From e020ab521033b3b98e4086a8655fb25ab77ba194 Mon Sep 17 00:00:00 2001
From: Kalin Krustev <kalin.krustev@gmail.com>
Date: Tue, 10 Sep 2024 15:26:35 +0300
Subject: [PATCH] feat: private submodule repository (#348)

---
 docs/profiles.md                              |  20 ++++++++++++++++++
 docs/vault-git-credentials.png                | Bin 0 -> 32688 bytes
 .../ci-templates/k8s-cluster/.gitlab-ci.yml   |  13 ++++++++----
 .../templates/mcm/values-mcm.yaml.tpl         |   4 +++-
 .../templates/pm4ml/values-pm4ml.yaml.tpl     |   2 +-
 terraform/gitops/pm4ml/pm4ml.tf               |   6 ++++++
 .../k8s/default-config/cluster-config.yaml    |   4 ++--
 .../k8s/default-config/mojaloop-vars.yaml     |   2 +-
 terraform/k8s/default-config/pm4ml-vars.yaml  |   1 +
 9 files changed, 43 insertions(+), 9 deletions(-)
 create mode 100644 docs/vault-git-credentials.png

diff --git a/docs/profiles.md b/docs/profiles.md
index 1b719d72a..6d35577c5 100644
--- a/docs/profiles.md
+++ b/docs/profiles.md
@@ -148,3 +148,23 @@ that are potentially useful are:
    ```bash
     git config -f .gitmodules --unset submodule.xxx.branch
     ```
+
+## Private repository profiles
+
+To use private repositories as submodules, the pipeline must have access to
+the repository. This can be achieved by configuring the git credentials in the
+vault path `/secret/git` under a key named `credentials`. These credentials are
+usually in the form of a personal access token (PAT), which is put in the URL,
+which points to the base host of the repository, as in this example:
+`https://user:pat@github.com`. The URL is set as the value for the
+`credentials` key:
+
+![vault git credentials](vault-git-credentials.png)
+
+If private repositories across multiple GIT servers are used, the credentials
+URL for each one must be listed in the value, separated by space.
+
+The recommended settings for the PAT are:
+
+- For `GitHub`: use fine-grained token, providing access only to the profile
+repositories with read permissions for: `Contents`, `Commit statuses`, and `Metadata`.
diff --git a/docs/vault-git-credentials.png b/docs/vault-git-credentials.png
new file mode 100644
index 0000000000000000000000000000000000000000..b0e92f617c68b66025ead5e4fe19b9c95857e98e
GIT binary patch
literal 32688
zcmd42cT`hb+b<eabSnaG3n)n0TM-3;tx^Pph#e47Is^iW^b(a$48ejZ2q*|h7wHKh
zQbK4UfCcF_1QJ4M(n1I=38Y@|-S_*>IJf<C#<*vVk&(4#pU-^e(|&WlxqIiP_&%9^
z002PT_|`QG0AObm03cHO$L_6^gYfR8tv`_fi<?&fW!=Z;w?1}x7?~LX0Obi{y!)bC
z-+Le3vJU_NB))F{L|P%m4*>x9b>nMBR-s@zWpAeKnxJ(>=X1YF$4RxTvL(6J7Jb%d
z3j7aWQNLcM<S4AEcJzNe?NH(P-qBulw7>Ac5mLto&-W!a(xpi33?VxpVz!evLxfbP
z7p86EvJLKRC1g@Jv#6VXv#`bv-I;HP%z0P0#sL5ve$vW;i)_E09{i&z?9;=N^Ma$>
zpW~joGr7;ucSSjWkg*{N77=DclCd*heb4O$R@?cP!Jl_slspc<a?iR1d=;g!gh-JN
zvRFA}%GsLO))N*5$c&CT4sS@;grL%cx>t*SC$H`k**N_g9rg;iO)J1p)m`Ixih^~$
z|8%N|J`kC(!{^Zc-+7>2F5CZ?Zz}?JZofR(A@X}@2M)!Dd5){XH>Q4G70N8b1$Ny>
zRKZsWcYs%wOjDUf<B$BPb@oVGK{2I1c*AnL>S65<0O`vwsiPj;0ha1k!e<}&e6rx^
z-A8{$iYc}*-Zw{VuggB29sg_>S3Gqf@;6b={Y4FYPN=)?nq`BkfUC0o#wyGd;&K+K
zdK`(OL#3}~ou(81!gdK+0r2fHPn3!;=bIZYLqtR^8}~MeFA)3O<Um~Plbk53Xlx1x
z8*jMdk>DC&H$c%No${!WjrHepRA45@{P;n!A^Kqx-a4gyiEm;X$fq~{Xga-r)eN8x
zD*PZFnQ-mQmt=wATD!gg#d`+G1pc`-zMt7DvsTviT>bD|9hV6mUUj*b=_$4T&IxC(
z<=wk-bO5iYTFweB&_&qIABLNB!_K*V)=@P3USqjlq)n$#O~&ZoW2K}PU?0$BJD=v8
zJX-_JqyGZTns3v+!o8re%inV%4s?dmsZ$7r@05Cu%(UzhYYWmJWEXZFH+*rxu}Q8A
z@RXpXGl%ejEJNh7*;M&5HucyNHO4Ra%0#)5#s;>()O?db&(jfeJJ4+_vT^Ifj@j0J
z=c|D3oIjeP2E=tJh3ctJCCNZFA_dE46=n^5c@y$uZLMvJi5K#FGE&l};`Q%HV`y`H
z#j}~f)|{Bk4Pxxq!0<Q+nYF$>G6It67C(xb9f&|Z3|VbjDQRYZOEN9?O-^c9>1xCK
z%tG`V9*cdYWYZ@2O1q?eZ(aZhLnbvDjH~RiTqe!3VI>n`ckWIIkIEkl&7sv6mdouC
zhh10?CmBEc{zj|;=2OrdT+tjKCePtIjZs@pI*Ym_*`HbNK@!82YT@2}cFvt2X=*-L
zwSUN=nw#b8#N%|p(=O{&q-haL#d+zW9GthpnMwdw1rXKEG6bmXP)-=UWH<>Va<Q!c
zO!)MQN1(|s6^`G)4e{g4pHejV%{j59j-1)0x-w$d5-#jH@H+SwpN}<5zbL?SmS14`
zB_oH9Mbd`!L2Luf%LOK>eQ@AYXW=nc4F2Jdvf8B^P7%K_Buqebb~x|8l6vNB&zaEY
zis@;~Nusq;fc=M`+I%L{qma0jzK{l56jjB;)_Q=Jj&w*0g@n5>Gf#F!&}5b1*i%k_
zWM6u8C58Tc${bxH3t2+SXwi!8RwngkKDt(gFu-b{x@#KyBU<G0(QB#Kz<MN+;pf8>
zyKTjuO7R4vxyeAKV9H}QAB<V`RGKt;Q*Rwzog@)u+*rRqG0IW)b9ujG2D@HJ+=b06
z|F!12VL+0vVXIRDzhd+XEHXo&v)xXlsR*k(fxv%`sHU(Be@SQQgG(pShG@264I!g_
zYq@9!ZkB<$ySeWOZlyvwtF&<TmEIpl-Mq)+k->D*udzJ+Dmc{;k^`nxV*PovEWyEO
zck+-LsS%dJS{$KA+^!5cz|0V%LfK1wDQX!wMesX12{S-0(jFFI_{SU3R|i5kraLdo
z_^kOnUxp4TF$sP@345ZPT?c%#)ee1-%5W!o2r@#)Hl^qKT66B<UhdY*^}I(9rkd3U
zFRgn|+R1+Z{5__`s-(Yev$~%7gRC&m8N+U{I~xNsu!EmGgs8vJjRgpT#8|MR)S&6b
zR<0~cZ$moAY*pY;5_Ug{vEz|@F2N)mwXU-PwMerl*&>z2gM4DC*NH50elGh&#XpbB
z%Nmy4okllJF!W)kuVYVb@%+XS=kxH3Yi~&i`zg&MYUwry?G9-AJ}t8iue}e8i8o-`
z5rE27J?}5n2Q&ID6Abc^8jMfK`k>xYh({=Qtw9PE7~Vw^Sm<KigA)C5D>6<5<^!|i
z>~f%1Ky{`Xgk8y%ekeIMpi^Z|ap4kK0d+9?ZqRN(i#-Ue+KlNZf11Y9VW}Gd7u-9B
zD}ohdedTNtGv5cxsavO2D2L&5CD-en4AdbEabZZSnM2()6mm?zcC^^*LY8A$L;PdB
zn65RubQi%euS~iy;gzj3%$f*>qTs5oYM|=DeB&f5TzC+C-wvA?pMn+}3$LlLf`4$q
z)ztHdG2a2dpLAG;0?WBktm#yq#rUTBQBbmbh6fxqty3fSrk^_3{^1Pj!Sz^gs(^3e
zSanTS+jo8TmN0B~Cx7jY2M=`7N~#m_J!dAl5T+GW!N#tZSO?kgd+oK4%OH0cxb-W8
zjW4$yEC?idY4LRdkqrl4+K83^Kp1$~eklz~aZ6`<&-3Gcw4m*it1L|6`$fS?RZpU_
z!xs8>zz_CI%+bdUk%|X)0l4+v1QobSi~Z$F@4BHf9gQoG?nCLN;gxh9+8?TkL~?aT
zYDSjJuT*}j#?D7KCbqc%_9dD3O6YgAfUi-2@ADh3G1d=W8eF*^Q+$0bAZRG9k9;R%
zW5HT$ZY5f4GwFT0V8jl#Io}%Yv7x#!n2W++dyP?+-(>lW@my+CbKvb6IuC|T$Ex-S
zBT~VkGml|foA~ghd6BV(&LIdP3m6U$U2wHN?R=*P$p2_4$9<;mPbOsua)__;p|>+~
z6f}JU%i2Ha8q4bB*EDH&bA7BaGFo0U8t;FQ_HAwKKXDhrpBrW`C+jpY1$IswMZsgd
z$?xWaU0A-EFbwk6P+nLNQn-doI90;6Ho$HEAQec+uH@=aUrjIsMDDpiOfoYvp^e!Q
z5ydy)t5G3vE_eLIPFz?s=jPkvsho{qp_KG=Py7&zK}7>c@vaH_Hp(fdC(LN0%zfhg
zo?Ebs{s=bjM*QY&^ZgNhKERYekxTCEV_K{WXxwAPO1@vm$Z9ZtdEtpQ!iE^BoHMXT
zn01i3B1STl@E~8Dra}s!j7#j*M+}1_-4Zt3F_?25yF8BCkIiB8E?B%{iyw$Bwe@gS
zY8slbuJZ0VR_;bO1X)&xV@+F=S%MptkH3a9AXyiBERbU4(5Z=1=RL?e$MOeriE2Zw
zFJLzfmJ^<hv17E7j<HzLC3rCwe@lk9HZTz5T<VgmuUvIm2r#p_nyw$VwrI#Y`pgr5
zteL@vD%@F3!BXGazQQ5XG2P2E9zP`Js1f>usZpZOJe3@c0RPa*ShnDA12MeO9y74{
z4|9W%Z&$Z@>-i(uupP}m&<i6SvOQgZOy{jVvcKt+!<k19+aSwClUHBwaWcv`#SUuu
zbU#IF($@zNwA$u``SP1fz|((#F2bgpp$#enL%Kues!3H5UvF5WEbOuCwP0zCL{_ah
z#JmB@mPg%oD4<4goxYzy93~j##dqH+p0#$?vPa>;6g>xw-bjY~mgq(1B-zkrt&u_D
zPqiRv1EbU~P<1#PgCHwsSq*_$o)x_#8>4Gh`M3V$e|h-cVu-)M$8_s=`}YouwTP&m
zsgAF3sNy8W98oQEh8qv{sM^lK_ed09YfBuHWagRkOzHXp`vTL{zE^QH=D=zJsoo>O
z<iqKC)Yph<l$r0!A@g-THO}U2PT=GlB}bR~?x=Avm|H?-)DiiL#1#@s-I<jKg=sHL
zCtdZ!L2C1Iu!2K(PA?c#i&xW?vjQu0fcWyA$y4#Flk}ac$G*%8Q^&ByS2klvRbDT!
