {
 		s.Clock = clockwork.NewRealClock()
 	}
-	if s.Log == nil {
-		s.Log = logrus.WithField(teleport.ComponentKey, ComponentKey)
+	if s.LegacyLogger == nil {
+		s.LegacyLogger = logrus.WithField(teleport.ComponentKey, ComponentKey)
 	}
-	if s.Logger == nil {
-		s.Logger = slog.Default().With(teleport.ComponentKey, ComponentKey)
+	if s.Log == nil {
+		s.Log = slog.With(teleport.ComponentKey, ComponentKey)
 	}
 	if s.getAccessToken == nil {
-		s.getAccessToken = lazyGetAccessTokenFromDefaultCredentialProvider(s.Logger)
+		s.getAccessToken = lazyGetAccessTokenFromDefaultCredentialProvider(s.Log)
 	}
 	return nil
 }
@@ -127,7 +128,7 @@ func newAzureHandler(ctx context.Context, config HandlerConfig) (*handler, error
 
 	svc.fwd, err = reverseproxy.New(
 		reverseproxy.WithRoundTripper(config.RoundTripper),
-		reverseproxy.WithLogger(config.Log),
+		reverseproxy.WithLogger(config.LegacyLogger),
 		reverseproxy.WithErrorHandler(svc.formatForwardResponseError),
 	)
 
@@ -161,13 +162,13 @@ func (s *handler) serveHTTP(w http.ResponseWriter, req *http.Request) error {
 
 	if err := sessionCtx.Audit.OnRequest(req.Context(), sessionCtx, fwdRequest, status, nil); err != nil {
 		// log but don't return the error, because we already handed off request/response handling to the oxy forwarder.
-		s.Log.WithError(err).Warn("Failed to emit audit event.")
+		s.Log.WarnContext(req.Context(), "Failed to emit audit event.", "error", err)
 	}
 	return nil
 }
 
 func (s *handler) formatForwardResponseError(rw http.ResponseWriter, r *http.Request, err error) {
-	s.Log.WithError(err).Debugf("Failed to process request.")
+	s.Log.DebugContext(r.Context(), "Failed to process request.", "error", err)
 	common.SetTeleportAPIErrorHeader(rw, err)
 
 	// Convert trace error type to HTTP and write response.
@@ -224,7 +225,7 @@ func getPeerKey(certs []*x509.Certificate) (crypto.PublicKey, error) {
 func (s *handler) replaceAuthHeaders(r *http.Request, sessionCtx *common.SessionContext, reqCopy *http.Request) error {
 	auth := reqCopy.Header.Get("Authorization")
 	if auth == "" {
-		s.Log.Debugf("No Authorization header present, skipping replacement.")
+		s.Log.DebugContext(r.Context(), "No Authorization header present, skipping replacement.")
 		return nil
 	}
 
@@ -238,7 +239,11 @@ func (s *handler) replaceAuthHeaders(r *http.Request, sessionCtx *common.Session
 		return trace.Wrap(err, "failed to parse Authorization header")
 	}
 
-	s.Log.Debugf("Processing request, sessionId = %q, azureIdentity = %q, claims = %v", sessionCtx.Identity.RouteToApp.SessionID, sessionCtx.Identity.RouteToApp.AzureIdentity, claims)
+	s.Log.DebugContext(r.Context(), "Processing request.",
+		"session_id", sessionCtx.Identity.RouteToApp.SessionID,
+		"azure_identity", sessionCtx.Identity.RouteToApp.AzureIdentity,
+		"claims", claims,
+	)
 	token, err := s.getToken(r.Context(), sessionCtx.Identity.RouteToApp.AzureIdentity, claims.Resource)
 	if err != nil {
 		return trace.Wrap(err)
diff --git a/lib/srv/app/cloud.go b/lib/srv/app/cloud.go
index 3675bc14910ed..0196cdff2faa0 100644
--- a/lib/srv/app/cloud.go
+++ b/lib/srv/app/cloud.go
@@ -35,9 +35,7 @@ import (
 	awssession "github.com/aws/aws-sdk-go/aws/session"
 	"github.com/gravitational/trace"
 	"github.com/jonboulle/clockwork"
-	"github.com/sirupsen/logrus"
 
-	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/constants"
 	"github.com/gravitational/teleport/lib/tlsca"
 	awsutils "github.com/gravitational/teleport/lib/utils/aws"
@@ -110,7 +108,6 @@ func (c *CloudConfig) CheckAndSetDefaults() error {
 
 type cloud struct {
 	cfg CloudConfig
-	log logrus.FieldLogger
 }
 
 // NewCloud creates a new cloud service.
@@ -120,7 +117,6 @@ func NewCloud(cfg CloudConfig) (Cloud, error) {
 	}
 	return &cloud{
 		cfg: cfg,
-		log: logrus.WithField(teleport.ComponentKey, "cloud"),
 	}, nil
 }
 
diff --git a/lib/srv/app/common/audit.go b/lib/srv/app/common/audit.go
index 4b6a465b2b52b..2c745be2b3495 100644
--- a/lib/srv/app/common/audit.go
+++ b/lib/srv/app/common/audit.go
@@ -20,11 +20,11 @@ package common
 
 import (
 	"context"
+	"log/slog"
 	"net/http"
 
 	"github.com/aws/aws-sdk-go/aws/endpoints"
 	"github.com/gravitational/trace"
-	"github.com/sirupsen/logrus"
 
 	"github.com/gravitational/teleport"
 	apidefaults "github.com/gravitational/teleport/api/defaults"
@@ -75,7 +75,7 @@ type audit struct {
 	// cfg is the audit events emitter configuration.
 	cfg AuditConfig
 	// log is used for logging
-	log logrus.FieldLogger
+	log *slog.Logger
 }
 
 // NewAudit returns a new instance of the audit events emitter.
@@ -85,7 +85,7 @@ func NewAudit(config AuditConfig) (Audit, error) {
 	}
 	return &audit{
 		cfg: config,
-		log: logrus.WithField(teleport.ComponentKey, "app:audit"),
+		log: slog.With(teleport.ComponentKey, "app:audit"),
 	}, nil
 }
 
@@ -199,7 +199,7 @@ func (a *audit) OnDynamoDBRequest(ctx context.Context, sessionCtx *SessionContex
 	// If this fails, we still want to emit the rest of the event info; the request event Body is nullable, so it's ok if body is left nil here.
 	body, err := awsutils.UnmarshalRequestBody(req)
 	if err != nil {
-		a.log.WithError(err).Warn("Failed to read request body as JSON, omitting the body from the audit event.")
+		a.log.WarnContext(ctx, "Failed to read request body as JSON, omitting the body from the audit event.", "error", err)
 	}
 	// get the API target from the request header, according to the API request format documentation:
 	// https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Programming.LowLevelAPI.html#Programming.LowLevelAPI.RequestFormat
diff --git a/lib/srv/app/connections_handler.go b/lib/srv/app/connections_handler.go
index 179f6e4bec284..ca034770c1e51 100644
--- a/lib/srv/app/connections_handler.go
+++ b/lib/srv/app/connections_handler.go
@@ -225,7 +225,7 @@ func NewConnectionsHandler(closeContext context.Context, cfg *ConnectionsHandler
 	}
 
 	azureHandler, err := appazure.NewAzureHandler(closeContext, appazure.HandlerConfig{
-		Logger: cfg.Logger.With(teleport.ComponentKey, appazure.ComponentKey),
+		Log: cfg.Logger.With(teleport.ComponentKey, appazure.ComponentKey),
 	})
 	if err != nil {
 		return nil, trace.Wrap(err)
@@ -755,6 +755,9 @@ func (c *ConnectionsHandler) deleteConnAuth(conn net.Conn) {
 // for Teleport application proxy servers.
 func CopyAndConfigureTLS(log logrus.FieldLogger, client authclient.AccessCache, config *tls.Config) *tls.Config {
 	tlsConfig := config.Clone()
+	if log == nil {
+		log = logrus.StandardLogger()
+	}
 
 	// Require clients to present a certificate
 	tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert
diff --git a/lib/srv/app/gcp/handler.go b/lib/srv/app/gcp/handler.go
index c0e7b8ff64611..ebafa0faf07cc 100644
--- a/lib/srv/app/gcp/handler.go
+++ b/lib/srv/app/gcp/handler.go
@@ -22,6 +22,7 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	"log/slog"
 	"net/http"
 	"time"
 
@@ -68,8 +69,12 @@ var _ cloudClientGCP = (*cloudClientGCPImpl[iamCredentialsClient])(nil)
 type HandlerConfig struct {
 	// RoundTripper is the underlying transport given to an oxy Forwarder.
 	RoundTripper http.RoundTripper
-	// Log is the Logger.
-	Log logrus.FieldLogger
+	// LegacyLogger is the old logger.
+	// Should be removed gradually.
+	// Deprecated: use Log instead.
+	LegacyLogger logrus.FieldLogger
+	// Log is a logger for the handler.
+	Log *slog.Logger
 	// Clock is used to override time in tests.
 	Clock clockwork.Clock
 	// cloudClientGCP holds a reference to GCP IAM client. Normally set in CheckAndSetDefaults, it is overridden in tests.
@@ -89,7 +94,10 @@ func (s *HandlerConfig) CheckAndSetDefaults() error {
 		s.Clock = clockwork.NewRealClock()
 	}
 	if s.Log == nil {
-		s.Log = logrus.WithField(teleport.ComponentKey, "gcp:fwd")
+		s.Log = slog.With(teleport.ComponentKey, "gcp:fwd")
+	}
+	if s.LegacyLogger == nil {
+		s.LegacyLogger = logrus.WithField(teleport.ComponentKey, "gcp:fwd")
 	}
 	if s.cloudClientGCP == nil {
 		clients, err := cloud.NewClients()
@@ -141,7 +149,7 @@ func newGCPHandler(ctx context.Context, config HandlerConfig) (*handler, error)
 
 	svc.fwd, err = reverseproxy.New(
 		reverseproxy.WithRoundTripper(config.RoundTripper),
-		reverseproxy.WithLogger(config.Log),
+		reverseproxy.WithLogger(config.LegacyLogger),
 		reverseproxy.WithErrorHandler(svc.formatForwardResponseError),
 	)
 	return svc, trace.Wrap(err)
@@ -164,7 +172,10 @@ func (s *handler) serveHTTP(w http.ResponseWriter, req *http.Request) error {
 	if err != nil {
 		return trace.Wrap(err)
 	}
-	s.Log.Debugf("Processing request, sessionId = %q, gcpServiceAccount = %q", sessionCtx.Identity.RouteToApp.SessionID, sessionCtx.Identity.RouteToApp.GCPServiceAccount)
+	s.Log.DebugContext(req.Context(), "Processing request",
+		"session_id", sessionCtx.Identity.RouteToApp.SessionID,
+		"gcp_service_account", sessionCtx.Identity.RouteToApp.GCPServiceAccount,
+	)
 
 	fwdRequest, err := s.prepareForwardRequest(req, sessionCtx)
 	if err != nil {
@@ -176,13 +187,13 @@ func (s *handler) serveHTTP(w http.ResponseWriter, req *http.Request) error {
 
 	if err := sessionCtx.Audit.OnRequest(req.Context(), sessionCtx, fwdRequest, status, nil); err != nil {
 		// log but don't return the error, because we already handed off request/response handling to the oxy forwarder.
-		s.Log.WithError(err).Warn("Failed to emit audit event.")
+		s.Log.WarnContext(req.Context(), "Failed to emit audit event.", "error", err)
 	}
 	return nil
 }
 
 func (s *handler) formatForwardResponseError(rw http.ResponseWriter, r *http.Request, err error) {
-	s.Log.WithError(err).Debugf("Failed to process request.")
+	s.Log.DebugContext(r.Context(), "Failed to process request.", "error", err)
 	common.SetTeleportAPIErrorHeader(rw, err)
 
 	// Convert trace error type to HTTP and write response.
@@ -224,7 +235,7 @@ func (s *handler) prepareForwardRequest(r *http.Request, sessionCtx *common.Sess
 func (s *handler) replaceAuthHeaders(r *http.Request, sessionCtx *common.SessionContext, reqCopy *http.Request) error {
 	auth := reqCopy.Header.Get("Authorization")
 	if auth == "" {
-		s.Log.Debugf("No Authorization header present, skipping replacement.")
+		s.Log.DebugContext(r.Context(), "No Authorization header present, skipping replacement.")
 		return nil
 	}
 
diff --git a/lib/srv/app/server.go b/lib/srv/app/server.go
index 0a248bc941018..83684289cdb3b 100644
--- a/lib/srv/app/server.go
+++ b/lib/srv/app/server.go
@@ -23,6 +23,7 @@ package app
 
 import (
 	"context"
+	"log/slog"
 	"net"
 	"sync"
 
@@ -131,8 +132,9 @@ func (c *Config) CheckAndSetDefaults() error {
 // Server is an application server. It authenticates requests from the web
 // proxy and forwards th to internal applications.
 type Server struct {
-	c   *Config
-	log *logrus.Entry
+	c         *Config
+	legacyLog *logrus.Entry
+	log       *slog.Logger
 
 	closeContext context.Context
 	closeFunc    context.CancelFunc
@@ -199,9 +201,10 @@ func New(ctx context.Context, c *Config) (*Server, error) {
 	s := &Server{
 		c: c,
 		// TODO(greedy52) replace with slog from Config.Logger.
-		log: logrus.WithFields(logrus.Fields{
+		legacyLog: logrus.WithFields(logrus.Fields{
 			teleport.ComponentKey: teleport.ComponentApp,
 		}),
+		log:           slog.With(teleport.ComponentKey, teleport.ComponentApp),
 		heartbeats:    make(map[string]srv.HeartbeatI),
 		dynamicLabels: make(map[string]*labels.Dynamic),
 		apps:          make(map[string]types.Application),
@@ -231,7 +234,7 @@ func (s *Server) startApp(ctx context.Context, app types.Application) error {
 	if err := s.startHeartbeat(ctx, app); err != nil {
 		return trace.Wrap(err)
 	}
-	s.log.Debugf("Started %v.", app)
+	s.log.DebugContext(ctx, "App started.", "app", app)
 	return nil
 }
 
@@ -241,7 +244,7 @@ func (s *Server) stopApp(ctx context.Context, name string) error {
 	if err := s.stopHeartbeat(name); err != nil {
 		return trace.Wrap(err)
 	}
-	s.log.Debugf("Stopped app %q.", name)
+	s.log.DebugContext(ctx, "App stopped.", "app", name)
 	return nil
 }
 
@@ -365,7 +368,7 @@ func (s *Server) getServerInfo(app types.Application) (*types.AppServerV3, error
 func (s *Server) getRotationState() types.Rotation {
 	rotation, err := s.c.GetRotation(types.RoleApp)
 	if err != nil && !trace.IsNotFound(err) && !trace.IsConnectionProblem(err) {
-		s.log.WithError(err).Warn("Failed to get rotation state.")
+		s.log.WarnContext(s.closeContext, "Failed to get rotation state.", "error", err)
 	}
 	if rotation != nil {
 		return *rotation
@@ -488,21 +491,21 @@ func (s *Server) close(ctx context.Context) error {
 		}
 
 		if heartbeat != nil {
-			log := s.log.WithField("app", name)
-			log.Debug("Stopping app")
+			log := s.log.With("app", name)
+			log.DebugContext(ctx, "Stopping app")
 			if err := heartbeat.Close(); err != nil {
-				log.WithError(err).Warn("Failed to stop app.")
+				log.WarnContext(ctx, "Failed to stop app.", "error", err)
 			} else {
-				log.Debug("Stopped app")
+				log.DebugContext(ctx, "Stopped app")
 			}
 
 			if shouldDeleteApps {
 				g.Go(func() error {
-					log.Debug("Deleting app")
+					log.DebugContext(ctx, "Deleting app")
 					if err := s.removeAppServer(gctx, name); err != nil {
-						log.WithError(err).Warn("Failed to delete app.")
+						log.WarnContext(ctx, "Failed to delete app.", "error", err)
 					} else {
-						log.Debug("Deleted app")
+						log.DebugContext(ctx, "Deleted app")
 					}
 					return nil
 				})
@@ -512,7 +515,7 @@ func (s *Server) close(ctx context.Context) error {
 	s.mu.RUnlock()
 
 	if err := g.Wait(); err != nil {
-		s.log.WithError(err).Warn("Deleting all apps failed")
+		s.log.WarnContext(ctx, "Deleting all apps failed", "error", err)
 	}
 
 	s.mu.Lock()
diff --git a/lib/srv/app/session.go b/lib/srv/app/session.go
index 8574501041d79..f1b53f3994f8f 100644
--- a/lib/srv/app/session.go
+++ b/lib/srv/app/session.go
@@ -21,6 +21,7 @@ package app
 import (
 	"context"
 	"errors"
+	"log/slog"
 	"net/http"
 	"sync"
 	"time"
@@ -83,7 +84,9 @@ type sessionChunk struct {
 	// for ~7 minutes at most.
 	closeTimeout time.Duration
 
-	log *logrus.Entry
+	log *slog.Logger
+
+	legacyLogger *logrus.Entry
 }
 
 // sessionOpt defines an option function for creating sessionChunk.
@@ -99,10 +102,11 @@ func (c *ConnectionsHandler) newSessionChunk(ctx context.Context, identity *tlsc
 		closeC:       make(chan struct{}),
 		inflightCond: sync.NewCond(&sync.Mutex{}),
 		closeTimeout: sessionChunkCloseTimeout,
-		log:          c.legacyLogger,
+		log:          c.log,
+		legacyLogger: c.legacyLogger,
 	}
 
-	sess.log.Debugf("Creating app session chunk %s", sess.id)
+	sess.log.DebugContext(ctx, "Creating app session chunk", "session_id", sess.id)
 
 	// Create a session tracker so that other services, such as the
 	// session upload completer, can track the session chunk's lifetime.
@@ -139,7 +143,7 @@ func (c *ConnectionsHandler) newSessionChunk(ctx context.Context, identity *tlsc
 		return nil, trace.Wrap(err)
 	}
 
-	sess.log.Debugf("Created app session chunk %s", sess.id)
+	sess.log.DebugContext(ctx, "Created app session chunk", "session_id", sess.id)
 	return sess, nil
 }
 
@@ -188,7 +192,7 @@ func (c *ConnectionsHandler) withJWTTokenForwarder(ctx context.Context, sess *se
 			cipherSuites: c.cfg.CipherSuites,
 			jwt:          jwt,
 			traits:       traits,
-			log:          c.legacyLogger,
+			log:          c.log,
 		})
 	if err != nil {
 		return trace.Wrap(err)
@@ -198,7 +202,7 @@ func (c *ConnectionsHandler) withJWTTokenForwarder(ctx context.Context, sess *se
 	sess.handler, err = reverseproxy.New(
 		reverseproxy.WithFlushInterval(100*time.Millisecond),
 		reverseproxy.WithRoundTripper(transport),
-		reverseproxy.WithLogger(sess.log),
+		reverseproxy.WithLogger(sess.legacyLogger),
 		reverseproxy.WithRewriter(common.NewHeaderRewriter(delegate)),
 	)
 	if err != nil {
@@ -262,16 +266,22 @@ func (s *sessionChunk) close(ctx context.Context) error {
 		if s.inflight == 0 {
 			break
 		} else if time.Now().After(deadline) {
-			s.log.Debugf("Timeout expired, forcibly closing session chunk %s, inflight requests: %d", s.id, s.inflight)
+			s.log.DebugContext(ctx, "Timeout expired, forcibly closing session chunk",
+				"session_id", s.id,
+				"inflight_requests", s.inflight,
+			)
 			break
 		}
-		s.log.Debugf("Inflight requests: %d, waiting to close session chunk %s", s.inflight, s.id)
+		s.log.DebugContext(ctx, "Waiting to close session chunk",
+			"session_id", s.id,
+			"inflight_requests", s.inflight,
+		)
 		s.inflightCond.Wait()
 	}
 	s.inflight = -1
 	s.inflightCond.L.Unlock()
 	close(s.closeC)
-	s.log.Debugf("Closed session chunk %s", s.id)
+	s.log.DebugContext(ctx, "Closed session chunk", "session_id", s.id)
 	return trace.Wrap(s.streamCloser.Close(ctx))
 }
 
diff --git a/lib/srv/app/session_test.go b/lib/srv/app/session_test.go
index f6b94552c8fb2..d76fdcb6a9a22 100644
--- a/lib/srv/app/session_test.go
+++ b/lib/srv/app/session_test.go
@@ -29,6 +29,7 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/gravitational/teleport/lib/events"
+	"github.com/gravitational/teleport/lib/utils"
 )
 
 func newSessionChunk(timeout time.Duration) *sessionChunk {
@@ -37,7 +38,8 @@ func newSessionChunk(timeout time.Duration) *sessionChunk {
 		closeC:       make(chan struct{}),
 		inflightCond: sync.NewCond(&sync.Mutex{}),
 		closeTimeout: timeout,
-		log:          logrus.NewEntry(logrus.StandardLogger()),
+		legacyLogger: logrus.NewEntry(logrus.StandardLogger()),
+		log:          utils.NewSlogLoggerForTests(),
 		streamCloser: events.NewDiscardRecorder(),
 	}
 }
diff --git a/lib/srv/app/transport.go b/lib/srv/app/transport.go
index cb545acb0846d..d019af70dbe9f 100644
--- a/lib/srv/app/transport.go
+++ b/lib/srv/app/transport.go
@@ -21,6 +21,7 @@ package app
 import (
 	"context"
 	"crypto/tls"
+	"log/slog"
 	"net"
 	"net/http"
 	"net/url"
@@ -28,7 +29,6 @@ import (
 	"slices"
 
 	"github.com/gravitational/trace"
-	"github.com/sirupsen/logrus"
 
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/types"
@@ -47,7 +47,7 @@ type transportConfig struct {
 	cipherSuites []uint16
 	jwt          string
 	traits       wrappers.Traits
-	log          logrus.FieldLogger
+	log          *slog.Logger
 }
 
 // Check validates configuration.
@@ -62,7 +62,7 @@ func (c *transportConfig) Check() error {
 		return trace.BadParameter("jwt missing")
 	}
 	if c.log == nil {
-		c.log = logrus.WithField(teleport.ComponentKey, "transport")
+		c.log = slog.With(teleport.ComponentKey, "transport")
 	}
 
 	return nil
@@ -185,12 +185,15 @@ func rewriteHeaders(r *http.Request, c *transportConfig) {
 	}
 	for _, header := range c.app.GetRewrite().Headers {
 		if common.IsReservedHeader(header.Name) {
-			c.log.Debugf("Not rewriting Teleport header %q.", header.Name)
+			c.log.DebugContext(r.Context(), "Not rewriting Teleport reserved header", "header_name", header.Name)
 			continue
 		}
 		values, err := services.ApplyValueTraits(header.Value, c.traits)
 		if err != nil {
-			c.log.Debugf("Failed to apply traits to %q: %v.", header.Value, err)
+			c.log.DebugContext(r.Context(), "Failed to apply traits",
+				"header_value", header.Value,
+				"error", err,
+			)
 			continue
 		}
 		r.Header.Del(header.Name)
diff --git a/lib/srv/app/watcher.go b/lib/srv/app/watcher.go
index 280a37882ab9d..ff6541436478a 100644
--- a/lib/srv/app/watcher.go
+++ b/lib/srv/app/watcher.go
@@ -40,7 +40,7 @@ func (s *Server) startReconciler(ctx context.Context) error {
 		OnCreate:            s.onCreate,
 		OnUpdate:            s.onUpdate,
 		OnDelete:            s.onDelete,
-		Log:                 s.log,
+		Log:                 s.legacyLog,
 	})
 	if err != nil {
 		return trace.Wrap(err)
@@ -50,12 +50,12 @@ func (s *Server) startReconciler(ctx context.Context) error {
 			select {
 			case <-s.reconcileCh:
 				if err := reconciler.Reconcile(ctx); err != nil {
-					s.log.WithError(err).Error("Failed to reconcile.")
+					s.log.ErrorContext(ctx, "Failed to reconcile.", "error", err)
 				} else if s.c.OnReconcile != nil {
 					s.c.OnReconcile(s.getApps())
 				}
 			case <-ctx.Done():
-				s.log.Debug("Reconciler done.")
+				s.log.DebugContext(ctx, "Reconciler done.")
 				return
 			}
 		}
@@ -67,14 +67,14 @@ func (s *Server) startReconciler(ctx context.Context) error {
 // registers/unregisters the proxied applications accordingly.
 func (s *Server) startResourceWatcher(ctx context.Context) (*services.AppWatcher, error) {
 	if len(s.c.ResourceMatchers) == 0 {
-		s.log.Debug("Not initializing application resource watcher.")
+		s.log.DebugContext(ctx, "Not initializing application resource watcher.")
 		return nil, nil
 	}
-	s.log.Debug("Initializing application resource watcher.")
+	s.log.DebugContext(ctx, "Initializing application resource watcher.")
 	watcher, err := services.NewAppWatcher(ctx, services.AppWatcherConfig{
 		ResourceWatcherConfig: services.ResourceWatcherConfig{
 			Component: teleport.ComponentApp,
-			Log:       s.log,
+			Log:       s.legacyLog,
 			Client:    s.c.AccessPoint,
 		},
 	})
@@ -97,7 +97,7 @@ func (s *Server) startResourceWatcher(ctx context.Context) (*services.AppWatcher
 					return
 				}
 			case <-ctx.Done():
-				s.log.Debug("Application resource watcher done.")
+				s.log.DebugContext(ctx, "Application resource watcher done.")
 				return
 			}
 		}
@@ -115,7 +115,10 @@ func (s *Server) guessPublicAddr(app types.Application) types.Application {
 	if err == nil {
 		appCopy.Spec.PublicAddr = pubAddr
 	} else {
-		s.log.WithError(err).Errorf("Unable to find public address for app %q, leaving empty.", app.GetName())
+		s.log.ErrorContext(s.closeContext, "Unable to find public address for app, leaving empty",
+			"app_name", app.GetName(),
+			"error", err,
+		)
 	}
 	return appCopy
 }
diff --git a/lib/srv/db/audit_test.go b/lib/srv/db/audit_test.go
index d4bb2b221f4c7..50eab78e98914 100644
--- a/lib/srv/db/audit_test.go
+++ b/lib/srv/db/audit_test.go
@@ -61,7 +61,10 @@ func TestAuditPostgres(t *testing.T) {
 	// Connect should trigger successful session start event.
 	psql, err := testCtx.postgresClient(ctx, "alice", "postgres", "postgres", "postgres")
 	require.NoError(t, err)
-	requireEvent(t, testCtx, libevents.DatabaseSessionStartCode)
+	startEvt, ok := requireEvent(t, testCtx, libevents.DatabaseSessionStartCode).(*events.DatabaseSessionStart)
+	require.True(t, ok)
+	require.NotNil(t, startEvt)
+	require.NotZero(t, startEvt.PostgresPID)
 
