From 6172407d4f1803b979ab10bb91f15fbb83fc5404 Mon Sep 17 00:00:00 2001
From: Matthew Titmus <matthew.titmus@gmail.com>
Date: Thu, 8 Jul 2021 15:56:49 -0400
Subject: [PATCH 01/21] v0.8.0-alpha.2

---
 version/version.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version/version.go b/version/version.go
index d38de25..b2f3cd0 100644
--- a/version/version.go
+++ b/version/version.go
@@ -18,5 +18,5 @@ package version
 
 const (
 	// Version is the current version of Gort
-	Version = "0.8.0-alpha.1"
+	Version = "0.8.0-alpha.2"
 )

From 423b6ce071d594d261b2c9db61a217730ce21547 Mon Sep 17 00:00:00 2001
From: Matthew Titmus <matthew.titmus@gmail.com>
Date: Thu, 8 Jul 2021 16:19:52 -0400
Subject: [PATCH 02/21] Close transaction

---
 dataaccess/postgres/bundle-access.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/dataaccess/postgres/bundle-access.go b/dataaccess/postgres/bundle-access.go
index 2d3bf11..504abbc 100644
--- a/dataaccess/postgres/bundle-access.go
+++ b/dataaccess/postgres/bundle-access.go
@@ -465,6 +465,12 @@ func (da PostgresDataAccess) BundleUpdate(ctx context.Context, bundle data.Bundl
 		return err
 	}
 
+	err = tx.Commit()
+	if err != nil {
+		tx.Rollback()
+		return gerr.Wrap(errs.ErrDataAccess, err)
+	}
+
 	return nil
 }
 

From 3616bbb098823b1823b4651b432871c330d75fc2 Mon Sep 17 00:00:00 2001
From: Matthew Titmus <matthew.titmus@gmail.com>
Date: Fri, 9 Jul 2021 14:21:26 -0400
Subject: [PATCH 03/21] Significant expansion of DAL functions to fill some
 identified gaps

---
 data/rest/group-data.go                   |   1 +
 data/rest/role-data.go                    |  17 +-
 dataaccess/dataaccess.go                  |  20 +-
 dataaccess/memory/bundle-access.go        |   2 +-
 dataaccess/memory/bundle-access_test.go   |   6 +-
 dataaccess/memory/group-access.go         | 228 ++++++++--------
 dataaccess/memory/group-access_test.go    | 189 +++++++++----
 dataaccess/memory/memory-data-access.go   |  18 +-
 dataaccess/memory/role-access.go          | 113 +++++---
 dataaccess/memory/role-access_test.go     | 197 +++++++++++++-
 dataaccess/memory/user-access.go          | 114 +++++---
 dataaccess/memory/user-access_test.go     |  17 +-
 dataaccess/postgres/bundle-access.go      | 112 ++++----
 dataaccess/postgres/bundle-access_test.go |   6 +-
 dataaccess/postgres/group-access.go       | 314 ++++++++++++----------
 dataaccess/postgres/group-access_test.go  | 189 +++++++++----
 dataaccess/postgres/role-access.go        | 291 +++++++++++++-------
 dataaccess/postgres/role-access_test.go   | 197 +++++++++++++-
 dataaccess/postgres/user-access.go        | 304 ++++++++++++---------
 dataaccess/postgres/user-access_test.go   |  17 +-
 20 files changed, 1591 insertions(+), 761 deletions(-)

diff --git a/data/rest/group-data.go b/data/rest/group-data.go
index 8a7dd29..fa6d928 100644
--- a/data/rest/group-data.go
+++ b/data/rest/group-data.go
@@ -20,5 +20,6 @@ package rest
 // Gort controller's REST service.
 type Group struct {
 	Name  string `json:"name,omitempty"`
+	Roles []Role `json:"roles,omitempty"`
 	Users []User `json:"users,omitempty"`
 }
diff --git a/data/rest/role-data.go b/data/rest/role-data.go
index 1ef3e7a..34b54ec 100644
--- a/data/rest/role-data.go
+++ b/data/rest/role-data.go
@@ -21,6 +21,7 @@ import "fmt"
 type Role struct {
 	Name        string
 	Permissions []RolePermission
+	Groups      []Group
 }
 
 type RolePermission struct {
@@ -28,6 +29,18 @@ type RolePermission struct {
 	Permission string
 }
 
-func (r RolePermission) String() string {
-	return fmt.Sprintf("%s:%s", r.BundleName, r.Permission)
+func (p RolePermission) String() string {
+	return fmt.Sprintf("%s:%s", p.BundleName, p.Permission)
+}
+
+type RolePermissionList []RolePermission
+
+func (l RolePermissionList) Strings() []string {
+	s := make([]string, len(l))
+
+	for i, p := range l {
+		s[i] = p.String()
+	}
+
+	return s
 }
diff --git a/dataaccess/dataaccess.go b/dataaccess/dataaccess.go
index 9de554f..bc014ae 100644
--- a/dataaccess/dataaccess.go
+++ b/dataaccess/dataaccess.go
@@ -45,33 +45,36 @@ type DataAccess interface {
 	BundleExists(ctx context.Context, name string, version string) (bool, error)
 	BundleGet(ctx context.Context, name string, version string) (data.Bundle, error)
 	BundleList(ctx context.Context) ([]data.Bundle, error)
-	BundleListVersions(ctx context.Context, name string) ([]data.Bundle, error)
+	BundleVersionList(ctx context.Context, name string) ([]data.Bundle, error)
 	BundleUpdate(ctx context.Context, bundle data.Bundle) error
 
-	GroupAddUser(ctx context.Context, groupname string, username string) error
 	GroupCreate(ctx context.Context, group rest.Group) error
 	GroupDelete(ctx context.Context, groupname string) error
 	GroupExists(ctx context.Context, groupname string) (bool, error)
 	GroupGet(ctx context.Context, groupname string) (rest.Group, error)
 	GroupList(ctx context.Context) ([]rest.Group, error)
-	GroupListRoles(ctx context.Context, groupname string) ([]rest.Role, error)
-	GroupListUsers(ctx context.Context, groupname string) ([]rest.User, error)
-	GroupRemoveUser(ctx context.Context, groupname string, username string) error
+	GroupPermissionList(ctx context.Context, groupname string) (rest.RolePermissionList, error)
 	GroupRoleAdd(ctx context.Context, groupname, rolename string) error
 	GroupRoleDelete(ctx context.Context, groupname, rolename string) error
+	GroupRoleList(ctx context.Context, groupname string) ([]rest.Role, error)
 	GroupUpdate(ctx context.Context, group rest.Group) error
 	GroupUserAdd(ctx context.Context, groupname string, username string) error
 	GroupUserDelete(ctx context.Context, groupname string, username string) error
+	GroupUserList(ctx context.Context, groupname string) ([]rest.User, error)
 
 	RoleCreate(ctx context.Context, rolename string) error
 	RoleDelete(ctx context.Context, rolename string) error
 	RoleGet(ctx context.Context, rolename string) (rest.Role, error)
+	RoleGroupAdd(ctx context.Context, rolename, groupname string) error
+	RoleGroupDelete(ctx context.Context, rolename, groupname string) error
+	RoleGroupExists(ctx context.Context, rolename, groupname string) (bool, error)
+	RoleGroupList(ctx context.Context, rolename string) ([]rest.Group, error)
 	RoleList(ctx context.Context) ([]rest.Role, error)
 	RoleExists(ctx context.Context, rolename string) (bool, error)
-	RoleHasPermission(ctx context.Context, rolename, bundlename, permission string) (bool, error)
 	RolePermissionAdd(ctx context.Context, rolename, bundlename, permission string) error
 	RolePermissionDelete(ctx context.Context, rolename, bundlename, permission string) error
-	RolePermissionList(ctx context.Context, rolename string) ([]rest.RolePermission, error)
+	RolePermissionExists(ctx context.Context, rolename, bundlename, permission string) (bool, error)
+	RolePermissionList(ctx context.Context, rolename string) (rest.RolePermissionList, error)
 
 	TokenEvaluate(ctx context.Context, token string) bool
 	TokenGenerate(ctx context.Context, username string, duration time.Duration) (rest.Token, error)
@@ -89,6 +92,7 @@ type DataAccess interface {
 	UserGroupAdd(ctx context.Context, username string, groupname string) error
 	UserGroupDelete(ctx context.Context, username string, groupname string) error
 	UserList(ctx context.Context) ([]rest.User, error)
-	UserPermissions(ctx context.Context, username string) ([]string, error)
+	UserPermissionList(ctx context.Context, username string) (rest.RolePermissionList, error)
+	UserRoleList(ctx context.Context, username string) ([]rest.Role, error)
 	UserUpdate(ctx context.Context, user rest.User) error
 }
diff --git a/dataaccess/memory/bundle-access.go b/dataaccess/memory/bundle-access.go
index 9d33500..28b07d1 100644
--- a/dataaccess/memory/bundle-access.go
+++ b/dataaccess/memory/bundle-access.go
@@ -192,7 +192,7 @@ func (da *InMemoryDataAccess) BundleList(ctx context.Context) ([]data.Bundle, er
 }
 
 // BundleListVersions TBD
-func (da *InMemoryDataAccess) BundleListVersions(ctx context.Context, name string) ([]data.Bundle, error) {
+func (da *InMemoryDataAccess) BundleVersionList(ctx context.Context, name string) ([]data.Bundle, error) {
 	list := make([]data.Bundle, 0)
 
 	for _, g := range da.bundles {
diff --git a/dataaccess/memory/bundle-access_test.go b/dataaccess/memory/bundle-access_test.go
index 0eeb5d7..d145989 100644
--- a/dataaccess/memory/bundle-access_test.go
+++ b/dataaccess/memory/bundle-access_test.go
@@ -35,7 +35,7 @@ func testBundleAccess(t *testing.T) {
 	t.Run("testBundleDelete", testBundleDelete)
 	t.Run("testBundleGet", testBundleGet)
 	t.Run("testBundleList", testBundleList)
-	t.Run("testBundleListVersions", testBundleListVersions)
+	t.Run("testBundleVersionList", testBundleVersionList)
 	t.Run("testFindCommandEntry", testFindCommandEntry)
 }
 
@@ -340,7 +340,7 @@ func testBundleList(t *testing.T) {
 	}
 }
 
-func testBundleListVersions(t *testing.T) {
+func testBundleVersionList(t *testing.T) {
 	da.BundleCreate(ctx, data.Bundle{GortBundleVersion: 5, Name: "test-list-0", Version: "0.0", Description: "foo"})
 	defer da.BundleDelete(ctx, "test-list-0", "0.0")
 	da.BundleCreate(ctx, data.Bundle{GortBundleVersion: 5, Name: "test-list-0", Version: "0.1", Description: "foo"})
@@ -350,7 +350,7 @@ func testBundleListVersions(t *testing.T) {
 	da.BundleCreate(ctx, data.Bundle{GortBundleVersion: 5, Name: "test-list-1", Version: "0.1", Description: "foo"})
 	defer da.BundleDelete(ctx, "test-list-1", "0.1")
 
-	bundles, err := da.BundleListVersions(ctx, "test-list-0")
+	bundles, err := da.BundleVersionList(ctx, "test-list-0")
 	assert.NoError(t, err)
 
 	if len(bundles) != 2 {
diff --git a/dataaccess/memory/group-access.go b/dataaccess/memory/group-access.go
index 5415209..b0de32c 100644
--- a/dataaccess/memory/group-access.go
+++ b/dataaccess/memory/group-access.go
@@ -24,39 +24,6 @@ import (
 	"github.com/getgort/gort/dataaccess/errs"
 )
 
-// GroupAddUser adds a user to a group
-func (da *InMemoryDataAccess) GroupAddUser(ctx context.Context, groupname string, username string) error {
-	if groupname == "" {
-		return errs.ErrEmptyGroupName
-	}
-
-	exists, err := da.GroupExists(ctx, groupname)
-	if err != nil {
-		return err
-	}
-	if !exists {
-		return errs.ErrNoSuchGroup
-	}
-
-	if username == "" {
-		return errs.ErrEmptyUserName
-	}
-
-	exists, err = da.UserExists(ctx, username)
-	if err != nil {
-		return err
-	}
-	if !exists {
-		return errs.ErrNoSuchUser
-	}
-
-	group := da.groups[groupname]
-	user := da.users[username]
-	group.Users = append(group.Users, *user)
-
-	return nil
-}
-
 // GroupCreate creates a new user group.
 func (da *InMemoryDataAccess) GroupCreate(ctx context.Context, group rest.Group) error {
 	if group.Name == "" {
@@ -126,32 +93,6 @@ func (da *InMemoryDataAccess) GroupGet(ctx context.Context, groupname string) (r
 	return *group, nil
 }
 
-// GroupRoleAdd grants one or more roles to a group.
-func (da *InMemoryDataAccess) GroupRoleAdd(ctx context.Context, groupname, rolename string) error {
-	b, err := da.GroupExists(ctx, groupname)
-	if err != nil {
-		return err
-	} else if !b {
-		return errs.ErrNoSuchGroup
-	}
-
-	b, err = da.RoleExists(ctx, rolename)
-	if err != nil {
-		return err
-	} else if !b {
-		return errs.ErrNoSuchRole
-	}
-
-	m := da.grouproles[groupname]
-	if m == nil {
-		m = make(map[string]*rest.Role)
-		da.grouproles[groupname] = m
-	}
-
-	m[rolename] = da.roles[rolename]
-	return nil
-}
-
 // GroupList returns a list of all known groups in the datastore.
 // Passwords are not included. Nice try.
 func (da *InMemoryDataAccess) GroupList(ctx context.Context) ([]rest.Group, error) {
@@ -164,76 +105,91 @@ func (da *InMemoryDataAccess) GroupList(ctx context.Context) ([]rest.Group, erro
 	return list, nil
 }
 
-func (da *InMemoryDataAccess) GroupListRoles(ctx context.Context, groupname string) ([]rest.Role, error) {
-	roles := []rest.Role{}
-
-	gr := da.grouproles[groupname]
-	if gr == nil {
-		return roles, nil
+func (da *InMemoryDataAccess) GroupPermissionList(ctx context.Context, groupname string) (rest.RolePermissionList, error) {
+	roles, err := da.GroupRoleList(ctx, groupname)
+	if err != nil {
+		return rest.RolePermissionList{}, err
 	}
 
-	for _, r := range gr {
-		roles = append(roles, *r)
+	mp := map[string]rest.RolePermission{}
+
+	for _, r := range roles {
+		rpl, err := da.RolePermissionList(ctx, r.Name)
+		if err != nil {
+			return rest.RolePermissionList{}, err
+		}
+
+		for _, rp := range rpl {
+			mp[rp.String()] = rp
+		}
 	}
 
-	sort.Slice(roles, func(i, j int) bool { return roles[i].Name < roles[j].Name })
+	pp := []rest.RolePermission{}
 
-	return roles, nil
-}
+	for _, p := range mp {
+		pp = append(pp, p)
+	}
+
+	sort.Slice(pp, func(i, j int) bool { return pp[i].String() < pp[j].String() })
 
-func (da *InMemoryDataAccess) GroupListUsers(ctx context.Context, groupname string) ([]rest.User, error) {
-	return nil, errs.ErrNotImplemented
+	return pp, nil
 }
 
-// GroupRemoveUser removes one or more users from a group.
-func (da *InMemoryDataAccess) GroupRemoveUser(ctx context.Context, groupname string, username string) error {
-	if groupname == "" {
-		return errs.ErrEmptyGroupName
+func (da *InMemoryDataAccess) GroupRoleList(ctx context.Context, groupname string) ([]rest.Role, error) {
+	gr := da.groups[groupname]
+	if gr == nil {
+		return []rest.Role{}, nil
 	}
 
-	exists, err := da.GroupExists(ctx, groupname)
-	if err != nil {
-		return err
-	}
+	sort.Slice(gr.Roles, func(i, j int) bool { return gr.Roles[i].Name < gr.Roles[j].Name })
+
+	return gr.Roles, nil
+}
+
+// GroupRoleAdd grants one or more roles to a group.
+func (da *InMemoryDataAccess) GroupRoleAdd(ctx context.Context, groupname, rolename string) error {
+	group, exists := da.groups[groupname]
 	if !exists {
 		return errs.ErrNoSuchGroup
 	}
 
-	group := da.groups[groupname]
-
-	for i, u := range group.Users {
-		if u.Username == username {
-			group.Users = append(group.Users[:i], group.Users[i+1:]...)
-			return nil
-		}
+	role, exists := da.roles[rolename]
+	if !exists {
+		return errs.ErrNoSuchRole
 	}
 
-	return errs.ErrNoSuchUser
+	group.Roles = append(group.Roles, *role)
+	role.Groups = append(role.Groups, *group)
+
+	return nil
 }
 
 // GroupRoleDelete revokes one or more roles from a group.
 func (da *InMemoryDataAccess) GroupRoleDelete(ctx context.Context, groupname, rolename string) error {
-	b, err := da.GroupExists(ctx, groupname)
-	if err != nil {
-		return err
-	} else if !b {
+	group, exists := da.groups[groupname]
+	if !exists {
 		return errs.ErrNoSuchGroup
 	}
 
-	b, err = da.RoleExists(ctx, rolename)
-	if err != nil {
-		return err
-	} else if !b {
+	role, exists := da.roles[rolename]
+	if !exists {
 		return errs.ErrNoSuchRole
 	}
 
-	m := da.grouproles[groupname]
-	if m == nil {
-		m = make(map[string]*rest.Role)
-		da.grouproles[groupname] = m
+	for i, r := range group.Roles {
+		if r.Name == rolename {
+			group.Roles = append(group.Roles[:i], group.Roles[i+1:]...)
+			break
+		}
+	}
+
+	for i, g := range role.Groups {
+		if g.Name == groupname {
+			role.Groups = append(role.Groups[:i], role.Groups[i+1:]...)
+			break
+		}
 	}
 
-	delete(m, rolename)
 	return nil
 }
 
@@ -258,12 +214,70 @@ func (da *InMemoryDataAccess) GroupUpdate(ctx context.Context, group rest.Group)
 	return nil
 }
 
-// GroupUserAdd comments TBD
-func (da *InMemoryDataAccess) GroupUserAdd(ctx context.Context, group string, user string) error {
-	return errs.ErrNotImplemented
+// GroupUserAdd adds a user to a group
+func (da *InMemoryDataAccess) GroupUserAdd(ctx context.Context, groupname string, username string) error {
+	if groupname == "" {
+		return errs.ErrEmptyGroupName
+	}
+
+	exists, err := da.GroupExists(ctx, groupname)
+	if err != nil {
+		return err
+	}
+	if !exists {
+		return errs.ErrNoSuchGroup
+	}
+
+	if username == "" {
+		return errs.ErrEmptyUserName
+	}
+
+	exists, err = da.UserExists(ctx, username)
+	if err != nil {
+		return err
+	}
+	if !exists {
+		return errs.ErrNoSuchUser
+	}
+
+	group := da.groups[groupname]
+	user := da.users[username]
+	group.Users = append(group.Users, *user)
+
+	return nil
+}
+
+// GroupUserDelete removes one or more users from a group.
+func (da *InMemoryDataAccess) GroupUserDelete(ctx context.Context, groupname string, username string) error {
+	if groupname == "" {
+		return errs.ErrEmptyGroupName
+	}
+
+	exists, err := da.GroupExists(ctx, groupname)
+	if err != nil {
+		return err
+	}
+	if !exists {
+		return errs.ErrNoSuchGroup
+	}
+
+	group := da.groups[groupname]
+
+	for i, u := range group.Users {
+		if u.Username == username {
+			group.Users = append(group.Users[:i], group.Users[i+1:]...)
+			return nil
+		}
+	}
+
+	return errs.ErrNoSuchUser
 }
 
-// GroupUserDelete comments TBD
-func (da *InMemoryDataAccess) GroupUserDelete(ctx context.Context, group string, user string) error {
-	return errs.ErrNotImplemented
+func (da *InMemoryDataAccess) GroupUserList(ctx context.Context, groupname string) ([]rest.User, error) {
+	group, exists := da.groups[groupname]
+	if !exists {
+		return []rest.User{}, errs.ErrNoSuchGroup
+	}
+
+	return group.Users, nil
 }
diff --git a/dataaccess/memory/group-access_test.go b/dataaccess/memory/group-access_test.go
index a375974..6b6aa42 100644
--- a/dataaccess/memory/group-access_test.go
+++ b/dataaccess/memory/group-access_test.go
@@ -25,44 +25,85 @@ import (
 )
 
 func testGroupAccess(t *testing.T) {
-	t.Run("testGroupAddUser", testGroupAddUser)
+	t.Run("testGroupUserAdd", testGroupUserAdd)
+	t.Run("testGroupUserList", testGroupUserList)
 	t.Run("testGroupCreate", testGroupCreate)
 	t.Run("testGroupDelete", testGroupDelete)
 	t.Run("testGroupExists", testGroupExists)
 	t.Run("testGroupGet", testGroupGet)
 	t.Run("testGroupRoleAdd", testGroupRoleAdd)
+	t.Run("testGroupPermissionList", testGroupPermissionList)
 	t.Run("testGroupList", testGroupList)
-	t.Run("testGroupListRoles", testGroupListRoles)
-	t.Run("testGroupRemoveUser", testGroupRemoveUser)
+	t.Run("testGroupRoleList", testGroupRoleList)
+	t.Run("testGroupUserDelete", testGroupUserDelete)
 }
 
-func testGroupAddUser(t *testing.T) {
-	err := da.GroupAddUser(ctx, "foo", "bar")
+func testGroupUserAdd(t *testing.T) {
+	var (
+		groupname = "group-test-group-user-add"
+		username  = "user-test-group-user-add"
+		useremail = "user@foo.bar"
+	)
+
+	err := da.GroupUserAdd(ctx, groupname, username)
 	assert.Error(t, err, errs.ErrNoSuchGroup)
 
-	da.GroupCreate(ctx, rest.Group{Name: "foo"})
-	defer da.GroupDelete(ctx, "foo")
+	da.GroupCreate(ctx, rest.Group{Name: groupname})
+	defer da.GroupDelete(ctx, groupname)
 
-	err = da.GroupAddUser(ctx, "foo", "bar")
+	err = da.GroupUserAdd(ctx, groupname, username)
 	assert.Error(t, err, errs.ErrNoSuchUser)
 
-	da.UserCreate(ctx, rest.User{Username: "bar", Email: "bar"})
-	defer da.UserDelete(ctx, "bar")
+	da.UserCreate(ctx, rest.User{Username: username, Email: useremail})
+	defer da.UserDelete(ctx, username)
 
-	err = da.GroupAddUser(ctx, "foo", "bar")
+	err = da.GroupUserAdd(ctx, groupname, username)
 	assert.NoError(t, err)
 
-	group, _ := da.GroupGet(ctx, "foo")
+	group, _ := da.GroupGet(ctx, groupname)
 
-	if len(group.Users) != 1 {
-		t.Error("Users list empty")
+	if !assert.Len(t, group.Users, 1) {
 		t.FailNow()
 	}
 
-	if len(group.Users) > 0 && group.Users[0].Username != "bar" {
-		t.Error("Wrong user!")
+	assert.Equal(t, group.Users[0].Username, username)
+	assert.Equal(t, group.Users[0].Email, useremail)
+}
+
+func testGroupUserList(t *testing.T) {
+	var (
+		groupname = "group-test-group-user-list"
+		expected  = []rest.User{
+			{Username: "user-test-group-user-list-0", Email: "user-test-group-user-list-0@email.com"},
+			{Username: "user-test-group-user-list-1", Email: "user-test-group-user-list-1@email.com"},
+		}
+	)
+
+	_, err := da.GroupUserList(ctx, groupname)
+	assert.Error(t, err)
+	assert.ErrorIs(t, err, errs.ErrNoSuchGroup)
+
+	da.GroupCreate(ctx, rest.Group{Name: groupname})
+	defer da.GroupDelete(ctx, groupname)
+
+	da.UserCreate(ctx, expected[0])
+	defer da.UserDelete(ctx, expected[0].Username)
+	da.UserCreate(ctx, expected[1])
+	defer da.UserDelete(ctx, expected[1].Username)
+
+	da.GroupUserAdd(ctx, groupname, expected[0].Username)
+	da.GroupUserAdd(ctx, groupname, expected[1].Username)
+
+	actual, err := da.GroupUserList(ctx, groupname)
+	if !assert.NoError(t, err) {
+		t.FailNow()
+	}
+
+	if !assert.Len(t, actual, 2) {
 		t.FailNow()
 	}
+
+	assert.Equal(t, expected, actual)
 }
 
 func testGroupCreate(t *testing.T) {
@@ -126,34 +167,74 @@ func testGroupExists(t *testing.T) {
 }
 
 func testGroupGet(t *testing.T) {
+	groupname := "group-test-group-get"
+
 	var err error
 	var group rest.Group
 
 	// Expect an error
 	_, err = da.GroupGet(ctx, "")
-	assert.Error(t, err, errs.ErrEmptyGroupName)
+	assert.ErrorIs(t, err, errs.ErrEmptyGroupName)
 
 	// Expect an error
-	_, err = da.GroupGet(ctx, "test-get")
-	assert.Error(t, err, errs.ErrNoSuchGroup)
+	_, err = da.GroupGet(ctx, groupname)
+	assert.ErrorIs(t, err, errs.ErrNoSuchGroup)
 
-	da.GroupCreate(ctx, rest.Group{Name: "test-get"})
-	defer da.GroupDelete(ctx, "test-get")
+	da.GroupCreate(ctx, rest.Group{Name: groupname})
+	defer da.GroupDelete(ctx, groupname)
 
 	// da.Group ctx, should exist now
-	exists, _ := da.GroupExists(ctx, "test-get")
-	if !exists {
-		t.Error("Group should exist now")
+	exists, _ := da.GroupExists(ctx, groupname)
+	if !assert.True(t, exists) {
 		t.FailNow()
 	}
 