zk^(lK4<=N@FKG`$1tZB>e7QF8SAp>OG=G^Sl0m1cWx$DPK{VPJSAi+<Zr>Ka4L9GX
z;weQc1cVP+o2?tbZ84!vnIm)Sg@P~Y-m(amCzqakGiTL5=TXaEaNAp4D&4@3a8x0D
zy=^~IC_M<<`Ar2`cl?iVX!qXw1dM3)Ul)>;;|cC;CvSXO2n%}GTtIU}&k7>>)q<)A
zY5GgUzbIff&4IyXr%n^Vp8k}X2O$lQGuas~FLc=rDGRUwXZi>Z1Vq~{QCf%fe4SWw
z*npcXj^P)ECRv@!uTH86rfT`v)KVu8s@Nkw;H_q|Lnrqd2sWn1HWHOg`$eBE10Jn)
z>G*Kg@0RFFxK9xEzE`|+&sCcnU$~`m8=XbRx==^<?y5hYC|<2VAO2zT+V7{?=6&HW
zGT^w{HwR+~8mSLe!n24bFX@nnd%r|Ic(_>N@oEk;0im(GKn)AM(p4ADdoFDjbH<+J
z;a>(alT&G$((k0tI_4wMLSz{uAX=w%W8Nb<*m+5<2Qm{izSiS2iNU4mLbKIrk6#F$
zxH_}3ss1&(Fy-q*wL`;?lNwk*LMQ{k4rWe-LxUg~0`JPMZ>kp#`H|O0O|LSEjciXw
zBVPsFP$M0#0AH|YL=ahZ)?aTn%&I{(?X^6ROTL8cL((t9_g3SB^}AuUCo>0rX1EKU
zZdxM(+e^k0cujD_PasI$4_XlW6;fEb;tI4VQm0sb6(v%ZTEmBXr3tedwxRSKL4RKC
z*l|`&y0$)bi{HV83LI|M*rj@5&AB{W6QwlFG;2a)S84uW%ZRIRqkgHjGQoeI@D-F(
z-fs#TLP(Keel_eeymxcM$QX~;BB5P+_!BgNW;KZOutjm~-P%6{<sx6`z<J6FP;P6r
zuo=o&mWV%l4TI0G)B);Okf?oj^?Cb_Olf+x*imM{Kr&vE&zA^sVaA5M7o<p6o%x4*
zF;kS=o$53pN*cL<ABr>3V6(pa!OEBt=jm(2>Z{6(p!vss8jM}BQPXe(t;-=irp6d_
z6Qv`dGlv~2S!pHrbuElWbuO27s5H3ShJK9K3}Iozr<;WX38qpsJGR{8A8E{nLw;;F
zd{lp4dm<@eeRLqfi#F6--N^~AWAl9sI1o~e(TP|11sG&RlM60q9OagkGgMq{-M?^;
zf}&AKAuPm;iAWx+DjjAt1hv;ds9-ePksDFPXl#`i)Q9}7QQz{S>D!w_I7OGMp@2V3
zI^OAWyTt8I8}{!T@bMsWFzoUu7crdnuwj+gO$2*34<}sp18Cb!`WRhwA?~g2^-;n@
z8uW)UAXvX}MTfR?60B~n0)njuA9!h;Q@fK$SGhNNEr>>HLn3?^1`!kdIXmlz$Y5W>
zTl$t)Tm)U~NI8Rg86IR^@z5CMj5mVBhdK{s1l|}b-Mo%&V7V`xAF+quD18}*7i(6|
zv9bvn3r?~XCEw;R%sJckB6P{ee2^?2<@sH$r(7Q_>H}->RUFRCCeaJ{EqJq}N7;Ni
zV)4X?^gGeFVU_rmD}MPGdQ6s0V$>q}K0j&TBWGpR@sl#>e2N}x7#os<MYpG-Kh-aV
z-IB(LiN05g#jgn*yb8+Imr?tWqKVGLQ>tNR0#EdVf)N`Nf5LF-U|%-Uk4h6pG>dr!
zd%gV-<fFyPt1>-b>R5g|z&&bAtorud>*}iZbjGbBn-avrN)eP>ceMyuv?R2RhL1Z5
z+D*=zCaY&L*pD@Xx-WL%5;{V0Ze*p{(jTwOXV3FHdKz9dwlC=pJ>FBG<wIPNI4j+m
zRRF;Y+CkmJhCF7f*4W<IPpNIUL?2TD<((~%1CDe(yzY_F)}i;-@2XjiY(5ngKH<C*
z$9Oq48iHbu`Wg*id32*xDkgbpY^^CTd>(^kj@`^bOckVtt!;%Xo|XlMV>a2;s(@Ar
zbY({w1<gX3lC@EG@(9rnhl~z<c>x#OVe_~9;&{$-h8BAINv~K*u9}7h(b5jAud&#8
zVYL42hvY)CVHLhF{8hKv%>dyq8o+l#$6?Dj7V)REcgT6E_`xf?^qOQYZirICiB!xS
zSD|6&W?`IcI3e)`qMa)IVwH0zExgx7snSO8;a@`tL-La}`||T=oGy2Fb1tl|4DaPU
zY<cKMZM;fAS`(Zhyx1G~3!TUqn5O+Q#=Bc;cPZ{2#;5A?L--5rJeH{6v(AV}dh{@Y
zMw0Z>Y))7&H1m>6j;e%tCb;1qI=p#2y}Vg;X#Km#A?8Xn!;8%F)1$AagOhE1T)pV-
zU0-aYJ=@rC)bkIonapRyf0-Gu2G_s@3Qw^{Ga)&V9P~k`&oQ9DxN+d0;@SA*;TvGd
zev?SG{9n^9%E&GChak!YES>|`KU7tUW62C-p09BY<A1c&lQATm2Uhy|R}`38Nyc&;
zU^LjC8oo<JLZ|}BvpRM@<H512o$9Z-yI;E*ah+)Ue|z&Zo_ngA54$`&-)yyoFh(uC
z&F5KC#)^szk2B-hxQH#wd@H<h3@cVOBg+QzUJ`AM-v8a|GcOs-#KHS@uy%3M^(nP5
zg%mZ*A!sL&DpL@_=ARgdkUW1-e%D($9%%2;^U_vf)vl_@LZ4hUERyD4pokAPdV>zZ
zIm5s7q-ZIa;waTGu$}LpRBahi5>2Nn4iDSCK|2XfH%t@na-g1xHmJS^(Kq0pUK=G+
zc#MQErLIfvoguV$d1;TrrfJO!P)N=N+TbeWy7ULd>+Ri~yko2Fw1r?Z2yTO+(@@>4
zWSY|J=A^gKZ>r8p{Ry?fjUaSyg3Yyf4#;2awzrA#ZKO&E=s@Q~g8UPq04Bp-*%MAr
zp6wS`Xy6vIPZ+FHgrNikDkc?US@9|2dICPwx|m*C=k#E*8&pQjUvX`qO_HRY85wJ>
zqCGE6*Bq&Nu}ifyceKirX{J|f?YNA6yN^hFcP9vhetYMihbN2Z=4!7&Z>~-Yu=mF@
z(>5a%JPJRG6&CzGmP0_~%&_PyVCcA<el^!patvaVF7K%SXl-T=ZDcg2bNOt{VsjV^
zL=A;kp0Lwa14M@>c9)?WKTc+ORwhA$_vU*pvQb^%<#6fB&Jimm{*4nRXcY`*#o)LN
zx%f2~C*gsqFD0$<*`sC0oMB65K4TS_vQ1NmfQrm7iU&SC{WGGnHNv%Yy`S`Dw-R1z
z`0U|m$&gVPUWak(%xiR3lml7ECfr}H$X#=|QH-<;q-c0B{)eE0Epl<oLG(P$?{Xjm
zoj%R(0hZaQb*~lKX$?#wY}xzSzalbOLI|Gdud$hWm-~j}kyQe8mhtxRDy=LPuqmiY
zT26sm2mHzXhgj|o6|{e<(*jDlzM@j_Na}nkCux4TF^>2GlYAQf4+kF}Hus2~S7U!Y
z_6W23muLAxmrd6u(HY*CwRH1bO*TRtCg^u+YeV7`e!UEk34b=9s)fYO5)eTkbh}r+
z8&G`(aZAVZssAAOA6sSqqUa_47a{XGSC#61JdcJM+jGZ%nDwj;`6(+l@*Y%x!zaAZ
zU0>+i5t~pN=9k)Q9{0P)sK}3p5V@i1Gx$n=rO)gg>0ni4B{id{+`A`uhRVvqe6L6X
zjJziZ;vb?X3dLm`h`oAO%3H;U4TUtia8`8fc})VU>Kp01{RSpcoE+h5&2y-mbyb!g
zLV;+>-=Z1VwQhV9sM{`M!SW7jA?P310`~iT3ymTV(vksCqR^lSp>q<By<wT1Io{Lt
zQO&huH@kA7XDBJ~Mkxxyjd!xZL*F_%Q_H?Q8gCLo2edqDej@eu1?dut>#_(%`r|5b
zE1vO>g^SS9QodVUu)k#1aHWLsITPGl=TzrSv_aCIN(aYbEaiFAc@CL1y`TjCDFqe%
z4P~CY^W6m>!t~DOy^o=C7SWfAt*zdH^~LZ~-f@^UOf&2LjjO%JLph{s;DdtZFr4uJ
z3@>k{B(Jj?>(-2v8YfDpi6l|!!~e#cwJtGwHU4~%dZ4bJ;cVRydXE0sh}|TV2z6e*
z9-BQb_sxOeN*kggjHp~J*(&!+82Vu-rS7owXNh8qf*5edeboZ~<M}7zp&N!;UWYmV
z*d<SkXK0sLy*Ws#2+AP-nc}p&E&Qpx&f^&3rj4RL4J(g?I>Y0LKZq^0LE#wKmU0q*
zWFVbMH{6O|S&me=HL#k7POOj5f`_V(?ZFmxm2FaAbx+QGfK3>#e!Bo}JvvZ$rw_k7
zN}YLlX-J=Oub!0}P6*nwjwkvsHi%>fE5ZsTgTlB`rXmK-^=dP3;Dsp>kAMhv4Y7rk
z<PeF8FRiZs$78}}!6Qj?vMaZa-7Eq&E`zQ#fMc<~V~br_a4hQ30a^TXe;Fr;t}#~E
zQP*1GwKb-UuizmJyw<oi=k6c~i<7*Avgkq%aYl-!nEh)ncxpY+;IuciaLS@J24m``
zwjJY58pBEQ2BOMr#%c_NbaHhqKL}wf+C@q<G+6#qBj28TR_w`;Y;n-*2YWR5d-kuI
zs8PeGtYNFvd*H|}UpR>1Nj|0e><h7H#}`pUs1s_i*`&}92x8tRztTe5&fBvM=Y%~)
ztG^5-?BZTR6?jED@{MS}oS?<0wb(8jQ9d?KwjoJ;=xYh)F_#@HTqW^HjSa$yRvf$0
z+I*eW{P_Ce5ED1_n{TCQ7uMGg371*(c<}MU0iVHD(h>4n4}-hAskw9)mcmaB{VRCg
zi4g`zW;zk-yCKtV?@LLQ$vlS*OfVj2xPjDxt;;do9d;alYCF6)4EZat^IU5<rmJ+o
zOsr(5aPt#8q&EPKc*R|+rs{CT`6IAaa!7U1Ew6!6TTgC8HA9W-^hX4o&eh+@D);VZ
z$yK>>wQ(yXQ}40KD^9+0r#W~emws_-Itk}@+G6@5L+9%f1TVc6I9iSfK~;C2DY98v
za>bx;;D9agQ&HwzQ}kfIc|V8p({!k`)8whzy1ayHSJh<?Kd|e)UU!m7S0%`8)MN;y
zc~OT2k9fy0jWi23d3J{1l|4O;0Yj-M^@rJycq`x%6f75QYLC9B5J&jB^9qrH0cYhr
zow?4h@r`0ffidkR2pgsqeYo7x5}!U1<*fRQF6>ce_I+FdTe~A)Jq>>vl&s>^9!2QX
zfA+JR(*->N>|fMf!%*cerRr~<OjdJpkk#SO7>t!9o8OBYn6j?3GDgd+#|q_x?Izfd
z>|TG_60v`Cv#8vFe8x-<v-?)gQwv@6!=aY1KzSYzEuNp%SN#G`v+|;j8GtWi#@(&4
z?yw6Kxm}AZ2qsD7S@}Qi&sq>#=Ghx>g6o#8bFX9)%Tq*OkEjO@yA*t5P5IKwthxK~
zN$~~Yf;8nSmnGjV#ys*M!-I|pu4mejtySYx|JVxr-NSKNvYaluM*ZPLEL`x;{WiB{
zYY8PQRkuu|INU3ZOBe1M1BKJcF{D+gUBn{0`bA0H0#P(b0mQAgeYKx;=cJt$jP@5d
zls&d3)taEx-E!cOXXAO2%r#bRP>s8FK7CiDK?v0E`Lb+@B12X&#lDT+IdP%kGMQd0
z4_2&><n{?+pK{?5_fA0It+KwOg`!G$qYVt#-I^aJ7)=`sNht3=pvH4ReVBKSSb|Z9
z+3_%RgU*AGM9EkDr4dFZ)7S;K0ovmbe7--zQpfjJUsXv?7;T@2fiaxR)YNbR?TK}}
zqc_4;i|Bzt>?QkbPIO1uqAJ@GZsL%B<bKZ8FWH6kikog7*^4l^b(sZ$dk4zMnuyZl
z$@@t)o~>~RHC3Z@O}H3!3rKYjtnbETB(eH!_BnoJ**`liqMeq!L%OQpIiSiU@_p@9
zHIXg!%*Jj5MQ+Sar}Vbe`{fQ_@e9Scg9-y3y)+c}&?D4%-Nz%=(Zi8fLo`hzaq($o
zU0K1!U;_2TXvgD-hZ9tjCN<tnRqNuX>0y&dvGAkn|A-807CYZe4cd>X{X^REV2R>?
