From a2ae2a5982ac18ca78ad43c88cc962e3af4420f2 Mon Sep 17 00:00:00 2001 From: Samir Anand Date: Fri, 8 Dec 2023 16:55:15 +0530 Subject: [PATCH] Automatically generated by magic modules for service: orgpolicy and resource: Projects__policy. This commit includes the following changes: - Singular Resource - Plural Resource - Documentation updates - Terraform configuration - Integration tests Signed-off-by: Samir Anand --- build/inspec/test/integration/build/gcp-mm.tf | 1553 +++++++++++++++++ .../integration/configuration/hello-world.zip | Bin 0 -> 58362 bytes .../integration/configuration/index.js.zip | Bin 0 -> 611 bytes .../configuration/mm-attributes.yml | 939 ++++++++++ .../google_orgpolicy_project_policies.md | 31 + .../google_orgpolicy_project_policy.md | 136 ++ .../property/projectpolicy_alternate.rb | 39 + .../property/projectpolicy_alternate_spec.rb | 47 + .../projectpolicy_alternate_spec_rules.rb | 56 + ...ctpolicy_alternate_spec_rules_condition.rb | 43 + ...ojectpolicy_alternate_spec_rules_values.rb | 37 + .../property/projectpolicy_dry_run_spec.rb | 47 + .../projectpolicy_dry_run_spec_rules.rb | 56 + ...jectpolicy_dry_run_spec_rules_condition.rb | 43 + ...projectpolicy_dry_run_spec_rules_values.rb | 37 + .../orgpolicy/property/projectpolicy_spec.rb | 47 + .../property/projectpolicy_spec_rules.rb | 56 + .../projectpolicy_spec_rules_condition.rb | 43 + .../projectpolicy_spec_rules_values.rb | 37 + .../google_orgpolicy_project_policies.rb | 85 + libraries/google_orgpolicy_project_policy.rb | 68 + .../google_orgpolicy_project_policies.rb | 30 + .../google_orgpolicy_project_policy.rb | 35 + 23 files changed, 3465 insertions(+) create mode 100644 build/inspec/test/integration/build/gcp-mm.tf create mode 100644 build/inspec/test/integration/configuration/hello-world.zip create mode 100644 build/inspec/test/integration/configuration/index.js.zip create mode 100644 build/inspec/test/integration/configuration/mm-attributes.yml create mode 100644 docs/resources/google_orgpolicy_project_policies.md create mode 100644 docs/resources/google_orgpolicy_project_policy.md create mode 100644 libraries/google/orgpolicy/property/projectpolicy_alternate.rb create mode 100644 libraries/google/orgpolicy/property/projectpolicy_alternate_spec.rb create mode 100644 libraries/google/orgpolicy/property/projectpolicy_alternate_spec_rules.rb create mode 100644 libraries/google/orgpolicy/property/projectpolicy_alternate_spec_rules_condition.rb create mode 100644 libraries/google/orgpolicy/property/projectpolicy_alternate_spec_rules_values.rb create mode 100644 libraries/google/orgpolicy/property/projectpolicy_dry_run_spec.rb create mode 100644 libraries/google/orgpolicy/property/projectpolicy_dry_run_spec_rules.rb create mode 100644 libraries/google/orgpolicy/property/projectpolicy_dry_run_spec_rules_condition.rb create mode 100644 libraries/google/orgpolicy/property/projectpolicy_dry_run_spec_rules_values.rb create mode 100644 libraries/google/orgpolicy/property/projectpolicy_spec.rb create mode 100644 libraries/google/orgpolicy/property/projectpolicy_spec_rules.rb create mode 100644 libraries/google/orgpolicy/property/projectpolicy_spec_rules_condition.rb create mode 100644 libraries/google/orgpolicy/property/projectpolicy_spec_rules_values.rb create mode 100644 libraries/google_orgpolicy_project_policies.rb create mode 100644 libraries/google_orgpolicy_project_policy.rb create mode 100644 test/integration/verify/controls/google_orgpolicy_project_policies.rb create mode 100644 test/integration/verify/controls/google_orgpolicy_project_policy.rb diff --git a/build/inspec/test/integration/build/gcp-mm.tf b/build/inspec/test/integration/build/gcp-mm.tf new file mode 100644 index 000000000..53de3d66a --- /dev/null +++ b/build/inspec/test/integration/build/gcp-mm.tf @@ -0,0 +1,1553 @@ +#variable "ssl_policy" { +# type = any +#} +# +#variable "topic" { +# type = any +#} +# +#variable "subscription" { +# type = any +#} +# +#variable "managed_zone" { +# type = any +#} +# +#variable "record_set" { +# type = any +#} +# +#variable "instance_group_manager" { +# type = any +#} +# +#variable "autoscaler" { +# type = any +#} +# +#variable "target_pool" { +# type = any +#} +# +#variable "trigger" { +# type = any +#} +# +#variable "health_check" { +# type = any +#} +# +#variable "backend_service" { +# type = any +#} +# +#variable "http_health_check" { +# type = any +#} +# +#variable "https_health_check" { +# type = any +#} +# +#variable "instance_template" { +# type = any +#} +# +#variable "global_address" { +# type = any +#} +# +#variable "url_map" { +# type = any +#} +# +#variable "http_proxy" { +# type = any +#} +# +#variable "global_forwarding_rule" { +# type = any +#} +# +#variable "target_tcp_proxy" { +# type = any +#} +# +#variable "route" { +# type = any +#} +# +#variable "router" { +# type = any +#} +# +#variable "snapshot" { +# type = any +#} +# +#variable "https_proxy" { +# type = any +#} +# +#variable "ssl_certificate" { +# type = any +#} +# +#variable "dataset" { +# type = any +#} +# +#variable "bigquery_table" { +# type = any +#} +# +#variable "repository" { +# type = any +#} +# +#variable "folder" { +# type = any +#} +# +#variable "gcp_organization_id" { +# type = string +# default = "none" +#} +# +#variable "cloudfunction" { +# type = any +#} +# +#variable "backend_bucket" { +# type = any +#} +# +#variable "gcp_cloud_function_region" {} +# +#variable "regional_node_pool" { +# type = any +#} +# +#variable "region_backend_service_health_check" { +# type = any +#} +# +#variable "region_backend_service" { +# type = any +#} +# +#variable "org_sink" { +# type = any +#} +# +#variable "standardappversion" { +# type = any +#} +# +#variable "ml_model" { +# type = any +#} +# +#variable "dataproc_cluster" { +# type = any +#} +# +#variable "folder_exclusion" { +# type = any +#} +# +#variable "filestore_instance" { +# type = any +#} +# +#variable "folder_sink" { +# type = any +#} +# +#variable "runtimeconfig_config" { +# type = any +#} +# +#variable "runtimeconfig_variable" { +# type = any +#} +# +#variable "redis" { +# type = any +#} +# +#variable "network_endpoint_group" { +# type = any +#} +# +#variable "node_template" { +# type = any +#} +# +#variable "node_group" { +# type = any +#} +# +#variable "router_nat" { +# type = any +#} +# +#variable "service" { +# type = any +#} +# +#variable "spannerinstance" { +# type = any +#} +# +#variable "spannerdatabase" { +# type = any +#} +# +#variable "scheduler_job" { +# type = any +#} +# +# +#resource "google_compute_ssl_policy" "custom-ssl-policy" { +# name = var.ssl_policy["name"] +# min_tls_version = var.ssl_policy["min_tls_version"] +# profile = var.ssl_policy["profile"] +# custom_features = [var.ssl_policy["custom_feature"], var.ssl_policy["custom_feature2"]] +# project = var.gcp_project_id +#} +# +#resource "google_pubsub_topic" "topic" { +# project = var.gcp_project_id +# name = var.topic["name"] +#} +# +#resource "google_pubsub_subscription" "default" { +# project = var.gcp_project_id +# name = var.subscription["name"] +# topic = google_pubsub_topic.topic.name +# ack_deadline_seconds = var.subscription["ack_deadline_seconds"] +#} +# +#resource "google_dns_managed_zone" "prod" { +# name = var.managed_zone["name"] +# dns_name = var.managed_zone["dns_name"] +# description = var.managed_zone["description"] +# +# labels = { +# key = var.managed_zone["label_value"] +# } +# project = var.gcp_project_id +#} +# +#resource "google_dns_record_set" "a" { +# name = var.record_set["name"] +# managed_zone = google_dns_managed_zone.prod.name +# type = var.record_set["type"] +# ttl = var.record_set["ttl"] +# +# rrdatas = [var.record_set["rrdatas1"], var.record_set["rrdatas2"]] +# project = var.gcp_project_id +#} +# +#resource "google_compute_instance_group_manager" "gcp-inspec-igm" { +# project = var.gcp_project_id +# zone = var.gcp_zone +# name = var.instance_group_manager["name"] +# version { +# instance_template = google_compute_instance_template.default.self_link +# } +# base_instance_name = var.instance_group_manager["base_instance_name"] +# target_pools = [] +# target_size = 0 +# named_port { +# name = var.instance_group_manager["named_port_name"] +# port = var.instance_group_manager["named_port_port"] +# } +#} +# +#resource "google_compute_autoscaler" "gcp-inspec-autoscaler" { +# project = var.gcp_project_id +# name = var.autoscaler["name"] +# zone = var.gcp_zone +# target = google_compute_instance_group_manager.gcp-inspec-igm.self_link +# +# autoscaling_policy { +# max_replicas = var.autoscaler["max_replicas"] +# min_replicas = var.autoscaler["min_replicas"] +# cooldown_period = var.autoscaler["cooldown_period"] +# +# cpu_utilization { +# target = var.autoscaler["cpu_utilization_target"] +# } +# } +#} +# +#resource "google_compute_target_pool" "gcp-inspec-target-pool" { +# project = var.gcp_project_id +# name = var.target_pool["name"] +# session_affinity = var.target_pool["session_affinity"] +# +# instances = [ +# "${var.gcp_zone}/${var.gcp_ext_vm_name}", +# ] +#} +# +#resource "google_cloudbuild_trigger" "gcp-inspec-cloudbuild-trigger" { +# project = var.gcp_project_id +# trigger_template { +# branch_name = var.trigger["trigger_template_branch"] +# project_id = var.trigger["trigger_template_project"] +# repo_name = var.trigger["trigger_template_repo"] +# } +# filename = var.trigger["filename"] +#} +# +#resource "google_compute_health_check" "gcp-inspec-health-check" { +# project = var.gcp_project_id +# name = var.health_check["name"] +# +# timeout_sec = var.health_check["timeout_sec"] +# check_interval_sec = var.health_check["check_interval_sec"] +# +# tcp_health_check { +# port = var.health_check["tcp_health_check_port"] +# } +#} +# +#resource "google_compute_backend_service" "gcp-inspec-backend-service" { +# project = var.gcp_project_id +# name = var.backend_service["name"] +# description = var.backend_service["description"] +# port_name = var.backend_service["port_name"] +# protocol = var.backend_service["protocol"] +# timeout_sec = var.backend_service["timeout_sec"] +# enable_cdn = var.backend_service["enable_cdn"] +# +# backend { +# group = google_compute_instance_group_manager.gcp-inspec-igm.instance_group +# } +# +# health_checks = [google_compute_health_check.gcp-inspec-health-check.self_link] +#} +# +#resource "google_compute_health_check" "gcp-inspec-region-backend-service-hc" { +# project = var.gcp_project_id +# name = var.region_backend_service_health_check["name"] +# +# timeout_sec = var.region_backend_service_health_check["timeout_sec"] +# check_interval_sec = var.region_backend_service_health_check["check_interval_sec"] +# +# tcp_health_check { +# port = var.region_backend_service_health_check["tcp_health_check_port"] +# } +#} +# +#resource "google_compute_region_backend_service" "gcp-inspec-region-backend-service" { +# project = var.gcp_project_id +# region = var.gcp_location +# name = var.region_backend_service["name"] +# description = var.region_backend_service["description"] +# protocol = var.region_backend_service["protocol"] +# timeout_sec = var.region_backend_service["timeout_sec"] +# +# health_checks = [google_compute_health_check.gcp-inspec-region-backend-service-hc.self_link] +#} +# +#resource "google_compute_http_health_check" "gcp-inspec-http-health-check" { +# project = var.gcp_project_id +# name = var.http_health_check["name"] +# request_path = var.http_health_check["request_path"] +# +# timeout_sec = var.http_health_check["timeout_sec"] +# check_interval_sec = var.http_health_check["check_interval_sec"] +#} +# +#resource "google_compute_https_health_check" "gcp-inspec-https-health-check" { +# project = var.gcp_project_id +# name = var.https_health_check["name"] +# request_path = var.https_health_check["request_path"] +# +# timeout_sec = var.https_health_check["timeout_sec"] +# check_interval_sec = var.https_health_check["check_interval_sec"] +# unhealthy_threshold = var.https_health_check["unhealthy_threshold"] +#} +# +#resource "google_compute_instance_template" "gcp-inspec-instance-template" { +# project = var.gcp_project_id +# name = var.instance_template["name"] +# description = var.instance_template["description"] +# +# tags = [var.instance_template["tag"]] +# +# instance_description = var.instance_template["instance_description"] +# machine_type = var.instance_template["machine_type"] +# can_ip_forward = var.instance_template["can_ip_forward"] +# +# scheduling { +# automatic_restart = var.instance_template["scheduling_automatic_restart"] +# on_host_maintenance = var.instance_template["scheduling_on_host_maintenance"] +# } +# +# // Create a new boot disk from an image +# disk { +# source_image = var.instance_template["disk_source_image"] +# auto_delete = var.instance_template["disk_auto_delete"] +# boot = var.instance_template["disk_boot"] +# } +# +# network_interface { +# network = var.instance_template["network_interface_network"] +# } +# +# service_account { +# scopes = [var.instance_template["service_account_scope"]] +# } +#} +# +#resource "google_compute_global_address" "gcp-inspec-global-address" { +# project = var.gcp_project_id +# name = var.global_address["name"] +# ip_version = var.global_address["ip_version"] +#} +# +#resource "google_compute_url_map" "gcp-inspec-url-map" { +# project = var.gcp_project_id +# name = var.url_map["name"] +# description = var.url_map["description"] +# +# default_service = google_compute_backend_service.gcp-inspec-backend-service.self_link +# +# host_rule { +# hosts = [var.url_map["host_rule_host"]] +# path_matcher = var.url_map["path_matcher_name"] +# } +# +# path_matcher { +# name = var.url_map["path_matcher_name"] +# default_service = google_compute_backend_service.gcp-inspec-backend-service.self_link +# +# path_rule { +# paths = [var.url_map["path_rule_path"]] +# service = google_compute_backend_service.gcp-inspec-backend-service.self_link +# } +# } +# +# test { +# service = google_compute_backend_service.gcp-inspec-backend-service.self_link +# host = var.url_map["test_host"] +# path = var.url_map["test_path"] +# } +#} +# +#resource "google_compute_target_http_proxy" "gcp-inspec-http-proxy" { +# project = var.gcp_project_id +# name = var.http_proxy["name"] +# url_map = google_compute_url_map.gcp-inspec-url-map.self_link +# description = var.http_proxy["description"] +#} +# +#resource "google_compute_global_forwarding_rule" "gcp-inspec-global-forwarding-rule" { +# project = var.gcp_project_id +# name = var.global_forwarding_rule["name"] +# target = google_compute_target_http_proxy.gcp-inspec-http-proxy.self_link +# port_range = var.global_forwarding_rule["port_range"] +#} +# +#resource "google_compute_backend_service" "gcp-inspec-tcp-backend-service" { +# project = var.gcp_project_id +# name = var.target_tcp_proxy["tcp_backend_service_name"] +# protocol = "TCP" +# timeout_sec = 10 +# +# health_checks = [google_compute_health_check.gcp-inspec-health-check.self_link] +#} +# +#resource "google_compute_target_tcp_proxy" "gcp-inspec-target-tcp-proxy" { +# project = var.gcp_project_id +# name = var.target_tcp_proxy["name"] +# proxy_header = var.target_tcp_proxy["proxy_header"] +# backend_service = google_compute_backend_service.gcp-inspec-tcp-backend-service.self_link +#} +# +#resource "google_compute_route" "gcp-inspec-route" { +# project = var.gcp_project_id +# name = var.route["name"] +# dest_range = var.route["dest_range"] +# network = google_compute_network.inspec-gcp-network.name +# next_hop_ip = var.route["next_hop_ip"] +# priority = var.route["priority"] +# # google_compute_route depends on next_hop_ip belonging to a subnetwork +# # of the named network in this block. Since inspec-gcp-network does not +# # automatically create subnetworks, we need to create a dependency so +# # the route is not created before the subnetwork +# depends_on = [google_compute_subnetwork.inspec-gcp-subnetwork] +#} +# +#resource "google_compute_router" "gcp-inspec-router" { +# project = var.gcp_project_id +# name = var.router["name"] +# network = google_compute_network.inspec-gcp-network.name +# bgp { +# asn = var.router["bgp_asn"] +# advertise_mode = var.router["bgp_advertise_mode"] +# advertised_groups = [var.router["bgp_advertised_group"]] +# advertised_ip_ranges { +# range = var.router["bgp_advertised_ip_range1"] +# } +# advertised_ip_ranges { +# range = var.router["bgp_advertised_ip_range2"] +# } +# } +#} +# +#resource "google_compute_disk" "snapshot-disk" { +# project = var.gcp_project_id +# name = var.snapshot["disk_name"] +# type = var.snapshot["disk_type"] +# zone = var.gcp_zone +# image = var.snapshot["disk_image"] +# labels = { +# environment = "generic_compute_disk_label" +# } +#} +# +#resource "google_compute_snapshot" "gcp-inspec-snapshot" { +# project = var.gcp_project_id +# name = var.snapshot["name"] +# source_disk = google_compute_disk.snapshot-disk.name +# zone = var.gcp_zone +#} +# +#resource "google_compute_ssl_certificate" "gcp-inspec-ssl-certificate" { +# project = var.gcp_project_id +# name = var.ssl_certificate["name"] +# private_key = var.ssl_certificate["private_key"] +# certificate = var.ssl_certificate["certificate"] +# description = var.ssl_certificate["description"] +#} +# +#resource "google_compute_target_https_proxy" "gcp-inspec-https-proxy" { +# project = var.gcp_project_id +# name = var.https_proxy["name"] +# url_map = google_compute_url_map.gcp-inspec-url-map.self_link +# description = var.https_proxy["description"] +# ssl_certificates = [google_compute_ssl_certificate.gcp-inspec-ssl-certificate.self_link] +#} +# +#resource "google_bigquery_dataset" "gcp-inspec-dataset" { +# project = var.gcp_project_id +# dataset_id = var.dataset["dataset_id"] +# friendly_name = var.dataset["friendly_name"] +# description = var.dataset["description"] +# location = var.dataset["location"] +# default_table_expiration_ms = var.dataset["default_table_expiration_ms"] +# +# access { +# role = var.dataset["access_writer_role"] +# special_group = var.dataset["access_writer_special_group"] +# } +# +# access { +# role = "OWNER" +# special_group = "projectOwners" +# } +#} +# +#resource "google_bigquery_table" "gcp-inspec-bigquery-table" { +# project = var.gcp_project_id +# dataset_id = google_bigquery_dataset.gcp-inspec-dataset.dataset_id +# table_id = var.bigquery_table["table_id"] +# +# time_partitioning { +# type = var.bigquery_table["time_partitioning_type"] +# } +# +# description = var.bigquery_table["description"] +# expiration_time = var.bigquery_table["expiration_time"] +#} +# +#resource "google_sourcerepo_repository" "gcp-inspec-sourcerepo-repository" { +# project = var.gcp_project_id +# name = var.repository["name"] +#} +# +#resource "google_folder" "inspec-gcp-folder" { +# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" +# display_name = var.folder["display_name"] +# parent = "organizations/${var.gcp_organization_id}" +#} +# +#resource "google_storage_bucket_object" "archive" { +# name = "index.js.zip" +# bucket = google_storage_bucket.generic-storage-bucket.name +# source = "../configuration/index.js.zip" +#} +# +#resource "google_cloudfunctions_function" "function" { +# project = var.gcp_project_id +# region = var.gcp_cloud_function_region +# name = var.cloudfunction["name"] +# description = var.cloudfunction["description"] +# available_memory_mb = var.cloudfunction["available_memory_mb"] +# source_archive_bucket = google_storage_bucket.generic-storage-bucket.name +# source_archive_object = google_storage_bucket_object.archive.name +# trigger_http = var.cloudfunction["trigger_http"] +# timeout = var.cloudfunction["timeout"] +# entry_point = var.cloudfunction["entry_point"] +# runtime = "nodejs8" +# +# environment_variables = { +# MY_ENV_VAR = var.cloudfunction["env_var_value"] +# } +#} +# +#resource "google_compute_backend_bucket" "image_backend" { +# project = var.gcp_project_id +# name = var.backend_bucket["name"] +# description = var.backend_bucket["description"] +# bucket_name = google_storage_bucket.generic-storage-bucket.name +# enable_cdn = var.backend_bucket["enable_cdn"] +#} +# +#resource "google_container_node_pool" "inspec-gcp-node-pool" { +# project = var.gcp_project_id +# name = var.regional_node_pool["name"] +# location = google_container_cluster.primary.location +# cluster = google_container_cluster.primary.name +# node_count = var.regional_node_pool["node_count"] +#} +# +#resource "google_logging_organization_sink" "my-sink" { +# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" +# name = var.org_sink.name +# org_id = var.gcp_organization_id +# +# # Can export to pubsub, cloud storage, or bigquery +# destination = "storage.googleapis.com/${google_storage_bucket.generic-storage-bucket.name}" +# +# # Log all WARN or higher severity messages relating to instances +# filter = var.org_sink.filter +#} +# +#variable "project_sink" { +# type = any +#} +# +#resource "google_logging_project_sink" "project-logging-sink" { +# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" +# project = var.gcp_project_id +# +# name = var.project_sink.name +# destination = "storage.googleapis.com/${google_storage_bucket.project-logging-bucket[0].name}" +# +# filter = var.project_sink.filter +# +# unique_writer_identity = true +#} +# +#resource "google_storage_bucket" "bucket" { +# name = "inspec-gcp-static-${var.gcp_project_id}" +# project = var.gcp_project_id +# location = var.gcp_location +# force_destroy = true +# +# labels = { +# "key" = "value" +# } +# +# retention_policy { +# retention_period = 1000 +# } +#} +# +#resource "google_storage_bucket_object" "object" { +# name = "hello-world.zip" +# bucket = google_storage_bucket.bucket.name +# source = "../configuration/hello-world.zip" +#} +# +#resource "google_app_engine_standard_app_version" "default" { +# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" +# project = var.gcp_project_id +# version_id = var.standardappversion["version_id"] +# service = var.standardappversion["service"] +# runtime = var.standardappversion["runtime"] +# noop_on_destroy = true +# entrypoint { +# shell = var.standardappversion["entrypoint"] +# } +# +# deployment { +# zip { +# source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/hello-world.zip" +# } +# } +# +# env_variables = { +# port = var.standardappversion["port"] +# } +#} +# +#resource "google_ml_engine_model" "inspec-gcp-model" { +# project = var.gcp_project_id +# name = var.ml_model["name"] +# description = var.ml_model["description"] +# regions = [var.ml_model["region"]] +# online_prediction_logging = var.ml_model["online_prediction_logging"] +# online_prediction_console_logging = var.ml_model["online_prediction_console_logging"] +#} +# +#resource "google_compute_firewall" "dataproc" { +# project = var.gcp_project_id +# name = "dataproc-firewall" +# network = google_compute_network.dataproc.name +# +# source_ranges = ["10.128.0.0/9"] +# allow { +# protocol = "icmp" +# } +# +# allow { +# protocol = "tcp" +# ports = ["0-65535"] +# } +# allow { +# protocol = "udp" +# ports = ["0-65535"] +# } +#} +# +#resource "google_compute_network" "dataproc" { +# project = var.gcp_project_id +# name = "dataproc-network" +#} +# +#resource "google_dataproc_cluster" "mycluster" { +# project = var.gcp_project_id +# region = var.gcp_location +# name = var.dataproc_cluster["name"] +# +# labels = { +# "${var.dataproc_cluster["label_key"]}" = var.dataproc_cluster["label_value"] +# } +# +# cluster_config { +# master_config { +# num_instances = var.dataproc_cluster["config"]["master_config"]["num_instances"] +# machine_type = var.dataproc_cluster["config"]["master_config"]["machine_type"] +# disk_config { +# boot_disk_type = var.dataproc_cluster["config"]["master_config"]["boot_disk_type"] +# boot_disk_size_gb = var.dataproc_cluster["config"]["master_config"]["boot_disk_size_gb"] +# } +# } +# +# worker_config { +# num_instances = var.dataproc_cluster["config"]["worker_config"]["num_instances"] +# machine_type = var.dataproc_cluster["config"]["worker_config"]["machine_type"] +# disk_config { +# boot_disk_size_gb = var.dataproc_cluster["config"]["worker_config"]["boot_disk_size_gb"] +# num_local_ssds = var.dataproc_cluster["config"]["worker_config"]["num_local_ssds"] +# } +# } +# +# # Override or set some custom properties +# software_config { +# override_properties = { +# "${var.dataproc_cluster["config"]["software_config"]["prop_key"]}" = var.dataproc_cluster["config"]["software_config"]["prop_value"] +# } +# } +# +# gce_cluster_config { +# network = google_compute_network.dataproc.self_link +# tags = [var.dataproc_cluster["config"]["gce_cluster_config"]["tag"]] +# } +# } +#} +# +#resource "google_logging_folder_exclusion" "my-exclusion" { +# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" +# name = var.folder_exclusion["name"] +# folder = google_folder.inspec-gcp-folder.0.name +# +# description = var.folder_exclusion["description"] +# +# filter = var.folder_exclusion["filter"] +#} +# +#variable "project_exclusion" { +# type = any +#} +# +#resource "google_logging_project_exclusion" "project-exclusion" { +# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" +# name = var.project_exclusion["name"] +# project = var.gcp_project_id +# +# description = var.project_exclusion["description"] +# +# filter = var.project_exclusion["filter"] +#} +# +#resource "google_filestore_instance" "instance" { +# project = var.gcp_project_id +# name = var.filestore_instance["name"] +# zone = var.filestore_instance["zone"] +# tier = var.filestore_instance["tier"] +# +# file_shares { +# capacity_gb = var.filestore_instance["fileshare_capacity_gb"] +# name = var.filestore_instance["fileshare_name"] +# } +# +# networks { +# network = var.filestore_instance["network_name"] +# modes = [var.filestore_instance["network_mode"]] +# } +#} +# +#resource "google_logging_folder_sink" "folder-sink" { +# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" +# name = var.folder_sink.name +# folder = google_folder.inspec-gcp-folder.0.name +# +# destination = "storage.googleapis.com/${google_storage_bucket.generic-storage-bucket.name}" +# +# filter = var.folder_sink.filter +#} +# +#resource "google_runtimeconfig_config" "inspec-runtime-config" { +# project = var.gcp_project_id +# name = var.runtimeconfig_config["name"] +# description = var.runtimeconfig_config["description"] +#} +# +#resource "google_runtimeconfig_variable" "inspec-runtime-variable" { +# project = var.gcp_project_id +# parent = google_runtimeconfig_config.inspec-runtime-config.name +# name = var.runtimeconfig_variable["name"] +# text = var.runtimeconfig_variable["text"] +#} +# +#resource "google_redis_instance" "inspec-redis" { +# project = var.gcp_project_id +# name = var.redis["name"] +# tier = var.redis["tier"] +# memory_size_gb = var.redis["memory_size_gb"] +# +# location_id = var.redis["location_id"] +# alternative_location_id = var.redis["alternative_location_id"] +# +# redis_version = var.redis["redis_version"] +# display_name = var.redis["display_name"] +# reserved_ip_range = var.redis["reserved_ip_range"] +# +# labels = { +# "${var.redis["label_key"]}" = var.redis["label_value"] +# } +#} +# +#resource "google_compute_network_endpoint_group" "inspec-endpoint-group" { +# project = var.gcp_project_id +# name = var.network_endpoint_group["name"] +# network = google_compute_subnetwork.inspec-gcp-subnetwork.network +# subnetwork = google_compute_subnetwork.inspec-gcp-subnetwork.self_link +# default_port = var.network_endpoint_group["default_port"] +# zone = var.gcp_zone +#} +# +#data "google_compute_node_types" "zone-node-type" { +# project = var.gcp_project_id +# zone = var.gcp_zone +#} +# +#resource "google_compute_node_template" "inspec-template" { +# project = var.gcp_project_id +# region = var.gcp_location +# +# name = var.node_template["name"] +# node_type = data.google_compute_node_types.zone-node-type.names[0] +# +# node_affinity_labels = { +# "${var.node_template["label_key"]}" = var.node_template["label_value"] +# } +#} +# +#resource "google_compute_node_group" "inspec-node-group" { +# project = var.gcp_project_id +# name = var.node_group["name"] +# zone = var.gcp_zone +# description = var.node_group["description"] +# +# size = var.node_group["size"] +# node_template = google_compute_node_template.inspec-template.self_link +#} +# +#resource "google_compute_router_nat" "inspec-nat" { +# project = var.gcp_project_id +# name = var.router_nat["name"] +# router = google_compute_router.gcp-inspec-router.name +# region = google_compute_router.gcp-inspec-router.region +# nat_ip_allocate_option = var.router_nat["nat_ip_allocate_option"] +# source_subnetwork_ip_ranges_to_nat = var.router_nat["source_subnetwork_ip_ranges_to_nat"] +# min_ports_per_vm = var.router_nat["min_ports_per_vm"] +# +# log_config { +# enable = var.router_nat["log_config_enable"] +# filter = var.router_nat["log_config_filter"] +# } +#} +# +#resource "google_project_service" "project" { +# project = var.gcp_project_id +# service = var.service["name"] +#} +# +#resource "google_service_account" "spanner_service_account" { +# project = var.gcp_project_id +# account_id = "${var.gcp_service_account_display_name}-sp" +# display_name = "${var.gcp_service_account_display_name}-sp" +#} +# +#resource "google_service_account_key" "userkey" { +# service_account_id = google_service_account.spanner_service_account.name +# public_key_type = "TYPE_X509_PEM_FILE" +#} +# +#resource "google_spanner_instance" "spanner_instance" { +# project = var.gcp_project_id +# config = var.spannerinstance["config"] +# name = var.spannerinstance["name"] +# display_name = var.spannerinstance["display_name"] +# num_nodes = var.spannerinstance["num_nodes"] +# labels = { +# "${var.spannerinstance["label_key"]}" = var.spannerinstance["label_value"] +# } +#} +# +#resource "google_spanner_instance_iam_binding" "instance" { +# project = var.gcp_project_id +# instance = google_spanner_instance.spanner_instance.name +# role = "roles/editor" +# +# members = [ +# "serviceAccount:${google_service_account.spanner_service_account.email}", +# ] +#} +# +#resource "google_spanner_database" "database" { +# project = var.gcp_project_id +# instance = google_spanner_instance.spanner_instance.name +# name = var.spannerdatabase["name"] +# ddl = [var.spannerdatabase["ddl"]] +#} +# +#resource "google_cloud_scheduler_job" "job" { +# project = var.gcp_project_id +# region = var.scheduler_job["region"] +# name = var.scheduler_job["name"] +# description = var.scheduler_job["description"] +# schedule = var.scheduler_job["schedule"] +# time_zone = var.scheduler_job["time_zone"] +# +# http_target { +# http_method = var.scheduler_job["http_method"] +# uri = var.scheduler_job["http_target_uri"] +# } +#} +# +#variable "service_perimeter" { +# type = any +#} +# +#resource "google_access_context_manager_service_perimeter" "service-perimeter" { +# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" +# parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}" +# name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}/servicePerimeters/${var.service_perimeter["name"]}" +# title = var.service_perimeter["title"] +# status { +# restricted_services = [var.service_perimeter["restricted_service"]] +# } +#} +# +#resource "google_access_context_manager_access_policy" "access-policy" { +# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" +# parent = "organizations/${var.gcp_organization_id}" +# title = var.service_perimeter["policy_title"] +#} +# +#resource "google_access_context_manager_access_level" "access-level" { +# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" +# parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}" +# name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}/accessLevels/os_lock" +# title = "os_lock" +# basic { +# conditions { +# device_policy { +# require_screen_lock = true +# } +# regions = [ +# "CH", +# "IT", +# "US", +# ] +# } +# } +#} +# +#variable "firewall" { +# type = any +#} +# +#resource "google_compute_firewall" "mm-firewall" { +# project = var.gcp_project_id +# name = var.firewall["name"] +# enable_logging = true +# network = google_compute_network.inspec-gcp-network.name +# +# allow { +# protocol = "tcp" +# ports = ["80", "8080", "1000-2000"] +# } +# +# source_tags = [var.firewall["source_tag"]] +#} +# +#variable "address" { +# type = any +#} +# +#resource "google_compute_address" "internal_with_subnet_and_address" { +# project = var.gcp_project_id +# name = var.address["name"] +# subnetwork = google_compute_subnetwork.inspec-gcp-subnetwork.self_link +# address_type = var.address["address_type"] +# address = var.address["address"] +# region = var.gcp_location +#} +# +#variable "instance_group" { +# type = any +#} +# +#resource "google_compute_instance_group" "inspec-instance-group" { +# project = var.gcp_project_id +# zone = var.gcp_zone +# name = var.instance_group["name"] +# description = var.instance_group["description"] +# +# named_port { +# name = var.instance_group["named_port_name"] +# port = var.instance_group["named_port_port"] +# } +#} +# +#variable "instance" { +# type = any +#} +# +#resource "google_compute_instance" "inspec-instance" { +# project = var.gcp_project_id +# zone = var.gcp_zone +# name = var.instance["name"] +# machine_type = var.instance["machine_type"] +# +# tags = [var.instance["tag_1"], var.instance["tag_2"]] +# +# boot_disk { +# initialize_params { +# image = "debian-cloud/debian-9" +# } +# } +# +# network_interface { +# network = "default" +# +# access_config { +# // Ephemeral IP +# } +# } +# +# metadata = { +# "${var.instance["metadata_key"]}" = var.instance["metadata_value"] +# } +# +# metadata_startup_script = var.instance["startup_script"] +# +# service_account { +# scopes = [var.instance["sa_scope"]] +# } +#} +# +#variable "network" { +# type = any +#} +# +#resource "google_compute_network" "inspec-network" { +# project = var.gcp_project_id +# name = var.network["name"] +# routing_mode = var.network["routing_mode"] +#} +# +#variable "subnetwork" { +# type = any +#} +# +#resource "google_compute_subnetwork" "subnet-with-logging" { +# project = var.gcp_project_id +# region = var.gcp_location +# name = var.subnetwork["name"] +# ip_cidr_range = var.subnetwork["ip_cidr_range"] +# network = google_compute_network.inspec-network.self_link +# +# log_config { +# aggregation_interval = var.subnetwork["log_interval"] +# flow_sampling = var.subnetwork["log_sampling"] +# metadata = var.subnetwork["log_metadata"] +# } +#} +# +#variable "rigm" { +# type = any +#} +# +variable "sql_connect" { + type = any +} +# +#resource "google_compute_region_instance_group_manager" "inspec-rigm" { +# project = var.gcp_project_id +# region = var.gcp_location +# name = var.rigm["name"] +# +# base_instance_name = var.rigm["base_instance_name"] +# +# version { +# instance_template = google_compute_instance_template.gcp-inspec-instance-template.self_link +# } +# +# target_pools = [google_compute_target_pool.gcp-inspec-target-pool.self_link] +# target_size = var.rigm["target_size"] +# +# named_port { +# name = var.rigm["named_port_name"] +# port = var.rigm["named_port_port"] +# } +# +# auto_healing_policies { +# health_check = google_compute_health_check.gcp-inspec-health-check.self_link +# initial_delay_sec = var.rigm["healing_delay"] +# } +#} +# +#variable "vpn_tunnel" { +# type = any +#} +# +#resource "google_compute_vpn_tunnel" "tunnel1" { +# project = var.gcp_project_id +# name = var.vpn_tunnel["name"] +# peer_ip = var.vpn_tunnel["peer_ip"] +# shared_secret = var.vpn_tunnel["shared_secret"] +# +# remote_traffic_selector = ["0.0.0.0/0"] +# local_traffic_selector = ["0.0.0.0/0"] +# target_vpn_gateway = google_compute_vpn_gateway.inspec-gcp-vpn-gateway.self_link +# +# depends_on = [ +# google_compute_forwarding_rule.inspec-gcp-fr-esp, +# google_compute_forwarding_rule.inspec-gcp-fr-udp500, +# google_compute_forwarding_rule.inspec-gcp-fr-udp4500, +# ] +#} +# +#variable "alert_policy" { +# type = any +#} +# +#resource "google_monitoring_alert_policy" "alert_policy" { +# project = var.gcp_project_id +# display_name = var.alert_policy["display_name"] +# combiner = var.alert_policy["combiner"] +# conditions { +# display_name = var.alert_policy["condition_display_name"] +# condition_threshold { +# filter = var.alert_policy["condition_filter"] +# duration = var.alert_policy["condition_duration"] +# comparison = var.alert_policy["condition_comparison"] +# aggregations { +# alignment_period = "60s" +# per_series_aligner = "ALIGN_RATE" +# } +# } +# } +#} +# +#variable "dns_managed_zone" { +# type = any +#} +# +#variable "gcp_dns_zone_name" {} +# +#resource "google_dns_managed_zone" "example-zone" { +# project = var.gcp_project_id +# name = var.dns_managed_zone["name"] +# dns_name = "${var.gcp_dns_zone_name}" +# description = var.dns_managed_zone["description"] +# dnssec_config { +# state = var.dns_managed_zone["dnssec_config_state"] +# default_key_specs { +# algorithm = "rsasha256" +# key_type = "zoneSigning" +# key_length = 2048 +# } +# default_key_specs { +# algorithm = "rsasha512" +# key_type = "keySigning" +# key_length = 2048 +# } +# } +#} +# +#variable "logging_metric" { +# type = any +#} +# +#resource "google_logging_metric" "logging_metric" { +# project = var.gcp_project_id +# name = var.logging_metric["name"] +# filter = var.logging_metric["filter"] +# metric_descriptor { +# metric_kind = var.logging_metric["metric_kind"] +# value_type = var.logging_metric["value_type"] +# } +#} +# +#variable "compute_image" { +# type = any +#} +# +#resource "google_compute_image" "example" { +# project = var.gcp_project_id +# name = var.compute_image["name"] +# +# raw_disk { +# source = var.compute_image["source"] +# } +#} +# +#variable "gcp_organization_iam_custom_role_id" {} +# +#resource "google_organization_iam_custom_role" "generic_org_iam_custom_role" { +# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" +# org_id = var.gcp_organization_id +# role_id = var.gcp_organization_iam_custom_role_id +# title = "GCP Inspec Generic Organization IAM Custom Role" +# description = "Custom role allowing to list IAM roles only" +# permissions = ["iam.roles.list"] +#} +# +#variable "security_policy" { +# type = any +#} +# +#resource "google_compute_security_policy" "policy" { +# project = var.gcp_project_id +# name = var.security_policy["name"] +# +# rule { +# action = var.security_policy["action"] +# priority = var.security_policy["priority"] +# match { +# versioned_expr = "SRC_IPS_V1" +# config { +# src_ip_ranges = [var.security_policy["ip_range"]] +# } +# } +# description = var.security_policy["description"] +# } +# +# rule { +# action = "allow" +# priority = "2147483647" +# match { +# versioned_expr = "SRC_IPS_V1" +# config { +# src_ip_ranges = ["*"] +# } +# } +# description = "default rule" +# } +#} +# +#variable "memcache_instance" { +# type = any +#} +# +#resource "google_compute_network" "memcache_network" { +# provider = google-beta +# project = var.gcp_project_id +# name = "inspec-gcp-memcache" +#} +# +#resource "google_compute_global_address" "service_range" { +# provider = google-beta +# project = var.gcp_project_id +# name = "inspec-gcp-memcache" +# purpose = "VPC_PEERING" +# address_type = "INTERNAL" +# prefix_length = 16 +# network = google_compute_network.memcache_network.id +#} +# +#resource "google_service_networking_connection" "private_service_connection" { +# provider = google-beta +# network = google_compute_network.memcache_network.id +# service = "servicenetworking.googleapis.com" +# reserved_peering_ranges = [google_compute_global_address.service_range.name] +#} +# +#resource "google_memcache_instance" "instance" { +# provider = google-beta +# name = var.memcache_instance["name"] +# project = var.gcp_project_id +# region = var.gcp_location +# authorized_network = google_service_networking_connection.private_service_connection.network +# +# node_config { +# cpu_count = 1 +# memory_size_mb = 1024 +# } +# node_count = 1 +#} +# +#resource "google_compute_interconnect_attachment" "on_prem" { +# name = "on-prem-attachment" +# edge_availability_domain = "AVAILABILITY_DOMAIN_1" +# type = "PARTNER" +# router = google_compute_router.gcp-inspec-router.id +# mtu = 1500 +#} +# +resource "google_sql_ssl_cert" "client_cert" { + common_name = var.sql_connect["common_name"] + instance = var.gcp_db_instance_name +} + +resource "google_data_loss_prevention_stored_info_type" "basic" { + parent = "projects/my-project-name" + description = "Description" + display_name = "Displayname" + + regex { + pattern = "patient" + group_indexes = [2] + } +} + + + + +resource "google_vertex_ai_tensorboard" "tensorboard" { + display_name = "terraform-${local.name_suffix}" + description = "sample description" + labels = { + "key1" : "value1", + "key2" : "value2" + } + region = "us-central1" +} + + +resource "google_ml_engine_model" "default" { + name = "default-${local.name_suffix}" + description = "My model" + regions = ["us-central1"] +} + + +resource "google_vertex_ai_featurestore" "featurestore" { + name = "terraform-${local.name_suffix}" + labels = { + foo = "bar" + } + region = "us-central1" + online_serving_config { + fixed_node_count = 2 + } +} + +resource "google_vertex_ai_featurestore_entitytype" "entity" { + name = "terraform-${local.name_suffix}" + labels = { + foo = "bar" + } + featurestore = google_vertex_ai_featurestore.featurestore.id +} + +resource "google_vertex_ai_featurestore_entitytype_feature" "feature" { + name = "terraform-${local.name_suffix}" + labels = { + foo = "bar" + } + entitytype = google_vertex_ai_featurestore_entitytype.entity.id + + value_type = "INT64_ARRAY" +} + + +resource "google_vertex_ai_index_endpoint" "index_endpoint" { + display_name = "sample-endpoint" + description = "A sample vertex endpoint" + region = "us-central1" + labels = { + label-one = "value-one" + } + network = "projects/${data.google_project.project.number}/global/networks/${data.google_compute_network.vertex_network.name}" + depends_on = [ + google_service_networking_connection.vertex_vpc_connection + ] +} + +resource "google_service_networking_connection" "vertex_vpc_connection" { + network = data.google_compute_network.vertex_network.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.vertex_range.name] +} + +resource "google_compute_global_address" "vertex_range" { + name = "address-name-${local.name_suffix}" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 24 + network = data.google_compute_network.vertex_network.id +} + +data "google_compute_network" "vertex_network" { + name = "network-name-${local.name_suffix}" +} + +data "google_project" "project" {} + + +resource "google_service_directory_namespace" "example" { + provider = google-beta + namespace_id = "example-namespace-${local.name_suffix}" + location = "us-central1" +} + +resource "google_service_directory_service" "example" { + provider = google-beta + service_id = "example-service-${local.name_suffix}" + namespace = google_service_directory_namespace.example.id +} + +resource "google_service_directory_endpoint" "example" { + provider = google-beta + endpoint_id = "example-endpoint-${local.name_suffix}" + service = google_service_directory_service.example.id + + metadata = { + stage = "prod" + region = "us-central1" + } + + address = "1.2.3.4" + port = 5353 +} + + +resource "google_service_directory_namespace" "example" { + provider = google-beta + namespace_id = "example-namespace-${local.name_suffix}" + location = "us-central1" +} + +resource "google_service_directory_service" "example" { + provider = google-beta + service_id = "example-service-${local.name_suffix}" + namespace = google_service_directory_namespace.example.id +} + +resource "google_service_directory_endpoint" "example" { + provider = google-beta + endpoint_id = "example-endpoint-${local.name_suffix}" + service = google_service_directory_service.example.id + + metadata = { + stage = "prod" + region = "us-central1" + } + + address = "1.2.3.4" + port = 5353 +} + + +resource "google_service_directory_namespace" "example" { + provider = google-beta + namespace_id = "example-namespace-${local.name_suffix}" + location = "us-central1" +} + +resource "google_service_directory_service" "example" { + provider = google-beta + service_id = "example-service-${local.name_suffix}" + namespace = google_service_directory_namespace.example.id +} + +resource "google_service_directory_endpoint" "example" { + provider = google-beta + endpoint_id = "example-endpoint-${local.name_suffix}" + service = google_service_directory_service.example.id + + metadata = { + stage = "prod" + region = "us-central1" + } + + address = "1.2.3.4" + port = 5353 +} + + +resource "google_service_directory_namespace" "example" { + provider = google-beta + namespace_id = "example-namespace-${local.name_suffix}" + location = "us-central1" +} + +resource "google_service_directory_service" "example" { + provider = google-beta + service_id = "example-service-${local.name_suffix}" + namespace = google_service_directory_namespace.example.id +} + +resource "google_service_directory_endpoint" "example" { + provider = google-beta + endpoint_id = "example-endpoint-${local.name_suffix}" + service = google_service_directory_service.example.id + + metadata = { + stage = "prod" + region = "us-central1" + } + + address = "1.2.3.4" + port = 5353 +} + + +resource "google_datastore_index" "default" { + kind = "foo" + properties { + name = "property_a-${local.name_suffix}" + direction = "ASCENDING" + } + properties { + name = "property_b-${local.name_suffix}" + direction = "ASCENDING" + } +} + diff --git a/build/inspec/test/integration/configuration/hello-world.zip b/build/inspec/test/integration/configuration/hello-world.zip new file mode 100644 index 0000000000000000000000000000000000000000..34c746dd389de9234b3a34c14a410ca34fe63c8d GIT binary patch literal 58362 zcmZtLLy#s4uqEKKx@_CFZQHi}mu=g&ZQEv-?JnDz`)2nhW}DmdMMlO+MHx^qR3IQA zC?M@FNQKuG>}*{SARsI-ARy%brj};5whnae4$iiw3`UNQ^wt1h6(gH1M#OLY3IC4J zz}&g!Wh^8uOWl^Rkqd5tN|T4Mv;Kw{4%U5=LTTb@a&HRg5Qgw>jYwK|kRguh`l(Bbz` z!jPC(+QA2nXX{lE?6!ZDwJc$gp*b23L4a@n)X+IXhi?82V$mXO*{=H*JPu#dSL@A z+q)p`u5Ee}7H*qGnPC{ly-ANqyB5jDf*afiZBJGip$V7XD9SK{vt7V(*msAKrsYZ8 z!L`qPYznM?sY&&(-GbXM&zTqnn`lTPzhyEky@ODPaVV#H92tw7INaqWDu1oqqK#PR z)8$-YAVG91Gd}6!#juMc=uup8t47nb7$txqg|Olyg<}m(T6hrJ-R$cFH4>r3LL*2N zAM^z^!3MLS3X3gJ(@k*<_MK_pgq0uc%GzhP=>=6#HS|_RV`=dQYF7uDF7E4H$;8Jy zvT|eNxnqN06PW$uE_tlyA1?$O6IMI0lZN0a(1GwJZ!MzPDT8u<8yEd_5-LHQ(ey z>%xOoYYpDI%#J7WS?scA3{jnYcX0+sAXU<$EmR@Hc4QOYhMDYdL>_WyO=}6-dS~l- z3^JqzzZLL|7IJq)1*N<$Xr90~JrINg$s=onmkj(n-bPeNDy&e~_k^WKkEu``zRNS{ zJP4_+kEj1fh%?QL&A%03*P{94D}aHq+sVFC6=$$mt_R(|r;}OG=%}KLF8vYECc4?c6e$IWgViD0y(V@_+1~n1rM8MlV zrZA9kJUsG{q#O4JaZq58U>ltTPwL64=2|3N@dO=v7+D|&AiZQ*VKzLs!{$yxxoLWy z*WI45@jDjlp(;S`I6^#Wb{*>2A&i@yKOb?KT0|o8gCP59;>huy-Gvj#v*gYcvdDr$ zUxo95V=HQ2h7Ne9JE*jgf`ff1Ap|-ZfdyW}6W)>^ATV za^+03dooQKgbwZ-HWYb+s6B{U&W^50Jaud6X7vhaG4%hun-rL2=OCa|O!&UBH*%OQMU(8oxgmyx2c5V%u;xDxpzQprdB z>fwPL?7k5*+FNJpAK6{4b|% z)wy?gaVH?kIeU2QZ1uI0twKd-OCf1z{YsN%ZLmyDn}39Bx6iW|;xc2cAaLK28qHds z=7BF#OZP&qgqUfl4)!?P171GT&=Oi%$ODRwsEbt7_ybxGlK=uqf?-tx1EOxfUmu`V z?bigd8?g3L;{Ap~OsbxB%W!f+)5*i<@^*I%xb0&8ZId;|`U0ShI#9U3v(;R|_(=2V z`PrH7Mm?a^ylP=7kGGxF8bmy(^jN07HPXjTI}(3k+udBz$mZAZc(zvm(;MNl>|z7- z{Pprn>+k>HIdk8pHkNDv0rmQV0^$AtbEdO(FtPc+VUOr&Ib2M%`SmY-Bh-Fhh}^|+ zEhW|sg6>0a!Hyx&d5-OS4!u?Ue!5P8NfGX1b+tF4m0PRTRz24?>i*pR{>&5je?`SC zyg%Ox_+d#Mislh;_12<*Io%>!1b$x{P-IO_It#?zOb+ne!F$=l8{6D|1U7r!gyC~D zQ_y|SOm3wS)8vMWZ&_ij%bUKJ$Nlbdw9WonsEY5g%2NCz6WX9J(6DWOOW0!|acaVt znsz0;<{k)l&FRv%cT(hf@!e~qO#0gU_B-|P(>EROri6BX*URzzM(B9<=HT|G$a4=} z%ej9p9=d1l=iFtPYlnas>{Z02KN6f;Y=wY7`Cio$X6-k?J9y^h9#JAB$})@|i6PSE zQd8fxE*wyl%S5B213WJ5e;B31yZzj)=iZ16k((doe%gS zD^@a~gDe$C52(|ldVoqGGGeBA%T>eVEP;SEMniPv-$?TARGAa&p>BP)=BYnv%ee9srJt6mw80l?ATKuqr zT%s+Sh*;Xvfj3!lP(uI2N0UW5xO_IV_@AEpe?)f&{FnwNliwW0VRpja7N&-|CTrHH z)&J?N?GS!hN$xRP5&0~y@;Lni+OQ;wONd~za&H5=J1CT8BfrdkFm0HE_-PBXQAZwe zxly`$S&$al`?zE-q14-sjRRF~9a0?~V--kUH||@qe9jOJ(w1d>Cj~kQ&Rs-sidEHbsE2A9bVYx*}ro#HbylfV+GC zqElq>e}ce^m3AI?JP#S;Ut%^k-28IxkLwj`p#n9)ly_e@wZiK5F@ru5oulQawI0=F zinhYmzR-7NpNhbua)oF4VKy^Ib@+^Xw+g}MXnpRrTlit<^601FGUXtR$qRnlLY~7n z&EAn|&8-Yp1>G=V3(2I(+Zdq6un#ppnypeBzR>Dm!Tc-fvVM%vDC6AMRh?dtJKJ8d zY0!#fTZ|VY2A`0iF-gge46T;OmaO|@z2C1mioXA&|aDE*(Sb&Yw}? zI7G?_a|T*9(-HneQe|?etCNH#aSdzdhMb;x@+3^+$$limwH~MCHIIMTLDaE6IkwK1DvA|)eqHkFPOL6= z7pc<-d8k>@01w`Qqo1wlHpC})2z|U;;E`KV62t)wcCUg+2hDtJYei{qMfbkFS613`yJ@+BrIs$kzCM(muhEF+3L$m@3{uik%lhnM#nH((F z-y}ES;B(LciNq#?7mP2>D!?AkEro5jkgWmN<$alMIP(IUn2%3+ED5)Mlf1mfXIf$bI+i;9v$gDO37 zGM0Kvx}dSAz6KogJQs+}y-|WTKY@P!v=d-$G^UE)cq^@|Kg_fF)IR`z%Y=jtAS*wa z_4hCN%iOh1APrTN)E4y6=b(VKp@$moW-lrdP~_$gJas6JnOPbNn0QdWM_du3Bm;se z@OyY~=8cf&_7`5nZIu7G9clxciBW{I-M>?R3X96;g1t&z4fDe_(@AcXx&1{!^zRcs ztggC88qQx1%g!-C-6z+wm=P0`-d4(V9*!joVbOcIQ$!b5#{$+_hO){Y zJvBD2I6w@BT#v#YQe``uG66buoO@HH{0D?5rgmOtKnG$#_O%yvxr}AO(502(4;qJ& zqwm;lc@u-eHNwh`PeI<403`2VZZ{f{YBPg|hgt4M!tPq=p{XtL!wK&@vAXmF)d;nx z$*{eMucap6SQE^yLmp*iZW2lotM`&^y9|g**TYiy)30yVSM||{w(Gw3062K2>&7V9 zdvS$t#FEWq85eo9RzaH(RfhbB?7FJkM+$BRBFt@irl^9F(~*HO88mKgYR`hkgdDHj zByDHTvvG@NePKkBGIQzJPZE5W58a4RzR4#bdsx%qh5AirsN3WPeAv{>0yWmt5BG)| zQqd~;nG!xnjCmi}s9yhhFC@4IJ<1}(vateBT{U4jUGIYR2+3Mu;Y#&d9o(GHo#xLf z>;Ohrp529h$Iv}iA8_Xb;SU;K{}*Geqc`xdv>Nan_-}!U2%TmFT>KvsGUTNP^OR6BwZ!4S>mVK&>Sqh}dRLfg`8_m{Wv*GN@1S z5l7D6Q9=({pMYw64ZGoZeWHBAkB7`n|ZL0CgHomFFiWi|l^LzG^w->@Yz})Nbj<|j~KX=wC zSnQ;tzkEeeXtTvhD&iB08;Vv>WYoSa5Y&em85e)i!&CPVZDWs8u2VC(%nGCu*(!BL zJRp|l8Brvz4hIp<7uSbd*jHPErJU}5&)@wE5P85>cBa{*u*jt+sv8OF8PEtCugF9~ zIQ8QuceK*xqQwRxhlIOIG-ET=xTj&6MD+5Pb8BQNVk?9c$=Dbd2ZH^Cl=wLbNh$qjDX;CT4WXGm@2#Lnt`V*T|m>M$L&U-T>3xCPiIA)%}X^e0|Dz% zJfkz;$aw6>Imefw&@*Wd9f2{NlD5QiWDr9Vwj&swB7=&i^1Oa?^az>a>6th0CRSML zT*7P7$Yu>6(?o3~S^2}~UXtHj?cTBHSY8^G+&mU!H#VPP?ul3|dRJ>5(6*ypi-l0h zrXZ-*=S%Puo`()ZvD@gx%Ci_JNm>PQxLkq213`r*W{kjJN4UX=_Gv3+Z=Pp9WaIxJ z7HzuwgQm~y`E<{oK*q!X4h#1$BD^kV3zBD^Y+GQ@VY|4X>x#hSlq54WZqZaSZ$e;} zWIGelxH*qu5=~WYElV{yc$70}ipFcQR`WQ3$-jCGv}OrDXo2H+z5KxMkh)acE291_ zik?mxJJX1J&DbjE!Br}AXu?L@_XUP5&9y?9_=y-RVC6t~4kO&!oZtN3vcty6%Ae#i zm3I{+ab6ka#r*wz&iBa0Exf?$&|fD-4LV7`m23Y923_0?jwqPF%Fk~Ly}WL6W*M-I zVlLoW#3RL&uOUo~&+pY5InvB@C$R%o4!Nhx8wZe?wt=vRuQ^31K4u@w+y0;E;5{L$U9>1k}h3Ig)C6YB;_IX5?&Z(?W*k zomlFc7gLVUBQX?Utls2YP2E#FMZYgxpXc}et}j0J_IY>DzVUxdc%68iPoYvu>RJ)W|5 zgj=61S700bwIS_&ofq^F>OK?mhks$_F}CXwUB+;hnk$*Bv_~}A8sMun$29V$D0|RlvMW%i-g5Rmn!KTFKJOj*!=zqp<~0)e>QvkqHFgb zRre#*>*ReycZILPGs4D_C zE=%XXk%nC9VH{ho8MgkE2!jUVf&_!x9ZaYr(xgW_Q%)O^Rpje@?Lakj8H&m4WEp-^q==MrtJQm{`B6 zez~Wftc-j3hiBz9`zQ#_eezU~;f}CBsW$AcAlZ|MU$XOKOWPg&-dP`>&lf8hsJ!C| zj<)la4GHq`dyyWV8L0f{7X2r_`RqD`H#ZK_572k0J2;_aQs9?}rjh?t;=&YIT~!lm zSbD*}i6=}F%g3p*mYMow%u!paQA%n-<}jv(I;~tmszJb|KwDf}=e&{UFMeB}XNLZ^ z3B2pAc$_`1_Yc$cn1ALm_mrJq;V*3CNi~CzICJA;-$||#^MRX+8dMxB^EgAr1~3K1 zld@+4i?I!JSkDFk(D#<5&A3%ovMro!>!;5hJB<_hNo*Z|vxk1X-NWp2aQs&*b-SS+ z1HE$aJbwewd1rTnzMs~ymK*2UdpM7Kel2dLvvNi=pA0hp9U=CZkK>XX--U6++=pG` z@MNsijD_E}BkY&^ugjeAGBsQTs*S63f=rs_ zS{q*F9F-;Yi_7SN^LPPjlN!PXH2Slm-PT+yiE=E-`){-8MjL-V?Aa}MK?k%Zz4)~Y z-!)v_^)D)GT!_i&G1#=DCL@m*r?#mEna{bo6_D4FNgvU5CYqdc#@Dd*7plmFEwS0q z085`Sd*`_>gvL}Co0cecbehtdk5qOT4WRQZQsVw}b9dOwd{e7Ea@hC@)W`Zic9B0k zYMyj|$?Uw4-dCyZzy6)QH4ebXInHOD^j{)9_}yZi?AFz%-(@{*4gPYdm=1C&q>1it zMJpZJXzNqi{s~Ya8_se;I6EG0zkM9pGVLb`BI$p|a_7e)!csg^%=Y3#^PVQd5kt5HhbYaPO_-Hl3Zu#S(Wl zWd+krrB?6AwG(-H3+;-Z>}}$}W8J%0)taDN%?7feT0|slCa?209zV0Y(FXJ|At7buUZ5GeJH_Kc_iejz-b~K z0FiCkH}R{rN70N9VU*Pv_}Wgh6HDnzv2xR*#;!ad+=@&iYJ)DFtr#Y;#clT>b_Q89 z5p8#(c)wk6Nd-wAh!