 	// Simple query should trigger the query event.
 	_, err = psql.Exec(ctx, "select 1").ReadAll()
diff --git a/lib/srv/db/common/audit.go b/lib/srv/db/common/audit.go
index 825cbd4a57e5c..86c2c68b50217 100644
--- a/lib/srv/db/common/audit.go
+++ b/lib/srv/db/common/audit.go
@@ -145,6 +145,7 @@ func (a *audit) OnSessionStart(ctx context.Context, session *Session, sessionErr
 		Status: events.Status{
 			Success: true,
 		},
+		PostgresPID: session.PostgresPID,
 	}
 	event.SetTime(session.StartTime)
 
diff --git a/lib/srv/db/common/databaseobjectimportrule/preset.go b/lib/srv/db/common/databaseobjectimportrule/preset.go
index d627e23d0f954..d5f130d92fa4e 100644
--- a/lib/srv/db/common/databaseobjectimportrule/preset.go
+++ b/lib/srv/db/common/databaseobjectimportrule/preset.go
@@ -17,7 +17,10 @@
 package databaseobjectimportrule
 
 import (
-	log "github.com/sirupsen/logrus"
+	"context"
+	"log/slog"
+
+	"google.golang.org/protobuf/proto"
 
 	dbobjectimportrulev1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/dbobjectimportrule/v1"
 	"github.com/gravitational/teleport/api/types/label"
@@ -49,8 +52,47 @@ func NewPresetImportAllObjectsRule() *dbobjectimportrulev1pb.DatabaseObjectImpor
 	})
 
 	if err != nil {
-		log.WithError(err).Warn("failed to create import_all_objects database object import rule")
+		slog.WarnContext(context.Background(), "failed to create import_all_objects database object import rule", "error", err)
 		return nil
 	}
 	return rule
 }
+
+// IsOldImportAllObjectsRulePreset checks if the provided rule is the "old" preset.
+// TODO(greedy52) DELETE in 18.0
+func IsOldImportAllObjectsRulePreset(cur *dbobjectimportrulev1pb.DatabaseObjectImportRule) bool {
+	// Skip no-zero expires.
+	if cur.Metadata.Expires != nil && !cur.Metadata.Expires.AsTime().IsZero() {
+		return false
+	}
+
+	// Make the old preset from https://github.com/gravitational/teleport/pull/37808
+	old, err := NewDatabaseObjectImportRule("import_all_objects", &dbobjectimportrulev1pb.DatabaseObjectImportRuleSpec{
+		Priority:       0,
+		DatabaseLabels: label.FromMap(map[string][]string{"*": {"*"}}),
+		Mappings: []*dbobjectimportrulev1pb.DatabaseObjectImportRuleMapping{
+			{
+				Match:     &dbobjectimportrulev1pb.DatabaseObjectImportMatch{TableNames: []string{"*"}},
+				AddLabels: map[string]string{"kind": ObjectKindTable},
+			},
+			{
+				Match:     &dbobjectimportrulev1pb.DatabaseObjectImportMatch{ViewNames: []string{"*"}},
+				AddLabels: map[string]string{"kind": ObjectKindView},
+			},
+			{
+				Match:     &dbobjectimportrulev1pb.DatabaseObjectImportMatch{ProcedureNames: []string{"*"}},
+				AddLabels: map[string]string{"kind": ObjectKindProcedure},
+			},
+		},
+	})
+	if err != nil {
+		slog.WarnContext(context.Background(), "failed to create old import_all_objects database object import rule", "error", err)
+		return false
+	}
+
+	// Ignore these fields.
+	old.Metadata.Revision = cur.Metadata.Revision
+	old.Metadata.Namespace = cur.Metadata.Namespace
+	old.Metadata.Expires = cur.Metadata.Expires
+	return proto.Equal(old, cur)
+}
diff --git a/lib/srv/db/common/session.go b/lib/srv/db/common/session.go
index 89e95841bb00e..d7cc951570343 100644
--- a/lib/srv/db/common/session.go
+++ b/lib/srv/db/common/session.go
@@ -66,6 +66,8 @@ type Session struct {
 	AuthContext *authz.Context
 	// StartTime is the time the session started.
 	StartTime time.Time
+	// PostgresPID is the Postgres backend PID for the session.
+	PostgresPID uint32
 }
 
 // String returns string representation of the session parameters.
diff --git a/lib/srv/db/postgres/engine.go b/lib/srv/db/postgres/engine.go
index 790e70def9bcd..2b5c0692a17e3 100644
--- a/lib/srv/db/postgres/engine.go
+++ b/lib/srv/db/postgres/engine.go
@@ -147,6 +147,8 @@ func (e *Engine) HandleConnection(ctx context.Context, sessionCtx *common.Sessio
 		cancelAutoUserLease()
 		return trace.Wrap(err)
 	}
+	sessionCtx.PostgresPID = hijackedConn.PID
+	e.Log = e.Log.With("pg_backend_pid", hijackedConn.PID)
 	e.rawServerConn = hijackedConn.Conn
 	// Release the auto-users semaphore now that we've successfully connected.
 	cancelAutoUserLease()
diff --git a/lib/srv/db/postgres/users.go b/lib/srv/db/postgres/users.go
index 4b6a4ee0e7c27..9426fc2fe429d 100644
--- a/lib/srv/db/postgres/users.go
+++ b/lib/srv/db/postgres/users.go
@@ -81,7 +81,11 @@ func (e *Engine) ActivateUser(ctx context.Context, sessionCtx *common.Session) e
 		return trace.Wrap(err)
 	}
 
-	if err := e.createProcedures(ctx, sessionCtx, conn, []string{activateProcName, deactivateProcName}); err != nil {
+	err = withRetry(ctx, logger, func() error {
+		err := e.createProcedures(ctx, sessionCtx, conn, []string{activateProcName, deactivateProcName})
+		return trace.Wrap(err)
+	})
+	if err != nil {
 		return trace.Wrap(err)
 	}
 
@@ -295,12 +299,16 @@ func (e *Engine) DeactivateUser(ctx context.Context, sessionCtx *common.Session)
 	}
 	defer conn.Close(ctx)
 
-	if err := e.createProcedures(ctx, sessionCtx, conn, []string{deactivateProcName}); err != nil {
+	logger := e.Log.With("user", sessionCtx.DatabaseUser)
+	logger.InfoContext(ctx, "Deactivating PostgreSQL user.")
+	err = withRetry(ctx, logger, func() error {
+		err := e.createProcedures(ctx, sessionCtx, conn, []string{deactivateProcName})
 		return trace.Wrap(err)
+	})
+	if err != nil {
+		return trace.NewAggregate(errRemove, trace.Wrap(err))
 	}
 
-	logger := e.Log.With("user", sessionCtx.DatabaseUser)
-	logger.InfoContext(ctx, "Deactivating PostgreSQL user.")
 	err = withRetry(ctx, logger, func() error {
 		return trace.Wrap(e.callProcedure(ctx, sessionCtx, conn, deactivateProcName, sessionCtx.DatabaseUser))
 	})
diff --git a/lib/srv/desktop/discovery.go b/lib/srv/desktop/discovery.go
index 104cc9ba98808..7c9d8a76a0e58 100644
--- a/lib/srv/desktop/discovery.go
+++ b/lib/srv/desktop/discovery.go
@@ -262,6 +262,10 @@ func (s *WindowsService) ldapEntryToWindowsDesktop(ctx context.Context, entry *l
 	labels[types.DiscoveryLabelWindowsDomain] = s.cfg.Domain
 	s.applyLabelsFromLDAP(entry, labels)
 
+	if os, ok := labels[types.DiscoveryLabelWindowsOS]; ok && strings.Contains(os, "linux") {
+		return nil, trace.BadParameter("LDAP entry looks like a Linux host")
+	}
+
 	addrs, err := s.lookupDesktop(ctx, hostname)
 	if err != nil || len(addrs) == 0 {
 		return nil, trace.WrapWithMessage(err, "couldn't resolve %q", hostname)
diff --git a/lib/srv/discovery/common/database.go b/lib/srv/discovery/common/database.go
index 49df30c8c8c3c..4eb2caf81ce71 100644
--- a/lib/srv/discovery/common/database.go
+++ b/lib/srv/discovery/common/database.go
@@ -26,7 +26,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/redis/armredis/v2"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/redisenterprise/armredisenterprise"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/sql/armsql"
-	rdsTypesV2 "github.com/aws/aws-sdk-go-v2/service/rds/types"
+	rdstypes "github.com/aws/aws-sdk-go-v2/service/rds/types"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/aws/aws-sdk-go/service/elasticache"
@@ -313,7 +313,7 @@ func NewDatabaseFromRDSInstance(instance *rds.DBInstance) (types.Database, error
 
 // NewDatabaseFromRDSV2Instance creates a database resource from an RDS instance.
 // It uses aws sdk v2.
-func NewDatabaseFromRDSV2Instance(instance *rdsTypesV2.DBInstance) (types.Database, error) {
+func NewDatabaseFromRDSV2Instance(instance *rdstypes.DBInstance) (types.Database, error) {
 	endpoint := instance.Endpoint
 	if endpoint == nil {
 		return nil, trace.BadParameter("empty endpoint")
@@ -350,7 +350,7 @@ func NewDatabaseFromRDSV2Instance(instance *rdsTypesV2.DBInstance) (types.Databa
 
 // MetadataFromRDSInstance creates AWS metadata from the provided RDS instance.
 // It uses aws sdk v2.
-func MetadataFromRDSV2Instance(rdsInstance *rdsTypesV2.DBInstance) (*types.AWS, error) {
+func MetadataFromRDSV2Instance(rdsInstance *rdstypes.DBInstance) (*types.AWS, error) {
 	parsedARN, err := arn.Parse(aws.StringValue(rdsInstance.DBInstanceArn))
 	if err != nil {
 		return nil, trace.Wrap(err)
@@ -362,19 +362,20 @@ func MetadataFromRDSV2Instance(rdsInstance *rdsTypesV2.DBInstance) (*types.AWS,
 		Region:    parsedARN.Region,
 		AccountID: parsedARN.AccountID,
 		RDS: types.RDS{
-			InstanceID: aws.StringValue(rdsInstance.DBInstanceIdentifier),
-			ClusterID:  aws.StringValue(rdsInstance.DBClusterIdentifier),
-			ResourceID: aws.StringValue(rdsInstance.DbiResourceId),
-			IAMAuth:    aws.BoolValue(rdsInstance.IAMDatabaseAuthenticationEnabled),
-			Subnets:    subnets,
-			VPCID:      vpcID,
+			InstanceID:     aws.StringValue(rdsInstance.DBInstanceIdentifier),
+			ClusterID:      aws.StringValue(rdsInstance.DBClusterIdentifier),
+			ResourceID:     aws.StringValue(rdsInstance.DbiResourceId),
+			IAMAuth:        aws.BoolValue(rdsInstance.IAMDatabaseAuthenticationEnabled),
+			Subnets:        subnets,
+			VPCID:          vpcID,
+			SecurityGroups: rdsSecurityGroupInfo(rdsInstance.VpcSecurityGroups),
 		},
 	}, nil
 }
 
 // labelsFromRDSV2Instance creates database labels for the provided RDS instance.
 // It uses aws sdk v2.
-func labelsFromRDSV2Instance(rdsInstance *rdsTypesV2.DBInstance, meta *types.AWS) map[string]string {
+func labelsFromRDSV2Instance(rdsInstance *rdstypes.DBInstance, meta *types.AWS) map[string]string {
 	labels := labelsFromAWSMetadata(meta)
 	labels[types.DiscoveryLabelEngine] = aws.StringValue(rdsInstance.Engine)
 	labels[types.DiscoveryLabelEngineVersion] = aws.StringValue(rdsInstance.EngineVersion)
@@ -388,7 +389,7 @@ func labelsFromRDSV2Instance(rdsInstance *rdsTypesV2.DBInstance, meta *types.AWS
 
 // NewDatabaseFromRDSV2Cluster creates a database resource from an RDS cluster (Aurora).
 // It uses aws sdk v2.
-func NewDatabaseFromRDSV2Cluster(cluster *rdsTypesV2.DBCluster, firstInstance *rdsTypesV2.DBInstance) (types.Database, error) {
+func NewDatabaseFromRDSV2Cluster(cluster *rdstypes.DBCluster, firstInstance *rdstypes.DBInstance) (types.Database, error) {
 	metadata, err := MetadataFromRDSV2Cluster(cluster, firstInstance)
 	if err != nil {
 		return nil, trace.Wrap(err)
@@ -414,7 +415,7 @@ func NewDatabaseFromRDSV2Cluster(cluster *rdsTypesV2.DBCluster, firstInstance *r
 		})
 }
 
-func rdsSubnetGroupToNetworkInfo(subnetGroup *rdsTypesV2.DBSubnetGroup) (vpcID string, subnets []string) {
+func rdsSubnetGroupToNetworkInfo(subnetGroup *rdstypes.DBSubnetGroup) (vpcID string, subnets []string) {
 	if subnetGroup == nil {
 		return
 	}
@@ -431,10 +432,24 @@ func rdsSubnetGroupToNetworkInfo(subnetGroup *rdsTypesV2.DBSubnetGroup) (vpcID s
 	return
 }
 
+func rdsSecurityGroupInfo(memberships []rdstypes.VpcSecurityGroupMembership) []string {
+	var secGroups []string
+	if len(memberships) > 0 {
+		secGroups = make([]string, 0, len(memberships))
+	}
+	for _, group := range memberships {
+		groupID := aws.StringValue(group.VpcSecurityGroupId)
+		if groupID != "" {
+			secGroups = append(secGroups, groupID)
+		}
+	}
+	return secGroups
+}
+
 // MetadataFromRDSV2Cluster creates AWS metadata from the provided RDS cluster.
 // It uses aws sdk v2.
-// An optional [rdsTypesV2.DBInstance] can be passed to fill the network configuration of the Cluster.
-func MetadataFromRDSV2Cluster(rdsCluster *rdsTypesV2.DBCluster, rdsInstance *rdsTypesV2.DBInstance) (*types.AWS, error) {
+// An optional [rdstypes.DBInstance] can be passed to fill the network configuration of the Cluster.
+func MetadataFromRDSV2Cluster(rdsCluster *rdstypes.DBCluster, rdsInstance *rdstypes.DBInstance) (*types.AWS, error) {
 	parsedARN, err := arn.Parse(aws.StringValue(rdsCluster.DBClusterArn))
 	if err != nil {
 		return nil, trace.Wrap(err)
@@ -451,18 +466,19 @@ func MetadataFromRDSV2Cluster(rdsCluster *rdsTypesV2.DBCluster, rdsInstance *rds
 		Region:    parsedARN.Region,
 		AccountID: parsedARN.AccountID,
 		RDS: types.RDS{
-			ClusterID:  aws.StringValue(rdsCluster.DBClusterIdentifier),
-			ResourceID: aws.StringValue(rdsCluster.DbClusterResourceId),
-			IAMAuth:    aws.BoolValue(rdsCluster.IAMDatabaseAuthenticationEnabled),
-			Subnets:    subnets,
-			VPCID:      vpcID,
+			ClusterID:      aws.StringValue(rdsCluster.DBClusterIdentifier),
+			ResourceID:     aws.StringValue(rdsCluster.DbClusterResourceId),
+			IAMAuth:        aws.BoolValue(rdsCluster.IAMDatabaseAuthenticationEnabled),
+			Subnets:        subnets,
+			VPCID:          vpcID,
+			SecurityGroups: rdsSecurityGroupInfo(rdsCluster.VpcSecurityGroups),
 		},
 	}, nil
 }
 
 // labelsFromRDSV2Cluster creates database labels for the provided RDS cluster.
 // It uses aws sdk v2.
-func labelsFromRDSV2Cluster(rdsCluster *rdsTypesV2.DBCluster, meta *types.AWS, endpointType string, memberInstance *rdsTypesV2.DBInstance) map[string]string {
+func labelsFromRDSV2Cluster(rdsCluster *rdstypes.DBCluster, meta *types.AWS, endpointType string, memberInstance *rdstypes.DBInstance) map[string]string {
 	labels := labelsFromAWSMetadata(meta)
 	labels[types.DiscoveryLabelEngine] = aws.StringValue(rdsCluster.Engine)
 	labels[types.DiscoveryLabelEngineVersion] = aws.StringValue(rdsCluster.EngineVersion)
diff --git a/lib/srv/discovery/common/database_test.go b/lib/srv/discovery/common/database_test.go
index 828a86cafe755..c7f0fbadf9626 100644
--- a/lib/srv/discovery/common/database_test.go
+++ b/lib/srv/discovery/common/database_test.go
@@ -294,6 +294,11 @@ func TestDatabaseFromRDSV2Instance(t *testing.T) {
 			},
 			VpcId: aws.String("vpc-asd"),
 		},
+		VpcSecurityGroups: []rdsTypesV2.VpcSecurityGroupMembership{
+			{VpcSecurityGroupId: aws.String("")},
+			{VpcSecurityGroupId: aws.String("sg-1")},
+			{VpcSecurityGroupId: aws.String("sg-2")},
+		},
 	}
 	expected, err := types.NewDatabaseV3(types.Metadata{
 		Name:        "instance-1",
@@ -325,6 +330,10 @@ func TestDatabaseFromRDSV2Instance(t *testing.T) {
 					"subnet-1234567890abcdef1",
 					"subnet-1234567890abcdef2",
 				},
+				SecurityGroups: []string{
+					"sg-1",
+					"sg-2",
+				},
 				VPCID: "vpc-asd",
 			},
 		},
@@ -563,6 +572,11 @@ func TestDatabaseFromRDSV2Cluster(t *testing.T) {
 		Endpoint:                         aws.String("localhost"),
 		ReaderEndpoint:                   aws.String("reader.host"),
 		Port:                             aws.Int32(3306),
+		VpcSecurityGroups: []rdsTypesV2.VpcSecurityGroupMembership{
+			{VpcSecurityGroupId: aws.String("")},
+			{VpcSecurityGroupId: aws.String("sg-1")},
+			{VpcSecurityGroupId: aws.String("sg-2")},
+		},
 		CustomEndpoints: []string{
 			"myendpoint1.cluster-custom-example.us-east-1.rds.amazonaws.com",
 			"myendpoint2.cluster-custom-example.us-east-1.rds.amazonaws.com",
@@ -580,6 +594,10 @@ func TestDatabaseFromRDSV2Cluster(t *testing.T) {
 			ClusterID:  "cluster-1",
 			ResourceID: "resource-1",
 			IAMAuth:    true,
+			SecurityGroups: []string{
+				"sg-1",
+				"sg-2",
+			},
 		},
 	}
 
@@ -664,7 +682,11 @@ func TestDatabaseFromRDSV2Cluster(t *testing.T) {
 					ResourceID: "resource-1",
 					IAMAuth:    true,
 					Subnets:    []string{"subnet-123", "subnet-456"},
-					VPCID:      "vpc-123",
+					SecurityGroups: []string{
+						"sg-1",
+						"sg-2",
+					},
+					VPCID: "vpc-123",
 				},
 			},
 		})
diff --git a/lib/srv/discovery/discovery.go b/lib/srv/discovery/discovery.go
index 6c9ecdc8e91c8..829b16c3c01f7 100644
--- a/lib/srv/discovery/discovery.go
+++ b/lib/srv/discovery/discovery.go
@@ -36,15 +36,18 @@ import (
 	"github.com/gravitational/trace"
 	"github.com/jonboulle/clockwork"
 	"github.com/sirupsen/logrus"
+	"google.golang.org/protobuf/types/known/timestamppb"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/client/proto"
+	usertasksv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/usertasks/v1"
 	usageeventsv1 "github.com/gravitational/teleport/api/gen/proto/go/usageevents/v1"
 	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/types/discoveryconfig"
 	apievents "github.com/gravitational/teleport/api/types/events"
+	"github.com/gravitational/teleport/api/types/usertasks"
 	"github.com/gravitational/teleport/api/utils/retryutils"
 	"github.com/gravitational/teleport/lib/auth/authclient"
 	"github.com/gravitational/teleport/lib/cloud"
@@ -329,6 +332,7 @@ type Server struct {
 
 	awsSyncStatus         awsSyncStatus
 	awsEC2ResourcesStatus awsResourcesStatus
+	awsEC2Tasks           awsEC2Tasks
 
 	// caRotationCh receives nodes that need to have their CAs rotated.
 	caRotationCh chan []types.Server
@@ -459,7 +463,8 @@ func (s *Server) initAWSWatchers(matchers []types.AWSMatcher) error {
 		server.WithPollInterval(s.PollInterval),
 		server.WithTriggerFetchC(s.newDiscoveryConfigChangedSub()),
 		server.WithPreFetchHookFn(func() {
-			s.awsEC2ResourcesStatus.iterationStarted()
+			s.awsEC2ResourcesStatus.reset()
+			s.awsEC2Tasks.reset()
 		}),
 	)
 	if err != nil {
@@ -572,7 +577,12 @@ func (s *Server) gcpServerFetchersFromMatchers(ctx context.Context, matchers []t
 		return nil, trace.Wrap(err)
 	}
 
-	return server.MatchersToGCPInstanceFetchers(serverMatchers, client), nil
+	projectsClient, err := s.CloudClients.GetGCPProjectsClient(ctx)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	return server.MatchersToGCPInstanceFetchers(serverMatchers, client, projectsClient), nil
 }
 
 // databaseFetchersFromMatchers converts Matchers into a set of Database Fetchers.
@@ -734,19 +744,26 @@ func (s *Server) initGCPWatchers(ctx context.Context, matchers []types.GCPMatche
 	if err != nil {
 		return trace.Wrap(err)
 	}
+	projectClient, err := s.CloudClients.GetGCPProjectsClient(ctx)
+	if err != nil {
+		return trace.Wrap(err, "unable to create gcp project client")
+	}
 	for _, matcher := range otherMatchers {
 		for _, projectID := range matcher.ProjectIDs {
 			for _, location := range matcher.Locations {
 				for _, t := range matcher.Types {
 					switch t {
 					case types.GCPMatcherKubernetes:
-						fetcher, err := fetchers.NewGKEFetcher(fetchers.GKEFetcherConfig{
-							Client:       kubeClient,
-							Location:     location,
-							FilterLabels: matcher.GetLabels(),
-							ProjectID:    projectID,
-							Log:          s.Log,
-						})
+						fetcher, err := fetchers.NewGKEFetcher(
+							ctx,
+							fetchers.GKEFetcherConfig{
+								GKEClient:     kubeClient,
+								ProjectClient: projectClient,
+								Location:      location,
+								FilterLabels:  matcher.GetLabels(),
+								ProjectID:     projectID,
+								Log:           s.Log,
+							})
 						if err != nil {
 							return trace.Wrap(err)
 						}
@@ -960,6 +977,26 @@ func (s *Server) handleEC2RemoteInstallation(instances *server.EC2Instances) err
 			discoveryConfig: instances.DiscoveryConfig,
 			integration:     instances.Integration,
 		}, len(req.Instances))
+
+		for _, instance := range req.Instances {
+			s.awsEC2Tasks.addFailedEnrollment(
+				awsEC2TaskKey{
+					accountID:       instances.AccountID,
+					integration:     instances.Integration,
+					issueType:       usertasks.AutoDiscoverEC2IssueSSMInvocationFailure,
+					region:          instances.Region,
+					ssmDocument:     req.DocumentName,
+					installerScript: req.InstallerScriptName(),
+				},
+				&usertasksv1.DiscoverEC2Instance{
+					DiscoveryConfig: instances.DiscoveryConfig,
+					DiscoveryGroup:  s.DiscoveryGroup,
+					InstanceId:      instance.InstanceID,
+					Name:            instance.InstanceName,
+					SyncTime:        timestamppb.New(s.clock.Now()),
+				},
+			)
+		}
 		return trace.Wrap(err)
 	}
 	return nil
@@ -1072,6 +1109,7 @@ func (s *Server) handleEC2Discovery() {
 			}
 
 			s.updateDiscoveryConfigStatus(instances.EC2.DiscoveryConfig)
+			s.upsertTasksForAWSEC2FailedEnrollments()
 		case <-s.ctx.Done():
 			s.ec2Watcher.Stop()
 			return
diff --git a/lib/srv/discovery/discovery_test.go b/lib/srv/discovery/discovery_test.go
index a638c4d920c2f..100973a56e242 100644
--- a/lib/srv/discovery/discovery_test.go
+++ b/lib/srv/discovery/discovery_test.go
@@ -65,6 +65,7 @@ import (
 	"github.com/gravitational/teleport/api/defaults"
 	discoveryconfigv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/discoveryconfig/v1"
 	integrationpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/integration/v1"
+	usertasksv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/usertasks/v1"
 	usageeventsv1 "github.com/gravitational/teleport/api/gen/proto/go/usageevents/v1"
 	"github.com/gravitational/teleport/api/internalutils/stream"
 	"github.com/gravitational/teleport/api/types"
@@ -199,9 +200,14 @@ func genEC2Instances(n int) []*ec2.Instance {
 type mockSSMInstaller struct {
 	mu                 sync.Mutex
 	installedInstances map[string]struct{}
+	runError           error
 }
 
 func (m *mockSSMInstaller) Run(_ context.Context, req server.SSMRunRequest) error {
+	if m.runError != nil {
+		return m.runError
+	}
+
 	m.mu.Lock()
 	defer m.mu.Unlock()
 	for _, inst := range req.Instances {
@@ -250,8 +256,9 @@ func TestDiscoveryServer(t *testing.T) {
 	)
 	require.NoError(t, err)
 
+	dcForEC2SSMWithIntegrationName := uuid.NewString()
 	dcForEC2SSMWithIntegration, err := discoveryconfig.NewDiscoveryConfig(
-		header.Metadata{Name: uuid.NewString()},
+		header.Metadata{Name: dcForEC2SSMWithIntegrationName},
 		discoveryconfig.Spec{
 			DiscoveryGroup: defaultDiscoveryGroup,
 			AWS: []types.AWSMatcher{{
@@ -269,6 +276,26 @@ func TestDiscoveryServer(t *testing.T) {
 	)
 	require.NoError(t, err)
 
+	discoveryConfigForUserTaskTestName := uuid.NewString()
+	discoveryConfigForUserTaskTest, err := discoveryconfig.NewDiscoveryConfig(
+		header.Metadata{Name: discoveryConfigForUserTaskTestName},
+		discoveryconfig.Spec{
+			DiscoveryGroup: defaultDiscoveryGroup,
+			AWS: []types.AWSMatcher{{
+				Types:   []string{"ec2"},
+				Regions: []string{"eu-west-2"},
+				Tags:    map[string]utils.Strings{"RunDiscover": {"please"}},
+				SSM:     &types.AWSSSM{DocumentName: "document"},
+				Params: &types.InstallerParams{
+					InstallTeleport: true,
+					EnrollMode:      types.InstallParamEnrollMode_INSTALL_PARAM_ENROLL_MODE_SCRIPT,
+				},
+				Integration: "my-integration",
+			}},
+		},
+	)
+	require.NoError(t, err)
+
 	tcs := []struct {
 		name string
 		// presentInstances is a list of servers already present in teleport
@@ -280,6 +307,8 @@ func TestDiscoveryServer(t *testing.T) {
 		staticMatchers            Matchers
 		wantInstalledInstances    []string
 		wantDiscoveryConfigStatus *discoveryconfig.Status
+		userTasksDiscoverEC2Check require.ValueAssertionFunc
+		ssmRunError               error
 	}{
 		{
 			name:             "no nodes present, 1 found ",
@@ -538,6 +567,74 @@ func TestDiscoveryServer(t *testing.T) {
 			},
 			wantInstalledInstances: []string{"instance-id-1"},
 		},
+		{
+			name:             "one node found but SSM Run fails and DiscoverEC2 User Task is created",
+			presentInstances: []types.Server{},
+			foundEC2Instances: []*ec2.Instance{
+				{
+					InstanceId: aws.String("instance-id-1"),
+					Tags: []*ec2.Tag{{
+						Key:   aws.String("env"),
+						Value: aws.String("dev"),
+					}},
+					State: &ec2.InstanceState{
+						Name: aws.String(ec2.InstanceStateNameRunning),
+					},
+				},
+			},
+			ssm: &mockSSMClient{
+				commandOutput: &ssm.SendCommandOutput{
+					Command: &ssm.Command{
+						CommandId: aws.String("command-id-1"),
+					},
+				},
+				invokeOutput: &ssm.GetCommandInvocationOutput{
+					Status:       aws.String(ssm.CommandStatusSuccess),
+					ResponseCode: aws.Int64(0),
+				},
+			},
+			ssmRunError: trace.BadParameter("ssm run failed"),
+			emitter: &mockEmitter{
+				eventHandler: func(t *testing.T, ae events.AuditEvent, server *Server) {
+					t.Helper()
+					require.Equal(t, &events.SSMRun{
+						Metadata: events.Metadata{
+							Type: libevents.SSMRunEvent,
+							Code: libevents.SSMRunSuccessCode,
+						},
+						CommandID:  "command-id-1",
+						AccountID:  "owner",
+						InstanceID: "instance-id-1",
+						Region:     "eu-central-1",
+						ExitCode:   0,
+						Status:     ssm.CommandStatusSuccess,
+					}, ae)
+				},
+			},
+			staticMatchers:         Matchers{},
+			discoveryConfig:        discoveryConfigForUserTaskTest,
+			wantInstalledInstances: []string{},
+			userTasksDiscoverEC2Check: func(tt require.TestingT, i1 interface{}, i2 ...interface{}) {
+				existingTasks, ok := i1.([]*usertasksv1.UserTask)
+				require.True(t, ok, "failed to get existing tasks: %T", i1)
+				require.Len(t, existingTasks, 1)
+				existingTask := existingTasks[0]
+
+				require.Equal(t, "OPEN", existingTask.GetSpec().State)
+				require.Equal(t, "my-integration", existingTask.GetSpec().Integration)
+				require.Equal(t, "ec2-ssm-invocation-failure", existingTask.GetSpec().IssueType)
+				require.Equal(t, "owner", existingTask.GetSpec().GetDiscoverEc2().GetAccountId())
+				require.Equal(t, "eu-west-2", existingTask.GetSpec().GetDiscoverEc2().GetRegion())
+
+				taskInstances := existingTask.GetSpec().GetDiscoverEc2().Instances
+				require.Contains(t, taskInstances, "instance-id-1")
+				taskInstance := taskInstances["instance-id-1"]
+
+				require.Equal(t, "instance-id-1", taskInstance.InstanceId)
+				require.Equal(t, discoveryConfigForUserTaskTestName, taskInstance.DiscoveryConfig)
+				require.Equal(t, defaultDiscoveryGroup, taskInstance.DiscoveryGroup)
+			},
+		},
 	}
 
 	for _, tc := range tcs {
@@ -586,6 +683,7 @@ func TestDiscoveryServer(t *testing.T) {
 			reporter := &mockUsageReporter{}
 			installer := &mockSSMInstaller{
 				installedInstances: make(map[string]struct{}),
+				runError:           tc.ssmRunError,
 			}
 			tlsServer.Auth().SetUsageReporter(reporter)
 