z;b5)L{VHia>=u7To`tbUhIZKa#_^D+QM_5t-7c<5HQL7!Oxl$!_g_JfzRfpTx4w`Z
zbt!wm^I_jjq9(r?J=@pRXYx$!!T$iP^|bgW2Ou`(9Ie;<LE~Dcr=m<=o?)t8iVp_t
zesXoI!j?T*qnIL)`4=h#yp9LFZTWOL@cEJM7XL?1F0vZ0C#1Jw%6II2jsOY9pXu2-
zztPGO>+v05$}P5`MhlMEc8Q<WJB~%74sYbGSn@&J34n*F%e%+zurQiCe1Gj5{uYM)
z?wnrJmHU?g>X9~R-uo{p9lmhVZ#497=#iQZ#UoPD0mn{mSH0YQZ^v(B_VwQXMrIX6
zxvZs?*6sXl%=hWxlPJf9gx|yYjrHDgFoJBs+*{ocxA0|8VIwSkt;-5!$H4)&5m&%F
z+pXj#67Lk6V{8fJ+YJB}ik$SZ+<#HzUmp*dUwTjb4*<N+z~o<8_8H*+GLZiXBL1Uk
zyY<MAm$$&yt>@dW{~6hx_y{}>KmNPWmDqzW+b{n&Nb~<^Gye-l^1po(7he^;ZE#RB
z+24OwsJ%_7!|pfL01T39*Ty}L?|V&n0kAw0%DSP`$%agSc7~@KhH%?h1cbQY+lhxm
zNlI3e#($sNsutNYTfA$0C;S$$EIESu7k}c1k1fk%Tv4BW3&@)kEG4%ePDP}!J*J=6
zsE!fh<=6|3|J9!o0BxttuV^#aIA=jYShPJ5?9Z=c!26${^oka1R*Et4sD-(4e{;pV
zfL7kb##Gp3DzzXASd`2gGW?$NUR=TOBxSNC;FGJg*G7Rr+=H)dfjcJ<SANpy(P*{e
z1|Ma&yY~M|&aV}ws6WOMb<9BSEi?;P*~bac7f{~Hm{qG9ewc#(EX!Qd(b3dRt{>pw
zIaAS1CT)0-k`g2_9(YF&TNr3z40jLatv)L&qnMV|PgUrwe=l%dFOu!<la44sV?+!M
zY7C(7OsXO@t9%jgeD&Y^RMaUu1puM^x-zwJw?-e6X*Ce_b8)o=azt9iNs+l*+VBuB
z?8lYjC}*+K=BK7`otnGHzeM^rvjiZ%+vu0!sOi8&3e3Hzi`{~ba%XSsz0ZbzH!GVh
zM1{a*>p%GnEQL&!&<x)$`y`IWys%j15CV=ysCCvYL%Rp%NaZIqOV?W<!z0gbnK76t
z+|PJfhA;{aY|;3=W+%4HDC@0*4lRr^et(;KC!ynh&=`T{SmV1u{YU+hQ0+7&Xbqe$
zyDtaqqUA5JR3D8GN$XL~4C>%f;>hRWK67dlC38df3-BeQPq5ct5+#98gtbSasf<-}
zLA?J+Nc`m@TRbE+g)bw64vGm}FwR|BH16ATRo*&vLNy37ET~{Lf@`*=MdZ<B50Q;l
z=X|Q;7yXHvyC56nP{tvG<1M+33b8!(z#9(0R#7J%VfvRyZ<TBrPJKJ274#zx`_^to
z(cgf;yO&VUxTw>x>LCnnQu9#ieX|ty>y*Bci**kDWpi6W{=gLP*a)*DRc2}jS9fI(
z^_*b+=cNBu$AH&zVN#LE%;WoTQj0^773G<xUkS#CWK6M_rk~T}=8@Xy>H`Z`ybW|H
zGX)a&{a`q^zrXrvT95L1_j*WoA4$mTJUx2U;cwflyVnqltmGr{5Xu?9fUEJm3KQ4C
z>jeI?<aRHAv{eFp{p@IUkGxWZG7I}vi=J0k(;(v3eq|es-gR#&mSc_6BDN>)cxg-}
zwllZ*Y)~M)G_TZ?W>}nra&+;_n`+Nz?(j>!vSYis<Jp(!yO1WecV}&f_6~iv&aEzs
z&d;TWSyzbVE+yC!!m>0e;>X&$&)?g$&T8%2OX(CF(k3C^kP8wP58je`uD0L9bU<uf
zGOq6<+LE{T*<skG@u@7AZQ*|TuhgO~z&|S}!fgwttO{JS$5-k6154p*6qhaTSW#6k
zcF_72XnW$xefG#FL>1^%@fEqT_~GzZ@k3=7N3|k69C~g9hB9->r^LoZ&{?a#!XNkb
z`l6`2S8~0lhJwRa(tF>$D9u9R_cK19)5$C|x=&6#zY1A!%L;RA_EEkxt~#>xn<H9I
z_MmtAo?Y*Dlvkmgoo#uPlx`mq!}NWa0g`q<p`mq{9^OzwTwz`Zs}3Xe<RT25**XhK
zZ$CQ%FIL=~5A3)$(s=dH2+Fix@>SdwkDGHccrWw8@TdqIxM}?oIwNICuPOI?roD{S
zr1?IlKR^CQ6P>;kZvxPsXfCT33&vC)TYM0g%yB^Xwq;yV-rJ2z`|7hJdSwSg*{SNu
zx8!!O+5YXtxZ5j-0r)N^0{2MN#9h3h65as(b5Hq!h90^qv>@I<d(bklyI}4`b`g?j
z@9fzM`!K(~hOZ66NV_j4iq<|*J`hp)z^}+pVWhGB&PEn<n!r(<<b12l4xC`;!RN&O
zvs;e_S?&BM{_Vy<0T^RieC<uuggF(Tn_M-!O{@c7<Gqh~ZVv{qx=*QT`~Uw%LH=*A
zmi|2q_P<a?-@UwZSsrziU+nK`Wx7(N(=X0f_UVd%OKp=1aPRn9^i+cMQK<VRgcK2n
z5*PRlEH@f+ip|A^|0ywl<mbV06fJQe%J~BD@tbPS)bEPdRNjfyT*=z4*P$R;Wr%)e
z!kv20^4&0|zKyVeL%0<)+=1Wa$_reoMarn49?3czlzD}00fCdAy56IT46STIZBF}B
zdK<DAGRa_Ds{U;S-nC=fIu-B@v14TS#rheby=kgA6A~Iu%S&dL<idaJl>_=U`wwoH
z`tK8M6LVJ2#_&dK!mTzMbZwl^j*K(s95FZaox)oE>dLM<p^j!=C;SS^TPMy)dM3gL
z)@5rQu{zb|qTws+s+z+Y>9tkd?Ir>H>Kimf?qrun>uVC-hR!4_M0BO+obp-DavEGI
zGp};T1OMDE7U`IX6$x$KfeZcW7fw?a1|Rl0HHy-wE<?6+0q;y#{{b-icz=cXJbJic
zQ2xBmF#svQ9r39vey*~SB<UoMfz#A*v{!KOq`3*<j&OZ;q_^=E@Yr_kyK}#s0ArkF
zfxhMlegfGCQh=?+Wh*S}P}Z^d`DS8c-^~~5mpTtPI%t71i)Q?bLwXCIAraZYo>%E(
zK`(#XspX1{9n0)BW(rWIW~mWha^Fk%3hj+mUhj<(h;MfScw(F_IxddCHUw+D+jS_0
zGc}=7?Cl3Xyq&i-Jr9vkemaC-ep%f55^pztI~DNIbj<phx>Q;)+mkK-Z^;v9dv-kf
zzE6u^-jvFTNCV3F3lDZ>j3@jyUAO3P7GPUUzU;9%^;cUsZ{)s1`B(h>NZt{M0kZXk
zUaX<j^^R-7JNYQ7n_`shE+VgJFc6oCI6K=L;1G6)GNF)gBz&XXgGs71Uzq5~Kz6x0
zb1q0ae>Ztw&~3W@D1qj<9GpNDp2Af(<@~mkPOq=31CX!Ejt_&x`Jj>r=TF$NQ2PYQ
zV})2L-=IU@#rGfHHN1922K;GA5Q?DU2|iaxr*LZpEM8B}Z?k%<fqwv|*JY_ivpHTx
z2m$>?@=$V5Ls_)?Dn!0)fkI$Fg06e~=I+Q#;!TC##8gdw26nxtY_?>=Sn%zTYH<*e
ztNFCu%7B20siNk{7d!ttaMkx-79r&AsfM7OGM{@V)I#f9ea6bLGB>pU{N3wehu;R?
z<~MWBCsQaN_8vaq$Vohy11ahkm~B%A@I<A@G_tZ{mV7T<^%75y4$@ZS{Z@$*renLu
zgOZp-`eIdoRm4<6dMdC%470E6IJka(mf-21sL<a$5v>eCUPj9n;I-kGlS;c7-?IpU
z7BMRVNkk|}DvXEO3;9o9XunLkP2eabY4S8`2h}vUJ63d;%K|J?J59d&Ys_ydlS;h*
zg#Yds5Ph185n*N8+3JYP<mv4F%_ZAgL#c_2_3r94*P5R)*VI~p!qx_C;IFJOH=J}d
zty1GD%%b2R>)c}CZzhR!d?%^#V%K(0mzO$ntUvu8>`%A<_Q!q~`|p#o{|klV|Dz}M
z|CgdzMKcd+Ei-lo635?|tSE1jqA6EzMzU3*hsrV@0KOZuQ|ua<tazVcRbD*Ea-4rp
z%Rir6aG>qV^o0OEz}`kqh(?oa*8Pt^Y%6{yqZfkL$?mPhhZELrBxJjgRW*nBe7)1%
z|Jf?hpItrx7$356=5;(%FP?Tux3Pt(&K8iqk>%De4=;b(?AN*8*H2waoZ%#`CUm9i
z>a-~&d<iLZ@05(9Uak0b(`<8GOFY!8y-x$xWlr8^3PtMa10tc!U0&l-Iu>nF?Wy^a
zITGR*MmOqbU#7I_M5K;=oPNF;EDVmgSD4>kYYQD{`5q(njIAaxGL^Vh&~bRJXu3CD
zR|W{r(x&UZJ&*-j9jM;sjh{OEt^vUKbL&`F*Ami7?&Abm$beb<ryCkAerJ$1daRK5
z?&{)ZCYARtG~NkjybAqpJ3=?#W}V2Eg3DDRVBs4p$XnSnXUsyayfckoPz^c?Qn%=7
zoM=-|j#D+pp_A2tCp4***JXs+>p%YXsw3nW+IZVjDNCx!X^b7r4*zs9vX6S=60{pd
zJL$FJn)?ao8?)XXihoHIU5@w1v7I#t!DLM~wO{Gpf&qSV30g~z&-)uA{-`0GrBc`j
z;T1dW%~~JT66c8?ho_<9>Jj9z1g*c%RfsPKE13!H@`_HK35%|`&woAXotfuP(J!_s
z2}(b|p%q6x;BeloA>4pqxtAO<IJkGfX%1X;xE^iUU}6?jUmYz|%TI4t({UTTW(IC_
z;z|skXAZ9QKag27;b=E;wYvx}&jn~QX5&b8M6-+4uiFWFHw~bHcb~4Dt^U>It|kos
z{G-RDUqhA!s(d2n{JB9UXsHa@eMZ4yTOC}^wN^BVRIN^uFYl#YnN?!n!tM{57(!gT
zIXu<kLoCX_kFReE%dSt5oz$-VwWt1W!#C$S>3Im-Sf}Qbw`eYw^u(j~z2BdHZzyr8
z(KVlBwflDXi%FN+)}QpHMSP2*URS?{-H7ILf!M4i)(H<&byH~gCiyO|1~_qAzi}u{
zk6i7xa;2+sdCoMOn<w`3`{3eec*^_<U)xE2^jz&@W0He9I8J8BDo;j<N$#%=pC7sB
z5b^2b9n@^$_tgDr;D*u#(s^<7fwm?0_Qf+YNi|O2r~Dkul&n+>o!V42AH1gM1WMDL
zO8@kCno6x(2AvEP4zPs96A-l_8~FPs$)r=>3q4%x@A3m`w%E}KzbE9?(F{vUMH(bl
zI|A7^Wiy98X#K%uphpEgS+DIq1O3VrJYmRhv+cg}Df!2|6&~{S;Iz3#WmkVE!QbwL
zIRAFVj_+#=p_RBMy=gD6hr07f<@`Hwqc9m0c$vCc`me(J<)=3<%y-y2o~9^bbe+?e
zKXGX(UXz8+BNi(6X`9yJ;ql!1K2f4reu6-q37L}r8by=+QRAj>%oscDfTb`lNq?bo
zj8*K77W&)G0utE2q!WLYv{JI^lPSojue-bhzQ-R)U!gl}osd8n)mI}b0~#BRNyYqM
zJ=S^c)w2<UFGHkMYOP>FG&@kel-a=Z!)KNj#Ri*1`LI}E@4GXy)=Qsdw={5yUOgC=
zMHzRr9^u8!pd8S0%FdryD47};+?Aw*6tO@H1Ilm_GM$Jl?DwbdiTQ9ZwmWsfTzr&2
z3X|1Dl?m1CijzUww3-12L^c$c2!!2KP!D-?sWFPfuD4L55pDC<x-BVAVp?imSm=Ef
zq}!T<jmTvcxuRhBQt^!cF_3efyHXWv?TE=pgXOPuOknPiS&s`Sa6Hu7d*~j;7fKJy
zq+AP<>?FR;3Gudke-Tq+dS?4h#NCfaULSPnS+VGl&97A-H3T^$f-i@Ui1wEWS*HH*
z53lHfaH4S>Bt>OxPO`@|*0)g%2dci6V}IV@UY$^{q}Z(IwHOLlXY3X)MsciGtjb=Q
zY8j%xifxqWa%O_&AQ83&E62drlS<SGSrsRzx?5EGlYt&cp-QlR%PJ#j+FkY6+C*JP
zSsP8V`B$QLtzt%6Kf&7sXioSjd1J1&*_<{Z_^RcW)HQ<68WY3b1D?flrmqi{n)#sf
z%HI8r=>IZflxi4*v@r%9Qubco^Hpo(O;HeB_{L;?W|62)?(O^#W7}Zkx$u&`{zJ8A
zVWM@n_xNn?SbH$Nd!hR`d)7Ta6uI+AfzQ&1MnU~xA0<=YRtEPYj%PlGc@|W+en02*
z*JSn1y0=qKQbko_77<^%dXHJ~zqqmNUfi2akNsRq77x+c-_^rb(Y|-Vw5}~y%ZKmZ
z#bw=;e$;`q-|gqZ=E|LE&7n5?c*yDo>LPtTpB0yK)+=R}Is3cp>YS8qP$em;)pxJd
zX^$?6G{8U>zbfiJu04BbcI^DM7t{=-J&-|c)9SXWUt&5IcV#=p-kh5-%F~>oo#fk8
zB_8bdnXeXlO7(0D`k$tv8USw0P@>+ZoGD6@u|601q1Vd$nC_sY>I!9H&qU|LDi6my
zmpm!{#c%`=NL58k&4PA}mDW}Q2O1Pc=hDOj{m($$U$Jryqi@V=8hRFk&Ljb9Ii_)U
zM%9u_ipcVH*I{Lgh-$MQE5ae(=KSJN_fLu95MhrhOkyzuczudk_g)6Y?BV)bpjGut
zn7S*u3tjdm{nO<(=}x!R{Og?g;mo_(Scl@JlHc}?qRrvgfQGpfUK|ZUTx2~z&32mh
z9Od>=#zLe1{Yl(8>WzNi&29=cCFogg+>yYg4`2aWN0sbd+vGQPOrr~f7<wkGrE^C$
zVDZy4zizhX1jHX4Rn1vt?y#r2?2XH~KF?D*X=rG5KJ!x0=YwAd=ALyqtTG+LFlk>!