|Ga)I3>x3HVWDASus?SW6SuZ!$HT@1u)G-$E}?2-VKWhU{Ea zLvP=^Lfwg;LcTz_S2m8QGp@YDtgyD)WEqeL0BLn@!V0^u8w4nGgB^W zAXsN+2$f$Gt?OU&&ktJ{#|KwWyG%og7U&)&F1aq`U=XPcJCtKy!`${}@|2s5Z2IzK z9%`p$H_1no*{5Ppg6r6suwSdOdQ$@v9iI|oDU#mcu#=kkTR>MZzA+XqK@<-p86bisW zntBna2Uu=#5-Kq>>M~HtUg$#JdNTae<3_)P45xFLm|#pSWg+kmaVqTC&(}gG(7)Rt z4y#`F6j4|e;Jc;3yFLR3W-r_NSSRMt8QpKY?lvO}1P=~u%gZuToo!$Cxl*tXho`R=i9Fk4c+zRT8Cxzo$6jq<1fX>;zlUP6E&L zzxuTr%c!b2nBABo#mK?bu1`DyQA*T~;_ktZ(l&g15*6c9ub<<*JPMBFFaNR=)I!e= z1eeP*B`3YrA!oG3tOzcu+H^nPD>-0(wzuj&UpF`Uv6j3_Cl_kRMPy%MldCU1dQ<27 zMNFQ%tXOnLyklLx%fbW^m;6kQJ2MX+U!*povwnZ44>ECiRP<yQI-YCz7|r+EMw0?GisxkT5-an^-e|+W{Qh+G@lu*O1?jY2SRiriBTV6 zgI+Akd7EUFHdv7!N9gGumI72Yz8o7=bNFC=LXrD1=G)M5Q!7IJ;Vy{)yqVSM1Z5}O zoQ|5b5O_&9vrlr);P;(3MK20(nJt(2qohgvU|S!?KVeZqIn_9d-9C}$-FWlHO%H}f zyV$PiAd!=LDN1{|crz+o-9ygD;@kcPGrk6wHwon`v@JAh!F=V`%F@ z_SRlG5*`{kYbdhkVD=>t8-Kftt4l%9Z#9Jhpxi%FM(CRx4#ZGmEf^$GMA{-7;2a}( z39#|pj80Usz=t0nKtBsI5r-r1v#kF2uuyFD5U}j)?>>S;C&H&)8Xl9g&@7fNVu7P7 zc@%Ru{eW8!U?5Ncm_=DJ4pz12N2q&l5BDYf;)OKKcgmD0}^C?%G zDUKnP$eRNo9Rn%6c!5k;s3v4kXyvT5zI8BKhHLno8N#g~9`53_rF<;9zW#!`T|=37_`>spUp zevypkI!7ILCQe&2|D$g}2oMVsf1M_6G;}`l{x}(lO}ihM>q=t3obANB;70Pv$(i{F z3+nFl(<1e;b>FpptBGOo#MZ&pV5$%A6vrmxioIu#-o`3@TCvQTh+!f3+HoCgrVREm$~sObN+4UuEwRkdKYG+P-kq{ z9a~2~j_R!Me71s`0!p9Ni%H2i+XC%rwEM$L7qPbeJqkIBB5zkhM;=k@H!So-(6y%|hL`!;*c3|5;0wmp!>uXm7k@3A zhOCzpL;O9;yei3~qj01@fr0e*gaWZ{1N0P8)RRXB&)f!CWah-rXZN=GDd0Z3@vsg| z4u#@ABR?u>XJ`06({d6dE%J}vO(Z_T2$ef`CsGN+s&iFnGZ%73!fprTaafaYwgfMG2W?#=C+z*#t zB+7;9(d=8zK%9H$LY*c+Cm2JE^+aSiLr+YEIc!=s4Cvg&5{t1De@0QO0r8u07Y-OR zj@VIg3FUPhVh3vhlSK}z#hY#rl)yP-Wb7sH-@(nPb@*$$!&>Zd^l(4>Q88=}uJ&Vt z^vXW#PAI|Azb(|fjb%knL^?yBonVdHARszC`k5$n&YUidvry`=3;h{ajSJfp8;H{gLV!?jG* zWIHtECu|X`f?yC#ytt4O8sM0VHkV0O@)g0Y@h0-8mk*@orH*O}>BO-cUCDipZvAu; zXZaa4S>D98-;I7ngw_O8IorhDDqbsC5%65$uZ;cs681&)11GoF{#Qx#`F3XjDe^|{x zf-N`mJ!C*JHJMH*+{Q{J22~XBg8%)7E#`aspp+jczF16DywhVWt$EnBWw7_=DVNnY=S!=qCG)&lx+7D150y^f-)aOZPUFWDSRQvRI_s??$X``jB+e84IUJM-zS% z(E#oEM5hy0CVaCO)4RfqW9MP$=~SxmsmwfoU|A$S$n~2l>z_q?46o0_vv$)7uXK9Q zDXVM7$#*a@m^|tV!xO}hvuM#XORF^b6rPLHE}Gp*ber6|-%FDCU*-Waj2=FW^Jyw% zT2DM1P*N|a(vsabK+e2wusA5zd>2O=t{e(P|_PgOYDu&H3&JEG`Wy19o=Z zA3}IZSh8!^`J-pr=Bhg!IHB4*6T3i@3_=y+F=()Pj?VRkc9g@LffQysHeNT^bY@+m zG~%rqVMQ0*SB-PKP~avz0Fe7;rH_h<%6F} z*`wJBYg6qmwVx1e>u1=vk=g{+-yOv>b{1I#`QL8-#rgR^Ru(xFF!{(N{H@c|MS4uh zKhl?;sb|VZT_LTUQw)CitS#ty)h8+*arDzZ2alcx#+9Dlygl_BXeyKP)ce~u+ zl-B}IT$5dpGj7Q4+F75*1WyCao?EVuLo{=u65pitzJxn<{W-Xp?Y`MP5r*n4ubR^f znYmf)>)q!R3cf)yf^!?lO6-*|6n!Mr6k5nyGDbcC$zb{_3PGty#(A;zO>IhTeCC8> zf_k@-`=oQgV2g6#7B$Xkm&a~prT$Xx*72KoNe9lMu)Z_OyR0bF3zzpqf-k)b2J>?* z+(0I}Ss`j>5e79%llD9a_&v1B=Zt+yE2NxVN_L86cmhPrPUmLwQ8&cuDP650#CM!OAq+Y=fS_+Bj zV}0Qk@{iYANR_+LGoV+0o&Oc3YR}+U$E)$9UJY%_$&tb9lt`mrDJ4(?e{W^e?wz4N z-NtV3OF6s#p8=hUqI@b$jL7HMV0csa55(|#e{}*#`5Fm!w9}1Iab)^r&u<49`n#c# zhOW*N+M*2jBtVdA^+r_xBE{37$Ux7BORWO7my!m_At5DP%qt6`%i21-?&Epz&bxO_ zgp7bjmqIFvkLu>(_eZX=9u-HuL*LZ8%9bPIIFV2)Vb%Z9=jCmnA~_gF2bSRmUzX03e-o2OT}8I9wk{kAVvk) z_n4yjIz&tOg`Br+c+lDgPfvMqUyxJx6;d?SaUE@kcEJmTA6#IqaPP8^Ve>W{2A_el zyCOiHPv0QW!%tdMuHrsA8QhZQGI2X;f1BL;{qa7TUmfzXGwM_KFMe%JkA_jxA8_Hz zFU*IR!qOJ$9@K)fu(UK~m5mx)F4%}=EerV$CXxB+RA@3K8JS9Aj`51)qR&L6+5)XO z3fh`SMIIXLwm~k|1K4@cSJ2ZY^g0n}vmGL02F1L?QK8eT6u~lun3d_VKLbj~yWG!I zwgr;HUBo%x>!Yt=rT6qrj#7VtIkVjjTjqeUJac_%)a`S5K)U@b6)RXcNX?K{2(zcp@Mj}CHe z47KYx&H@^`aQFmPUEOwc3{*i`jys%`OecA3Xrd?nLf)C?Po; zR;Y5Ep&1~?Uf2d@xU$b^R)!nn?<060760ZOT`UlzXf}9^1cuMHdp8&Xm;gkw+=>Fw^zb6Ga7>z%F; zGHQt#o&!(*VWZMX=pxd`EvASD3kh&zkxmHypfah?NUM&2?no`0!Gn6zV!GA7|2~?w zf@-w@{VTqSHl=&wVr7DZJ0I>eERzz9D7yzxds zG9M_8SmngjQ`Wv+{y=XIjGtgS&3N8!qYwl7qy2)0YdiNkwtBd%`hE^v(OCI(^L09$ z?EC%t_G@%D7Nr0CLjDcnmrnKf6arSbu*=1HM%Og+CPz;`5ZqeI81%ZZY`8?JgS@V% z0J)~?X`HehyWt=CZU&c%5R+vzFb+7kLmoqN-5E92*v`oFsED`w<@^%wk)bj4rVQ7HkIal4B#byh*X^$ zRONhS70#oxGNjLd#KHx}r+#NakRvh`(Y*gD!u#gWo^4@l*lZeJS(3=iAup`_%V0g5 z1bH4r6JI?SYy4-hS$u>k@v?>c{7 z@1}>v7g0e8<;!ipjs=?^WMU{JXlQyGSUOB?feloXB+gO1Xk$gRGV7f+yhME4;Bn|5 zWwxWJiZq8-;dh-@zVrL1N^2fQf464uAof=D8o2qc)5Z4j6qwovtJQW~w|BZR4-4NR z`BC65T56p^>WJ$+3r?xeEsCnkwd;n7uDU!$EHTRO=vPp*dG3r{VAR4-RkWr=Yf4dh z%%qJ5q0NZvvH@BV>;;8bPuqt&8osDjW8ZkYKLWqdfiOyIOAk93)^OrD%HX$ysX(e= zdK~ElR#RIb%z921l?RBmrI6I@$4Om+tn;b1T+!_*Jm`LGPyIbZOD~(52ON;~m2&VI zGCzfS8Mq8RTQdor_Umx4OCM9IfQns8n6NU0aXxwWxy@lmheiUh39LwB5G~$x{W3hM)8A3!J}H*p`3w(S_I9{ zR#!TOb3VUpfa>V2Cpk795rgdKAhE%vfj3cYA1TJFwMZuZ)|fJaYnyX_{~kn=|N7$_ zQ{PBN<)jpGhR^LSB}RLmZ+D9We&5-+HWjc_X3K+$y3j1!R$8(`N;KPVhjl8pQr4NL z8m>K>7do7tFxSU0;<%$@j&%iPH^!vCo5DAqbBmi!S+*XyvG{e%Gb|gqlE!4+<&UtI zQC~F>todjmD)oL|KAYcg>s&fdl8xYJD%)Nb3HWRf#^|29l%m;P74CfPzF>U7@nKn$ zfV(@NSs#j+n`p7ho;)V^oGVt~2*R@A(U7uF<}F8`=!A(ieJzH}+H|MWIbJ|@$xYL+ zJxd^DXpjz$)9Bl#rSq>KB7VqYqX513s2&C^p+!|27mH2cwxy=KD4?1&;QYvy`P!%@ z4`TSQcI>s*kckI9*77K&>p%vpg$1M1>Ga}~c!0|Z9S8ZQNGl$nDwA`zuWpmPtKBF1 zljCQ{m_J8u+x69g7|@(p+tK(~l*SFg$=&%6flkFR#sk~esb46OU-@V-!@u7&mPZwa zL%_3`TC%P0Je65NOcSMt56#Ml`o49l!LQ_g-nswe4nU`zbXWMxFpV&m5yu@o?$K6O zcw`g}I~jLjIe?UXjwSD}MS4hL7hx4uHocs=#c$O*P+>i&sZZCb1h#i9DyJM`mhRn< z8JKW>v;h*l>PXD#((^HSC4Q?omVY)4X?sSa#OnWKjMVwEZY%5j4aY=c)!$H+< z(;p0@LT{Ic@GN7pxxLmuhXZ{mRU~Eg2kWQjo|1bHk296x9*S5lB&;4(#@qTe_zV*# z=T1rxVlAy`@#xMW@a32xBIQyr@z2xS@QOUL*9Q;Ti zdj!|cxQS&_4xKl1PClpPf{c2N6yE&Rh42ix|Fz ziE)B4)O182T;Q~FyjKFGzyN*$vpaF4~-K_b8kd&%5DM;>!N z?xeNF0emJOPTxTy+>bilz3XJ)rho7H+F=aL&OHq%hA!?Px0SkHRq*c#VuV(kp8fuj z?`v?2k>OoGwx(1Mb5~KJO47G$MBOc(aOW*P(J(*4DQbVN_=k%yr=-Zp^zC$+d1p;< z5OE9Zcp2O@HAQ6}w;Q5BZPlsTK`Mw>v}i2MrOIR3OJUT1WoFVMLv3v;zQz1}DIn+` ziIt5~5;N=12hb7a!N#uSnUP!Lg)zW!MtUQ{eNm+6bdF`;8t*}12|i`^d|(21@KvF^ zPDmDVKoICVZ8w)8+bQ@S;oI_&(h{AQ>c>r*n69HCLUw)t@nm`-If@F zx#UYe{{A}U?>1+GT`Cf$zM)|N+rRsdjN4xrMx%<(Jq_b??hxeX5eFp&gK+|r+dY>2 zAHu>TIYDN1YyCatukCU1zn{WoNbknah%Yb68opBe(JNu{Qe9*qr?t7RDViwqVS5l({e~oxV6P~A#;puU3YZkJ z1cMHLaA1t8m%%iGmuUpWI}*?u zDzNwpblC#OVEg%7KkR5dEfUVRWlZ~*%Lq2_I3hXD3B>aBkoby@myjg9hO?t$7Ij(f zZhC8P#qL!o{9)R^=PYe`5e0zp$QG6LqX}wnfd_vunwMd-z#ruGD7X zJ^EOFSwnsiQP`{gQQ!9a77CrkVu}HQHVr(<(Gne>Fwp*I1ft+tx>l@|mC}JZb{f31 zidaq94k_ zv963^LZK*RLT@OvA#~#o*PElPB49#MiAiz3$FEg23iD63uGZxZqk&@L3KYHpp9y2A zlZo+A@H3-0B{AwUi|2J4TBbCwb8u6rPs@n_CB}@WZfdH=rtR0y!^EWC7_qQV^KGoR z7iSbx-ZT0i{>g|Rq=;Zz!&lmyoIrk8`K!Ty0r$#vT?@gCS~@udbsCuT^ra_%@1Hn1 z=P^FcaDG(+JKc3|yFIRib8CXiFl^jYCE;60RC;;FZb*NMk=7XaYy}4UC3MqAbPA{| z0HMNonp#90d`@w`MlJza;M1aP>c5#0m-D)@D=n|$K2MWw4+XmPX}8s@XgS9EP(7)j z8A&arQt=5TRP~k>q^}fER<&IdekNQOnKAOtv22{ypJ3KWQMOFm#=)-}LL?5h+>(=a0}3R=mXEnh#-;*=j%9j;XarubO<&58b(s zenj8-sJrRW!J&Q_Fu@dQ5)e zdY!)4aF9g!4`wqgx!?HcwH+!n{_{qK!Y`XXK*9zH1>x(;Vi4-OgdvvC60H%w^S2 zucEt!#*kvfcsB?Um^!;?HczT=$$r3Rn=>>0(^K-2sD5CUja=w}Z;}bREC9yo1z@pT+4m zX%22(_k`gGc>A{CbI*AMT3~1h46N;jO<(QLcpZ*xX6*WjKMnYLxRUGs8k5C^-5OyP zQhA^s>N#(jjHjXE9FAV=A!%q1{Jc~9&7E=M7&vLa>D2wOCD6R)Ckpd?sa=YZym_7L zeolJ%i5bm#b@^bVt0ehx_+q>l=-*|wCY#%kfI7J^;vE$Oqa`S@2`d%n*31y(A~|H+;<`Yr`9{Y0w~UBJ}Oh~Lf`$J(+*W+TY~zJpgjp( z2O~BXQ;+nkCHIcRf)N9$O+KqdLl^%3M!-d5#6_q`R8I|ZeLkH8#83Z~o#{fX!QRAhKEz*<&mg7ghC}i| zeSr+aZB2bt)qoICw@yUNp%knoz4FIEpZ(2Ys>4H`0IM54vRz$87%+=cPFGl%4QRbvVenzO&?WANQ zf3sNA51^LUUVTaKI?*!gO$)}P5Xj3#>a)G#$L~)txz<|p7;*(x%Vj@ZeI zbQLH-kLCsL7fj6R_d}(zSPV;>bMMvtkbA@{xIYo>Ote*tyE0SC?Pg%A;fb zq3t?fNq)E)v!HmmjCFItkiw|7URfC?aFF`q(p(<*C`!C3`r3RPZkZaYE>%@VEwf>Go!etg5yHt_tNZ$C%Q#n& z;c9FQ`7WKV-nLF2(Ve#syT~p98p)!=)PxZno>%d~OoC=Z>zu$edyjSe%!^p;O`xjP zzp~;*{NG{U%ynr+ccMdG9_{sb65y7IeY@z{|t0L>EbhwrO@H9hc_2tNCCo~6YDa;PPOD_h(- zQkO5G2rT&OBKO{&$oDu>_n`nuA>Ct=;1My5ObBnRMF`KsY^Em4HRa*TYf(|x!VKri zpF8&naG>&G$vF|`zZ9t%&s0rByr0u}eeu~)5w*&8h;TV3vJ4UPCnHsLd}MvI-S-gC zA5?+KYkDw(>7$IgJjB&SzR&sXomSFI@=B#_h{Y8`5(x@xfG;DJba=Gl6*UDs`%g2t z{#h*AP}-MxVQX*=B@JcUTI+9d)bh)-(J=#MOCusbBMK7yKL9j9%fIbC!*97Bv*_+= zAA@{==q{+a#*ny&JI9g9W=Wtfbjh*89dclMMt111ctQ?$`@=Z2X3&9A`s&g%J4g5k zJqnyvheaDhZ(ZEF|Fe8;!Jiz89;4sJ>bBrcM%INkM-5x?K}icOfa9w{{r#r^H!4n zI=X1a`(`+$jx^yH4uk7!cQu_Jj-j1ZbZYn6hoBL+Ug`dHV|Vo;_{N>3BTfcvG}Sl? zxhm)!04<$V3PTWa*aZ)5X#$h;72bhiHJ2@Txy^GTUz6+z))z5t;E~-4&9-BC^IfzU zPx=#MD{)Cy*Hp$2ii(Jok4)b12=Re>iOxe!X&Luj&9QEGlc>Y5oz6I6BR&`kur(aW z!UC=71L)tpNGnDizqd54-@B4(*{ibDDhbsX@x5b#dpgKg9V;x9F^o>S8JO!fo`xwN zF&%R@pjiT(fq=~TDG9QuzROgD0V(pxRedy|d?4J0>&PYa2*c9PdsWdG>&qd{;9x0(0j@d>l>J zBy4FqE)EiJ*_L8}&k~ZKsE7^6Q^wgw$HuStKisLl?k+t&igoQ05bf<~yHHE)+DOH=)-!EGA+;H81{IKNcZ3V#5%$PmNR)EW3-e>6F*QlvMS z_qK%}6BQoVUkB~IgYDPD_Rv2)^GQs~Dz{nKqb8$1UO$vepnk4eCBd%<;bVvglcjJ3 zw5UiEPcE2&PjpFgSRVsFSd1-{o@(e{#W+{vPEzX zw|1iByT3}Czk2ZXril{k*Xo*wU;d76&)^Ns@cp6LbLS*RNA5z}7G6zbthWi{D&^rO zqQYwn=Ptk2mXh*!k-_DVqW~Q8z23!KmuY*N7WHuiTL6ATHoGQoKZk}sr&Rk*(^tKC z-5(lM%9{-sK{P$;@096yFQ-7XAs=rXfdnpmW*k;WD1OR6ISV<4-Xp88ogJm{O8mGVEY_3lIEWp(?3QTCX zI(pJZr5ULDoYCBf2X8*EK413+9t$5yONjU=I8!X;w2 zixyl%9)eq4XFBamGPT)q^gPi4)a{A`%wID>y(9R$20z8}XlUC1ME$XYWi*dE2L5mh zTCu)9n>eGM5ej2P%hW!z67^{(Zu)|I7|zS_;p4mOKAgwX47zXdgU0{%`wt5L#$i9N z)JuJTS$b#PP!fD|z&#WAL?$&eLDL>dv22i>JqrzS>nI z%?v)?v~cb6Q*8^WVe|pF%+XAn>@<#NQhdl!v|@)bF*FYdSm8eQbuRs}h4n*>sY)rY zfyDDmxP<6-QPcFNs}0SO9J{n>@gQ{E76vtf3JH>{JkZ{D>*mZ`!S{{SY9Q$2D`x7)h1PmK&74PzHnH&mil^<}LH2PgJ0c0{BE z-R*)Z25r$;4{>5{AAzCJG^A8?%M)788RW~HDIfo%eyPC;-;L}qKo`Bzx3fIBl{-p* z5SXjB(cuWioNJ%}h@^KUkO~FjS2%u?5MPvKAE3~~^O1$>d)^2C=}SC-c1?_S*{D5VpsFVXTa_h%h18Qq zv$Zf^`dPN>b+*R=HWlzhgM7W07mARu>v@kNtVv=9ly*c(U0yqF+Uf3boEi*46kjWi zjndxdYkSI2@*2eWhga_#trQObN$mDdVz+-1yWKvY2BY>k{FB)2Q$Upe*NNRUy>cJ$ zlnK16`Y?-!Y+2ly&HdeRyo~Y zI$WPIF2ql~aVfO$SM^g#?v3=n*{*1xU!Yde-w`C|EoVk=Kb+3l>@Q5wpBy}w9{&4{ zYUm2hl^>pB{gq!|okurObj!c>GC1XZKV$daWj?UIv(d;&j&touzq|2aUO#uaYCNwb zUrjR0FCOI37xUNhmYO4bZ<^VDZ~9u2dmULq5;vQOqz{aDSaPz0bqhaQOfp=29@&z> zJDu41^WP8f{9b%o_8wj7DmO8Ww!-(sFN@(_Ma?rVTifL#-`%@^%R2w3I-}!i+cj7i*?- z_P5Zl+$)_?YhdzurCL6AS*m5|3AY^7T1iySXhV!5T?Uw9l1(bZL#p&%pZwwpQ=xgp z8u8GH?%-}vSH9_^v{A?}+RU=jhnw!Og1Y-t$hTMD)U(}0qrfY@xO8>xdm z)SFX851z5Pf$_G@&r@(XSxX(3k2}`53qjTb+VTaK*VQxG;VqVF#ZI@~h~utgODHbI zR!OP`97cCc+L*XJa!Z86br4MQwLd1EdEDKr0gfMhD3Ymsj4P*o4}nRricb2JuY=>w z+9p}oOm?ZLH7~W3P+ym48d<`Ay&S>!DF0nKjekU&)@qycTOkbT1=c z%qOcbcbHsW;`27Mvh5KolM78T<3;D-48{NjL$hd!3Uf&TZ57ZrMdZo*j70Z6&?OzJ zC_rvR4}r0YWZR{_S;ftxYoA1@iu0joB$L3=b3H_=pgilQo2)7~x@RnJ<TGa)t1!FD5i>d~#(s*`;UZY{;!>Mx@a zn$EJ}LM{A-U97`=8ClTFQh9Zftz6|Bnp@n+o*({NtYuhnX6+EwC0UnahBfdBCXcjG zw5;(6+wvJt=Ay+hh$7FtHG{Ch$Q~P>XE8u5#Nm)3x`0j(O&95s6MQWDT<5f)po4AZ z)Qp|`7<%a~B2V&WeMEjJm!SMywMv3DaG^4CEHRu&j8mmgLd!x*GwXm&v4dc#xG>q# z_*OB^zQbWkL7NT$rTGC{47L-#e;AvDWh{?w(wSjvSo96copBZy*L$lUJYL|xjbiW`Hy>(;co%&P8$hd z(=Q3Q{-$dGhwd5lTe+4pA8v&+5Gq)Lf~b8lhJ7l-U6+iUtpLA@k$R~T`6}5rTW0QQ zm;JcAZoxGd9C)%1*VA-48&MnE+iG(JdfcX!NpH^Uo!*Qq3iEXMzP3IN8E6e!}rXDi;U0IOY#8_FL@LaCm%kXrgx~GwO zQR~!rL(^wQcXl}8`$6-9smtg4SaM1J$^SqIMUR&MCjs+3vP` zneu{KJds?zhqOivb)b+@VcxUVo1P%^^95wRja#!9&Xf|xYMOoi2^mo3@eT4Qxgs9y zJ$*E`ZS;Xn2$gIXPt^&sBiC$Lv_`kAi5*UgB$TLEJjdnx84U1MdJ38)u~ucllVfd= z!}No7xt`jU3)k;)<`{D768aO`mT0O$g3ZHlnh-h=V3-#*EPjJ2^~LgtUq{0NF+~RS zq%hX`2E~!)Zh#FZM3Wzq__A}P57mXOvT1ER!*rEpvxS%Pqb_OnEQ?r_Hu$W-68ZT8 zRv9x~6-iWR3M3rw7?YtB(yLPX&0^mJh!t}W(wnBN%*?eZ&*~h*bTj2^25IE!#^u`I zrmb*oi^O}E(r~L@$hIuL++Ihj21}njyAvcg^RvmL^AZ&=Z_{neE>xHN&J`$j10!o0 z(rPwO#ksnpGAyoU#;v2gL?)NnDmPs)oocwgW{)y2e#P4hFTH1~HksK2hd3ccM9-i4+%|)&=yqb$%qsQlpeaRx{ zg+a@tkbdgT{5Na?!_!dmGhIaFk6K-IdpVa0d9C-ij5^Y^YESRL6}@6iDj{Ph z9k1IUopIQIpm-e3jw#$Cu+>rJJBqI7G?qA*nW?m`wdt@Lac1aPQHA(R8bM?1z;sY{ z{$`PIF{3CKf8%H%$hFb3`r4Y1iIS`@R58~S)Ay0lfk}&~7{2mxedI_rtOA z_K>r>B|m$DMV%e*d6^Q$%a52{$8i;iwlQ+6a~sth#|e&PZjlAaE>>F;qii$S>9!^? z@iCHEI!9{&I+$VKFCb0mwbRwi(@HAeKe5WDuF;3T)bA3WN?bl<1vyN7Q-%;oDk{_2ohmbC2)K+952>D=J_rfc$>=(q!Df}mzasvWjT><4> zWnD-R+9A3r=FI%2u#u}IR>0Wqd~|7>G=APOR0Ua;^Egdm%!w8%#=h`ew`GUr?QZW4mJ#r}#9h1s_kG?S_X+>tZaSKCD=2ZnUhO6W>oM=&+cU@AsTQbk;8d~n zNEqWj?m$6H#^jWp5d+^gr)?~FgLAq3S126l2bkg~0fPITd$_H5x)?ia)6Y$|WIkWA z)NZHW-Vy9_tO4|hU`fj#IwiA=hsl10&F#qgV!j7%W;Eig$-w_I`Vo{PFx@JIHhJ*S zBc_eLsW`0Z>O|p{-~h008?%jJ(2xfu#`ybP;wM`2-FEGTM@iD~1Rg1HW_q8!`<<|G zOUi&sSyJMW{B+wHU`j`T0E~lX)e2?0UaVb~gryHwU8GsH_QHl%c#Je zDg8tjhkJwToN0N&_36%OTsv%I`r~==j27o0`p{Q*Hmm}M_fa&3niqr;tC>VZQ^Jzj z_l{iF{~bE%*5O1-mskDs4COebtCR(_x7kVJ;L_RE>-!6KME0vgQ~xgwt!x z0R>KI<@Oa)$4h|>e z^NlT5T-OMtp4oErEMs;ES}g4(gWZkK@=~PrOGz-Q?P^a=9e(u)^3|-n@)&Fh9%ZzJ zmrvN-b<1btfu|r$yS;6QNsh|%toDM0wzmIM7F`HEct(3|(M34=!3)BYb*B=9el2&` zgg(;?#Gv1}Y>%>(GluW6===^6=kwR1d*b|Q7F}Q$`iwO+vY^AE>;j`h|u{{^*E-b>luekz~A$%6`0H5?wW=kE>wpa z?iFPDilI*Oh_*KPoLMK?%lwiTiCzhpFUz#24>6%QE{hdn{R4a6=}wYZY$}yS{D2Ec zbGwEN?v#|wVT%x5^e{UdF>^F(^R>lfG9@l)J3YGT0XK8%SCls_!fE!)uf;`D4!EM? zNSCs+&=c^TcCNzdw>L+?A#5L2UYKVh#phm#Xr_O`KwZU-}jp;bv(EGoYFC(B2^Nh7c}7b z=U1qtLg3G-Ea_#TXq^`WeZ0|{t3!LHF7rlvK9*V}nb)Sr219Xh zST)vKzIB*Xjy;0X=SO}+k{zSU5?ADEETPI3CLAFA`=B(1rk_ugDi>x}zO4;YhtYfcDMsXwzbZwo z3hd)ai1jdU>f66RFomSJnO5VvobgNu&j0Uo4pG zUWT6_2km4G_2Id{xsYpZZq>OCBI1?RZiw=$TytiW>1w6l5KwkGZJbeIy1j_0W7|M{ zDD#Ytc|l8CpXcRx0hdk}0ze%~f(uA3h#gad?n0}MtyA}W*^)S4>Gwybxl-VYiP|r- zAu5)$lsI0DJp*#2LW%|#LGbSId_QFY=$8YXm1znwbBrkSTdAVbHD25dO2%4R$Sj=D7^1cj2T2Nfxo^tswHh(bdm)3=3t-81H3I2~Ta=QbC#p?HU$lz1=X zzs*`;EeW|e+^#}qfY>9QcumCSxKr+Bm6sHpPmkOM_^q8dR# zZ73d;DOXRmMPTr>Uv_G#t2&cqFZYx%6#H#;mD+A~fM=|x8j4@DZ*Q%8Bb2aS7^g1= zhW@%UP-{4*Zw9#M<4)oWC*Qlj{2_whEjN%A`7Qklsr;8AW!qvBFY{`k zizK)gP-MPSUGU)OuqFn{nlYvmxc6;*z*3e!0s#E#(_)MMSm4h=2b$Oqz1H3B!-VWc<|83^s)$9Dl1{3J0y7bQ4op~kU#Uac=*UNVM=%p{ay<0dcM1e2H%|8? z$NkrTet=HyAOG=@ha$ecZX9LoM2SMuKqJ=PmyR=vOQDAMTpo#g4DpR)d$GDsI;E<> z5eB!jdX{_QT6%+Qi^Ygfrhon&8cZBAMs{zBBG`MfPowe`gS0!FV43G6+~5Sr$J zH1B_g^1Q)Q7fKXe(guS)oKMn>Ty66%c^P2ezQv_5q$FX->o1&7g>N6&Z8_Z79%@`K znDs5Lm>67ShS?=2LPzvi`3!uZY5c5L6m6IJ)LA#OB&_Be)V)tU2B}^JPP7tO5Pi#W z%Wu%f>)~-X&6vtuBHTUpn`X1JfU2QYZ!^A8!+m z!ZN)*iBJ5$+N?-G%EMU+SmEC~8Gd^+&Z*-kaj=Mm^GTQ-cj+XsV@R*~QVK+z1xJ+a z0gonl^L|B~*nB)am`-{@F~UD+FlKfuDztFR-1+4%5$b$mDI2gt5*hyuEEa=S&@-7h z?_Y?PYt$#M!|&V>f7h#^7+Fq{m_Wh^xD}ZCH>|CAoJ>jm!%%YflO#>(TdgeLJjOYd zy@dT8XG4S|_z#g1s;)R0-dUMBn>;OKDLwf-JmM7Ojo9fgjvcXgxC)?I#(#?JXiA~u z;*YzN&&^v4-}Tyn|BQ&e`naF=I02ejC*A56edz8`0T~q>Z(@tgIByKN86a~At7KAx z`!VDO_hP5t`TUP>OmVCcinL0!LEoToLi0%=s^gx97-p2`an!E}NA!o+X&DD3WWJE z6(~3fZod&Je-Oo2E5OjwBpA4vP*o@9U@q=IBH}~f^wf}`Paxh~j7DhUMQvR0V|)-N zk!8Pge7@v?$ad(7!wYJQiSptNW zm5(@4@SMBFy({2zf2q4co(sm8+44?QNRj($DH?;9FQ_e1IDMy{7#YTgef;ZRA8^!v z_@Mp}sy}%sQC_}*?zLwA|sMQoImHP&fN z#KlsmbcVzQvP_<@9Z@7fQr44s0=|*N{Q^~02F)JSak+sW=mEMIFNT*)&or7Ew;Sd; zxSoy93y+j&C9Z)KRZt#qZ-WBYfbU<|J;_&B-4;n7xRQz;XN*xhh+BmnYrR@bx%c3h z5{i2}R(Oiy-nYu$psY6l0l}@D&>Jx-!%1>iz)^KhN_k^_R+>i6k}Q3_Uw3MZzFjpg z&GwS6T#qWRR@jA5)wEf8QtkH1gRBuk-@2?%97WK^dCT|F)al$WBcNYIKgUNtzlwTJ zh{=SBb`HsIXAV?KXXIGXl>dpQT8U4{_qlezWdXpKd@D;j*4b>_5U8!_19B$K3+xZf7!d%A62y_|F4{!uf&Up zypoy86%}8gq9EXhoA3sCgMgUK{Ou!Xcl&Od(2@2W{at>obMU|t&I(DI~Njx%mdtoq;J}&- zhf-XyP>RYTeJ>I~aa;m?&#=rsFB-AzwppeK)!2GfH|<-I_-qw%=H_1y+mL^jRSK`> z*uBZQ369?ym2+;(Mf2Sy)BYKLloWY567^@|%E`5b`xMk#+AzH9hFjfy?c-HHuKCfz zb4T3rpJ%>ZMe6aRA@VwDCqoi6mfLVnf&=9+-%sJSDZXjY@OAsYpF#6>h1ih0iuQ@U z>fhRx6$at{fYw`E_dGF_4@X|XVZns?Pa(JRx&bVOT zstDB3J1a~V!o8S|q(g4+lD579GB`j1aSTnO%?#J3i=nQv2Io1xniIWES5tFvU>$6n z(cEacw+@GJTi8eDSeW>V^M=U?Xj~2LpNZ{jC9koSCg6Ej@n7w-h1cx_`e$t}EK%{2 zn8xn8FI&r%zxvDkR69LigH}JfS(rC=*IunfyEUD*QtC&HyzdUD2!uk;r09(GjCSL$ zo6dKnnR&Y|1kYr)hwb*=4Ni7fgTx5O4koa~XcHMyQ5^8a8l+Kl794D8kfxO`#ig-@_A|GZ4XiL0;CDlvP9`LivwnwVcdqO=cJ!)G<~E7Fg86kW6J3>Bjt z>9@yoknd?48Q|u&GgWKp(Raf7cUZ%lXPnr+8UMgOQn5G#dxp~OXvyf{Z7JB?L2eH% z^87a>=JxY{x2N(so6i?t#^|P$+KXt~NxL?QHGYvUr|j3Lb*5OuOrhzRw-(DGX|kQ} zm;qu`0ohzIwh>U+lxl}FDqc`FIrIgsKoadJ1vU^)byi+ZkZ3`#s7Ua7BEMwkiLJXw zjSh6Rrh9xYXRgSv*H3pD#&vP|B7B17Yfz!`T_M2|6hAZKU6k#K1B-9LylwCFTpNH{ zCJeYmu9Lh+pmQ!pQNhRp$eZduN$0BMEfbiVkV_;^kJ4y>jSt{JW{8z%#ldL#eSx$W zw%gZ(R#naPB7}E2V^swFGb611&_5sv(pc3$$`(EOh14vI^tE=$MLk|;@7FU;H;;I! zFdm*<|AT%#p!7072d#=^4OLNoRDNg5CnF%Z3S&8>dE_w3Q4vYxxh_hz?OBSiM`F}g z)O?9(N6>07-5sj?(`a{uwo24-5kZb5Ki(+0un?Gnf~hX{u5C^Y-B2FbH(dE9LE{&q z${%Da=|5lAj41E56%Y4E+t{88o-rR8ZZO6%cavuAno~M?A5n&ybMz5W{=BYP!EscU zC3Y=kOdVEmHf5X~TYD#OBoUkT{8A~_~nA$MO%}rK9+aR;44I5hgJR} zq{%g=Nlj2)rQcZsxwY~}vI1;C1d;+sUg+SfvY6k3`dzP->-JCG2LAKc|9|5=H+E?* z)K5@euAVifsR%w|IhhOzoKV+JkeDiLg(HU_DJW9Fn>X&;{ae0^bzbfHm&-Wh$3DzS zJgk?+a+@nDOFoO9CD&9>e8gl?cN0Qn;d$N|9NE-z7aNm|Yg*~}gwEaC4SGElgJiF3 zEz{n&Y~Ki8;ZdF!Y7p1Eqh2C&d#6%SVKGnD?nXagATfv(KTM47lqodT*b(Et**)?C#nJFqMqN2H5wPY?X|-}W7q3oq zPxkk=`o_DvNdc%0)RRY)Xg#@IO~N|0>p6A8jNnM$(B>e9xS`e&v$4$i%rci)o@FK^ zT>wZ(uLm=UQZarK?O-Cuhoj@xkq-f#fo^ApkL5{wkMuS@K$1*e{|RJz90#xcVCeMa zoA|+Bls^DEk6IPM8n~o9OYY$@sIDg)L$y#F8m7y60ZPegz2Hfa+ZbD*SYg|peuPi! z&m(FRfZaXr=5i3J0kxTQU3Q9uu8G22HZoT0L4S3dgYaTvo-}#I-v2xXo^CcH|8d_P z=%-!i|LZ^hs9FI1@gINOK4u@-Crh%o4g0J+-|tL5FLQM3|K653s{0kcD3?2FpM%z! zUX72K!Hno{durwvxx?|pZQxCM>fY6{l_=`EwphVXp1at_Edp`TWo<%^v$gKeS;5yK zPF>|zpN7UcJ?TKoFw(*u4#u_GK-DU$^nm0?@c)IiIjv9{n42@z62bGi*)yFQ=q=5J zKp;nEJY*y;F=mk+hO5b3hs{LZ>`q$J1NiN79T5j9w%MMO6qeam6Mx;FiR<}lfXuzQ zCWqoM+#N<;0_e>wFs+$}b9q;#Xlc43r|!$J_FVw;XP{is|H9|%-m@0+Pi*s=3HNHI zi~qHM1x7O z?5$=;SZT73`m*YKQ(ir3|$k%SMve z34)z{SgIT*cOX$I7@h}$dLmUWa;_RjzEG8ocH3`gm)u>CTX2nZy^}IpG?js?^d z1V}NOt~}l(Mm;-H{vg{=iqqXIlm^cA2iXdt^JS$-zH_3XmUPS$6IjY@#P^By%In$d z9?|djC9V6=f90-@-R+l!o21>IC|0j*w<-cP)ZS_^_i70;G?ZOw6Tr>x}G>= zvNSoW45_8A&BDGfCw| zTTb@w>ouCX7rGS|m+RVwAYX1WumD*Wi)llX)O=vU>{J*(&Rd=s?E&`Q8NkoneN0*b&f6MDDqdPp_W3a@-2tG=7sp)l@F->6d8S->WSr z5{4W}iFT~EJ0+rnK6aTMiz#cRu-DOC0QtpI7RCKy&i+w@Z z5`!VWk=7&z9RihhVAC7bojI>s%)hkmP0Ym8hk&gYKd5Z}_a-FLhe?8>bE~8JSc-Sq zldElud)1pu4Nb^(Nc8ro&aZ_;OLO0_SL0(yv?5k3B+BT46&}}Us-!tyth~;2k%lW| zwj5n&wpai8|0pC{ib9zIXTS3;8#RTyqI?m#%cy2MI1TqCmYSl`qBul!80uZp5&UQ^ zhxPVwN_1>rj*HfPP5Iwgao!L=^LKTl=2}xTD36WTJzUcLp=$D!1#;m`bA{=PLjvDU zrOP{1#W_kAuXk?Vh`{5K_*;ycs-H963p~|z)%5#2B~xnWxvKT(JQN+yL$+C_I9QM` z_;t3)$l1W0EfG-94RLt%J(e<(?snzL{z9LT+-|kmIWo*r!5kH*071e0Ix@x)C-X>s z?X14^?3&uHlI9r+)vj-&j46l3PRNq&G}IDpOpk;(v&gBT8pruu&ZWV8Qn2Fm*q&_c zk%1u#d`K>5Yc0z=F$K`0ej;|MExuP{Sb+#y-A3KUTll9Jzw8)%yJStyO;_vLwk9jr zhXW-PFsfLrS{o?s&f z7@^&Ho6=_8o?0M6)CpANh*Jr<8eDJ@(+}DY>%b?n1_@1q3lJ|K?U*Ua>Gsd!