@@ -640,6 +738,20 @@ func TestDiscoveryServer(t *testing.T) {
 					return true
 				}, 500*time.Millisecond, 50*time.Millisecond)
 			}
+			if tc.userTasksDiscoverEC2Check != nil {
+				var allUserTasks []*usertasksv1.UserTask
+				var nextToken string
+				for {
+					var userTasks []*usertasksv1.UserTask
+					userTasks, nextToken, err = tlsServer.Auth().UserTasks.ListUserTasks(context.Background(), 0, "")
+					require.NoError(t, err)
+					allUserTasks = append(allUserTasks, userTasks...)
+					if nextToken == "" {
+						break
+					}
+				}
+				tc.userTasksDiscoverEC2Check(t, allUserTasks)
+			}
 		})
 	}
 }
@@ -1160,6 +1272,24 @@ func TestDiscoveryInCloudKube(t *testing.T) {
 			},
 			wantEvents: 2,
 		},
+		{
+			name:                 "no clusters in auth server, import 3 prod clusters from GKE across multiple projects",
+			existingKubeClusters: []types.KubeCluster{},
+			gcpMatchers: []types.GCPMatcher{
+				{
+					Types:      []string{"gke"},
+					Locations:  []string{"*"},
+					ProjectIDs: []string{"*"},
+					Tags:       map[string]utils.Strings{"env": {"prod"}},
+				},
+			},
+			expectedClustersToExistInAuth: []types.KubeCluster{
+				mustConvertGKEToKubeCluster(t, gkeMockClusters[0], mainDiscoveryGroup),
+				mustConvertGKEToKubeCluster(t, gkeMockClusters[1], mainDiscoveryGroup),
+				mustConvertGKEToKubeCluster(t, gkeMockClusters[4], mainDiscoveryGroup),
+			},
+			wantEvents: 3,
+		},
 	}
 
 	for _, tc := range tcs {
@@ -1173,6 +1303,7 @@ func TestDiscoveryInCloudKube(t *testing.T) {
 				AzureAKSClient: newPopulatedAKSMock(),
 				EKS:            newPopulatedEKSMock(),
 				GCPGKE:         newPopulatedGCPMock(),
+				GCPProjects:    newPopulatedGCPProjectsMock(),
 			}
 
 			ctx := context.Background()
@@ -1650,6 +1781,28 @@ var gkeMockClusters = []gcp.GKECluster{
 		Location:    "central-1",
 		Description: "desc1",
 	},
+	{
+		Name:   "cluster5",
+		Status: containerpb.Cluster_RUNNING,
+		Labels: map[string]string{
+			"env":      "prod",
+			"location": "central-1",
+		},
+		ProjectID:   "p2",
+		Location:    "central-1",
+		Description: "desc1",
+	},
+	{
+		Name:   "cluster6",
+		Status: containerpb.Cluster_RUNNING,
+		Labels: map[string]string{
+			"env":      "stg",
+			"location": "central-1",
+		},
+		ProjectID:   "p2",
+		Location:    "central-1",
+		Description: "desc1",
+	},
 }
 
 func mustConvertGKEToKubeCluster(t *testing.T, gkeCluster gcp.GKECluster, discoveryGroup string) types.KubeCluster {
@@ -1667,7 +1820,15 @@ type mockGKEAPI struct {
 }
 
 func (m *mockGKEAPI) ListClusters(ctx context.Context, projectID string, location string) ([]gcp.GKECluster, error) {
-	return m.clusters, nil
+	var clusters []gcp.GKECluster
+	for _, cluster := range m.clusters {
+		if cluster.ProjectID != projectID {
+			continue
+		}
+		clusters = append(clusters, cluster)
+	}
+
+	return clusters, nil
 }
 
 func TestDiscoveryDatabase(t *testing.T) {
@@ -2565,12 +2726,21 @@ type mockGCPClient struct {
 	vms []*gcpimds.Instance
 }
 
-func (m *mockGCPClient) ListInstances(_ context.Context, _, _ string) ([]*gcpimds.Instance, error) {
-	return m.vms, nil
+func (m *mockGCPClient) getVMSForProject(projectID string) []*gcpimds.Instance {
+	var vms []*gcpimds.Instance
+	for _, vm := range m.vms {
+		if vm.ProjectID == projectID {
+			vms = append(vms, vm)
+		}
+	}
+	return vms
+}
+func (m *mockGCPClient) ListInstances(_ context.Context, projectID, _ string) ([]*gcpimds.Instance, error) {
+	return m.getVMSForProject(projectID), nil
 }
 
-func (m *mockGCPClient) StreamInstances(_ context.Context, _, _ string) stream.Stream[*gcpimds.Instance] {
-	return stream.Slice(m.vms)
+func (m *mockGCPClient) StreamInstances(_ context.Context, projectID, _ string) stream.Stream[*gcpimds.Instance] {
+	return stream.Slice(m.getVMSForProject(projectID))
 }
 
 func (m *mockGCPClient) GetInstance(_ context.Context, _ *gcpimds.InstanceRequest) (*gcpimds.Instance, error) {
@@ -2663,6 +2833,37 @@ func TestGCPVMDiscovery(t *testing.T) {
 			staticMatchers:         defaultStaticMatcher,
 			wantInstalledInstances: []string{"myinstance"},
 		},
+		{
+			name:       "no nodes present, 2 found for different projects",
+			presentVMs: []types.Server{},
+			foundGCPVMs: []*gcpimds.Instance{
+				{
+					ProjectID: "p1",
+					Zone:      "myzone",
+					Name:      "myinstance1",
+					Labels: map[string]string{
+						"teleport": "yes",
+					},
+				},
+				{
+					ProjectID: "p2",
+					Zone:      "myzone",
+					Name:      "myinstance2",
+					Labels: map[string]string{
+						"teleport": "yes",
+					},
+				},
+			},
+			staticMatchers: Matchers{
+				GCP: []types.GCPMatcher{{
+					Types:      []string{"gce"},
+					ProjectIDs: []string{"*"},
+					Locations:  []string{"myzone"},
+					Labels:     types.Labels{"teleport": {"yes"}},
+				}},
+			},
+			wantInstalledInstances: []string{"myinstance1", "myinstance2"},
+		},
 		{
 			name: "nodes present, instance filtered",
 			presentVMs: []types.Server{
@@ -2748,6 +2949,7 @@ func TestGCPVMDiscovery(t *testing.T) {
 				GCPInstances: &mockGCPClient{
 					vms: tc.foundGCPVMs,
 				},
+				GCPProjects: newPopulatedGCPProjectsMock(),
 			}
 
 			ctx := context.Background()
@@ -3148,3 +3350,27 @@ func (m fakeWatcher) Close() error {
 func (m fakeWatcher) Error() error {
 	return nil
 }
+
+type mockProjectsAPI struct {
+	gcp.ProjectsClient
+	projects []gcp.Project
+}
+
+func (m *mockProjectsAPI) ListProjects(ctx context.Context) ([]gcp.Project, error) {
+	return m.projects, nil
+}
+
+func newPopulatedGCPProjectsMock() *mockProjectsAPI {
+	return &mockProjectsAPI{
+		projects: []gcp.Project{
+			{
+				ID:   "p1",
+				Name: "project1",
+			},
+			{
+				ID:   "p2",
+				Name: "project2",
+			},
+		},
+	}
+}
diff --git a/lib/srv/discovery/fetchers/gke.go b/lib/srv/discovery/fetchers/gke.go
index 4c15136f31462..7ebb2ab37e384 100644
--- a/lib/srv/discovery/fetchers/gke.go
+++ b/lib/srv/discovery/fetchers/gke.go
@@ -35,8 +35,10 @@ import (
 
 // GKEFetcherConfig configures the GKE fetcher.
 type GKEFetcherConfig struct {
-	// Client is the GCP GKE client.
-	Client gcp.GKEClient
+	// GKEClient is the GCP GKE client.
+	GKEClient gcp.GKEClient
+	// ProjectClient is the GCP project client.
+	ProjectClient gcp.ProjectsClient
 	// ProjectID is the projectID the cluster should belong to.
 	ProjectID string
 	// Location is the GCP's location where the clusters should be located.
@@ -50,9 +52,12 @@ type GKEFetcherConfig struct {
 
 // CheckAndSetDefaults validates and sets the defaults values.
 func (c *GKEFetcherConfig) CheckAndSetDefaults() error {
-	if c.Client == nil {
+	if c.GKEClient == nil {
 		return trace.BadParameter("missing Client field")
 	}
+	if c.ProjectClient == nil {
+		return trace.BadParameter("missing ProjectClient field")
+	}
 	if len(c.Location) == 0 {
 		return trace.BadParameter("missing Location field")
 	}
@@ -73,7 +78,7 @@ type gkeFetcher struct {
 }
 
 // NewGKEFetcher creates a new GKE fetcher configuration.
-func NewGKEFetcher(cfg GKEFetcherConfig) (common.Fetcher, error) {
+func NewGKEFetcher(ctx context.Context, cfg GKEFetcherConfig) (common.Fetcher, error) {
 	if err := cfg.CheckAndSetDefaults(); err != nil {
 		return nil, trace.Wrap(err)
 	}
@@ -82,19 +87,31 @@ func NewGKEFetcher(cfg GKEFetcherConfig) (common.Fetcher, error) {
 }
 
 func (a *gkeFetcher) Get(ctx context.Context) (types.ResourcesWithLabels, error) {
-	clusters, err := a.getGKEClusters(ctx)
+
+	// Get the project IDs that this fetcher is configured to query.
+	projectIDs, err := a.getProjectIDs(ctx)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
 
+	a.Log.Debugf("Fetching GKE clusters for project IDs: %v", projectIDs)
+	var clusters types.KubeClusters
+	for _, projectID := range projectIDs {
+		lClusters, err := a.getGKEClusters(ctx, projectID)
+		if err != nil {
+			return nil, trace.Wrap(err)
+		}
+		clusters = append(clusters, lClusters...)
+	}
+
 	a.rewriteKubeClusters(clusters)
 	return clusters.AsResources(), nil
 }
 
-func (a *gkeFetcher) getGKEClusters(ctx context.Context) (types.KubeClusters, error) {
+func (a *gkeFetcher) getGKEClusters(ctx context.Context, projectID string) (types.KubeClusters, error) {
 	var clusters types.KubeClusters
 
-	gkeClusters, err := a.Client.ListClusters(ctx, a.ProjectID, a.Location)
+	gkeClusters, err := a.GKEClient.ListClusters(ctx, projectID, a.Location)
 	for _, gkeCluster := range gkeClusters {
 		cluster, err := a.getMatchingKubeCluster(gkeCluster)
 		// trace.CompareFailed is returned if the cluster did not match the matcher filtering labels
@@ -160,3 +177,23 @@ func (a *gkeFetcher) getMatchingKubeCluster(gkeCluster gcp.GKECluster) (types.Ku
 
 	return cluster, nil
 }
+
+// getProjectIDs returns the project ids that this fetcher is configured to query.
+// This will make an API call to list project IDs when the fetcher is configured to match "*" projectID,
+// in order to discover and query new projectID.
+// Otherwise, a list containing the fetcher's non-wildcard project is returned.
+func (a *gkeFetcher) getProjectIDs(ctx context.Context) ([]string, error) {
+	if a.ProjectID != types.Wildcard {
+		return []string{a.ProjectID}, nil
+	}
+
+	gcpProjects, err := a.ProjectClient.ListProjects(ctx)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	var projectIDs []string
+	for _, prj := range gcpProjects {
+		projectIDs = append(projectIDs, prj.ID)
+	}
+	return projectIDs, nil
+}
diff --git a/lib/srv/discovery/fetchers/gke_test.go b/lib/srv/discovery/fetchers/gke_test.go
index 6c14b83c6f70a..53374682b179d 100644
--- a/lib/srv/discovery/fetchers/gke_test.go
+++ b/lib/srv/discovery/fetchers/gke_test.go
@@ -35,6 +35,7 @@ func TestGKEFetcher(t *testing.T) {
 	type args struct {
 		location     string
 		filterLabels types.Labels
+		projectID    string
 	}
 	tests := []struct {
 		name string
@@ -48,8 +49,9 @@ func TestGKEFetcher(t *testing.T) {
 				filterLabels: types.Labels{
 					types.Wildcard: []string{types.Wildcard},
 				},
+				projectID: "p1",
 			},
-			want: gkeClustersToResources(t, gkeMockClusters...),
+			want: gkeClustersToResources(t, gkeMockClusters[:4]...),
 		},
 		{
 			name: "list prod clusters",
@@ -58,6 +60,7 @@ func TestGKEFetcher(t *testing.T) {
 				filterLabels: types.Labels{
 					"env": []string{"prod"},
 				},
+				projectID: "p1",
 			},
 			want: gkeClustersToResources(t, gkeMockClusters[:2]...),
 		},
@@ -69,8 +72,9 @@ func TestGKEFetcher(t *testing.T) {
 					"env":      []string{"stg"},
 					"location": []string{"central-1"},
 				},
+				projectID: "p1",
 			},
-			want: gkeClustersToResources(t, gkeMockClusters[2:]...),
+			want: gkeClustersToResources(t, gkeMockClusters[2:4]...),
 		},
 		{
 			name: "filter not found",
@@ -79,6 +83,7 @@ func TestGKEFetcher(t *testing.T) {
 				filterLabels: types.Labels{
 					"env": []string{"none"},
 				},
+				projectID: "p1",
 			},
 			want: gkeClustersToResources(t),
 		},
@@ -90,6 +95,18 @@ func TestGKEFetcher(t *testing.T) {
 				filterLabels: types.Labels{
 					"env": []string{"prod", "stg"},
 				},
+				projectID: "p1",
+			},
+			want: gkeClustersToResources(t, gkeMockClusters[:4]...),
+		},
+		{
+			name: "list everything with wildcard project",
+			args: args{
+				location: "uswest2",
+				filterLabels: types.Labels{
+					"env": []string{"prod", "stg"},
+				},
+				projectID: "*",
 			},
 			want: gkeClustersToResources(t, gkeMockClusters...),
 		},
@@ -97,12 +114,14 @@ func TestGKEFetcher(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			cfg := GKEFetcherConfig{
-				Client:       newPopulatedGCPMock(),
-				FilterLabels: tt.args.filterLabels,
-				Location:     tt.args.location,
-				Log:          logrus.New(),
+				GKEClient:     newPopulatedGCPMock(),
+				ProjectClient: newPopulatedGCPProjectsMock(),
+				FilterLabels:  tt.args.filterLabels,
+				Location:      tt.args.location,
+				ProjectID:     tt.args.projectID,
+				Log:           logrus.New(),
 			}
-			fetcher, err := NewGKEFetcher(cfg)
+			fetcher, err := NewGKEFetcher(context.Background(), cfg)
 			require.NoError(t, err)
 			resources, err := fetcher.Get(context.Background())
 			require.NoError(t, err)
@@ -118,7 +137,15 @@ type mockGKEAPI struct {
 }
 
 func (m *mockGKEAPI) ListClusters(ctx context.Context, projectID string, location string) ([]gcp.GKECluster, error) {
-	return m.clusters, nil
+	var clusters []gcp.GKECluster
+	for _, cluster := range m.clusters {
+		if cluster.ProjectID != projectID {
+			continue
+		}
+		clusters = append(clusters, cluster)
+	}
+
+	return clusters, nil
 }
 
 func newPopulatedGCPMock() *mockGKEAPI {
@@ -172,6 +199,28 @@ var gkeMockClusters = []gcp.GKECluster{
 		Location:    "central-1",
 		Description: "desc1",
 	},
+	{
+		Name:   "cluster5",
+		Status: containerpb.Cluster_RUNNING,
+		Labels: map[string]string{
+			"env":      "stg",
+			"location": "central-1",
+		},
+		ProjectID:   "p2",
+		Location:    "central-1",
+		Description: "desc1",
+	},
+	{
+		Name:   "cluster6",
+		Status: containerpb.Cluster_RUNNING,
+		Labels: map[string]string{
+			"env":      "stg",
+			"location": "central-1",
+		},
+		ProjectID:   "p2",
+		Location:    "central-1",
+		Description: "desc1",
+	},
 }
 
 func gkeClustersToResources(t *testing.T, clusters ...gcp.GKECluster) types.ResourcesWithLabels {
@@ -185,3 +234,27 @@ func gkeClustersToResources(t *testing.T, clusters ...gcp.GKECluster) types.Reso
 	}
 	return kubeClusters.AsResources()
 }
+
+type mockProjectsAPI struct {
+	gcp.ProjectsClient
+	projects []gcp.Project
+}
+
+func (m *mockProjectsAPI) ListProjects(ctx context.Context) ([]gcp.Project, error) {
+	return m.projects, nil
+}
+
+func newPopulatedGCPProjectsMock() *mockProjectsAPI {
+	return &mockProjectsAPI{
+		projects: []gcp.Project{
+			{
+				ID:   "p1",
+				Name: "project1",
+			},
+			{
+				ID:   "p2",
+				Name: "project2",
+			},
+		},
+	}
+}
diff --git a/lib/srv/discovery/status.go b/lib/srv/discovery/status.go
index a7194d87372b5..7fe0b0f39398d 100644
--- a/lib/srv/discovery/status.go
+++ b/lib/srv/discovery/status.go
@@ -25,10 +25,17 @@ import (
 	"time"
 
 	"github.com/gravitational/trace"
+	"github.com/sirupsen/logrus"
+	"google.golang.org/protobuf/types/known/timestamppb"
 
 	discoveryconfigv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/discoveryconfig/v1"
+	usertasksv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/usertasks/v1"
+	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/api/types/discoveryconfig"
+	"github.com/gravitational/teleport/api/types/usertasks"
+	"github.com/gravitational/teleport/api/utils/retryutils"
 	libevents "github.com/gravitational/teleport/lib/events"
+	"github.com/gravitational/teleport/lib/services"
 	aws_sync "github.com/gravitational/teleport/lib/srv/discovery/fetchers/aws-sync"
 	"github.com/gravitational/teleport/lib/srv/server"
 )
@@ -204,7 +211,7 @@ type awsResourceGroupResult struct {
 	failed   int
 }
 
-func (d *awsResourcesStatus) iterationStarted() {
+func (d *awsResourcesStatus) reset() {
 	d.mu.Lock()
 	defer d.mu.Unlock()
 
@@ -293,5 +300,238 @@ func (s *Server) ReportEC2SSMInstallationResult(ctx context.Context, result *ser
 
 	s.updateDiscoveryConfigStatus(result.DiscoveryConfig)
 
+	s.awsEC2Tasks.addFailedEnrollment(
+		awsEC2TaskKey{
+			integration:     result.IntegrationName,
+			issueType:       result.IssueType,
+			accountID:       result.SSMRunEvent.AccountID,
+			region:          result.SSMRunEvent.Region,
+			ssmDocument:     result.SSMDocumentName,
+			installerScript: result.InstallerScript,
+		},
+		&usertasksv1.DiscoverEC2Instance{
+			InvocationUrl:   result.SSMRunEvent.InvocationURL,
+			DiscoveryConfig: result.DiscoveryConfig,
+			DiscoveryGroup:  s.DiscoveryGroup,
+			SyncTime:        timestamppb.New(result.SSMRunEvent.Time),
+			InstanceId:      result.SSMRunEvent.InstanceID,
+			Name:            result.InstanceName,
+		},
+	)
+
 	return nil
 }
+
+// awsEC2Tasks contains the Discover EC2 User Tasks that must be reported to the user.
+type awsEC2Tasks struct {
+	mu sync.RWMutex
+	// instancesIssues maps the Discover EC2 User Task grouping parts to a set of instances metadata.
+	instancesIssues map[awsEC2TaskKey]map[string]*usertasksv1.DiscoverEC2Instance
+	// issuesSyncQueue is used to register which groups were changed in memory but were not yet sent to the cluster.
+	// When upserting User Tasks, if the group is not in issuesSyncQueue,
+	// then the cluster already has the latest version of this particular group.
+	issuesSyncQueue map[awsEC2TaskKey]struct{}
+}
+
+// awsEC2TaskKey identifies a UserTask group.
+type awsEC2TaskKey struct {
+	integration     string
+	issueType       string
+	accountID       string
+	region          string
+	ssmDocument     string
+	installerScript string
+}
+
+// iterationStarted clears out any in memory issues that were recorded.
+// This is used when starting a new Auto Discover EC2 watcher iteration.
+func (d *awsEC2Tasks) reset() {
+	d.mu.Lock()
+	defer d.mu.Unlock()
+
+	d.instancesIssues = make(map[awsEC2TaskKey]map[string]*usertasksv1.DiscoverEC2Instance)
+	d.issuesSyncQueue = make(map[awsEC2TaskKey]struct{})
+}
+
+// addFailedEnrollment adds an enrollment failure of a given instance.
+func (d *awsEC2Tasks) addFailedEnrollment(g awsEC2TaskKey, instance *usertasksv1.DiscoverEC2Instance) {
+	// Only failures associated with an Integration are reported.
+	// There's no major blocking for showing non-integration User Tasks, but this keeps scope smaller.
+	if g.integration == "" {
+		return
+	}
+
+	d.mu.Lock()
+	defer d.mu.Unlock()
+	if d.instancesIssues == nil {
+		d.instancesIssues = make(map[awsEC2TaskKey]map[string]*usertasksv1.DiscoverEC2Instance)
+	}
+	if _, ok := d.instancesIssues[g]; !ok {
+		d.instancesIssues[g] = make(map[string]*usertasksv1.DiscoverEC2Instance)
+	}
+	d.instancesIssues[g][instance.InstanceId] = instance
+
+	if d.issuesSyncQueue == nil {
+		d.issuesSyncQueue = make(map[awsEC2TaskKey]struct{})
+	}
+	d.issuesSyncQueue[g] = struct{}{}
+}
+
+// acquireSemaphoreForUserTask tries to acquire a semaphore lock for this user task.
+// It returns a func which must be called to release the lock.
+// It also returns a context which is tied to the lease and will be canceled if the lease ends.
+func (s *Server) acquireSemaphoreForUserTask(userTaskName string) (releaseFn func(), ctx context.Context, err error) {
+	// Use the deterministic task name as semaphore name.
+	semaphoreName := userTaskName
+	semaphoreExpiration := 5 * time.Second
+
+	// AcquireSemaphoreLock will retry until the semaphore is acquired.
+	// This prevents multiple discovery services to write AWS resources in parallel.
+	// lease must be released to cleanup the resource in auth server.
+	lease, err := services.AcquireSemaphoreLockWithRetry(
+		s.ctx,
+		services.SemaphoreLockConfigWithRetry{
+			SemaphoreLockConfig: services.SemaphoreLockConfig{
+				Service: s.AccessPoint,
+				Params: types.AcquireSemaphoreRequest{
+					SemaphoreKind: types.KindUserTask,
+					SemaphoreName: semaphoreName,
+					MaxLeases:     1,
+					Holder:        s.Config.ServerID,
+				},
+				Expiry: semaphoreExpiration,
+				Clock:  s.clock,
+			},
+			Retry: retryutils.LinearConfig{
+				Clock:  s.clock,
+				First:  time.Second,
+				Step:   semaphoreExpiration / 2,
+				Max:    semaphoreExpiration,
+				Jitter: retryutils.NewJitter(),
+			},
+		},
+	)
+	if err != nil {
+		return nil, nil, trace.Wrap(err)
+	}
+
+	// Once the lease parent context is canceled, the lease will be released.
+	ctxWithLease, cancel := context.WithCancel(lease)
+
+	releaseFn = func() {
+		cancel()
+		lease.Stop()
+		if err := lease.Wait(); err != nil {
+			s.Log.WithError(err).WithField("semaphore", userTaskName).Warn("error cleaning up UserTask semaphore")
+		}
+	}
+
+	return releaseFn, ctxWithLease, nil
+}
+
+// mergeUpsertDiscoverEC2Task takes the current DiscoverEC2 User Task issues stored in memory and
+// merges them against the ones that exist in the cluster.
+//
+// All of this flow is protected by a lock to ensure there's no race between this and other DiscoveryServices.
+func (s *Server) mergeUpsertDiscoverEC2Task(taskGroup awsEC2TaskKey, failedInstances map[string]*usertasksv1.DiscoverEC2Instance) error {
+	userTaskName := usertasks.TaskNameForDiscoverEC2(usertasks.TaskNameForDiscoverEC2Parts{
+		Integration:     taskGroup.integration,
+		IssueType:       taskGroup.issueType,
+		AccountID:       taskGroup.accountID,
+		Region:          taskGroup.region,
+		SSMDocument:     taskGroup.ssmDocument,
+		InstallerScript: taskGroup.installerScript,
+	})
+
+	releaseFn, ctxWithLease, err := s.acquireSemaphoreForUserTask(userTaskName)
+	if err != nil {
+		return trace.Wrap(err)
+	}
+	defer releaseFn()
+
+	// Fetch the current task because it might have instances discovered by another group of DiscoveryServices.
+	currentUserTask, err := s.AccessPoint.GetUserTask(ctxWithLease, userTaskName)
+	switch {
+	case trace.IsNotFound(err):
+	case err != nil:
+		return trace.Wrap(err)
+	default:
+		failedInstances = s.discoverEC2UserTaskAddExistingInstances(currentUserTask, failedInstances)
+	}
+
+	// If the DiscoveryService is stopped, or the issue does not happen again
+	// the task is removed to prevent users from working on issues that are no longer happening.
+	taskExpiration := s.clock.Now().Add(2 * s.PollInterval)
+
+	task, err := usertasks.NewDiscoverEC2UserTask(
+		&usertasksv1.UserTaskSpec{
+			Integration: taskGroup.integration,
+			TaskType:    usertasks.TaskTypeDiscoverEC2,
+			IssueType:   taskGroup.issueType,
+			State:       usertasks.TaskStateOpen,
+			DiscoverEc2: &usertasksv1.DiscoverEC2{
+				AccountId: taskGroup.accountID,
+				Region:    taskGroup.region,
+				Instances: failedInstances,
+			},
+		},
+		usertasks.WithExpiration(taskExpiration),
+	)
+	if err != nil {
+		return trace.Wrap(err)
+	}
+
+	if _, err := s.AccessPoint.UpsertUserTask(ctxWithLease, task); err != nil {
+		return trace.Wrap(err)
+	}
+
+	return nil
+}
+
+// discoverEC2UserTaskAddExistingInstances takes the UserTask stored in the cluster and merges it into the existing map of failed instances.
+func (s *Server) discoverEC2UserTaskAddExistingInstances(currentUserTask *usertasksv1.UserTask, failedInstances map[string]*usertasksv1.DiscoverEC2Instance) map[string]*usertasksv1.DiscoverEC2Instance {
+	for existingInstanceID, existingInstance := range currentUserTask.Spec.DiscoverEc2.Instances {
+		// Each DiscoveryService works on all the DiscoveryConfigs assigned to a given DiscoveryGroup.
+		// So, it's safe to say that current DiscoveryService has the last state for a given DiscoveryGroup.
+		// If other instances exist for this DiscoveryGroup, they can be discarded because, as said before, the current DiscoveryService has the last state for a given DiscoveryGroup.
+		if existingInstance.DiscoveryGroup == s.DiscoveryGroup {
+			continue
+		}
+
+		// For existing instances whose sync time is too far in the past, just drop them.
+		// This ensures that if an instance is removed from AWS, it will eventually disappear from the User Tasks' instance list.
+		// It might also be the case that the DiscoveryConfig was changed and the instance is no longer matched (because of labels/regions or other matchers).
+		instanceIssueExpiration := s.clock.Now().Add(-2 * s.PollInterval)
+		if existingInstance.SyncTime.AsTime().Before(instanceIssueExpiration) {
+			continue
+		}
+
+		// Merge existing cluster state into in-memory object.
+		failedInstances[existingInstanceID] = existingInstance
+	}
+	return failedInstances
+}
+
+func (s *Server) upsertTasksForAWSEC2FailedEnrollments() {
+	s.awsEC2Tasks.mu.Lock()
+	defer s.awsEC2Tasks.mu.Unlock()
+	for g := range s.awsEC2Tasks.issuesSyncQueue {
+		instancesIssueByID := s.awsEC2Tasks.instancesIssues[g]
+		if len(instancesIssueByID) == 0 {
+			continue
+		}
+
+		if err := s.mergeUpsertDiscoverEC2Task(g, instancesIssueByID); err != nil {
+			s.Log.WithError(err).WithFields(logrus.Fields{
+				"integration":    g.integration,
+				"issue_type":     g.issueType,
+				"aws_account_id": g.accountID,
+				"aws_region":     g.region,
+			},
+			).Warning("Failed to create discover ec2 user task.", g.integration, g.issueType, g.accountID, g.region)
+			continue
+		}
+
+		delete(s.awsEC2Tasks.issuesSyncQueue, g)
+	}
+}
diff --git a/lib/srv/exec_linux_test.go b/lib/srv/exec_linux_test.go
index 3eaf3347c65f0..58b57412ed9fe 100644
--- a/lib/srv/exec_linux_test.go
+++ b/lib/srv/exec_linux_test.go
@@ -26,6 +26,7 @@ import (
 	"os"
 	"os/exec"
 	"os/user"
+	"path/filepath"
 	"strconv"
 	"syscall"
 	"testing"
@@ -41,17 +42,42 @@ import (
 )
 
 func TestOSCommandPrep(t *testing.T) {
+	utils.RequireRoot(t)
+
 	srv := newMockServer(t)
 	scx := newExecServerContext(t, srv)
 