z<v?jDd^Eyd`b^<uv%Vi?2P}2zPV(W97(NA+=G-kV)<90a$d3-pa^Y7iSvlE%ALU$e
zC1FC#iDP<*WxqZKX*wv==Gylcolr&lH?bGcE!&>Or{&WJvRqJ`CJU=&>pA8HJ@^kd
z?!3>=KHbH;ijdMUh^Vz{iApE6-V!>g!1Qi9EWZ#7^?%AcT0-@(7#OmkBwA!8IYnkE
zn>|@G+_>UEd%m7H-=E~)fC+keB=EVleO=MxxfQeWh5mW<TM5*;D_=m=LPCGVHR)>V
zyCsk^g`<o=q?Xzlk*(PEh^!4OtAf85YxS4);mRGFtzEwJg_JGlZ3*o>qr&0pq_bm9
zUw`kpo9gdT@|+xUO6l{V($Cg+`W^$%4z5zQeVX5Ha#m7LstF&LoqEf=J)r%8uxT`F
z<$x4rU92Bcc|79HzvQuneLq4}ci-xV=wBU3glD7oP9;@sZfqTxT^K(%sX`}A+P881
z`1{N<DsQ*>q|PDBlQaY1##uFfSk^|C%XhhY8|N-3G+)-nvpF4O;-Goe)tz6s6H4J&
z-Nt0(AZ5m454eHSwR_(HdxjFJZ0}!e(<&D6Ncvg{w2YiUh^Sw(aP-5NFDG8yB7fu+
z#N`hFqPLQPMMspajv=4jd$&9>Be+298ynj7+<>5-+&HJ^WO>8HacKsw3afTnpr`m)
z{#A9m?^S<vLT#A(2dT<L7i?!o$0!W>()xY;%*FZDJ)^LmREIj8dqHPH=aY#cx55cx
zq2CL&5Fcl3DQLu7`mG=3`q~7z3>pDT4uG5L_<ycT^P`qq53;H=1}h(jB^w6UCpJ3g
zhKUiqY`=#F&4+^>l&z2G7u(LNs5o6C)#(`n?an|-q!xl;2G);r2Md)1C$*L+*6^51
z$L^M+{OfDW7qYFcajQ!$A3UgF5f?s1*bd!Rn`eFtAvi6aYtM2~*0DML*wQ|z7KP!p
zY-;vZUw0#X_OQhiTU={}kmuyT;x3BU(Pq{XhSK(Ki@q@W|A3Ytw}|%J&3IJvzqxzy
zJ7A-54(~TM^B+j+(Z(HhP`g4$<E6b#M<DAr-?=gzb$S$j&t?~?+Iu>|%{hD5cpM&L
zIbxyA!EVoe>z<u!{9eAed07UQZnc^81ia(6tjl)BWkdJ97e72t*xSGS*Wdpk$?7>(
zj`$IwyuYaXzkrj1STX=Kp`p~YT_f^}s?`EFnz;Mpzlc-r5fx^^uHTWYyL0~quWi#e
z($|665x#Y;F!Fh;3G8e1SEK(RS<@h!g^VGI|8Bs0=VIKyHBUEq?)(ohCX#F69RBP-
z-trSKI{eHQYP$6t_WpP29_;vcKu28)8YjL^{CmZ6RZW#?=CkMa-rv_CKlSe0a#?>!
zRPNe1ihceSbXD7z2g_(r(d)w}U%;19^Zm#nCBE|q^-6rt98n8@&SH?!T_7wiH7KKM
z1*;}VwAXL^`B=qz^_ulrXPY9cv$N)+fKQJ=Tl2C8Vm@z$s3M;$p$3VcY3IOyj5YWb
zwdYu=XzK3SI%7N57=X3mWtJX_l^&QU+__i&KzSpee=)!))UW-N63V^^=YL7rq+Zdn
z$XzS>Qu)U%Ffp>_%@!(ndhYDbXl3G6@utm+eN|D^sMu8Gt@l&s_v2?areceqIO<xX
zGS?KCC~`=6!u^Eb8062Kev)waRJ6MD?(qUu8>n>_D*efg2_2WeYM$1fSAjn{1~*~R
z$wDBb{P!CAby&p71=g$k*_dvfr4GLOoCFqD6}sWI{)(?T9EZ~~+KY`3a^37%ARyP5
z>KPl@)$}8LseT#&l;NzJrM9%=(Y%EcuOv-O4eIIlmR`PiP6V*|GqZ@lv&!Ys9&dP~
z(~Fy3HYV{74f&qa%q0Oap)+;Qq4N8&DX`Tlf5zZ744-%*w+kcFd5?YXUH+exQJ=e9
zuP#>6OVg(%QBatk*EbXR74;F^xTq89Q_`!mKVLY6a4j|IQ9j8{9)?+zSnyr;DYL<~
z6)%+`o}PjB_&J?G;z+%%*IF<<_k>GFX6{0W^&#=>Df7!x+Ny3$b-Ex2ej(@B#bsm4
zlMc0XLs%V9N#n@m!EvUn4ip}H-1*w~7<opVhf<aAjMDeCz490IrEtQR92~wEf21N}
zp<{vlDI;62p|nS5<AP<u+?vPN)ba^Awbj{IYw};aggtD*%Rs3G;IZzVTOQ~v{>OZh
z`3)MzNC)9nYcCV-DogNZNQ~*as2;6W_Wo%dN0=swq}wd+V6IElDOj>!QcOtK4&^sU
zqivkXwO12!(}R1t`uCi1si!fxE2ukc<zI;gvX)iezx?Sd5QSsv8xjksQ$arS{Q_4^
zd(J)&uBLbm?=Q2m-~>bawBmch1$1M`=)^053{Mcd@Dza`{qu{yS2{SOW)L4$O6W72
zO7R&%W*wO|H+r4Sc_kTrf+{+`wHY|BVY83q2U-?BMQH^xrX)ST07uEEKI^gAjGD{(
zx7WJov+8bp)~cnw8oAE6A^8(<Ky~tvLy0vqxNdSre|_VNZu*51e0uk>Pd*CSr6;T-
zeu{wnM^IkoPG!-jY;5tuvU`(r%?k{<Kx(c)D1(x&e-av^X$3@Al4`$PoB>G(e?>VK
zw=I3jb0XRxmdxAL+(?FH-_&wSoL`(6S(#IT>2Oan!@M$ghcK0!E4@3#!p|ugB^Z#M
zQRf@}X!jMbmXS$F7@QVRK8*jksw{%_94X#Iz&#_36&IYcH7I`HF>nVQro0~wnNovj
z1=X<?O56l{+ecoQAX#y)xD^pU-w21U7iz$_gD)rt8)W{%WCRVo$V;h%yq&YS;Y3TR
zw>cr*IrMHUH~r*Ziu~YoAnND^(jB(JAk|C^&HUn4!5LwVWwG=RhQEzSKfd|3Vonqj
z*a7C`oP<AL@v#Vmb^!YlM-2CQ|0PZswuK^%>HQ13D%VLl`E4)!ZOMb&UDkbh1cy~3
z!`2DQCor<U4f;vq%_p%Mb2lKmP_<Lih(kud<!8;iEwNnh=$fjxbqF~}Cp)>f0?G&J
zN?&sCRvYAPsly3U?2$2X+wVifxzGCq;;QAakYttWc@z{>BrHb{b8N&L>%!MRf$;D3
zJ~$T$uYJ(odHJkrz?eZeulZuZ{)|%l61*Ty;gj6isb2xKNb&CW_cE(jVh--+ness%
zL*_SGl1nLSG7Ac$wL}zKES-*VA$@KOA^RM8yu6@LGbS+J__kQ-9WmlXbGH`J4{rG8
zBWtUeIcAbYHhFUbZxy-=tOd(2to0n-Y}n|1`N6B?e%|dD+I9S>5ij%`>b3h#+$4U_
zwYh)_w`LHS{$`Ndz=+-r-wed4`0}xZqD9qM!z{zzUF@_9s}uaoHud%pT=nTZb0<rt
zoPnJV29=k|-j@WP2&ZE`=NsCVYF76--KFMyNHfxyL(XWNdE8;c^r-;75!N}H$vYwf
z_H;eY!G{Fi#MsxBOkGW1#L7Ez=$h6G8((f{fXZ|sA;cMJe=CO06-KF^Q>)iE9I9dE
zu3vUHV(LeTMyLZN-Jsa5YmZNN#Wfs72V4nR%#S|h&ayY_e^+z^v1r{h$Ha1xcP0-6
z;r0Lcl;-DgE{oET0L8-!3XBK>H>#JfW9H-!SW$0DH^m`+u901@O&EC($>vBe?88zE
z&9btjZf(Vp+AN<ZUAJeP=xOC^B7WjHz9TkqbKn~T@(|<_n$drxhs)N51?;x&<1?un
zZ(^MIZ^_Y9nj8DP7Ex-0^n%w(cB<gs$b^oC7^AP6lL{CnMU3SnBR?uucURU0Qu-ws
zK*of3sY`oe{mB#C@^CRXb#iw?n5VYS*yLMKT4@d^PAVCaPdm{9K~$1LjY1{|e+GS<
z|Lh}MGWmJ0RmkqhfA*S<qVYdY_vwFZn`yp@=uGXQ?5rNHcJumtO4Z1=>dtb}wWOpM
z^|>6pM|E+fevK@1^$0?f{}%=~A`#h9Ovqt8#;0Fp5_naQs=NgcrI$GiG1a;WSEW4N
zJ3qd6J5T`_EU~-^8Sy4OsUKaxwSqL#kSRf1^fW4aky;1xtFx{Wa^T01vY_Dp;U_RA
z>u+h_-A<(+q{+wE)AvWLs5*@o`i(qENH2S8ssj$KZ`5Ctk7F$j*n@`9?9{j8X!y^C
zfS?{vwyrG2+(Se5(~=)YZoO7+ZSVlfKRg<Ioc~!b^>{%<DiGy$bGg%U0!k0@S%WN@
zcbSYJEyzp>N?)_{lYxigu)ykY!wa|hq@jC`n8JlHs6x=4V~DoOt5ld7BNW81!&>-B
zpZ0MkS?V~cD0K__#A4mNG5xiej_{5s@3rB!H)`oT5}>Q`hv-N>xt9AKIj@DS=N8Oi
z&Q!MCd3xRCUOh;`vZvbLAayJc>K{nHsC3ViE@AKMk@m81q121BP~Te~Jh^x-h8rM_
zF%kdXu}-lnv8EN?W8HhMN1cv1WGIhBN9;8--gGbhv7pEFRmefXrr*%ejkp&{7eG}@
z9$2-Y9)hTUPAEHUa%FCttCaVLf=(<w%IUE|4Q?)BnH;&t>HMZW^FT40h7A=C-nu7y
zo{dO=o==)p>v)*s-fbwxGL%$!o@C%NRBGrs_TKh28IY=SY@yS8>&!HG)~Y_l16<)l
z+%Z<;6{{@>F4lmMTxUjgIUNK7MsR^$*z+l0Tgk05(8RIs;N<#fgXJhx`<JaS_~Sll
z8b{l$WS=<TeoS)JPL+^lm#q74?C}%t2+u6a<iC8crjUuX!l@%6Pv(NHboFWi?$3XR
z4vwe|ETy+HCxMQyGtOHKjEeY{+ekzAK=TT_f}^>o4$n<4HQJd;<_@7m(|yWnNwQeQ
z!>E@%5*ud$X^*FVK;dFBceUoOnPoFlB~Y1#<?4XI#?=RCPQYaJ3r)nNYq)!FkhepZ
zXhyaABi{9NKA2-M)g3aH8*KDo_`~P6rJj*4ebwgr9=RngKbdstW)QqRNQRfwdi7Z$
zN>+jMnN-^|@$T`wX{idO*PO2|t`^YKl|{KJw1i<tbHa8VCJ`gn{Dqb8qw1C}&=S0V
zS;Rep-*5yGRO8sMI68I9v*1^B0m;JMXBsKFzygN!7j%&p3eB%1U8uI|SZrv~Cn6la
zbf4dwyLAszH_7jkZIE|9>?1NKxQq*TDjw8C(l233NSI)%<Qi(|PGVz5;%9XVq+b-p
zzuUmM*#-XaDOj9OlKc~aZMcFOCAlk;uzabm^o60PX8KMpgtp4cgxhNi_szs61C3Ib
zVlqhPW-@`6cw1#3>l?t60#1FVbj07~9~VvzuQ?Y4O(?%jC*I2%bh2_Hq}Kz}mIgY5
z7KhuQInk2AEv>^IC!UNYnM<tC$eqdkKe~I<aJJU>ZCFQbRdqsZtackpv8#rnD5{E@
z#T=??3Zdp96>4m&Xc20jr$oe<m_kw2Qu7c*f~qM<Oc7J!$^Px%|NZuUdY|Jxp5w{K
z`&d~kch<eGdtK*sp66vUqcO$i*R_>@ietMOVu7-yyT=GkbWo;J^sQ^<BOiR6yw3Qd
z7%(o!bF?Q6Z*$csb3}-#H@wW!Ye;_=*SohVfo{!$53*c#?tQ8pH>2yVsJM6Tk6-XW