 	// Expect no error
-	group, err = da.GroupGet(ctx, "test-get")
-	assert.NoError(t, err)
-	if group.Name != "test-get" {
-		t.Errorf("Group name mismatch: %q is not \"test-get\"", group.Name)
+	group, err = da.GroupGet(ctx, groupname)
+	if !assert.NoError(t, err) {
+		t.FailNow()
+	}
+	if !assert.Equal(t, groupname, group.Name) {
+		t.FailNow()
+	}
+}
+
+func testGroupPermissionList(t *testing.T) {
+	const (
+		groupname  = "group-test-group-permission-list"
+		rolename   = "role-test-group-permission-list"
+		bundlename = "test"
+	)
+
+	var expected = rest.RolePermissionList{
+		{BundleName: bundlename, Permission: "role-test-group-permission-list-1"},
+		{BundleName: bundlename, Permission: "role-test-group-permission-list-2"},
+		{BundleName: bundlename, Permission: "role-test-group-permission-list-3"},
+	}
+
+	var err error
+
+	da.GroupCreate(ctx, rest.Group{Name: groupname})
+	defer da.GroupDelete(ctx, groupname)
+
+	da.RoleCreate(ctx, rolename)
+	defer da.RoleDelete(ctx, rolename)
+
+	err = da.GroupRoleAdd(ctx, groupname, rolename)
+	if !assert.NoError(t, err) {
+		t.FailNow()
+	}
+
+	da.RolePermissionAdd(ctx, rolename, expected[0].BundleName, expected[0].Permission)
+	da.RolePermissionAdd(ctx, rolename, expected[1].BundleName, expected[1].Permission)
+	da.RolePermissionAdd(ctx, rolename, expected[2].BundleName, expected[2].Permission)
+
+	actual, err := da.GroupPermissionList(ctx, groupname)
+	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
+
+	assert.Equal(t, expected, actual)
 }
 
 func testGroupRoleAdd(t *testing.T) {
@@ -190,7 +271,7 @@ func testGroupRoleAdd(t *testing.T) {
 		},
 	}
 
-	roles, err := da.GroupListRoles(ctx, groupName)
+	roles, err := da.GroupRoleList(ctx, groupName)
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
@@ -204,7 +285,7 @@ func testGroupRoleAdd(t *testing.T) {
 
 	expectedRoles = []rest.Role{}
 
-	roles, err = da.GroupListRoles(ctx, groupName)
+	roles, err = da.GroupRoleList(ctx, groupName)
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
@@ -238,45 +319,53 @@ func testGroupList(t *testing.T) {
 	}
 }
 
-func testGroupListRoles(t *testing.T) {
-	da.GroupCreate(ctx, rest.Group{Name: "group-test-group-list-roles"})
-	defer da.GroupDelete(ctx, "group-test-group-list-roles")
+func testGroupRoleList(t *testing.T) {
+	var (
+		groupname = "group-test-group-list-roles"
+		rolenames = []string{
+			"role-test-group-list-roles-0",
+			"role-test-group-list-roles-1",
+			"role-test-group-list-roles-2",
+		}
+	)
+	da.GroupCreate(ctx, rest.Group{Name: groupname})
+	defer da.GroupDelete(ctx, groupname)
 
-	da.RoleCreate(ctx, "role-test-group-list-roles-1")
-	defer da.RoleDelete(ctx, "role-test-group-list-roles-1")
+	da.RoleCreate(ctx, rolenames[1])
+	defer da.RoleDelete(ctx, rolenames[1])
 
-	da.RoleCreate(ctx, "role-test-group-list-roles-0")
-	defer da.RoleDelete(ctx, "role-test-group-list-roles-0")
+	da.RoleCreate(ctx, rolenames[0])
+	defer da.RoleDelete(ctx, rolenames[0])
 
-	da.RoleCreate(ctx, "role-test-group-list-roles-2")
-	defer da.RoleDelete(ctx, "role-test-group-list-roles-2")
+	da.RoleCreate(ctx, rolenames[2])
+	defer da.RoleDelete(ctx, rolenames[2])
 
-	roles, err := da.GroupListRoles(ctx, "group-test-group-list-roles")
+	roles, err := da.GroupRoleList(ctx, groupname)
 	if !assert.NoError(t, err) && !assert.Empty(t, roles) {
 		t.FailNow()
 	}
 
-	err = da.GroupRoleAdd(ctx, "group-test-group-list-roles", "role-test-group-list-roles-1")
+	err = da.GroupRoleAdd(ctx, groupname, rolenames[1])
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
-	err = da.GroupRoleAdd(ctx, "group-test-group-list-roles", "role-test-group-list-roles-0")
+	err = da.GroupRoleAdd(ctx, groupname, rolenames[0])
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
-	err = da.GroupRoleAdd(ctx, "group-test-group-list-roles", "role-test-group-list-roles-2")
+	err = da.GroupRoleAdd(ctx, groupname, rolenames[2])
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
 
 	// Note: alphabetically sorted!
 	expected := []rest.Role{
-		{Name: "role-test-group-list-roles-0", Permissions: []rest.RolePermission{}},
-		{Name: "role-test-group-list-roles-1", Permissions: []rest.RolePermission{}},
-		{Name: "role-test-group-list-roles-2", Permissions: []rest.RolePermission{}},
+		{Name: rolenames[0], Permissions: []rest.RolePermission{}},
+		{Name: rolenames[1], Permissions: []rest.RolePermission{}},
+		{Name: rolenames[2], Permissions: []rest.RolePermission{}},
 	}
 
-	actual, err := da.GroupListRoles(ctx, "group-test-group-list-roles")
+	actual, err := da.GroupRoleList(ctx, groupname)
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
@@ -284,14 +373,14 @@ func testGroupListRoles(t *testing.T) {
 	assert.Equal(t, expected, actual)
 }
 
-func testGroupRemoveUser(t *testing.T) {
+func testGroupUserDelete(t *testing.T) {
 	da.GroupCreate(ctx, rest.Group{Name: "foo"})
 	defer da.GroupDelete(ctx, "foo")
 
 	da.UserCreate(ctx, rest.User{Username: "bat"})
 	defer da.UserDelete(ctx, "bat")
 
-	err := da.GroupAddUser(ctx, "foo", "bat")
+	err := da.GroupUserAdd(ctx, "foo", "bat")
 	assert.NoError(t, err)
 
 	group, err := da.GroupGet(ctx, "foo")
@@ -307,7 +396,7 @@ func testGroupRemoveUser(t *testing.T) {
 		t.FailNow()
 	}
 
-	err = da.GroupRemoveUser(ctx, "foo", "bat")
+	err = da.GroupUserDelete(ctx, "foo", "bat")
 	assert.NoError(t, err)
 
 	group, err = da.GroupGet(ctx, "foo")
diff --git a/dataaccess/memory/memory-data-access.go b/dataaccess/memory/memory-data-access.go
index f3dd7d4..4be953c 100644
--- a/dataaccess/memory/memory-data-access.go
+++ b/dataaccess/memory/memory-data-access.go
@@ -26,21 +26,19 @@ import (
 // InMemoryDataAccess is an entirely in-memory representation of a data access layer.
 // Great for testing and development. Terrible for production.
 type InMemoryDataAccess struct {
-	bundles    map[string]*data.Bundle
-	groups     map[string]*rest.Group
-	users      map[string]*rest.User
-	roles      map[string]*rest.Role
-	grouproles map[string]map[string]*rest.Role
+	bundles map[string]*data.Bundle
+	groups  map[string]*rest.Group
+	users   map[string]*rest.User
+	roles   map[string]*rest.Role
 }
 
 // NewInMemoryDataAccess returns a new InMemoryDataAccess instance.
 func NewInMemoryDataAccess() *InMemoryDataAccess {
 	da := InMemoryDataAccess{
-		bundles:    make(map[string]*data.Bundle),
-		groups:     make(map[string]*rest.Group),
-		users:      make(map[string]*rest.User),
-		roles:      make(map[string]*rest.Role),
-		grouproles: make(map[string]map[string]*rest.Role),
+		bundles: make(map[string]*data.Bundle),
+		groups:  make(map[string]*rest.Group),
+		users:   make(map[string]*rest.User),
+		roles:   make(map[string]*rest.Role),
 	}
 
 	return &da
diff --git a/dataaccess/memory/role-access.go b/dataaccess/memory/role-access.go
index 392b406..c416e4f 100644
--- a/dataaccess/memory/role-access.go
+++ b/dataaccess/memory/role-access.go
@@ -25,30 +25,19 @@ import (
 )
 
 // RoleCreate creates a new role.
-func (da *InMemoryDataAccess) RoleCreate(ctx context.Context, name string) error {
-	if name == "" {
+func (da *InMemoryDataAccess) RoleCreate(ctx context.Context, rolename string) error {
+	if rolename == "" {
 		return errs.ErrEmptyRoleName
 	}
 
-	if nil != da.roles[name] {
+	if nil != da.roles[rolename] {
 		return errs.ErrRoleExists
 	}
 
-	da.roles[name] = &rest.Role{Name: name, Permissions: []rest.RolePermission{}}
+	da.roles[rolename] = &rest.Role{Name: rolename, Permissions: []rest.RolePermission{}}
 	return nil
 }
 
-// RoleList
-func (da *InMemoryDataAccess) RoleList(ctx context.Context) ([]rest.Role, error) {
-	list := make([]rest.Role, 0)
-
-	for _, r := range da.roles {
-		list = append(list, *r)
-	}
-
-	return list, nil
-}
-
 // RoleDelete
 func (da *InMemoryDataAccess) RoleDelete(ctx context.Context, name string) error {
 	if name == "" {
@@ -73,10 +62,10 @@ func (da *InMemoryDataAccess) RoleExists(ctx context.Context, name string) (bool
 }
 
 // RoleGet gets a specific group.
-func (da *InMemoryDataAccess) RoleGet(ctx context.Context, name string) (rest.Role, error) {
-	role, ok := da.roles[name]
+func (da *InMemoryDataAccess) RoleGet(ctx context.Context, rolename string) (rest.Role, error) {
+	role, ok := da.roles[rolename]
 
-	if name == "" {
+	if rolename == "" {
 		return rest.Role{}, errs.ErrEmptyRoleName
 	}
 
@@ -87,14 +76,80 @@ func (da *InMemoryDataAccess) RoleGet(ctx context.Context, name string) (rest.Ro
 	return *role, nil
 }
 
-func (da *InMemoryDataAccess) RolePermissionAdd(ctx context.Context, rolename, bundlename, permission string) error {
+// RolePermissionExists returns true if the given role has been granted the
+// specified permission. It returns an error if rolename is empty or if no
+// such role exists.
+func (da *InMemoryDataAccess) RolePermissionExists(ctx context.Context, rolename, bundlename, permission string) (bool, error) {
+	perms, err := da.RolePermissionList(ctx, rolename)
+	if err != nil {
+		return false, err
+	}
+
+	for _, p := range perms {
+		if p.BundleName == bundlename && p.Permission == permission {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
+
+// RoleList
+func (da *InMemoryDataAccess) RoleList(ctx context.Context) ([]rest.Role, error) {
+	list := make([]rest.Role, 0)
+
+	for _, r := range da.roles {
+		list = append(list, *r)
+	}
+
+	return list, nil
+}
+
+func (da *InMemoryDataAccess) RoleGroupAdd(ctx context.Context, rolename, groupname string) error {
+	return da.GroupRoleAdd(ctx, groupname, rolename)
+}
+
+func (da *InMemoryDataAccess) RoleGroupDelete(ctx context.Context, rolename, groupname string) error {
+	return da.GroupRoleDelete(ctx, groupname, rolename)
+}
+
+func (da *InMemoryDataAccess) RoleGroupExists(ctx context.Context, rolename, groupname string) (bool, error) {
+	groups, err := da.RoleGroupList(ctx, rolename)
+	if err != nil {
+		return false, err
+	}
+
+	if exists, err := da.GroupExists(ctx, groupname); err != nil {
+		return false, err
+	} else if !exists {
+		return false, errs.ErrNoSuchGroup
+	}
+
+	for _, g := range groups {
+		if g.Name == groupname {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
+
+func (da *InMemoryDataAccess) RoleGroupList(ctx context.Context, rolename string) ([]rest.Group, error) {
 	role, ok := da.roles[rolename]
+	if !ok {
+		return nil, errs.ErrNoSuchRole
+	}
+	return role.Groups, nil
+}
 
+func (da *InMemoryDataAccess) RolePermissionAdd(ctx context.Context, rolename, bundlename, permission string) error {
+	role, ok := da.roles[rolename]
 	if !ok {
 		return errs.ErrNoSuchRole
 	}
 
 	role.Permissions = append(role.Permissions, rest.RolePermission{BundleName: bundlename, Permission: permission})
+
 	return nil
 }
 
@@ -119,28 +174,10 @@ func (da *InMemoryDataAccess) RolePermissionDelete(ctx context.Context, rolename
 	return nil
 }
 
-// RoleHasPermission returns true if the given role has been granted the
-// specified permission. It returns an error if rolename is empty or if no
-// such role exists.
-func (da *InMemoryDataAccess) RoleHasPermission(ctx context.Context, rolename, bundlename, permission string) (bool, error) {
-	perms, err := da.RolePermissionList(ctx, rolename)
-	if err != nil {
-		return false, err
-	}
-
-	for _, p := range perms {
-		if p.BundleName == bundlename && p.Permission == permission {
-			return true, nil
-		}
-	}
-
-	return false, nil
-}
-
 // RolePermissionList returns returns an alphabetically-sorted list of
 // fully-qualified (i.e., "bundle:permission") permissions granted to
 // the role.
-func (da *InMemoryDataAccess) RolePermissionList(ctx context.Context, rolename string) ([]rest.RolePermission, error) {
+func (da *InMemoryDataAccess) RolePermissionList(ctx context.Context, rolename string) (rest.RolePermissionList, error) {
 	role, err := da.RoleGet(ctx, rolename)
 	if err != nil {
 		return nil, err
diff --git a/dataaccess/memory/role-access_test.go b/dataaccess/memory/role-access_test.go
index d50b9f1..ff413b9 100644
--- a/dataaccess/memory/role-access_test.go
+++ b/dataaccess/memory/role-access_test.go
@@ -30,7 +30,12 @@ func testRoleAccess(t *testing.T) {
 	t.Run("testRoleExists", testRoleExists)
 	t.Run("testRoleDelete", testRoleDelete)
 	t.Run("testRoleGet", testRoleGet)
-	t.Run("testRoleHasPermission", testRoleHasPermission)
+	t.Run("testRoleGroupAdd", testRoleGroupAdd)
+	t.Run("testRoleGroupDelete", testRoleGroupDelete)
+	t.Run("testRoleGroupExists", testRoleGroupExists)
+	t.Run("testRoleGroupList", testRoleGroupList)
+	t.Run("testRolePermissionExists", testRolePermissionExists)
+	t.Run("testRolePermissionAdd", testRolePermissionAdd)
 	t.Run("testRolePermissionList", testRolePermissionList)
 }
 
@@ -164,13 +169,193 @@ func testRoleGet(t *testing.T) {
 	assert.Equal(t, expected, role)
 }
 
-func testRoleHasPermission(t *testing.T) {
+func testRoleGroupAdd(t *testing.T) {
+	var err error
+
+	rolename := "role-test-role-group-add"
+	groupnames := []string{
+		"perm-test-role-group-add-0",
+		"perm-test-role-group-add-1",
+	}
+
+	// No such group yet
+	err = da.RoleGroupAdd(ctx, rolename, groupnames[1])
+	assert.ErrorIs(t, err, errs.ErrNoSuchGroup)
+
+	da.GroupCreate(ctx, rest.Group{Name: groupnames[0]})
+	defer da.GroupDelete(ctx, groupnames[0])
+	da.GroupCreate(ctx, rest.Group{Name: groupnames[1]})
+	defer da.GroupDelete(ctx, groupnames[1])
+
+	// Groups exist now, but the role doesn't
+	err = da.RoleGroupAdd(ctx, rolename, groupnames[1])
+	assert.ErrorIs(t, err, errs.ErrNoSuchRole)
+
+	da.RoleCreate(ctx, rolename)
+	defer da.RoleDelete(ctx, rolename)
+
+	for _, groupname := range groupnames {
+		err = da.RoleGroupAdd(ctx, rolename, groupname)
+		assert.NoError(t, err)
+	}
+
+	for _, groupname := range groupnames {
+		exists, _ := da.RoleGroupExists(ctx, rolename, groupname)
+		assert.True(t, exists, groupname)
+	}
+}
+
+func testRoleGroupDelete(t *testing.T) {
+
+}
+
+func testRoleGroupExists(t *testing.T) {
+	var err error
+
+	rolename := "role-test-role-group-exists"
+	groupnames := []string{
+		"group-test-role-group-exists-0",
+		"group-test-role-group-exists-1",
+	}
+	groupnull := "group-test-role-group-exists-null"
+
+	// No such role yet
+	_, err = da.RoleGroupExists(ctx, rolename, groupnames[1])
+	assert.ErrorIs(t, err, errs.ErrNoSuchRole)
+
+	da.RoleCreate(ctx, rolename)
+	defer da.RoleDelete(ctx, rolename)
+
+	// Groups exist now, but the role doesn't
+	_, err = da.RoleGroupExists(ctx, rolename, groupnames[1])
+	assert.ErrorIs(t, err, errs.ErrNoSuchGroup)
+
+	da.GroupCreate(ctx, rest.Group{Name: groupnames[0]})
+	defer da.GroupDelete(ctx, groupnames[0])
+	da.GroupCreate(ctx, rest.Group{Name: groupnames[1]})
+	defer da.GroupDelete(ctx, groupnames[1])
+	da.GroupCreate(ctx, rest.Group{Name: groupnull})
+	defer da.GroupDelete(ctx, groupnull)
+
+	for _, groupname := range groupnames {
+		da.RoleGroupAdd(ctx, rolename, groupname)
+	}
+
+	for _, groupname := range groupnames {
+		exists, err := da.RoleGroupExists(ctx, rolename, groupname)
+		assert.NoError(t, err)
+		assert.True(t, exists)
+	}
+
+	// Null group should NOT exist on the role
+	exists, err := da.RoleGroupExists(ctx, rolename, groupnull)
+	assert.NoError(t, err)
+	assert.False(t, exists)
+}
+
+func testRoleGroupList(t *testing.T) {
+	var err error
+
+	rolename := "role-test-role-group-list"
+	groupnames := []string{
+		"group-test-role-group-list-0",
+		"group-test-role-group-list-1",
+	}
+	groupnull := "group-test-role-group-list-null"
+
+	// No such role yet
+	_, err = da.RoleGroupList(ctx, rolename)
+	assert.ErrorIs(t, err, errs.ErrNoSuchRole)
+
+	da.RoleCreate(ctx, rolename)
+	defer da.RoleDelete(ctx, rolename)
+
+	// Groups exist now, but the role doesn't
+	groups, err := da.RoleGroupList(ctx, rolename)
+	assert.NoError(t, err)
+	assert.Empty(t, groups)
+
+	da.GroupCreate(ctx, rest.Group{Name: groupnames[1]})
+	defer da.GroupDelete(ctx, groupnames[1])
+	da.GroupCreate(ctx, rest.Group{Name: groupnames[0]})
+	defer da.GroupDelete(ctx, groupnames[0])
+	da.GroupCreate(ctx, rest.Group{Name: groupnull})
+	defer da.GroupDelete(ctx, groupnull)
+
+	for _, groupname := range groupnames {
+		da.RoleGroupAdd(ctx, rolename, groupname)
+	}
+
+	// Currently the groups are NOT expected to be fully described (i.e.,
+	// their roles slices don't have to be complete).
+	groups, err = da.RoleGroupList(ctx, rolename)
+	assert.NoError(t, err)
+	assert.Len(t, groups, 2)
+
+	for i, g := range groups {
+		assert.Equal(t, groupnames[i], g.Name)
+	}
+}
+
+func testRolePermissionAdd(t *testing.T) {
+	var exists bool
+	var err error
+
+	const rolename = "role-test-role-permission-add"
+	const bundlename = "test"
+	const permname1 = "perm-test-role-permission-add-0"
+	const permname2 = "perm-test-role-permission-add-1"
+
+	da.RoleCreate(ctx, rolename)
+	defer da.RoleDelete(ctx, rolename)
+
+	role, _ := da.RoleGet(ctx, rolename)
+	if !assert.Len(t, role.Permissions, 0) {
+		t.FailNow()
+	}
+
+	// First permission
+	err = da.RolePermissionAdd(ctx, rolename, bundlename, permname1)
+	if !assert.NoError(t, err) {
+		t.FailNow()
+	}
+	defer da.RolePermissionDelete(ctx, rolename, bundlename, permname1)
+
+	role, _ = da.RoleGet(ctx, rolename)
+	if !assert.Len(t, role.Permissions, 1) {
+		t.FailNow()
+	}
+
+	exists, _ = da.RolePermissionExists(ctx, rolename, bundlename, permname1)
+	if !assert.True(t, exists) {
+		t.FailNow()
+	}
+
+	// Second permission
+	err = da.RolePermissionAdd(ctx, rolename, bundlename, permname2)
+	if !assert.NoError(t, err) {
+		t.FailNow()
+	}
+	defer da.RolePermissionDelete(ctx, rolename, bundlename, permname2)
+
+	role, _ = da.RoleGet(ctx, rolename)
+	if !assert.Len(t, role.Permissions, 2) {
+		t.FailNow()
+	}
+
+	exists, _ = da.RolePermissionExists(ctx, rolename, bundlename, permname2)
+	if !assert.True(t, exists) {
+		t.FailNow()
+	}
+}
+
+func testRolePermissionExists(t *testing.T) {
 	var err error
 
 	da.RoleCreate(ctx, "role-test-role-has-permission")
 	defer da.RoleDelete(ctx, "role-test-role-has-permission")
 
-	has, err := da.RoleHasPermission(ctx, "role-test-role-has-permission", "test", "permission-test-role-has-permission-1")
+	has, err := da.RolePermissionExists(ctx, "role-test-role-has-permission", "test", "permission-test-role-has-permission-1")
 	if !assert.NoError(t, err) || !assert.False(t, has) {
 		t.FailNow()
 	}
@@ -181,12 +366,12 @@ func testRoleHasPermission(t *testing.T) {
 	}
 	defer da.RolePermissionDelete(ctx, "role-test-role-has-permission", "test", "permission-test-role-has-permission-1")
 
-	has, err = da.RoleHasPermission(ctx, "role-test-role-has-permission", "test", "permission-test-role-has-permission-1")
+	has, err = da.RolePermissionExists(ctx, "role-test-role-has-permission", "test", "permission-test-role-has-permission-1")
 	if !assert.NoError(t, err) || !assert.True(t, has) {
 		t.FailNow()
 	}
 
-	has, err = da.RoleHasPermission(ctx, "role-test-role-has-permission", "test", "permission-test-role-has-permission-2")
+	has, err = da.RolePermissionExists(ctx, "role-test-role-has-permission", "test", "permission-test-role-has-permission-2")
 	if !assert.NoError(t, err) || !assert.False(t, has) {
 		t.FailNow()
 	}
@@ -217,7 +402,7 @@ func testRolePermissionList(t *testing.T) {
 	defer da.RolePermissionDelete(ctx, "role-test-role-permission-list", "test", "permission-test-role-permission-list-2")
 
 	// Expect a sorted list!
-	expect := []rest.RolePermission{
+	expect := rest.RolePermissionList{
 		{BundleName: "test", Permission: "permission-test-role-permission-list-1"},
 		{BundleName: "test", Permission: "permission-test-role-permission-list-2"},
 		{BundleName: "test", Permission: "permission-test-role-permission-list-3"},
diff --git a/dataaccess/memory/user-access.go b/dataaccess/memory/user-access.go
index c52e72f..778cd0d 100644
--- a/dataaccess/memory/user-access.go
+++ b/dataaccess/memory/user-access.go
@@ -128,6 +128,33 @@ func (da *InMemoryDataAccess) UserGetByEmail(ctx context.Context, email string)
 	return rest.User{}, errs.ErrNoSuchUser
 }
 
+// UserGroupList returns a slice of Group values representing the specified user's group memberships.
+// The groups' Users slice is never populated, and is always nil.
+func (da *InMemoryDataAccess) UserGroupList(ctx context.Context, username string) ([]rest.Group, error) {
+	groups := make([]rest.Group, 0)
+
+	for _, group := range da.groups {
+		for _, user := range group.Users {
+			if user.Username == username {
+				groups = append(groups, rest.Group{Name: group.Name})
+				continue
+			}
+		}
+	}
+
+	return groups, nil
+}
+
+// UserGroupAdd comments TBD
+func (da *InMemoryDataAccess) UserGroupAdd(ctx context.Context, username string, groupname string) error {
+	return da.GroupUserAdd(ctx, groupname, username)
+}
+
+// UserGroupDelete comments TBD
+func (da *InMemoryDataAccess) UserGroupDelete(ctx context.Context, username string, groupname string) error {
+	return da.GroupUserDelete(ctx, groupname, username)
+}
+
 // UserList returns a list of all known users in the datastore.
 // Passwords are not included. Nice try.
 func (da *InMemoryDataAccess) UserList(ctx context.Context) ([]rest.User, error) {
@@ -141,34 +168,74 @@ func (da *InMemoryDataAccess) UserList(ctx context.Context) ([]rest.User, error)
 	return list, nil
 }
 
-// UserPermissions returns an alphabetically-sorted list of fully-qualified
-// (i.e., "bundle:permission") permissions available to the specified user.
-func (da *InMemoryDataAccess) UserPermissions(ctx context.Context, username string) ([]string, error) {
-	pp := []string{}
+// UserPermissionList returns an alphabetically-sorted list of permissions
+// available to the specified user.
+func (da *InMemoryDataAccess) UserPermissionList(ctx context.Context, username string) (rest.RolePermissionList, error) {
+	mp := map[string]rest.RolePermission{}
 