-	usr, err := user.Current()
+	// because CheckHomeDir now inspects access to the home directory as the actual user after a rexec,
+	// we need to setup a real, non-root user with a valid home directory in order for this test to
+	// exercise the correct paths
+	tempHome := t.TempDir()
+	require.NoError(t, os.Chmod(filepath.Dir(tempHome), 0777))
+
+	username := "test-os-command-prep"
+	scx.Identity.Login = username
+	_, err := host.UserAdd(username, nil, host.UserOpts{
+		Home: tempHome,
+	})
 	require.NoError(t, err)
+	t.Cleanup(func() {
+		// change homedir back so user deletion doesn't fail
+		changeHomeDir(t, username, tempHome)
+		_, err := host.UserDel(username)
+		require.NoError(t, err)
+	})
 
+	usr, err := user.Lookup(username)
+	require.NoError(t, err)
+
+	uid, err := strconv.Atoi(usr.Uid)
+	require.NoError(t, err)
+
+	require.NoError(t, os.Chown(tempHome, uid, -1))
 	expectedEnv := []string{
 		"LANG=en_US.UTF-8",
-		getDefaultEnvPath(strconv.Itoa(os.Geteuid()), defaultLoginDefsPath),
+		getDefaultEnvPath(usr.Uid, defaultLoginDefsPath),
 		fmt.Sprintf("HOME=%s", usr.HomeDir),
-		fmt.Sprintf("USER=%s", usr.Username),
+		fmt.Sprintf("USER=%s", username),
 		"SHELL=/bin/sh",
 		"SSH_CLIENT=10.0.0.5 4817 3022",
 		"SSH_CONNECTION=10.0.0.5 4817 127.0.0.1 3022",
@@ -104,12 +130,9 @@ func TestOSCommandPrep(t *testing.T) {
 	require.Equal(t, []string{"/bin/sh", "-c", "top"}, cmd.Args)
 	require.Equal(t, syscall.SIGKILL, cmd.SysProcAttr.Pdeathsig)
 
-	if os.Geteuid() != 0 {
-		t.Skip("skipping portion of test which must run as root")
-	}
-
 	// Missing home directory - HOME should still be set to the given
 	// home dir, but the command should set it's CWD to root instead.
+	changeHomeDir(t, username, "/wrong/place")
 	usr.HomeDir = "/wrong/place"
 	root := string(os.PathSeparator)
 	expectedEnv[2] = "HOME=/wrong/place"
diff --git a/lib/srv/reexec.go b/lib/srv/reexec.go
index 130dd30594ac5..da1d84afa9079 100644
--- a/lib/srv/reexec.go
+++ b/lib/srv/reexec.go
@@ -615,6 +615,8 @@ func (o *osWrapper) startNewParker(ctx context.Context, credential *syscall.Cred
 
 type forwardHandler func(ctx context.Context, addr string, file *os.File) error
 
+const rootDirectory = "/"
+
 func handleLocalPortForward(ctx context.Context, addr string, file *os.File) error {
 	conn, err := uds.FromFile(file)
 	_ = file.Close()
@@ -799,16 +801,21 @@ func RunRemoteForward() (errw io.Writer, code int, err error) {
 	return errw, code, trace.Wrap(err)
 }
 
-// runCheckHomeDir check's if the active user's $HOME dir exists.
+// runCheckHomeDir checks if the active user's $HOME dir exists and is accessible.
 func runCheckHomeDir() (errw io.Writer, code int, err error) {
-	home, err := os.UserHomeDir()
-	if err != nil {
-		return io.Discard, teleport.HomeDirNotFound, nil
-	}
-	if !utils.IsDir(home) {
-		return io.Discard, teleport.HomeDirNotFound, nil
+	code = teleport.RemoteCommandSuccess
+	if err := hasAccessibleHomeDir(); err != nil {
+		switch {
+		case trace.IsNotFound(err), trace.IsBadParameter(err):
+			code = teleport.HomeDirNotFound
+		case trace.IsAccessDenied(err):
+			code = teleport.HomeDirNotAccessible
+		default:
+			code = teleport.RemoteCommandFailure
+		}
 	}
-	return io.Discard, teleport.RemoteCommandSuccess, nil
+
+	return io.Discard, code, nil
 }
 
 // runPark does nothing, forever.
@@ -984,18 +991,20 @@ func buildCommand(c *ExecCommand, localUser *user.User, tty *os.File, pamEnviron
 	// Set the command's cwd to the user's $HOME, or "/" if
 	// they don't have an existing home dir.
 	// TODO (atburke): Generalize this to support Windows.
-	exists, err := CheckHomeDir(localUser)
+	hasAccess, err := CheckHomeDir(localUser)
 	if err != nil {
 		return nil, trace.Wrap(err)
-	} else if exists {
+	}
+
+	if hasAccess {
 		cmd.Dir = localUser.HomeDir
-	} else if !exists {
+	} else {
 		// Write failure to find home dir to stdout, same as OpenSSH.
-		msg := fmt.Sprintf("Could not set shell's cwd to home directory %q, defaulting to %q\n", localUser.HomeDir, string(os.PathSeparator))
+		msg := fmt.Sprintf("Could not set shell's cwd to home directory %q, defaulting to %q\n", localUser.HomeDir, rootDirectory)
 		if _, err := cmd.Stdout.Write([]byte(msg)); err != nil {
 			return nil, trace.Wrap(err)
 		}
-		cmd.Dir = string(os.PathSeparator)
+		cmd.Dir = rootDirectory
 	}
 
 	// Only set process credentials if the UID/GID of the requesting user are
@@ -1157,16 +1166,73 @@ func copyCommand(ctx *ServerContext, cmdmsg *ExecCommand) {
 	}
 }
 
-// CheckHomeDir checks if the user's home dir exists
+func coerceHomeDirError(usr *user.User, err error) error {
+	if os.IsNotExist(err) {
+		return trace.NotFound("home directory %q not found for user %q", usr.HomeDir, usr.Name)
+	}
+
+	if os.IsPermission(err) {
+		return trace.AccessDenied("%q does not have permission to access %q", usr.Name, usr.HomeDir)
+	}
+
+	return err
+}
+
+// hasAccessibleHomeDir checks if the current user has access to an existing home directory.
+func hasAccessibleHomeDir() error {
+	// this should usually be fetching a cached value
+	currentUser, err := user.Current()
+	if err != nil {
+		return trace.Wrap(err)
+	}
+
+	fi, err := os.Stat(currentUser.HomeDir)
+	if err != nil {
+		return trace.Wrap(coerceHomeDirError(currentUser, err))
+	}
+
+	if !fi.IsDir() {
+		return trace.BadParameter("%q is not a directory", currentUser.HomeDir)
+	}
+
+	cwd, err := os.Getwd()
+	if err != nil {
+		return trace.Wrap(err)
+	}
+	// make sure we return to the original working directory
+	defer os.Chdir(cwd)
+
+	// attemping to cd into the target directory is the easiest, cross-platform way to test
+	// whether or not the current user has access
+	if err := os.Chdir(currentUser.HomeDir); err != nil {
+		return trace.Wrap(coerceHomeDirError(currentUser, err))
+	}
+
+	return nil
+}
+
+// CheckHomeDir checks if the user's home directory exists and is accessible to the user. Only catastrophic
+// errors will be returned, which means a missing, inaccessible, or otherwise invalid home directory will result
+// in a return of (false, nil)
 func CheckHomeDir(localUser *user.User) (bool, error) {
-	if fi, err := os.Stat(localUser.HomeDir); err == nil {
-		return fi.IsDir(), nil
+	currentUser, err := user.Current()
+	if err != nil {
+		return false, trace.Wrap(err)
+	}
+
+	// don't spawn a subcommand if already running as the user in question
+	if currentUser.Uid == localUser.Uid {
+		if err := hasAccessibleHomeDir(); err != nil {
+			if trace.IsNotFound(err) || trace.IsAccessDenied(err) || trace.IsBadParameter(err) {
+				return false, nil
+			}
+
+			return false, trace.Wrap(err)
+		}
+
+		return true, nil
 	}
 
-	// In some environments, the user's home directory exists but isn't visible to
-	// root, e.g. /home is mounted to an nfs export with root_squash enabled.
-	// In case we are in that scenario, re-exec teleport as the user to check
-	// if the home dir actually does exist.
 	executable, err := os.Executable()
 	if err != nil {
 		return false, trace.Wrap(err)
@@ -1182,6 +1248,7 @@ func CheckHomeDir(localUser *user.User) (bool, error) {
 		Path: executable,
 		Args: []string{executable, teleport.CheckHomeDirSubCommand},
 		Env:  []string{"HOME=" + localUser.HomeDir},
+		Dir:  rootDirectory,
 		SysProcAttr: &syscall.SysProcAttr{
 			Setsid:     true,
 			Credential: credential,
@@ -1192,11 +1259,13 @@ func CheckHomeDir(localUser *user.User) (bool, error) {
 	reexecCommandOSTweaks(cmd)
 
 	if err := cmd.Run(); err != nil {
-		if cmd.ProcessState.ExitCode() == teleport.HomeDirNotFound {
-			return false, nil
+		if cmd.ProcessState.ExitCode() == teleport.RemoteCommandFailure {
+			return false, trace.Wrap(err)
 		}
-		return false, trace.Wrap(err)
+
+		return false, nil
 	}
+
 	return true, nil
 }
 
diff --git a/lib/srv/reexec_test.go b/lib/srv/reexec_test.go
index ec59d44f2d5a8..76e5417979240 100644
--- a/lib/srv/reexec_test.go
+++ b/lib/srv/reexec_test.go
@@ -28,11 +28,13 @@ import (
 	"os"
 	"os/exec"
 	"os/user"
+	"path/filepath"
 	"strconv"
 	"syscall"
 	"testing"
 
 	"github.com/gravitational/trace"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"github.com/gravitational/teleport"
@@ -312,3 +314,72 @@ func TestRootRemotePortForwardCommand(t *testing.T) {
 
 	testRemotePortForwardCommand(t, login)
 }
+
+func TestRootCheckHomeDir(t *testing.T) {
+	utils.RequireRoot(t)
+
+	tmp := t.TempDir()
+	require.NoError(t, os.Chmod(filepath.Dir(tmp), 0777))
+	require.NoError(t, os.Chmod(tmp, 0777))
+
+	home := filepath.Join(tmp, "home")
+	noAccess := filepath.Join(tmp, "no_access")
+	file := filepath.Join(tmp, "file")
+	notFound := filepath.Join(tmp, "not_found")
+
+	require.NoError(t, os.Mkdir(home, 0700))
+	require.NoError(t, os.Mkdir(noAccess, 0700))
+	_, err := os.Create(file)
+	require.NoError(t, err)
+
+	login := utils.GenerateLocalUsername(t)
+	_, err = host.UserAdd(login, nil, host.UserOpts{Home: home})
+	require.NoError(t, err)
+	t.Cleanup(func() {
+		// change back to accessible home so deletion works
+		changeHomeDir(t, login, home)
+		_, err := host.UserDel(login)
+		require.NoError(t, err)
+	})
+
+	testUser, err := user.Lookup(login)
+	require.NoError(t, err)
+
+	uid, err := strconv.Atoi(testUser.Uid)
+	require.NoError(t, err)
+
+	gid, err := strconv.Atoi(testUser.Gid)
+	require.NoError(t, err)
+
+	require.NoError(t, os.Chown(home, uid, gid))
+	require.NoError(t, os.Chown(file, uid, gid))
+
+	hasAccess, err := CheckHomeDir(testUser)
+	require.NoError(t, err)
+	require.True(t, hasAccess)
+
+	changeHomeDir(t, login, file)
+	hasAccess, err = CheckHomeDir(testUser)
+	require.NoError(t, err)
+	require.False(t, hasAccess)
+
+	changeHomeDir(t, login, notFound)
+	hasAccess, err = CheckHomeDir(testUser)
+	require.NoError(t, err)
+	require.False(t, hasAccess)
+
+	changeHomeDir(t, login, noAccess)
+	hasAccess, err = CheckHomeDir(testUser)
+	require.NoError(t, err)
+	require.False(t, hasAccess)
+}
+
+func changeHomeDir(t *testing.T, username, home string) {
+	usermodBin, err := exec.LookPath("usermod")
+	assert.NoError(t, err, "usermod binary must be present")
+
+	cmd := exec.Command(usermodBin, "--home", home, username)
+	_, err = cmd.CombinedOutput()
+	assert.NoError(t, err, "changing home should not error")
+	assert.Equal(t, 0, cmd.ProcessState.ExitCode(), "changing home should exit 0")
+}
diff --git a/lib/srv/regular/sshserver.go b/lib/srv/regular/sshserver.go
index ecbd0734b2622..df0e87f4abb48 100644
--- a/lib/srv/regular/sshserver.go
+++ b/lib/srv/regular/sshserver.go
@@ -1454,7 +1454,7 @@ func (s *Server) HandleNewConn(ctx context.Context, ccx *sshutils.ConnectionCont
 	// Create host user.
 	created, userCloser, err := s.termHandlers.SessionRegistry.UpsertHostUser(identityContext)
 	if err != nil {
-		log.Infof("error while creating host users: %s", err)
+		log.Warnf("error while creating host users: %s", err)
 	}
 
 	// Indicate that the user was created by Teleport.
diff --git a/lib/srv/regular/sshserver_test.go b/lib/srv/regular/sshserver_test.go
index ecb34f4ebb8e8..8c7cff5ec4816 100644
--- a/lib/srv/regular/sshserver_test.go
+++ b/lib/srv/regular/sshserver_test.go
@@ -2881,6 +2881,7 @@ func newUpack(testSvr *auth.TestServer, username string, allowedLogins []string,
 	role.SetRules(types.Allow, rules)
 	opts := role.GetOptions()
 	opts.PermitX11Forwarding = types.NewBool(true)
+	//nolint:staticcheck // this field is preserved for existing deployments, but shouldn't be used going forward
 	opts.CreateHostUser = types.NewBoolOption(true)
 	role.SetOptions(opts)
 	role.SetLogins(types.Allow, allowedLogins)
diff --git a/lib/srv/server/ec2_watcher.go b/lib/srv/server/ec2_watcher.go
index f8390b032c4d2..25f12018e0170 100644
--- a/lib/srv/server/ec2_watcher.go
+++ b/lib/srv/server/ec2_watcher.go
@@ -79,6 +79,7 @@ type EC2Instances struct {
 // discovered.
 type EC2Instance struct {
 	InstanceID       string
+	InstanceName     string
 	Tags             map[string]string
 	OriginalInstance ec2.Instance
 }
@@ -92,6 +93,9 @@ func toEC2Instance(originalInst *ec2.Instance) EC2Instance {
 	for _, tag := range originalInst.Tags {
 		if key := aws.StringValue(tag.Key); key != "" {
 			inst.Tags[key] = aws.StringValue(tag.Value)
+			if key == "Name" {
+				inst.InstanceName = aws.StringValue(tag.Value)
+			}
 		}
 	}
 	return inst
diff --git a/lib/srv/server/ec2_watcher_test.go b/lib/srv/server/ec2_watcher_test.go
index 2647a7b0f527f..8279cbbd868f1 100644
--- a/lib/srv/server/ec2_watcher_test.go
+++ b/lib/srv/server/ec2_watcher_test.go
@@ -176,10 +176,16 @@ func TestEC2Watcher(t *testing.T) {
 
 	present := ec2.Instance{
 		InstanceId: aws.String("instance-present"),
-		Tags: []*ec2.Tag{{
-			Key:   aws.String("teleport"),
-			Value: aws.String("yes"),
-		}},
+		Tags: []*ec2.Tag{
+			{
+				Key:   aws.String("teleport"),
+				Value: aws.String("yes"),
+			},
+			{
+				Key:   aws.String("Name"),
+				Value: aws.String("Present"),
+			},
+		},
 		State: &ec2.InstanceState{
 			Name: aws.String(ec2.InstanceStateNameRunning),
 		},
@@ -360,3 +366,71 @@ func TestMakeEvents(t *testing.T) {
 		})
 	}
 }
+
+func TestToEC2Instances(t *testing.T) {
+	sampleInstance := &ec2.Instance{
+		InstanceId: aws.String("instance-001"),
+		Tags: []*ec2.Tag{
+			{
+				Key:   aws.String("teleport"),
+				Value: aws.String("yes"),
+			},
+			{
+				Key:   aws.String("Name"),
+				Value: aws.String("MyInstanceName"),
+			},
+		},
+		State: &ec2.InstanceState{
+			Name: aws.String(ec2.InstanceStateNameRunning),
+		},
+	}
+
+	sampleInstanceWithoutName := &ec2.Instance{
+		InstanceId: aws.String("instance-001"),
+		Tags: []*ec2.Tag{
+			{
+				Key:   aws.String("teleport"),
+				Value: aws.String("yes"),
+			},
+		},
+		State: &ec2.InstanceState{
+			Name: aws.String(ec2.InstanceStateNameRunning),
+		},
+	}
+
+	for _, tt := range []struct {
+		name     string
+		input    []*ec2.Instance
+		expected []EC2Instance
+	}{
+		{
+			name:  "with name",
+			input: []*ec2.Instance{sampleInstance},
+			expected: []EC2Instance{{
+				InstanceID: "instance-001",
+				Tags: map[string]string{
+					"Name":     "MyInstanceName",
+					"teleport": "yes",
+				},
+				InstanceName:     "MyInstanceName",
+				OriginalInstance: *sampleInstance,
+			}},
+		},
+		{
+			name:  "without name",
+			input: []*ec2.Instance{sampleInstanceWithoutName},
+			expected: []EC2Instance{{
+				InstanceID: "instance-001",
+				Tags: map[string]string{
+					"teleport": "yes",
+				},
+				OriginalInstance: *sampleInstanceWithoutName,
+			}},
+		},
+	} {
+		t.Run(tt.name, func(t *testing.T) {
+			got := ToEC2Instances(tt.input)
+			require.Equal(t, tt.expected, got)
+		})
+	}
+}
diff --git a/lib/srv/server/gcp_watcher.go b/lib/srv/server/gcp_watcher.go
index 6b68ed0272cd9..466a85e29fe3b 100644
--- a/lib/srv/server/gcp_watcher.go
+++ b/lib/srv/server/gcp_watcher.go
@@ -91,13 +91,14 @@ func NewGCPWatcher(ctx context.Context, fetchersFn func() []Fetcher, opts ...Opt
 }
 
 // MatchersToGCPInstanceFetchers converts a list of GCP GCE Matchers into a list of GCP GCE Fetchers.
-func MatchersToGCPInstanceFetchers(matchers []types.GCPMatcher, gcpClient gcp.InstancesClient) []Fetcher {
+func MatchersToGCPInstanceFetchers(matchers []types.GCPMatcher, gcpClient gcp.InstancesClient, projectsClient gcp.ProjectsClient) []Fetcher {
 	fetchers := make([]Fetcher, 0, len(matchers))
 
 	for _, matcher := range matchers {
 		fetchers = append(fetchers, newGCPInstanceFetcher(gcpFetcherConfig{
-			Matcher:   matcher,
-			GCPClient: gcpClient,
+			Matcher:        matcher,
+			GCPClient:      gcpClient,
+			projectsClient: projectsClient,
 		}))
 	}
 
@@ -105,8 +106,9 @@ func MatchersToGCPInstanceFetchers(matchers []types.GCPMatcher, gcpClient gcp.In
 }
 
 type gcpFetcherConfig struct {
-	Matcher   types.GCPMatcher
-	GCPClient gcp.InstancesClient
+	Matcher        types.GCPMatcher
+	GCPClient      gcp.InstancesClient
+	projectsClient gcp.ProjectsClient
 }
 
 type gcpInstanceFetcher struct {
@@ -117,6 +119,7 @@ type gcpInstanceFetcher struct {
 	ServiceAccounts []string
 	Labels          types.Labels
 	Parameters      map[string]string
+	projectsClient  gcp.ProjectsClient
 }
 
 func newGCPInstanceFetcher(cfg gcpFetcherConfig) *gcpInstanceFetcher {
@@ -126,6 +129,7 @@ func newGCPInstanceFetcher(cfg gcpFetcherConfig) *gcpInstanceFetcher {
 		ProjectIDs:      cfg.Matcher.ProjectIDs,
 		ServiceAccounts: cfg.Matcher.ServiceAccounts,
 		Labels:          cfg.Matcher.GetLabels(),
+		projectsClient:  cfg.projectsClient,
 	}
 	if cfg.Matcher.Params != nil {
 		fetcher.Parameters = map[string]string{
@@ -145,7 +149,11 @@ func (*gcpInstanceFetcher) GetMatchingInstances(_ []types.Server, _ bool) ([]Ins
 func (f *gcpInstanceFetcher) GetInstances(ctx context.Context, _ bool) ([]Instances, error) {
 	// Key by project ID, then by zone.
 	instanceMap := make(map[string]map[string][]*gcpimds.Instance)
-	for _, projectID := range f.ProjectIDs {
+	projectIDs, err := f.getProjectIDs(ctx)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	for _, projectID := range projectIDs {
 		instanceMap[projectID] = make(map[string][]*gcpimds.Instance)
 		for _, zone := range f.Zones {
 			instanceMap[projectID][zone] = make([]*gcpimds.Instance, 0)
@@ -185,3 +193,23 @@ func (f *gcpInstanceFetcher) GetInstances(ctx context.Context, _ bool) ([]Instan
 
 	return instances, nil
 }
+
+// getProjectIDs returns the project ids that this fetcher is configured to query.
+// This will make an API call to list project IDs when the fetcher is configured to match "*" projectID,
+// in order to discover and query new projectID.
+// Otherwise, a list containing the fetcher's non-wildcard project is returned.
+func (f *gcpInstanceFetcher) getProjectIDs(ctx context.Context) ([]string, error) {
+	if len(f.ProjectIDs) != 1 || len(f.ProjectIDs) == 1 && f.ProjectIDs[0] != types.Wildcard {
+		return f.ProjectIDs, nil
+	}
+
+	gcpProjects, err := f.projectsClient.ListProjects(ctx)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	var projectIDs []string
+	for _, prj := range gcpProjects {
+		projectIDs = append(projectIDs, prj.ID)
+	}
+	return projectIDs, nil
+}
diff --git a/lib/srv/server/installer/autodiscover.go b/lib/srv/server/installer/autodiscover.go
index 2597c2e05cf54..756336756c0b5 100644
--- a/lib/srv/server/installer/autodiscover.go
+++ b/lib/srv/server/installer/autodiscover.go
@@ -68,7 +68,7 @@ type AutoDiscoverNodeInstallerConfig struct {
 	ProxyPublicAddr string
 
 	// TeleportPackage contains the teleport package name.
-	// Allowed values: teleport, teleport-ent
+	// Allowed values: teleport, teleport-ent, teleport-ent-fips
 	TeleportPackage string
 
 	// RepositoryChannel is the repository channel to use.
@@ -129,10 +129,14 @@ func (c *AutoDiscoverNodeInstallerConfig) checkAndSetDefaults() error {
 		return trace.BadParameter("teleport-package must be one of %+v", types.PackageNameKinds)
 	}
 
-	if c.AutoUpgrades && c.TeleportPackage != types.PackageNameEnt {
+	if c.AutoUpgrades && c.TeleportPackage == types.PackageNameOSS {
 		return trace.BadParameter("only enterprise package supports auto upgrades")
 	}
 
+	if c.AutoUpgrades && c.TeleportPackage == types.PackageNameEntFIPS {
+		return trace.BadParameter("auto upgrades are not supported in FIPS environments")
+	}
+
 	if c.autoUpgradesChannelURL == "" {
 		c.autoUpgradesChannelURL = "https://" + c.ProxyPublicAddr + "/v1/webapi/automaticupgrades/channel/default"
 	}
diff --git a/lib/srv/server/installer/autodiscover_test.go b/lib/srv/server/installer/autodiscover_test.go
index 9a4e0e20475b9..36cc15687da8c 100644
--- a/lib/srv/server/installer/autodiscover_test.go
+++ b/lib/srv/server/installer/autodiscover_test.go
@@ -131,6 +131,48 @@ func TestAutoDiscoverNode(t *testing.T) {
 		},
 	}
 