zzCcwwNN4?L#Zn<3|8zD|Nto_k8UnU)&X{%xpTG3l%h0GtxmM#uADf>y$yY}LgVyw&
z38k$v4k@(nt2k7y)VXNZJPW&EEvCSK=R4cQHlDidzp7kdGF~-osBC{X-#FE~2i~pt
zxHy3=_$SufWOU?og%)HOJ2Q}A7_aLo3anu07vY-5ERu<a?tik3-0<y3)Ie~tZzsMm
z2O1Oi&@<CySa2lUMp-iDTUYKn!*Dd`&QZREEh;pt-}Seuy;R-g&jQUMuN@u?$1sPq
z9m(!cKY0x0#H%7(Uol0XN7)_uWo43Q?n(qEs=8()a@ATAa%H9sx>ncFXbvurm2N?6
zMo4tVc%Z`&c1H4g=^Hg0$N8q^>5uSt%>%uh<n7<t8`Cm+Bh!?2{WQBzmGIE-iTprY
zoP)0I?_G=1ml<!o6ohSqn!g_i|Jv`O(`HH$s8$ie<<S7wp#rU@mEB;)<0CF&%N=1P
z-Am}+3AFoh>aN}^+A$^Uz=`lwat|7vg!3G%BtZPW3Nx?}nj8K5Ons1BQY!NKxE*&C
z2TUbZWpPeXJ8V-4eIerY!Bu=&akE2<$?uECoIEVUYvUE=ngomaGw^HUreFgORiCDo
zrE`2$oX*}ZvVaJ-GRHO*4e;P@siFFLB+5vm=SH88+E=?g#Eiwd?JZ@#IrSg9n)l94
zUKR*nn?=ns_Y_FJn3jD!<|<Oc&pU|om!AD-)(_etsr7?h$?A1Iqc$CPS^9dbl7ds2
zCul??t@V@T3&YEtB{<c5O~HC*^baB-M=!x^ihcb31Hwd(t8|&EmX6x>Wc06`3Y<xi
z>amO5gR5rPUjpF%t$91(SVeNpT{RHkj}o{z_IBL5?0NlWG0!27J{|?V!VvqsT7n-+
zF`li<G3>@2U~uJOYtOsm;G4TJ)$FyL+5@=nAWB_cK>1FW0k}Bl6w&<mbUUbiOEUgI
zq(|pY7=1+<Su5XLJDuji4^WyumwX-)hCh7trfSxGZTpHU!BcQQSv|Vp^u%bnl_ap)
z7IBH*`C%;MKBQVTSJmFW@A+t;p1FW|y^A9=<%B`*oue7xN^lYcx}4U{G~?!ADM1%&
z-RA&TmW_&oJt6iWIRip&la$}BoRP>xO(jdkldK-qc~BRs+v+a0@RaQBLW7?^KCdw^
zvjJ}mVGox~X<;q^1YZ+>NXwJ>Ecr<`zw;_mzy5^FA4c4IHP;>S33e_c?@wVK96HD8
zNzotwGvu|BoLHR0A8{4=unQNTteTD#q%CdG?TS8LmBMODC)gAjE0nrg9~+JU(l2e|
zjyGldE=bSW?-x!ZDg#QLr(N%%I5TjJomJUADtY)2gV5;|X{tVE<JpQ}KQ&5$Ki3s7
z#9FFAy6;vW*OT@;ESYhyY;xo~sa`oI1m&K-<xM>Q)ll@~=$c}!+}04Q>|ejbak}e~
zP9^afB~Ik=E{k1nhaDjxgwDpJEIJgLTI#ljz^vAv$v^yK$%S7j536i)uORX;U`n}x
zXquh0IZoe3_KD%KvX+9Jn)1lh?R@7`cc_Drnj;FxAN`Jke`z@i1{vKckp$@WnCKtA
zOl9UIh}!wi-jvYN0P`8v%#zBmDOn7P;g9ruqfTN38P<O&&&|`YJ?WvFWBGh(6allo
z`sS~RruF-4)iu(*4r8HJo%kJd4}vXKp?~DtM_sSB<LB2D%q?O+D*fCl21FYe!?u`K
zPhx+Pu9ikaH)ev>IqY)tqE@@h*3^hP%~1x-hpeXhO%7jGS5y%72)9bk^G)&e@)&z5
zxWmz8KN#NJyt11J%<B8uPB;(>*&t$MCnX>3XG0I#81Fwc7aCf2-_JM6_(o%t3khOO
zaxXPr3DfL|{B&OT>4iE|>A_-Padjfc>*`shdiR`w4MJTcY^Svt8s^QqVmf^o`We4e
zm@__WSde0LX0c@!8}lB4aUCnD&XAkYU*#c^@9U2s1T1I`FX-e4s$KE4MqqO04o(GF
zfa!c>eWBOg9((wAU-~}!0CTr+Qu<L*?15U55T)NlccJ9NK-Kl?k5lX!1;!lc;ifqp
z9302hv`frCs9aRc$JOiD#|w-CGiMr&!G{-z1N8;R9mmPCw#np>&4d8meO!FgW_q+;
ze7Fq%S@)i01_*Z46oPikPsJVO+8tJ+`&IwQl;1;-TvxW?-bsZ>rvaLuGAP=%5mK(%
zzcpN4<n-TNRqf1%RyPIKJKf1Ne>GptVe;ImS89w+LEd<MO5g9W>^JGb0hsE3RWkXy
z=?Fw^G(~;A4v#z@)>B@|KM$MUGTjNG9Z{_mhbu-E-aO>%Zs6o2^3*uYQ}AZ!(fnwu
z)pPFj?|sDj5DvPJmJm}9&TnUxIim^RZJ9G=4<U=nHLaQ-%V@I!Z^0NoV~RwNM9i;8
zT|jy`!zWd(uksY%g2}Vh($)&~T(CKP!->Bcy%Fa3{%kA?x3`K;cK=K}5w6iC^>)}f
zJgoCQqR<>%X*9rFIl`%b+u+6&_4=`#rC}Q_)fwd%mourmUJ12KoEaMB&zKPQ1FeW)
zE1kUT=FZ@Mr73tqkD(-5$E$VK?fdaL!Lb%e4WOQpkc09oJoiO^&gA5f)MhWqsYCz<
zeR|>c<A{SHaVva{nWH^_fe?eSy9?ZAzA+rDl;lv?!@c61+ms#~9z)7Rn)k;tZA(`f
z<lQj*?5xzfT$ay5V93E+p^TQogel;pedO_w)mYqKT)Mua|KSP_^aRfhdw9_F{L*8N
zc>kl97vAhqC+iKdy-?sb+PrOgGVC~ZLOA~HBe^GzqEh~-$1NEFShG+;GOE9{8Tae>
z&F=9pDcJms!@@HHajANAK)cx>bnI9V_p_JNICTd5ro!%xPk2m1z-po`@d@Ok>&T_6
z3lDPHF5ulc_%0msSyGnA_igMjVH~=ll1)<$bi%)2V^3zzwS85VC02DKSPxtiv?nLU
zqV`azz}n}J%v-VERIeh)F;j@qA=1gR_Ud{D({k;HG5gn8N!GW{3pOO;Yyc-DwDGCm
z0CM>h%imm3)=O_p=DQR1)-Ow-PS@vjCQJNdSoZ`laq9K&Zq542SNHXyqyTIQBV%g@
zGAdiq?aK1FJ$0PS1VHCtEK9xeUzzaY<nHzei3kpFg)_dCym`ELCcHz$%sEpT``DDJ
zzIZHTQKc7tf~7j)zX0;bAK0re{s(HVy*jJ$hW`cgEG#S^{{u`#{wtLDfnhFWvn}2u
z6~F&dg;crzKj6l<GU2(_LrmB_Z<Z-H*_eC%U%Nb}VDg}({#40-0d3dlDHe$1e-Y;k
z(o_FJ<S!qWji%ZC%Up`KwLY}}uc#y1nhawRoHu_R<o+W@OE0-j$|?C@7Gt=k#ofv*
z67D_C>mPXj-}xoT!yo?#xBvf_?DQYm$k7k$M;d|g&rCE17$m?zF50u;teTp|&#w8g
z)tnq%F|r}+C$$Rx(h~#HgC$W0A>@p+jBj5PLykWiX9R1UB2XWTb}^;W=*M11p;=c8
zD^IZ)i7oU{wEK(SP(PeCOqFWf=Blq;Hhhxt55p<F(WE)k?^p|V^!^H(URLf{3ffAF
zpQ=}rE#FHA`yW&L%#{4L&rMVo4QQ{#ODENjsVr{7KqUAoq-;os;jxY@*)NpcnP=Ag
zR~OUD3j!<xE%19ujH7#N_NBqOZwk(D<J^*)+YH1IQF_gAixKhs{l%|O`wll$uxeqo
zyZoPYac&iMDoSF+0a2T<4EWGBXHx7R`qYwVT7uUsx;mNU{K-D`BTrerFRgSy)p$)e
zqwET$e=JFo9D}cPPNNM1mQpzScEEJE0-|8Oksg!-d#fwcf9z{zdc`PrD6db0G@bVR
zL)gf5l!+;UN$h}0T+O(Qe%{Cy0zVdJ4TED0!n8ON@yp+B$&j9f*1<o8zn7Vd<=J=&
zhwUD~%70CB@61+l4>je5nra-k#1Q>PQSF=0t@wr3<^J+C1gkW&@-iz%hptVb3DIeE
z^5wQqljz5V_QB?~H&tJAUq|un8B^4hbsf39ENnF#feR;Jq_O?x41AF`trzgE=sADo
zl87i`rx7`}y><4(3|iw(%*SD$V{9#T6(>6z$vFieME46wrWpNYHE+*fd3RNFyLM;(
zdi<9*n^HU1Rj-ODlT4VaLtvwteKXLKk1XlyoOy{fSzeN0uWB)XRRq{z_g7_C=WptY
z`@~39hYnY?><UW`4vy|$vAxANAK{WZZaAce>L1%Op-yjukmG<rcP4YD6Wxm~<xU*@
znlJSLrlbj+cEs=E#ODTnJwJ<oU3OTrV<kB{qQU^I{|1C)LqgBCmE7c-y5nKpV5!3h
z;=vp{H*RDak^}^c`z9*C(TF2^^<62i``AI5?dQc<v~5~=gj045EG5q$%E;^JB~K?h
z=m=+N9-U!%qNLO&xS35J@;!A32Rlg63H1iO$+it@!#|-bC;O&_#z-M?<ffX)jO-Ch
zr1VO8b4a~;R@<{m<tj_lwyAsBljeZ|p7~GpmCFrF#fK9F<;KpK&=S12fk8^;Zx5y?
zeu9(PszdScO8M2e6}6c0&#(`YV-&&AvDMo)VXV}q)@q1qGZk16b}Tsqihxx3NH#Y+
z@gR(Q1)B1UA;%(pW20l}@ZNhCv@tcW75F&XaGJ5=p!G#ZP24-Pj{{@;Ks5`26#lS}
zd4T>SA#t&y0O3g{<yf%!H?|g&1XeXRcGB(c*6vCTLJEOdj}VdMHp!g{;x48azN1hG
zez+5Abu{{5?1u`pHZFw3SnW63JjE*)N>&Q<eAaluiO_0Wl&(iV|F+&&&R6q(m&MPJ
z+&|HUSHlA(k1Q#|WOG=6$|%C_;CFz;Z^46aECgzx!cLgErked+w)fNlRf1Tz)EXf8
z$;>?ZyQIQjk+sq+muz6Zpz^HU)#k1_`;R(g?M}K_wwYeMc=N#0??meK?AxYpRg7oQ
zUi^FAo@KLYK(cr5#iK`SdJlT)LNgahbQji`RyF~?vi8D7km;+tCz<TSo_<Q~&*h1M
zqBpAF^aTrsM%2c?GCUbfHl_FK^BhHu$m8^Y+$(IF-LdUkbH!G~gWR1kL$YAm3Dn1t
zq^iNI(=JCGZf(l6NB3<X3=875nGtBk0Y3{Zjp;{&Elcl464u)V-AUb=egky3HgGzl
za$SG;W1!to=Pn<1N%jdvx{g$kAa~~?JWnKHd$Fy0BJ&!2N?Cm8p*)=-L~$ch7>`_V
z!`>nNGZ><;_3FTnj`6;^Zv2%?9^+dBv8!{ebgHVNt*Pxpj`KNf%9kujZO-UlwJR8j
z>|E#u==3+7l4kc|asrBzGInV%7zPt&RO*`#TT;!qIYYbV{jC*gM^J_$aBTV_;G+d+
z8@jS|O^1w4cSb-GMG)^mjos`_yicnO_>2)8zaCff0kPHr{4(rR5Zj2fPaIxO3G#Q(
z1)R@i8<?S_!MhOS=NU!U`i%%6GKC~(cbC-qEn0UPU>*jVnE>lu$2*gRX-d<_?Z1s)
z>^iluH&#jOBS*}7={i<4_hmHdnTEbF->T~N`*vR0S3hxabt^>={H?8&^SyT#LRsvT
zjip0B6#+LTN0$n!LTLT1g2e3)d#0eeaUhMDXSW0!9Y~%TLD+klt%$Ij;lSWwCgNc?