+	// Permissions aren't attached to users: they're attached to roles, which
+	// are attached to groups.
 	groups, err := da.UserGroupList(ctx, username)
 	if err != nil {
 		return nil, err
 	}
 
+	// Collect all permissions from all groups to remove any repeats.
 	for _, group := range groups {
-		roles, err := da.GroupListRoles(ctx, group.Name)
+		gpl, err := da.GroupPermissionList(ctx, group.Name)
 		if err != nil {
 			return nil, err
 		}
 
-		for _, role := range roles {
-			for _, p := range role.Permissions {
-				pp = append(pp, p.BundleName+":"+p.Permission)
-			}
+		for _, p := range gpl {
+			mp[p.String()] = p
 		}
 	}
 
-	sort.Strings(pp)
+	pp := []rest.RolePermission{}
+
+	for _, p := range mp {
+		pp = append(pp, p)
+	}
+
+	sort.Slice(pp, func(i, j int) bool { return pp[i].String() < pp[j].String() })
 
 	return pp, nil
 }
 
+// UserRoleList returns a slice of Role values representing the specified
+// user's indirect roles (indirect because users are members of groups,
+// and groups have roles).
+func (da *InMemoryDataAccess) UserRoleList(ctx context.Context, username string) ([]rest.Role, error) {
+	rm := map[string]rest.Role{}
+
+	groups, err := da.UserGroupList(ctx, username)
+	if err != nil {
+		return []rest.Role{}, err
+	}
+
+	for _, gr := range groups {
+		rl, err := da.GroupRoleList(ctx, gr.Name)
+		if err != nil {
+			return []rest.Role{}, err
+		}
+
+		for _, r := range rl {
+			rm[r.Name] = r
+		}
+	}
+
+	roles := []rest.Role{}
+
+	for _, r := range rm {
+		roles = append(roles, r)
+	}
+
+	sort.Slice(roles, func(i, j int) bool { return roles[i].Name < roles[j].Name })
+
+	return roles, nil
+}
+
 // UserUpdate is used to update an existing user. An error is returned if the
 // username is empty or if the user doesn't exist.
 // TODO Should we let this create users that don't exist?
@@ -189,30 +256,3 @@ func (da *InMemoryDataAccess) UserUpdate(ctx context.Context, user rest.User) er
 
 	return nil
 }
-
-// UserGroupList returns a slice of Group values representing the specified user's group memberships.
-// The groups' Users slice is never populated, and is always nil.
-func (da *InMemoryDataAccess) UserGroupList(ctx context.Context, username string) ([]rest.Group, error) {
-	groups := make([]rest.Group, 0)
-
-	for _, group := range da.groups {
-		for _, user := range group.Users {
-			if user.Username == username {
-				groups = append(groups, rest.Group{Name: group.Name})
-				continue
-			}
-		}
-	}
-
-	return groups, nil
-}
-
-// UserGroupAdd comments TBD
-func (da *InMemoryDataAccess) UserGroupAdd(ctx context.Context, username string, groupname string) error {
-	return da.GroupAddUser(ctx, groupname, username)
-}
-
-// UserGroupDelete comments TBD
-func (da *InMemoryDataAccess) UserGroupDelete(ctx context.Context, username string, groupname string) error {
-	return da.GroupUserDelete(ctx, groupname, username)
-}
diff --git a/dataaccess/memory/user-access_test.go b/dataaccess/memory/user-access_test.go
index 0d96b9a..82a402d 100644
--- a/dataaccess/memory/user-access_test.go
+++ b/dataaccess/memory/user-access_test.go
@@ -33,7 +33,7 @@ func testUserAccess(t *testing.T) {
 	t.Run("testUserGroupList", testUserGroupList)
 	t.Run("testUserList", testUserList)
 	t.Run("testUserNotExists", testUserNotExists)
-	t.Run("testUserPermissions", testUserPermissions)
+	t.Run("testUserPermissionList", testUserPermissionList)
 	t.Run("testUserUpdate", testUserUpdate)
 }
 
@@ -179,7 +179,7 @@ func testUserGroupList(t *testing.T) {
 	da.UserCreate(ctx, rest.User{Username: "user-test-user-group-list"})
 	defer da.UserDelete(ctx, "user-test-user-group-list")
 
-	da.GroupAddUser(ctx, "group-test-user-group-list-0", "user-test-user-group-list")
+	da.GroupUserAdd(ctx, "group-test-user-group-list-0", "user-test-user-group-list")
 
 	expected := []rest.Group{{Name: "group-test-user-group-list-0", Users: nil}}
 
@@ -238,7 +238,8 @@ func testUserNotExists(t *testing.T) {
 		t.FailNow()
 	}
 }
-func testUserPermissions(t *testing.T) {
+
+func testUserPermissionList(t *testing.T) {
 	var err error
 
 	err = da.GroupCreate(ctx, rest.Group{Name: "test-perms"})
@@ -252,7 +253,7 @@ func testUserPermissions(t *testing.T) {
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
-	err = da.GroupAddUser(ctx, "test-perms", "test-perms")
+	err = da.GroupUserAdd(ctx, "test-perms", "test-perms")
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
@@ -283,12 +284,12 @@ func testUserPermissions(t *testing.T) {
 	// Expected: a sorted list of strings
 	expected := []string{"test:test-perms-0", "test:test-perms-1", "test:test-perms-2"}
 
-	actual, err := da.UserPermissions(ctx, "test-perms")
+	actual, err := da.UserPermissionList(ctx, "test-perms")
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
 
-	assert.Equal(t, expected, actual)
+	assert.Equal(t, expected, actual.Strings())
 }
 
 func testUserUpdate(t *testing.T) {
@@ -307,7 +308,7 @@ func testUserUpdate(t *testing.T) {
 	// Get the user we just added. Emails should match.
 	user1, _ := da.UserGet(ctx, "test-update")
 	if userA.Email != user1.Email {
-		t.Errorf("Email mistatch: %q vs %q", userA.Email, user1.Email)
+		t.Errorf("Email mismatch: %q vs %q", userA.Email, user1.Email)
 		t.FailNow()
 	}
 
@@ -319,7 +320,7 @@ func testUserUpdate(t *testing.T) {
 	// Get the user we just updated. Emails should match.
 	user2, _ := da.UserGet(ctx, "test-update")
 	if userB.Email != user2.Email {
-		t.Errorf("Email mistatch: %q vs %q", userB.Email, user2.Email)
+		t.Errorf("Email mismatch: %q vs %q", userB.Email, user2.Email)
 		t.FailNow()
 	}
 }
diff --git a/dataaccess/postgres/bundle-access.go b/dataaccess/postgres/bundle-access.go
index 504abbc..12e34f1 100644
--- a/dataaccess/postgres/bundle-access.go
+++ b/dataaccess/postgres/bundle-access.go
@@ -364,10 +364,63 @@ func (da PostgresDataAccess) BundleList(ctx context.Context) ([]data.Bundle, err
 	return bundles, nil
 }
 
-// BundleListVersions TBD
-func (da PostgresDataAccess) BundleListVersions(ctx context.Context, name string) ([]data.Bundle, error) {
+// BundleUpdate TBD
+func (da PostgresDataAccess) BundleUpdate(ctx context.Context, bundle data.Bundle) error {
+	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
+	ctx, sp := tr.Start(ctx, "postgres.BundleUpdate")
+	defer sp.End()
+
+	if bundle.Name == "" {
+		return errs.ErrEmptyBundleName
+	}
+
+	if bundle.Version == "" {
+		return errs.ErrEmptyBundleVersion
+	}
+
+	db, err := da.connect(ctx, "gort")
+	if err != nil {
+		return err
+	}
+	defer db.Close()
+
+	tx, err := db.BeginTx(ctx, &sql.TxOptions{})
+	if err != nil {
+		return gerr.Wrap(errs.ErrDataAccess, err)
+	}
+
+	exists, err := da.doBundleExists(ctx, tx, bundle.Name, bundle.Version)
+	if err != nil {
+		return err
+	} else if !exists {
+		return errs.ErrNoSuchBundle
+	}
+
+	err = da.doBundleDelete(ctx, tx, bundle.Name, bundle.Version)
+	if err != nil {
+		tx.Rollback()
+		return err
+	}
+
+	err = da.doBundleInsert(ctx, tx, bundle)
+	if err != nil {
+		tx.Rollback()
+		return err
+	}
+
+	err = tx.Commit()
+	if err != nil {
+		tx.Rollback()
+		return gerr.Wrap(errs.ErrDataAccess, err)
+	}
+
+	return nil
+}
+
+// BundleVersionList TBD
+func (da PostgresDataAccess) BundleVersionList(ctx context.Context, name string) ([]data.Bundle, error) {
 	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
-	ctx, sp := tr.Start(ctx, "postgres.BundleListVersions")
+	ctx, sp := tr.Start(ctx, "postgres.BundleVersionList")
 	defer sp.End()
 
 	// This is hacky as fuck. I know.
@@ -421,59 +474,6 @@ func (da PostgresDataAccess) BundleListVersions(ctx context.Context, name string
 	return bundles, nil
 }
 
-// BundleUpdate TBD
-func (da PostgresDataAccess) BundleUpdate(ctx context.Context, bundle data.Bundle) error {
-	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
-	ctx, sp := tr.Start(ctx, "postgres.BundleUpdate")
-	defer sp.End()
-
-	if bundle.Name == "" {
-		return errs.ErrEmptyBundleName
-	}
-
-	if bundle.Version == "" {
-		return errs.ErrEmptyBundleVersion
-	}
-
-	db, err := da.connect(ctx, "gort")
-	if err != nil {
-		return err
-	}
-	defer db.Close()
-
-	tx, err := db.BeginTx(ctx, &sql.TxOptions{})
-	if err != nil {
-		return gerr.Wrap(errs.ErrDataAccess, err)
-	}
-
-	exists, err := da.doBundleExists(ctx, tx, bundle.Name, bundle.Version)
-	if err != nil {
-		return err
-	} else if !exists {
-		return errs.ErrNoSuchBundle
-	}
-
-	err = da.doBundleDelete(ctx, tx, bundle.Name, bundle.Version)
-	if err != nil {
-		tx.Rollback()
-		return err
-	}
-
-	err = da.doBundleInsert(ctx, tx, bundle)
-	if err != nil {
-		tx.Rollback()
-		return err
-	}
-
-	err = tx.Commit()
-	if err != nil {
-		tx.Rollback()
-		return gerr.Wrap(errs.ErrDataAccess, err)
-	}
-
-	return nil
-}
-
 // FindCommandEntry is used to find the enabled commands with the provided
 // bundle and command names. If either is empty, it is treated as a wildcard.
 // Importantly, this must only return ENABLED commands!
diff --git a/dataaccess/postgres/bundle-access_test.go b/dataaccess/postgres/bundle-access_test.go
index 364d947..f19ed11 100644
--- a/dataaccess/postgres/bundle-access_test.go
+++ b/dataaccess/postgres/bundle-access_test.go
@@ -35,7 +35,7 @@ func testBundleAccess(t *testing.T) {
 	t.Run("testBundleDelete", testBundleDelete)
 	t.Run("testBundleGet", testBundleGet)
 	t.Run("testBundleList", testBundleList)
-	t.Run("testBundleListVersions", testBundleListVersions)
+	t.Run("testBundleVersionList", testBundleVersionList)
 	t.Run("testFindCommandEntry", testFindCommandEntry)
 }
 
@@ -340,7 +340,7 @@ func testBundleList(t *testing.T) {
 	}
 }
 
-func testBundleListVersions(t *testing.T) {
+func testBundleVersionList(t *testing.T) {
 	da.BundleCreate(ctx, data.Bundle{GortBundleVersion: 5, Name: "test-list-0", Version: "0.0", Description: "foo"})
 	defer da.BundleDelete(ctx, "test-list-0", "0.0")
 	da.BundleCreate(ctx, data.Bundle{GortBundleVersion: 5, Name: "test-list-0", Version: "0.1", Description: "foo"})
@@ -350,7 +350,7 @@ func testBundleListVersions(t *testing.T) {
 	da.BundleCreate(ctx, data.Bundle{GortBundleVersion: 5, Name: "test-list-1", Version: "0.1", Description: "foo"})
 	defer da.BundleDelete(ctx, "test-list-1", "0.1")
 
-	bundles, err := da.BundleListVersions(ctx, "test-list-0")
+	bundles, err := da.BundleVersionList(ctx, "test-list-0")
 	assert.NoError(t, err)
 
 	if len(bundles) != 2 {
diff --git a/dataaccess/postgres/group-access.go b/dataaccess/postgres/group-access.go
index 90b0e9b..3ef12ec 100644
--- a/dataaccess/postgres/group-access.go
+++ b/dataaccess/postgres/group-access.go
@@ -18,6 +18,8 @@ package postgres
 
 import (
 	"context"
+	"database/sql"
+	"sort"
 
 	"go.opentelemetry.io/otel"
 
@@ -27,51 +29,6 @@ import (
 	"github.com/getgort/gort/telemetry"
 )
 
-// GroupAddUser adds a user to a group
-func (da PostgresDataAccess) GroupAddUser(ctx context.Context, groupname string, username string) error {
-	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
-	ctx, sp := tr.Start(ctx, "postgres.GroupAddUser")
-	defer sp.End()
-
-	if groupname == "" {
-		return errs.ErrEmptyGroupName
-	}
-
-	exists, err := da.GroupExists(ctx, groupname)
-	if err != nil {
-		return err
-	}
-	if !exists {
-		return errs.ErrNoSuchGroup
-	}
-
-	if username == "" {
-		return errs.ErrEmptyUserName
-	}
-
-	exists, err = da.UserExists(ctx, username)
-	if err != nil {
-		return err
-	}
-	if !exists {
-		return errs.ErrNoSuchUser
-	}
-
-	db, err := da.connect(ctx, DatabaseGort)
-	if err != nil {
-		return err
-	}
-	defer db.Close()
-
-	query := `INSERT INTO groupusers (groupname, username) VALUES ($1, $2);`
-	_, err = db.ExecContext(ctx, query, groupname, username)
-	if err != nil {
-		err = gerr.Wrap(errs.ErrDataAccess, err)
-	}
-
-	return err
-}
-
 // GroupCreate creates a new user group.
 func (da PostgresDataAccess) GroupCreate(ctx context.Context, group rest.Group) error {
 	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
@@ -195,11 +152,13 @@ func (da PostgresDataAccess) GroupGet(ctx context.Context, groupname string) (re
 
 	group := rest.Group{}
 	err = db.QueryRowContext(ctx, query, groupname).Scan(&group.Name)
-	if err != nil {
-		return group, gerr.Wrap(errs.ErrNoSuchGroup, err)
+	if err == sql.ErrNoRows {
+		return group, errs.ErrNoSuchGroup
+	} else if err != nil {
+		return group, gerr.Wrap(errs.ErrDataAccess, err)
 	}
 
-	users, err := da.GroupListUsers(ctx, groupname)
+	users, err := da.GroupUserList(ctx, groupname)
 	if err != nil {
 		return group, err
 	}
@@ -209,6 +168,75 @@ func (da PostgresDataAccess) GroupGet(ctx context.Context, groupname string) (re
 	return group, nil
 }
 
+// GroupList returns a list of all known groups in the datastore.
+// Passwords are not included. Nice try.
+func (da PostgresDataAccess) GroupList(ctx context.Context) ([]rest.Group, error) {
+	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
+	ctx, sp := tr.Start(ctx, "postgres.GroupList")
+	defer sp.End()
+
+	groups := make([]rest.Group, 0)
+
+	db, err := da.connect(ctx, DatabaseGort)
+	if err != nil {
+		return groups, err
+	}
+	defer db.Close()
+
+	query := `SELECT groupname FROM groups`
+	rows, err := db.QueryContext(ctx, query)
+	if err != nil {
+		return groups, gerr.Wrap(errs.ErrDataAccess, err)
+	}
+
+	for rows.Next() {
+		group := rest.Group{}
+
+		err = rows.Scan(&group.Name)
+		if err != nil {
+			return groups, gerr.Wrap(errs.ErrNoSuchGroup, err)
+		}
+
+		groups = append(groups, group)
+	}
+
+	return groups, nil
+}
+
+func (da PostgresDataAccess) GroupPermissionList(ctx context.Context, groupname string) (rest.RolePermissionList, error) {
+	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
+	ctx, sp := tr.Start(ctx, "postgres.GroupPermissionList")
+	defer sp.End()
+
+	roles, err := da.GroupRoleList(ctx, groupname)
+	if err != nil {
+		return rest.RolePermissionList{}, err
+	}
+
+	mp := map[string]rest.RolePermission{}
+
+	for _, r := range roles {
+		rpl, err := da.RolePermissionList(ctx, r.Name)
+		if err != nil {
+			return rest.RolePermissionList{}, err
+		}
+
+		for _, rp := range rpl {
+			mp[rp.String()] = rp
+		}
+	}
+
+	pp := []rest.RolePermission{}
+
+	for _, p := range mp {
+		pp = append(pp, p)
+	}
+
+	sort.Slice(pp, func(i, j int) bool { return pp[i].String() < pp[j].String() })
+
+	return pp, nil
+}
+
 // GroupRoleAdd grants one or more roles to a group.
 func (da PostgresDataAccess) GroupRoleAdd(ctx context.Context, groupname, rolename string) error {
 	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
@@ -251,44 +279,39 @@ func (da PostgresDataAccess) GroupRoleAdd(ctx context.Context, groupname, rolena
 	return err
 }
 
-// GroupList returns a list of all known groups in the datastore.
-// Passwords are not included. Nice try.
-func (da PostgresDataAccess) GroupList(ctx context.Context) ([]rest.Group, error) {
+// GroupRoleDelete revokes a role from a group.
+func (da PostgresDataAccess) GroupRoleDelete(ctx context.Context, groupname, rolename string) error {
 	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
-	ctx, sp := tr.Start(ctx, "postgres.GroupList")
+	ctx, sp := tr.Start(ctx, "postgres.GroupRoleDelete")
 	defer sp.End()
 
-	groups := make([]rest.Group, 0)
+	if groupname == "" {
+		return errs.ErrEmptyGroupName
+	}
+
+	if rolename == "" {
+		return errs.ErrEmptyRoleName
+	}
 
 	db, err := da.connect(ctx, DatabaseGort)
 	if err != nil {
-		return groups, err
+		return err
 	}
 	defer db.Close()
 
-	query := `SELECT groupname FROM groups`
-	rows, err := db.QueryContext(ctx, query)
+	query := `DELETE FROM group_roles
+		WHERE group_name=$1 AND role_name=$2;`
+	_, err = db.ExecContext(ctx, query, groupname, rolename)
 	if err != nil {
-		return groups, gerr.Wrap(errs.ErrDataAccess, err)
-	}
-
-	for rows.Next() {
-		group := rest.Group{}
-
-		err = rows.Scan(&group.Name)
-		if err != nil {
-			return groups, gerr.Wrap(errs.ErrNoSuchGroup, err)
-		}
-
-		groups = append(groups, group)
+		return gerr.Wrap(errs.ErrDataAccess, err)
 	}
 
-	return groups, nil
+	return err
 }
 
-func (da PostgresDataAccess) GroupListRoles(ctx context.Context, groupname string) ([]rest.Role, error) {
+func (da PostgresDataAccess) GroupRoleList(ctx context.Context, groupname string) ([]rest.Role, error) {
 	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
-	ctx, sp := tr.Start(ctx, "postgres.GroupListRoles")
+	ctx, sp := tr.Start(ctx, "postgres.GroupRoleList")
 	defer sp.End()
 
 	if groupname == "" {
@@ -326,7 +349,7 @@ func (da PostgresDataAccess) GroupListRoles(ctx context.Context, groupname strin
 
 		err = rows.Scan(&name)
 		if err != nil {
-			return nil, gerr.Wrap(errs.ErrNoSuchUser, err)
+			return nil, gerr.Wrap(errs.ErrDataAccess, err)
 		}
 
 		role, err := da.RoleGet(ctx, name)
@@ -340,51 +363,49 @@ func (da PostgresDataAccess) GroupListRoles(ctx context.Context, groupname strin
 	return roles, nil
 }
 
-// GroupListUsers returns a list of all known users in a group.
-func (da PostgresDataAccess) GroupListUsers(ctx context.Context, groupname string) ([]rest.User, error) {
+// GroupUpdate is used to update an existing group. An error is returned if the
+// groupname is empty or if the group doesn't exist.
+// TODO Should we let this create groups that don't exist?
+func (da PostgresDataAccess) GroupUpdate(ctx context.Context, group rest.Group) error {
 	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
-	ctx, sp := tr.Start(ctx, "postgres.GroupListUsers")
+	ctx, sp := tr.Start(ctx, "postgres.GroupUpdate")
 	defer sp.End()
 
-	users := make([]rest.User, 0)
+	if group.Name == "" {
+		return errs.ErrEmptyGroupName
+	}
 
-	db, err := da.connect(ctx, DatabaseGort)
+	exists, err := da.UserExists(ctx, group.Name)
 	if err != nil {
-		return users, err
+		return err
+	}
+	if !exists {
+		return errs.ErrNoSuchGroup
 	}
-	defer db.Close()
-
-	query := `SELECT email, full_name, username
-	FROM users
-	WHERE username IN (
-		SELECT username
-		FROM groupusers
-		WHERE groupname = $1
-	)`
 
-	rows, err := db.QueryContext(ctx, query, groupname)
+	db, err := da.connect(ctx, DatabaseGort)
 	if err != nil {
-		return users, gerr.Wrap(errs.ErrDataAccess, err)
+		return err
 	}
+	defer db.Close()
 
-	for rows.Next() {
-		user := rest.User{}
-
-		err = rows.Scan(&user.Email, &user.FullName, &user.Username)
-		if err != nil {
-			return users, gerr.Wrap(errs.ErrNoSuchUser, err)
-		}
+	// There will be more eventually
+	query := `UPDATE groupname
+	SET groupname=$1
+	WHERE groupname=$1;`
 
-		users = append(users, user)
+	_, err = db.ExecContext(ctx, query, group.Name)
+	if err != nil {
+		err = gerr.Wrap(errs.ErrDataAccess, err)
 	}
 
-	return users, nil
+	return err
 }
 
-// GroupRemoveUser removes a user from a group.
-func (da PostgresDataAccess) GroupRemoveUser(ctx context.Context, groupname string, username string) error {
+// GroupUserAdd adds a user to a group
+func (da PostgresDataAccess) GroupUserAdd(ctx context.Context, groupname string, username string) error {
 	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
-	ctx, sp := tr.Start(ctx, "postgres.GroupRemoveUser")
+	ctx, sp := tr.Start(ctx, "postgres.GroupUserAdd")
 	defer sp.End()
 
 	if groupname == "" {
@@ -399,13 +420,25 @@ func (da PostgresDataAccess) GroupRemoveUser(ctx context.Context, groupname stri
 		return errs.ErrNoSuchGroup
 	}
 
+	if username == "" {
+		return errs.ErrEmptyUserName
+	}
+
+	exists, err = da.UserExists(ctx, username)
+	if err != nil {
+		return err
+	}
+	if !exists {
+		return errs.ErrNoSuchUser
+	}
+
 	db, err := da.connect(ctx, DatabaseGort)
 	if err != nil {
 		return err
 	}
 	defer db.Close()
 
-	query := "DELETE FROM groupusers WHERE groupname=$1 AND username=$2;"
+	query := `INSERT INTO groupusers (groupname, username) VALUES ($1, $2);`
 	_, err = db.ExecContext(ctx, query, groupname, username)
 	if err != nil {
 		err = gerr.Wrap(errs.ErrDataAccess, err)
@@ -414,18 +447,22 @@ func (da PostgresDataAccess) GroupRemoveUser(ctx context.Context, groupname stri
 	return err
 }
 
-// GroupRoleDelete revokes a role from a group.
-func (da PostgresDataAccess) GroupRoleDelete(ctx context.Context, groupname, rolename string) error {
+// GroupUserDelete removes a user from a group.
+func (da PostgresDataAccess) GroupUserDelete(ctx context.Context, groupname string, username string) error {
 	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
-	ctx, sp := tr.Start(ctx, "postgres.GroupRoleDelete")
+	ctx, sp := tr.Start(ctx, "postgres.GroupUserDelete")
 	defer sp.End()
 
 	if groupname == "" {
 		return errs.ErrEmptyGroupName
 	}
 
-	if rolename == "" {
-		return errs.ErrEmptyRoleName
+	exists, err := da.GroupExists(ctx, groupname)
+	if err != nil {
+		return err
+	}
+	if !exists {
+		return errs.ErrNoSuchGroup
 	}
 
 	db, err := da.connect(ctx, DatabaseGort)
@@ -434,61 +471,64 @@ func (da PostgresDataAccess) GroupRoleDelete(ctx context.Context, groupname, rol
 	}
 	defer db.Close()
 
-	query := `DELETE FROM group_roles
-		WHERE group_name=$1 AND role_name=$2;`
-	_, err = db.ExecContext(ctx, query, groupname, rolename)
+	query := "DELETE FROM groupusers WHERE groupname=$1 AND username=$2;"
+	_, err = db.ExecContext(ctx, query, groupname, username)
 	if err != nil {
-		return gerr.Wrap(errs.ErrDataAccess, err)
+		err = gerr.Wrap(errs.ErrDataAccess, err)
 	}
 
 	return err
 }
 
-// GroupUpdate is used to update an existing group. An error is returned if the
-// groupname is empty or if the group doesn't exist.
-// TODO Should we let this create groups that don't exist?
-func (da PostgresDataAccess) GroupUpdate(ctx context.Context, group rest.Group) error {
+// GroupUserList returns a list of all known users in a group.
+func (da PostgresDataAccess) GroupUserList(ctx context.Context, groupname string) ([]rest.User, error) {
 	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
-	ctx, sp := tr.Start(ctx, "postgres.GroupUpdate")
+	ctx, sp := tr.Start(ctx, "postgres.GroupUserList")
 	defer sp.End()
 