+	t.Run("check and set defaults", func(t *testing.T) {
+		t.Run("oss package is not allowed with auto upgrades", func(t *testing.T) {
+			installerConfig := &AutoDiscoverNodeInstallerConfig{
+				RepositoryChannel: "stable/rolling",
+				AutoUpgrades:      true,
+				ProxyPublicAddr:   "proxy.example.com",
+				TeleportPackage:   "teleport",
+				TokenName:         "my-token",
+				AzureClientID:     "azure-client-id",
+			}
+
+			_, err := NewAutoDiscoverNodeInstaller(installerConfig)
+			require.Error(t, err)
+		})
+		t.Run("fips package is allowed", func(t *testing.T) {
+			installerConfig := &AutoDiscoverNodeInstallerConfig{
+				RepositoryChannel: "stable/rolling",
+				AutoUpgrades:      false,
+				ProxyPublicAddr:   "proxy.example.com",
+				TeleportPackage:   "teleport-ent-fips",
+				TokenName:         "my-token",
+				AzureClientID:     "azure-client-id",
+			}
+
+			_, err := NewAutoDiscoverNodeInstaller(installerConfig)
+			require.NoError(t, err)
+		})
+		t.Run("fips is not allowed with auto upgrades", func(t *testing.T) {
+			installerConfig := &AutoDiscoverNodeInstallerConfig{
+				RepositoryChannel: "stable/rolling",
+				AutoUpgrades:      true,
+				ProxyPublicAddr:   "proxy.example.com",
+				TeleportPackage:   "teleport-ent-fips",
+				TokenName:         "my-token",
+				AzureClientID:     "azure-client-id",
+			}
+
+			_, err := NewAutoDiscoverNodeInstaller(installerConfig)
+			require.Error(t, err)
+		})
+	})
+
 	t.Run("well known distros", func(t *testing.T) {
 		for distroName, distroVersions := range wellKnownOS {
 			for distroVersion, distroConfig := range distroVersions {
diff --git a/lib/srv/server/ssm_install.go b/lib/srv/server/ssm_install.go
index b97fe8eb23dee..7d1f28a42252e 100644
--- a/lib/srv/server/ssm_install.go
+++ b/lib/srv/server/ssm_install.go
@@ -35,6 +35,7 @@ import (
 
 	"github.com/gravitational/teleport"
 	apievents "github.com/gravitational/teleport/api/types/events"
+	"github.com/gravitational/teleport/api/types/usertasks"
 	awslib "github.com/gravitational/teleport/lib/cloud/aws"
 	libevents "github.com/gravitational/teleport/lib/events"
 )
@@ -59,6 +60,16 @@ type SSMInstallationResult struct {
 	// DiscoveryConfig is the DiscoveryConfig name which originated this Run Request.
 	// Empty if using static matchers (coming from the `teleport.yaml`).
 	DiscoveryConfig string
+	// IssueType identifies the type of issue that occurred if the installation failed.
+	// These are well known identifiers that can be found at types.AutoDiscoverEC2Issue*.
+	IssueType string
+	// SSMDocumentName is the Amazon SSM Document Name used to install Teleport into the instance.
+	SSMDocumentName string
+	// InstallerScript is the Teleport Installer script name used to install Teleport into the instance.
+	InstallerScript string
+	// InstanceName is the Instance's name.
+	// Might be empty.
+	InstanceName string
 }
 
 // SSMInstaller handles running SSM commands that install Teleport on EC2 instances.
@@ -91,6 +102,16 @@ type SSMRunRequest struct {
 	DiscoveryConfig string
 }
 
+// InstallerScriptName returns the Teleport Installer script name.
+// Returns empty string if not defined.
+func (r *SSMRunRequest) InstallerScriptName() string {
+	if r == nil || r.Params == nil {
+		return ""
+	}
+
+	return r.Params[ParamScriptName]
+}
+
 // CheckAndSetDefaults ensures the emitter is present and creates a default logger if one is not provided.
 func (c *SSMInstallerConfig) checkAndSetDefaults() error {
 	if c.ReportSSMInstallationResultFunc == nil {
@@ -116,9 +137,9 @@ func NewSSMInstaller(cfg SSMInstallerConfig) (*SSMInstaller, error) {
 
 // Run executes the SSM document and then blocks until the command has completed.
 func (si *SSMInstaller) Run(ctx context.Context, req SSMRunRequest) error {
-	ids := make([]string, 0, len(req.Instances))
+	instances := make(map[string]string, len(req.Instances))
 	for _, inst := range req.Instances {
-		ids = append(ids, inst.InstanceID)
+		instances[inst.InstanceID] = inst.InstanceName
 	}
 
 	params := make(map[string][]*string)
@@ -126,8 +147,8 @@ func (si *SSMInstaller) Run(ctx context.Context, req SSMRunRequest) error {
 		params[k] = []*string{aws.String(v)}
 	}
 
-	validInstances := ids
-	instancesState, err := si.describeSSMAgentState(ctx, req, ids)
+	validInstances := instances
+	instancesState, err := si.describeSSMAgentState(ctx, req, instances)
 	switch {
 	case trace.IsAccessDenied(err):
 		// describeSSMAgentState uses `ssm:DescribeInstanceInformation` to gather all the instances information.
@@ -151,9 +172,10 @@ func (si *SSMInstaller) Run(ctx context.Context, req SSMRunRequest) error {
 		validInstances = instancesState.valid
 	}
 
+	validInstanceIDs := instanceIDsFrom(validInstances)
 	output, err := req.SSM.SendCommandWithContext(ctx, &ssm.SendCommandInput{
 		DocumentName: aws.String(req.DocumentName),
-		InstanceIds:  aws.StringSlice(validInstances),
+		InstanceIds:  aws.StringSlice(validInstanceIDs),
 		Parameters:   params,
 	})
 	if err != nil {
@@ -172,7 +194,7 @@ func (si *SSMInstaller) Run(ctx context.Context, req SSMRunRequest) error {
 		delete(params, ParamSSHDConfigPath)
 		output, err = req.SSM.SendCommandWithContext(ctx, &ssm.SendCommandInput{
 			DocumentName: aws.String(req.DocumentName),
-			InstanceIds:  aws.StringSlice(validInstances),
+			InstanceIds:  aws.StringSlice(validInstanceIDs),
 			Parameters:   params,
 		})
 		if err != nil {
@@ -182,16 +204,17 @@ func (si *SSMInstaller) Run(ctx context.Context, req SSMRunRequest) error {
 
 	g, ctx := errgroup.WithContext(ctx)
 	g.SetLimit(10)
-	for _, inst := range validInstances {
-		inst := inst
+	for instanceID, instanceName := range validInstances {
+		instanceID := instanceID
+		instanceName := instanceName
 		g.Go(func() error {
-			return trace.Wrap(si.checkCommand(ctx, req, output.Command.CommandId, &inst))
+			return trace.Wrap(si.checkCommand(ctx, req, output.Command.CommandId, &instanceID, instanceName))
 		})
 	}
 	return trace.Wrap(g.Wait())
 }
 
-func invalidSSMInstanceInstallationResult(req SSMRunRequest, instanceID, status string) *SSMInstallationResult {
+func invalidSSMInstanceInstallationResult(req SSMRunRequest, instanceID, instanceName, status, issueType string) *SSMInstallationResult {
 	return &SSMInstallationResult{
 		SSMRunEvent: &apievents.SSMRun{
 			Metadata: apievents.Metadata{
@@ -207,32 +230,39 @@ func invalidSSMInstanceInstallationResult(req SSMRunRequest, instanceID, status
 		},
 		IntegrationName: req.IntegrationName,
 		DiscoveryConfig: req.DiscoveryConfig,
+		IssueType:       issueType,
+		SSMDocumentName: req.DocumentName,
+		InstallerScript: req.InstallerScriptName(),
+		InstanceName:    instanceName,
 	}
 }
 
 func (si *SSMInstaller) emitInvalidInstanceEvents(ctx context.Context, req SSMRunRequest, instanceIDsState *instanceIDsSSMState) error {
 	var errs []error
-	for _, instanceID := range instanceIDsState.missing {
-		installationResult := invalidSSMInstanceInstallationResult(req, instanceID,
+	for instanceID, instanceName := range instanceIDsState.missing {
+		installationResult := invalidSSMInstanceInstallationResult(req, instanceID, instanceName,
 			"EC2 Instance is not registered in SSM. Make sure that the instance has AmazonSSMManagedInstanceCore policy assigned.",
+			usertasks.AutoDiscoverEC2IssueSSMInstanceNotRegistered,
 		)
 		if err := si.ReportSSMInstallationResultFunc(ctx, installationResult); err != nil {
 			errs = append(errs, trace.Wrap(err))
 		}
 	}
 
-	for _, instanceID := range instanceIDsState.connectionLost {
-		installationResult := invalidSSMInstanceInstallationResult(req, instanceID,
+	for instanceID, instanceName := range instanceIDsState.connectionLost {
+		installationResult := invalidSSMInstanceInstallationResult(req, instanceID, instanceName,
 			"SSM Agent in EC2 Instance is not connecting to SSM Service. Restart or reinstall the SSM service. See https://docs.aws.amazon.com/systems-manager/latest/userguide/ami-preinstalled-agent.html#verify-ssm-agent-status for more details.",
+			usertasks.AutoDiscoverEC2IssueSSMInstanceConnectionLost,
 		)
 		if err := si.ReportSSMInstallationResultFunc(ctx, installationResult); err != nil {
 			errs = append(errs, trace.Wrap(err))
 		}
 	}
 
-	for _, instanceID := range instanceIDsState.unsupportedOS {
-		installationResult := invalidSSMInstanceInstallationResult(req, instanceID,
+	for instanceID, instanceName := range instanceIDsState.unsupportedOS {
+		installationResult := invalidSSMInstanceInstallationResult(req, instanceID, instanceName,
 			"EC2 instance is running an unsupported Operating System. Only Linux is supported.",
+			usertasks.AutoDiscoverEC2IssueSSMInstanceUnsupportedOS,
 		)
 		if err := si.ReportSSMInstallationResultFunc(ctx, installationResult); err != nil {
 			errs = append(errs, trace.Wrap(err))
@@ -244,19 +274,33 @@ func (si *SSMInstaller) emitInvalidInstanceEvents(ctx context.Context, req SSMRu
 
 // instanceIDsSSMState contains a list of EC2 Instance IDs for a given state.
 type instanceIDsSSMState struct {
-	valid          []string
-	missing        []string
-	connectionLost []string
-	unsupportedOS  []string
+	valid          map[string]string
+	missing        map[string]string
+	connectionLost map[string]string
+	unsupportedOS  map[string]string
+}
+
+func instanceIDsFrom(m map[string]string) []string {
+	ret := make([]string, 0, len(m))
+	for k := range m {
+		ret = append(ret, k)
+	}
+	return ret
 }
 
 // describeSSMAgentState returns the instanceIDsSSMState for all the instances.
-func (si *SSMInstaller) describeSSMAgentState(ctx context.Context, req SSMRunRequest, allInstanceIDs []string) (*instanceIDsSSMState, error) {
-	ret := &instanceIDsSSMState{}
+func (si *SSMInstaller) describeSSMAgentState(ctx context.Context, req SSMRunRequest, allInstances map[string]string) (*instanceIDsSSMState, error) {
+	ret := &instanceIDsSSMState{
+		valid:          make(map[string]string),
+		missing:        make(map[string]string),
+		connectionLost: make(map[string]string),
+		unsupportedOS:  make(map[string]string),
+	}
+	instanceIDs := instanceIDsFrom(allInstances)
 
 	ssmInstancesInfo, err := req.SSM.DescribeInstanceInformationWithContext(ctx, &ssm.DescribeInstanceInformationInput{
 		Filters: []*ssm.InstanceInformationStringFilter{
-			{Key: aws.String(ssm.InstanceInformationFilterKeyInstanceIds), Values: aws.StringSlice(allInstanceIDs)},
+			{Key: aws.String(ssm.InstanceInformationFilterKeyInstanceIds), Values: aws.StringSlice(instanceIDs)},
 		},
 		MaxResults: aws.Int64(awsEC2APIChunkSize),
 	})
@@ -270,24 +314,24 @@ func (si *SSMInstaller) describeSSMAgentState(ctx context.Context, req SSMRunReq
 		instanceStateByInstanceID[aws.StringValue(instanceState.InstanceId)] = instanceState
 	}
 
-	for _, instanceID := range allInstanceIDs {
+	for instanceID, instanceName := range allInstances {
 		instanceState, found := instanceStateByInstanceID[instanceID]
 		if !found {
-			ret.missing = append(ret.missing, instanceID)
+			ret.missing[instanceID] = instanceName
 			continue
 		}
 
 		if aws.StringValue(instanceState.PingStatus) == ssm.PingStatusConnectionLost {
-			ret.connectionLost = append(ret.connectionLost, instanceID)
+			ret.connectionLost[instanceID] = instanceName
 			continue
 		}
 
 		if aws.StringValue(instanceState.PlatformType) != ssm.PlatformTypeLinux {
-			ret.unsupportedOS = append(ret.unsupportedOS, instanceID)
+			ret.unsupportedOS[instanceID] = instanceName
 			continue
 		}
 
-		ret.valid = append(ret.valid, instanceID)
+		ret.valid[instanceID] = instanceName
 	}
 
 	return ret, nil
@@ -306,7 +350,7 @@ func skipAWSWaitErr(err error) error {
 	return trace.Wrap(err)
 }
 
-func (si *SSMInstaller) checkCommand(ctx context.Context, req SSMRunRequest, commandID, instanceID *string) error {
+func (si *SSMInstaller) checkCommand(ctx context.Context, req SSMRunRequest, commandID, instanceID *string, instanceName string) error {
 	err := req.SSM.WaitUntilCommandExecutedWithContext(ctx, &ssm.GetCommandInvocationInput{
 		CommandId:  commandID,
 		InstanceId: instanceID,
@@ -350,6 +394,10 @@ func (si *SSMInstaller) checkCommand(ctx context.Context, req SSMRunRequest, com
 					SSMRunEvent:     invocationResultEvent,
 					IntegrationName: req.IntegrationName,
 					DiscoveryConfig: req.DiscoveryConfig,
+					IssueType:       usertasks.AutoDiscoverEC2IssueSSMScriptFailure,
+					SSMDocumentName: req.DocumentName,
+					InstallerScript: req.InstallerScriptName(),
+					InstanceName:    instanceName,
 				}))
 			}
 
@@ -363,6 +411,10 @@ func (si *SSMInstaller) checkCommand(ctx context.Context, req SSMRunRequest, com
 				SSMRunEvent:     stepResultEvent,
 				IntegrationName: req.IntegrationName,
 				DiscoveryConfig: req.DiscoveryConfig,
+				IssueType:       usertasks.AutoDiscoverEC2IssueSSMScriptFailure,
+				SSMDocumentName: req.DocumentName,
+				InstallerScript: req.InstallerScriptName(),
+				InstanceName:    instanceName,
 			}))
 		}
 	}
diff --git a/lib/srv/server/ssm_install_test.go b/lib/srv/server/ssm_install_test.go
index 8e5225ee3a88c..c56b286258527 100644
--- a/lib/srv/server/ssm_install_test.go
+++ b/lib/srv/server/ssm_install_test.go
@@ -102,7 +102,7 @@ func TestSSMInstaller(t *testing.T) {
 			name: "ssm run was successful",
 			req: SSMRunRequest{
 				Instances: []EC2Instance{
-					{InstanceID: "instance-id-1"},
+					{InstanceID: "instance-id-1", InstanceName: "my-instance-name"},
 				},
 				DocumentName:    document,
 				Params:          map[string]string{"token": "abcdefg"},
@@ -144,6 +144,9 @@ func TestSSMInstaller(t *testing.T) {
 					Status:        ssm.CommandStatusSuccess,
 					InvocationURL: "https://eu-central-1.console.aws.amazon.com/systems-manager/run-command/command-id-1/instance-id-1",
 				},
+				IssueType:       "ec2-ssm-script-failure",
+				SSMDocumentName: "ssmdocument",
+				InstanceName:    "my-instance-name",
 			}},
 		},
 		{
@@ -188,6 +191,8 @@ func TestSSMInstaller(t *testing.T) {
 					Status:        ssm.CommandStatusSuccess,
 					InvocationURL: "https://eu-central-1.console.aws.amazon.com/systems-manager/run-command/command-id-1/instance-id-1",
 				},
+				IssueType:       "ec2-ssm-script-failure",
+				SSMDocumentName: "ssmdocument-without-sshdConfigPath-param",
 			}},
 		},
 		{
@@ -234,6 +239,8 @@ func TestSSMInstaller(t *testing.T) {
 					StandardError:  "timeout error",
 					InvocationURL:  "https://eu-central-1.console.aws.amazon.com/systems-manager/run-command/command-id-1/instance-id-1",
 				},
+				IssueType:       "ec2-ssm-script-failure",
+				SSMDocumentName: "ssmdocument",
 			}},
 		},
 		{
@@ -284,6 +291,8 @@ func TestSSMInstaller(t *testing.T) {
 					StandardError:  "timeout error",
 					InvocationURL:  "https://eu-central-1.console.aws.amazon.com/systems-manager/run-command/command-id-1/instance-id-1",
 				},
+				IssueType:       "ec2-ssm-script-failure",
+				SSMDocumentName: "ssmdocument",
 			}},
 		},
 		{
@@ -351,6 +360,8 @@ func TestSSMInstaller(t *testing.T) {
 						Status:        ssm.CommandStatusSuccess,
 						InvocationURL: "https://eu-central-1.console.aws.amazon.com/systems-manager/run-command/command-id-1/instance-id-1",
 					},
+					IssueType:       "ec2-ssm-script-failure",
+					SSMDocumentName: "ssmdocument",
 				},
 				{
 					SSMRunEvent: &events.SSMRun{
@@ -365,6 +376,8 @@ func TestSSMInstaller(t *testing.T) {
 						ExitCode:   -1,
 						Status:     "SSM Agent in EC2 Instance is not connecting to SSM Service. Restart or reinstall the SSM service. See https://docs.aws.amazon.com/systems-manager/latest/userguide/ami-preinstalled-agent.html#verify-ssm-agent-status for more details.",
 					},
+					IssueType:       "ec2-ssm-agent-connection-lost",
+					SSMDocumentName: "ssmdocument",
 				},
 				{
 					SSMRunEvent: &events.SSMRun{
@@ -379,6 +392,8 @@ func TestSSMInstaller(t *testing.T) {
 						ExitCode:   -1,
 						Status:     "EC2 instance is running an unsupported Operating System. Only Linux is supported.",
 					},
+					IssueType:       "ec2-ssm-unsupported-os",
+					SSMDocumentName: "ssmdocument",
 				},
 				{
 					SSMRunEvent: &events.SSMRun{
@@ -393,6 +408,8 @@ func TestSSMInstaller(t *testing.T) {
 						ExitCode:   -1,
 						Status:     "EC2 Instance is not registered in SSM. Make sure that the instance has AmazonSSMManagedInstanceCore policy assigned.",
 					},
+					IssueType:       "ec2-ssm-agent-not-registered",
+					SSMDocumentName: "ssmdocument",
 				},
 			},
 		},
@@ -448,6 +465,8 @@ func TestSSMInstaller(t *testing.T) {
 					StandardOutput: "custom output",
 					InvocationURL:  "https://eu-central-1.console.aws.amazon.com/systems-manager/run-command/command-id-1/instance-id-1",
 				},
+				IssueType:       "ec2-ssm-script-failure",
+				SSMDocumentName: "ssmdocument",
 			}},
 		},
 		{
@@ -488,6 +507,8 @@ func TestSSMInstaller(t *testing.T) {
 					Status:        ssm.CommandStatusSuccess,
 					InvocationURL: "https://eu-central-1.console.aws.amazon.com/systems-manager/run-command/command-id-1/instance-id-1",
 				},
+				IssueType:       "ec2-ssm-script-failure",
+				SSMDocumentName: "ssmdocument",
 			}},
 		},
 		// todo(amk): test that incomplete commands eventually return
diff --git a/lib/srv/sess.go b/lib/srv/sess.go
index c16885dea4164..92f92c959d936 100644
--- a/lib/srv/sess.go
+++ b/lib/srv/sess.go
@@ -419,7 +419,9 @@ func (s *SessionRegistry) OpenExecSession(ctx context.Context, channel ssh.Chann
 		return trace.Wrap(err)
 	}
 
-	canStart, _, err := sess.checkIfStart()
+	sess.mu.Lock()
+	canStart, _, err := sess.checkIfStartUnderLock()
+	sess.mu.Unlock()
 	if err != nil {
 		return trace.Wrap(err)
 	}
@@ -506,7 +508,7 @@ func (s *SessionRegistry) isApprovedFileTransfer(scx *ServerContext) (bool, erro
 		sess.fileTransferReq = nil
 
 		sess.BroadcastMessage("file transfer request %s denied due to %s attempting to transfer files", req.ID, scx.Identity.TeleportUser)
-		_ = s.NotifyFileTransferRequest(req, FileTransferDenied, scx)
+		_ = s.notifyFileTransferRequestUnderLock(req, FileTransferDenied, scx)
 
 		return false, trace.AccessDenied("Teleport user does not match original requester")
 	}
@@ -539,9 +541,9 @@ const (
 	FileTransferDenied FileTransferRequestEvent = "file_transfer_request_deny"
 )
 
-// NotifyFileTransferRequest is called to notify all members of a party that a file transfer request has been created/approved/denied.
+// notifyFileTransferRequestUnderLock is called to notify all members of a party that a file transfer request has been created/approved/denied.
 // The notification is a global ssh request and requires the client to update its UI state accordingly.
-func (s *SessionRegistry) NotifyFileTransferRequest(req *FileTransferRequest, res FileTransferRequestEvent, scx *ServerContext) error {
+func (s *SessionRegistry) notifyFileTransferRequestUnderLock(req *FileTransferRequest, res FileTransferRequestEvent, scx *ServerContext) error {
 	session := scx.getSession()
 	if session == nil {
 		s.log.Debugf("Unable to notify %s, no session found in context.", res)
@@ -1080,7 +1082,7 @@ func (s *session) emitSessionJoinEvent(ctx *ServerContext) {
 
 	// Notify all members of the party that a new member has joined over the
 	// "x-teleport-event" channel.
-	for _, p := range s.parties {
+	for _, p := range s.getParties() {
 		if len(notifyPartyPayload) == 0 {
 			s.log.Warnf("No join event to send to %v", p.sconn.RemoteAddr())
 			continue
@@ -1098,10 +1100,10 @@ func (s *session) emitSessionJoinEvent(ctx *ServerContext) {
 	}
 }
 
-// emitSessionLeaveEvent emits a session leave event to both the Audit Log as
+// emitSessionLeaveEventUnderLock emits a session leave event to both the Audit Log as
 // well as sending a "x-teleport-event" global request on the SSH connection.
 // Must be called under session Lock.
-func (s *session) emitSessionLeaveEvent(ctx *ServerContext) {
+func (s *session) emitSessionLeaveEventUnderLock(ctx *ServerContext) {
 	sessionLeaveEvent := &apievents.SessionLeave{
 		Metadata: apievents.Metadata{
 			Type:        events.SessionLeaveEvent,
@@ -1295,7 +1297,9 @@ func (s *session) launch() {
 // startInteractive starts a new interactive process (or a shell) in the
 // current session.
 func (s *session) startInteractive(ctx context.Context, scx *ServerContext, p *party) error {
-	canStart, _, err := s.checkIfStart()
+	s.mu.Lock()
+	canStart, _, err := s.checkIfStartUnderLock()
+	s.mu.Unlock()
 	if err != nil {
 		return trace.Wrap(err)
 	}
@@ -1555,11 +1559,8 @@ func (s *session) startExec(ctx context.Context, channel ssh.Channel, scx *Serve
 }
 
 func (s *session) broadcastResult(r ExecResult) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-
 	payload := ssh.Marshal(struct{ C uint32 }{C: uint32(r.Code)})
-	for _, p := range s.parties {
+	for _, p := range s.getParties() {
 		if _, err := p.ch.SendRequest("exit-status", false, payload); err != nil {
 			s.log.Infof("Failed to send exit status for %v: %v", r.Command, err)
 		}
@@ -1567,7 +1568,7 @@ func (s *session) broadcastResult(r ExecResult) {
 }
 
 func (s *session) String() string {
-	return fmt.Sprintf("session(id=%v, parties=%v)", s.id, len(s.parties))
+	return fmt.Sprintf("session(id=%v, parties=%v)", s.id, len(s.getParties()))
 }
 
 // removePartyUnderLock removes the party from the in-memory map that holds all party members
@@ -1593,9 +1594,9 @@ func (s *session) removePartyUnderLock(p *party) error {
 
 	// Emit session leave event to both the Audit Log and over the
 	// "x-teleport-event" channel in the SSH connection.
-	s.emitSessionLeaveEvent(p.ctx)
+	s.emitSessionLeaveEventUnderLock(p.ctx)
 
-	canRun, policyOptions, err := s.checkIfStart()
+	canRun, policyOptions, err := s.checkIfStartUnderLock()
 	if err != nil {
 		return trace.Wrap(err)
 	}
@@ -1820,7 +1821,7 @@ func (s *session) addFileTransferRequest(params *rsession.FileTransferRequestPar
 	} else {
 		s.BroadcastMessage("User %s would like to upload %s to: %s", params.Requester, params.Filename, params.Location)
 	}
-	err = s.registry.NotifyFileTransferRequest(s.fileTransferReq, FileTransferUpdate, scx)
+	err = s.registry.notifyFileTransferRequestUnderLock(s.fileTransferReq, FileTransferUpdate, scx)
 
 	return trace.Wrap(err)
 }
@@ -1863,7 +1864,7 @@ func (s *session) approveFileTransferRequest(params *rsession.FileTransferDecisi
 	} else {
 		eventType = FileTransferUpdate
 	}
-	err = s.registry.NotifyFileTransferRequest(s.fileTransferReq, eventType, scx)
+	err = s.registry.notifyFileTransferRequestUnderLock(s.fileTransferReq, eventType, scx)
 
 	return trace.Wrap(err)
 }
@@ -1896,12 +1897,15 @@ func (s *session) denyFileTransferRequest(params *rsession.FileTransferDecisionP
 	s.fileTransferReq = nil
 
 	s.BroadcastMessage("%s denied file transfer request %s", scx.Identity.TeleportUser, req.ID)
-	err := s.registry.NotifyFileTransferRequest(req, FileTransferDenied, scx)
+	err := s.registry.notifyFileTransferRequestUnderLock(req, FileTransferDenied, scx)
 
 	return trace.Wrap(err)
 }
 
-func (s *session) checkIfStart() (bool, auth.PolicyOptions, error) {
+// checkIfStartUnderLock determines if any moderation policies associated with
+// the session are satisfied.
+// Must be called under session Lock.
+func (s *session) checkIfStartUnderLock() (bool, auth.PolicyOptions, error) {
 	var participants []auth.SessionAccessContext
 
 	for _, party := range s.parties {
@@ -1940,7 +1944,7 @@ func (s *session) addParty(p *party, mode types.SessionParticipantMode) error {
 	}
 
 	if len(s.parties) == 0 {
-		canStart, _, err := s.checkIfStart()
+		canStart, _, err := s.checkIfStartUnderLock()
 		if err != nil {
 			return trace.Wrap(err)
 		}
@@ -1993,7 +1997,7 @@ func (s *session) addParty(p *party, mode types.SessionParticipantMode) error {
 	}
 
 	if s.tracker.GetState() == types.SessionState_SessionStatePending {
-		canStart, _, err := s.checkIfStart()
+		canStart, _, err := s.checkIfStartUnderLock()
 		if err != nil {
 			return trace.Wrap(err)
 		}
diff --git a/lib/srv/usermgmt.go b/lib/srv/usermgmt.go
index 9e56042bf2e8e..efe16947bc924 100644
--- a/lib/srv/usermgmt.go
+++ b/lib/srv/usermgmt.go
@@ -70,7 +70,7 @@ func NewHostSudoers(uuid string) HostSudoers {
 	backend, err := newHostSudoersBackend(uuid)
 	switch {
 	case trace.IsNotImplemented(err):
-		slog.DebugContext(context.Background(), "Skipping host sudoers management", "error", err)
+		slog.DebugContext(context.Background(), "Skipping host sudoers management", "error", err.Error())
 		return nil
 	case err != nil: //nolint:staticcheck // linter fails on non-linux system as only linux implementation returns useful values.
 		slog.DebugContext(context.Background(), "Error making new HostSudoersBackend", "error", err)
diff --git a/lib/tbot/config/service_spiffe_svid.go b/lib/tbot/config/service_spiffe_svid.go
index 75c4f20e912c5..c72928608804d 100644
--- a/lib/tbot/config/service_spiffe_svid.go
+++ b/lib/tbot/config/service_spiffe_svid.go
@@ -94,6 +94,25 @@ var (
 	_ Initable      = &SPIFFESVIDOutput{}
 )
 