zJ0?;0E%XH`Cy;o>Bbnvf!!{m#rB+-@$kj0F%RXQGyoIZzVEa5BwZ9O4k?5v%Vy2%(
zsrVGeuhNb`jnONu&5S$S<nHa}tJJYo15Cfv=9FAm!P&5^z6V&A@Iq<cHo<iM!{W(`
zo3%xrv|XGpU1|BxzElu&?YBDpQaNq%0J3vx^##2*?prK8(Hj44j7@fDvW`?QgqNF7
zJ|hl=+Mo{HSHM4c=!*}zKNRSBpV;^hNwLz-6}vtUcx5pm?_pVy-dztk?mmp2nsTN#
zqk|h;@wPfhRI~bVOKq}s%1lK%C4SgUx*}@{j0vo;LFQPnQw;&@F>IOA*pe%1*G=Qx
zJ&lg>)(CQC6})p*gw&|OCAJc7Ls{VW1N6SkAZY}a2$dS>`B(6TKsnk}4c=$oj>|&A
zH{3&3YWv`0#jyu?bWV#gGq!(jRa)Ea3YkwPfSeN{>cX7%6!hxY#oeVG0`Yv}uv5oL
z=kgljHlZHBcpdjXl>r5&q1RdELCH>JcHUaSsg9yID%yI}Gb09UXNbV&_25*qMj2w?
zCmCTn_}vz9s@ZY`>32{B{~*0!_`oxlgCAq;uj~&fyheAsIaQoZyvCt|yR0A(V&s*3
z@A&7gr4^^uDzSS~G5v)MA;xwpZB=2Jn^tNYeIXzJcAkW=>by<Hs%URlAnO&YCfE+V
z^?6oh!-j`amrexjE3m=d<h>*1;QzW^=Q;Xuz}(dW#?`dl!}UShLhF2*pHZ9-c~;5$
zGdgGRd0$0c*gl8uPN1vFZ;q)D4^BDVAA(&gkLUhaIO1VN!gg}E?gnrAfc@=%^zp<(
zA6{*;sW13W_O;R3l*EVR;(>^9zTw2AP55a}6-^apbtkIFGg}|Bob-U8)X7o6!m@8`
z-X>_pcNk6nt>Zcas6Wcv#8U$5?4ED3uLX9KeUm+Xg;rlM4&rk2dCBA}aMh`r*aINB
zAP_{I`U=e+FDY%3WtSZ3N>B{5FD#0LW0deEB<#;jpruEqx#Sq3)M8Jbj~A7Y-EZV}
z{7kubrv3xiKNE>C=Y&;GKPE_>ThGnKHK;j(;6v#Pn!@2u1Xce;ZZCE4ieG3o`dtPv
zI2lhA7q>u0hoF6F_-c)9Xwp?ROqGot@Stg*u}#7W$C>B^+7g&79zPg_5Flxvr*M{i
z^y@|vs15!arWXQt8Oab|Lf7jpg@`X{j81ns6n}^GtR~?#4qMV8p$C@!zh}Y*A03BY
zmJ$|D9(EqM2{N1EU-kNeNV65oZF~)X+9qrKfVNlb>$=);CB!oc@~fwBwAevRv#6pM
z#M`lEIJ{?}I^M$HHCm>ZS(h|=N{45=1aCoADtDRRk+Utd7Ua@+P&K1`JUgyzm7jcm
zoFRYoN~7GlX?>Hy6Xb+7S_w|Ye_}iI@k%Or(_)laaWfJ!Q@kWY+@}%_g{-!@VpZ)A
zx%!8G0T&1^s&O<sfu3y^+ts99U9svJch{WOYAO%i1NCa_qRJ6%@Mc0YgPc0~r)2$H
z_8A>l4{BdBl^|oIsxvd0fDBCFIWu;ah3`r}$fH?KdPw|F#R!Mqbh~zRhVBO5avfjy
zHT32s+^lHMcqg4cur6d%YH!}?bp%ucmDv~f#$1_cwqo2gX68?y_9@!q-B2MXfLw*X
zmo5E)*}?=NW3z`vWi8^zuUFi51p-3{t0=$-LhFW@9Wn`*<3EzRF=%RD8eMPr5%H?{
z^I^TjRAN8;6)FUz(dj&dD9-R%;7mLCGPws-uCn@B+r1KRku%n5cyUyPGI{5flyGo%
zGX>iB<_<VJFqno%WkYNmYNpB;eghOL%xZ()z$)-tT;)a1xFdbTM}t6qcTUru>GwPv
z@R{k?`Ze4wN!`&IA|ai%Qm-4`R&;fH0mE(%%B8w;t7AbJc`divAfNP#&X>qag@(r#
z=FL#+Jet~<@&$l390}m8oZa<x{p>M;`ZHiZ#DYoOwQ#F|V(Rs=UQfr;IcmU_Pai32
zn2tAY;O9lCj~+DSQoUq#O=;f|-A?Q>Q2VI3vY6~@-6l9HOlGbihZNij`Bf%*tp>v$
z+azr&(#92nJxm<jE4mFIYiw@X>$@?$=?=ZOe_%t)@y?}3lle_c-&#kdRSG%<3xxZ>
zJjHwyd)w2<aj-`d5f`q}pGjx(Ib#n>1U)x-iMVo9EdkMZ6x%g?AXxW@b{jPQr5Dbk
zoptPl_TPLdjIz&b<eg5OY}D7t?Ugj84$pe?v`y1**!q+oOyhybT3UQgqYt~E&7Z(_
zO`v~?8ZV0x%d6ePD?ipIq%%H%$0){um&4RKISuV9Xt5WEW>GTWD#)uS%-z0(=TKZ~
z*ipvWu)W9tfL8&c601%}rYPCy!u@l9`0oM|9~@17);=INDA$<yK24DJjhP|_C6a5t
z!s?7hIs?23y&TYA&DPE)9ce!!1t@`|b!v|uQwZ~fV!xZT#rxf<7KP+c>dse2i03T5
zsm<LAT>E>(R73PZ&7H33nf7D__?{Kme+JAyTz_6_0o>`iei3!O>M)G>^SzJy*cy;+
z=X>onIWLRg`qq6e>LbyLp522L9xo<^<gXR>)!ZKuzuyh&eEfFBbK1RGU@j_2+!HmB
zqvEh0NRYR5tAG&AP0{Z#@m(5YsiB*j=-k4r=Re5ue7{>ShP)+D7B-UwUnhDhs}<5*
zTdZ^K?Q|K&+exisAB)L!pMJ&i_2%u!7LKna)}mCmC8DhR5~-2Kwdb;DU<^P!&DlXD
z>7@YN5Ql;n%T>N)=X2@nfp9c6*Y5?Kx_9kN<4Jq9EPU#lpz&{^&SA$^$)ybgIn!w_
z8p}NX<K9n_4%PJ=zV#dA<ckaMy5kJI%u52I>tR!{6u#Zg+17AF?=X3!@z&dSln4{y
z?J;gKmRk}xkD;$96VewX9x3L3-~swXDqp6|!R`qUSiOGz_1t*do9NUi&W1H>et3vA
zxu}XI`5LFDuv2fF&8N!w{Etr5=EaDP+q6u}{G2A>u!cXPF}zmv(R(d!ZWnwTuop*8
zv~;oJlr}LhHVCLy_-l2k%47}Mo7^%yl_h5P%VYw&juCms@I4L&Y_%uew7cVbxa-Gn
zA!X&c@O?#Z%XI8vpG3ZWO^^eLF^$<{m8>S!Ib@qe<K<{JebcbWh^mFco#{V);yHsl
zG<)3hh1*w+8kI_e<v6c$m%>_N;j3vDNb6m@>9U(%3EN6VqzM|A|N9na&&h*)^z2+@
z^kY%R8wIFa=w$C_JN>bGzH8$xrVws%??(I*RP;qX$m+**S#GB;B-wl_{hiq1)+e;k
z;i1g(nWoRm<8i$OyI?oW^Op5m8n<|3L$BA;tF2(w3ki^Ko85^O)b|-F4OZSR_IYQ?
zXC#6{*kQK!E#B*;xvf;ojUMgvz&E<D>eHe1SFhnnd&vnnM!b%0*8QjNK?M(v<j0Hk
zJchGws)2q^Wh+&Cv-%@K-`U%-_!PbRIa4=_hgqlphNd87N9B+Prp5}`<#9pm!0vb`
z1kku_E}8YWm8t2jo~XHb?_#}~$!gtft&{G11akL0`CQ(&`?~u9)u|}ka&|4k(i^Hp
z$WmOrQWY)y!?<fvYH6C8?I!gA!~jX!H9UuWfDL*pC)d51Tgqq=F<`HO3_(~Pw|*L;
z#KP>H{ns$_OOqL!$!5*_jc{h)1KEXM+)l0_!>B7cacps+cBk(se#)XSU&_1fe)F)T
zy$MVYHLkF2?%Ikx{-$yO-nTdynD}d5skqv6&8I|H;2QmYfxaH#_jQ<6o00F;G*<>n
z8L*Qm$xMi{Q_R}wPjw{P(oqW+pr<rtj)4*-_DfBN9#eN=fj?hTFJjf8_2?#+n|un0
z2DT<sg4YT<TdDHbQ!o*z33KNfTTIuh`xD!B;6@Qt(ou%(jPU6n$XLOyfy%#cBINGe
zw_@W)0*0<aQe?tf7!UlhyA9OToiHzstxhra8!Gm^XwQ*KB!Wt}n3oG#bYAzKBMtC_
z5FS61{XX)yN$(r8$qO1aUfXr;%+NX@bw-<vJOH$x@uBQ{;ma1(yi7Oe(c+UT<R4xb
zP*`><X{?~9U9=_<Q7~-d?A{-UfYnhr_-T-W@6RnuX2fLy0|`>n4O%9xJo$lXM~ik}
z^sNupZ^Z9;WG5iQ-g|n6>bizzmbh*dQb4=!T@Y6Fk)7j71FFLn_HpH&g(M}<ZEJc{
zzaW~=D0-{d-?lv2KMP{F%~i~w`LTxB%xhcGCJQf{mk&jLo=>i?2kFZx2WwB!300UN
zCzzzMHK#bhd||`EetEBKDq3Z<x)O3R%x3ty@xoPd=zXu^)CyurQa2LUvT5($znIjt
z2iL>W2;SaZ1osxB2Wz3GM;u^=XA3dC)v8;x&Uj#Z+81M&cdTeD=yk7@t-rEdcXA@;
z9?hwUUqW^sUvKi1a`Rf_b7M@Uee2LKISAk=E0ts{oic9vkCrE;1~j<4=8-lncwW2o
z^n|IMWF@8OH0`&D;U(a^rk#C-a(i4**Sc-~eXoRJJum&C(LXgxk}c5S1!s_P*VL;N
zv%;96feR-do)niiay))w2J<DA`oFY5Ar54jE>L<dpk=&0X~`NnCO;xRC^xp*boN7_
z+T!+i{n10;;()Z=<W|!bYXTGK^Gv_ZD@WC&0XGhw#9LL_0}SV*xLK}0yh(>XoK)J4
zGde0tI#|cQ5Ahsy5AhtmKvN#I#sDX8k=h}fOhFt<TP3>*hdjo<=ed9Pr@lK9it#_^
zUYKbr3>%z3OZ71S*-UCb^u$sO2^H5QoK1RQD->(tdMrAclsZ*$lM+9&fr?vBlDg8}
z&@FG&Z6GB^)*0X9SOhf!l2vvu0;!lv5D@t;sl?EKm9Lm4N-v|s44JaJ1QbpaGZ~7G
z$~lbk2aHPiU_a}^EXw(rh*xbn57SvC-o6D`yjnj93=A-7!L&_p9_p)%N#?hprLyw#
z$@iJ*goRE(x{%kIR-gE>g$nkJzkAj*S9twjW^<7Of#1O;n(HQU!2^!pV%btmimS<_
z<ngDNp!C~QvVk#p5zNdYW&EdPGl?PKux^X1Fs<n!Rag%tT$3kpqYidGg$-U)PCx`t
zcZ$aSDadnd{1*MqI-vNjLa0X42idheD1qKzJnnVTU#ULC`{1y7j%~GU&8U&4)g~YZ
z2<baXQ_X<i<n2Yw_bC(syOo0CB|LB+IS8#sA%*yQ&*qL?$R(#nX<x1Ta$8DG5+%+{
z&i;MBTLOOxCaBr{ZAo#CeCi7N{Jp6y_i$@V^dCg~VaA%$SCm`J*6u?Ux9O1(sm<pE
zYB(E-A$#kNcJ=9pvCuCCL$xlhzg7!nskE26t}{s+|ET@H)%EGx)!KBej{bFY+vb7+
z3p!?0&|qv-u4}ZSo1FxZj#OG^9>((WiB)|=aobrt0l!f8SCzAXe|h4wm#^pjTU21V
z#Q#5?cK$aI{1f&&nVZp<yCaMHj{jVqg|8Kj<k@$eOcOn^hv~x~-T%+%rJ0{jdjF38
zhYlZJ82_Jo$p4KN6;Y0i*GJwgKd!l(%C8(2>oAa!oYDai;@vRZ%9!D1=|6u+Y$D6W
zTZU^>Sc|r%*+YCP_#kv!-Yeq_!PUbm)1t!Cm{S_$(2!*yZqt+d&)w(aIr(?^o&J-Q
z>2FR9<Yl%7$&7KDSFwWQ?rrJQtR9oKpzbB>b7+4G5v$$iHA&V85R1w+D=~|C`;Q4$
zwC2US6AZw$L)!3y#pFg3*S_ht!NfdA=8|D=LLrv$m|QJB@LkuZQxnDf1)7(k;7Oh_
z2?!?4nvPIde|=hgTA-7`r~@G_IPo#F)sf&nw(Z=C;yt^<y7o4HWqH@<(zNMZ+u51^
zuT91Wt1I<8zip2Ler?i59M&VxgbWdmQH8!sK(1!W<WaX>T!lSu5F*w~8<-ZYg#zgV
zg;+uG!xowu6ymi+UON4l@l@1OdnzV4qjg#^S0?#Z+?P6cL$Sdeaz_QM=4`%vVY|d8
z@*0J%(iOef>9kt+)jcwL_64s;Rrh(gCEkZC2CT?CU|7TX=z{JGTUxOQG&nz}t@W*%
zP!szD5%=L}!{wgujMGor-$EKR1P3L{4nz~+<1I$i-x3Y?Aso|1_g7nf=CBufZOvTc
zG^^i@hFf>Vhs<yof?6?A)rb2S#Hi8XlpJCB=4p4x^kVYZT;_tVwOgkG>F@mg&!ID2
zM@)f*HgiX?=o?x6ER5ykDR+_#YXLvdLT#M?#<e;P2P2-|ykx%Ro-eBqlpkPa0@|qm
z>b{BrSG5atm&h5Et?Of)JSKzR>um$iN!?p)+Ye_$uaCAQsR_Z)9Ly4>#~4X$*vPF3
zGj$;G+?fQt;`!HRL2sv`tA4pl6v3RGxz0(Z#ONA!YPuHH`D=y#`i`X@)ksVqW$v_J
z2t0hi{oJrkBl2(>F6EG0dV$~xz(O)1iPZRJ?4mwxqEGPCS*m&G;BA9bK*eQIpfjGn
zXh_~ICH_q5joCHN^>oNpVk@vXDq3m_mR!3(4cUG#S_Bb%#@$kzNRtmQjAhBPk^eYy
z$^u*Tp3x^;TGkn^urqh)xlH(xd-iLG)86Z%({ni8pw38Y51_5YJnRx&#bytjVkBB0
zHKp;l5B_B612ZdDd}A)CO3EyjtC}~=`?}TpQntvMx|`)tMv<#V{`i?*n_MGEn6)48
zPG6Mt7<BNOXK3e+{?p<N_4RYyW^y|tV(N<L5)8{oHPQr^KfjIMuZ4cDzss{6fGXO3
ziOG?!Z&<uW^f|u7fi{TtL<NtqjvnbGPcPLp2Id}iXw-yth~Itz5pNt=ina&o*M#x1