-	if group.Name == "" {
-		return errs.ErrEmptyGroupName
+	users := make([]rest.User, 0)
+
+	if groupname == "" {
+		return users, errs.ErrEmptyGroupName
 	}
 
-	exists, err := da.UserExists(ctx, group.Name)
+	exists, err := da.GroupExists(ctx, groupname)
 	if err != nil {
-		return err
+		return users, err
 	}
 	if !exists {
-		return errs.ErrNoSuchGroup
+		return users, errs.ErrNoSuchGroup
 	}
 
 	db, err := da.connect(ctx, DatabaseGort)
 	if err != nil {
-		return err
+		return users, err
 	}
 	defer db.Close()
 
-	// There will be more eventually
-	query := `UPDATE groupname
-	SET groupname=$1
-	WHERE groupname=$1;`
+	query := `SELECT email, full_name, username
+	FROM users
+	WHERE username IN (
+		SELECT username
+		FROM groupusers
+		WHERE groupname = $1
+	)`
 
-	_, err = db.ExecContext(ctx, query, group.Name)
+	rows, err := db.QueryContext(ctx, query, groupname)
 	if err != nil {
-		err = gerr.Wrap(errs.ErrDataAccess, err)
+		return users, gerr.Wrap(errs.ErrDataAccess, err)
 	}
 
-	return err
-}
+	for rows.Next() {
+		user := rest.User{}
 
-// GroupUserAdd comments TBD
-func (da PostgresDataAccess) GroupUserAdd(ctx context.Context, group string, user string) error {
-	return errs.ErrNotImplemented
-}
+		err = rows.Scan(&user.Email, &user.FullName, &user.Username)
+		if err != nil {
+			return users, gerr.Wrap(errs.ErrNoSuchUser, err)
+		}
 
-// GroupUserDelete comments TBD
-func (da PostgresDataAccess) GroupUserDelete(ctx context.Context, group string, user string) error {
-	return errs.ErrNotImplemented
+		users = append(users, user)
+	}
+
+	return users, nil
 }
diff --git a/dataaccess/postgres/group-access_test.go b/dataaccess/postgres/group-access_test.go
index 5513bdb..1ff6fe4 100644
--- a/dataaccess/postgres/group-access_test.go
+++ b/dataaccess/postgres/group-access_test.go
@@ -25,44 +25,85 @@ import (
 )
 
 func testGroupAccess(t *testing.T) {
-	t.Run("testGroupAddUser", testGroupAddUser)
+	t.Run("testGroupUserAdd", testGroupUserAdd)
+	t.Run("testGroupUserList", testGroupUserList)
 	t.Run("testGroupCreate", testGroupCreate)
 	t.Run("testGroupDelete", testGroupDelete)
 	t.Run("testGroupExists", testGroupExists)
 	t.Run("testGroupGet", testGroupGet)
 	t.Run("testGroupRoleAdd", testGroupRoleAdd)
+	t.Run("testGroupPermissionList", testGroupPermissionList)
 	t.Run("testGroupList", testGroupList)
-	t.Run("testGroupListRoles", testGroupListRoles)
-	t.Run("testGroupRemoveUser", testGroupRemoveUser)
+	t.Run("testGroupRoleList", testGroupRoleList)
+	t.Run("testGroupUserDelete", testGroupUserDelete)
 }
 
-func testGroupAddUser(t *testing.T) {
-	err := da.GroupAddUser(ctx, "foo", "bar")
+func testGroupUserAdd(t *testing.T) {
+	var (
+		groupname = "group-test-group-user-add"
+		username  = "user-test-group-user-add"
+		useremail = "user@foo.bar"
+	)
+
+	err := da.GroupUserAdd(ctx, groupname, username)
 	assert.Error(t, err, errs.ErrNoSuchGroup)
 
-	da.GroupCreate(ctx, rest.Group{Name: "foo"})
-	defer da.GroupDelete(ctx, "foo")
+	da.GroupCreate(ctx, rest.Group{Name: groupname})
+	defer da.GroupDelete(ctx, groupname)
 
-	err = da.GroupAddUser(ctx, "foo", "bar")
+	err = da.GroupUserAdd(ctx, groupname, username)
 	assert.Error(t, err, errs.ErrNoSuchUser)
 
-	da.UserCreate(ctx, rest.User{Username: "bar", Email: "bar"})
-	defer da.UserDelete(ctx, "bar")
+	da.UserCreate(ctx, rest.User{Username: username, Email: useremail})
+	defer da.UserDelete(ctx, username)
 
-	err = da.GroupAddUser(ctx, "foo", "bar")
+	err = da.GroupUserAdd(ctx, groupname, username)
 	assert.NoError(t, err)
 
-	group, _ := da.GroupGet(ctx, "foo")
+	group, _ := da.GroupGet(ctx, groupname)
 
-	if len(group.Users) != 1 {
-		t.Error("Users list empty")
+	if !assert.Len(t, group.Users, 1) {
 		t.FailNow()
 	}
 
-	if len(group.Users) > 0 && group.Users[0].Username != "bar" {
-		t.Error("Wrong user!")
+	assert.Equal(t, group.Users[0].Username, username)
+	assert.Equal(t, group.Users[0].Email, useremail)
+}
+
+func testGroupUserList(t *testing.T) {
+	var (
+		groupname = "group-test-group-user-list"
+		expected  = []rest.User{
+			{Username: "user-test-group-user-list-0", Email: "user-test-group-user-list-0@email.com"},
+			{Username: "user-test-group-user-list-1", Email: "user-test-group-user-list-1@email.com"},
+		}
+	)
+
+	_, err := da.GroupUserList(ctx, groupname)
+	assert.Error(t, err)
+	assert.ErrorIs(t, err, errs.ErrNoSuchGroup)
+
+	da.GroupCreate(ctx, rest.Group{Name: groupname})
+	defer da.GroupDelete(ctx, groupname)
+
+	da.UserCreate(ctx, expected[0])
+	defer da.UserDelete(ctx, expected[0].Username)
+	da.UserCreate(ctx, expected[1])
+	defer da.UserDelete(ctx, expected[1].Username)
+
+	da.GroupUserAdd(ctx, groupname, expected[0].Username)
+	da.GroupUserAdd(ctx, groupname, expected[1].Username)
+
+	actual, err := da.GroupUserList(ctx, groupname)
+	if !assert.NoError(t, err) {
+		t.FailNow()
+	}
+
+	if !assert.Len(t, actual, 2) {
 		t.FailNow()
 	}
+
+	assert.Equal(t, expected, actual)
 }
 
 func testGroupCreate(t *testing.T) {
@@ -126,34 +167,74 @@ func testGroupExists(t *testing.T) {
 }
 
 func testGroupGet(t *testing.T) {
+	groupname := "group-test-group-get"
+
 	var err error
 	var group rest.Group
 
 	// Expect an error
 	_, err = da.GroupGet(ctx, "")
-	assert.Error(t, err, errs.ErrEmptyGroupName)
+	assert.ErrorIs(t, err, errs.ErrEmptyGroupName)
 
 	// Expect an error
-	_, err = da.GroupGet(ctx, "test-get")
-	assert.Error(t, err, errs.ErrNoSuchGroup)
+	_, err = da.GroupGet(ctx, groupname)
+	assert.ErrorIs(t, err, errs.ErrNoSuchGroup)
 
-	da.GroupCreate(ctx, rest.Group{Name: "test-get"})
-	defer da.GroupDelete(ctx, "test-get")
+	da.GroupCreate(ctx, rest.Group{Name: groupname})
+	defer da.GroupDelete(ctx, groupname)
 
 	// da.Group ctx, should exist now
-	exists, _ := da.GroupExists(ctx, "test-get")
-	if !exists {
-		t.Error("Group should exist now")
+	exists, _ := da.GroupExists(ctx, groupname)
+	if !assert.True(t, exists) {
 		t.FailNow()
 	}
 
 	// Expect no error
-	group, err = da.GroupGet(ctx, "test-get")
-	assert.NoError(t, err)
-	if group.Name != "test-get" {
-		t.Errorf("Group name mismatch: %q is not \"test-get\"", group.Name)
+	group, err = da.GroupGet(ctx, groupname)
+	if !assert.NoError(t, err) {
+		t.FailNow()
+	}
+	if !assert.Equal(t, groupname, group.Name) {
+		t.FailNow()
+	}
+}
+
+func testGroupPermissionList(t *testing.T) {
+	const (
+		groupname  = "group-test-group-permission-list"
+		rolename   = "role-test-group-permission-list"
+		bundlename = "test"
+	)
+
+	var expected = rest.RolePermissionList{
+		{BundleName: bundlename, Permission: "role-test-group-permission-list-1"},
+		{BundleName: bundlename, Permission: "role-test-group-permission-list-2"},
+		{BundleName: bundlename, Permission: "role-test-group-permission-list-3"},
+	}
+
+	var err error
+
+	da.GroupCreate(ctx, rest.Group{Name: groupname})
+	defer da.GroupDelete(ctx, groupname)
+
+	da.RoleCreate(ctx, rolename)
+	defer da.RoleDelete(ctx, rolename)
+
+	err = da.GroupRoleAdd(ctx, groupname, rolename)
+	if !assert.NoError(t, err) {
+		t.FailNow()
+	}
+
+	da.RolePermissionAdd(ctx, rolename, expected[0].BundleName, expected[0].Permission)
+	da.RolePermissionAdd(ctx, rolename, expected[1].BundleName, expected[1].Permission)
+	da.RolePermissionAdd(ctx, rolename, expected[2].BundleName, expected[2].Permission)
+
+	actual, err := da.GroupPermissionList(ctx, groupname)
+	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
+
+	assert.Equal(t, expected, actual)
 }
 
 func testGroupRoleAdd(t *testing.T) {
@@ -190,7 +271,7 @@ func testGroupRoleAdd(t *testing.T) {
 		},
 	}
 
-	roles, err := da.GroupListRoles(ctx, groupName)
+	roles, err := da.GroupRoleList(ctx, groupName)
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
@@ -204,7 +285,7 @@ func testGroupRoleAdd(t *testing.T) {
 
 	expectedRoles = []rest.Role{}
 
-	roles, err = da.GroupListRoles(ctx, groupName)
+	roles, err = da.GroupRoleList(ctx, groupName)
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
@@ -238,45 +319,53 @@ func testGroupList(t *testing.T) {
 	}
 }
 
-func testGroupListRoles(t *testing.T) {
-	da.GroupCreate(ctx, rest.Group{Name: "group-test-group-list-roles"})
-	defer da.GroupDelete(ctx, "group-test-group-list-roles")
+func testGroupRoleList(t *testing.T) {
+	var (
+		groupname = "group-test-group-list-roles"
+		rolenames = []string{
+			"role-test-group-list-roles-0",
+			"role-test-group-list-roles-1",
+			"role-test-group-list-roles-2",
+		}
+	)
+	da.GroupCreate(ctx, rest.Group{Name: groupname})
+	defer da.GroupDelete(ctx, groupname)
 
-	da.RoleCreate(ctx, "role-test-group-list-roles-1")
-	defer da.RoleDelete(ctx, "role-test-group-list-roles-1")
+	da.RoleCreate(ctx, rolenames[1])
+	defer da.RoleDelete(ctx, rolenames[1])
 
-	da.RoleCreate(ctx, "role-test-group-list-roles-0")
-	defer da.RoleDelete(ctx, "role-test-group-list-roles-0")
+	da.RoleCreate(ctx, rolenames[0])
+	defer da.RoleDelete(ctx, rolenames[0])
 
-	da.RoleCreate(ctx, "role-test-group-list-roles-2")
-	defer da.RoleDelete(ctx, "role-test-group-list-roles-2")
+	da.RoleCreate(ctx, rolenames[2])
+	defer da.RoleDelete(ctx, rolenames[2])
 
-	roles, err := da.GroupListRoles(ctx, "group-test-group-list-roles")
+	roles, err := da.GroupRoleList(ctx, groupname)
 	if !assert.NoError(t, err) && !assert.Empty(t, roles) {
 		t.FailNow()
 	}
 
-	err = da.GroupRoleAdd(ctx, "group-test-group-list-roles", "role-test-group-list-roles-1")
+	err = da.GroupRoleAdd(ctx, groupname, rolenames[1])
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
-	err = da.GroupRoleAdd(ctx, "group-test-group-list-roles", "role-test-group-list-roles-0")
+	err = da.GroupRoleAdd(ctx, groupname, rolenames[0])
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
-	err = da.GroupRoleAdd(ctx, "group-test-group-list-roles", "role-test-group-list-roles-2")
+	err = da.GroupRoleAdd(ctx, groupname, rolenames[2])
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
 
 	// Note: alphabetically sorted!
 	expected := []rest.Role{
-		{Name: "role-test-group-list-roles-0", Permissions: []rest.RolePermission{}},
-		{Name: "role-test-group-list-roles-1", Permissions: []rest.RolePermission{}},
-		{Name: "role-test-group-list-roles-2", Permissions: []rest.RolePermission{}},
+		{Name: rolenames[0], Permissions: []rest.RolePermission{}},
+		{Name: rolenames[1], Permissions: []rest.RolePermission{}},
+		{Name: rolenames[2], Permissions: []rest.RolePermission{}},
 	}
 
-	actual, err := da.GroupListRoles(ctx, "group-test-group-list-roles")
+	actual, err := da.GroupRoleList(ctx, groupname)
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
@@ -284,14 +373,14 @@ func testGroupListRoles(t *testing.T) {
 	assert.Equal(t, expected, actual)
 }
 
-func testGroupRemoveUser(t *testing.T) {
+func testGroupUserDelete(t *testing.T) {
 	da.GroupCreate(ctx, rest.Group{Name: "foo"})
 	defer da.GroupDelete(ctx, "foo")
 
 	da.UserCreate(ctx, rest.User{Username: "bat"})
 	defer da.UserDelete(ctx, "bat")
 
-	err := da.GroupAddUser(ctx, "foo", "bat")
+	err := da.GroupUserAdd(ctx, "foo", "bat")
 	assert.NoError(t, err)
 
 	group, err := da.GroupGet(ctx, "foo")
@@ -307,7 +396,7 @@ func testGroupRemoveUser(t *testing.T) {
 		t.FailNow()
 	}
 
-	err = da.GroupRemoveUser(ctx, "foo", "bat")
+	err = da.GroupUserDelete(ctx, "foo", "bat")
 	assert.NoError(t, err)
 
 	group, err = da.GroupGet(ctx, "foo")
diff --git a/dataaccess/postgres/role-access.go b/dataaccess/postgres/role-access.go
index 03d6ca7..ba2b037 100644
--- a/dataaccess/postgres/role-access.go
+++ b/dataaccess/postgres/role-access.go
@@ -62,65 +62,6 @@ func (da PostgresDataAccess) RoleCreate(ctx context.Context, name string) error
 	return err
 }
 
-// RoleList gets all roles.
-func (da PostgresDataAccess) RoleList(ctx context.Context) ([]rest.Role, error) {
-	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
-	ctx, sp := tr.Start(ctx, "postgres.RoleList")
-	defer sp.End()
-
-	db, err := da.connect(ctx, DatabaseGort)
-	if err != nil {
-		return nil, err
-	}
-	defer db.Close()
-
-	var rolesByName = make(map[string]*rest.Role)
-	// Load all role names and add to the roles map
-	query := `SELECT role_name
-		FROM roles`
-
-	rows, err := db.QueryContext(ctx, query)
-	if err != nil {
-		return nil, gerr.Wrap(errs.ErrNoSuchRole, err)
-	}
-	defer rows.Close()
-
-	for rows.Next() {
-		var name string
-		if err := rows.Scan(&name); err != nil {
-			log.Fatal(err)
-		}
-		rolesByName[name] = &rest.Role{Name: name}
-	}
-
-	// Load all permissions and add to role objects
-	query = `SELECT role_name, bundle_name, permission 
-		FROM role_permissions`
-	rows, err = db.QueryContext(ctx, query)
-	if err != nil {
-		return nil, gerr.Wrap(errs.ErrNoSuchRole, err)
-	}
-	defer rows.Close()
-
-	for rows.Next() {
-		var (
-			rolename   string
-			permission rest.RolePermission
-		)
-		if err := rows.Scan(&rolename, &permission.BundleName, &permission.Permission); err != nil {
-			log.Fatal(err)
-		}
-		rolesByName[rolename].Permissions = append(rolesByName[rolename].Permissions, permission)
-	}
-
-	var roles []rest.Role
-	for _, role := range rolesByName {
-		roles = append(roles, *role)
-	}
-
-	return roles, nil
-}
-
 // RoleDelete
 func (da PostgresDataAccess) RoleDelete(ctx context.Context, name string) error {
 	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
@@ -225,6 +166,160 @@ func (da PostgresDataAccess) RoleGet(ctx context.Context, name string) (rest.Rol
 	return role, nil
 }
 
+func (da PostgresDataAccess) RoleGroupAdd(ctx context.Context, rolename, groupname string) error {
+	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
+	ctx, sp := tr.Start(ctx, "postgres.RoleGroupAdd")
+	defer sp.End()
+
+	return da.GroupRoleAdd(ctx, groupname, rolename)
+}
+
+func (da PostgresDataAccess) RoleGroupDelete(ctx context.Context, rolename, groupname string) error {
+	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
+	ctx, sp := tr.Start(ctx, "postgres.RoleGroupDelete")
+	defer sp.End()
+
+	return da.GroupRoleDelete(ctx, groupname, rolename)
+}
+
+func (da PostgresDataAccess) RoleGroupExists(ctx context.Context, rolename, groupname string) (bool, error) {
+	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
+	ctx, sp := tr.Start(ctx, "postgres.RoleGroupExists")
+	defer sp.End()
+
+	groups, err := da.RoleGroupList(ctx, rolename)
+	if err != nil {
+		return false, err
+	}
+
+	if exists, err := da.GroupExists(ctx, groupname); err != nil {
+		return false, err
+	} else if !exists {
+		return false, errs.ErrNoSuchGroup
+	}
+
+	for _, g := range groups {
+		if g.Name == groupname {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
+
+func (da PostgresDataAccess) RoleGroupList(ctx context.Context, rolename string) ([]rest.Group, error) {
+	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
+	ctx, sp := tr.Start(ctx, "postgres.RoleGroupList")
+	defer sp.End()
+
+	if rolename == "" {
+		return nil, errs.ErrEmptyRoleName
+	}
+
+	exists, err := da.RoleExists(ctx, rolename)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errs.ErrNoSuchRole
+	}
+
+	db, err := da.connect(ctx, DatabaseGort)
+	if err != nil {
+		return nil, err
+	}
+	defer db.Close()
+
+	query := `SELECT group_name
+		FROM group_roles
+		WHERE role_name = $1
+		ORDER BY role_name`
+
+	rows, err := db.QueryContext(ctx, query, rolename)
+	if err != nil {
+		return nil, gerr.Wrap(errs.ErrDataAccess, err)
+	}
+
+	groups := []rest.Group{}
+
+	for rows.Next() {
+		var name string
+
+		err = rows.Scan(&name)
+		if err != nil {
+			return nil, gerr.Wrap(errs.ErrDataAccess, err)
+		}
+
+		group, err := da.GroupGet(ctx, name)
+		if err != nil {
+			return nil, err
+		}
+
+		groups = append(groups, group)
+	}
+
+	return groups, nil
+}
+
+// RoleList gets all roles.
+func (da PostgresDataAccess) RoleList(ctx context.Context) ([]rest.Role, error) {
+	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
+	ctx, sp := tr.Start(ctx, "postgres.RoleList")
+	defer sp.End()
+
+	db, err := da.connect(ctx, DatabaseGort)
+	if err != nil {
+		return nil, err
+	}
+	defer db.Close()
+
+	var rolesByName = make(map[string]*rest.Role)
+	// Load all role names and add to the roles map
+	query := `SELECT role_name
+		FROM roles`
+
+	rows, err := db.QueryContext(ctx, query)
+	if err != nil {
+		return nil, gerr.Wrap(errs.ErrNoSuchRole, err)
+	}
+	defer rows.Close()
+
+	for rows.Next() {
+		var name string
+		if err := rows.Scan(&name); err != nil {
+			log.Fatal(err)
+		}
+		rolesByName[name] = &rest.Role{Name: name}
+	}
+
+	// Load all permissions and add to role objects
+	query = `SELECT role_name, bundle_name, permission
+		FROM role_permissions`
+	rows, err = db.QueryContext(ctx, query)
+	if err != nil {
+		return nil, gerr.Wrap(errs.ErrNoSuchRole, err)
+	}
+	defer rows.Close()
+
+	for rows.Next() {
+		var (
+			rolename   string
+			permission rest.RolePermission
+		)
+		if err := rows.Scan(&rolename, &permission.BundleName, &permission.Permission); err != nil {
+			log.Fatal(err)
+		}
+		rolesByName[rolename].Permissions = append(rolesByName[rolename].Permissions, permission)
+	}
+
+	var roles []rest.Role
+	for _, role := range rolesByName {
+		roles = append(roles, *role)
+	}
+
+	return roles, nil
+}
+
 func (da PostgresDataAccess) RolePermissionAdd(ctx context.Context, rolename, bundle, permission string) error {
 	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
 	ctx, sp := tr.Start(ctx, "postgres.RolePermissionAdd")
@@ -299,46 +394,10 @@ func (da PostgresDataAccess) RolePermissionDelete(ctx context.Context, rolename,
 	return err
 }
 
-func (da PostgresDataAccess) doGetRolePermissions(ctx context.Context, name string) ([]rest.RolePermission, error) {
-	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
-	ctx, sp := tr.Start(ctx, "postgres.doGetRolePermissions")
-	defer sp.End()
-
-	perms := make([]rest.RolePermission, 0)
-
-	db, err := da.connect(ctx, DatabaseGort)
-	if err != nil {
-		return perms, err
-	}
-	defer db.Close()
-
-	query := `SELECT bundle_name, permission
-		FROM role_permissions
-		WHERE role_name = $1`
-
-	rows, err := db.QueryContext(ctx, query, name)
-	if err != nil {
-		return perms, gerr.Wrap(errs.ErrDataAccess, err)
-	}
-
-	for rows.Next() {
-		perm := rest.RolePermission{}
-
-		err = rows.Scan(&perm.BundleName, &perm.Permission)
-		if err != nil {
-			return perms, gerr.Wrap(errs.ErrNoSuchUser, err)
-		}
-
-		perms = append(perms, perm)
-	}
-
-	return perms, nil
-}
-
-// RoleHasPermission returns true if the given role has been granted the
+// RolePermissionExists returns true if the given role has been granted the
 // specified permission. It returns an error if rolename is empty or if no
 // such role exists.
-func (da PostgresDataAccess) RoleHasPermission(ctx context.Context, rolename, bundlename, permission string) (bool, error) {
+func (da PostgresDataAccess) RolePermissionExists(ctx context.Context, rolename, bundlename, permission string) (bool, error) {
 	// TODO Make this more efficient.
 
 	perms, err := da.RolePermissionList(ctx, rolename)
@@ -358,7 +417,7 @@ func (da PostgresDataAccess) RoleHasPermission(ctx context.Context, rolename, bu
 // RolePermissionList returns returns an alphabetically-sorted list of
 // fully-qualified (i.e., "bundle:permission") permissions granted to
 // the role.
-func (da PostgresDataAccess) RolePermissionList(ctx context.Context, rolename string) ([]rest.RolePermission, error) {
+func (da PostgresDataAccess) RolePermissionList(ctx context.Context, rolename string) (rest.RolePermissionList, error) {
 	// TODO Make this more efficient.
 
 	role, err := da.RoleGet(ctx, rolename)
@@ -372,3 +431,39 @@ func (da PostgresDataAccess) RolePermissionList(ctx context.Context, rolename st
 
 	return perms, nil
 }
+
+func (da PostgresDataAccess) doGetRolePermissions(ctx context.Context, name string) (rest.RolePermissionList, error) {
+	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
+	ctx, sp := tr.Start(ctx, "postgres.doGetRolePermissions")
+	defer sp.End()
+
+	perms := make([]rest.RolePermission, 0)
+
+	db, err := da.connect(ctx, DatabaseGort)
+	if err != nil {
+		return perms, err
+	}
+	defer db.Close()
+
+	query := `SELECT bundle_name, permission
+		FROM role_permissions
+		WHERE role_name = $1`
+
+	rows, err := db.QueryContext(ctx, query, name)
+	if err != nil {
+		return perms, gerr.Wrap(errs.ErrDataAccess, err)
+	}
+
+	for rows.Next() {
+		perm := rest.RolePermission{}
+
+		err = rows.Scan(&perm.BundleName, &perm.Permission)
+		if err != nil {
+			return perms, gerr.Wrap(errs.ErrNoSuchUser, err)
+		}
+
+		perms = append(perms, perm)
+	}
+
+	return perms, nil
+}
diff --git a/dataaccess/postgres/role-access_test.go b/dataaccess/postgres/role-access_test.go
index 4dd2673..3297bba 100644
--- a/dataaccess/postgres/role-access_test.go
+++ b/dataaccess/postgres/role-access_test.go
@@ -30,7 +30,12 @@ func testRoleAccess(t *testing.T) {
 	t.Run("testRoleExists", testRoleExists)
 	t.Run("testRoleDelete", testRoleDelete)
 	t.Run("testRoleGet", testRoleGet)
-	t.Run("testRoleHasPermission", testRoleHasPermission)
+	t.Run("testRoleGroupAdd", testRoleGroupAdd)
+	t.Run("testRoleGroupDelete", testRoleGroupDelete)
+	t.Run("testRoleGroupExists", testRoleGroupExists)
+	t.Run("testRoleGroupList", testRoleGroupList)
+	t.Run("testRolePermissionExists", testRolePermissionExists)
+	t.Run("testRolePermissionAdd", testRolePermissionAdd)
 	t.Run("testRolePermissionList", testRolePermissionList)
 }
 