+// JWTSVID the configuration for a single JWT SVID request as part of the SPIFFE
+// SVID output.
+type JWTSVID struct {
+	// FileName is the name of the artifact/file the JWT should be written to.
+	FileName string `yaml:"file_name"`
+	// Audience is the audience of the JWT.
+	Audience string `yaml:"audience"`
+}
+
+func (o JWTSVID) CheckAndSetDefaults() error {
+	switch {
+	case o.Audience == "":
+		return trace.BadParameter("audience: should not be empty")
+	case o.FileName == "":
+		return trace.BadParameter("name: should not be empty")
+	}
+	return nil
+}
+
 // SPIFFESVIDOutput is the configuration for the SPIFFE SVID output.
 // Emulates the output of https://github.com/spiffe/spiffe-helper
 type SPIFFESVIDOutput struct {
@@ -101,6 +120,9 @@ type SPIFFESVIDOutput struct {
 	Destination                  bot.Destination `yaml:"destination"`
 	SVID                         SVIDRequest     `yaml:"svid"`
 	IncludeFederatedTrustBundles bool            `yaml:"include_federated_trust_bundles,omitempty"`
+	// JWTs is an optional list of audiences and file names to write JWT SVIDs
+	// to.
+	JWTs []JWTSVID `yaml:"jwts,omitempty"`
 }
 
 // Init initializes the destination.
@@ -121,12 +143,17 @@ func (o *SPIFFESVIDOutput) CheckAndSetDefaults() error {
 	if err := validateOutputDestination(o.Destination); err != nil {
 		return trace.Wrap(err)
 	}
+	for i, jwt := range o.JWTs {
+		if err := jwt.CheckAndSetDefaults(); err != nil {
+			return trace.Wrap(err, "validating jwts[%d]", i)
+		}
+	}
 	return nil
 }
 
 // Describe returns the file descriptions for the SPIFFE SVID output.
 func (o *SPIFFESVIDOutput) Describe() []FileDescription {
-	return []FileDescription{
+	fds := []FileDescription{
 		{
 			Name: SVIDPEMPath,
 		},
@@ -137,6 +164,10 @@ func (o *SPIFFESVIDOutput) Describe() []FileDescription {
 			Name: SVIDTrustBundlePEMPath,
 		},
 	}
+	for _, jwt := range o.JWTs {
+		fds = append(fds, FileDescription{Name: jwt.FileName})
+	}
+	return nil
 }
 
 func (o *SPIFFESVIDOutput) Type() string {
diff --git a/lib/tbot/config/service_spiffe_svid_test.go b/lib/tbot/config/service_spiffe_svid_test.go
index 6f810f1bbe464..dbf3e51273577 100644
--- a/lib/tbot/config/service_spiffe_svid_test.go
+++ b/lib/tbot/config/service_spiffe_svid_test.go
@@ -40,6 +40,16 @@ func TestSPIFFESVIDOutput_YAML(t *testing.T) {
 					},
 				},
 				IncludeFederatedTrustBundles: true,
+				JWTs: []JWTSVID{
+					{
+						Audience: "example.com",
+						FileName: "foo",
+					},
+					{
+						Audience: "2.example.com",
+						FileName: "bar",
+					},
+				},
 			},
 		},
 		{
@@ -70,8 +80,58 @@ func TestSPIFFESVIDOutput_CheckAndSetDefaults(t *testing.T) {
 							IP:  []string{"10.0.0.1"},
 						},
 					},
+					JWTs: []JWTSVID{
+						{
+							FileName: "foo",
+							Audience: "example.com",
+						},
+					},
+				}
+			},
+		},
+		{
+			name: "missing jwt name",
+			in: func() *SPIFFESVIDOutput {
+				return &SPIFFESVIDOutput{
+					Destination: memoryDestForTest(),
+					SVID: SVIDRequest{
+						Path: "/foo",
+						Hint: "hint",
+						SANS: SVIDRequestSANs{
+							DNS: []string{"example.com"},
+							IP:  []string{"10.0.0.1"},
+						},
+					},
+					JWTs: []JWTSVID{
+						{
+							Audience: "example.com",
+						},
+					},
+				}
+			},
+			wantErr: "name: should not be empty",
+		},
+		{
+			name: "missing jwt audience",
+			in: func() *SPIFFESVIDOutput {
+				return &SPIFFESVIDOutput{
+					Destination: memoryDestForTest(),
+					SVID: SVIDRequest{
+						Path: "/foo",
+						Hint: "hint",
+						SANS: SVIDRequestSANs{
+							DNS: []string{"example.com"},
+							IP:  []string{"10.0.0.1"},
+						},
+					},
+					JWTs: []JWTSVID{
+						{
+							FileName: "foo",
+						},
+					},
 				}
 			},
+			wantErr: "audience: should not be empty",
 		},
 		{
 			name: "missing destination",
diff --git a/lib/tbot/config/service_spiffe_workload_api.go b/lib/tbot/config/service_spiffe_workload_api.go
index 5c034653b740b..0a080c669a7a1 100644
--- a/lib/tbot/config/service_spiffe_workload_api.go
+++ b/lib/tbot/config/service_spiffe_workload_api.go
@@ -20,6 +20,7 @@ package config
 
 import (
 	"log/slog"
+	"time"
 
 	"github.com/gravitational/trace"
 	"gopkg.in/yaml.v3"
@@ -121,6 +122,10 @@ type SPIFFEWorkloadAPIService struct {
 	SVIDs []SVIDRequestWithRules `yaml:"svids"`
 	// Attestors is the configuration for the workload attestation process.
 	Attestors workloadattest.Config `yaml:"attestors"`
+	// JWTSVIDTTL specifies how long that JWT SVIDs issued by this SPIFFE
+	// Workload API server are valid for. If unspecified, this falls back to
+	// the globally configured default.
+	JWTSVIDTTL time.Duration `yaml:"jwt_svid_ttl,omitempty"`
 }
 
 func (s *SPIFFEWorkloadAPIService) Type() string {
diff --git a/lib/tbot/config/service_spiffe_workload_api_test.go b/lib/tbot/config/service_spiffe_workload_api_test.go
index 795cf38b00896..5ebdb04db13c0 100644
--- a/lib/tbot/config/service_spiffe_workload_api_test.go
+++ b/lib/tbot/config/service_spiffe_workload_api_test.go
@@ -20,6 +20,7 @@ package config
 
 import (
 	"testing"
+	"time"
 
 	"github.com/gravitational/teleport/lib/tbot/spiffe/workloadattest"
 )
@@ -35,7 +36,8 @@ func TestSPIFFEWorkloadAPIService_YAML(t *testing.T) {
 		{
 			name: "full",
 			in: SPIFFEWorkloadAPIService{
-				Listen: "unix:///var/run/spiffe.sock",
+				Listen:     "unix:///var/run/spiffe.sock",
+				JWTSVIDTTL: time.Minute * 5,
 				Attestors: workloadattest.Config{
 					Kubernetes: workloadattest.KubernetesAttestorConfig{
 						Enabled: true,
@@ -106,7 +108,8 @@ func TestSPIFFEWorkloadAPIService_CheckAndSetDefaults(t *testing.T) {
 			name: "valid",
 			in: func() *SPIFFEWorkloadAPIService {
 				return &SPIFFEWorkloadAPIService{
-					Listen: "unix:///var/run/spiffe.sock",
+					JWTSVIDTTL: time.Minute,
+					Listen:     "unix:///var/run/spiffe.sock",
 					SVIDs: []SVIDRequestWithRules{
 						{
 							SVIDRequest: SVIDRequest{
diff --git a/lib/tbot/config/testdata/TestSPIFFESVIDOutput_YAML/full.golden b/lib/tbot/config/testdata/TestSPIFFESVIDOutput_YAML/full.golden
index 0e72e771ebcdb..9ec11ec05704d 100644
--- a/lib/tbot/config/testdata/TestSPIFFESVIDOutput_YAML/full.golden
+++ b/lib/tbot/config/testdata/TestSPIFFESVIDOutput_YAML/full.golden
@@ -11,3 +11,8 @@ svid:
       - 10.0.0.1
       - 10.42.0.1
 include_federated_trust_bundles: true
+jwts:
+  - file_name: foo
+    audience: example.com
+  - file_name: bar
+    audience: 2.example.com
diff --git a/lib/tbot/config/testdata/TestSPIFFEWorkloadAPIService_YAML/full.golden b/lib/tbot/config/testdata/TestSPIFFEWorkloadAPIService_YAML/full.golden
index 4a7c696e887bf..9c2e871c5840e 100644
--- a/lib/tbot/config/testdata/TestSPIFFEWorkloadAPIService_YAML/full.golden
+++ b/lib/tbot/config/testdata/TestSPIFFEWorkloadAPIService_YAML/full.golden
@@ -30,3 +30,4 @@ attestors:
       ca_path: /path/to/ca.pem
       skip_verify: true
       anonymous: true
+jwt_svid_ttl: 5m0s
diff --git a/lib/tbot/service_spiffe_svid_output.go b/lib/tbot/service_spiffe_svid_output.go
index 9d26d6da5aa27..783ce148d6834 100644
--- a/lib/tbot/service_spiffe_svid_output.go
+++ b/lib/tbot/service_spiffe_svid_output.go
@@ -68,7 +68,7 @@ func (s *SPIFFESVIDOutputService) String() string {
 }
 
 func (s *SPIFFESVIDOutputService) OneShot(ctx context.Context) error {
-	res, privateKey, err := s.requestSVID(ctx)
+	res, privateKey, jwtSVIDs, err := s.requestSVID(ctx)
 	if err != nil {
 		return trace.Wrap(err, "requesting SVID")
 	}
@@ -84,7 +84,7 @@ func (s *SPIFFESVIDOutputService) OneShot(ctx context.Context) error {
 		return trace.Wrap(err, "fetching trust bundle set")
 
 	}
-	return s.render(ctx, bundleSet, res, privateKey)
+	return s.render(ctx, bundleSet, res, privateKey, jwtSVIDs)
 }
 
 func (s *SPIFFESVIDOutputService) Run(ctx context.Context) error {
@@ -96,6 +96,7 @@ func (s *SPIFFESVIDOutputService) Run(ctx context.Context) error {
 	jitter := retryutils.NewJitter()
 	var res *machineidv1pb.SignX509SVIDsResponse
 	var privateKey *rsa.PrivateKey
+	var jwtSVIDs map[string]string
 	var failures int
 	firstRun := make(chan struct{}, 1)
 	firstRun <- struct{}{}
@@ -142,14 +143,14 @@ func (s *SPIFFESVIDOutputService) Run(ctx context.Context) error {
 
 		if res == nil || privateKey == nil {
 			var err error
-			res, privateKey, err = s.requestSVID(ctx)
+			res, privateKey, jwtSVIDs, err = s.requestSVID(ctx)
 			if err != nil {
 				s.log.ErrorContext(ctx, "Failed to request SVID", "error", err)
 				failures++
 				continue
 			}
 		}
-		if err := s.render(ctx, bundleSet, res, privateKey); err != nil {
+		if err := s.render(ctx, bundleSet, res, privateKey, jwtSVIDs); err != nil {
 			s.log.ErrorContext(ctx, "Failed to render output", "error", err)
 			failures++
 			continue
@@ -160,7 +161,12 @@ func (s *SPIFFESVIDOutputService) Run(ctx context.Context) error {
 
 func (s *SPIFFESVIDOutputService) requestSVID(
 	ctx context.Context,
-) (*machineidv1pb.SignX509SVIDsResponse, *rsa.PrivateKey, error) {
+) (
+	*machineidv1pb.SignX509SVIDsResponse,
+	*rsa.PrivateKey,
+	map[string]string,
+	error,
+) {
 	ctx, span := tracer.Start(
 		ctx,
 		"SPIFFESVIDOutputService/requestSVID",
@@ -169,7 +175,7 @@ func (s *SPIFFESVIDOutputService) requestSVID(
 
 	roles, err := fetchDefaultRoles(ctx, s.botAuthClient, s.getBotIdentity())
 	if err != nil {
-		return nil, nil, trace.Wrap(err, "fetching roles")
+		return nil, nil, nil, trace.Wrap(err, "fetching roles")
 	}
 
 	id, err := generateIdentity(
@@ -181,14 +187,14 @@ func (s *SPIFFESVIDOutputService) requestSVID(
 		nil,
 	)
 	if err != nil {
-		return nil, nil, trace.Wrap(err, "generating identity")
+		return nil, nil, nil, trace.Wrap(err, "generating identity")
 	}
 	// create a client that uses the impersonated identity, so that when we
 	// fetch information, we can ensure access rights are enforced.
 	facade := identity.NewFacade(s.botCfg.FIPS, s.botCfg.Insecure, id)
 	impersonatedClient, err := clientForFacade(ctx, s.log, s.botCfg, facade, s.resolver)
 	if err != nil {
-		return nil, nil, trace.Wrap(err)
+		return nil, nil, nil, trace.Wrap(err)
 	}
 	defer impersonatedClient.Close()
 
@@ -199,9 +205,20 @@ func (s *SPIFFESVIDOutputService) requestSVID(
 		s.botCfg.CertificateTTL,
 	)
 	if err != nil {
-		return nil, nil, trace.Wrap(err)
+		return nil, nil, nil, trace.Wrap(err, "generating X509 SVID")
 	}
-	return res, privateKey, nil
+
+	jwtSvids, err := generateJWTSVIDs(
+		ctx,
+		impersonatedClient,
+		s.cfg.SVID,
+		s.cfg.JWTs,
+		s.botCfg.CertificateTTL)
+	if err != nil {
+		return nil, nil, nil, trace.Wrap(err, "generating JWT SVIDs")
+	}
+
+	return res, privateKey, jwtSvids, nil
 }
 
 func (s *SPIFFESVIDOutputService) render(
@@ -209,6 +226,7 @@ func (s *SPIFFESVIDOutputService) render(
 	bundleSet *spiffe.BundleSet,
 	res *machineidv1pb.SignX509SVIDsResponse,
 	privateKey *rsa.PrivateKey,
+	jwtSVIDs map[string]string,
 ) error {
 	ctx, span := tracer.Start(
 		ctx,
@@ -277,9 +295,65 @@ func (s *SPIFFESVIDOutputService) render(
 		return trace.Wrap(err, "writing svid trust bundle")
 	}
 
+	for fileName, jwt := range jwtSVIDs {
+		if err := s.cfg.Destination.Write(ctx, fileName, []byte(jwt)); err != nil {
+			return trace.Wrap(err, "writing JWT SVID")
+		}
+	}
+
 	return nil
 }
 
+func generateJWTSVIDs(
+	ctx context.Context,
+	clt *authclient.Client,
+	svid config.SVIDRequest,
+	reqs []config.JWTSVID,
+	ttl time.Duration,
+) (map[string]string, error) {
+	ctx, span := tracer.Start(
+		ctx,
+		"generateJWTSVIDs",
+	)
+	defer span.End()
+
+	requestedAudiences := map[string]bool{}
+	for _, jwt := range reqs {
+		requestedAudiences[jwt.Audience] = true
+	}
+
+	jwtReqs := make([]*machineidv1pb.JWTSVIDRequest, 0, len(requestedAudiences))
+	for audience := range requestedAudiences {
+		jwtReqs = append(jwtReqs, &machineidv1pb.JWTSVIDRequest{
+			Audiences:    []string{audience},
+			Ttl:          durationpb.New(ttl),
+			SpiffeIdPath: svid.Path,
+		})
+	}
+
+	if len(jwtReqs) == 0 {
+		return nil, nil
+	}
+
+	jwtRes, err := clt.WorkloadIdentityServiceClient().SignJWTSVIDs(ctx, &machineidv1pb.SignJWTSVIDsRequest{
+		Svids: jwtReqs,
+	})
+	if err != nil {
+		return nil, trace.Wrap(err, "requesting JWT SVIDs")
+	}
+
+	jwtFiles := map[string]string{}
+	for _, req := range reqs {
+		for _, jwtSVID := range jwtRes.Svids {
+			if len(jwtSVID.Audiences) == 1 && jwtSVID.Audiences[0] == req.Audience {
+				jwtFiles[req.FileName] = jwtSVID.Jwt
+				break
+			}
+		}
+	}
+	return jwtFiles, nil
+}
+
 // generateSVID generates the pre-requisites and makes a SVID generation RPC
 // call.
 func generateSVID(
diff --git a/lib/tbot/service_spiffe_workload_api.go b/lib/tbot/service_spiffe_workload_api.go
index 71e52698e542a..752994d959fbd 100644
--- a/lib/tbot/service_spiffe_workload_api.go
+++ b/lib/tbot/service_spiffe_workload_api.go
@@ -19,6 +19,7 @@
 package tbot
 
 import (
+	"cmp"
 	"context"
 	"crypto/x509"
 	"fmt"
@@ -37,6 +38,8 @@ import (
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/spiffe/go-spiffe/v2/bundle/spiffebundle"
 	workloadpb "github.com/spiffe/go-spiffe/v2/proto/spiffe/workload"
+	"github.com/spiffe/go-spiffe/v2/spiffeid"
+	"github.com/spiffe/go-spiffe/v2/svid/jwtsvid"
 	"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc"
 	"golang.org/x/sync/errgroup"
 	"google.golang.org/grpc"
@@ -44,8 +47,11 @@ import (
 	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/peer"
 	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/types/known/durationpb"
+	"google.golang.org/protobuf/types/known/structpb"
 
 	"github.com/gravitational/teleport"
+	machineidv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/machineid/v1"
 	"github.com/gravitational/teleport/lib/auth/authclient"
 	"github.com/gravitational/teleport/lib/defaults"
 	"github.com/gravitational/teleport/lib/observability/metrics"
@@ -76,8 +82,9 @@ type SPIFFEWorkloadAPIService struct {
 	trustBundleCache *spiffe.TrustBundleCache
 
 	// client holds the impersonated client for the service
-	client   *authclient.Client
-	attestor *workloadattest.Attestor
+	client           *authclient.Client
+	attestor         *workloadattest.Attestor
+	localTrustDomain spiffeid.TrustDomain
 }
 
 // setup initializes the service, performing tasks such as determining the
@@ -114,6 +121,12 @@ func (s *SPIFFEWorkloadAPIService) setup(ctx context.Context) (err error) {
 		}
 	}()
 
+	td, err := spiffeid.TrustDomainFromString(facade.Get().ClusterName)
+	if err != nil {
+		return trace.Wrap(err, "parsing trust domain name")
+	}
+	s.localTrustDomain = td
+
 	s.attestor, err = workloadattest.NewAttestor(s.log, s.cfg.Attestors)
 	if err != nil {
 		return trace.Wrap(err, "setting up workload attestation")
@@ -660,31 +673,207 @@ func (s *SPIFFEWorkloadAPIService) FetchX509Bundles(
 	}
 }
 
+const defaultJWTSVIDTTL = time.Minute * 5
+
 // FetchJWTSVID implements the SPIFFE Workload API FetchJWTSVID method.
+// See The SPIFFE Workload API (6.2.1).
 func (s *SPIFFEWorkloadAPIService) FetchJWTSVID(
 	ctx context.Context,
 	req *workloadpb.JWTSVIDRequest,
 ) (*workloadpb.JWTSVIDResponse, error) {
-	// JWT functionality currently not implemented in Teleport Workload Identity.
-	return nil, trace.NotImplemented("method not implemented")
+	log, creds, err := s.authenticateClient(ctx)
+	if err != nil {
+		return nil, trace.Wrap(err, "authenticating client")
+	}
+
+	log.InfoContext(ctx, "FetchJWTSVID request received from workload")
+	defer log.InfoContext(ctx, "FetchJWTSVID request handled")
+	if req.SpiffeId == "" {
+		log = log.With("requested_spiffe_id", req.SpiffeId)
+	}
+
+	// The SPIFFE Workload API (6.2.1):
+	// > The JWTSVIDRequest request message contains a mandatory audience field,
+	// > which MUST contain the value to embed in the audience claim of the
+	// > returned JWT-SVIDs.
+	if len(req.Audience) == 0 {
+		return nil, trace.BadParameter("audience: must have at least one value")
+	}
+
+	svidReqs := filterSVIDRequests(ctx, log, s.cfg.SVIDs, creds)
+	// The SPIFFE Workload API (6.2.1):
+	// > If the client is not authorized for any identities, or not authorized
+	// > for the specific identity requested via the spiffe_id field, then the
+	// > server SHOULD respond with the "PermissionDenied" gRPC status code.
+	if len(svidReqs) == 0 {
+		log.ErrorContext(ctx, "Workload did not pass attestation for any SVIDs")
+		return nil, status.Error(
+			codes.PermissionDenied,
+			"workload did not pass attestation for any SVIDs",
+		)
+	}
+
+	// The SPIFFE Workload API (6.2.1):
+	// > The spiffe_id field is optional, and is used to request a JWT-SVID for
+	// > a specific SPIFFE ID. If unspecified, the server MUST return JWT-SVIDs
+	// > for all identities authorized for the client.
+	if req.SpiffeId != "" {
+		requestedSPIFFEID, err := spiffeid.FromString(req.SpiffeId)
+		if err != nil {
+			return nil, trace.Wrap(err, "parsing requested SPIFFE ID")
+		}
+		if requestedSPIFFEID.TrustDomain() != s.localTrustDomain {
+			return nil, trace.BadParameter("requested SPIFFE ID is not in the local trust domain")
+		}
+		// Search through available SVIDs to find the one that matches the
+		// requested SPIFFE ID.
+		found := false
+		for _, svidReq := range svidReqs {
+			spiffeID, err := spiffeid.FromPath(s.localTrustDomain, svidReq.Path)
+			if err != nil {
+				return nil, trace.Wrap(err, "parsing SPIFFE ID from path %q", svidReq.Path)
+			}
+			if spiffeID.String() == req.SpiffeId {
+				found = true
+				svidReqs = []config.SVIDRequest{svidReq}
+				break
+			}
+		}
+		if !found {
+			log.ErrorContext(ctx, "Workload is not authorized for the specifically requested SPIFFE ID", "requested_spiffe_id", req.SpiffeId)
+			return nil, status.Error(
+				codes.PermissionDenied,
+				"workload is not authorized for requested SPIFFE ID",
+			)
+		}
+	}
+
+	// Allow users to manually override the TTL for JWT-SVIDs produced by this
+	// service.
+	ttl := cmp.Or(s.cfg.JWTSVIDTTL, defaultJWTSVIDTTL)
+
+	reqs := make([]*machineidv1pb.JWTSVIDRequest, 0, len(svidReqs))
+	for _, svidReq := range svidReqs {
+		reqs = append(reqs, &machineidv1pb.JWTSVIDRequest{
+			SpiffeIdPath: svidReq.Path,
+			Audiences:    req.Audience,
+			Ttl:          durationpb.New(ttl),
+			Hint:         svidReq.Hint,
+		})
+	}
+
+	res, err := s.client.WorkloadIdentityServiceClient().SignJWTSVIDs(ctx, &machineidv1pb.SignJWTSVIDsRequest{
+		Svids: reqs,
+	})
+	if err != nil {
+		return nil, trace.Wrap(err, "requesting signed JWT-SVIDs from Teleport")
+	}
+
+	out := &workloadpb.JWTSVIDResponse{}
+	for _, resSVID := range res.Svids {
+		out.Svids = append(out.Svids, &workloadpb.JWTSVID{
+			SpiffeId: resSVID.SpiffeId,
+			Svid:     resSVID.Jwt,
+			Hint:     resSVID.Hint,
+		})
+		log.InfoContext(ctx,
+			"Issued SVID for workload",
+			slog.Group("svid",
+				"type", "jwt",
+				"spiffe_id", resSVID.SpiffeId,
+				"jti", resSVID.Jti,
+				"hint", resSVID.Hint,
+				"audiences", resSVID.Audiences,
+			),
+		)
+	}
+
+	return out, nil
 }
 
 // FetchJWTBundles implements the SPIFFE Workload API FetchJWTBundles method.
+// See The SPIFFE Workload API (6.2.2).
 func (s *SPIFFEWorkloadAPIService) FetchJWTBundles(
-	req *workloadpb.JWTBundlesRequest,
+	_ *workloadpb.JWTBundlesRequest,
 	srv workloadpb.SpiffeWorkloadAPI_FetchJWTBundlesServer,
 ) error {
-	// JWT functionality currently not implemented in Teleport Workload Identity.
-	return trace.NotImplemented("method not implemented")
+	ctx := srv.Context()
+	s.log.InfoContext(ctx, "FetchJWTBundles stream started by workload")
+	defer s.log.InfoContext(ctx, "FetchJWTBundles stream ended")
+
+	for {
+		bundleSet, err := s.trustBundleCache.GetBundleSet(ctx)
+		if err != nil {
+			return trace.Wrap(err)
+		}
+
+		s.log.InfoContext(ctx, "Sending JWT trust bundles to workload")
+
+		// The SPIFFE Workload API (6.2.2):
+		// > The returned bundles are encoded as a standard JWK Set as defined
+		// > by RFC 7517 containing the JWT-SVID signing keys for the trust
+		// > domain. These keys may only represent a subset of the keys present
+		// > in the SPIFFE trust bundle for the trust domain. The server MUST
+		// > NOT include keys with other uses in the returned JWT bundles.
+		bundles, err := bundleSet.MarshaledJWKSBundles(true)
+		if err != nil {
+			return trace.Wrap(err, "marshaling bundles as JWKS")
+		}
+		err = srv.Send(&workloadpb.JWTBundlesResponse{
+			Bundles: bundles,
+		})
+		if err != nil {
+			return trace.Wrap(err)
+		}
+
+		select {
+		case <-ctx.Done():
+			return nil
+		case <-bundleSet.Stale():
+		}
+	}
 }
 
 // ValidateJWTSVID implements the SPIFFE Workload API ValidateJWTSVID method.
+// See The SPIFFE Workload API (6.2.3).
 func (s *SPIFFEWorkloadAPIService) ValidateJWTSVID(
 	ctx context.Context,
 	req *workloadpb.ValidateJWTSVIDRequest,
 ) (*workloadpb.ValidateJWTSVIDResponse, error) {
-	// JWT functionality currently not implemented in Teleport Workload Identity.
-	return nil, trace.NotImplemented("method not implemented")
+	s.log.InfoContext(ctx, "ValidateJWTSVID request received from workload")
+	defer s.log.InfoContext(ctx, "ValidateJWTSVID request handled")
+
+	// The SPIFFE Workload API (6.2.3):
+	// > All fields in the ValidateJWTSVIDRequest and ValidateJWTSVIDResponse
+	// > message are mandatory.
+	switch {
+	case req.Audience == "":
+		return nil, trace.BadParameter("audience: must be set")
+	case req.Svid == "":
+		return nil, trace.BadParameter("svid: must be set")
+	}
+
+	bundleSet, err := s.trustBundleCache.GetBundleSet(ctx)
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+
+	svid, err := jwtsvid.ParseAndValidate(
+		req.Svid, bundleSet, []string{req.Audience},
+	)
+	if err != nil {
+		return nil, trace.Wrap(err, "validating JWT SVID")
+	}
+
+	claims, err := structpb.NewStruct(svid.Claims)
+	if err != nil {
+		return nil, trace.Wrap(err, "marshaling claims")
+	}
+
+	return &workloadpb.ValidateJWTSVIDResponse{
+		SpiffeId: svid.ID.String(),
+		Claims:   claims,
+	}, nil
 }
 