&>XE48 z<`G~fb=mr^8^iB7W6z#)X874pYB_9BE5MkUIK;P(#0Yv6AqxOQy9A7F`FdS;?Z<ei7SX_`$&NKb$*>ctvmvFWL3h7R35Em5=$y?! z)3OS<9Uw?*$i`s`(%Kj!XgcZ4jM&E!j-C}gjO71{ow`5n_$IKNoP5<}UluITTIch2 z?#msycEcUHXU{mp{CL083*U>-!01SX?5wDRqVW(cZ>Mxe2bXK1@d>xv1D+o(tnY04 z`4IDI&8YpQW4O0uUK;L)gDOA5{OTcRu&-`BTX~;f?g8mtCcv;u4)h(UhA|gxbpj1H zMcW*_IhJ<+&acz%FQ>xqFnwJT@Qom!xPK+N4YMZCM9=7*E^1~=;@N%|y2zAN*ikVe z3(XB=PSv^8s8^`LzRHb!%1y%@yid9phR%hl>*eB2myq3)S6zC^Q<7@3(@u;VD_R_G zn;tU$_tLM~jIn=b=@%%wcax=={X7vp%hu_lW^ixmoU{r_7_d22A;Ls$p%eRU!tdm@ zeSy#H>fh()ME8@SvRrySp6tyu*il#?B;Tm%D4ZqX8*K3M$%99eJUQV9EmeJfURvK?zk+vWm_olh#)0o zgJuYSP`+T(2IVu(Pyp)wnGAGW5}SOy}@wetW6g4L?>Q| zK+5&^9!q)czI5Ca(_HQMy#?&xkulvv*!sZcB(kj^)V=r#eEf#0?G;LyhG9O)H0 zLyv_d-8s8swrZTj^u#ah)RMhN5Aatpe(w3z#W=SMi#r+vA<6QdfWQk#5UKS+#7ULIw zV&^T!u6&ZKw}!4U!XKnB_g*y@t zr<6^h<`z(RKqw|)5s5anLOhL5OldAJbv%^=l+TDoV;OolhxK+@9L9lXCx6H6JQKda zdLGo8l~7BU|ChZh=~9(x(*Nb#a_R+$zuQCDFlEfeb9BVQ4D^R0syynjO=<_e{Ba{Yh_T)TV`ax^NAj^54jR@OanMbLvmc ziKnJzvPR`8)j*S_xic5M8UjskMvIrZ35Ro7e58Z;eD2FrsRZLKnj$OL#t@kBCpLyr zuv~||d8+cK!O{Hk6EssTc z2_EMa784senXn@1gu0{_8;};%r@NP5K>4Mx@Ly5C9n}twTdJ;pYPUjpN11s=<(unC z$}d$+MRxzg-7xqkNaC}85LarldBfrqW@Gj=hv%UwehfZun= z{o0ax$oJl#l{*va-F6!HIzrflYd6fNX4K3AGh@-3XV)hY&RxFmu}EnqRu#3SJKyZ| z%8Kdz?c~Ql_R+EWLwoN;$b_jkNi`Me-jnn0m-}fNzCsNDmx#6WAJJ;t zI;8L(NS$)IDYv95%QL2?0W*yDtJKwN-r4Lu6P_-{SK#IeVjI~0sOU#_rII>Ev!{K! zrp40pJfb-r_z=cCcKLJ4+)Rpnn%}3#`uM9~t?WD2TUStC#V>Qc zj)&=!AA5O({_C6Ww&3q{PUrVak_C^PQuHDjtfMC>xMTDsGzS)Ahl&y1Yxat|5m(YN z02@k$9Ti(vHB_7X5d=2*Qdqid%8&QCIdcJBzOF|z)fhYg|7Dq$8-bpiTqoQ|zzP0X zFY)8gx(rNTe>48+Z%Q}5Zu{O-^**I^9r1RM+~3fukGC7RKM;DRtZw0R-}6D<72(DD z3s>&G%5UEGa#vVlkYL?cgZ#D+G+#^Z7(faK*!IJ_O*)w)hw4TK$J5HbeLG zCf~!}xE;0X*aA^p$wcYL=)FE7yX*Ta2hdYXvYoJl;?#cb=5ZYFzUmh6KGAD3f^*Hf zWR@(ZBj8RW_00tc@>OCag{>j#k>`Pts2-Hv#tl}gsGaaMJpoL$Cw7t|)~dWcRj!mZ zqm5nASe&NDMjsrM`n}Tm_Y3lWaiAZHXg^%m|0y}urv%)y_0;S4!Ny(NcR~26Ty0Nb z=xAR@zWcl-RqNsJYlr%{qZW-Tr^FKD#HqQ2R88NOR}t^zKiTd z_5$Y)x1PW#=K4!I)UVoKibt4htg;oa5VB(E#;ZWLNB*9A3*+K*p!${Bi+`c=cJ|z(J0?4m0YgFachafunZ@g=;64TC|5KhlSL3&Z@TvN4UF-iw zeZP~xSKIGRT@+>?b**p*Bv01$YQnkDvWBazbAbt;Nay&`heffH#M6TE$0G-z4?v_G zrWHa1{y3e8)sh5ak@JOGgVuz%L$)Zt9%(CAA8gEh%a(Z4+0T6)LGf{4+bwMK_%a>a zfL-h(`76qgO+6jsNW8Ri>&zR3vk{NDJ)H+LA44ZR&~I0J?Y2xqH+d>Y4>`U5fWsTz z8*8`cpK^NrywE$#?LM-nV|&|hhjk`-1zkbdOsvSQvsem{@lt%^*={2TUjfc=?RcN5dJ+s<=MWi<4r)Q_*e@5ehL*A0T!O=dw-6-`y zW4E_#0S|P>sRM|aUv{bzDXzq`7K7_oBPUliSKU@YE=^OT(UuE2r^U1mv2cYgsDPTo zi!@qu$OiKHtqZZjwm_GI%^oxNx}8opi$>pf?bol};&`=K%=bC=YC91WS4n@azR)4( zm>tayJN2CY9!mh&gX%mFBG^SCp7)uMIkoNpBOP94_P$YSFNKL$D_}u#~_zfNAn#Rw3mmpJ3n0eq>o+H!yyR9n1?f$1F%CB%;)DS ziJk1Fk%LMevHoZ!gU4wC5&;Ngi-}br$c~FJa+UAx@`y+bKsnlKv(BalHFyvGLjm{a z8YWF%m8cuMw%y3S1KAa&>$9?r-u&@AL)h3dC?|JfNvu6hOeRbq7R5j`zGuh2nKjsR zK&qmAzcKO(lOeP4i*gIg*IS27pSd>6S7*VCfrFllDu6c37F%W&;?c5hX;aCAg|Wg3 ze4$N|GfwFY4woQ;DLhDW;u1(@MsT5WbxwJPiyV`RCVVN&&L%rMqdnhG>r z33kFldd3LA>{OX6onV;27!mY*7UF8{u?QrkoVb;I4RPW8w1)EYHiJrHAu+;vr?@K) z8f{5P2%5TMAbNNcVUMtM-|G63Pv zCtkz-p~2@z(+*pwR4Xt9L zYWF?q=*`-D5W;VN@S^%vSIOH-Z1&fLoth2kfv`vrFAMJ~qcY{35+4LF;) zk?r7aAKu;x^}yPeIG;FpDJpG!1CP8h!R$2ZvOWb0#mym#IL{UJ5Q`A5EVfe)-U@)3 zD>7%vhE}@Ky5vz6V#BkK=Cx3!pi=m|MbC@Yw;%hD9i_<&{f7<{!Y|UFu-snXI+DND zeRI`6%Mxi`cYdMEldChiAXjc`OzJW@%40JMUBw!0P?Zh^WnKl`Af{UUHrgs+uW0Bt6I-&jKbzIquJc9BAT<*TypZ{ z^b5~?@7i&#w7R9Se7brM@S;CZ|6=u{rCYy$=RF_2d8KQC4IS^N)C?r`!&U%4K)}CU zQ@K%xBkYfcwsrpHPY<_{foAYM?Qa}j-+wB(_5*)oYmOHH!OFYy#KBW`?923OMKvJ$ z#6Ee#-=WfDvMz<~Y_u@ZSu};zF}KhT<9bh0`uR_I-CuVb z*IoT{Mv;HP=sWQ*F5es8Iizw69C5HooQo;Zc(wP$-{XY`d_fB6c-M_%* zceQ)h*ppr0yk5>gKU;4$(P?=q7%lOr&3KPn{bGsVJ3bVVn|QBu?jR4>1NARPKU#XF zf*8GRj($3tEp=Vrav;g?YCYPD_CgpvD?aoym$92a57tD!dzt@`#g6nBf8FaF@~fBm zNBfBqc8!Su>>h1KAjCH1 zH=iz7I@=svCxtDu;H))QZqDP=K0z1F9MU&|PpQ*o&9li0KH?`EI8PYGk*e*HKabaN zgJfVgn#NucIvE_EjEgr}(h6i|Sw&U4c>tAA6Xb|1xG$WW9Lbll2 zEV;@!y60hPlvd7L?zW-XFOI)P!wLz1C*I+5-|#l-QC@iTra=}$ZTBS}xeHsQ=g`#i z8#ESFd1&=5`)YQ$Ng1^jy>F2Q9Vh?Y-s*d(opSIJGivvIHy6h5c6<*Nd7pqeP`2)g zcVON(^a?>}rELzc0&G<3Orp+a!hui?rvQ{x3QCC{J6;-c4l{@2O*|?uNQ^@KmYoQO zGC4~UTi1{}f+=XZnIi{#Z%8a~5o@35TO&Tot6SBg=ksnfBozOXZVSuDb7xrg3Aryc zBeJFiIfC=erOLxDbcdlf=WeTV%HYvpKV~ygjzFL}Yr3vxQ>mbhr_q#r?o4}R9`_q7>CA09RMWn9c%tm2aeV~{ofLH3IE z$765rT$x@g{PP(94ISksw5?tQIef1Q@J+KA{wulg>Z%vDgjaE+W>T3|Iztm8|l}2BkagEljo5Y zt$G_!#BN5^ECB*-Nj4y}R2tmR3+Ox^9NKeiOBQ{m!FjbTwfw%+ zy3nwskDqkkF}-PBs7Knz(c8JsNSZVh-6&?WP{TL1S?G4mF;>6*U)$e{)CL2+QtwpX z`Dqgx^zluN-i}eDgbVk$G!BR>FZH7$dJAQdou3s<`GK3$q3Dc^r#8btemc7E9Cgn< z??&Q$of4bb6pfinX^kd?LO`w)^8hl`?0UZe_`&G!#kRc4)60D01I(y*svRKRQ+LU` zkKqJN;_RX=DvR659IstK(@*Fy9LIAa#)Y!V)hNp__K*hi<;FpM^=d8{F{U;4PNdTb zz)d!Y>R>XiDe@c^D26xbV6d6+9(Y>Z!ceb_x|c7D0eKFpgTDFC_dP@B&5ddc>g}oL zyn$v1A-Vhydr#J^EVATZ>F8I+t89XAqqw7Nq9P9y!K#SttHz!GK7e|TqIfv;7cnol zA5L3PUshF;S(TZUOWHZDS1XK~lL?syT~QYo$7MsbR+V+{u|=G*Nq!($7D!+Ff<3$U#BdJ)KnpnXYqdTQ>yVX{t~6LS(0 zZP^hn19~vNtWw0(U5sSFpt8X1&-DEwE8S`QzaD!TRz_+1^;*5e(|_fn!&8En7w?6~ znN^Co4`Wmcxi0}yzxYr$@cGxe{d}io6d>PyHrkVE6Lm(c))(=uusy4%s5hM-FTL$X z9nE6NS`vz2Mc#UMG+@#OmCZaX|369WMO3!Lp4Z&8>_q@#(-i4!$GiI@QM?Ud*+gwJ_=*^j(kMTZauq?kf z+VGyif34~vY_Lw+rkuc7Q*ki{I`7TUT`~vAB3Mz<;p2ho4q>tFZN%wH-Nq~cjdXOn z=laZmMzKDI0VB%l5KIaIAfdIFJJNv9mZ$2GXUL6@_CF9F{GUM0@1cKrGKU98{lJ1? zBLm45YC)pKuYxjvHjZpomI>P8dep&`bR}9FhmwcLT58j;)kQPWC==vzRkmvKxs!2| zBI4hW3mNR*XkFpeV6WxYF!!gP-CM#5AiKd1o@)34NP6112g7*Eo$y(oMq^`WT$0u0 zVvI-U^~Hfw-#?# zz?NJ!o9Imn%N>}WCm1?co5cePDtXheK7{l(x|qyCUKI$U7Ril^8xfk2%$jfvirz^(1h^sw^ zkpUCL8PeHNyR`-d;bt^om?SvaZEt%~WlNgH_Cf5$5CagArjUT{uJvF8S#Ju%78AQC z%Be6k6+13bxXCx`LO)3DqUnf}KUWMzq~9!LS*-g!+V%vOR8= z>JkAvj?!hu(O@|d#bD>gj<7<9D9djdLvz66aiR7tm>)2(^6dIi89{d^hx@1hz$Y&X z`7`A-@(+2Zh=VmfLykI*MCm0lB4f584SM0~I}@XjF26eCk<2@`Wox@$?7LH{Z@V3K z5JH1=yXmPk+&%&WXVaGf37vFzLuLyv(J8Giw>3Rxu9M9c>1ImapUw&J4Ezf<_XoAa z>H>tz+JC_HN=#hV+^R&O@K;OgSe6&NQJCG!`KT0d}`~*fqC< zf#MxH>&7?4#gX6AQdhF?Soxn^hQmH^;a9}#pXI_U*gH;h14bP#1X~W+p9TBgfF5GO z6f@VoC8+jL$6}p&?$2-RC6(0DL`E)we_Y`0Q9(ODNzFx6>UrSvZMCB!KxBxV>|Ja| z@Dh0DisA&`pWuYt8UltRojZm!_7L|PyHcfbYW?~PUgt_I3+aTYG7+GsC% zqgX{xyMdrv$Vgm`2?6TO8NCp3X82~UOWPSg zXDz&&*usQrjB?%aTgJEH4=SVlsn%b))KWbay9}k;gjW9M^*_qf80~W9z&B^hb!Klq zkL26JGUdU;!6BWV2`)s{I#K7jIvna}DDLROaeT5I69Ei7I<>o*Qoh-1J^8T25Za{} zmRU~LyfX|h04YcyV{7x2{^agaUT>ud?KOx0UDr-&elU3Bo=Zl4RrooWiJLlKS|WsH)kr!C!yGEMkn z$-Jlh0sWw4mZ^H)RuenX`(FLbK4-(BjLshMJ!QpM`-riz?NbA*gqb<7@sF1 z7vMVv4Y*@t5%g-9y2cQF?UK)lCBJM}PSx4>Q5Jbr1g^%IYX1>is?;wtWx7$MO$IXi zPTAkq6+(?KG|ME2Ba9K43HNo0;zI%F4gsHF9(TsH#fS$Hg`}4LlgX0AJB`Gs9k? z)j*c+IvT`xIC+{3_`#ai!@fRXq~XZubR%6_OGd{Ub$2#sN{RxnY<}eHa{B-XJ!B(X zW?jT5$J5=+5>~OAOeTbt&>rzm$oU_dVgI0|wU#aQsgA=t=K5@G{r@ngR(m|z+TIBb z>0`f&1Fa2q`o4;2rmXwEH^E0PfX^)* zna_rhOzkl$CKy_z08<~M7~+oE8D>Qm)L(l;Lv=_`;pybn$Y^U$OA5|*rNbB0EWqpw zZn6B^?-o=uw9Gh57OoE>V(o4OZq3AAeViV>M=)tXHE_7XapN2RakH;sEb1i zd1*SoEGo6|7j%5Gt|E=D9_?#^u>60mD~uXQ2&4|j$ww4co%pC=iDSuAYjZMsqHz#p zfncF%3iFiJfrsaqUd>oJ-2<-d4N2dGoODToez=%yPGqVKdcLo81$5V3Z2RxPupRpt zwDV#RQYJUtHs_LC&3C^rJF!}s4(F(by}xbrSZSkwP6>BCKc7#VdsO4~in5$;Cp@(7 zXT{xF82hyk(VG%J#q*Lz+1U0`F6GmCRh+K#c+ozLgAuez%jpeNfRJK*H#B%F5jZS- zbXhO{@mqcJ9U?2&2xX{4o2~IVOtb)0V|_V|pL%Hr03BVoNpg1CZH{MQ4XupiAPg6p z$z90v!IsY_m6^r_Hi#F@##N~`#X+RD>>C6H4cq2|3PW+v4$ft?pp z`d|iY9Ov{rNQSTH2Q9E>+!NT^>hQid+;*WLI`q2-+UDa4?@Fi%e=szZ=lsExb!Uhh z;Xl5wW5Kekd<`oO;YJB6-Vc)RvTt7$`FQJWyKR(MQgEhUAOe3xhRQ_JQU~xIaiy-t z+jgf<(>zD}$Mix>z{KAQqhKO)q!u4fvjrdyM@S%^<~}+aBD-zp>{%uWG|$R*a0;Pf zZ-gzw)}7l<2)_7h7AU)If#8e4{T2KN{q^sE{{`oNko?bcEr>Y7nwn?4%8>kpyHj>{ z+rf7Rso&a{{}Va*3q#){>HhKLX3xM&jPi>VXI)JU&_w`mL&6BATer7@ChIe@;KawgeD~l*gJ zvoNLpq!NQIN-~cN-2uTw#Q4QR#g7|oG9B~sxM}=dF}SIHTTH6&8|`zYehijM%+$un zxloPIN(+2bTjnio(6df#b;Zfrb|zxn4i~BjX~Al9876B2$5&JUbmz{BUT)GpuqT%T zoHw!KAlYlyB1LGVb2=Pik=P_40nobzJ)jw3+t@!>@|DB43HABJ$n8gY9Nu&Jw^xIc z;#{+amVA9nZfto+_ns;=w<$rTw|Z`Ix`x|U*CHx9RR$zvlg#j4+)rdvKdHBQppSJ( zvTk3Fh?y!$c=jp^_N!U45d^?8+{oKh%nP<0yZ319Bb@jKe$04$P?6LVS!)^ik-Ja&k?d8rAg0OF%18$t+u0hSfa5ARY*|-nK<|t1) zKZ^RGI_~bLZX1aAq8AX8x#Y%YoPt>ZajF?RQni-W-K9)(TTp+#T?CUs%LzHt=UL7C^+L;#&Rv`V_~lG}@KooqoBx z9P;c6jpwpX`={7Vr;Jpmu7UvEkSJgVm$llP_t|HUl;|$-2)8&JINB9&x^%BhW z_6{W%N}hM^$BT`eE#Y6XrXx}Z@A=bmVd<$xPTkgR}3l2F3A+{@T7$N<2|%wQs(?-IHuQHfwr(^w4xb(id>SvM@#iBsUv6NNL+Z^h0a5ye8thx$R780i~?0}o)`XSKO^l-921;M zr(ONv0pv>1$KYlFU2Ly$s=SQ-z9;ne{g^13%ZhxF<$gK!BfmT_%A&FpsB{o-quC$W_TJ<4nyBfq>;INVs={q0)KZ^U zJR{GmDZ13e^~-p<>9PE*z&Y}Y^Z#S-Nw!o4mi(1IZ%f;NOtR>OD5$82hzKnD9Ogk} zR?u_$eR~U*Razw$m%eZJYH=YkZ$Lz5Mn=Y1zvw631I;0`!(;*{Bw)F|-j|j60@c?( zH2m)u0A2~g)!+XJZk%h4@Sc6F%@y}u*78)sUK z>~_;_Caf}s44Dy5V2G@dbVn9f9enG9!9U)iZsl*n5c?g4ha1$I0QFt18vI>kpu%-D zE5Myeug=ys^N#p7$|Dt1@`jL(Uup1^Fa~}vGQ|1Y02ip6|I8h1MU0QzS5f6JsL}WF zP>6JVrcE?jD9(C3P8n^es!>Drh8EQLa=QNK4_o#>iYPVj+LHR`{vU30ZJn~=j$2%l zSN3-|iW=rmf+9YkNaH>jI8KVqQXyK}TryUQsnO1i-Z*p8Mw=$mk$t3<0rUEA4{5IV8ATLrELyIL~r4Zn5 zV!+(ZZ9pB&m)KyWTlw#1i<mvK$>kPiA}Ur9%Xe=pysk&9c#mV!o4ANyKhwyuA0Z{AV37P zPM!RCP;wr!XEH#Z%!r+Q1ZN0DuGect7j~%Udn#}) zGcrzSmvy0WvO}6YzJ8s@R%sd9=M?!i2aONS@XzUaOYioh`dlj>YNSz?^=j4iJ2qPR z<95_5J-p#ML=UaHu3;N}Qq6EgX^~Q!oUna;e0DAa2#c3tmd~=jBvRa7I6z6Mn!u76 zV)EE5C1JP1mgR(!Ro7QgBUva5GfyXpU=I!yf4CHzc=yg@=R2;AM~nwQ#`|gQKfiVP zVKIb%ba_gYj6DzVt%GanTIlqQ=y1?J{MO*_Y^Ls6xZYDripQUu)MEFU*Ej)wOvv^V zpoV=N`uh4RYibSb)u3ypUK;0}gyM-eJ)br)28r_=!g31D=g8DJFa#Ku_Rw_0s2m`f zC64tX)ROrM&1B(Bq|tOZV-l7Jg#sKNXQ2{#^FyB>hO4^IHw*g*C0z2G{dz8bHpAJt%AO{>XL%Tb!eU>x4h&i$!%S_CN?966tIP6r=_k-4@W z5`KP$dk%p8JFE zdZ=f#I>}a#pew)8hi2>Ka2bKfzS%aDw(-0qEo-H9qS)S4jmUCT`1 zVIMD@lg=j5MP3)w+};AaOw|gYXjhKxk-Pt0d_LgT7=7Hg#EB;^1fzRuOw)b_<@ts3 z5O&NZi#gg7r>7LU4O*d&llKdBjoDYTb$pD1?4TkL`1wFx3ObjNM1U@_DEA_3hy@4u zLg;&LUykv1X;XL$AUJit#PI>f&DD9hwbo z9m`aGK&=T<-?c7J6|1_)#?dw#T_kj{G)T_HU`a1lkW3m!o}mYhQj{bmj&gFt3_zVw z1K;f1lCvt^83Rto;@pX)O9o7M_dK`##exw!AC=-yk^8*|-a{$chEr$9HFE=dqvNe$ zZ(B#!5`g;!C`JG}VQhzWDLVGX#v-~1?8I^ufc6OR0_B^Q9MTaSS&94?^Cj+3%!$lZLeOBE99ntgo$?KEc-XlkgfZ1u6` zh+C%ho{~4mtaVnMv?w4cflQk?UeKB8Sh zl5F`1bsdI}$Z-5eJm4LHo_4GwqxM$#ITj5)Z*c&3f3C+aPnsO~j}>yauY9A3Bfe{o z+K$N;a&=~o@?H(3#W4=(TwXao$3g zjX=w?*Gu3A{}=~WX{AWrrZ-XF0TPy<-oL3eBXUoUh7HfUiF-)5+7LR`>szK zoL7B*)HH0=&uF&w=&FT%pM!O;%F1c>qGSHS3SL1vh8Hh>%-q134N_&IizAP;t{g&q>C#1iNgh&Z}%i z*WD@9-lgmAq@{cW4fdXzEp?TbF~1Qd)*7j?=q-mAeS)5kf-)Id?b52%ue8eRhczzX z&ZmY?$amCktyX7-D`pN3Bms$@OK&45wnB3jd?;uh7Pjp%y9xrDe*N5Iv%UfDDo;Oy zzvKAusHLAY106Tol#@9AD#m44N{X=-y1604?J7pzU+aaLXZ}lO=qK<8BySH|&QdN| z%SevV>jE-pjdX`0kPW6A5@g!BDm<8L8}^v)V|WF7N9%gq(otO0KLt^Fa=V-_%!y~fFtvI z@qG^=Iuhnh&W#%Euj7vNDasmB_SPFnIJ8+~X91sp$-zd87u#X=f^+=WHJx|3pGaKq zTQSvYfW^ML%}kYMV7saHa|3TJRH--DI=*e#PUf;f&FJVzNq&qiJ9< z=c|BYN&U9A7cbm&{xrhMM zmc0M=vR`d%9mn+%_!nwlcDCQg8t%Q7Ug#g=_p41~ zUwKr8b~DrLcAWeGTT$fWwzW&*0a}T=0Ado)@yQB~U7Sg-Q+ayA*IU97zvp$^=sHFC%BE_J$R-+!O|Ac!>crfK-hvT$>K z{iJs**7^g?8)XvGmB~K81nhl#(8GQPiPYd5YoBq&##*}UQD+p&c?Y)GvkRf(cGm7%)(GzVIE9-RT*?IWf~?{uxTuwYxa7=Zt|l}di>(k5c4T0w7IcDl+nH>e*g zv~t&JE7O29MhumGWUc#HvM-lD##1ZFVFq*W2)cx!Y!FDr0D;(P-e^SGiv$~}Gtk^v z8a>y^oy1C52tvrZNI7I??Pg36oI0md`ME$F=@=Z}5V4!8m#f)`MmUs)-ll1UWJ7A>EQpCkWuE9J;T+mYpqgV)|QKB$bUl(_4+Lp zxnKX%Qb9Ge(jn;Q8d*k(K3o6^;ZxwrcE(9Vp!9d_)0&a@s!wl18SW?{J%Fz8d}!83 z%HO3Wm=|{Q;^J#Nj7pis8XYbI>%f_1-qOb^wetM@M!(!uL4SvPL+f_mNn`o_m^UHuCBUiw=pAzX0FJ^Ut|lqAZ;Y9d1iuje?7@X|D>EUY=(z0+v&Kz{^Mu z1oncw0E*PAcAp)kg_fE(4F6eixo;JT;tG-f^0OQ3A>U8P@?5{9nY!I1{!hSn>eh|+ zMx;15nPEDzCqlkvPFLZ;Phlu1bXtN$id9Z_a&e2JakgnWk(@&~+@I+J+#rl{5wPiu z^sx0RK~p1H`zk&R_F*s@cV6OGfjD?JR6kR^u`WtJtL9n&Mgj`|(&?46b zt_-CD73Gt^Ci+EqT#)SApeaY*&q#JTSY{%**VfV0h(`juQvOPW%9GCbHY|Uh@g>fz zqZz%eKHg2we}`Kwmiv86?f!t7d%k9@6lE_HMKUj-Lc=s|l$Ay%C2))=!}ggbI2~t{Xe&hEhPUwkdZZ1{7xuLE3qhM@2EbW7MTg!rIF-!d zAY(W%RbzKH$t6g(MqWzg@i-OFFAUIELS6-nAU!rOj!s+2C)^6{`+ci;3%IxLk4k$& zi(0-KTH^p52+i}$@OFF*MQ;a=`EHaNuB=zE<@T()thK^|ZEt+=mCde& zx`3FINW^F?+?lI86LA{S{DrdnIftzGt_H#TN+Olb_9yM#7y9Yn-o4yFz9n;7Z!ZJ3 z=gCr31`yUqIuUrLT64#2X#0gV8QfsWds|`-Y%c4G3_rL2`+I;4?*O&554p9z5nG0sx>x& z-@KtT&3v_9DQ!x?&(s@%%9wMzu}dEkkA#DqNV|nO6^;_}7pQj=N%l7W{?5JaPolVA z1pAf!ck5hZ)7Nv*-;3mtCBRoJUzTZ`cuaCcKSCpZHg~#-FY_`-29yhp5DwGH=`yBM z3*%V?PnoE&j^A9uCnJ&&S<<2gaBDp#W22aavO(=cfE;rEVU|eYQjn+IK}qRoKUUX! zXdr?`i|a@vp$ie&g9&zJ>|9y2)@-ii&ZzNbRP!UFohG*1wyUk;vkuVqEaQa3_fGP$ z2EteArx!ndV@0R{J#1d@qi24j_qMlxRoh$7{9oPBeEsqe`1DYT%xMP^8CQw_8~kzm z`>A|7)bPxF0efMUvV=NR^Q;VVLI)39YjYqMhdkn1%QZWTt=6c>MJCW=c)AL0#~ua! zi7YO)Jt-9<)(o9li(F(=k=t&J%>q0gj$LIqKvJYv46&@SM){>*!b6=0TZ{bL0?Ob+ z=Drux^IEd@{kZ5=-HSJ)(s09k23n5E`J$Ft32f&oOB%pVVk^7R!*|N7o=JhFSxuAcm&*QZm4X?RBTAz;2?hSG1qCEc!#TG>iVZf39@x9*Ek z0z@N%aHw5ICr4YJ_ShboX6)Qq+QNY459>LAEqd!9g!O&jhkP3&sX$WtlCoMvSeK%$ zF&=@rNz3x6rZ?ct=cb;0mK)cc_z!1`TRP#*lz$)Jbx*qI`)$02lCV@hGxE_fld;q# z7-KWubTS-wrVWw`_XA0%1W zWqlHE`4ef_c&&TM&;RxEf!6}%*T3XV0HVZ{?D^Q@cO2z?EP0! z4@284RV|In$37%5eD}LdaZ}^@*FP{(Ir#Ts_HR^KO;?%6H&iV3*jqc%Ei#^9gB&*~ zUe70zMlX?K<$2I5WR+OmqW z!uX`6%qYHC(8y*fu>X{5KhWelzh2U#VR?!x*oqeAWvwC1|Ly@6c#x zVnH*+==ciQIUV#2g&M7v1w2-IyVeAz!fa1;8L=Ngg^(QC7#Y(Zh8`DCVN1*)R3S3( zj{SGM_lg{!?SKy==8q`yZ3g^qm3hi*(S`3yh3|}Qp7QqsmkJDSGwaMTXX8U&$P?Vb zbT~wpQSlaJmBQ6>2cf}%K z40a3ctuFfd>$lpKCsALY(k1K@jm!V9xUK~DJOfdpyH|G`u|ugaJ;xTHMg&BTv(Dl} zndk5B589Rc{4{U3Z;iO>26o9;H|?6q?0Oq=ymcvH5@_foM^~Fc$hRP4FgP~OgAijk zu2IMj0%-4N=S;$i?Vf93#>Qz{C{=~4HN(@k0o))YQ-8M{F(#jQh_SE{S!VW-@A}YjG#IwxNh~VitS5qcNP4p< z?bZ!UyL|H3k^c>S8kLT?gZ)jOs@(=_6_MC!k)zFqtR3ZvM0Pq$Pq(ck0MXqWTi_FZ zmD^;Mp2z=`X|0h{{S*8W&xgL!U{?cIW|?e=$uv9^8`YlDoz@n1LS+vFZ#F7#aNR3* zWm5i>@}aS+>cu;5aK7uWrN}zZfaz$8I+K3kj#5`YNaLljjZ`09rAG^~^cF*{Ok|Xupye|W1U;a zSMXJ+I42yh8xO6Yu?LryWiaW@WRs-`>@JZxN7-ZwrM=oz98Sw^wg>~t-v-p z^5EHUEg~L?U@2P^;j{=sQI*}M`r+$0e3d-@$;0IC@i(W!e?*&CRe$R_nZ))1BM48l zsfEobS$@^E8M=CwKSt(+mST0drWr2f!xbXWj;_~H(-ddZ#4A{ zdYee^16!XKb>q7T&|jYPH^3_z-E`EP`X1c1t&W)ig(`FwQos_DH8Q#;j5Vz{`CVx3 zl?T=9TITNw_;x2=MjSSXMLK~jX_Ztli*>?}Rx4Kul-6wA$|jR310jc{%QG|wQ=P?; z-U{wmOS&q`bc#gDTKPN*++MJr4AT6#Q5{3$A{ApLAG8N5up~0L+eMMudyZ>i_&2PB zH9C%zK+j|-FWM!T8id&Ap&_E1n1n*o*f9uZN;*AN4x8P9@V&*fxAnSXKu^;-V)fD$ zYj^lrcitZX-4VA9K)q!j#d&n3xxTgxDFv9xd}KG)NSdy%mORug4`uIo=w3hhl8k3l zeFGVF1NlVDn^wC7Sc9O94hb^F^_`6?bs3dAY-1Ylc-hDiXaQtkTmxf!it%$yA?7P$ zvL8}7;{~y{+)ucrKfuQ`HcIeR@8t8u-xV>!V67KU<#z^`zj>nn27IMJ*{FGD=SS1M zcZ`SI1t!deh3#2u0%XZuR=i2!|07RS0;7u51K$hg^Or_HFa^|{DWZF>xHikfT^+WN zWFH>k(6ZlM*o6(yAkEMH-T2sb0weI2JWH^}TpbQgaI@JMnTqNh+f9OE3X%N-qw(sH z>1JB77&?Ha=Am|)WkT|bEuJ!{-Vy+7wk|zpPQ_}hLuaG`!N`Rc5e<}JH1J&2j>a~u z7XB=?qGjybonyzgrd~FIkjxyk@OVnuEI5|u)N)AV+(^h3LCsq+Y_0tMxVLd4(~4^5 z6u*3`Zf`$`+GZ2v8}c_v&aGPEnP7X_P3bAVTWy_qf-A}#EYw&P7rMG?S{m~%Ni=XP zIB&td)f)eQ*4;l)JI7U!#Jdelx5=je46~$=S84&C(rLf8Qpf92Y@bBKWRS0L;ZOv= zDvXM(Ye&85Nlt((fWdGeb8x)aVq=Ob7)|D8E3Ox<=Fnk1#R|5y+08j^n$qwZ*{+C~ zyx+pSVK?1SQ}fqluR`4I1y5X7BKsS>7q#WB6V`rlx%+4rJ~5`RUvke@_wRpg#F`Qq zZ7bP-KXLE%XC#Vwx%Cjf`)hl`!KwxbeSmu&m7AEO-_Jou`^(N3e6oR8NedoyhyQvk zN_}=Ld<>d-2#hY^6=EhL z!!=>nJGh?B z8Oq{1o$ocj0|0d999cGAbSGgn^gXpt1T$zd+YY>7;3aO?&;mJb!F#c_QF%Ef_+Bk} z_0MI?O=9dS2JW#)Llro8k^k=*F=?x=uQ?yAEe$mXx1h@r`fk?L8c>7Q#!SdX6a+p= zz$-I4onfN6fm%{Ix7c?gF`T@&M-m?j+VUPbR=yY zmc;jK&eRFrP9(W!fS9ZuHH98alD5s1jS)}Do&(MB8Q`t#Ij`{+Bk((%8y^j$amLUW zo^(|lo_O|yj|10!a_Ifjd>K#Q{9#FX%Ij8l zkndm8X+Lzl%KTV@e<4N{f{=tr4!07IS!tG{wyqowqRoFOlm7V4Z)09wkIkPap*t~h z5c!FJj@I7=+-HwMcnGNG~K0LF)2A}~t>WxL9xLh_aZ>LM2s9u!q4qx9#WMnKF@bS{+Vi2U-T*aJ`V`(2UGq99f@g5x=1Z z)JT5ZLqC(_zNd`Y{z;aA?Zqf!M95XixA`Esod+4Ut;&*cU&90Z^&od zzFVca=qL3J*iN=ExjT%8m^DBoAEh?7uo}TrM`hkrk9xw)E5H9GPTl)J?)o@+Wqp?N zf4c-yV@@X)9reH?hEPVq*z;_FEB?|1#WMf7jw}Foo_w5J-fbpnTbz1N`HCwmqi$Pj3kQF)21m(;*&^m{oAtZ zUsL&(Jn!`|k6=FNV;Z~h-M{3_KzAK&w5DU!t#IZO{^@9Ecid{J;}DB%Cf(5*PFULfFS6dfnb9o z*nv1WYti?8Cw~1^blYy-6jk@VH#jvZIwN;PWJX3rMkAP=1H^^YR)|3+ToF5vN4?z` zU+AKirzs0TN*5YPf<0PGl4?zNt%6S>PG($^??xswOx*CO=z3bbY}PieqVo6nMgE(jo)9=x(dQYKk%;+}6p@9J(m)*Jz`=0zP4My=hnAYD|=2TC%<{2a3UX&2L$z$X9s>Ra;Kb%>{QtlIS7W z(AZ4qyzpEaa#Oi!~X#r{w9k2;JpZM7+U-U{ZaItp418} zKFL3}gSp85XpN`9a<%BLmv9~m1DxniWk5MhlxQ<#8DN0uqB8U4-9~{`8;Dcy#C3`X&wiMv7Byh3i+p>f8DS8T0Zt z)@S9wxu)9X|6-`CEibnvH1twD7}yJk_a?kpWLZQGH?qWPr0r=cl(Hi(P8c(#aU>@D zsbk>a5Q=EnSPqw4Wi0ZJs!3cITy$d!uxJ0r%&5(WPIEpyv*3~Xoto6|Xjak{qQ!{E zLM;f$a^}q`ZWD(|zqQ(KyGlQt!F!5mAzFXzk1|riJOXpZ`*DE`e&6INQDO2ar=-v%nrm1K-*Hy# z_lN<>E{O4B=lGE~b$5-EU+?J-S0>PvzP0xA+wb45EBM*msZaF_^dq$|SM3T|jkN@| z87(lw!wSvhtmu_XuS0E}1x#JRwuW(+;%-F>#jUto>A~G8ZU=YwgB`3;T#LIyad&rj zcXxZ-`(ECC_vX!>WHLKh-&&LWGnr)eo>imy_e8F7a%;R4)C_!$(|S1WT_h`QTslf~?U7;|2t-^n~}f#Yb63$AuSTrJB*yQQc<^H>Bk zq0VR8H=m(McjM{PoP9^XZH4FI5_sP(&jfw1tt4eQ>e&Au~;^s~Z zLpGCyf4X9Xsq3cch6Gf)g#FYH+WjmXtBTpr+{i@xf-Fq&<{?_9k?ik?69`=r}4G0uN zVwblw>2pHZuIv++It*VPB@_wC;vDrTnfwN2lDE-x1j!;YR;M^xK=}-Dx>LCA0!xSa znv{s_kCWtpfR1qz2j%3cBc|XhCuF5^wTJOQxj80nE`-Q|Ez zD}qa+c)~3jk4&lro2>-)l>k?Kc-AqsqZ{Vpnq1xwifsBdzvVn3o=(2LeY-t=i|DFl z!oeTM30WUIQdrF_cIq{&7$>rB)C}4qIS4;(Sk{sVk^{SLqty}79%hM+Bql{7!Z)#_ z3tZj zz(HCPXE8%kQqceM^Pi;TL`18aS0! zjjKgd=3RyroS<{Hyj5pn7K2t)D%kmkPL;}zkZ}zes5`RdET~4OzBP)!tmq&P0Ayxd zI?ASyBZ+Oo2~8lF@`@7}NTVed@rzu4ntsLAww5aVl{#G%_qG~}+q}t*x zZ9r2MThqW6NF$^XfHPPn6lU0O(#3+n!oB6JF_HrOBCA2Bf-nWs_!qI-8TU=(mg7Ka zMc4;bSD|>OTbb!zkIQWJXSVFh2J!}uZ?rEs+!tsgl)UtB=>Xvq z{?