@@ -164,13 +169,193 @@ func testRoleGet(t *testing.T) {
 	assert.Equal(t, expected, role)
 }
 
-func testRoleHasPermission(t *testing.T) {
+func testRoleGroupAdd(t *testing.T) {
+	var err error
+
+	rolename := "role-test-role-group-add"
+	groupnames := []string{
+		"perm-test-role-group-add-0",
+		"perm-test-role-group-add-1",
+	}
+
+	// No such group yet
+	err = da.RoleGroupAdd(ctx, rolename, groupnames[1])
+	assert.ErrorIs(t, err, errs.ErrNoSuchGroup)
+
+	da.GroupCreate(ctx, rest.Group{Name: groupnames[0]})
+	defer da.GroupDelete(ctx, groupnames[0])
+	da.GroupCreate(ctx, rest.Group{Name: groupnames[1]})
+	defer da.GroupDelete(ctx, groupnames[1])
+
+	// Groups exist now, but the role doesn't
+	err = da.RoleGroupAdd(ctx, rolename, groupnames[1])
+	assert.ErrorIs(t, err, errs.ErrNoSuchRole)
+
+	da.RoleCreate(ctx, rolename)
+	defer da.RoleDelete(ctx, rolename)
+
+	for _, groupname := range groupnames {
+		err = da.RoleGroupAdd(ctx, rolename, groupname)
+		assert.NoError(t, err)
+	}
+
+	for _, groupname := range groupnames {
+		exists, _ := da.RoleGroupExists(ctx, rolename, groupname)
+		assert.True(t, exists, groupname)
+	}
+}
+
+func testRoleGroupDelete(t *testing.T) {
+
+}
+
+func testRoleGroupExists(t *testing.T) {
+	var err error
+
+	rolename := "role-test-role-group-exists"
+	groupnames := []string{
+		"group-test-role-group-exists-0",
+		"group-test-role-group-exists-1",
+	}
+	groupnull := "group-test-role-group-exists-null"
+
+	// No such role yet
+	_, err = da.RoleGroupExists(ctx, rolename, groupnames[1])
+	assert.ErrorIs(t, err, errs.ErrNoSuchRole)
+
+	da.RoleCreate(ctx, rolename)
+	defer da.RoleDelete(ctx, rolename)
+
+	// Groups exist now, but the role doesn't
+	_, err = da.RoleGroupExists(ctx, rolename, groupnames[1])
+	assert.ErrorIs(t, err, errs.ErrNoSuchGroup)
+
+	da.GroupCreate(ctx, rest.Group{Name: groupnames[0]})
+	defer da.GroupDelete(ctx, groupnames[0])
+	da.GroupCreate(ctx, rest.Group{Name: groupnames[1]})
+	defer da.GroupDelete(ctx, groupnames[1])
+	da.GroupCreate(ctx, rest.Group{Name: groupnull})
+	defer da.GroupDelete(ctx, groupnull)
+
+	for _, groupname := range groupnames {
+		da.RoleGroupAdd(ctx, rolename, groupname)
+	}
+
+	for _, groupname := range groupnames {
+		exists, err := da.RoleGroupExists(ctx, rolename, groupname)
+		assert.NoError(t, err)
+		assert.True(t, exists)
+	}
+
+	// Null group should NOT exist on the role
+	exists, err := da.RoleGroupExists(ctx, rolename, groupnull)
+	assert.NoError(t, err)
+	assert.False(t, exists)
+}
+
+func testRoleGroupList(t *testing.T) {
+	var err error
+
+	rolename := "role-test-role-group-list"
+	groupnames := []string{
+		"group-test-role-group-list-0",
+		"group-test-role-group-list-1",
+	}
+	groupnull := "group-test-role-group-list-null"
+
+	// No such role yet
+	_, err = da.RoleGroupList(ctx, rolename)
+	assert.ErrorIs(t, err, errs.ErrNoSuchRole)
+
+	da.RoleCreate(ctx, rolename)
+	defer da.RoleDelete(ctx, rolename)
+
+	// Groups exist now, but the role doesn't
+	groups, err := da.RoleGroupList(ctx, rolename)
+	assert.NoError(t, err)
+	assert.Empty(t, groups)
+
+	da.GroupCreate(ctx, rest.Group{Name: groupnames[1]})
+	defer da.GroupDelete(ctx, groupnames[1])
+	da.GroupCreate(ctx, rest.Group{Name: groupnames[0]})
+	defer da.GroupDelete(ctx, groupnames[0])
+	da.GroupCreate(ctx, rest.Group{Name: groupnull})
+	defer da.GroupDelete(ctx, groupnull)
+
+	for _, groupname := range groupnames {
+		da.RoleGroupAdd(ctx, rolename, groupname)
+	}
+
+	// Currently the groups are NOT expected to be fully described (i.e.,
+	// their roles slices don't have to be complete).
+	groups, err = da.RoleGroupList(ctx, rolename)
+	assert.NoError(t, err)
+	assert.Len(t, groups, 2)
+
+	for i, g := range groups {
+		assert.Equal(t, groupnames[i], g.Name)
+	}
+}
+
+func testRolePermissionAdd(t *testing.T) {
+	var exists bool
+	var err error
+
+	const rolename = "role-test-role-permission-add"
+	const bundlename = "test"
+	const permname1 = "perm-test-role-permission-add-0"
+	const permname2 = "perm-test-role-permission-add-1"
+
+	da.RoleCreate(ctx, rolename)
+	defer da.RoleDelete(ctx, rolename)
+
+	role, _ := da.RoleGet(ctx, rolename)
+	if !assert.Len(t, role.Permissions, 0) {
+		t.FailNow()
+	}
+
+	// First permission
+	err = da.RolePermissionAdd(ctx, rolename, bundlename, permname1)
+	if !assert.NoError(t, err) {
+		t.FailNow()
+	}
+	defer da.RolePermissionDelete(ctx, rolename, bundlename, permname1)
+
+	role, _ = da.RoleGet(ctx, rolename)
+	if !assert.Len(t, role.Permissions, 1) {
+		t.FailNow()
+	}
+
+	exists, _ = da.RolePermissionExists(ctx, rolename, bundlename, permname1)
+	if !assert.True(t, exists) {
+		t.FailNow()
+	}
+
+	// Second permission
+	err = da.RolePermissionAdd(ctx, rolename, bundlename, permname2)
+	if !assert.NoError(t, err) {
+		t.FailNow()
+	}
+	defer da.RolePermissionDelete(ctx, rolename, bundlename, permname2)
+
+	role, _ = da.RoleGet(ctx, rolename)
+	if !assert.Len(t, role.Permissions, 2) {
+		t.FailNow()
+	}
+
+	exists, _ = da.RolePermissionExists(ctx, rolename, bundlename, permname2)
+	if !assert.True(t, exists) {
+		t.FailNow()
+	}
+}
+
+func testRolePermissionExists(t *testing.T) {
 	var err error
 
 	da.RoleCreate(ctx, "role-test-role-has-permission")
 	defer da.RoleDelete(ctx, "role-test-role-has-permission")
 
-	has, err := da.RoleHasPermission(ctx, "role-test-role-has-permission", "test", "permission-test-role-has-permission-1")
+	has, err := da.RolePermissionExists(ctx, "role-test-role-has-permission", "test", "permission-test-role-has-permission-1")
 	if !assert.NoError(t, err) || !assert.False(t, has) {
 		t.FailNow()
 	}
@@ -181,12 +366,12 @@ func testRoleHasPermission(t *testing.T) {
 	}
 	defer da.RolePermissionDelete(ctx, "role-test-role-has-permission", "test", "permission-test-role-has-permission-1")
 
-	has, err = da.RoleHasPermission(ctx, "role-test-role-has-permission", "test", "permission-test-role-has-permission-1")
+	has, err = da.RolePermissionExists(ctx, "role-test-role-has-permission", "test", "permission-test-role-has-permission-1")
 	if !assert.NoError(t, err) || !assert.True(t, has) {
 		t.FailNow()
 	}
 
-	has, err = da.RoleHasPermission(ctx, "role-test-role-has-permission", "test", "permission-test-role-has-permission-2")
+	has, err = da.RolePermissionExists(ctx, "role-test-role-has-permission", "test", "permission-test-role-has-permission-2")
 	if !assert.NoError(t, err) || !assert.False(t, has) {
 		t.FailNow()
 	}
@@ -217,7 +402,7 @@ func testRolePermissionList(t *testing.T) {
 	defer da.RolePermissionDelete(ctx, "role-test-role-permission-list", "test", "permission-test-role-permission-list-2")
 
 	// Expect a sorted list!
-	expect := []rest.RolePermission{
+	expect := rest.RolePermissionList{
 		{BundleName: "test", Permission: "permission-test-role-permission-list-1"},
 		{BundleName: "test", Permission: "permission-test-role-permission-list-2"},
 		{BundleName: "test", Permission: "permission-test-role-permission-list-3"},
diff --git a/dataaccess/postgres/user-access.go b/dataaccess/postgres/user-access.go
index c5f3180..ba1e531 100644
--- a/dataaccess/postgres/user-access.go
+++ b/dataaccess/postgres/user-access.go
@@ -240,139 +240,6 @@ func (da PostgresDataAccess) UserGetByEmail(ctx context.Context, email string) (
 	return user, err
 }
 
-// UserList returns a list of all known users in the datastore.
-// Passwords are not included. Nice try.
-func (da PostgresDataAccess) UserList(ctx context.Context) ([]rest.User, error) {
-	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
-	ctx, sp := tr.Start(ctx, "postgres.UserList")
-	defer sp.End()
-
-	db, err := da.connect(ctx, DatabaseGort)
-	if err != nil {
-		return nil, err
-	}
-	defer db.Close()
-
-	query := `SELECT email, full_name, username FROM users`
-	rows, err := db.QueryContext(ctx, query)
-	if err != nil {
-		return nil, err
-	}
-	defer rows.Close()
-
-	users := make([]rest.User, 0)
-	for rows.Next() {
-		user := rest.User{}
-		err = rows.Scan(&user.Email, &user.FullName, &user.Username)
-		if err != nil {
-			err = gerr.Wrap(errs.ErrNoSuchUser, err)
-		}
-		users = append(users, user)
-	}
-
-	return users, err
-}
-
-// UserPermissions returns an alphabetically-sorted list of fully-qualified
-// (i.e., "bundle:permission") permissions available to the specified user.
-func (da PostgresDataAccess) UserPermissions(ctx context.Context, username string) ([]string, error) {
-	// TODO This is horribly inefficient -- use a real SQL query instead!
-
-	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
-	ctx, sp := tr.Start(ctx, "postgres.UserPermissions")
-	defer sp.End()
-
-	pp := []string{}
-
-	groups, err := da.UserGroupList(ctx, username)
-	if err != nil {
-		return nil, err
-	}
-
-	for _, group := range groups {
-		roles, err := da.GroupListRoles(ctx, group.Name)
-		if err != nil {
-			return nil, err
-		}
-
-		for _, role := range roles {
-			for _, p := range role.Permissions {
-				pp = append(pp, p.BundleName+":"+p.Permission)
-			}
-		}
-	}
-
-	sort.Strings(pp)
-
-	return pp, nil
-}
-
-// UserUpdate is used to update an existing user. An error is returned if the
-// username is empty or if the user doesn't exist.
-func (da PostgresDataAccess) UserUpdate(ctx context.Context, user rest.User) error {
-	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
-	ctx, sp := tr.Start(ctx, "postgres.UserUpdate")
-	defer sp.End()
-
-	if user.Username == "" {
-		return errs.ErrEmptyUserName
-	}
-
-	exists, err := da.UserExists(ctx, user.Username)
-	if err != nil {
-		return err
-	}
-	if !exists {
-		return errs.ErrNoSuchUser
-	}
-
-	db, err := da.connect(ctx, DatabaseGort)
-	if err != nil {
-		return err
-	}
-	defer db.Close()
-
-	query := `SELECT email, full_name, username, password_hash
-		FROM users
-		WHERE username=$1`
-
-	userOld := rest.User{}
-	err = db.
-		QueryRowContext(ctx, query, user.Username).
-		Scan(&userOld.Email, &userOld.FullName, &userOld.Username, &userOld.Password)
-
-	if err != nil {
-		return gerr.Wrap(errs.ErrNoSuchUser, err)
-	}
-
-	if user.Email != "" {
-		userOld.Email = user.Email
-	}
-
-	if user.FullName != "" {
-		userOld.FullName = user.FullName
-	}
-
-	if user.Password != "" {
-		userOld.Password, err = data.HashPassword(user.Password)
-		if err != nil {
-			return err
-		}
-	}
-
-	query = `UPDATE users
-	SET email=$1, full_name=$2, password_hash=$3
-	WHERE username=$4;`
-
-	_, err = db.ExecContext(ctx, query, userOld.Email, userOld.FullName, userOld.Password, userOld.Username)
-
-	if err != nil {
-		err = gerr.Wrap(errs.ErrDataAccess, err)
-	}
-
-	return err
-}
-
 // UserGroupList returns a slice of Group values representing the specified user's group memberships.
 // The groups' Users slice is never populated, and is always nil.
 func (da PostgresDataAccess) UserGroupList(ctx context.Context, username string) ([]rest.Group, error) {
@@ -501,3 +368,174 @@ func (da PostgresDataAccess) UserGroupDelete(ctx context.Context, username strin
 
 	return err
 }
+
+// UserList returns a list of all known users in the datastore.
+// Passwords are not included. Nice try.
+func (da PostgresDataAccess) UserList(ctx context.Context) ([]rest.User, error) {
+	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
+	ctx, sp := tr.Start(ctx, "postgres.UserList")
+	defer sp.End()
+
+	db, err := da.connect(ctx, DatabaseGort)
+	if err != nil {
+		return nil, err
+	}
+	defer db.Close()
+
+	query := `SELECT email, full_name, username FROM users`
+	rows, err := db.QueryContext(ctx, query)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	users := make([]rest.User, 0)
+	for rows.Next() {
+		user := rest.User{}
+		err = rows.Scan(&user.Email, &user.FullName, &user.Username)
+		if err != nil {
+			err = gerr.Wrap(errs.ErrNoSuchUser, err)
+		}
+		users = append(users, user)
+	}
+
+	return users, err
+}
+
+// UserPermissionList returns an alphabetically-sorted list of permissions
+// available to the specified user.
+func (da PostgresDataAccess) UserPermissionList(ctx context.Context, username string) (rest.RolePermissionList, error) {
+	// TODO This is HORRIBLY inefficient -- use a real SQL query instead!
+
+	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
+	ctx, sp := tr.Start(ctx, "postgres.UserPermissionList")
+	defer sp.End()
+
+	pp := []rest.RolePermission{}
+
+	groups, err := da.UserGroupList(ctx, username)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, group := range groups {
+		roles, err := da.GroupRoleList(ctx, group.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, role := range roles {
+			rp, err := da.RolePermissionList(ctx, role.Name)
+			if err != nil {
+				return nil, err
+			}
+
+			for _, p := range rp {
+				pp = append(pp, p)
+			}
+		}
+	}
+
+	sort.Slice(pp, func(i, j int) bool { return pp[i].String() < pp[j].String() })
+
+	return pp, nil
+}
+
+// UserRoleList returns a slice of Role values representing the specified
+// user's indirect roles (indirect because users are members of groups,
+// and groups have roles).
+func (da PostgresDataAccess) UserRoleList(ctx context.Context, username string) ([]rest.Role, error) {
+	rm := map[string]rest.Role{}
+
+	groups, err := da.UserGroupList(ctx, username)
+	if err != nil {
+		return []rest.Role{}, err
+	}
+
+	for _, gr := range groups {
+		rl, err := da.GroupRoleList(ctx, gr.Name)
+		if err != nil {
+			return []rest.Role{}, err
+		}
+
+		for _, r := range rl {
+			rm[r.Name] = r
+		}
+	}
+
+	roles := []rest.Role{}
+
+	for _, r := range rm {
+		roles = append(roles, r)
+	}
+
+	sort.Slice(roles, func(i, j int) bool { return roles[i].Name < roles[j].Name })
+
+	return roles, nil
+}
+
+// UserUpdate is used to update an existing user. An error is returned if the
+// username is empty or if the user doesn't exist.
+func (da PostgresDataAccess) UserUpdate(ctx context.Context, user rest.User) error {
+	tr := otel.GetTracerProvider().Tracer(telemetry.ServiceName)
+	ctx, sp := tr.Start(ctx, "postgres.UserUpdate")
+	defer sp.End()
+
+	if user.Username == "" {
+		return errs.ErrEmptyUserName
+	}
+
+	exists, err := da.UserExists(ctx, user.Username)
+	if err != nil {
+		return err
+	}
+	if !exists {
+		return errs.ErrNoSuchUser
+	}
+
+	db, err := da.connect(ctx, DatabaseGort)
+	if err != nil {
+		return err
+	}
+	defer db.Close()
+
+	query := `SELECT email, full_name, username, password_hash
+		FROM users
+		WHERE username=$1`
+
+	userOld := rest.User{}
+	err = db.
+		QueryRowContext(ctx, query, user.Username).
+		Scan(&userOld.Email, &userOld.FullName, &userOld.Username, &userOld.Password)
+
+	if err != nil {
+		return gerr.Wrap(errs.ErrNoSuchUser, err)
+	}
+
+	if user.Email != "" {
+		userOld.Email = user.Email
+	}
+
+	if user.FullName != "" {
+		userOld.FullName = user.FullName
+	}
+
+	if user.Password != "" {
+		userOld.Password, err = data.HashPassword(user.Password)
+		if err != nil {
+			return err
+		}
+	}
+
+	query = `UPDATE users
+	SET email=$1, full_name=$2, password_hash=$3
+	WHERE username=$4;`
+
+	_, err = db.ExecContext(ctx, query, userOld.Email, userOld.FullName, userOld.Password, userOld.Username)
+
+	if err != nil {
+		err = gerr.Wrap(errs.ErrDataAccess, err)
+	}
+
+	return err
+}
diff --git a/dataaccess/postgres/user-access_test.go b/dataaccess/postgres/user-access_test.go
index b99960e..4e2cabc 100644
--- a/dataaccess/postgres/user-access_test.go
+++ b/dataaccess/postgres/user-access_test.go
@@ -33,7 +33,7 @@ func testUserAccess(t *testing.T) {
 	t.Run("testUserGroupList", testUserGroupList)
 	t.Run("testUserList", testUserList)
 	t.Run("testUserNotExists", testUserNotExists)
-	t.Run("testUserPermissions", testUserPermissions)
+	t.Run("testUserPermissionList", testUserPermissionList)
 	t.Run("testUserUpdate", testUserUpdate)
 }
 
@@ -179,7 +179,7 @@ func testUserGroupList(t *testing.T) {
 	da.UserCreate(ctx, rest.User{Username: "user-test-user-group-list"})
 	defer da.UserDelete(ctx, "user-test-user-group-list")
 
-	da.GroupAddUser(ctx, "group-test-user-group-list-0", "user-test-user-group-list")
+	da.GroupUserAdd(ctx, "group-test-user-group-list-0", "user-test-user-group-list")
 
 	expected := []rest.Group{{Name: "group-test-user-group-list-0", Users: nil}}
 
@@ -238,7 +238,8 @@ func testUserNotExists(t *testing.T) {
 		t.FailNow()
 	}
 }
-func testUserPermissions(t *testing.T) {
+
+func testUserPermissionList(t *testing.T) {
 	var err error
 
 	err = da.GroupCreate(ctx, rest.Group{Name: "test-perms"})
@@ -252,7 +253,7 @@ func testUserPermissions(t *testing.T) {
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
-	err = da.GroupAddUser(ctx, "test-perms", "test-perms")
+	err = da.GroupUserAdd(ctx, "test-perms", "test-perms")
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
@@ -283,12 +284,12 @@ func testUserPermissions(t *testing.T) {
 	// Expected: a sorted list of strings
 	expected := []string{"test:test-perms-0", "test:test-perms-1", "test:test-perms-2"}
 
-	actual, err := da.UserPermissions(ctx, "test-perms")
+	actual, err := da.UserPermissionList(ctx, "test-perms")
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
 
-	assert.Equal(t, expected, actual)
+	assert.Equal(t, expected, actual.Strings())
 }
 
 func testUserUpdate(t *testing.T) {
@@ -307,7 +308,7 @@ func testUserUpdate(t *testing.T) {
 	// Get the user we just added. Emails should match.
 	user1, _ := da.UserGet(ctx, "test-update")
 	if userA.Email != user1.Email {
-		t.Errorf("Email mistatch: %q vs %q", userA.Email, user1.Email)
+		t.Errorf("Email mismatch: %q vs %q", userA.Email, user1.Email)
 		t.FailNow()
 	}
 
@@ -319,7 +320,7 @@ func testUserUpdate(t *testing.T) {
 	// Get the user we just updated. Emails should match.
 	user2, _ := da.UserGet(ctx, "test-update")
 	if userB.Email != user2.Email {
-		t.Errorf("Email mistatch: %q vs %q", userB.Email, user2.Email)
+		t.Errorf("Email mismatch: %q vs %q", userB.Email, user2.Email)
 		t.FailNow()
 	}
 }

From 43315fca94825cc181c54968c9e8c10e4443b433 Mon Sep 17 00:00:00 2001
From: Matthew Titmus <matthew.titmus@gmail.com>
Date: Fri, 9 Jul 2021 14:34:33 -0400
Subject: [PATCH 04/21] Updating function references

---
 adapter/adapter.go         | 4 ++--
 service/bundle-handlers.go | 2 +-
 service/group-handlers.go  | 6 +++---
 service/service.go         | 6 +++---
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/adapter/adapter.go b/adapter/adapter.go
index 73ddf45..edf4238 100644
--- a/adapter/adapter.go
+++ b/adapter/adapter.go
@@ -453,7 +453,7 @@ func TriggerCommand(ctx context.Context, rawCommand string, id RequestorIdentity
 		"arg":    cmdInput.Parameters,
 	}
 
-	perms, err := da.UserPermissions(ctx, id.GortUser.Username)
+	perms, err := da.UserPermissionList(ctx, id.GortUser.Username)
 	if err != nil {
 		da.RequestError(ctx, request, err)
 		telemetry.Errors().WithError(err).Commit(ctx)
@@ -463,7 +463,7 @@ func TriggerCommand(ctx context.Context, rawCommand string, id RequestorIdentity
 		return nil, fmt.Errorf("user permission load error: %w", err)
 	}
 
-	allowed, err := auth.EvaluateCommandEntry(perms, cmdEntry, env)
+	allowed, err := auth.EvaluateCommandEntry(perms.Strings(), cmdEntry, env)
 	if err != nil {
 		da.RequestError(ctx, request, err)
 		telemetry.Errors().WithError(err).Commit(ctx)
diff --git a/service/bundle-handlers.go b/service/bundle-handlers.go
index 24a3504..6f2f9c5 100644
--- a/service/bundle-handlers.go
+++ b/service/bundle-handlers.go
@@ -59,7 +59,7 @@ func handleGetBundleVersions(w http.ResponseWriter, r *http.Request) {
 	params := mux.Vars(r)
 	name := params["name"]
 
-	bundles, err := dataAccessLayer.BundleListVersions(r.Context(), name)
+	bundles, err := dataAccessLayer.BundleVersionList(r.Context(), name)
 	if err != nil {
 		respondAndLogError(r.Context(), w, err)
 		return
diff --git a/service/group-handlers.go b/service/group-handlers.go
index 4ae2093..f776cf5 100644
--- a/service/group-handlers.go
+++ b/service/group-handlers.go
@@ -67,7 +67,7 @@ func handleDeleteGroupMember(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	err = dataAccessLayer.GroupRemoveUser(r.Context(), groupname, username)
+	err = dataAccessLayer.GroupUserDelete(r.Context(), groupname, username)
 	if err != nil {
 		respondAndLogError(r.Context(), w, err)
 	}
@@ -182,7 +182,7 @@ func handleGetGroupRoles(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	roles, err := dataAccessLayer.GroupListRoles(r.Context(), groupname)
+	roles, err := dataAccessLayer.GroupRoleList(r.Context(), groupname)
 	if err != nil {
 		respondAndLogError(r.Context(), w, err)
 		return
@@ -253,7 +253,7 @@ func handlePutGroupMember(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	err = dataAccessLayer.GroupAddUser(r.Context(), groupname, username)
+	err = dataAccessLayer.GroupUserAdd(r.Context(), groupname, username)
 	if err != nil {
 		respondAndLogError(r.Context(), w, err)
 	}
diff --git a/service/service.go b/service/service.go
index 8a6ee97..b32c91c 100644
--- a/service/service.go
+++ b/service/service.go
@@ -317,7 +317,7 @@ func doBootstrap(ctx context.Context, user rest.User) (rest.User, error) {
 	}
 
 	// Add the admin user to the admin group.
-	err = dataAccessLayer.GroupAddUser(ctx, adminGroup, user.Username)
+	err = dataAccessLayer.GroupUserAdd(ctx, adminGroup, user.Username)
 	if err != nil {
 		return user, err
 	}
@@ -589,7 +589,7 @@ func doAuthenticateUser(r *http.Request, gortCommand string, args ...string) (bo
 		return false, err
 	}
 