zTsX&k0v~bLb+QZI`xH}a6w=WCux!iYpP8JJCrlkrIZj+QgUEA5L?$^v-ed-T)2c)2
zA-A~Y=`w+@;nIRe$yEyx@SO5uvp&LGc(cmhhbpJ(Pv+5on*ql?OJPqZFC(9b*Lh6I
ztRO5)u6ekagF~{}3+)3~*RKdaXPwNuFU^sBNohI3j-aq(dkK1}{IE-~Agy0Zb>Ihe
zPuOR7`nFx^b6lF0oUNKI|D)51{N@*y*;y%vbvViej9RgdotynsXaU%!1l4#veH)SK
zY+3xUkmhkI2tSWhrn@tl*8+6|9cZ=8++>ehDo`l&PsfXr;$+XvjOVVUiW2sw+=!RV
zgkge7Sp)VRHViDg45>-vgN~W&65n<6^ujE5Gkkosbx?A<oW{pNbZJ+mkA@~lnPE9O
zf_k-D4cZ|E#~*k=OguF+ayKozs;8_m0)R3&w!N+9Tdqk8)EuX*uZ86n|6IfJXK?Q~
zCNO|6W$0Odj1K&rmNus^GgL@e3|R0C%EdLTm|U3E%Cw!?dc=at-N~D&Hl5mN!u>st
zQuWY0_O`x$Z|OS@Li^}5Qx#m!g-!8HXB9zGU7pOrrecs3IIG<KwamYcHa&Q`+2dL(
z6tEO+T}g?I-(HaxoJ#cV3upy;Q-qLmHZU3~txY?%m6+U{vZdkncM$k>Z_3V6%t`ne
z!)6Z?5QG3yY!<0HgU_4t4ccSR^#tTbqQA@cEuM+k?NNWG`f}}sN(GpZrOw@SO7%Do
zVG>BkOMJGfOq^~nmwMB|?-A<>>EtC~O-5sA`<S-#Fbyj2P4q|J+Z?~w!)5$tJ-6G2
zwz)5jI9*}IN{5VzYsVm$%#p#j4%$-#2R-i?>s53_>$Z<B{q|!nkj;(=hyYl|>rU29
z<;QjKEUuRkOM~6f;eM=mV*3K8^`qs?Q72W>{H|7ABr)Hj$m^714Tf8ZL+J)hw=!E=
zbT!je^y0lA!29>s<hJx~U~%$d!FmV*P~tUxBOmVRw$KURDxsR90W>ua_lQ^YUO{FB
zgB9!YKv6yErgTM9-OaT`*TXTp(t)F-{*84GyHXFRK~0~H{ej6~8P81Gx_{|eye@fr
zN~CZY*p@PZ;2*jbVw9u&Ja8O6u;31oq6xXpqua5pBrP*7^fmo_n!gtSC<4F|vG&un
z&fl}mU5<ShK|#5n!!X{IE5J1vPng-^2`WcK1~%6;Q-beJLC2I3>!pKV`xGDrn{KU<
zO@%0z&bTxl5OZdUiRn-UXA7}qg+_}I)q28?5Bp$M74EL3$PQ0bs&}r-VdeXvU++0u
zD&R8{yA71@te(S8K9m#qu$!R+EI-Ty&dwU4zGGU_<8y4&!iuzqCDYnN2|k#pXf^37
z)tuJSg<`MPB3z_FSw~QBOsx3;Dg^6w`Nv4+UXZkkOjp~ScW>)u;c%B;6jSz9CTp1Z
zip%*yg){s0d*&UWeAyfKqO32=tCu6A4Vj$}W?n!8khYvk`%Y<w7hG25xn4^KLBQd3
zr;f-<l~zEke0x*EN4AlABx0~2TY0&+=))_|s_;)Cv*b(9yy72zvc_n{5ps7<)V=i_
zn0=vE*Jpr^0NeRN>($*W9;>~C@DRC)F+==S5b)>R!SJf8i49e@lup^5yd)mwDvstb
zM~VDoE>SI}oX_GcIBO|P{uln(ZJ=+;q3N=B5yz`LcH4_mube_VZl970^gkCi5YRlP
zvLx-llo`vVbZ@pOhR1!LBrgfvsC}GK`2lsDqcWVEY<o?>gMan4_!PP{^=ho0u(a*d
z)~8%eox57gbeFO0kv7cwX`LyZ%WWB3>g_}_cK~Gag0!C%3p=@4XhrnrDqnAh_3Iij
zzhU9g6Bb{+rY;k|PlQQ|HZBS5yY&DX_lP-vaYH!{Jl{MP{Ie74EGoX%ECp<Kg8<2T
z%}i0&H}~IX@EhGnCdr`Ev6%FoVzyu9loRm0Q?a)PPHq%9aFm=GLSv$*zD@o8M<$zO
zc*$bvpj&gB)z2q)mz#c=Q@|U$M}r*8`){OXmC{74{>~|_E<d5@(a2g@*X*ypr5H9j
z+U?zW2aMIpcqpS=h4fFi)1fu=Z+XcLgd%X1^^)eLD@tYo5ld+fnKM-Z?d_kMvbSX=
zB2TwKiJ0=Y*v?2d8atX-Oe|v9oY&(~8Hq2--tmN-rN|8*6X7Py>H@oW@z-~r0b5+B
zT3kmy0wpH+JOOLZohEOZk(JBn$iT+}0k;6<C8S0*a}#E13#op7T7CWUNN;mLN(1l!
zYl6S17a;?Rv(*Bu=Y?v0GhT?6GaD0RKVM({@tzxdiMI63oycG_PrCL-=<A@v2Oa7t
z2iM#)C&XPs5W!8?_!;hLV@)kIj}up}cxZxMIHU;d(!%mq*%#S3;5XS|4bGE8W@n2h
z-OU>YUiOKv<VFTY{GwPX&F0F+^-zEZ&wlpN0(L0h#YCHGE-MYe_5-sq&+7(4Q<B|R
z44w+?08ig4-4bJIHcGP&nR=EO#oBoxdvq?Z@-uI__F-PrJSv0cf7wG*xK6!(Chsr5
z6=`>1M^1W3b3YY>(A;2WlJN*Pb~@JBIFj^co+B2stUH?Dz)X&Y9>+>3l@}<CKg&iL
z;?ee(RzHSL)I&RUD=ipTjfd9}K_I8FduF%!&B`lh4&_7Ap1ys_Z+eE`C^$b*PwX=5
z9PadXC#$<e7O)%~L~x9*UHM+Z+O8xv7k|&`Ql*NA@Mv|HMiv0W7CmbO>(;FJogsex
z;UR%X@<z-i{Ibi~(}(U{mnuM&%qAFckCH8p3FN`6ztv=AaoP4UTt7pHbW=3ms`U<U
zzv<&ZY7eS|_2|3#XVlByKMoo^uY1?tz=D6=UEs0+S7hGN)(~jvrjmoBFm@$JbIb6`
zKzI2lF!W$z$<5OGC&HrRrd4uL_@?36#gAbH63Xpr$$vuzbsn-bicpl>;Q*jF!!@R+
z_IX2*Jx8^;&(m@7{dbJ1)9XQ<x?Qz}4DgB`1S>x4rhY?AtfI&JkAD#OoOE?PzFnsM
zGBH&_qFw2Za?OV<&&YUI@aI$NZhn7uCa#DpZcP;jgEw18v->zyPP1m)7fY|l)wNTO
z!~;8CSSwE&eZf>^@<h;2;eViO%Qd-*Cu4gMCZwWl%MHA>V19Qmuj0d5wbS|NVsn7(
z8g&yNyBG$og4J6Yux;ow^<jt4^|R*M1nB{kIZ+Q2!|#960&<|1Y{bqJsHlfQ98qe9
zZAeIJ@xXq1Si!wee@exxS}sj4jYH0_pFhz~>{ZDQ-<cbWiF9~uq?GA92Y5dc(><d5
zDKVUyta?ELxr=xaYmwg{WkHydJk|x>t(%Y7@U@eBo%f>3$Zb6&l9+m`-9IQEpr_i^
z$Cj#`67Y47-zqwGHg6ko>!Nnd>PEm1#q$L1B%HuTZ*JZ9Hh!2O$;TQfZPt{m^RQmL
zA9^lfig<51TA`ElUAu<)r5CThceDsbnCby!%1Cb}juIjY0<z{UC<zw{v7FGv(e1zU
zO%Ctvqio20RodqIG>p)cQ&7Q=@uk0{&rnw0C1jZx_Ux@YMh?6PDg_f~!^kF)KG3;X
z2gL35=+4pIiWSUpRR=`~n(L%DXa(fbK<Pd4_cFBh8XwAdA4QB!&u!RH(u_l2Obb7i
z(D3NO*LXiqBOkZoR6EL#RxN3*bwBaGyC6U4<=w@V&l`tIaWVVZPXX{8o?B_H`^J{t
zmg<LdvYfoxX-#Y2n0|HHJwA{cp}X5xS5ijB``rN8PK1-oHzo1~H1Z{cJF8Qp)`Fc+
z?AATov&E>n;wq7I?dXrxlc5hiRG7VcE=M3Q_#5?2MR;9~lC<T`<i6)fd%yO0)fIl(
zzLPG9^euS}y>S5*^M#Y!?hulHuVOo+(NMszG2tV}>BwM%r~Ct_S-Y+LpqzfXFz+P`
z#`d<R=JG9BYnT(a#+_5k>Oy^}ghx9c%F;v>U#0J!4E?JEG)PozQCb%|Hx*in)}umB
zGP#DouxB~=rqd_#GmeW?oP#*`237TF#G0JC2W2O-u>(59pL>6j?AfOvxvzX8exS~V
zep62BxkULEVed5KC@Oli#5I}txbk5XrB*D0_5@@DY7^bPR}589_1^fImiLXQSXSyO
zTJPAfxB^L;`TO8!-9R}`=ZlR9ka9rwb-}0hT~lSbq@TkSsw$6-_7_I<p4O@h?R(a>
zo2J!<;x)mqn=cm$l#fLs6&41M%CH75RTT=a93chp*B=aM+NKB*?I`Nw>2im+#IR`(
zYQlODI4ly(zS`BKIr33y`s7yb#xAD)vOs|3X`6D7*KU7Fe2#B1cpY#?Xky$&2tV#5
zgww#NR3dR_Go801NP}p0MM-bf0-l+rdN+NXGd0iTsl>`f>PtR5f=o@+ZGw{Rr!obZ
zf(QIG%Tw2zJYD~ek{bKmsy*`99Q)X%RP#$-k@WT@@X^u|P^lY@XcV#A(og9vmmOR;
zd`9m?s}(M}3417&@ozZP1@_l56_j+tNBO%e@W!XXzw(|C&Qcx|E)~)7#=5DzMDC_X
zx+EFTAHijThre`rO)-*wZnshV{$GsB0ek)dnXyv6*Xl=5YtN4DupU->3wh5|Xgj@f
zvZ96JgOdkYuY`|$)EGM9Rk(Z9?duGs{kM<Sz1OL~S{5~zedi-a_Y7sq_b&^i&~<`E
z{Cv7}UueGVw>#C$XSi{*j`r@@8bGQ%;n}8bSBvBApoJw6@so$Dy-CM8&j|7qo`L+U
zd$Rex22T5g8ykktzbvC{1`{<7z!VhGVJ3g~Xj+EcEWf_}hgJv7%Y4GJKXX6qAtNZK
zYIUZhE$b6?!UK?i1Xj#c!>A2>#n#*HG<JXx^mct`h0$HNpf771v-3*+uLj4*;YP9k
zH=J-66E3zmB=WaPA;d!q!@56~K+^7BXsb)2o?TDiEKouD4Rn>v2&pX1DC}g}PORrb
zo9A!m*gX5@dvYs3PuJV1$zABdvV-C$<B2+E_l>EePGkaK)Oz0ahbBg(OjLwd<pmgN
z@`U*~wtF#k(9!x!Pn}Ycg}5VY$=qD&r)p+9EM3<6eRka%<OL5QDC3I!$JU=})mN1V
z8uK>o3OO;(H-BiL7SdQT`+XZK94y*~Ijk>OszuLz<$B@EBPCg7?FKe-QdF=kL+6zC
zc}i?bn#y$cif~E=3x?Nn`y8>j3cruuzcq;pxrublGty@ErvCH5E<8Jn+%z!s>WIM}
zx^(?0fyi=Q<V?l2dn{*+2ZvyQQ1tM0)<rI;epSNs3w7MMi{@aX`5Z@^wsx85V#Ub>
zz!_V+J&sRw_YVT2&Vy&>ds`B6d`fBVw{Sse3LnN(sU?1Z&sc+8zYV!KO>h(2UhyZE
z>q<->^N(xe{Q=;fr>Gq{Q4NRsHy~}mLq6@o3$nxK;ZX+)r_L~Z?ziTNdzi27+oh+Z
z34ev^6opA>a;xSm#!lxnZd`zE94I_bp<k!hCnBxcSuULYA6I&#Gd%x*ewVNPZvb5X
z4?o3!O<7D!`nJ3OnKR47H((pNt?n9W!;>3cnVA0vB~I>5{de>~W+W`yykI8ro%y-{
e|7tiHzH@v>l?@<6lH>p9KpicECzTp6BK{YFzb*d&

literal 0
HcmV?d00001

diff --git a/terraform/gitlab/ci-templates/k8s-cluster/.gitlab-ci.yml b/terraform/gitlab/ci-templates/k8s-cluster/.gitlab-ci.yml
index bc807505a..b4546930a 100644
--- a/terraform/gitlab/ci-templates/k8s-cluster/.gitlab-ci.yml
+++ b/terraform/gitlab/ci-templates/k8s-cluster/.gitlab-ci.yml
@@ -38,6 +38,7 @@ variables:
   K8S_TEMPLATE_PATH: terraform/k8s
   TMP_TEMPLATES_DIR: /tmp/iac-templates
   TMP_GIT_REPO: /tmp/git-iac-templates
+  GIT_SUBMODULE_STRATEGY: none
   IGNORE_TF_DEPRECATION_WARNING: true
   KUBE_IN_CLUSTER_CONFIG: true
   VAULT_ADDR: http://vault-active.vault.svc.cluster.local:8200
@@ -57,13 +58,18 @@ cache:
 
 .source:
   script:
+    - export VAULT_TOKEN="$(vault write -field=token auth/${VAULT_AUTH_PATH}/login role=$VAULT_AUTH_ROLE jwt=$VAULT_ID_TOKEN)"
+    - export GIT_CREDENTIALS="$(vault kv get -field=credentials ${KV_SECRET_PATH}/git)"
+    - if [ "$GIT_CREDENTIALS" != "" ]; then echo "$GIT_CREDENTIALS" | tr ' ' '\n' > ~/.gitcredentials.store; fi
+    - git config --global credential.helper 'store --file ~/.gitcredentials.store'
+    - git submodule sync --recursive
+    - git submodule update --init --recursive