 // String returns a human-readable string that can uniquely identify the
diff --git a/lib/tbot/service_spiffe_workload_api_test.go b/lib/tbot/service_spiffe_workload_api_test.go
index 3a331a1a1f06d..f0117cd181b14 100644
--- a/lib/tbot/service_spiffe_workload_api_test.go
+++ b/lib/tbot/service_spiffe_workload_api_test.go
@@ -20,14 +20,25 @@ package tbot
 
 import (
 	"context"
+	"net"
+	"os"
+	"path"
+	"sync"
 	"testing"
+	"time"
 
 	gocmp "github.com/google/go-cmp/cmp"
+	"github.com/spiffe/go-spiffe/v2/spiffeid"
+	"github.com/spiffe/go-spiffe/v2/svid/jwtsvid"
+	"github.com/spiffe/go-spiffe/v2/workloadapi"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 
+	"github.com/gravitational/teleport/api/types"
 	"github.com/gravitational/teleport/lib/tbot/config"
 	"github.com/gravitational/teleport/lib/tbot/spiffe/workloadattest"
 	"github.com/gravitational/teleport/lib/utils"
+	"github.com/gravitational/teleport/tool/teleport/testenv"
 )
 
 func ptr[T any](v T) *T {
@@ -423,3 +434,194 @@ func TestSPIFFEWorkloadAPIService_filterSVIDRequests_field(t *testing.T) {
 		})
 	}
 }
+
+// TestBotSPIFFEWorkloadAPI is an end-to-end test of Workload ID's ability to
+// issue a SPIFFE SVID to a workload connecting via the SPIFFE Workload API.
+func TestBotSPIFFEWorkloadAPI(t *testing.T) {
+	t.Parallel()
+	ctx := context.Background()
+	log := utils.NewSlogLoggerForTests()
+
+	// Make a new auth server.
+	process := testenv.MakeTestServer(t, defaultTestServerOpts(t, log))
+	rootClient := testenv.MakeDefaultAuthClient(t, process)
+
+	// Create a role that allows the bot to issue a SPIFFE SVID.
+	role, err := types.NewRole("spiffe-issuer", types.RoleSpecV6{
+		Allow: types.RoleConditions{
+			SPIFFE: []*types.SPIFFERoleCondition{
+				{
+					Path: "/*",
+					DNSSANs: []string{
+						"*",
+					},
+					IPSANs: []string{
+						"0.0.0.0/0",
+					},
+				},
+			},
+		},
+	})
+	require.NoError(t, err)
+	role, err = rootClient.UpsertRole(ctx, role)
+	require.NoError(t, err)
+
+	pid := os.Getpid()
+
+	tempDir := t.TempDir()
+	socketPath := "unix://" + path.Join(tempDir, "spiffe.sock")
+	onboarding, _ := makeBot(t, rootClient, "test", role.GetName())
+	botConfig := defaultBotConfig(
+		t, process, onboarding, config.ServiceConfigs{
+			&config.SPIFFEWorkloadAPIService{
+				Listen: socketPath,
+				SVIDs: []config.SVIDRequestWithRules{
+					// Intentionally unmatching PID to ensure this SVID
+					// is not issued.
+					{
+						SVIDRequest: config.SVIDRequest{
+							Path: "/bar",
+						},
+						Rules: []config.SVIDRequestRule{
+							{
+								Unix: config.SVIDRequestRuleUnix{
+									PID: ptr(0),
+								},
+							},
+						},
+					},
+					// SVID with rule that matches on PID.
+					{
+						SVIDRequest: config.SVIDRequest{
+							Path: "/foo",
+							Hint: "hint",
+							SANS: config.SVIDRequestSANs{
+								DNS: []string{"example.com"},
+								IP:  []string{"10.0.0.1"},
+							},
+						},
+						Rules: []config.SVIDRequestRule{
+							{
+								Unix: config.SVIDRequestRuleUnix{
+									PID: &pid,
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		defaultBotConfigOpts{
+			useAuthServer: true,
+			insecure:      true,
+		},
+	)
+	botConfig.Oneshot = false
+	b := New(botConfig, log)
+
+	// Spin up goroutine for bot to run in
+	botCtx, cancelBot := context.WithCancel(ctx)
+	wg := sync.WaitGroup{}
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+		err := b.Run(botCtx)
+		assert.NoError(t, err, "bot should not exit with error")
+		cancelBot()
+	}()
+	t.Cleanup(func() {
+		// Shut down bot and make sure it exits.
+		cancelBot()
+		wg.Wait()
+	})
+
+	t.Run("X509", func(t *testing.T) {
+		t.Parallel()
+
+		// This has a little flexibility internally in terms of waiting for the
+		// socket to come up, so we don't need a manual sleep/retry here.
+		source, err := workloadapi.NewX509Source(
+			ctx,
+			workloadapi.WithClientOptions(workloadapi.WithAddr(socketPath)),
+		)
+		require.NoError(t, err)
+		defer source.Close()
+
+		svid, err := source.GetX509SVID()
+		require.NoError(t, err)
+
+		// SVID has successfully been issued. We can now assert that it's correct.
+		require.Equal(t, "spiffe://root/foo", svid.ID.String())
+		cert := svid.Certificates[0]
+		require.Equal(t, "spiffe://root/foo", cert.URIs[0].String())
+		require.True(t, net.IPv4(10, 0, 0, 1).Equal(cert.IPAddresses[0]))
+		require.Equal(t, []string{"example.com"}, cert.DNSNames)
+		require.WithinRange(
+			t,
+			cert.NotAfter,
+			cert.NotBefore.Add(time.Hour-time.Minute),
+			cert.NotBefore.Add(time.Hour+time.Minute),
+		)
+	})
+
+	t.Run("JWT", func(t *testing.T) {
+		t.Parallel()
+
+		source, err := workloadapi.NewJWTSource(
+			ctx,
+			workloadapi.WithClientOptions(workloadapi.WithAddr(socketPath)),
+		)
+		require.NoError(t, err)
+		defer source.Close()
+
+		validateSVID := func(
+			t *testing.T,
+			svid *jwtsvid.SVID,
+			wantAudience string,
+		) {
+			t.Helper()
+			// First, check the response fields
+			require.Equal(t, "spiffe://root/foo", svid.ID.String())
+			require.Equal(t, "hint", svid.Hint)
+
+			// Validate "locally" that the SVID is correct.
+			validatedSVID, err := jwtsvid.ParseAndValidate(
+				svid.Marshal(),
+				source,
+				[]string{wantAudience},
+			)
+			require.NoError(t, err)
+			require.Equal(t, svid.Claims, validatedSVID.Claims)
+			require.Equal(t, svid.ID, validatedSVID.ID)
+
+			// Validate "remotely" that the SVID is correct using the Workload
+			// API.
+			validatedSVID, err = workloadapi.ValidateJWTSVID(
+				ctx,
+				svid.Marshal(),
+				wantAudience,
+				workloadapi.WithAddr(socketPath),
+			)
+			require.NoError(t, err)
+			require.Equal(t, svid.Claims, validatedSVID.Claims)
+			require.Equal(t, svid.ID, validatedSVID.ID)
+		}
+
+		svids, err := source.FetchJWTSVIDs(ctx, jwtsvid.Params{
+			Audience:       "example.com",
+			ExtraAudiences: []string{"2.example.com"},
+			Subject:        spiffeid.RequireFromString("spiffe://root/foo"),
+		})
+		require.NoError(t, err)
+		require.Len(t, svids, 1)
+		validateSVID(t, svids[0], "2.example.com")
+
+		// Try again with no specified subject (e.g receive all)
+		svids, err = source.FetchJWTSVIDs(ctx, jwtsvid.Params{
+			Audience: "example.com",
+		})
+		require.NoError(t, err)
+		require.Len(t, svids, 1)
+		validateSVID(t, svids[0], "example.com")
+	})
+}
diff --git a/lib/tbot/spiffe/trust_bundle_cache.go b/lib/tbot/spiffe/trust_bundle_cache.go
index 75ffe51d0d05d..7ccfdb31044a2 100644
--- a/lib/tbot/spiffe/trust_bundle_cache.go
+++ b/lib/tbot/spiffe/trust_bundle_cache.go
@@ -30,6 +30,7 @@ import (
 	"time"
 
 	"github.com/gravitational/trace"
+	"github.com/spiffe/go-spiffe/v2/bundle/jwtbundle"
 	"github.com/spiffe/go-spiffe/v2/bundle/spiffebundle"
 	"github.com/spiffe/go-spiffe/v2/bundle/x509bundle"
 	"github.com/spiffe/go-spiffe/v2/spiffeid"
@@ -120,6 +121,44 @@ func (b *BundleSet) EncodedX509Bundles(includeLocal bool) map[string][]byte {
 	return bundles
 }
 
+// MarshaledJWKSBundles returns a map of trust domain names to their JWT-SVID
+// signing keys encoded in the RFC 7517 JWKS format. If includeLocal is true,
+// the local trust domain will be included in the output.
+func (b *BundleSet) MarshaledJWKSBundles(includeLocal bool) (map[string][]byte, error) {
+	bundles := make(map[string][]byte)
+	if includeLocal {
+		marshaled, err := b.Local.JWTBundle().Marshal()
+		if err != nil {
+			return nil, trace.Wrap(err, "marshaling local trust bundle")
+		}
+		bundles[b.Local.TrustDomain().IDString()] = marshaled
+	}
+	for _, v := range b.Federated {
+		marshaled, err := v.JWTBundle().Marshal()
+		if err != nil {
+			return nil, trace.Wrap(
+				err,
+				"marshaling federated trust bundle (%s)",
+				v.TrustDomain().Name(),
+			)
+		}
+		bundles[v.TrustDomain().IDString()] = marshaled
+	}
+	return bundles, nil
+}
+
+// GetJWTBundleForTrustDomain returns the JWT bundle for the given trust domain.
+// Implements the jwtbundle.Source interface.
+func (b *BundleSet) GetJWTBundleForTrustDomain(trustDomain spiffeid.TrustDomain) (*jwtbundle.Bundle, error) {
+	if trustDomain.Name() == b.Local.TrustDomain().Name() {
+		return b.Local.JWTBundle(), nil
+	}
+	if bundle, ok := b.Federated[trustDomain.Name()]; ok {
+		return bundle.JWTBundle(), nil
+	}
+	return nil, trace.NotFound("trust domain %q not found", trustDomain.Name())
+}
+
 type eventsWatcher interface {
 	NewWatcher(ctx context.Context, watch types.Watch) (types.Watcher, error)
 }
diff --git a/lib/tbot/tbot_test.go b/lib/tbot/tbot_test.go
index 1b6faa4cb7972..2a14bf3e0cf95 100644
--- a/lib/tbot/tbot_test.go
+++ b/lib/tbot/tbot_test.go
@@ -35,7 +35,6 @@ import (
 	"time"
 
 	"github.com/jackc/pgconn"
-	"github.com/spiffe/go-spiffe/v2/workloadapi"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/crypto/ssh"
@@ -720,132 +719,6 @@ func newMockDiscoveredKubeCluster(t *testing.T, name, discoveredName string) *ty
 	return kubeCluster
 }
 
-// TestBotSPIFFEWorkloadAPI is an end-to-end test of Workload ID's ability to
-// issue a SPIFFE SVID to a workload connecting via the SPIFFE Workload API.
-func TestBotSPIFFEWorkloadAPI(t *testing.T) {
-	t.Parallel()
-	ctx := context.Background()
-	log := utils.NewSlogLoggerForTests()
-
-	// Make a new auth server.
-	process := testenv.MakeTestServer(t, defaultTestServerOpts(t, log))
-	rootClient := testenv.MakeDefaultAuthClient(t, process)
-
-	// Create a role that allows the bot to issue a SPIFFE SVID.
-	role, err := types.NewRole("spiffe-issuer", types.RoleSpecV6{
-		Allow: types.RoleConditions{
-			SPIFFE: []*types.SPIFFERoleCondition{
-				{
-					Path: "/*",
-					DNSSANs: []string{
-						"*",
-					},
-					IPSANs: []string{
-						"0.0.0.0/0",
-					},
-				},
-			},
-		},
-	})
-	require.NoError(t, err)
-	role, err = rootClient.UpsertRole(ctx, role)
-	require.NoError(t, err)
-
-	pid := os.Getpid()
-
-	tempDir := t.TempDir()
-	socketPath := "unix://" + path.Join(tempDir, "spiffe.sock")
-	onboarding, _ := makeBot(t, rootClient, "test", role.GetName())
-	botConfig := defaultBotConfig(
-		t, process, onboarding, config.ServiceConfigs{
-			&config.SPIFFEWorkloadAPIService{
-				Listen: socketPath,
-				SVIDs: []config.SVIDRequestWithRules{
-					// Intentionally unmatching PID to ensure this SVID
-					// is not issued.
-					{
-						SVIDRequest: config.SVIDRequest{
-							Path: "/bar",
-						},
-						Rules: []config.SVIDRequestRule{
-							{
-								Unix: config.SVIDRequestRuleUnix{
-									PID: ptr(0),
-								},
-							},
-						},
-					},
-					// SVID with rule that matches on PID.
-					{
-						SVIDRequest: config.SVIDRequest{
-							Path: "/foo",
-							Hint: "hint",
-							SANS: config.SVIDRequestSANs{
-								DNS: []string{"example.com"},
-								IP:  []string{"10.0.0.1"},
-							},
-						},
-						Rules: []config.SVIDRequestRule{
-							{
-								Unix: config.SVIDRequestRuleUnix{
-									PID: &pid,
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		defaultBotConfigOpts{
-			useAuthServer: true,
-			insecure:      true,
-		},
-	)
-	botConfig.Oneshot = false
-	b := New(botConfig, log)
-
-	// Spin up goroutine for bot to run in
-	botCtx, cancelBot := context.WithCancel(ctx)
-	wg := sync.WaitGroup{}
-	wg.Add(1)
-	go func() {
-		defer wg.Done()
-		err := b.Run(botCtx)
-		assert.NoError(t, err, "bot should not exit with error")
-		cancelBot()
-	}()
-	t.Cleanup(func() {
-		// Shut down bot and make sure it exits.
-		cancelBot()
-		wg.Wait()
-	})
-
-	// This has a little flexibility internally in terms of waiting for the
-	// socket to come up, so we don't need a manual sleep/retry here.
-	source, err := workloadapi.NewX509Source(
-		ctx,
-		workloadapi.WithClientOptions(workloadapi.WithAddr(socketPath)),
-	)
-	require.NoError(t, err)
-	defer source.Close()
-
-	svid, err := source.GetX509SVID()
-	require.NoError(t, err)
-
-	// SVID has successfully been issued. We can now assert that it's correct.
-	require.Equal(t, "spiffe://root/foo", svid.ID.String())
-	cert := svid.Certificates[0]
-	require.Equal(t, "spiffe://root/foo", cert.URIs[0].String())
-	require.True(t, net.IPv4(10, 0, 0, 1).Equal(cert.IPAddresses[0]))
-	require.Equal(t, []string{"example.com"}, cert.DNSNames)
-	require.WithinRange(
-		t,
-		cert.NotAfter,
-		cert.NotBefore.Add(time.Hour-time.Minute),
-		cert.NotBefore.Add(time.Hour+time.Minute),
-	)
-}
-
 func TestBotDatabaseTunnel(t *testing.T) {
 	t.Parallel()
 	ctx := context.Background()
diff --git a/lib/teleterm/clusters/cluster_apps.go b/lib/teleterm/clusters/cluster_apps.go
index 3512a3dbf05f0..8cff401277ed0 100644
--- a/lib/teleterm/clusters/cluster_apps.go
+++ b/lib/teleterm/clusters/cluster_apps.go
@@ -26,7 +26,6 @@ import (
 	apiclient "github.com/gravitational/teleport/api/client"
 	"github.com/gravitational/teleport/api/client/proto"
 	"github.com/gravitational/teleport/api/defaults"
-	"github.com/gravitational/teleport/api/mfa"
 	"github.com/gravitational/teleport/api/types"
 	api "github.com/gravitational/teleport/gen/proto/go/teleport/lib/teleterm/v1"
 	"github.com/gravitational/teleport/lib/auth/authclient"
@@ -189,7 +188,7 @@ func (c *Cluster) ReissueAppCert(ctx context.Context, clusterClient *client.Clus
 		AccessRequests: c.status.ActiveRequests.AccessRequests,
 		RequesterName:  proto.UserCertsRequest_TSH_APP_LOCAL_PROXY,
 		TTL:            c.clusterClient.KeyTTL,
-	}, c.clusterClient.NewMFAPrompt(mfa.WithPromptReasonSessionMFA("application", routeToApp.Name)))
+	})
 	if err != nil {
 		return tls.Certificate{}, trace.Wrap(err)
 	}
diff --git a/lib/teleterm/clusters/cluster_auth.go b/lib/teleterm/clusters/cluster_auth.go
index 16793f715a4e4..2086117a6ef99 100644
--- a/lib/teleterm/clusters/cluster_auth.go
+++ b/lib/teleterm/clusters/cluster_auth.go
@@ -223,19 +223,16 @@ func (c *Cluster) login(ctx context.Context, sshLoginFunc client.SSHLoginFunc) e
 
 func (c *Cluster) localMFALogin(user, password string) client.SSHLoginFunc {
 	return func(ctx context.Context, priv *keys.PrivateKey) (*authclient.SSHLoginResponse, error) {
+		sshLogin, err := c.clusterClient.NewSSHLogin(priv)
+		if err != nil {
+			return nil, trace.Wrap(err)
+		}
+
 		response, err := client.SSHAgentMFALogin(ctx, client.SSHLoginMFA{
-			SSHLogin: client.SSHLogin{
-				ProxyAddr:         c.clusterClient.WebProxyAddr,
-				PubKey:            priv.MarshalSSHPublicKey(),
-				TTL:               c.clusterClient.KeyTTL,
-				Insecure:          c.clusterClient.InsecureSkipVerify,
-				Compatibility:     c.clusterClient.CertificateFormat,
-				RouteToCluster:    c.clusterClient.SiteName,
-				KubernetesCluster: c.clusterClient.KubernetesCluster,
-			},
-			User:      user,
-			Password:  password,
-			PromptMFA: c.clusterClient.NewMFAPrompt(),
+			SSHLogin:             sshLogin,
+			User:                 user,
+			Password:             password,
+			MFAPromptConstructor: c.clusterClient.NewMFAPrompt,
 		})
 		if err != nil {
 			return nil, trace.Wrap(err)
@@ -246,15 +243,13 @@ func (c *Cluster) localMFALogin(user, password string) client.SSHLoginFunc {
 
 func (c *Cluster) localLogin(user, password, otpToken string) client.SSHLoginFunc {
 	return func(ctx context.Context, priv *keys.PrivateKey) (*authclient.SSHLoginResponse, error) {
+		sshLogin, err := c.clusterClient.NewSSHLogin(priv)
+		if err != nil {
+			return nil, trace.Wrap(err)
+		}
+
 		response, err := client.SSHAgentLogin(ctx, client.SSHLoginDirect{
-			SSHLogin: client.SSHLogin{
-				ProxyAddr:         c.clusterClient.WebProxyAddr,
-				PubKey:            priv.MarshalSSHPublicKey(),
-				TTL:               c.clusterClient.KeyTTL,
-				Insecure:          c.clusterClient.InsecureSkipVerify,
-				Compatibility:     c.clusterClient.CertificateFormat,
-				KubernetesCluster: c.clusterClient.KubernetesCluster,
-			},
+			SSHLogin: sshLogin,
 			User:     user,
 			Password: password,
 			OTPToken: otpToken,
@@ -267,40 +262,18 @@ func (c *Cluster) localLogin(user, password, otpToken string) client.SSHLoginFun
 }
 
 func (c *Cluster) ssoLogin(providerType, providerName string) client.SSHLoginFunc {
+	return c.clusterClient.SSOLoginFn(providerName, providerName, providerType)
+}
+
+func (c *Cluster) passwordlessLogin(stream api.TerminalService_LoginPasswordlessServer) client.SSHLoginFunc {
 	return func(ctx context.Context, priv *keys.PrivateKey) (*authclient.SSHLoginResponse, error) {
-		response, err := client.SSHAgentSSOLogin(ctx, client.SSHLoginSSO{
-			SSHLogin: client.SSHLogin{
-				ProxyAddr:         c.clusterClient.WebProxyAddr,
-				PubKey:            priv.MarshalSSHPublicKey(),
-				TTL:               c.clusterClient.KeyTTL,
-				Insecure:          c.clusterClient.InsecureSkipVerify,
-				Compatibility:     c.clusterClient.CertificateFormat,
-				KubernetesCluster: c.clusterClient.KubernetesCluster,
-			},
-			ConnectorID: providerName,
-			Protocol:    providerType,
-			BindAddr:    c.clusterClient.BindAddr,
-			Browser:     c.clusterClient.Browser,
-		}, nil)
+		sshLogin, err := c.clusterClient.NewSSHLogin(priv)
 		if err != nil {
 			return nil, trace.Wrap(err)
 		}
-		return response, nil
-	}
-}
 
-func (c *Cluster) passwordlessLogin(stream api.TerminalService_LoginPasswordlessServer) client.SSHLoginFunc {
-	return func(ctx context.Context, priv *keys.PrivateKey) (*authclient.SSHLoginResponse, error) {
 		response, err := client.SSHAgentPasswordlessLogin(ctx, client.SSHLoginPasswordless{
-			SSHLogin: client.SSHLogin{
-				ProxyAddr:         c.clusterClient.WebProxyAddr,
-				PubKey:            priv.MarshalSSHPublicKey(),
-				TTL:               c.clusterClient.KeyTTL,
-				Insecure:          c.clusterClient.InsecureSkipVerify,
-				Compatibility:     c.clusterClient.CertificateFormat,
-				RouteToCluster:    c.clusterClient.SiteName,
-				KubernetesCluster: c.clusterClient.KubernetesCluster,
-			},
+			SSHLogin:                sshLogin,
 			AuthenticatorAttachment: c.clusterClient.AuthenticatorAttachment,
 			CustomPrompt:            newPwdlessLoginPrompt(ctx, c.Log, stream),
 			WebauthnLogin:           c.clusterClient.WebauthnLogin,
diff --git a/lib/teleterm/clusters/cluster_databases.go b/lib/teleterm/clusters/cluster_databases.go
index ed65f859ca6ed..d4f792bb08f13 100644
--- a/lib/teleterm/clusters/cluster_databases.go
+++ b/lib/teleterm/clusters/cluster_databases.go
@@ -28,7 +28,6 @@ import (
 	apiclient "github.com/gravitational/teleport/api/client"
 	"github.com/gravitational/teleport/api/client/proto"
 	"github.com/gravitational/teleport/api/defaults"
-	"github.com/gravitational/teleport/api/mfa"
 	"github.com/gravitational/teleport/api/types"
 	api "github.com/gravitational/teleport/gen/proto/go/teleport/lib/teleterm/v1"
 	"github.com/gravitational/teleport/lib/auth/authclient"
@@ -142,7 +141,7 @@ func (c *Cluster) reissueDBCerts(ctx context.Context, clusterClient *client.Clus
 		AccessRequests: c.status.ActiveRequests.AccessRequests,
 		RequesterName:  proto.UserCertsRequest_TSH_DB_LOCAL_PROXY_TUNNEL,
 		TTL:            c.clusterClient.KeyTTL,
-	}, c.clusterClient.NewMFAPrompt(mfa.WithPromptReasonSessionMFA("database", routeToDatabase.ServiceName)))
+	})
 	if err != nil {
 		return tls.Certificate{}, trace.Wrap(err)
 	}
diff --git a/lib/teleterm/clusters/cluster_headless.go b/lib/teleterm/clusters/cluster_headless.go
index 3313616551f49..a714810480c60 100644
--- a/lib/teleterm/clusters/cluster_headless.go
+++ b/lib/teleterm/clusters/cluster_headless.go
@@ -72,11 +72,9 @@ func (c *Cluster) UpdateHeadlessAuthenticationState(ctx context.Context, rootAut
 	err := AddMetadataToRetryableError(ctx, func() error {
 		// If changing state to approved, create an MFA challenge and prompt for MFA.
 		var mfaResponse *proto.MFAAuthenticateResponse
+		var err error
 		if state == types.HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_APPROVED {
-			chall, err := rootAuthClient.CreateAuthenticateChallenge(ctx, &proto.CreateAuthenticateChallengeRequest{
-				Request: &proto.CreateAuthenticateChallengeRequest_ContextUser{
-					ContextUser: &proto.ContextUser{},
-				},
+			mfaResponse, err = c.clusterClient.NewMFACeremony().Run(ctx, &proto.CreateAuthenticateChallengeRequest{
 				ChallengeExtensions: &mfav1.ChallengeExtensions{
 					Scope: mfav1.ChallengeScope_CHALLENGE_SCOPE_HEADLESS_LOGIN,
 				},
@@ -84,14 +82,9 @@ func (c *Cluster) UpdateHeadlessAuthenticationState(ctx context.Context, rootAut
 			if err != nil {
 				return trace.Wrap(err)
 			}
-
-			mfaResponse, err = c.clusterClient.PromptMFA(ctx, chall)
-			if err != nil {
-				return trace.Wrap(err)
-			}
 		}
 
-		err := rootAuthClient.UpdateHeadlessAuthenticationState(ctx, headlessID, state, mfaResponse)
+		err = rootAuthClient.UpdateHeadlessAuthenticationState(ctx, headlessID, state, mfaResponse)
 		return trace.Wrap(err)
 	})
 	return trace.Wrap(err)
diff --git a/lib/teleterm/clusters/cluster_kubes.go b/lib/teleterm/clusters/cluster_kubes.go
index d18a3bd7db65d..ab654398dad62 100644
--- a/lib/teleterm/clusters/cluster_kubes.go
+++ b/lib/teleterm/clusters/cluster_kubes.go
@@ -28,7 +28,6 @@ import (
 	apiclient "github.com/gravitational/teleport/api/client"
 	"github.com/gravitational/teleport/api/client/proto"
 	"github.com/gravitational/teleport/api/defaults"
-	"github.com/gravitational/teleport/api/mfa"
 	"github.com/gravitational/teleport/api/types"
 	api "github.com/gravitational/teleport/gen/proto/go/teleport/lib/teleterm/v1"
 	"github.com/gravitational/teleport/lib/auth/authclient"
@@ -118,7 +117,6 @@ func (c *Cluster) reissueKubeCert(ctx context.Context, clusterClient *client.Clu
 			RequesterName:     proto.UserCertsRequest_TSH_KUBE_LOCAL_PROXY,
 			TTL:               c.clusterClient.KeyTTL,
 		},
-		c.clusterClient.NewMFAPrompt(mfa.WithPromptReasonSessionMFA("Kubernetes cluster", kubeCluster)),
 	)
 	if err != nil {
 		return tls.Certificate{}, trace.Wrap(err)
diff --git a/lib/tpm/tpm.go b/lib/tpm/tpm.go
index b720df596a822..6175efdedb018 100644
--- a/lib/tpm/tpm.go
+++ b/lib/tpm/tpm.go
@@ -125,6 +125,11 @@ func QueryWithTPM(
 	if err != nil {
 		return nil, trace.Wrap(err, "querying EKs")
 	}
+	// Be a good citizen and check the slice bounds. This is not expected to
+	// happen.
+	if len(eks) == 0 {
+		return nil, trace.BadParameter("no endorsement keys found in tpm")
+	}
 