-	perms, err := dataAccessLayer.UserPermissions(r.Context(), token.User)
+	perms, err := dataAccessLayer.UserPermissionList(r.Context(), token.User)
 	if err != nil {
 		return false, err
 	}
@@ -609,7 +609,7 @@ func doAuthenticateUser(r *http.Request, gortCommand string, args ...string) (bo
 
 	env := rules.EvaluationEnvironment{"arg": argValues}
 
-	return auth.EvaluateCommandEntry(perms, ce, env)
+	return auth.EvaluateCommandEntry(perms.Strings(), ce, env)
 }
 
 // getGortBundleCommand retrieves the data.BundleCommand value from the default

From 8ff4090d49f4d6208da6bc1715433bc8a9ddace6 Mon Sep 17 00:00:00 2001
From: Matthew Titmus <matthew.titmus@gmail.com>
Date: Fri, 9 Jul 2021 15:25:19 -0400
Subject: [PATCH 05/21] Implement gort role info command

---
 cli/role-info.go         | 81 ++++++++++++++++++++++++++++++++++++++++
 cli/role.go              |  1 +
 client/client-group.go   | 25 +++++++------
 client/client-role.go    | 60 +++++++++++++++++++++--------
 client/client-user.go    | 38 ++++++++++++++++---
 data/bundle.go           |  2 +-
 data/rest/role-data.go   |  2 +-
 service/role-handlers.go | 77 ++++++++++++++++++++++++++++++++++++--
 service/service.go       |  2 +
 service/user-handlers.go | 16 ++++++++
 10 files changed, 265 insertions(+), 39 deletions(-)
 create mode 100644 cli/role-info.go

diff --git a/cli/role-info.go b/cli/role-info.go
new file mode 100644
index 0000000..95f961b
--- /dev/null
+++ b/cli/role-info.go
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2021 The Gort Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cli
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/getgort/gort/client"
+	"github.com/spf13/cobra"
+)
+
+const (
+	roleInfoUse   = "info"
+	roleInfoShort = "Retrieve information about an existing role"
+	roleInfoLong  = "Retrieve information about an existing role."
+	roleInfoUsage = `Usage:
+  gort role info [flags] role_name [version]
+
+Flags:
+  -h, --help   Show this message and exit
+
+Global Flags:
+  -P, --profile string   The Gort profile within the config file to use
+`
+)
+
+// GetRoleInfoCmd is a command
+func GetRoleInfoCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   roleInfoUse,
+		Short: roleInfoShort,
+		Long:  roleInfoLong,
+		RunE:  roleInfoCmd,
+		Args:  cobra.ExactArgs(1),
+	}
+
+	cmd.SetUsageTemplate(roleInfoUsage)
+
+	return cmd
+}
+
+func roleInfoCmd(cmd *cobra.Command, args []string) error {
+	gortClient, err := client.Connect(FlagGortProfile)
+	if err != nil {
+		return err
+	}
+
+	rolename := args[0]
+
+	role, err := gortClient.RoleGet(rolename)
+	if err != nil {
+		return err
+	}
+
+	const format = `Name         %s
+Permissions  %s
+Groups       %s
+`
+
+	fmt.Printf(format,
+		role.Name,
+		strings.Join(role.Permissions.Strings(), ", "),
+		strings.Join(groupNames(role.Groups), ", "))
+
+	return nil
+}
diff --git a/cli/role.go b/cli/role.go
index add73f2..a53c77d 100644
--- a/cli/role.go
+++ b/cli/role.go
@@ -54,6 +54,7 @@ func GetRoleCmd() *cobra.Command {
 	cmd.AddCommand(GetRoleCreateCmd())
 	cmd.AddCommand(GetRoleDeleteCmd())
 	cmd.AddCommand(GetRoleGrantCmd())
+	cmd.AddCommand(GetRoleInfoCmd())
 	cmd.AddCommand(GetRoleListCmd())
 	cmd.AddCommand(GetRoleRevokeCmd())
 
diff --git a/client/client-group.go b/client/client-group.go
index c120ede..2644189 100644
--- a/client/client-group.go
+++ b/client/client-group.go
@@ -20,6 +20,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
+	"net/http"
 
 	"github.com/getgort/gort/data/rest"
 )
@@ -34,7 +35,7 @@ func (c *GortClient) GroupDelete(groupname string) error {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return getResponseError(resp)
 	}
 
@@ -52,9 +53,9 @@ func (c *GortClient) GroupExists(groupname string) (bool, error) {
 	defer resp.Body.Close()
 
 	switch resp.StatusCode {
-	case 200:
+	case http.StatusOK:
 		return true, nil
-	case 404:
+	case http.StatusNotFound:
 		return false, nil
 	default:
 		return false, getResponseError(resp)
@@ -70,7 +71,7 @@ func (c *GortClient) GroupGet(groupname string) (rest.Group, error) {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return rest.Group{}, getResponseError(resp)
 	}
 
@@ -97,7 +98,7 @@ func (c *GortClient) GroupList() ([]rest.Group, error) {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return []rest.Group{}, getResponseError(resp)
 	}
 
@@ -124,7 +125,7 @@ func (c *GortClient) GroupMemberAdd(groupname string, username string) error {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return getResponseError(resp)
 	}
 
@@ -140,7 +141,7 @@ func (c *GortClient) GroupMemberDelete(groupname string, username string) error
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return getResponseError(resp)
 	}
 
@@ -156,7 +157,7 @@ func (c *GortClient) GroupMemberList(groupname string) ([]rest.User, error) {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return []rest.User{}, getResponseError(resp)
 	}
 
@@ -189,7 +190,7 @@ func (c *GortClient) GroupSave(group rest.Group) error {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return getResponseError(resp)
 	}
 
@@ -205,7 +206,7 @@ func (c *GortClient) GroupRoleAdd(groupname string, rolename string) error {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return getResponseError(resp)
 	}
 
@@ -221,7 +222,7 @@ func (c *GortClient) GroupRoleDelete(groupname string, rolename string) error {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return getResponseError(resp)
 	}
 
@@ -237,7 +238,7 @@ func (c *GortClient) GroupRoleList(groupname string) ([]rest.Role, error) {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return []rest.Role{}, getResponseError(resp)
 	}
 
diff --git a/client/client-role.go b/client/client-role.go
index edfd5ec..657f938 100644
--- a/client/client-role.go
+++ b/client/client-role.go
@@ -20,6 +20,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
+	"net/http"
 
 	"github.com/getgort/gort/data/rest"
 )
@@ -34,7 +35,7 @@ func (c *GortClient) RoleDelete(rolename string) error {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return getResponseError(resp)
 	}
 
@@ -51,7 +52,7 @@ func (c *GortClient) RoleCreate(rolename string) error {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return getResponseError(resp)
 	}
 
@@ -67,7 +68,7 @@ func (c *GortClient) RoleList() ([]rest.Group, error) {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return []rest.Group{}, getResponseError(resp)
 	}
 
@@ -96,9 +97,9 @@ func (c *GortClient) RoleExists(rolename string) (bool, error) {
 	defer resp.Body.Close()
 
 	switch resp.StatusCode {
-	case 200:
+	case http.StatusOK:
 		return true, nil
-	case 404:
+	case http.StatusNotFound:
 		return false, nil
 	default:
 		return false, getResponseError(resp)
@@ -106,30 +107,57 @@ func (c *GortClient) RoleExists(rolename string) (bool, error) {
 }
 
 // RoleGet gets an existing role.
-func (c *GortClient) RoleGet(rolename string) (rest.Group, error) {
+func (c *GortClient) RoleGet(rolename string) (rest.Role, error) {
 	url := fmt.Sprintf("%s/v2/roles/%s", c.profile.URL.String(), rolename)
 	resp, err := c.doRequest("GET", url, []byte{})
 	if err != nil {
-		return rest.Group{}, err
+		return rest.Role{}, err
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
-		return rest.Group{}, getResponseError(resp)
+	if resp.StatusCode != http.StatusOK {
+		return rest.Role{}, getResponseError(resp)
 	}
 
 	body, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		return rest.Group{}, err
+		return rest.Role{}, err
 	}
 
-	group := rest.Group{}
-	err = json.Unmarshal(body, &group)
+	role := rest.Role{}
+	err = json.Unmarshal(body, &role)
 	if err != nil {
-		return rest.Group{}, err
+		return rest.Role{}, err
 	}
 
-	return group, nil
+	return role, nil
+}
+
+// RolePermissionList comments to be written...
+func (c *GortClient) RolePermissionList(username string) (rest.RolePermissionList, error) {
+	url := fmt.Sprintf("%s/v2/roles/%s/permissions", c.profile.URL.String(), username)
+	resp, err := c.doRequest("GET", url, []byte{})
+	if err != nil {
+		return rest.RolePermissionList{}, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return rest.RolePermissionList{}, getResponseError(resp)
+	}
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return rest.RolePermissionList{}, err
+	}
+
+	rpl := rest.RolePermissionList{}
+	err = json.Unmarshal(body, &rpl)
+	if err != nil {
+		return rest.RolePermissionList{}, err
+	}
+
+	return rpl, nil
 }
 
 // RolePermissionRevoke revokes an existing permission from a role
@@ -142,7 +170,7 @@ func (c *GortClient) RolePermissionRevoke(rolename string, bundlename string, pe
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return getResponseError(resp)
 	}
 
@@ -159,7 +187,7 @@ func (c *GortClient) RolePermissionGrant(rolename string, bundlename string, per
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return getResponseError(resp)
 	}
 
diff --git a/client/client-user.go b/client/client-user.go
index fd86cb7..f62dedc 100644
--- a/client/client-user.go
+++ b/client/client-user.go
@@ -20,6 +20,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
+	"net/http"
 
 	"github.com/getgort/gort/data/rest"
 )
@@ -34,7 +35,7 @@ func (c *GortClient) UserDelete(username string) error {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return getResponseError(resp)
 	}
 
@@ -70,7 +71,7 @@ func (c *GortClient) UserGet(username string) (rest.User, error) {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return rest.User{}, getResponseError(resp)
 	}
 
@@ -97,7 +98,7 @@ func (c *GortClient) UserGroupList(username string) ([]rest.Group, error) {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return []rest.Group{}, getResponseError(resp)
 	}
 
@@ -124,7 +125,7 @@ func (c *GortClient) UserList() ([]rest.User, error) {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return []rest.User{}, getResponseError(resp)
 	}
 
@@ -142,6 +143,33 @@ func (c *GortClient) UserList() ([]rest.User, error) {
 	return users, nil
 }
 
+// UserPermissionList comments to be written...
+func (c *GortClient) UserPermissionList(username string) (rest.RolePermissionList, error) {
+	url := fmt.Sprintf("%s/v2/users/%s/permissions", c.profile.URL.String(), username)
+	resp, err := c.doRequest("GET", url, []byte{})
+	if err != nil {
+		return rest.RolePermissionList{}, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return rest.RolePermissionList{}, getResponseError(resp)
+	}
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return rest.RolePermissionList{}, err
+	}
+
+	rpl := rest.RolePermissionList{}
+	err = json.Unmarshal(body, &rpl)
+	if err != nil {
+		return rest.RolePermissionList{}, err
+	}
+
+	return rpl, nil
+}
+
 // UserSave will create or update a user. Note the the key is the username: if
 // this is called with a user whose username exists that user is updated
 // (empty fields will not be overwritten); otherwise a new user is created.
@@ -159,7 +187,7 @@ func (c *GortClient) UserSave(user rest.User) error {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return getResponseError(resp)
 	}
 
diff --git a/data/bundle.go b/data/bundle.go
index d5d0a55..767deec 100644
--- a/data/bundle.go
+++ b/data/bundle.go
@@ -60,7 +60,7 @@ type BundleDocker struct {
 // section of the config.
 type BundleCommand struct {
 	Description string   `yaml:",omitempty" json:"description,omitempty"`
-	Executable  []string `yaml:",omitempty" json:"executable,omitempty"`
+	Executable  []string `yaml:",omitempty,flow" json:"executable,omitempty"`
 	Name        string   `yaml:"-" json:"-"`
 	Rules       []string `yaml:",omitempty" json:"rules,omitempty"`
 }
diff --git a/data/rest/role-data.go b/data/rest/role-data.go
index 34b54ec..340bc06 100644
--- a/data/rest/role-data.go
+++ b/data/rest/role-data.go
@@ -20,7 +20,7 @@ import "fmt"
 
 type Role struct {
 	Name        string
-	Permissions []RolePermission
+	Permissions RolePermissionList
 	Groups      []Group
 }
 
diff --git a/service/role-handlers.go b/service/role-handlers.go
index 6f7c48b..9532376 100644
--- a/service/role-handlers.go
+++ b/service/role-handlers.go
@@ -19,7 +19,9 @@ package service
 import (
 	"encoding/json"
 	"net/http"
+	"sync"
 
+	"github.com/getgort/gort/data/rest"
 	"github.com/gorilla/mux"
 	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
 )
@@ -37,7 +39,6 @@ func handleDeleteRole(w http.ResponseWriter, r *http.Request) {
 
 // handleGetRoles handles "GET /v2/roles"
 func handleGetRoles(w http.ResponseWriter, r *http.Request) {
-
 	roles, err := dataAccessLayer.RoleList(r.Context())
 
 	if err != nil {
@@ -63,13 +64,80 @@ func handleGetRole(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	role, err := dataAccessLayer.RoleGet(r.Context(), rolename)
+	var errs chan error = make(chan error, 3)
+	var role rest.Role
+	var perms rest.RolePermissionList
+	var groups []rest.Group
+
+	wg := sync.WaitGroup{}
+	wg.Add(3)
+
+	go func() {
+		o, err := dataAccessLayer.RoleGet(r.Context(), rolename)
+		if err != nil {
+			errs <- err
+		}
+
+		role = o
+		wg.Done()
+	}()
+
+	go func() {
+		o, err := dataAccessLayer.RolePermissionList(r.Context(), rolename)
+		if err != nil {
+			errs <- err
+		}
+
+		perms = o
+		wg.Done()
+	}()
+
+	go func() {
+		o, err := dataAccessLayer.RoleGroupList(r.Context(), rolename)
+		if err != nil {
+			errs <- err
+		}
+
+		groups = o
+		wg.Done()
+	}()
+
+	wg.Wait()
+
+	close(errs)
+
+	if err := <-errs; err != nil {
+		respondAndLogError(r.Context(), w, err)
+	}
+
+	role.Permissions = perms
+	role.Groups = groups
+
+	json.NewEncoder(w).Encode(role)
+}
+
+// handleGetRole handles "GET /v2/roles/{rolename}"
+func handleGetRolePermissions(w http.ResponseWriter, r *http.Request) {
+	params := mux.Vars(r)
+	rolename := params["rolename"]
+
+	exists, err := dataAccessLayer.RoleExists(r.Context(), rolename)
+	if err != nil {
+		respondAndLogError(r.Context(), w, err)
+		return
+	}
+	if !exists {
+		http.Error(w, "no such role", http.StatusNotFound)
+		return
+	}
+
+	rpl, err := dataAccessLayer.RolePermissionList(r.Context(), rolename)
 	if err != nil {
 		respondAndLogError(r.Context(), w, err)
 		return
 	}
 
-	json.NewEncoder(w).Encode(role)
+	json.NewEncoder(w).Encode(rpl)
 }
 
 // handleGrantRolePermission handles "PUT /v2/roles/{rolename}/bundles/{bundlename}/permissions/{permissionname}"
@@ -135,11 +203,12 @@ func handlePutRole(w http.ResponseWriter, r *http.Request) {
 func addRoleMethodsToRouter(router *mux.Router) {
 	// Basic role methods
 	router.Handle("/v2/roles", otelhttp.NewHandler(authCommand(handleGetRoles, "role", "list"), "handleGetRoles")).Methods("GET")
-	router.Handle("/v2/roles/{rolename}", otelhttp.NewHandler(authCommand(handleGetRole, "role", "infp"), "handleGetRole")).Methods("GET")
+	router.Handle("/v2/roles/{rolename}", otelhttp.NewHandler(authCommand(handleGetRole, "role", "info"), "handleGetRole")).Methods("GET")
 	router.Handle("/v2/roles/{rolename}", otelhttp.NewHandler(authCommand(handlePutRole, "role", "create"), "handlePutRole")).Methods("PUT")
 	router.Handle("/v2/roles/{rolename}", otelhttp.NewHandler(authCommand(handleDeleteRole, "role", "delete"), "handleDeleteRole")).Methods("DELETE")
 
 	// Role permissions
+	router.Handle("/v2/roles/{rolename}/permissions", otelhttp.NewHandler(authCommand(handleGetRolePermissions, "role", "info"), "handleGetRolePermissions")).Methods("GET")
 	router.Handle("/v2/roles/{rolename}/bundles/{bundlename}/permissions/{permissionname}", otelhttp.NewHandler(authCommand(handleRevokeRolePermission, "role", "revoke-permission"), "handleDeleteRolePermission")).Methods("DELETE")
 	router.Handle("/v2/roles/{rolename}/bundles/{bundlename}/permissions/{permissionname}", otelhttp.NewHandler(authCommand(handleGrantRolePermission, "role", "grant-permission"), "handlePutRolePermission")).Methods("PUT")
 }
diff --git a/service/service.go b/service/service.go
index b32c91c..71171c5 100644
--- a/service/service.go
+++ b/service/service.go
@@ -443,6 +443,8 @@ func respondAndLogError(ctx context.Context, w http.ResponseWriter, err error) {
 		fallthrough
 	case gerrs.Is(err, errs.ErrNoSuchGroup):
 		fallthrough
+	case gerrs.Is(err, errs.ErrNoSuchRole):
+		fallthrough
 	case gerrs.Is(err, errs.ErrNoSuchToken):
 		fallthrough
 	case gerrs.Is(err, errs.ErrNoSuchUser):
diff --git a/service/user-handlers.go b/service/user-handlers.go
index dce3e9f..5d7156a 100644
--- a/service/user-handlers.go
+++ b/service/user-handlers.go
@@ -100,6 +100,19 @@ func handleGetUsers(w http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(w).Encode(users)
 }
 
+// handleGetUserPermissions handles "GET /v2/users/{username}/groups"
+func handleGetUserPermissions(w http.ResponseWriter, r *http.Request) {
+	params := mux.Vars(r)
+
+	perms, err := dataAccessLayer.UserPermissionList(r.Context(), params["username"])
+	if err != nil {
+		respondAndLogError(r.Context(), w, err)
+		return
+	}
+
+	json.NewEncoder(w).Encode(perms)
+}
+
 // handlePutUser handles "POST /v2/users/{username}"
 func handlePutUser(w http.ResponseWriter, r *http.Request) {
 	var user rest.User
@@ -148,4 +161,7 @@ func addUserMethodsToRouter(router *mux.Router) {
 	router.Handle("/v2/users/{username}/groups", otelhttp.NewHandler(authCommand(handleGetUserGroups, "user", "info"), "handleGetUserGroups")).Methods("GET")
 	router.Handle("/v2/users/{username}/groups/{username}", otelhttp.NewHandler(authCommand(handleDeleteUserGroup, "user", "update"), "handleDeleteUserGroup")).Methods("DELETE")
 	router.Handle("/v2/users/{username}/groups/{username}", otelhttp.NewHandler(authCommand(handlePutUserGroup, "user", "update"), "handlePutUserGroup")).Methods("PUT")
+
+	// User permissions list
+	router.Handle("/v2/users/{username}/permissions", otelhttp.NewHandler(authCommand(handleGetUserPermissions, "user", "info"), "handleGetUserPermissions")).Methods("GET")
 }

From 19b540a6896f93c542c218e529888f996b25121c Mon Sep 17 00:00:00 2001
From: Matt Titmus <matthew.titmus@gmail.com>
Date: Fri, 9 Jul 2021 15:28:49 -0400
Subject: [PATCH 06/21] Update README.md

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 979039c..5c4c3b4 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,10 @@ Gort is a chatbot framework designed from the ground up for chatops.
 
 Gort brings the power of the command line to the place you collaborate with your team all the time -- your chat window. Its open-ended command bundle support allows developers to implement functionality in the language of their choice, while powerful access control means you can collaborate around even the most sensitive tasks with confidence. A focus on extensibility and adaptability means that you can respond quickly to the unexpected, without your team losing visibility.
 
+## Documentation
+
+You may wish to skip this page and go directly to the documentation: [The Gort Guide](http://guide.getgort.io/).
+
 ## Rationale
 
 Gort was initially conceived of as a Go re-implementation of Operable's [Cog Slack Bot](https://github.com/operable/cog), and while it remains heavily inspired by Cog, Gort has largely gone its own way.

From e09bb58a446beff4b9e9de4ab9b6dcf34457d792 Mon Sep 17 00:00:00 2001
From: Matthew Titmus <matthew.titmus@gmail.com>
Date: Fri, 9 Jul 2021 15:45:47 -0400
Subject: [PATCH 07/21] Simplify range

---
 cli/hidden-command.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cli/hidden-command.go b/cli/hidden-command.go
index d81104c..23bfff1 100644
--- a/cli/hidden-command.go
+++ b/cli/hidden-command.go
@@ -69,7 +69,7 @@ func hiddenCommandCmd(cmd *cobra.Command, args []string) error {
 	cmds := []string{}
 
 	for _, b := range bundles {
-		for k, _ := range b.Commands {
+		for k := range b.Commands {
 			cmds = append(cmds, fmt.Sprintf("- %s:%s", b.Name, k))
 		}
 	}

From 1c7560b82ba2b39306f88c87dd21547949d0ad91 Mon Sep 17 00:00:00 2001
From: Matt Titmus <matthew.titmus@gmail.com>
Date: Fri, 9 Jul 2021 19:12:41 -0400
Subject: [PATCH 08/21] Update README.md

---
 README.md | 18 ++----------------
 1 file changed, 2 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index 5c4c3b4..f727d5e 100644
--- a/README.md
+++ b/README.md
@@ -14,16 +14,6 @@ Gort brings the power of the command line to the place you collaborate with your
 
 You may wish to skip this page and go directly to the documentation: [The Gort Guide](http://guide.getgort.io/).
 
-## Rationale
-
-Gort was initially conceived of as a Go re-implementation of Operable's [Cog Slack Bot](https://github.com/operable/cog), and while it remains heavily inspired by Cog, Gort has largely gone its own way.
-
-Cog was originally designed as a distributed computation engine that was later re-branded as a chatops tool, and much of this original intent was reflected in its design, implementation, and feature set. As a result, many of Cog’s features, however innovative, went largely unused, and the codebase had become difficult to extend and maintain.
-
-The solution, which was discussed for many months on the [Cog Slack workspace](https://cogbot.slack.com), was to rewrite Cog from scratch in a more accessible language, such as [Go](http://golang.org), removing some of less-used functionality and reducing complexity in the process.
-
-This gives us the opportunity to consider and possibly redefine what Cog was meant to be. To choose the features that make sense, and to discard those that don't. In this way, Gort can be described more as a “spiritual successor” to Cog than a faithful re-implementation: many things will change, others will cease to exist entirely.
-
 ## Features
 
 The primary goal of this project is to re-implement the core features of Cog that made it stand out among other chatops tools. Specifically, to:
@@ -37,13 +27,9 @@ The primary goal of this project is to re-implement the core features of Cog tha
 
 This includes all of the [high-level features listed in the Cog documentation](https://web.archive.org/web/20191130061912/http://book.cog.bot/sections/introducing_cog.html#current-featuress).
 
-<!-- ## Non-Goals
-
-While some effort will be made to support existing functionality (such as Cog bundles), perfect compatibility is explicitly not guaranteed (however, a migration guide should be written eventually). -->
-
-## Gort Design
+<!-- ## Gort Design
 
-A WIP design doc, including rough milestones (but not dates) [can be seen here](https://docs.google.com/document/d/1u7LzEzPjT1L8_xkHL577cKeuQdCiCQAww8M0rx1QXEM/edit?usp=sharing). Feel free to add questions or comments.
+A WIP design doc, including rough milestones (but not dates) [can be seen here](https://docs.google.com/document/d/1u7LzEzPjT1L8_xkHL577cKeuQdCiCQAww8M0rx1QXEM/edit?usp=sharing). Feel free to add questions or comments. -->
 
 ## How to Run the Gort Controller
 

From f9ecf94f5aba926f02e4290f64b87fd93db990e4 Mon Sep 17 00:00:00 2001
From: Matthew Titmus <matthew.titmus@gmail.com>
Date: Fri, 9 Jul 2021 19:57:17 -0400
Subject: [PATCH 09/21] README refinement

---
 README.md | 49 +++++++++++++++++++++++--------------------------
 1 file changed, 23 insertions(+), 26 deletions(-)

diff --git a/README.md b/README.md
index f727d5e..09a1c92 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@
 
 Gort is a chatbot framework designed from the ground up for chatops.
 
-Gort brings the power of the command line to the place you collaborate with your team all the time -- your chat window. Its open-ended command bundle support allows developers to implement functionality in the language of their choice, while powerful access control means you can collaborate around even the most sensitive tasks with confidence. A focus on extensibility and adaptability means that you can respond quickly to the unexpected, without your team losing visibility.
+Gort brings the power of the command line to the place you collaborate with your team: your chat window. Its open-ended command bundle support allows developers to implement functionality in the language of their choice, while powerful access control means you can collaborate around even the most sensitive tasks with confidence. A focus on extensibility and adaptability means that you can respond quickly to the unexpected, without your team losing visibility.
 
 ## Documentation
 
@@ -16,16 +16,17 @@ You may wish to skip this page and go directly to the documentation: [The Gort G
 
 ## Features
 
-The primary goal of this project is to re-implement the core features of Cog that made it stand out among other chatops tools. Specifically, to:
+Gort's design philosophy emphasizes flexibility and security by allowing you to:
 
-- define arbitrary command functionality in any programming language,
-- package those commands into bundles that can be installed in Gort,
-- allow users to trigger commands through Slack or another chat provider and be presented with the output,
-- execute triggered commands anywhere a relay is installed using a tag-based targeting system,
-- regulate the use of commands with a built-in authentication/authorization system,
-- and record activity in an audit log.
+- Define arbitrary command functionality in any programming language,
+- Package those commands into bundles that can be installed in Gort,
+- Allow users to trigger commands through Slack or another chat provider and be presented with the output,
+- Decide who can use commands (or flags, or parameters) with a built-in authentication/authorization system, and
+- Record all activity in an audit log.
 