     - source $(which gitlab-terraform)
     - .gitlab/scripts/config-merge.sh
     - yq eval '.' $CONFIG_PATH/cluster-config.yaml -o=json > cluster-config.json
     - yq eval '.' $CONFIG_PATH/addons-vars.yaml -o=json > addons-vars.yaml
     - for var in $(jq -r 'to_entries[] | "\(.key)=\(.value)\n"' ./cluster-config.json); do export $var; done
     - for var in $(jq -r 'to_entries[] | "\(.key)=\(.value)\n"' ./addons-vars.yaml); do export $var; done
-    - export VAULT_TOKEN="$(vault write -field=token auth/${VAULT_AUTH_PATH}/login role=$VAULT_AUTH_ROLE jwt=$VAULT_ID_TOKEN)"
     - export ENV_VAULT_TOKEN="$(vault kv get -field=value ${KV_SECRET_PATH}/${CI_PROJECT_NAME}/env_token)"
     - export $cloud_platform_client_secret_name="$(vault kv get -field=value ${KV_SECRET_PATH}/${CI_PROJECT_NAME}/cloud_platform_client_secret)"
     - export GITLAB_CI_PAT="$(vault kv get -field=value ${KV_SECRET_PATH}/gitlab/gitlab_ci_pat)"
@@ -71,8 +77,7 @@ cache:
     - export NETBIRD_K8S_SETUP_KEY="$(vault kv get -field=value ${KV_SECRET_PATH}/${CI_PROJECT_NAME}/netbird_k8s_setup_key)"
     - export KUBERNETES_OIDC_CLIENT_ID="$(vault kv get -field=value ${KV_SECRET_PATH}/${CI_PROJECT_NAME}/kubernetes_oidc_client_id)"
     - source setcivars.sh
-    - echo "https://${PRIVATE_REPO_USER}:${PRIVATE_REPO_TOKEN}@${PRIVATE_REPO}" > ~/.gitcredentials.store
-    - git config --global credential.helper 'store --file ~/.gitcredentials.store'
+    - echo "https://${PRIVATE_REPO_USER}:${PRIVATE_REPO_TOKEN}@${PRIVATE_REPO}" >> ~/.gitcredentials.store
     - git config --global advice.detachedHead false
     - source set-ansible-destroy-preq-vars.sh
     - export TERRAGRUNT_EXCLUDE_DIR="/dev/null"
@@ -234,7 +239,7 @@ refresh-deploy-infra:
   script:
     - !reference [.source, script]
     - .gitlab/scripts/refresh-repo.sh $cluster_name $TMP_GIT_REPO $TMP_TEMPLATES_DIR $GITLAB_CI_PAT $iac_terraform_modules_tag
-    - git checkout "$CI_COMMIT_REF_NAME" && git pull --recurse-submodules
+    - git checkout "$CI_COMMIT_REF_NAME" && git pull
     - !reference [.source, script]
     - terragrunt run-all apply --terragrunt-non-interactive -input=false
     - .gitlab/scripts/pushtorepo.sh $CI_PROJECT_PATH $CI_SERVER_HOST $CI_COMMIT_REF_NAME $GITOPS_BUILD_OUTPUT_DIR $GITLAB_CI_PAT $ARGO_CD_ROOT_APP_PATH
diff --git a/terraform/gitops/generate-files/templates/mcm/values-mcm.yaml.tpl b/terraform/gitops/generate-files/templates/mcm/values-mcm.yaml.tpl
index 972f64b23..afba1da6f 100644
--- a/terraform/gitops/generate-files/templates/mcm/values-mcm.yaml.tpl
+++ b/terraform/gitops/generate-files/templates/mcm/values-mcm.yaml.tpl
@@ -10,7 +10,7 @@ db:
 api:
   image:
     name: ghcr.io/pm4ml/connection-manager-api
-    version: v2.1.0
+    version: v2.4.0
   url: https://${mcm_fqdn}
   extraTLS:
     rootCert:
@@ -76,6 +76,8 @@ ui:
     clientId: ${oauth_key}
     clientSecretName: ${oauth_secret_secret}
     clientSecretKey: ${oauth_secret_secret_key}
+  image:
+    version: 1.8.4
 
 ingress:
 %{ if istio_create_ingress_gateways ~}
diff --git a/terraform/gitops/generate-files/templates/pm4ml/values-pm4ml.yaml.tpl b/terraform/gitops/generate-files/templates/pm4ml/values-pm4ml.yaml.tpl
index d5f654134..c19fc9a31 100644
--- a/terraform/gitops/generate-files/templates/pm4ml/values-pm4ml.yaml.tpl
+++ b/terraform/gitops/generate-files/templates/pm4ml/values-pm4ml.yaml.tpl
@@ -129,7 +129,7 @@ scheme-adapter:
       DFSP_ID: *dfspId
       CACHE_URL: redis://${redis_host}:${redis_port}
       AUTO_ACCEPT_QUOTES: false
-      AUTO_ACCEPT_PARTY: false
+      AUTO_ACCEPT_PARTY: ${auto_accept_party}
       AUTO_ACCEPT_R2P_PARTY: false
       AUTO_ACCEPT_R2P_BUSINESS_QUOTES: false
       AUTO_ACCEPT_R2P_DEVICE_OTP: false
diff --git a/terraform/gitops/pm4ml/pm4ml.tf b/terraform/gitops/pm4ml/pm4ml.tf
index e06d894aa..b805ca38f 100644
--- a/terraform/gitops/pm4ml/pm4ml.tf
+++ b/terraform/gitops/pm4ml/pm4ml.tf
@@ -63,6 +63,7 @@ module "generate_pm4ml_files" {
     pm4ml_external_switch_client_secret_vault_value = "value"
     istio_external_gateway_name                     = var.istio_external_gateway_name
     cert_man_vault_cluster_issuer_name              = var.cert_man_vault_cluster_issuer_name
+    auto_accept_party                               = each.value.auto_accept_party
     enable_sdk_bulk_transaction_support             = each.value.enable_sdk_bulk_transaction_support
     kafka_host                                      = "kafka"
     kafka_port                                      = "9092"
@@ -233,6 +234,11 @@ variable "pm4ml_external_switch_client_secret" {
   default     = "pm4ml-external-switch-client-secret"
 }
 
+variable "auto_accept_party" {
+  type        = bool
+  description = "auto_accept_party"
+  default     = false
+}
 variable "enable_sdk_bulk_transaction_support" {
   type        = bool
   description = "enable_sdk_bulk_transaction_support"
diff --git a/terraform/k8s/default-config/cluster-config.yaml b/terraform/k8s/default-config/cluster-config.yaml
index 67e0539ee..1606bbeca 100644
--- a/terraform/k8s/default-config/cluster-config.yaml
+++ b/terraform/k8s/default-config/cluster-config.yaml
@@ -8,8 +8,8 @@ cloud_platform_client_secret_name: AWS_SECRET_ACCESS_KEY
 k8s_cluster_module: base-k8s
 cloud_region: eu-west-1
 k8s_cluster_type: microk8s
-ansible_collection_tag: v5.3.9-rc01
-iac_terraform_modules_tag: v5.3.9-rc02
+ansible_collection_tag: v5.4.0-rc2
+iac_terraform_modules_tag: v5.4.0-rc2
 letsencrypt_email: test@mojalabs.io
 dns_zone_force_destroy: true
 longhorn_backup_object_store_destroy: true
diff --git a/terraform/k8s/default-config/mojaloop-vars.yaml b/terraform/k8s/default-config/mojaloop-vars.yaml
index ba8599513..cbfa03602 100644
--- a/terraform/k8s/default-config/mojaloop-vars.yaml
+++ b/terraform/k8s/default-config/mojaloop-vars.yaml
@@ -1,6 +1,6 @@
 bulk_enabled: false
 third_party_enabled: false
-mcm_chart_version: 1.1.0
+mcm_chart_version: 1.2.4
 mojaloop_chart_version: 16.0.0
 ttk_testcases_tag: 16.1.0
 currency: ${currency}
diff --git a/terraform/k8s/default-config/pm4ml-vars.yaml b/terraform/k8s/default-config/pm4ml-vars.yaml
index d736644a9..977d12353 100644
--- a/terraform/k8s/default-config/pm4ml-vars.yaml
+++ b/terraform/k8s/default-config/pm4ml-vars.yaml
@@ -6,6 +6,7 @@ pm4ml_external_switch_oidc_token_route: realms/dfsps/protocol/openid-connect/tok
 pm4ml_external_switch_client_secret_vault_path: "mcmdev_client_secret"
 pm4ml_ttk_enabled: true
 ttk_testcases_tag: v16.1.0
+auto_accept_party: false
 enable_sdk_bulk_transaction_support: false
 opentelemetry_enabled: false
 opentelemetry_namespace_filtering_enable: false