_$83EF_GLlrH+Du^cejgYwhKt$0QSs4%K4q-rpz<@{T3)y8p6z6Y-(+PtpZKmi+ zD%2DDrrGETtsA@VqOE;4hVHnQE6vJ)9l6g~0uN@7PdnOCl+NgnsA`6CBWH6!38rIJ zehg4b>h-E{(W!yGx&+ZSIFe_PG+6bN(jh$>Qfft_Gq0(1y>K8#FXVeH`|!PH7>*uK z-yz#cELNlrHQy^QG0)IwSWvt6bm(3a7i_%*VWTf9AUc=iE2jSlSLR6(+?o{^X%-Qr zaA_`4rO2wzoL|PxiEK*sAydo^G%6AH2!xbL`kx}xBayXVXuEmHo zk0|^&qUnfB513@~Y)cR}@8^S1SiAq68S)m0>+l`6Opc^dXRmb&PVc$sQ@6c~lN2(_ z!6B9GK(uEhI-yxWn|FWR=jKOW*PdLn z7~(UnQ1j!r{!eE1Tc<^krAl$ol9=OqG-4g)0ZHr>UgaMtz66cWh6*j9s7%+muO~+& zP_pP7=fdjWS8S}vTAzU&XLqXBpKjHMtD2+9TMnEpgd~uhQpWRRJG9XVH(t}XZOpC_ zk0s&QPU0^K4c#oPw-v|mipx(cq4;d>Il@dp({A@qJd&qAqco~T_kfLcb=zWn?P_%L zweq>da`pDUoC`uRx7NpUEEm{2=W2=g`Xu8p6{k{RP3>xg$vK~@(Y?-01kR$jqzA&a zbr!VS#@?P(lP98@7vu-$3}1o5bowo5`ss0LWRfV8~tshu~ZRan|gj?I4<%=G^O+v ze@n9(>3WKNd(!TSLO%l*%1xG42NQs~5B3Fjax9$Z19T`l6r|AzFae%BDZ$z*8lrSuk@8v@5=)EUy^gH;3TorOCViuOcPBf8y6PI8t_$>&RWHM zxz^#q9(qiv^(zDcFdkZOGi)kqZ`K*Fn88?)bFtOzglGE4}Ex2+i9xTeB=G>yYEo4=LsQlYfFPo)kKAFazUP{oqeOAMe=)-s?=lij|fjU zoOIv7475%%J+E~)(2cHSFFi`LUL&}H%XA-x7+)h)81NAAL{K(`jS}wpcT+Ea$ zsjz?1j4;mm>q~5m#QC0H$XW^o`iQsxRcB?n-hA%adkH4n`GJR2{BaAvK0i|D%`~fX z&Fcx&9RMPK7UOpOc_B<@n*^0;DQFX=Es2*z@N%J?JIX5)S65}P*)0>7cadTXL*qiU zyKXO@*35m67#6Z#6QqQFRs%(Pz?YO>($Z1`-8efiB^!^q7hs)f8y)?2Y4TEk@xa~&w)|!_sGYtUWR11|fVXlS&ZDQE`#eaer|AX5 zw9ncMkmP14hZm*tqzM`kjtv*KvCqv{nZAatghhhFZfU?QqH6lyG8%l z7lYId0G(bhSE_R4zlHQ%;vFSq5dS?D7M$&FqE)bU@i#roF?;wzC?r&(+PWidT817V zIIYbz9ea4i!b_r<+7{?iP}x5i(_utjvh=h@;!MkLL@rbbfkaLPIe_m78YKQrHN6&a zZum$%hiPSN>tLc?gS)SIdb>2J_~YFGNq3W!&at&z0;8~%UkhUHFW!QH;BSB2PZd4j zJB|8X9@K)U`uX^p1XQ(Mw)N4}AKxrIdq>yIP&0IbP=N)W6F9Oq4Zr8BqF#Gy1H4nr z11XS|jl%&stfnN4SZ>1HA=VtmJ7QE@55fX6?8uWYZuH;{Cn+3gcC*<=CWB}1MM|ed z_Jdg}$)6?=wQJvUA7cyUak9@PvdtdnyaU(wfBpKxoaqH-v3yc3oGy2D0d%`A)VQDMT7oA4b=i)31S+OqLB^9PB$+0>Hc z8tQ?lf{CkE8cAo!CwK;OX1|?(OsP6s2hGgxxivxOzZ;xOr>L6zdZj06<@E9!sC7fe z#_2><5W!=Hf`KvqML^l)`wTtfNQ_3x^m=>NY)@Glz^kdErlw}9rk20RCuKHzgqnA& zG?vJbJ%P=2X6Nm79Kl1aImATy+>C6a1dZSHeYmqvZ;HdJINl)x7T5Wt(k8$GM?itoFzw933fJW>MIE zsUnGNJmH&xTMJ)tn`oX%6L{q%fc3O9l4`69xo7vEZ;7VHoJ8-BjWtV1;8o@l;>oHt z#$3;$hw)J-Vh8EyO?4c>0HykbvFGbqPt)?ign)We#W-lQCr7?NWSZoL~~Miw&j)`1JEOtkk85X=ig_^(%#fg+Eilv1O62!jnD|n7@k&<5I(xHb8tQ zJmRq@zpxPryhVZg=Mfx$Dp5Gd{XG4^ulw!{X3k#`BHX5YdFCd|RIPb?{$n4zaBe{& zFOcUw%XOKH1?t1zht5mB7n!yFNgAmY`zSl zR(3wPZ`DqtvBFuE@yRZtIDYLCcl!yXgLcxaRs`)9Xo7SExglfmy)H2wMSD5KeN8cc zCRsO_&d-1H+q^kOcU4ZmCde`2o)D(*kfGi%n0l<|Bs5C4J8%INaLTkn%4Z-2W1i$# z@}&0~xJlq8i2q7idZ6BYt=@=P;G24kNf|O4WFKNVfj1XkPe?i*QMF}@CpMbM_r>9u zKn5Y0owB*mY5yRqB`@3-)#QtjAgumfb6DeMuRC)yIA2*~AFahbTdp}DQ}(fLFN9hT zh+sX~gK~brGJLBeYUvkw8)gRmd8M=lBXV3-fE0-yXr-6*(#5=&Fl*#dJZ}V*G)fZG zkzB^h8+>Wfi>m9{g85vKw!urYXm4!DVlS++1;?{SD=vp;Z7LQFH&|WPMY>}jX)o>6OL>7 z=QhfwDg!26v$MCY*r|C;wp`Z?fXO061T)UDmL%Oe*q^L7oaiTg@R>!{*%S77V_GB! zwtwoV#wn6jY+{2*G&=X&M6s5M?9|iPrwo2{=R=u%{t@^+{QLc^R>*0=%;Sz7H%%rb zER$6N>_L<-Mg+B_reC+^%rHemrw7?~F@Q~@I>2nrEFXVdp5pn%p0&&4#!O}My4qNN z;kK<~Ju71h|0YaX<>TZ~(Ie^u*A^b`bllQ?AdFc#^?OWUmbSN4UEjKZQZ)KtR=G>Z zehihY197lC%MYgK0(ZuDG|!iXbuy4Zd1^R%m&5y`UmFja@7Sd(Bru3am!N!w)4Ypg zQfjV~x;J!Cuw+xFh*uKYg1HY9-h`$KoBH)D*|W-L#-(P<(# z`sv~{*9m>#Q#qHhVmWIJQ)y>r)pW0Ba-s=;_O>@^f!FfMj}Y>EfTLHow8vOY(Q};g z{OLC3=wYD5HrC?TlPZm&LAi%1&N39csR75}aN!1#gFguk*BHNb+Cw@-+ef2)R*bq7#U+@*uoCu%9X*Ln7}DC zTK#VYebpbHeOnh4pvoo`aS4B^;eP@+@tZ=M0i~wxGgS+Q7%=Vvcb{*c7hXA!jgD=7 zSFlJeQKjsIOgvx%=K|($%yl@74(gM!Rc>^dHalEA+Lv$SOMY^j^0me7s`)Y-I`MMq7!po>gDytS;~t$kNJa zwC#HaaLYYdSq-kngi{=lbHrrj-=CrVQV@&RX62P`mr#&5^~c)h@2paN1%%v+=Maz3?N#}?22(y~j66nS#fyRX0IUT#C$ zJ%D@!Wt1X^le3t>>}s2*PA{2VKr*7ezF{@izm<0gQq0D(v~0LhV*a5nydm!wp8OPW z^D>n{&-DtA`LJmuHcCh6)b60()_*)WW7HtS-6*T4~LkIa_2cCzdyw$9Oc zVdiRvU&JW|;(3zU4NUD>;5i5hm#;&AfTfB3yCji*eiz)L$00+BKb;elahkkPA2UB3 zRm>2XGZGto6_>h7llL#95>-|P`lvjJR6geyS$%wOT_0h!aIfWEh1$R%oWM~1P$cfR z{_uI`^buLu(UfLY+Sv}Cl_LHL*(Um{Q@3(&M_aE&-EKRt`!&{yr3U&f2q`W>1FyQ@ z3N3q3CMwJ5+cl;`|IG?ve~vy+1DOgqU)$$_3#+UF%?l}Wd5Dj_?FYZ=M{=!K7JA<_ zCn_MdCn6p`mCGLiTz^h!Vo@V*wm zt(YL75K{c4uNz-{yJq>8jUB9TiOpY>_|k2C6UOtRsOGcH+Mnsm9bth zV4aS8bdw4%sZBz#TuQb?`AJ?EhxYlV$^OM;$Si%W52hLxZi1K({NlZLxz(|N<$2*0 zb+rwX2lsG1rR8O(Hs?v;hO5oI-7BwUWAF-L+-4PwA<@yA;(vFHg>9z`l-uId(5z zbh+R0C|YjSgL*F!m{{kd#kjevjAiy{EWUHJLLkx$`OR;a#g5cROo^6^w$+1!GD{N@ zf#s>xeciE`S6ThpL{i_PIWk1DCbC8H4friT!JlwEj5a{tS*8FesT8-R{f-JrI zI+AJFud4=RPN&N}cFEN+GxN3#2PEibIydeRiqkT@RMPM&7vbJG0jjeTFy5ihb`3D6f5e>{5da@isDsv-$MU+mUwvm7n(*q@`S|6!bwct&25j5DAOmcF2Io*8cn~Y_Qvvl}&P?SdwA+v%I^{K@nln1=_pBpvc0n!o1 zuTlmoHi|(y1o=+Zj;&B{f^4AnQ`X7yD?|GOjE)bj21yeqJE7K9uVzI zY@u~Vmz`AM3_Ahc>{36|MVS$EXAQZRktt!%s!kFNX^E1UbJn1O#!^X9!Sac*GNlUx zfpBI+;VPw^fFeNwu*0*<*K5+Q!^m)-Pv#lW92AT|b>`NY6tlIo-zoCTMtB{7?-yj4 zS}Iw-943QL6e5~d&1S*du;Q&e!Z}!$pJFCq8|M1A5_fOazja{K} z@ogWaXxhh285E5s6O#Rj8;W>sgA*7`Rh?%9bEa%-Mk{7inhCmD-AeiQl(f60>K6u+ z6zb5u!9UjhHuZw_&<^ogQ^1OXiK=8;*Z@i|Zq*Wfp&DS^;vsq*<=CwC%U8vaYI4}& z*~_+3X?1ZQTiZ~F_Hv&)^%X-q7gT134|#v#vDYNo6xAAh4FA}u1hOC-;^(IkW#HK( zB(aR%efI)K+^`hepL&rj7RXRD27*@D<8@Z|QecrU(T7|}$?FZviT3tpk}c)w46-b}rI*jQ$?ON&0-sUSA~Dbrt0Pz^=t z>GL716=Y$ttayB%T$DZ=LNNtwPq5M;{VMg8v|)KpmXobUn-lqlJ2COjooKyW+P<-1 zRj|IEl@R(j;cI`;`d_%2Ja`Va)y*55qckUHN~gKx?SX13+tkHjM;`7u%fAYA#2Kpx~o^u-su?0-v%U^ zh&^a5nR*5;2VVD3z9G$8Q`4dJz3pHQLdLBFHtjNDlbKACnKtPzfKAB6_E=B=JKc2W zW2oANBH5?!NkD5cZtRjZ!2z!48@^$sy5e3=?j3=*hs?6ZekMyi;;A*qD`cO;COc-= zSWrgXY-=tlQz`r>xTYf7tc$+zlSv1dlKP?8wvq48(+)_z*Hu1~n|{&iOR)(Sj3b<7 zHN$_SLXi;VU*Dm+M?@o(UX%ma0#Rfmhg%2un+e4s5r0<0K_~#AVXz?}AP^w5n&9PK zZ#JjSAR!<$VIUxIKHi#}0D-oQuC@+9V`e1@5ph`wCTrt7W!dN@mQSsemt>M#Q)MX{ ztq#j3li^|(!#47YXf&i9+Wm1)IXLfaMqm6ZEt#!@#M!Q|)>8Keq1q%@z3xStAmAM; zse^Y*;H@drKAknA&D|9;LK&6*l7n2zT#B`x1U&);J$WoZ&nWlRrzim@yg5V!9E&nT zWsjv#%y~^ntTEG5GuMl5!~B!QvDqG-t=5{6o=(WB~uE_hq=}rV3_Z z6H-@nM~0aoZ1w5wa=Hnqs>>5!+)IeI^ivRE?QK^jz35KPmkFsKXuol=$>zKm0epa! zqo1ApS{o^uNz!4rSUy^cLfGdW_ktkT(V_xWU1II4Iq)N6;fQtl)3lOl|3T7rTiOmD(V9L zx)$wH3)f``@Mh--aEzPh0JP5?hy#GG-~!vdr~%a#oIqE^$NM@u`v*tpgPb7`bOs26 zoB`5?-SNW6+VtXa`6D?&G&wyXDdB^!PuK_ku#SKRrU??v>H^Y?ADI-`KI$6^u*x_) zH7)R&&?oA!rgd41pyIkobLOv}9uY8M@~Y{xqbALm6fr47bpG4dk0K|{l8%}aB{FG7 z+?fLtLMBX(j7dt^(7>F^b*+9j7*};2=^lg2nPcXI5>cW z!;(f26X698cvJ*= ERROR + +runtimeconfig_config: + name: inspec-gcp-runtime-config + description: My runtime configurations + +runtimeconfig_variable: + name: prod-variables/hostname + text: example.com + +redis: + name: my-redis-cache + tier: STANDARD_HA + memory_size_gb: 1 + region: us-central1 + location_id: us-central1-a + alternative_location_id: us-central1-f + redis_version: REDIS_3_2 + display_name: InSpec test instance + reserved_ip_range: "192.168.0.0/29" + label_key: key + label_value: value + +network_endpoint_group: + name: inspec-gcp-endpoint-group + default_port: 90 + +global_network_endpoint_group: + name: inspec-gcp-global-endpoint-group + network_endpoint_type: INTERNET_IP_PORT + default_port: 90 + +node_template: + name: inspec-node-template + label_key: key + label_value: value + +node_group: + name: inspec-node-group + description: A description of the node group + size: 0 + +router_nat: + name: inspec-router-nat + nat_ip_allocate_option: AUTO_ONLY + source_subnetwork_ip_ranges_to_nat: ALL_SUBNETWORKS_ALL_IP_RANGES + min_ports_per_vm: 2 + log_config_enable: true + log_config_filter: ERRORS_ONLY + +service: + name: maps-android-backend.googleapis.com + +spannerinstance: + config: regional-us-east1 + name: spinstance + display_name: inspectest + num_nodes: 1 + label_key: env + label_value: test + +spannerdatabase: + name: spdatabase + instance: spinstance + ddl: "CREATE TABLE test (test STRING(MAX),) PRIMARY KEY (test)" + +scheduler_job: + # region must match where the appengine instance is deployed + region: us-central1 + name: job-name + description: A description + schedule: "*/8 * * * *" + time_zone: America/New_York + http_method: POST + http_target_uri: https://example.com/ping + +service_perimeter: + name: restrict_all + title: restrict_all + restricted_service: storage.googleapis.com + policy_title: policytitle + +firewall: + name: inspec-gcp-firewall + source_tag: some-tag + +address: + name: inspec-gcp-global-address + address_type: INTERNAL + address: "10.2.0.3" + +instance_group: + name: inspec-instance-group + description: My instance group for testing + named_port_name: https + named_port_port: 8080 + +instance: + name: inspec-instance + machine_type: n1-standard-1 + tag_1: foo + tag_2: bar + metadata_key: '123' + metadata_value: asdf + sa_scope: https://www.googleapis.com/auth/compute.readonly + startup_script: "echo hi > /test.txt" + +network: + name: inspec-network + routing_mode: REGIONAL + +subnetwork: + name: inspec-subnet + ip_cidr_range: "10.2.0.0/16" + log_interval: INTERVAL_10_MIN + log_sampling: .5 + log_metadata: INCLUDE_ALL_METADATA + +rigm: + name: inspec-rigm + base_instance_name: rigm1 + target_size: 1 + named_port_name: https + named_port_port: 8888 + healing_delay: 300 + +vpn_tunnel: + name: inspec-vpn-tunnel + peer_ip: "15.0.0.120" + shared_secret: super secret + +project_sink: + name: inspec-gcp-org-sink + filter: resource.type = gce_instance AND severity = DEBUG + +project_exclusion: + name: inspec-project-exclusion + description: My project exclusion description + filter: resource.type = gce_instance AND severity <= DEBUG + +alert_policy: + display_name: Display + combiner: OR + condition_display_name: condition + condition_filter: "metric.type=\"compute.googleapis.com/instance/disk/write_bytes_count\" AND resource.type=\"gce_instance\"" + condition_duration: 60s + condition_comparison: COMPARISON_GT + +dns_managed_zone: + # managed zone dns_name must be randomly generated, so it happens in the other script + name: example-zone + description: example description + dnssec_config_state: 'on' + +logging_metric: + name: some/metric + filter: 'resource.type=gae_app AND severity>=ERROR' + metric_kind: DELTA + value_type: INT64 + +compute_image: + name: inspec-image + source: https://storage.googleapis.com/bosh-gce-raw-stemcells/bosh-stemcell-97.98-google-kvm-ubuntu-xenial-go_agent-raw-1557960142.tar.gz + +security_policy: + name: sec-policy + action: deny(403) + priority: "1000" + ip_range: "9.9.9.0/24" + description: my description + +memcache_instance: + name: mem-instance + +accelerator_type: + name: accelerator_id + +global_operation: + name: operation-1635274037755-5cf45e8217d56-c081cd9a-c3ea7346 + operationType: "compute.externalVpnGateways.insert" + +interconnect_location: + name: akl-zone1-1353 + facility_provider_facility_id: 'Auckland - Albany' + facility_provider: Vocus + +image_family_views: + zone: us-central1-c + name: image-1 + source_type: RAW + status: READY + archive_size_bytes: 539099200 + disk_size_gb: 3 + family: test + +license_code: + name: akl-zone1-1353 + +region_instance_group: + name: instance-group-2 + region: us-central1 + size: 1 + named_port_name: 'port' + named_port_port: 80 + +region_operation: + name: operation-1641188435323-5d4a6f5b26934-9281422c-dce238f5 + region: us-central1 + operation_type: "compute.instanceGroupManagers.insert" + status: DONE + progress: 100 + +sql_database_flag: + name : audit_log + type : STRING + applies_to: MYSQL_5_6 + allowed_string_values: ON + requires_restart: true + +sql_connect: + region: us-central1 + database_version: POSTGRES_13 + backend_type: SECOND_GEN + cert_serial_number: 0 + common_name: "test_gcp_1" + sha1_fingerprint: "80c5c611c0a591db967c7dda3467e23127288fed" + instance: test-pg + +sql_operation: + name: e5c522f1-8391-4830-a8ff-ff1cc4a7b2a5 + status: DONE + operation_type: CREATE +public_delegated_prefix: + name: test + +region_health_check: + name: inspec-gcp-region-health-check + region: us-central1 + timeout_sec: 10 + check_interval_sec: 10 + tcp_health_check_port: 80 + +dlp: + name: "i-inspec-gcp-dlp" + location: "us-east-2" + type: "INSPECT_JOB" + state: "ACTIVE" + inspectDetails: + requestedOptions: + snapshotInspectTemplate: "" + jobConfig: + storageConfig: + hybridOptions: + description: "test" + tableOptions: "" + description: "Description" + display_name: "Displayname" + job_attribute_name: "job_attribute-1" + job_trigger_status: "HEALTHY" + job_trigger_name: "name1" + job_trigger_display_name: "dp" + job_trigger_description: "description" + deidentify_templates: + name: "dlp-template-inspec" + location: "europe-west2" + type: "Infotype" + +featurestore: + name : "value_name" + region : "value_region" + parent : "value_parent" + state : "value_state" + create_time : "value_createtime" + etag : "value_etag" + update_time : "value_updatetime" + +training_pipeline: + name : "value_name" + job_id: "job_id" + region : "value_region" + parent : "value_parent" + + +nas_job: + name : "value_name" + region : "value_region" + parent : "value_parent" + end_time : "value_endtime" + state : "value_state" + create_time : "value_createtime" + display_name : "value_displayname" + start_time : "value_starttime" + update_time : "value_updatetime" + +batch_prediction_job: + name : "value_name" + region : "value_region" + parent : "value_parent" + create_time : "value_createtime" + model_version_id : "value_modelversionid" + end_time : "value_endtime" + start_time : "value_starttime" + update_time : "value_updatetime" + state : "value_state" + model : "value_model" + display_name : "value_displayname" + service_account : "value_serviceaccount" + +custom_job: + name : "value_name" + job_id: "job_id" + region : "value_region" + parent : "value_parent" + +index: + name : "value_name" + region : "value_region" + parent : "value_parent" + description : "value_description" + display_name : "value_displayname" + metadata_schema_uri : "value_metadataschemauri" + index_update_method : "value_indexupdatemethod" + update_time : "value_updatetime" + create_time : "value_createtime" + etag : "value_etag" + +tensorboard: + name : "value_name" + region : "value_region" + parent : "value_parent" + update_time : "value_updatetime" + blob_storage_path_prefix : "value_blobstoragepathprefix" + etag : "value_etag" + create_time : "value_createtime" + display_name : "value_displayname" + description : "value_description" + +model: + name : "value_name" + region : "value_region" + parent : "value_parent" + update_time : "value_updatetime" + etag : "value_etag" + description : "value_description" + create_time : "value_createtime" + pipeline_job : "value_pipelinejob" + version_update_time : "value_versionupdatetime" + metadata_artifact : "value_metadataartifact" + metadata_schema_uri : "value_metadataschemauri" + version_id : "value_versionid" + artifact_uri : "value_artifacturi" + training_pipeline : "value_trainingpipeline" + display_name : "value_displayname" + version_create_time : "value_versioncreatetime" + version_description : "value_versiondescription" + +index_endpoint: + name : "value_name" + region : "value_region" + parent : "value_parent" + display_name : "value_displayname" + create_time : "value_createtime" + network : "value_network" + update_time : "value_updatetime" + public_endpoint_domain_name : "value_publicendpointdomainname" + etag : "value_etag" + description : "value_description" + +featurestores_entity_type: + name : "value_name" + region : "value_region" + parent : "value_parent" + description : "value_description" + create_time : "value_createtime" + etag : "value_etag" + update_time : "value_updatetime" + + +tensorboard_experiment_run: + name : "sklearn-2023-09-22-17-16-16-a25b0" + tensorboard: "1976367752880848896" + experiment: "autologging-experiment-fyc24zb2" + region : "us-central1" + parent : "projects/165434197229/locations/us-central1/tensorboards/1976367752880848896/experiments/autologging-experiment-fyc24zb2/runs/" + +studies_trial: + name : "1" + region : "us-central1" + parent : "projects/165434197229/locations/us-central1/studies/2975668570413/trials/" + study: "890385007008" + start_time : "value_starttime" + end_time : "value_endtime" + infeasible_reason : "value_infeasiblereason" + client_id : "value_clientid" + custom_job : "value_customjob" + state : "value_state" + id : "value_id" + +hyperparameter_tuning_job: + name : "9200900561803673600" + region : "us-central1" + parent : "projects/165434197229/locations/us-central1/hyperparameterTuningJobs/" + state : "JOB_STATE_RUNNING" + end_time : "value_endtime" + update_time : "value_updatetime" + start_time : "value_starttime" + create_time : "value_createtime" + display_name : "inspec-hyper-test-hyperparameter-tuning-job" + +models_evaluation: + name : "value_name" + region : "value_region" + parent : "value_parent" + data_item_schema_uri : "value_dataitemschemauri" + metrics_schema_uri : "value_metricsschemauri" + create_time : "value_createtime" + annotation_schema_uri : "value_annotationschemauri" + display_name : "value_displayname" + +tensorboards_experiment: + name : "inspec-tensor-experiment" + region : "us-central1" + parent : "projects/165434197229/locations/us-central1/tensorboards/6346548241290493952/experiments/" + description : "value_description" + tensorboard: "6346548241290493952" + source : "value_source" + display_name : "inspec-tensor-experiment" + create_time : "value_createtime" + update_time : "value_updatetime" + etag : "value_etag" + +featurestore_entity_type_feature: + parent : "value_parent" + region : "value_region" + description : "value_description" + create_time : "value_createtime" + etag : "value_etag" + name : "value_name" + update_time : "value_updatetime" + value_type : "value_valuetype" + +dataset_data_item_annotation: + name: "1746031646898913280" + region: "us-central1" + dataset: "1044994542735982592" + dataItem: "75173735366921" + parent: "projects/165434197229/locations/us-central1/datasets/1044994542735982592/dataItems/75173735366921/annotations/" + +model_deployment_monitoring_job: + name : "4965515800912855040" + region : "us-central1" + parent : "projects/165434197229/locations/us-central1/modelDeploymentMonitoringJobs/" + state : "value_state" + analysis_instance_schema_uri : "value_analysisinstanceschemauri" + endpoint : "projects/165434197229/locations/us-central1/endpoints/5787303642054787072" + display_name : "churn" + schedule_state : "value_schedulestate" + predict_instance_schema_uri : "value_predictinstanceschemauri" + next_schedule_time : "value_nextscheduletime" + create_time : "value_createtime" + log_ttl : "value_logttl" + update_time : "value_updatetime" + +metadata_stores_metadata_schema: + name : "system-dag-execution-v0-0-1" + region : "us-central1" + parent : "projects/165434197229/locations/us-central1/metadataStores/default/metadataSchemas/" + metadataStore: "default" + schema_type : "EXECUTION_TYPE" + description : "value_description" + schema_version : "value_schemaversion" + create_time : "value_createtime" + schema : "value_schema" + +metadata_stores_execution: + name : "12528100122877440041" + region : "us-central1" + parent : "projects/165434197229/locations/us-central1/metadataStores/default/executions/" + metadataStore: "default" + create_time : "value_createtime" + schema_version : "value_schemaversion" + state : "value_state" + etag : "value_etag" + display_name : "endpoint-create-20230918054541-20230918054500491" + schema_title : "value_schematitle" + description : "value_description" + update_time : "value_updatetime" + +metadata_stores_context: + name : "autologging-experiment-w0apl7la-autologging-tf-experiment-w0apl7la" + region : "us-central1" + parent : "projects/165434197229/locations/us-central1/metadataStores/default/contexts/" + metadataStore: "default" + schema_title : "value_schematitle" + etag : "value_etag" + description : "value_description" + display_name : "autologging-tf-experiment-w0apl7la" + schema_version : "value_schemaversion" + create_time : "value_createtime" + update_time : "value_updatetime" + +metadata_stores_artifact: + name : "2811503570633325756" + region : "us-central1" + parent : "projects/165434197229/locations/us-central1/metadataStores/default/artifacts/" + metadataStore: "default" + schema_version : "value_schemaversion" + display_name : "value_displayname" + etag : "value_etag" + update_time : "value_updatetime" + state : "value_state" + uri : "value_uri" + create_time : "value_createtime" + schema_title : "value_schematitle" + description : "value_description" + +datasets_saved_query: + parent : "projects/165434197229/locations/us-central1/datasets/1044994542735982592/savedQueries/" + region : "us-central1" + dataset: "1044994542735982592" + update_time : "value_updatetime" + problem_type : "value_problemtype" + name : "2236927819407949824" + create_time : "value_createtime" + etag : "value_etag" + display_name : "inspec-annotation-test" + annotation_filter : "value_annotationfilter" + +datasets_annotation_spec: + name : "5438527833485869056" + region : "us-central1" + dataset: "1044994542735982592" + parent: "projects/165434197229/locations/us-central1/datasets/1044994542735982592/annotationSpecs/" + display_name : "InSpec" + etag : "value_etag" + create_time : "value_createtime" + update_time : "value_updatetime" + +nas_jobs_nas_trial_detail: + name : "1" + region : "us-central1" + nasJob: "3217974009958236160" + parent : "projects/ppradhan/locations/us-central1/nasJobs/3217974009958236160/nasTrialDetails/" + parameters : "value_parameters" + +metadata_store: + name : "default" + region : "us-central1" + parent : "projects/165434197229/locations/us-central1/metadataStores/" + description : "value_description" + create_time : "value_createtime" + update_time : "value_updatetime" + +endpoint: + name : "value_name" + region : "value_region" + parent : "value_parent" + update_time : "value_updatetime" + model_deployment_monitoring_job : "value_modeldeploymentmonitoringjob" + description : "value_description" + network : "value_network" + display_name : "value_displayname" + etag : "value_etag" + create_time : "value_createtime" + +models_evaluations_slice: + name : "value_name" + region : "value_region" + parent : "value_parent" + create_time : "value_createtime" + metrics_schema_uri : "value_metricsschemauri" + +datasets_data_item: + parent : "value_parent" + region : "value_region" + update_time : "value_updatetime" + etag : "value_etag" + name : "value_name" + create_time : "value_createtime" + +study: + name : "value_name" + region : "value_region" + parent : "value_parent" + display_name : "value_displayname" + state : "value_state" + create_time : "value_createtime" + inactive_reason : "value_inactivereason" + +tensorboard_experiment_run_time_series_resource: + name : "value_name" + region : "value_region" + parent : "value_parent" + plugin_name : "value_pluginname" + plugin_data : "value_plugindata" + description : "value_description" + etag : "value_etag" + display_name : "value_displayname" + update_time : "value_updatetime" + create_time : "value_createtime" + value_type : "value_valuetype" + +project_region_cluster: + cluster_name : "value_clustername" + project_id : "value_projectid" + region : "value_region" + +project_location_image_version: + parent : "value_parent" + +vpn_gateway: + project : "value_project" + region : "value_region" + vpn_gateway : "value_vpngateway" + kind : "value_kind" + id : "value_id" + creation_timestamp : "value_creationtimestamp" + name : "value_name" + description : "value_description" + network : "value_network" + self_link : "value_selflink" + label_fingerprint : "value_labelfingerprint" + stack_type : "value_stacktype" +organization: + name : "value_name" + parent : "value_parent" + api_consumer_data_encryption_key_name : "value_apiconsumerdataencryptionkeyname" + runtime_database_encryption_key_name : "value_runtimedatabaseencryptionkeyname" + runtime_type : "value_runtimetype" + type : "value_type" + authorized_network : "value_authorizednetwork" + project_id : "value_projectid" + description : "value_description" + ca_certificate : "value_cacertificate" + subscription_type : "value_subscriptiontype" + customer_name : "value_customername" + created_at : "value_createdat" + last_modified_at : "value_lastmodifiedat" + subscription_plan : "value_subscriptionplan" + state : "value_state" + control_plane_encryption_key_name : "value_controlplaneencryptionkeyname" + analytics_region : "value_analyticsregion" + api_consumer_data_location : "value_apiconsumerdatalocation" + display_name : "value_displayname" + apigee_project_id : "value_apigeeprojectid" + expires_at : "value_expiresat" + billing_type : "value_billingtype" +project_location_environment: + name : "value_name" + parent : "value_parent" + uuid : "value_uuid" + state : "value_state" + create_time : "value_createtime" + update_time : "value_updatetime" + +project_policy: + name : "value_name" + parent : "value_parent" \ No newline at end of file diff --git a/docs/resources/google_orgpolicy_project_policies.md b/docs/resources/google_orgpolicy_project_policies.md new file mode 100644 index 000000000..c207c3c9a --- /dev/null +++ b/docs/resources/google_orgpolicy_project_policies.md @@ -0,0 +1,31 @@ +--- +title: About the google_orgpolicy_project_policies resource +platform: gcp +--- + +## Syntax +A `google_orgpolicy_project_policies` is used to test a Google ProjectPolicy resource + +## Examples +``` + describe google_orgpolicy_project_policies(parent: ' value_parent') do + it { should exist } + end +``` + +## Properties +Properties that can be accessed from the `google_orgpolicy_project_policies` resource: + +See [google_orgpolicy_project_policy.md](google_orgpolicy_project_policy.md) for more detailed information + * `dry_run_specs`: an array of `google_orgpolicy_project_policy` dry_run_spec + * `specs`: an array of `google_orgpolicy_project_policy` spec + * `names`: an array of `google_orgpolicy_project_policy` name + * `alternates`: an array of `google_orgpolicy_project_policy` alternate + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions + +Ensure the [None](https://console.cloud.google.com/apis/library/orgpolicy.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_orgpolicy_project_policy.md b/docs/resources/google_orgpolicy_project_policy.md new file mode 100644 index 000000000..dc3ff31ae --- /dev/null +++ b/docs/resources/google_orgpolicy_project_policy.md @@ -0,0 +1,136 @@ +--- +title: About the google_orgpolicy_project_policy resource +platform: gcp +--- + +## Syntax +A `google_orgpolicy_project_policy` is used to test a Google ProjectPolicy resource + +## Examples +``` +describe google_orgpolicy_project_policy(name: ' value_name') do + it { should exist } + +end + +describe google_orgpolicy_project_policy(name: "does_not_exit") do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_orgpolicy_project_policy` resource: + + + * `dry_run_spec`: Defines a Google Cloud policy specification which is used to specify constraints for configurations of Google Cloud resources. + + * `update_time`: Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy. + + * `rules`: In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence. + + * `condition`: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. + + * `title`: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. + + * `location`: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. + + * `expression`: Textual representation of an expression in Common Expression Language syntax. + + * `description`: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. + + * `deny_all`: Setting this to true means that all values are denied. This field can be set only in policies for list constraints. + + * `allow_all`: Setting this to true means that all values are allowed. This field can be set only in policies for list constraints. + + * `enforce`: If `true`, then the policy is enforced. If `false`, then any configuration is acceptable. This field can be set only in policies for boolean constraints. + + * `values`: A message that holds specific allowed and denied values. This message can define specific values and subtrees of the Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - `projects/` (for example, `projects/tokyo-rain-123`) - `folders/` (for example, `folders/1234`) - `organizations/` (for example, `organizations/1234`) The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used. + + * `denied_values`: List of values denied at this resource. + + * `allowed_values`: List of values allowed at this resource. + + * `etag`: An opaque tag indicating the current version of the policySpec, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current policySpec to use when executing a read-modify-write loop. When the policy is returned from a `GetEffectivePolicy` request, the `etag` will be unset. + + * `reset`: Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false. + + * `inherit_from_parent`: Determines the inheritance behavior for this policy. If `inherit_from_parent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints. + + * `spec`: Defines a Google Cloud policy specification which is used to specify constraints for configurations of Google Cloud resources. + + * `update_time`: Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy. + + * `rules`: In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence. + + * `condition`: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. + + * `title`: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. + + * `location`: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. + + * `expression`: Textual representation of an expression in Common Expression Language syntax. + + * `description`: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. + + * `deny_all`: Setting this to true means that all values are denied. This field can be set only in policies for list constraints. + + * `allow_all`: Setting this to true means that all values are allowed. This field can be set only in policies for list constraints. + + * `enforce`: If `true`, then the policy is enforced. If `false`, then any configuration is acceptable. This field can be set only in policies for boolean constraints. + + * `values`: A message that holds specific allowed and denied values. This message can define specific values and subtrees of the Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - `projects/` (for example, `projects/tokyo-rain-123`) - `folders/` (for example, `folders/1234`) - `organizations/` (for example, `organizations/1234`) The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used. + + * `denied_values`: List of values denied at this resource. + + * `allowed_values`: List of values allowed at this resource. + + * `etag`: An opaque tag indicating the current version of the policySpec, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current policySpec to use when executing a read-modify-write loop. When the policy is returned from a `GetEffectivePolicy` request, the `etag` will be unset. + + * `reset`: Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false. + + * `inherit_from_parent`: Determines the inheritance behavior for this policy. If `inherit_from_parent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints. + + * `name`: Immutable. The resource name of the policy. Must be one of the following forms, where `constraint_name` is the name of the constraint which this policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, `projects/123/policies/compute.disableSerialPortAccess`. Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number. + + * `alternate`: Similar to PolicySpec but with an extra 'launch' field for launch reference. The PolicySpec here is specific for dry-run/darklaunch. + + * `launch`: Reference to the launch that will be used while audit logging and to control the launch. Should be set only in the alternate policy. + + * `spec`: Defines a Google Cloud policy specification which is used to specify constraints for configurations of Google Cloud resources. + + * `update_time`: Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy. + + * `rules`: In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence. + + * `condition`: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. + + * `title`: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. + + * `location`: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. + + * `expression`: Textual representation of an expression in Common Expression Language syntax. + + * `description`: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. + + * `deny_all`: Setting this to true means that all values are denied. This field can be set only in policies for list constraints. + + * `allow_all`: Setting this to true means that all values are allowed. This field can be set only in policies for list constraints. + + * `enforce`: If `true`, then the policy is enforced. If `false`, then any configuration is acceptable. This field can be set only in policies for boolean constraints. + + * `values`: A message that holds specific allowed and denied values. This message can define specific values and subtrees of the Resource Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed or denied. This is achieved by using the `under:` and optional `is:` prefixes. The `under:` prefix is used to denote resource subtree values. The `is:` prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats: - `projects/` (for example, `projects/tokyo-rain-123`) - `folders/` (for example, `folders/1234`) - `organizations/` (for example, `organizations/1234`) The `supports_under` field of the associated `Constraint` defines whether ancestry prefixes can be used. + + * `denied_values`: List of values denied at this resource. + + * `allowed_values`: List of values allowed at this resource. + + * `etag`: An opaque tag indicating the current version of the policySpec, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current policySpec to use when executing a read-modify-write loop. When the policy is returned from a `GetEffectivePolicy` request, the `etag` will be unset. + + * `reset`: Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false. + + * `inherit_from_parent`: Determines the inheritance behavior for this policy. If `inherit_from_parent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints. + + +## GCP Permissions + +Ensure the [None](https://console.cloud.google.com/apis/library/orgpolicy.googleapis.com/) is enabled for the current project. diff --git a/libraries/google/orgpolicy/property/projectpolicy_alternate.rb b/libraries/google/orgpolicy/property/projectpolicy_alternate.rb new file mode 100644 index 000000000..0849b37dc --- /dev/null +++ b/libraries/google/orgpolicy/property/projectpolicy_alternate.rb @@ -0,0 +1,39 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/orgpolicy/property/projectpolicy_alternate_spec' +require 'google/orgpolicy/property/projectpolicy_alternate_spec_rules' +module GoogleInSpec + module Orgpolicy + module Property + class ProjectPolicyAlternate + attr_reader :launch + + attr_reader :spec + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @launch = args['launch'] + @spec = GoogleInSpec::Orgpolicy::Property::ProjectPolicyAlternateSpec.new(args['spec'], to_s) + end + + def to_s + "#{@parent_identifier} ProjectPolicyAlternate" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/projectpolicy_alternate_spec.rb b/libraries/google/orgpolicy/property/projectpolicy_alternate_spec.rb new file mode 100644 index 000000000..48f4af3ca --- /dev/null +++ b/libraries/google/orgpolicy/property/projectpolicy_alternate_spec.