-This includes all of the [high-level features listed in the Cog documentation](https://web.archive.org/web/20191130061912/http://book.cog.bot/sections/introducing_cog.html#current-featuress).
+Gort lets you build commands in any language you want, using tooling you're already comfortable with, and can tightly control who can use them and how.
+
+<!-- - execute triggered commands anywhere a relay is installed using a tag-based targeting system, -->
 
 <!-- ## Gort Design
 
@@ -33,11 +34,7 @@ A WIP design doc, including rough milestones (but not dates) [can be seen here](
 
 ## How to Run the Gort Controller
 
-With Go installed, you can run (for testing) with: `go run . start`.
-
-Note that you'll need a proper API key in the config first!
-
-For more informaton, take a look at the [Quick Start Guide](https://guide.getgort.io/quickstart.html) in [The Gort Guide](https://guide.getgort.io).
+For more information, take a look at the [Quick Start Guide](https://guide.getgort.io/quickstart.html) in [The Gort Guide](https://guide.getgort.io).
 
 ## The Gort Client
 
@@ -45,26 +42,26 @@ The `gort` binary also serves as the controller administration CLI.
 
 ### Configuring Client Profiles
 
-The `gort` client uses an INI-formatted configuration file, conventionally
+The `gort` client uses a YAML-formatted configuration file, conventionally
 located in the `profile` file in a `.gort` directory in your home directory.
 This is where you can store connection credentials to allow `gort` to interact
 with the Gort's Controller's REST API.
 
 An example `.gort/profile` file might look like this:
 
-```ini
-[defaults]
-profile = gort
+```yaml
+defaults:
+    profile: gort
 
-[gort]
-password = "seekrit#password"
-url = https://gort.mycompany.com:4000
-user = me
+gort:
+    url: https://gort.mycompany.com:4000
+    password: "seekrit#password"
+    user: me
 