 	// The first EK returned by `go-attestation` will be an RSA based EK key or
 	// EK cert. On Windows, ECC certs may also be returned following this. At
diff --git a/lib/usagereporter/teleport/types.go b/lib/usagereporter/teleport/types.go
index 0c0a2f9753cc6..092a128185ff8 100644
--- a/lib/usagereporter/teleport/types.go
+++ b/lib/usagereporter/teleport/types.go
@@ -146,9 +146,31 @@ func (u *ResourceCreateEvent) Anonymize(a utils.Anonymizer) prehogv1a.SubmitEven
 }
 
 func integrationEnrollMetadataToPrehog(u *usageeventsv1.IntegrationEnrollMetadata, userMD UserMetadata) *prehogv1a.IntegrationEnrollMetadata {
+	// Some enums are out of sync and need to be mapped manually
+	var prehogKind prehogv1a.IntegrationEnrollKind
+	switch u.Kind {
+	case usageeventsv1.IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_SERVICENOW:
+		prehogKind = prehogv1a.IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_SERVICENOW
+	case usageeventsv1.IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_ENTRA_ID:
+		prehogKind = prehogv1a.IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_ENTRA_ID
+	case usageeventsv1.IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_DATADOG_INCIDENT_MANAGEMENT:
+		prehogKind = prehogv1a.IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_DATADOG_INCIDENT_MANAGEMENT
+	case usageeventsv1.IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_MACHINE_ID_AWS:
+		prehogKind = prehogv1a.IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_MACHINE_ID_AWS
+	case usageeventsv1.IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_MACHINE_ID_GCP:
+		prehogKind = prehogv1a.IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_MACHINE_ID_GCP
+	case usageeventsv1.IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_MACHINE_ID_AZURE:
+		prehogKind = prehogv1a.IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_MACHINE_ID_AZURE
+	case usageeventsv1.IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_MACHINE_ID_SPACELIFT:
+		prehogKind = prehogv1a.IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_MACHINE_ID_SPACELIFT
+	case usageeventsv1.IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_MACHINE_ID_KUBERNETES:
+		prehogKind = prehogv1a.IntegrationEnrollKind_INTEGRATION_ENROLL_KIND_MACHINE_ID_KUBERNETES
+	default:
+		prehogKind = prehogv1a.IntegrationEnrollKind(u.Kind)
+	}
 	return &prehogv1a.IntegrationEnrollMetadata{
 		Id:       u.Id,
-		Kind:     prehogv1a.IntegrationEnrollKind(u.Kind),
+		Kind:     prehogKind,
 		UserName: userMD.Username,
 	}
 }
@@ -1229,6 +1251,22 @@ func (u *SPIFFESVIDIssuedEvent) Anonymize(a utils.Anonymizer) prehogv1a.SubmitEv
 	}
 }
 
+// UserTaskStateEvent is an event emitted when the state of a User Task changes.
+type UserTaskStateEvent prehogv1a.UserTaskStateEvent
+
+func (u *UserTaskStateEvent) Anonymize(a utils.Anonymizer) prehogv1a.SubmitEventRequest {
+	return prehogv1a.SubmitEventRequest{
+		Event: &prehogv1a.SubmitEventRequest_UserTaskState{
+			UserTaskState: &prehogv1a.UserTaskStateEvent{
+				TaskType:       u.TaskType,
+				IssueType:      u.IssueType,
+				State:          u.State,
+				InstancesCount: u.InstancesCount,
+			},
+		},
+	}
+}
+
 // ConvertUsageEvent converts a usage event from an API object into an
 // anonymizable event. All events that can be submitted externally via the Auth
 // API need to be defined here.
@@ -1734,6 +1772,24 @@ func ConvertUsageEvent(event *usageeventsv1.UsageEventOneOf, userMD UserMetadata
 			AffectedResourceType:   data.AffectedResourceType,
 		}
 		return ret, nil
+	case *usageeventsv1.UsageEventOneOf_UserTaskStateEvent:
+		data := e.UserTaskStateEvent
+		if data.TaskType == "" {
+			return nil, trace.BadParameter("task type is empty")
+		}
+		if data.IssueType == "" {
+			return nil, trace.BadParameter("issue type is empty")
+		}
+		if data.State == "" {
+			return nil, trace.BadParameter("state is empty")
+		}
+		ret := &UserTaskStateEvent{
+			TaskType:       data.TaskType,
+			IssueType:      data.IssueType,
+			State:          data.State,
+			InstancesCount: data.InstancesCount,
+		}
+		return ret, nil
 	default:
 		return nil, trace.BadParameter("invalid usage event type %T", event.GetEvent())
 	}
diff --git a/lib/utils/fs.go b/lib/utils/fs.go
index 97cb9df79f83a..741bb8e8cf87e 100644
--- a/lib/utils/fs.go
+++ b/lib/utils/fs.go
@@ -203,6 +203,16 @@ func FSTryWriteLock(filePath string) (unlock func() error, err error) {
 	return fileLock.Unlock, nil
 }
 
+// FSWriteLock tries to grab write lock and block if lock is already acquired by someone else.
+func FSWriteLock(filePath string) (unlock func() error, err error) {
+	fileLock := flock.New(getPlatformLockFilePath(filePath))
+	if err := fileLock.Lock(); err != nil {
+		return nil, trace.ConvertSystemError(err)
+	}
+
+	return fileLock.Unlock, nil
+}
+
 // FSTryWriteLockTimeout tries to grab write lock, it's doing it until locks is acquired, or timeout is expired,
 // or context is expired.
 func FSTryWriteLockTimeout(ctx context.Context, filePath string, timeout time.Duration) (unlock func() error, err error) {
@@ -216,7 +226,7 @@ func FSTryWriteLockTimeout(ctx context.Context, filePath string, timeout time.Du
 	return fileLock.Unlock, nil
 }
 
-// FSTryReadLock tries to grab write lock, returns ErrUnsuccessfulLockTry
+// FSTryReadLock tries to grab shared lock, returns ErrUnsuccessfulLockTry
 // if lock is already acquired by someone else
 func FSTryReadLock(filePath string) (unlock func() error, err error) {
 	fileLock := flock.New(getPlatformLockFilePath(filePath))
@@ -231,6 +241,16 @@ func FSTryReadLock(filePath string) (unlock func() error, err error) {
 	return fileLock.Unlock, nil
 }
 
+// FSReadLock tries to grab shared lock and block if lock is already acquired by someone else.
+func FSReadLock(filePath string) (unlock func() error, err error) {
+	fileLock := flock.New(getPlatformLockFilePath(filePath))
+	if err := fileLock.RLock(); err != nil {
+		return nil, trace.ConvertSystemError(err)
+	}
+
+	return fileLock.Unlock, nil
+}
+
 // FSTryReadLockTimeout tries to grab read lock, it's doing it until locks is acquired, or timeout is expired,
 // or context is expired.
 func FSTryReadLockTimeout(ctx context.Context, filePath string, timeout time.Duration) (unlock func() error, err error) {
diff --git a/lib/utils/fs_test.go b/lib/utils/fs_test.go
index f6ed135ca4069..c2dde216e2f6d 100644
--- a/lib/utils/fs_test.go
+++ b/lib/utils/fs_test.go
@@ -20,9 +20,11 @@ package utils
 
 import (
 	"context"
+	"fmt"
 	"os"
 	"path/filepath"
 	"runtime"
+	"sync/atomic"
 	"testing"
 	"time"
 
@@ -328,6 +330,56 @@ func TestLocks(t *testing.T) {
 	require.NoError(t, unlock())
 }
 
+// TestLockWithBlocking verifies that second lock call is blocked until first is released.
+func TestLockWithBlocking(t *testing.T) {
+	var locked atomic.Bool
+
+	lockFile := filepath.Join(os.TempDir(), ".lock")
+	t.Cleanup(func() {
+		require.NoError(t, os.Remove(lockFile))
+	})
+
+	// Acquire first lock should not return any error.
+	unlock, err := FSWriteLock(lockFile)
+	require.NoError(t, err)
+	locked.Store(true)
+
+	signal := make(chan struct{})
+	errChan := make(chan error)
+	go func() {
+		signal <- struct{}{}
+		unlock, err := FSWriteLock(lockFile)
+		if err != nil {
+			errChan <- err
+			return
+		}
+		if locked.Load() {
+			errChan <- fmt.Errorf("first lock is still acquired, second lock must be blocking")
+			return
+		}
+		if err := unlock(); err != nil {
+			errChan <- err
+			return
+		}
+		signal <- struct{}{}
+	}()
+
+	<-signal
+	// We have to wait till next lock is reached to ensure we block execution of goroutine.
+	// Since this is system call we can't track if the function reach blocking state already.
+	time.Sleep(100 * time.Millisecond)
+	locked.Store(false)
+	require.NoError(t, unlock())
+
+	select {
+	case err := <-errChan:
+		require.NoError(t, err)
+	case <-signal:
+	case <-time.After(5 * time.Second):
+		require.Fail(t, "second lock is not released")
+	}
+}
+
 func TestOverwriteFile(t *testing.T) {
 	have := []byte("Sensitive Information")
 	fName := filepath.Join(t.TempDir(), "teleport-overwrite-file-test")
diff --git a/lib/utils/interval/multi.go b/lib/utils/interval/multi.go
index 9932203ea6076..f3c1fae80d79f 100644
--- a/lib/utils/interval/multi.go
+++ b/lib/utils/interval/multi.go
@@ -23,6 +23,8 @@ import (
 	"sync"
 	"time"
 
+	"github.com/jonboulle/clockwork"
+
 	"github.com/gravitational/teleport/api/utils/retryutils"
 )
 
@@ -39,6 +41,7 @@ import (
 // but it is still a potential source of bugs/confusion when transitioning to using this type from one
 // of the single-interval alternatives.
 type MultiInterval[T comparable] struct {
+	clock     clockwork.Clock
 	subs      []subIntervalEntry[T]
 	push      chan subIntervalEntry[T]
 	ch        chan Tick[T]
@@ -125,12 +128,17 @@ func (s *subIntervalEntry[T]) increment() {
 
 // NewMulti creates a new multi-interval instance.  This function panics on non-positive
 // interval durations (equivalent to time.NewTicker) or if no sub-intervals are provided.
-func NewMulti[T comparable](intervals ...SubInterval[T]) *MultiInterval[T] {
+func NewMulti[T comparable](clock clockwork.Clock, intervals ...SubInterval[T]) *MultiInterval[T] {
 	if len(intervals) == 0 {
 		panic(errors.New("empty sub-interval set for interval.NewMulti"))
 	}
 
+	if clock == nil {
+		clock = clockwork.NewRealClock()
+	}
+
 	interval := &MultiInterval[T]{
+		clock: clock,
 		subs:  make([]subIntervalEntry[T], 0, len(intervals)),
 		push:  make(chan subIntervalEntry[T]),
 		ch:    make(chan Tick[T], 1),
@@ -140,7 +148,7 @@ func NewMulti[T comparable](intervals ...SubInterval[T]) *MultiInterval[T] {
 	}
 
 	// check and initialize our sub-intervals.
-	now := time.Now()
+	now := clock.Now()
 	for _, sub := range intervals {
 		if sub.Duration <= 0 && (sub.VariableDuration == nil || sub.VariableDuration.Duration() <= 0) {
 			panic(errors.New("non-positive sub interval for interval.NewMulti"))
@@ -156,7 +164,7 @@ func NewMulti[T comparable](intervals ...SubInterval[T]) *MultiInterval[T] {
 
 	// start the timer in this goroutine to improve
 	// consistency of first tick.
-	timer := time.NewTimer(d)
+	timer := clock.NewTimer(d)
 
 	go interval.run(timer, key)
 
@@ -173,7 +181,7 @@ func (i *MultiInterval[T]) Push(sub SubInterval[T]) {
 		SubInterval: sub,
 	}
 	// we initialize here in order to improve consistency of start time
-	entry.init(time.Now())
+	entry.init(i.clock.Now())
 	select {
 	case i.push <- entry:
 	case <-i.done:
@@ -257,7 +265,7 @@ func (i *MultiInterval[T]) pushEntry(entry subIntervalEntry[T]) {
 	i.subs = append(i.subs, entry)
 }
 
-func (i *MultiInterval[T]) run(timer *time.Timer, key T) {
+func (i *MultiInterval[T]) run(timer clockwork.Timer, key T) {
 	defer timer.Stop()
 
 	var pending pendingTicks[T]
@@ -276,7 +284,7 @@ func (i *MultiInterval[T]) run(timer *time.Timer, key T) {
 		}
 
 		select {
-		case t := <-timer.C:
+		case t := <-timer.Chan():
 			// increment the sub-interval for the current key
 			i.increment(key)
 
@@ -292,7 +300,7 @@ func (i *MultiInterval[T]) run(timer *time.Timer, key T) {
 			timer.Reset(d)
 
 		case resetKey := <-i.reset:
-			now := time.Now()
+			now := i.clock.Now()
 
 			// reset the sub-interval for the target key
 			i.resetEntry(now, resetKey)
@@ -307,14 +315,14 @@ func (i *MultiInterval[T]) run(timer *time.Timer, key T) {
 
 			// stop and drain timer
 			if !timer.Stop() {
-				<-timer.C
+				<-timer.Chan()
 			}
 
 			// apply the new duration
 			timer.Reset(d)
 
 		case fireKey := <-i.fire:
-			now := time.Now()
+			now := i.clock.Now()
 
 			// reset the sub-interval for the key we are firing
 			i.resetEntry(now, fireKey)
@@ -329,13 +337,13 @@ func (i *MultiInterval[T]) run(timer *time.Timer, key T) {
 
 			// stop and drain timer.
 			if !timer.Stop() {
-				<-timer.C
+				<-timer.Chan()
 			}
 
 			// re-set the timer
 			timer.Reset(d)
 		case entry := <-i.push:
-			now := time.Now()
+			now := i.clock.Now()
 
 			// add the new sub-interval entry
 			i.pushEntry(entry)
@@ -351,7 +359,7 @@ func (i *MultiInterval[T]) run(timer *time.Timer, key T) {
 
 			// stop and drain timer
 			if !timer.Stop() {
-				<-timer.C
+				<-timer.Chan()
 			}
 
 			// apply the new duration
diff --git a/lib/utils/interval/multi_test.go b/lib/utils/interval/multi_test.go
index 37cf3a10b1614..3ef8b1f17ad56 100644
--- a/lib/utils/interval/multi_test.go
+++ b/lib/utils/interval/multi_test.go
@@ -24,6 +24,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/jonboulle/clockwork"
 	"github.com/stretchr/testify/require"
 )
 
@@ -47,10 +48,12 @@ func TestMultiIntervalReset(t *testing.T) {
 			resetTimer := time.NewTimer(duration / 3)
 			defer resetTimer.Stop()
 
-			interval := NewMulti[string](SubInterval[string]{
-				Key:      "key",
-				Duration: duration,
-			})
+			interval := NewMulti[string](
+				clockwork.NewRealClock(),
+				SubInterval[string]{
+					Key:      "key",
+					Duration: duration,
+				})
 			defer interval.Stop()
 
 			start := time.Now()
@@ -92,6 +95,7 @@ func TestMultiIntervalReset(t *testing.T) {
 func TestMultiIntervalBasics(t *testing.T) {
 	t.Parallel()
 	interval := NewMulti[string](
+		clockwork.NewRealClock(),
 		SubInterval[string]{
 			Key:      "fast",
 			Duration: time.Millisecond * 8,
@@ -151,6 +155,7 @@ func TestMultiIntervalVariableDuration(t *testing.T) {
 	bar.counter.Store(1)
 
 	interval := NewMulti[string](
+		clockwork.NewRealClock(),
 		SubInterval[string]{
 			Key:              "foo",
 			VariableDuration: foo,
@@ -216,6 +221,7 @@ func TestMultiIntervalVariableDuration(t *testing.T) {
 func TestMultiIntervalPush(t *testing.T) {
 	t.Parallel()
 	interval := NewMulti[string](
+		clockwork.NewRealClock(),
 		SubInterval[string]{
 			Key:      "foo",
 			Duration: time.Millisecond * 6,
@@ -289,6 +295,7 @@ func TestMultiIntervalFireNow(t *testing.T) {
 	// set up one sub-interval that fires frequently, and another that will never
 	// fire during this test unless we trigger with FireNow.
 	interval := NewMulti[string](
+		clockwork.NewRealClock(),
 		SubInterval[string]{
 			Key:      "slow",
 			Duration: time.Hour,
diff --git a/lib/utils/teleportassets/teleportassets.go b/lib/utils/teleportassets/teleportassets.go
new file mode 100644
index 0000000000000..e396798a5477b
--- /dev/null
+++ b/lib/utils/teleportassets/teleportassets.go
@@ -0,0 +1,84 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see .
+ */
+
+package teleportassets
+
+import (
+	"fmt"
+
+	"github.com/coreos/go-semver/semver"
+
+	"github.com/gravitational/teleport"
+	"github.com/gravitational/teleport/lib/modules"
+)
+
+const (
+	// teleportReleaseCDN is the Teleport CDN URL for release builds.
+	// This can be used to download the Teleport binary for release builds.
+	teleportReleaseCDN = "https://cdn.teleport.dev"
+	// teleportPreReleaseCDN is the Teleport CDN URL for pre-release builds.
+	// This can be used to download the Teleport binary for pre-release builds.
+	teleportPreReleaseCDN = "https://cdn.cloud.gravitational.io"
+)
+
+// CDNBaseURL returns the URL of the CDN that can be used to download Teleport
+// binary assets.
+func CDNBaseURL() string {
+	return cdnBaseURL(*teleport.SemVersion)
+}
+
+// cdnBaseURL returns the base URL of the CDN that can be used to download
+// Teleport binary assets.
+func cdnBaseURL(version semver.Version) string {
+	if version.PreRelease != "" {
+		return teleportPreReleaseCDN
+	}
+	return teleportReleaseCDN
+}
+
+const (
+	// teleportReleaseECR is the official release repo for Teleport images.
+	teleportReleaseECR = "public.ecr.aws/gravitational"
+	// teleportReleaseECR is the pre-release repo for Teleport images.
+	teleportPreReleaseECR = "public.ecr.aws/gravitational-staging"
+	// distrolessTeleportOSSImage is the distroless image of the OSS version of Teleport
+	distrolessTeleportOSSImage = "teleport-distroless"
+	// distrolessTeleportEntImage is the distroless image of the Enterprise version of Teleport
+	distrolessTeleportEntImage = "teleport-ent-distroless"
+)
+
+// DistrolessImage returns the distroless teleport image repo.
+func DistrolessImage(version semver.Version) string {
+	repo := distrolessImageRepo(version)
+	name := distrolessImageName(modules.GetModules().BuildType())
+	return fmt.Sprintf("%s/%s:%s", repo, name, version)
+}
+
+func distrolessImageRepo(version semver.Version) string {
+	if version.PreRelease != "" {
+		return teleportPreReleaseECR
+	}
+	return teleportReleaseECR
+}
+
+func distrolessImageName(buildType string) string {
+	if buildType == modules.BuildEnterprise {
+		return distrolessTeleportEntImage
+	}
+	return distrolessTeleportOSSImage
+}
diff --git a/lib/utils/teleportassets/teleportassets_test.go b/lib/utils/teleportassets/teleportassets_test.go
new file mode 100644
index 0000000000000..22dee4c13061c
--- /dev/null
+++ b/lib/utils/teleportassets/teleportassets_test.go
@@ -0,0 +1,82 @@
+/*
+ * Teleport
+ * Copyright (C) 2024  Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see .
+ */
+
+package teleportassets
+
+import (
+	"testing"
+
+	"github.com/coreos/go-semver/semver"
+	"github.com/stretchr/testify/require"
+
+	"github.com/gravitational/teleport/lib/modules"
+)
+
+func TestDistrolessTeleportImageRepo(t *testing.T) {
+	tests := []struct {
+		desc      string
+		buildType string
+		version   string
+		want      string
+	}{
+		{
+			desc:      "ent release",
+			buildType: modules.BuildEnterprise,
+			version:   "16.0.0",
+			want:      "public.ecr.aws/gravitational/teleport-ent-distroless:16.0.0",
+		},
+		{
+			desc:      "oss release",
+			buildType: modules.BuildOSS,
+			version:   "16.0.0",
+			want:      "public.ecr.aws/gravitational/teleport-distroless:16.0.0",
+		},
+		{
+			desc:      "community release",
+			buildType: modules.BuildCommunity,
+			version:   "16.0.0",
+			want:      "public.ecr.aws/gravitational/teleport-distroless:16.0.0",
+		},
+		{
+			desc:      "ent pre-release",
+			buildType: modules.BuildEnterprise,
+			version:   "16.0.0-alpha.1",
+			want:      "public.ecr.aws/gravitational-staging/teleport-ent-distroless:16.0.0-alpha.1",
+		},
+		{
+			desc:      "oss pre-release",
+			buildType: modules.BuildOSS,
+			version:   "16.0.0-alpha.1",
+			want:      "public.ecr.aws/gravitational-staging/teleport-distroless:16.0.0-alpha.1",
+		},
+		{
+			desc:      "community pre-release",
+			buildType: modules.BuildCommunity,
+			version:   "16.0.0-alpha.1",
+			want:      "public.ecr.aws/gravitational-staging/teleport-distroless:16.0.0-alpha.1",
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.desc, func(t *testing.T) {
+			semVer, err := semver.NewVersion(test.version)
+			require.NoError(t, err)
+			modules.SetTestModules(t, &modules.TestModules{TestBuildType: test.buildType})
+			require.Equal(t, test.want, DistrolessImage(*semVer))
+		})
+	}
+}
diff --git a/lib/web/apiserver.go b/lib/web/apiserver.go
index ed7649f936f57..45c64508a24f5 100644
--- a/lib/web/apiserver.go
+++ b/lib/web/apiserver.go
@@ -158,8 +158,8 @@ type Handler struct {
 	// userConns tracks amount of current active connections with user certificates.
 	userConns atomic.Int32
 
-	// ClusterFeatures contain flags for supported and unsupported features.
-	ClusterFeatures proto.Features
+	// clusterFeatures contain flags for supported and unsupported features.
+	clusterFeatures proto.Features
 
 	// nodeWatcher is a services.NodeWatcher used by Assist to lookup nodes from
 	// the proxy's cache and get nodes in real time.
@@ -462,7 +462,7 @@ func NewHandler(cfg Config, opts ...HandlerOption) (*APIHandler, error) {
 		log:                  newPackageLogger(),
 		logger:               slog.Default().With(teleport.ComponentKey, teleport.ComponentWeb),
 		clock:                clockwork.NewRealClock(),
-		ClusterFeatures:      cfg.ClusterFeatures,
+		clusterFeatures:      cfg.ClusterFeatures,
 		healthCheckAppServer: cfg.HealthCheckAppServer,
 		tracer:               cfg.TracerProvider.Tracer(teleport.ComponentWeb),
 		wsIODeadline:         wsIODeadline,
@@ -1018,6 +1018,12 @@ func (h *Handler) bindDefaultEndpoints() {
 	h.PUT("/webapi/sites/:site/discoveryconfig/:name", h.WithClusterAuth(h.discoveryconfigUpdate))
 	h.DELETE("/webapi/sites/:site/discoveryconfig/:name", h.WithClusterAuth(h.discoveryconfigDelete))
 
+	// User Tasks CRUD
+	// Listing Tasks by Integration: GET /webapi/sites/:site/usertask?integration=
+	h.GET("/webapi/sites/:site/usertask", h.WithClusterAuth(h.userTaskListByIntegration))
+	h.GET("/webapi/sites/:site/usertask/:name", h.WithClusterAuth(h.userTaskGet))
+	h.PUT("/webapi/sites/:site/usertask/:name/state", h.WithClusterAuth(h.userTaskStateUpdate))
+
 	// Connection upgrades.
 	h.GET("/webapi/connectionupgrade", httplib.MakeHandler(h.connectionUpgrade))
 
@@ -1216,6 +1222,13 @@ func (h *Handler) getUserContext(w http.ResponseWriter, r *http.Request, p httpr
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
+	pingResp, err := clt.Ping(r.Context())
+	if err != nil {
+		return nil, trace.Wrap(err)
+	}
+	if !pingResp.LicenseExpiry.IsZero() {
+		userContext.Cluster.LicenseExpiry = pingResp.LicenseExpiry
+	}
 
 	userContext.ConsumedAccessRequestID = c.cfg.Session.GetConsumedAccessRequestID()
 
@@ -2023,9 +2036,11 @@ func (h *Handler) githubCallback(w http.ResponseWriter, r *http.Request, p httpr
 			logger.Debug("GitHub WebSession created with device web token")
 			// if a device web token is present, we must send the user to the device authorize page
 			// to upgrade the session.
-			// TODO (avatus) the web client currently doesn't handle any redirects after authorizing a web
-			// session with device trust. Once it does, append a redirect_url here as a query parameter
-			return fmt.Sprintf("/web/device/authorize/%s/%s", dwt.Id, dwt.Token)
+			redirectPath, err := BuildDeviceWebRedirectPath(dwt, res.ClientRedirectURL)
+			if err != nil {
+				logger.WithError(err).Debug("Invalid device web token.")
+			}
+			return redirectPath
 		}
 		return res.ClientRedirectURL
 	}
@@ -2054,6 +2069,28 @@ func (h *Handler) githubCallback(w http.ResponseWriter, r *http.Request, p httpr
 	return redirectURL.String()
 }
 
+// BuildDeviceWebRedirectPath constructs the redirect path for device web authorization.
+// It takes a DeviceWebToken and an optional client redirect URL as input.
+// The function formats a redirect path with the device ID and token from the provided DeviceWebToken.
+// If the clientRedirectURL is provided, it's appended to the redirect path
+// as a query parameter named "redirect_uri".
+// Will always at least return "/web" path.
+func BuildDeviceWebRedirectPath(dwt *types.DeviceWebToken, clientRedirectURL string) (string, error) {
+	const basePath = "/web"
+
+	if dwt == nil {
+		return basePath, trace.BadParameter("DeviceWebToken cannot be nil")
+	}
+	if dwt.Id == "" || dwt.Token == "" {
+		return basePath, trace.BadParameter("DeviceWebToken ID and Token cannot be empty")
+	}
+	redirectPath := fmt.Sprintf("/web/device/authorize/%s/%s", dwt.Id, dwt.Token)
+	if clientRedirectURL != "" {
+		redirectPath = fmt.Sprintf("%s?redirect_uri=%s", redirectPath, clientRedirectURL)
+	}
+	return redirectPath, nil
+}
+
 func (h *Handler) installer(w http.ResponseWriter, r *http.Request, p httprouter.Params) (interface{}, error) {
 	httplib.SetScriptHeaders(w.Header())
 
@@ -2074,9 +2111,12 @@ func (h *Handler) installer(w http.ResponseWriter, r *http.Request, p httprouter
 	}
 
 	feats := modules.GetModules().Features()
-	teleportPackage := teleport.ComponentTeleport
+	teleportPackage := types.PackageNameOSS
 	if modules.GetModules().BuildType() == modules.BuildEnterprise || feats.Cloud {
-		teleportPackage = fmt.Sprintf("%s-%s", teleport.ComponentTeleport, modules.BuildEnterprise)
+		teleportPackage = types.PackageNameEnt
+		if h.cfg.FIPS {
+			teleportPackage = types.PackageNameEntFIPS
+		}
 	}
 
 	// By default, it uses the stable/v channel.
diff --git a/lib/web/apiserver_test.go b/lib/web/apiserver_test.go
index 274407bd1a527..0e2b568f62fda 100644
--- a/lib/web/apiserver_test.go
+++ b/lib/web/apiserver_test.go
@@ -7791,6 +7791,10 @@ type authProviderMock struct {
 	server types.ServerV2
 }
 
+func (mock authProviderMock) ListUnifiedResources(ctx context.Context, req *authproto.ListUnifiedResourcesRequest) (*authproto.ListUnifiedResourcesResponse, error) {
+	return nil, nil
+}
+
 func (mock authProviderMock) GetNode(ctx context.Context, namespace, name string) (types.Server, error) {
 	return &mock.server, nil
 }
diff --git a/lib/web/app/redirect.go b/lib/web/app/redirect.go
index d620ff77cd7c5..ebf55c7761437 100644
--- a/lib/web/app/redirect.go
+++ b/lib/web/app/redirect.go
@@ -72,8 +72,9 @@ const appRedirectHTML = `
     Teleport Redirection Service