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/orgpolicy/property/projectpolicy_alternate_spec_rules' +module GoogleInSpec + module Orgpolicy + module Property + class ProjectPolicyAlternateSpec + attr_reader :update_time + + attr_reader :rules + + attr_reader :etag + + attr_reader :reset + + attr_reader :inherit_from_parent + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @update_time = args['updateTime'] + @rules = GoogleInSpec::Orgpolicy::Property::ProjectPolicyAlternateSpecRulesArray.parse(args['rules'], to_s) + @etag = args['etag'] + @reset = args['reset'] + @inherit_from_parent = args['inheritFromParent'] + end + + def to_s + "#{@parent_identifier} ProjectPolicyAlternateSpec" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/projectpolicy_alternate_spec_rules.rb b/libraries/google/orgpolicy/property/projectpolicy_alternate_spec_rules.rb new file mode 100644 index 000000000..626e48f18 --- /dev/null +++ b/libraries/google/orgpolicy/property/projectpolicy_alternate_spec_rules.rb @@ -0,0 +1,56 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/orgpolicy/property/projectpolicy_alternate_spec_rules_condition' +require 'google/orgpolicy/property/projectpolicy_alternate_spec_rules_values' +module GoogleInSpec + module Orgpolicy + module Property + class ProjectPolicyAlternateSpecRules + attr_reader :condition + + attr_reader :deny_all + + attr_reader :allow_all + + attr_reader :enforce + + attr_reader :values + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @condition = GoogleInSpec::Orgpolicy::Property::ProjectPolicyAlternateSpecRulesCondition.new(args['condition'], to_s) + @deny_all = args['denyAll'] + @allow_all = args['allowAll'] + @enforce = args['enforce'] + @values = GoogleInSpec::Orgpolicy::Property::ProjectPolicyAlternateSpecRulesValues.new(args['values'], to_s) + end + + def to_s + "#{@parent_identifier} ProjectPolicyAlternateSpecRules" + end + end + + class ProjectPolicyAlternateSpecRulesArray + def self.parse(value, parent_identifier) + return if value.nil? + return ProjectPolicyAlternateSpecRules.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| ProjectPolicyAlternateSpecRules.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/projectpolicy_alternate_spec_rules_condition.rb b/libraries/google/orgpolicy/property/projectpolicy_alternate_spec_rules_condition.rb new file mode 100644 index 000000000..2f562041d --- /dev/null +++ b/libraries/google/orgpolicy/property/projectpolicy_alternate_spec_rules_condition.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Orgpolicy + module Property + class ProjectPolicyAlternateSpecRulesCondition + attr_reader :title + + attr_reader :location + + attr_reader :expression + + attr_reader :description + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @title = args['title'] + @location = args['location'] + @expression = args['expression'] + @description = args['description'] + end + + def to_s + "#{@parent_identifier} ProjectPolicyAlternateSpecRulesCondition" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/projectpolicy_alternate_spec_rules_values.rb b/libraries/google/orgpolicy/property/projectpolicy_alternate_spec_rules_values.rb new file mode 100644 index 000000000..f9155c92b --- /dev/null +++ b/libraries/google/orgpolicy/property/projectpolicy_alternate_spec_rules_values.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Orgpolicy + module Property + class ProjectPolicyAlternateSpecRulesValues + attr_reader :denied_values + + attr_reader :allowed_values + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @denied_values = args['deniedValues'] + @allowed_values = args['allowedValues'] + end + + def to_s + "#{@parent_identifier} ProjectPolicyAlternateSpecRulesValues" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/projectpolicy_dry_run_spec.rb b/libraries/google/orgpolicy/property/projectpolicy_dry_run_spec.rb new file mode 100644 index 000000000..27c521a2d --- /dev/null +++ b/libraries/google/orgpolicy/property/projectpolicy_dry_run_spec.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/orgpolicy/property/projectpolicy_dry_run_spec_rules' +module GoogleInSpec + module Orgpolicy + module Property + class ProjectPolicyDryRunSpec + attr_reader :update_time + + attr_reader :rules + + attr_reader :etag + + attr_reader :reset + + attr_reader :inherit_from_parent + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @update_time = args['updateTime'] + @rules = GoogleInSpec::Orgpolicy::Property::ProjectPolicyDryRunSpecRulesArray.parse(args['rules'], to_s) + @etag = args['etag'] + @reset = args['reset'] + @inherit_from_parent = args['inheritFromParent'] + end + + def to_s + "#{@parent_identifier} ProjectPolicyDryRunSpec" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/projectpolicy_dry_run_spec_rules.rb b/libraries/google/orgpolicy/property/projectpolicy_dry_run_spec_rules.rb new file mode 100644 index 000000000..ce081f6b4 --- /dev/null +++ b/libraries/google/orgpolicy/property/projectpolicy_dry_run_spec_rules.rb @@ -0,0 +1,56 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/orgpolicy/property/projectpolicy_dry_run_spec_rules_condition' +require 'google/orgpolicy/property/projectpolicy_dry_run_spec_rules_values' +module GoogleInSpec + module Orgpolicy + module Property + class ProjectPolicyDryRunSpecRules + attr_reader :condition + + attr_reader :deny_all + + attr_reader :allow_all + + attr_reader :enforce + + attr_reader :values + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @condition = GoogleInSpec::Orgpolicy::Property::ProjectPolicyDryRunSpecRulesCondition.new(args['condition'], to_s) + @deny_all = args['denyAll'] + @allow_all = args['allowAll'] + @enforce = args['enforce'] + @values = GoogleInSpec::Orgpolicy::Property::ProjectPolicyDryRunSpecRulesValues.new(args['values'], to_s) + end + + def to_s + "#{@parent_identifier} ProjectPolicyDryRunSpecRules" + end + end + + class ProjectPolicyDryRunSpecRulesArray + def self.parse(value, parent_identifier) + return if value.nil? + return ProjectPolicyDryRunSpecRules.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| ProjectPolicyDryRunSpecRules.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/projectpolicy_dry_run_spec_rules_condition.rb b/libraries/google/orgpolicy/property/projectpolicy_dry_run_spec_rules_condition.rb new file mode 100644 index 000000000..477e1548a --- /dev/null +++ b/libraries/google/orgpolicy/property/projectpolicy_dry_run_spec_rules_condition.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Orgpolicy + module Property + class ProjectPolicyDryRunSpecRulesCondition + attr_reader :title + + attr_reader :location + + attr_reader :expression + + attr_reader :description + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @title = args['title'] + @location = args['location'] + @expression = args['expression'] + @description = args['description'] + end + + def to_s + "#{@parent_identifier} ProjectPolicyDryRunSpecRulesCondition" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/projectpolicy_dry_run_spec_rules_values.rb b/libraries/google/orgpolicy/property/projectpolicy_dry_run_spec_rules_values.rb new file mode 100644 index 000000000..dc21eb4bb --- /dev/null +++ b/libraries/google/orgpolicy/property/projectpolicy_dry_run_spec_rules_values.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Orgpolicy + module Property + class ProjectPolicyDryRunSpecRulesValues + attr_reader :denied_values + + attr_reader :allowed_values + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @denied_values = args['deniedValues'] + @allowed_values = args['allowedValues'] + end + + def to_s + "#{@parent_identifier} ProjectPolicyDryRunSpecRulesValues" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/projectpolicy_spec.rb b/libraries/google/orgpolicy/property/projectpolicy_spec.rb new file mode 100644 index 000000000..3d5d711ff --- /dev/null +++ b/libraries/google/orgpolicy/property/projectpolicy_spec.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/orgpolicy/property/projectpolicy_spec_rules' +module GoogleInSpec + module Orgpolicy + module Property + class ProjectPolicySpec + attr_reader :update_time + + attr_reader :rules + + attr_reader :etag + + attr_reader :reset + + attr_reader :inherit_from_parent + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @update_time = args['updateTime'] + @rules = GoogleInSpec::Orgpolicy::Property::ProjectPolicySpecRulesArray.parse(args['rules'], to_s) + @etag = args['etag'] + @reset = args['reset'] + @inherit_from_parent = args['inheritFromParent'] + end + + def to_s + "#{@parent_identifier} ProjectPolicySpec" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/projectpolicy_spec_rules.rb b/libraries/google/orgpolicy/property/projectpolicy_spec_rules.rb new file mode 100644 index 000000000..edd9aca66 --- /dev/null +++ b/libraries/google/orgpolicy/property/projectpolicy_spec_rules.rb @@ -0,0 +1,56 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/orgpolicy/property/projectpolicy_spec_rules_condition' +require 'google/orgpolicy/property/projectpolicy_spec_rules_values' +module GoogleInSpec + module Orgpolicy + module Property + class ProjectPolicySpecRules + attr_reader :condition + + attr_reader :deny_all + + attr_reader :allow_all + + attr_reader :enforce + + attr_reader :values + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @condition = GoogleInSpec::Orgpolicy::Property::ProjectPolicySpecRulesCondition.new(args['condition'], to_s) + @deny_all = args['denyAll'] + @allow_all = args['allowAll'] + @enforce = args['enforce'] + @values = GoogleInSpec::Orgpolicy::Property::ProjectPolicySpecRulesValues.new(args['values'], to_s) + end + + def to_s + "#{@parent_identifier} ProjectPolicySpecRules" + end + end + + class ProjectPolicySpecRulesArray + def self.parse(value, parent_identifier) + return if value.nil? + return ProjectPolicySpecRules.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| ProjectPolicySpecRules.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/projectpolicy_spec_rules_condition.rb b/libraries/google/orgpolicy/property/projectpolicy_spec_rules_condition.rb new file mode 100644 index 000000000..510be6d18 --- /dev/null +++ b/libraries/google/orgpolicy/property/projectpolicy_spec_rules_condition.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Orgpolicy + module Property + class ProjectPolicySpecRulesCondition + attr_reader :title + + attr_reader :location + + attr_reader :expression + + attr_reader :description + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @title = args['title'] + @location = args['location'] + @expression = args['expression'] + @description = args['description'] + end + + def to_s + "#{@parent_identifier} ProjectPolicySpecRulesCondition" + end + end + end + end +end diff --git a/libraries/google/orgpolicy/property/projectpolicy_spec_rules_values.rb b/libraries/google/orgpolicy/property/projectpolicy_spec_rules_values.rb new file mode 100644 index 000000000..4933786ce --- /dev/null +++ b/libraries/google/orgpolicy/property/projectpolicy_spec_rules_values.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Orgpolicy + module Property + class ProjectPolicySpecRulesValues + attr_reader :denied_values + + attr_reader :allowed_values + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @denied_values = args['deniedValues'] + @allowed_values = args['allowedValues'] + end + + def to_s + "#{@parent_identifier} ProjectPolicySpecRulesValues" + end + end + end + end +end diff --git a/libraries/google_orgpolicy_project_policies.rb b/libraries/google_orgpolicy_project_policies.rb new file mode 100644 index 000000000..b62e51591 --- /dev/null +++ b/libraries/google_orgpolicy_project_policies.rb @@ -0,0 +1,85 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class OrgpolicyProjectPolicys < GcpResourceBase + name 'google_orgpolicy_project_policies' + desc 'ProjectPolicy plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:dry_run_specs, field: :dry_run_spec) + filter_table_config.add(:specs, field: :spec) + filter_table_config.add(:names, field: :name) + filter_table_config.add(:alternates, field: :alternate) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('projectPolicies') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'dryRunSpec' => ->(obj) { return :dry_run_spec, GoogleInSpec::Orgpolicy::Property::ProjectPolicyDryRunSpec.new(obj['dryRunSpec'], to_s) }, + 'spec' => ->(obj) { return :spec, GoogleInSpec::Orgpolicy::Property::ProjectPolicySpec.new(obj['spec'], to_s) }, + 'name' => ->(obj) { return :name, obj['name'] }, + 'alternate' => ->(obj) { return :alternate, GoogleInSpec::Orgpolicy::Property::ProjectPolicyAlternate.new(obj['alternate'], to_s) }, + } + end + + private + + def product_url(_ = nil) + 'None/v1/' + end + + def resource_base_url + 'v2/{{parent}}/policies' + end +end diff --git a/libraries/google_orgpolicy_project_policy.rb b/libraries/google_orgpolicy_project_policy.rb new file mode 100644 index 000000000..71fea7abe --- /dev/null +++ b/libraries/google_orgpolicy_project_policy.rb @@ -0,0 +1,68 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +require 'google/orgpolicy/property/projectpolicy_alternate' +require 'google/orgpolicy/property/projectpolicy_alternate_spec' +require 'google/orgpolicy/property/projectpolicy_alternate_spec_rules' +require 'google/orgpolicy/property/projectpolicy_dry_run_spec' +require 'google/orgpolicy/property/projectpolicy_dry_run_spec_rules' +require 'google/orgpolicy/property/projectpolicy_spec' +require 'google/orgpolicy/property/projectpolicy_spec_rules' + +# A provider to manage orgpolicy resources. +class OrgpolicyProjectPolicy < GcpResourceBase + name 'google_orgpolicy_project_policy' + desc 'ProjectPolicy' + supports platform: 'gcp' + + attr_reader :params + attr_reader :dry_run_spec + attr_reader :spec + attr_reader :name + attr_reader :alternate + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get') + parse unless @fetched.nil? + end + + def parse + @dry_run_spec = GoogleInSpec::Orgpolicy::Property::ProjectPolicyDryRunSpec.new(@fetched['dryRunSpec'], to_s) + @spec = GoogleInSpec::Orgpolicy::Property::ProjectPolicySpec.new(@fetched['spec'], to_s) + @name = @fetched['name'] + @alternate = GoogleInSpec::Orgpolicy::Property::ProjectPolicyAlternate.new(@fetched['alternate'], to_s) + end + + def exists? + !@fetched.nil? + end + + def to_s + "ProjectPolicy #{@params[:name]}" + end + + private + + def product_url(_ = nil) + 'None/v1/' + end + + def resource_base_url + 'v2/{{name}}' + end +end diff --git a/test/integration/verify/controls/google_orgpolicy_project_policies.rb b/test/integration/verify/controls/google_orgpolicy_project_policies.rb new file mode 100644 index 000000000..2b91711b9 --- /dev/null +++ b/test/integration/verify/controls/google_orgpolicy_project_policies.rb @@ -0,0 +1,30 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_orgpolicy_project_policies resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') + + project_policy = input('project_policy', value: { + "name": "value_name", + "parent": "value_parent" +}, description: 'project_policy description') +control 'google_orgpolicy_project_policies-1.0' do + impact 1.0 + title 'google_orgpolicy_project_policies resource test' + + describe google_orgpolicy_project_policies(parent: project_policy['parent']) do + it { should exist } + end +end diff --git a/test/integration/verify/controls/google_orgpolicy_project_policy.rb b/test/integration/verify/controls/google_orgpolicy_project_policy.rb new file mode 100644 index 000000000..9e582cc83 --- /dev/null +++ b/test/integration/verify/controls/google_orgpolicy_project_policy.rb @@ -0,0 +1,35 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_orgpolicy_project_policy resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') + + project_policy = input('project_policy', value: { + "name": "value_name", + "parent": "value_parent" +}, description: 'project_policy description') +control 'google_orgpolicy_project_policy-1.0' do + impact 1.0 + title 'google_orgpolicy_project_policy resource test' + + describe google_orgpolicy_project_policy(name: project_policy['name']) do + it { should exist } + + end + + describe google_orgpolicy_project_policy(name: "does_not_exit") do + it { should_not exist } + end +end