-[preprod]
-password = "anotherseekrit#password"
-url = https://gort.preprod.mycompany.com:4000
-user = me
+preprod:
+    url: https://gort.preprod.mycompany.com:4000
+    password: "anotherseekrit#password"
+    user: me
 ```
 
 Comments begin with a `#` character; if your password contains a `#`,

From 262f996c7c529aa50ee364d764b0f55010f9c5a5 Mon Sep 17 00:00:00 2001
From: Matt Titmus <matthew.titmus@gmail.com>
Date: Fri, 9 Jul 2021 19:59:03 -0400
Subject: [PATCH 10/21] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 09a1c92..35c9407 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ Gort's design philosophy emphasizes flexibility and security by allowing you to:
 - Define arbitrary command functionality in any programming language,
 - Package those commands into bundles that can be installed in Gort,
 - Allow users to trigger commands through Slack or another chat provider and be presented with the output,
-- Decide who can use commands (or flags, or parameters) with a built-in authentication/authorization system, and
+- Decide who can use commands (or flags, or parameters) with a built-in RBAC system, and
 - Record all activity in an audit log.
 
 Gort lets you build commands in any language you want, using tooling you're already comfortable with, and can tightly control who can use them and how.

From 901eb0891400f2224039656052ca772398a3e1ab Mon Sep 17 00:00:00 2001
From: Tom Elliott <tom.w.elliott@gmail.com>
Date: Sat, 10 Jul 2021 22:13:30 +0000
Subject: [PATCH 11/21] Add `bundle versions` command

The `bundle versions` command lists all versions of a specific bundle to fit with the guide.

Listing all versions is already implemented in `bundle list`, so functionality for `versions` has been limited to a specific bundle.

Incompatible bundles was noted as a TODO.
---
 cli/bundle-versions.go | 91 ++++++++++++++++++++++++++++++++++++++++++
 cli/bundle.go          |  1 +
 2 files changed, 92 insertions(+)
 create mode 100644 cli/bundle-versions.go

diff --git a/cli/bundle-versions.go b/cli/bundle-versions.go
new file mode 100644
index 0000000..7fc0319
--- /dev/null
+++ b/cli/bundle-versions.go
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2021 The Gort Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cli
+
+import (
+	"fmt"
+
+	"github.com/getgort/gort/client"
+	"github.com/spf13/cobra"
+)
+
+const (
+	bundleVersionsUse   = "versions"
+	bundleVersionsShort = "Lists installed bundle versions."
+	bundleVersionsLong  = "List all versions of an installed bundle."
+	bundleVersionsUsage = `Usage: gort bundle versions [OPTIONS] NAME
+
+	Lists installed versions of a bundle.
+  
+	All versions of the specified bundle are listed, along
+	with their status ("Enabled", "Disabled", "Incompatible")
+  
+  Options:
+	--help              Show this message and exit.
+`
+)
+
+// TODO: Support incompatible flag
+// -x, --incompatible  Lists only incompatible bundle versions
+
+// GetBundleVersionsCmd is a command
+func GetBundleVersionsCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   bundleVersionsUse,
+		Short: bundleVersionsShort,
+		Long:  bundleVersionsLong,
+		RunE:  bundleVersionsCmd,
+		Args:  cobra.ExactArgs(1),
+	}
+
+	cmd.SetUsageTemplate(bundleVersionsUsage)
+
+	return cmd
+}
+
+func bundleVersionsCmd(cmd *cobra.Command, args []string) error {
+	const format = "%-12s%-12s%-12s\n"
+
+	gortClient, err := client.Connect(FlagGortProfile)
+	if err != nil {
+		return err
+	}
+
+	bundles, err := gortClient.BundleListVersions(args[0])
+	if err != nil {
+		return err
+	}
+
+	fmt.Printf(format, "BUNDLE", "VERSION", "STATUS")
+
+	for _, b := range bundles {
+		if b.Version == "" {
+			b.Version = "-"
+		}
+
+		status := "Disabled"
+		if b.Enabled {
+			status = "Enabled"
+		}
+		// TODO: Determine whether bundles are incompatible
+
+		fmt.Printf(format, b.Name, b.Version, status)
+
+	}
+
+	return nil
+}
diff --git a/cli/bundle.go b/cli/bundle.go
index 9e45490..5d1ca4b 100644
--- a/cli/bundle.go
+++ b/cli/bundle.go
@@ -64,6 +64,7 @@ func GetBundleCmd() *cobra.Command {
 	cmd.AddCommand(GetBundleListCmd())
 	cmd.AddCommand(GetBundleUninstallCmd())
 	cmd.AddCommand(GetBundleYamlCmd())
+	cmd.AddCommand(GetBundleVersionsCmd())
 
 	return cmd
 }

From 9a21b69bba8b284d219d0675ea5247333064eb69 Mon Sep 17 00:00:00 2001
From: Tom Elliott <tom.w.elliott@gmail.com>
Date: Sat, 10 Jul 2021 21:05:43 +0000
Subject: [PATCH 12/21] Create `permission list` command

Partial fix for #59
---
 cli/permission-list.go | 77 ++++++++++++++++++++++++++++++++++++++++++
 cli/permission.go      | 40 ++++++++++++++++++++++
 cmd-root.go            |  1 +
 3 files changed, 118 insertions(+)
 create mode 100644 cli/permission-list.go
 create mode 100644 cli/permission.go

diff --git a/cli/permission-list.go b/cli/permission-list.go
new file mode 100644
index 0000000..8f1aedc
--- /dev/null
+++ b/cli/permission-list.go
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2021 The Gort Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cli
+
+import (
+	"fmt"
+
+	"github.com/getgort/gort/client"
+	"github.com/spf13/cobra"
+)
+
+const (
+	permissionListUse   = "list"
+	permissionListShort = "List all permissions installed"
+	permissionListLong  = "Lists all permissions installed, and their currently enabled version, if any."
+	permissionListUsage = `Usage:
+  gort permission list [flags]
+
+Flags:
+  -h, --help   Show this message and exit
+
+Global Flags:
+  -P, --profile string   The Gort profile within the config file to use
+`
+)
+
+// GetPermissionListCmd is a command
+func GetPermissionListCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   permissionListUse,
+		Short: permissionListShort,
+		Long:  permissionListLong,
+		RunE:  permissionListCmd,
+	}
+
+	cmd.SetUsageTemplate(permissionListUsage)
+
+	return cmd
+}
+
+func permissionListCmd(cmd *cobra.Command, args []string) error {
+	const format = "%-12s\n"
+
+	gortClient, err := client.Connect(FlagGortProfile)
+	if err != nil {
+		return err
+	}
+
+	bundles, err := gortClient.BundleList()
+	if err != nil {
+		return err
+	}
+
+	fmt.Printf(format, "NAME")
+
+	for _, b := range bundles {
+		for _, p := range b.Permissions {
+			fmt.Printf(format, fmt.Sprintf("%v-%v", b.Name, p))
+		}
+	}
+
+	return nil
+}
diff --git a/cli/permission.go b/cli/permission.go
new file mode 100644
index 0000000..70af56e
--- /dev/null
+++ b/cli/permission.go
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2021 The Gort Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cli
+
+import (
+	"github.com/spf13/cobra"
+)
+
+const (
+	permissionUse   = "permission"
+	permissionShort = "Perform operations on permissions"
+	permissionLong  = "Allows you to perform permission administration."
+)
+
+// GetPermissionCmd permission
+func GetPermissionCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   permissionUse,
+		Short: permissionShort,
+		Long:  permissionLong,
+	}
+
+	cmd.AddCommand(GetPermissionListCmd())
+
+	return cmd
+}
diff --git a/cmd-root.go b/cmd-root.go
index 533269d..e96155e 100644
--- a/cmd-root.go
+++ b/cmd-root.go
@@ -45,6 +45,7 @@ func GetRootCmd() *cobra.Command {
 	root.AddCommand(cli.GetRoleCmd())
 	root.AddCommand(cli.GetUserCmd())
 	root.AddCommand(cli.GetVersionCmd())
+	root.AddCommand(cli.GetPermissionCmd())
 
 	root.PersistentFlags().StringVarP(&cli.FlagGortProfile, "profile", "P", "", "The Gort profile within the config file to use")
 

From 47b57e94d85f7992bded05081f74d8931d5b6010 Mon Sep 17 00:00:00 2001
From: Tom Elliott <tom.w.elliott@gmail.com>
Date: Sat, 10 Jul 2021 22:47:10 +0000
Subject: [PATCH 13/21] Enhance `gort hidden command` (`!gort:help`) to provide
 info about a bundle command Fixes #60

---
 cli/hidden-command.go | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/cli/hidden-command.go b/cli/hidden-command.go
index 23bfff1..817e64e 100644
--- a/cli/hidden-command.go
+++ b/cli/hidden-command.go
@@ -30,6 +30,8 @@ const (
 	hiddenCommandLong  = `Provides information about a command.
 
 If no command is specified, this will list all commands installed in Gort.
+
+If a command is specified, this will return information about the specified command.
 `
 	hiddenCommandUsage = `Usage:
   !gort:help [flags] [command]
@@ -46,6 +48,7 @@ func GetHiddenCommandCmd() *cobra.Command {
 		Short: hiddenCommandShort,
 		Long:  hiddenCommandLong,
 		RunE:  hiddenCommandCmd,
+		Args:  cobra.RangeArgs(0, 1),
 	}
 
 	cmd.SetUsageTemplate(hiddenCommandUsage)
@@ -59,6 +62,46 @@ func hiddenCommandCmd(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	if len(args) == 0 {
+		return listAllCommands(gortClient)
+	}
+
+	return detailCommand(gortClient, args[0])
+}
+
+func detailCommand(gortClient *client.GortClient, command string) error {
+	bundles, err := gortClient.BundleList()
+	if err != nil {
+		return err
+	}
+
+	var found bool
+	for _, b := range bundles {
+		for k := range b.Commands {
+			cmdName := fmt.Sprintf("%s:%s", b.Name, k)
+			if cmdName == command || k == command {
+				fmt.Println(cmdName)
+				fmt.Println("==")
+				if len(b.LongDescription) > 0 {
+					fmt.Println(b.LongDescription)
+				} else if len(b.Description) > 0 {
+					fmt.Println(b.Description)
+				}
+				fmt.Println()
+				fmt.Printf("Type `%v --help` for more information.\n", k)
+				found = true
+			}
+		}
+	}
+
+	if !found {
+		return fmt.Errorf("command not found: %v", command)
+	}
+
+	return nil
+}
+
+func listAllCommands(gortClient *client.GortClient) error {
 	bundles, err := gortClient.BundleList()
 	if err != nil {
 		return err

From de93ccb66fd0138ad4a72d78d53b45289876cc82 Mon Sep 17 00:00:00 2001
From: Matt Titmus <matthew.titmus@gmail.com>
Date: Fri, 9 Jul 2021 20:29:36 -0400
Subject: [PATCH 14/21] +links

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 35c9407..0bd9245 100644
--- a/README.md
+++ b/README.md
@@ -98,3 +98,9 @@ Gort is in a state of active heavy development. The date that various [milestone
 - Milestone 9: _TBD_
 - Release candidate 1: _TBD_
 - Release!: _TBD_
+
+## More Links
+
+* [Gort Slack Community](https://join.slack.com/t/getgort/shared_invite/zt-scgi5f7r-1U9awWMWNITl1MCzrpV3~Q)
+* [GitHub Issues](https://github.com/getgort/gort/issues)
+

From d0ac01ae506a2e800ce3485822ef8815ba2afe48 Mon Sep 17 00:00:00 2001
From: Tom Elliott <tom.w.elliott@gmail.com>
Date: Sat, 10 Jul 2021 21:09:25 +0000
Subject: [PATCH 15/21] Fix syntax in committed config.yml

Running `go run . start` from a fresh clone of the repo errored out due to a recent change to the executable field.
---
 config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config.yml b/config.yml
index 68a8498..2a6e9ac 100644
--- a/config.yml
+++ b/config.yml
@@ -137,7 +137,7 @@ bundles:
   commands:
     echo:
       description: "Echos back anything sent to it, all at once."
-      executable: "/bin/echo"
+      executable: [ "/bin/echo" ]
     splitecho:
       description: "Echos back anything sent to it, one parameter at a time."
       executable: [ "/opt/app/splitecho.sh" ]

From 1bf4cef348070ab3a2497e24ae3c7a794c5e1d10 Mon Sep 17 00:00:00 2001
From: Tom Elliott <tom.w.elliott@gmail.com>
Date: Sun, 11 Jul 2021 22:46:44 -0400
Subject: [PATCH 16/21] Ensure Quickstart instructions work

https://guide.getgort.io/quickstart.html

Ensure the following commands succeed with a  fresh repo:
$ cp config.yml development.yml
$ make image
$ docker compose up
$ gort bootstrap --email your.name@email.com localhost:4000 --allow-insecure
---
 config.yml         |  4 ++--
 docker-compose.yml | 11 ++++++-----
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/config.yml b/config.yml
index 2a6e9ac..aa32d3f 100644
--- a/config.yml
+++ b/config.yml
@@ -39,7 +39,7 @@ gort:
 
 database:
   # The host where Gort's PostgreSQL database lives. Defaults to localhost.
-  host: localhost
+  host: postgres
 
   # The port at which Gort may access its PostgreSQL database. Defaults to 5432.
   port: 5432
@@ -98,7 +98,7 @@ docker:
 jaeger:
   # The URL for the Jaeger collector that spans are sent to. If not set then
   # no exporter will be created.
-  endpoint: http://localhost:14268/api/traces
+  endpoint: http://jaeger:14268/api/traces
 
   # The username to be used in the authorization header sent for all requests
   # to the collector. If not set no username will be passed.
diff --git a/docker-compose.yml b/docker-compose.yml
index 3d43a98..799cb94 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,10 @@
-version: '3'
+version: "3"
 
 services:
   gort:
+    depends_on:
+      - jaeger
+      - postgres
     image: getgort/gort:latest
     command: "start -v"
     ports:
@@ -9,8 +12,6 @@ services:
     volumes:
       - ./development.yml:/config.yml
       - /var/run/docker.sock:/var/run/docker.sock
-    environment:
-      - GORT_DB_PASSWORD=veryKleverPassw0rd
     networks:
       - gort
 
@@ -24,12 +25,12 @@ services:
 
   postgres:
     image: postgres:13
-    # Uncommenting ports lets the database to be inspected with pgAdmin or similar but breaks `make test-local`
+    # # Uncommenting ports lets the database to be inspected with pgAdmin or similar but breaks `make test-local`
     # ports:
     #   - "5432:5432"
     environment:
       - POSTGRES_USER=gort
-      - POSTGRES_PASSWORD=veryKleverPassw0rd
+      - POSTGRES_PASSWORD=veryKleverPassw0rd!
     networks:
       - gort
 

From ff295b34cfa4c91ef9797edfb1fa53daf847b244 Mon Sep 17 00:00:00 2001
From: Matthew Titmus <matthew.titmus@gmail.com>
Date: Mon, 12 Jul 2021 07:52:38 -0400
Subject: [PATCH 17/21] Dependency

---
 go.mod |   2 +-
 go.sum | 200 +++++++++++++++++++++++++++++++++++++++++++++++++++++----
 2 files changed, 187 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index 3e782eb..e687e38 100644
--- a/go.mod
+++ b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/sirupsen/logrus v1.8.1
 	github.com/slack-go/slack v0.9.1
-	github.com/spf13/cobra v1.1.3
+	github.com/spf13/cobra v1.2.1
 	github.com/stretchr/testify v1.7.0
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0
 	go.opentelemetry.io/otel v0.20.0
diff --git a/go.sum b/go.sum
index dbc37b2..e587d59 100644
--- a/go.sum
+++ b/go.sum
@@ -10,18 +10,33 @@ cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6T
 cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
 cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
 cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
+cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
+cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
+cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
+cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
+cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
+cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
+cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
+cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
+cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
+cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
+cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
+cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
+cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
 cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
+cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
+cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
@@ -73,6 +88,7 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
+github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
 github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
@@ -94,7 +110,7 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
-github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
+github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
@@ -121,6 +137,8 @@ github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJ
 github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
 github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
 github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
@@ -207,7 +225,6 @@ github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgU
 github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
 github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
 github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
@@ -218,6 +235,7 @@ github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
 github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
+github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
@@ -267,6 +285,9 @@ github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4s
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
@@ -309,6 +330,7 @@ github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblf
 github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
 github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
 github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=
 github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
 github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
@@ -331,6 +353,9 @@ github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfb
 github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
 github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -344,8 +369,11 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
+github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@@ -353,20 +381,30 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -393,6 +431,7 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
 github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE=
 github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
@@ -421,6 +460,7 @@ github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/J
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
@@ -438,6 +478,7 @@ github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCV
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
@@ -452,6 +493,7 @@ github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdY
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
@@ -467,7 +509,7 @@ github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-b
 github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
 github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
@@ -492,6 +534,7 @@ github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS4
 github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
@@ -575,6 +618,7 @@ github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FI
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
+github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
@@ -585,6 +629,7 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
+github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
@@ -633,6 +678,7 @@ github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
@@ -661,13 +707,16 @@ github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJ
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
+github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
-github.com/spf13/cobra v1.1.3 h1:xghbfqPkxzxP3C/f3n5DdpAbdKLj4ZE4BWQI362l53M=
-github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
+github.com/spf13/cobra v1.2.1 h1:+KmjbUw1hriSNMF55oPrkZcb27aECyrj8V2ytv7kWDw=
+github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
+github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
@@ -675,7 +724,7 @@ github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
-github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
+github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
 github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
 github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
 github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
@@ -689,6 +738,7 @@ github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRci
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@@ -717,8 +767,11 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:
 github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
+github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
@@ -727,6 +780,9 @@ go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
 go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
+go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
+go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
+go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
 go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
 go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
@@ -734,6 +790,9 @@ go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
+go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 go.opentelemetry.io/contrib v0.20.0 h1:ubFQUn0VCZ0gPwIoJfBJVpeBlyRMxu8Mm/huKWYd9p0=
 go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0 h1:Q3C9yzW6I9jqEc8sawxzxZmY48fs9u220KXq6d5s3XU=
@@ -759,11 +818,14 @@ go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16g
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
+go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
+go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
+go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -773,6 +835,7 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -802,6 +865,8 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
 golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
@@ -810,6 +875,9 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB
 golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -830,6 +898,7 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -841,28 +910,47 @@ golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw=
+golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 h1:4nGaVu0QrbjT/AK2PRLuQfQuh6DJve+pELhqTdAj3x0=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -911,12 +999,19 @@ golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200817155316-9781c653f443/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200922070232-aee5d888a860/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -926,18 +1021,28 @@ golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210324051608-47abb6519492 h1:Paq34FxTluEPvVyayQqMPgHm+vTOrIifmcYxFBx9TLg=
+golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007 h1:gG67DSER+11cZvqIMb8S8bt0vZtiN6xWYARwirrOSfE=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4 h1:0YWbFKbhXG/wIiuHDSKpS0Iy7FSA+u45VtBMfQcFTTc=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.5 h1:i6eZZ+zk0SOf0xgBpEpPD18qWcJda6q1sxt3S0kzyUQ=
+golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -983,9 +1088,26 @@ golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapK
 golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
+golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1002,13 +1124,27 @@ google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsb
 google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
 google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
 google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
 google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
+google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
+google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
+google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
+google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
+google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
+google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
+google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@@ -1030,10 +1166,32 @@ google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvx
 google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
 google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a h1:pOwg4OoaRYScjmR4LlLgdtnyoHYTSAVhhqe5uPdpII8=
+google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
+google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c h1:wtujag7C+4D6KMoulW9YauvK2lgdvCMS260jsqqBXr0=
+google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
 google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -1049,9 +1207,19 @@ google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQ
 google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
+google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.2 h1:EQyQC3sa8M+p6Ulc8yy9SWSS2GVwyRc83gAbG8lrl4o=
+google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
+google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.38.0 h1:/9BgsAsa5nWe26HqOlvlgJnqBuktYOLCgjCPqsa56W0=
+google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -1061,8 +1229,10 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1076,7 +1246,7 @@ gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMy
 gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
 gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
@@ -1087,6 +1257,7 @@ gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRN
 gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -1107,6 +1278,7 @@ honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
 k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ=
 k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=

From 0d5936f9904dab08809d353c3f1f57a932579283 Mon Sep 17 00:00:00 2001
From: Matthew Titmus <matthew.titmus@gmail.com>
Date: Tue, 13 Jul 2021 10:40:31 -0400
Subject: [PATCH 18/21] README rewrite

---
 .vscode/settings.json |   9 +++
 README.md             | 124 +++++++++++++++++++++++++++++++++++++++---
 images/hello-gort.png | Bin 0 -> 48681 bytes
 3 files changed, 126 insertions(+), 7 deletions(-)
 create mode 100644 .vscode/settings.json
 create mode 100644 images/hello-gort.png

diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..3d814f5
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,9 @@
+{
+    "cSpell.words": [
+        "seekrit"
+    ],
+    "cSpell.ignoreWords": [
+        "anotherseekrit",
+        "deployers"
+    ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index 0bd9245..538f667 100644
--- a/README.md
+++ b/README.md
@@ -16,15 +16,125 @@ You may wish to skip this page and go directly to the documentation: [The Gort G
 
 ## Features
 
-Gort's design philosophy emphasizes flexibility and security by allowing you to:
+Gort's design philosophy emphasizes flexibility and security by allowing you to build commands in any language you want, using tooling you're already comfortable with, and can tightly control who can use them and how.
 
-- Define arbitrary command functionality in any programming language,
-- Package those commands into bundles that can be installed in Gort,
-- Allow users to trigger commands through Slack or another chat provider and be presented with the output,
-- Decide who can use commands (or flags, or parameters) with a built-in RBAC system, and
-- Record all activity in an audit log.
+More specifically:
 
-Gort lets you build commands in any language you want, using tooling you're already comfortable with, and can tightly control who can use them and how.
+* Users may trigger commands through Slack (or another chat provider)
+* Commands can be implemented in any programming language
+* Commands are packaged into bundles that can be installed in Gort
+* Organize users into groups, and permissions into roles
+* Use a sophisticated identity and permission system to determine who can use commands
+* Record all activity in an audit log
+
+Each of these is described in more detail below.
+
+### Users may trigger commands through Slack (or another chat provider)
+
+Users primarily interact with Gort through _commands_, which are triggered by a command characters (`!` by default), and are conceptually identical to commands entered on the command line.
+
+For example, using an `echo` command might look like the following:
+
+![Hello, Gort!](images/hello-gort.png "Hello, Gort!")
+
+As shown, the output from successful commands is relayed back by Gort.
+
+More information about commands can be found in the Gort Guide:
+
+* [Gort Guide: Commands and Bundles](https://guide.getgort.io/commands-and-bundles.html)
+
+### Commands can be implemented in any programming language
+
+Gort [commands](https://guide.getgort.io/commands-and-bundles.html) are built as container images, which means you can build them in any language you're comfortable with.
+
+What's more, because your executable receives all chat inputs exactly as if it was being typed on the command line, you can use any command line interpreter you want. Commands can even be implemented as Bash scripts, or using existing commands, like `curl`!
+
+More information about writing commands can be found in the Gort Guide:
+
+* [Gort Guide: Writing a Command Bundle](writing-a-command-bundle.md)
+
+### Commands are packaged into bundles that can be installed in Gort
+
+In Gort, a set of one or more related commands can be installed as a "command bundle".
+
+A bundle is [represented in YAML](https://guide.getgort.io/bundle-configurations.html), specifying which executable to use for each command and who is allowed to execute each commands. 
+
+A very simple bundle file is shown below.
+
+```yaml
+---
+gort_bundle_version: 1
+
+name: echo
+version: 0.0.1
+author: Matt Titmus <matthew.titmus@gmail.com>
+homepage: https://guide.getgort.io
+description: A test bundle.
+long_description: |-
+  This is an example bundle. It lets you echo text using the "echo"
+  command that's built into Ubuntu 20.04.
+
+permissions:
+  - can_echo
+
+docker:
+  image: ubuntu
+  tag: 20.04
+
+commands:
+  foo:
+    description: "Echos back anything sent to it."
+    executable: [ "/bin/echo" ]
+    rules:
+      - must have echo:can_echo
+```
+
+This shows a bundle called `echo`, which defines a command called `echo` and a permission called `can_echo`. Once [installed](https://guide.getgort.io/managing-bundles.html), any user with the `echo:can_echo` permission can execute it in Slack.
+
+More information about bundles can be found in the Gort Guide:
+
+* [Gort Guide: Bundle Configurations](https://guide.getgort.io/bundle-configurations.html)
+* [Gort Guide: Managing Bundles](https://guide.getgort.io/managing-bundles.html)
+
+### Organize users into groups, and permissions into roles
+
+In Gort, _users_ can be uniquely mapped to users in one or more chat providers. Gort users can be members of one or more _groups_, which in turn can have any number of _roles_ that can be thought of as collections of granted permissions. For example, the user `dave` might be in a group called `developers`. This group may have a role attached named `deployers` that contains a number of permissions, including one called `production_deploy`.
+
+More information about permissions and rules can be found in the Gort Guide:
+
+* [Gort Guide: User Management](https://guide.getgort.io/user-management.html)
+
+### Use a sophisticated identity and permission system to determine who can use commands
+
+A sophisticated rule system can be applied for each command defining who can use it. These can be quite granular, and are even capable of making permissions decisions based on the values of specific flags or parameters.
+
+Rules are assigned at the bundle level, and can be quite sophisticated. Below we have a subset of a bundle called `deploy`.
+
+```yaml
+name: deploy
+version: 0.0.1
+
+permissions:
+  - production_deploy
+
+commands:
+  deploy:
+    description: "Deploys to the chosen environment."
+    executable: [ "/bin/deploy" ]
+    rules:
+      - with arg[0] == "production" must have deploy:production_deploy
+```
+
+As you can see, the above example includes one command, also called `deploy`. Its one rule asserts that any user passing "production" as the parameter must have the `production_deploy` permission (from the `deploy` bundle).
+
+More information about permissions and rules can be found in the Gort Guide:
+
+* [Gort Guide: Permissions and Rules](https://guide.getgort.io/permissions-and-rules.html)
+* [Gort Guide: Command Execution Rules](https://guide.getgort.io/command-execution-rules.html)
+
+### Record all activity in an audit log
+
+All command activity is emitted as log events and recorded in [an audit log](https://guide.getgort.io/audit-log-events.html) in the database.
 
 <!-- - execute triggered commands anywhere a relay is installed using a tag-based targeting system, -->
 
diff --git a/images/hello-gort.png b/images/hello-gort.png
new file mode 100644
index 0000000000000000000000000000000000000000..25d71e917b2eeca6edcf440bdf963cba2974e985
GIT binary patch
literal 48681
zcmd421zQ|Vum-xgy9L+a5+DSZ;O_1&!C7Q+2*KSUXmAS}+?L>O!EJGO_seJJoaf#@
zaHpQ0?&<ET+NtiYX?ZtXSy2iNnFtvG0HDc8i>m?vP;GAk77_j}M~xw{9{@l#wGk6j
zmJt)9P<C;&w6U`Q0Hni{wGgz`2Jy4?RAsCK5v7sZ!>5oa-hadYEK)|nNQp#~^bY51
z1ZlE{(=k<qg@l%bzN;IYIZN2Q0j{?Za|!*SX;;WlMqEH;$3^?4FL1ZhYV4`loYn&#
zkmcSXpAvci9mmEJ*Dv+0y056HMw&DLFc1Lc1l~cx<xteu{}{kA@v63}4;NO}xs|u^
z;P=!S(V<*`2?!_<%VbbTyr6V|2C(4|Y{3CA#eS@M$p*>?_hJ$cm;_*sE3eye85aFc
z|I${!M$4X!;tT^YC(2<PhZkvuJJ1RKYB!MojA^P>s!RnZ(ht}W2~1=A#)GwCa(|zw
z4npripD=_!M-N*_H*&Uo4H5>%<&2M$^&GT41d}kT3|!nzzl={kIS!7iq2E;pMboB8
z^_5?Qa<ygiGsp(pV0y@Knwe_Uhumd}msIit=rt;$<W-mQi=g2MW-&fcy5n7l<x_kL
z=F$I7fb(<G%2MXHCuaA|SH)!9Gi)v(K?JS|64BW8h0J*k43FH{w)M{J#rCtG#tqBR
zGEGd#Ym0UdF~r}1Mo~U64H+QGl0?%lQh`<zNX1PlYagV87v9Vc^U1}cjnR)dY=O!~
zJnTEU+;~E0zwMF5eMF#74R*~pg8VK#xQ!lZH{a?kXg~iaNzA$Mg3JOavUpRwD-l*v
z73(xUj|vSMg{iH`m1MkcJ+?dU!xtMLZ+LW)2!2fIeYVS^m!BBvmBI)2mhSZDTfjMo
zAMl(<k-U`fxCwwL!{GHXk+nsT^k~yyT>=W~%R5jyN~L~7kq><Sgb76uZD}ki`x=HT
zgd>7=heCy=j5>z0PmUKTTJrj_L_^p>MDx|!<TXnF3~|E;6Yc`iTI-+UI-$n_LgY#~
zZ9_4x@T@NF>zH%SrPa+>K|iZ?g=Y>o=}|VNVb9zP%YXzn36r7abX7NR+AVufEVA8v
zllu1Qx9@K}QU3KlahaN@3~k9E_W|<CL7vOQC};kG{oqgtR2(VCru;H&6C`^A0|Db}
zc6)A0dAMFO|KZveZ(5fY*WA2{J_Ef4;`_9XvtxOCI{T{6_!<(Om9c!YBVA=K2vQx_
z<IiPdqVrO|w&5&2Hzss7`SUhM6q*>?^H>#7{Gp_(>s?$|)&6K`pvco$I)V%7j?4bJ
zJ9Q1!b=}Ry{Rb6Jcw})k6m{Y#ewj}Stb_Oj)jVfR6sG3|U)Q^}PbyCw03{s^2c4x_
zBQK6{zXdKOw0sZ(0{(P#bOaf>PCDhh+`u|qR<iLu5&`x?p?K;=a+3(k+?ozP2fV`b
zIY|-10FBW|j3rON#CJi)nDCN;+Hr`gU9j3#?E2#_AK*p+z|TnZFvH+4)#!H6dSLW3
zlzEhcuFp=mnE<OUI48K}uZP7j0x&BOv^@#TZ{H@c;7y~nDH_5!H)5*eMQBjNB{$;L
zX<!B=3&OC|14qP$;_wFe%sEw~pCU*^VyKGaKW)LgVC;(<Qjsg87XE-QA^Z{=BeFn`
z5G{%`d2aoQkB~)lH(zc7`4{p^@azw%$+|tfU!=YvH^zYJ-)U*@cfQuJv*Je<n&_mF
zWCSOhZfoOdMsoc&dcdBIaWgq}rWyn5G@<Bs$Ahq0!E~E-XT5iPJ_v@PjgZtcZxHuO
zx(Hnwb|#V^ESU*2WyXhKWl?%MJL)4klF-)DptBHZ8jkQAaq=c&wQ$~^{hr<)w4Rk7
zT2tb4sG3l5D#FA}8K?qn>>PCwM#`V>kEuv04QSlrR^#gj@XbA3czC0k-xDMb5AqL&
z4iXH;4z}YOM6mS6V#{Hv7OAADHmDLY>@tuh8J3aFWD|)f6znMPsxp<-|JnSr^hZlq
zS65TFL)YvVjV|yP<F6a*tf`jb>+B*WV4kzh{>S(BNcQ|c!`*{!A{2|4CWH2EuAm>V
zy||v=J+nS%eG>C-`lO^+BB<A@+N$`NcLOAii1~>wW%X4tUa@&hDC?5Xpas`}-=LD!
z$Rov}@C0hbwnfkjRgk+~yWOX~*NgvJ@lbG*ZhvV%bRXq<_t0@txac(?kiCLXKO}%X
zwkFv*bJ9fQV>LH~aO+(X;gjjamkIk4$32@gJD!>9sk1l}ejKw!cFz%k9n~Gf9gUq(
zN=q>wF>x_`v{F(R=K;O^ACg^?RQam;E0S7KLhtILx}$*6sl;={YwTSLneu&U^6U%N
zF3SbBC0)v|KfeAb6uU)lw~6@9m)@75$h~6fHTJ82WSRN5yk*1eQJPLF@3g?YK)+A&
zy~(8_N{B>maF1znFIHqRvlxD8a(|g|eRT_q0t+=ua!Lk^9*g(Sqn`;C5kKAaR%(iL
z>weZ%Xz6h4c`RwqM>V9IsF?w$Q%r{&@RllT1Z^H?$5vT;PY_zYTIp^iZv-Bx9*G{8
z&|O0*LI=?`&{IjnW9<6%`_W<uGL`Ar=xWpor#-FyEG+44v~@MxzcWcY{jgtMW-_O5
z%}SCgno5-F-JRZ@A4-5xMgHRRZ8Yo`*05A2$@#*}FxR+S`5_CpZ=;GsuS2v0+e+3l
z+)46Ds^A{kI$50{k$@qH&pSeZ+sp9Q6cl~)&{e*0nAjNGxZFD1I^Ew#*KO54&eZ_L
zAJd-ZJCq6`-r!%l%{}!NcI<@iZ1?kjY`xokIKA@cnDQ&I-kOcafUbbPgUWzegwY8k
z3>1cIK+u6d4=Ve5f}n?h64VGMyu;(-!qdt#E~YQGMfoVU>hj#g*{twG+gjY(#@aT`
zPg`}qrMh)pbA4f*YkdXF5Nn$HI~7vAO8hW&)%ger+K{WtJ88TmJzqD^S_MhvFz-Z)
zUt&0)SSmkXD%z0u!9B`8>SK`*e$R!eR^MuPU2F!)?c=+Rv?lgsGqT>+-tjQubg*<<
zS~cgof~oYzRF9qvy3A0)j(OJB)z-mQBf}2{Ce_9Mn0NfZqXqRub(t?>L<}sv_IkSG
zP1Vlj{cZ)`g{cKbq>jRV2Y1sr^0ZqDJReo8sQfoNP(>wW`^KVTpS1n(I_VNqn}zE1
zz<3o{0yyv}T1fm7P<eQH{W?%OOtsnO2<BBIC%6dV!@UOBm2bKw6wSwqG8>y~nwNl&
z7pfQTyNQ>a7Z}plh0RkbGCPSyieD0Whh@!=6Q60TvX@z66CBkjBF-a1pkY8D;bK>1
zR^?SDROSk1AMW>_Lmj1FYK3a!3c&9T){C2YXL&iro6~U98CKe3Y5be3@?#^Tb#XfB
zb>FS@#<PW6%@lhwNr9z6;O>jck#1Yw-E~`%XY}Rh&UpH(@#mhe-?5LeJqPQ_pZw>4
zVH(lv%(o1fO)g60$ORW#4e1XL4GXd2GYehjFU8^s->?koPPP2;-tV*Mv6!;ZN=0B<
zs}XgSn2bPRlB%lE>($k0Ik-LuFIP(SPI1%~GsxGUHpDWRte&+zuB|7Z3!gJ6MJ-)!
zUv+)XyLRM8<knw)*H+`6xKLE9K<=0D<mwCT*=b>HExTapVF}hFvsYO4y0E$#pIMS`
zNVb3cWzf>@EA<qU@+IfsAghQ!bvBo4==+$#ek<z}_Jf?*Pr2irm5~(-Z!p<*c5$cW
zlb4(0pVb}TBj5VYg_j0DVKaXlQdRDsm92*QYpZdK6Yj=;0(T@|`<^>7UVR@w4+kZO
zqGGTJ$_om-I<3X$Q41>67FFgiNRfY3vg>fOJE|FGG1JwJl_C{(qk8J8Nz6=?QiRLo
z11+9j1#%v7UcU{e**8zw_=-^_eADRFIGc6LyXMq&D{8hh(9lf~#7fqV>$TrwvASKS
zWm@^mK%vF!S@)s-=J5BSlEc;t$hq#!^7JQfBT}Q>>E0?sr>$4xfl|M)N27Nmc?*Hp
z>GJcp$3`+lG6C-r&|Qt$3-v?(ML&LQc}|ls?>ynE=lXtAG3mJZxL2#}%haRoGca_w
z^O^MNw)v!Hg_LcJ?ZJ@M&*JIJqwV<IsGzf;$J$oszOUZH*xgFZ?a?iraDfkKnSYyl
z->jFeUnx2#Uuf-Q`1COGeEaDo9{^AMJsA!>e0-J}hYZ++77&h7Tf2XNQ(04c#JW?`
z_GLRFa0GlYDdwvLW&q}4GFC_i(AG4hu6v9Fyg;a*qUmb|mS^-of;K7J4iCL8-~pvr
z0ZJDg9jj=*zBv$5yjCcYY4d9XwfEv6?mHQ`IXG_3m>if6tZTuma+1#DKt^b#Gy7Mz
zH1!B1Bndd7w?#*Ug|>{Pf&zf?EsY3(g(3pLy``Yuf)Et(|D+|M=m9W)=R*Skp*8^6
zf9oi|#eZFKZ{aVVe`1(~5CFp46ZTsG<wE~g8>%fA=6}+ENdSCS6O)m7i`C3rEG!&=
z){d?+x2rC18AwjjIzRvb|NUP9N=B9D>`nfxjk>n0wt_sLnWH_ciMgYx1uMwj=`T3|
z0TAC?(%!<=gaTx5=K$mb2~z!CgYPZ<S2i0J#otw2Z3U^c6_hE&99=9ZxL7~3exMRU
zrl6n@a51;!Qx%u|m;LQYkjmQC)rpUd&BMck)q|7O(Z!05otKxF?E?oJ2M5br4HlrM
zgR2RM#Q{kDkC6Z5h+6>7Tx^_NZ5$ma{*r5A>geVwNJaIRqW`)6`JEOZoB!410Q~p0
z-d>RHuM#$P)(>p|Bm0e2;ICXhWgC!%owm4*{hQ6+bO?R?_)*~R`v0Gj|JC>prv}i%
zMa<FujnP%;e~tbx^ZzaUe>48AQs;kFa(w#me^vgUl7Be`*#3I+|6_@N%=~xmo1KM_
z1=#+l&4iHW4>YOXnvujtTuJ>ce(Pj^Utizu^l#y>_$}yZB)P+H0{|ib8S&5RAgH4(
zxB$GFm;Uijavu2<?){ewLQA)HHOlh1Fs+9RE2bW~x$`f_KI122#Z<`Bx2#LUFP%AS
zN6jOKC#(b~s>8fa9+rxu>1!jIr%xB=Zl^QFeZjc&nE%p54?`RtpelTA-N`c$`X7=E
z1c25*BjWx;+N|`L0LSL0(RC^qIOu-}5^P1G{0|v7=ZXN@wl_Y7Mxy@9ffzuL9VqfI
zZGVM^I!lRMB4OqDmxBUe2!j7t5L^lhGAvk+)dAQv@E^yUa>D<=Dkma6o7M5=YFrX-
z^zdJDBAu(#(@ITEJgoh)FHl@0>8(>4lEZP|Tw%xbQ$<H%l;l`VimSGyza!?$l0_+N
zClOagx|r`5WviGN8@bc5(iD5%Y&FttDPM6s>_@(+Q?(r2>vH>Ju)X-FkdoyCC(G!@
zvf9OHa^Xqe=VOeM=*Cr`@XOQEvaAW)f95a!A(9Wh+H8gD?tOZ%)XLM%K?w&Dy8uJa
zBh{l8p-QX6H^r+^L!jH}v#0^(Wo0g&_xB&Qyps{P?&4i)UGy8kziP{VE3?w^FIiYw
zAwkOEL^a%J?Y0-fD+G^uxP2vjCzO1I{p6!V0FH_ZTr)Ue+sA|3ZLKwTF$e#Nq2D?G
zHCtgQbTmAuQQtp&$u$uTTZ>lTSw}S54*V0p0M!z}9rUY&F;`tj$A<Ubvl%*<w=yqJ
zKOklMJD2Uw(9jSnrl1ExDx#r8Cy~}f#YA#)stz%LjgGGWz?%Yw2W|Vvl?Vk*CS2iI
zF)4$dZVtw<Cw*3vB8MHUu}G0;ChNOq<a3|Jf0}2z`w7wezkV#22^|d$+RYZ4zYeN{
z8BV~?)#8>&_HlR9C}bKK<_4Enz_on+DzMvAnw*mKZVyU#23z4blBLBiqFwD#ldRhp
znvD_s0gGMfKc)T}z$B|&&0z_z05hkT0#xZoO}0;#7~1u{HZa*U2(UQ2E`ifQ^wDwd
zYxY{HM#J0FD?Kua%a5o26NrM`E3C8nK(xkn_`}x0#Nwvcr(05AR9R$f)m)L>fZ=y%
zvj(<Yx8STfLIyM?Q$RwlBdT>mWZlFP(nLVHK9p{KQ~T6HZ)JgX5fc-O+xEs8m7sn~
zPljh@ZgsQmOj*6{WLfesfrpl%%69GLg?{}*NlAqh&=opH1`j*jl5&=Y9lply<th8{
zBS{og@=TWA3i@vUy2@Zs)>?wcL3%1|7TLD}ifE8sn(a!9MqVge=hIM@f0sn~X0=)>
zbn9_TB){KTP58)~RJ2QRw!0;u9aiG^*oAyx6comZLym4c>9?pLL)6`<KKM`21Q>jx
zNU5Q#3L@KO<@y?)%^4idc^My1*t85(_I0HTbW{bFwj+Y5HOy$JjE83k{4Y~j4C;1R
z3>veUnlisy!rLWpoM0MT%6;UMg6L45VCBE-gZg7J1DzeHdJKUetG#zgl=%LO(~QV|
zlS*OHJNHuWB1OxWj3j+`C?YbFQer46Bg2+NAozWqRqGZ8$^{JMb1*#~KK}QC4x;@~
zA$YYyIw@2SmTQNe=}|EUx2pCRNrB;;>3zp+NlI#EW5OblzJS}SYW|gocCSB_pJ6Gn
z86*)?18~1ZnWv}WoJ~}<wDsWaY&YfYb1vs}#=3ISgfL)&@dhXgB?I96Lkwfc0}$pk
z-)B+4GqG}yTWsSuxo7dUj@2UCvnuAcl`STB?T6P54@o>BAuj2lU41NHycgVCq&dVe
z)rv<2IaB28@&#}^EW>*Auv_(c**~-%{%nome{BQy1UGWz=dauzrC#KD-x^LDc%4gB
zsujm*`khg}?I}zbjjC}248;?CAC9--$()-|>uOh0jeL*CUT=dhCn7MytaAK**F+aT
zl7j{Wudg`InNt=0-H5&gi3HM$ytU<N;;Vp}vAR~ER=F@v+`GFO#tQ&X5LuM=uN-Os
z6Yk|F%RkcGJF&w08amCkl+NZISI!Gl3l@<X!#ES^y|fQ}#_%=8ej1Eb*m<+&yUiSd
z#+6N7m4aSPF)J<2Z9Ag|!HZO@-!?A;`i<X3Jb!Uq&4U%VifKJ^)5ZbGPj$kA9fnyx
zHNtBz%p!n-Vu<!0j@z~JHUS_c)secO^*OU{@_6gU`s5h|5N@{bETKb&zg^Z|zP@T=
z7hUF7Uo>&ffL`1ScJyz>ToIhyzZ!9YfBgMG!27})w~#OOB-w_uE`<5N>=u6G5#Y(l
z>rmj9Id9j=8I)VzI}9}muNXnMs)l#y;%@Pu+da%Q`H07F%u<=qf;CXw7fmZvD+hn6
zT5GEOyhOxhg3C^ZuG1vtYr@mi9ju?lpD4$#{#q6G395~xVF>I?sRYq2^%F4xMoa65
zYbY>G6(FY+AgR#%>KPs@x~2^*dESbd@+$b>)|kXLHP|oB2Y-SEH7@()>scfx<G>;X
zq*C+>@H16R46pd^9)~}L05FDkf)GfyKFu2oa$5|kbNk$Fp7?h@C0GxSeZA5uHsMKQ
zgIjELJY8(CIi?+KDg(I>`W((_{m9J)yB#m~x+(i}T8+Bk(8+7(zIeHwo*;kBc{$&;
zHhXu#uT=IVDkw(E?_Q!-VDo2m>S>fDTlQMSLa4y&YR_RChfa|LNhwQl2N)36ZWek|
zyIAFdQ?RIu%K!v>YX#7mracDk4?s?;i;^4^MZS))$T4fgG&L|17U0S*tHKPZk2-Jn
z)-CTD`PbT~01(-WWDPiHY~E%gJ?S&GAA-PPoPp_#$696Mvinbfri5BqXCG*RZH<yx
zyOoLtY-jgBXpT!i@()n(EEdAuiks;XkIvRFV-Dce0IsSVnPKKoqW(cxwvuD#`nC1H
zY-2BMV-p{AvH?|E<Jl+Kt*6q;xkBL0F295DetCgiCIs+hQkqBWA?vFP9f`kwUM?kA
zPW_8<am}MGM15FeQrEU}A6@v$c-lz#?u`26(6K`YayUM{-1zLi)N<UgA{p?0C-)P(
zNBeD8=t;7cp<5xxmM#7BVGe(*|H-d>4c^z^kp^O3SL)9d?X%w<CgNe#@X}Eh!~-WY
z9AEo=FGm~0o8yO~ZWqfdtKD<_Zkma2<~JE0rIW);UMi-QfGY*x^In;%!ci&JW=3h)
z%)pQ80SNTwoNF0V=vNa;0aExOG|f|!8k!q=sVpLDr96%Lcrg##R@@dxIoP%l<<oGs
zn@*f;Ng1M-PtbLX%uGzt;@_bw8SA@Oh$lE<@Q+iIG}5ebs>_wLI0WBuO&z->vkx=c
zR#1LOVpa0Bb=MI7$`DQngsoT@;`SF7G%ig*5Ewd|a#dVH5J?t*c-ksqcsVP^xA~tq
zm&}ZBjq7>=8s~jD4^0pL*qq$IdUthXYwCDfG+vJJw-~m2wXmD@wZsa)h-0jCZ|G7N
z-_1_t+m{nqt+>s)+b{mAsTvcOigkBvyHCmZWbf53_El`j`1v{-NBf5s+nj{a_qPt~
zn%@)Nc{$eVFf!kH@auT7zFf~OIe8^T&tbh`YMid}HJmQzCN$h0!MFFg`q@3)%>Csw
zI2AkO-ONLp=ho!9reO}cV>cSN(_vL(<>7R3teD;Hk|XsB|7k~g2{+EcRfbQ1wv)j=
z;iD{awaZ%a)~f1p?%-)>tP8o{oyk}CUwSgWr`6rd&iHtEt*Kn=BbmH)ijDUPxJS*q
zWHE<S&ku)=CoBqxgQd3-Ob32X-83jklWS(NvC@^6{XQa<J@2&k58an62<EiRuEVQ#
zUk`)|5-o?{?F|-ZH(*Q&F<nn`-MY1&Jh1iGZK}EW3%@?qJ>DfMt!#Lm+^iJm*sgVC
zk;e#T4D$7BXc-j7l%x#FzYLC3jX$|B*>8FsY@)D+-a1ch4SwSFznhfu>LY?jc`!)p
z0j@b#3F44Dqo9C7kv?$$X$@r>)H3qlERxUqvOF6?YzF~!=lH+mv_7sr9sr`r+1$|)
zuGiL{?en93QigHQgkCq~u6vhLExhhov-s&~c%;!!TBOV-Gvy*+$WC9-xX~t`32iMd
zAM5TdGg@G7mgdS>X5L(`_xKWpASApI$CIiW=5?aY0%fqwJRqUm49qG8R%0M<CGU9p
zy{(?qyyF>=mDwjzAgXiMwQf;9XGfZtmc&@S@dv-U+d8;oog(rYfRoWHo>^vCS!*iD
zY|roNUS3(BV!Kl5TX4Hsgt+y#Xu|0A3nrNzz3Uz0xW(X(<m^_N-9G!$72~|WT)+d7
z;03-;DVYIQPg+k8;K{w^^UP>l&o}#9Ul5KQH|21xLy_)hmrf?cI)CtQUa6t&ZEPQ1
z_Iey1d$f40`Bo`nv5k<mp3=t82Ua#;<(6WzZA?goG+X8PvYt-~I;{!bSfrG_{N92x
z_P$;k|4s`-2JVCHLrKW2)+ccpwukO$ncF^OXUKATg77(@cSIeN`@h&6r>jecC6W<7
z7?ToR);Q%GZh;mZ*ZeG%vB&u@D}XDv!cUmvF1M?`#k3pE@P+{!*WAnM#WBKr^ELV2
zTk8l<>!Oau^64Asymq;?qgRjK=Y^>&#~#bu_;WyyUD8HAA$Xq+ArkI8aer$)p*Th1
z<0L-Mrea9Z2F|A7Ra}t4Fg}ZqX4WxtI6OPV^EsOPaLdXC96FfoeR9&U;AN{8tFEbj
zu)^Sq0t512yK{5^2R<JM9qi~i5}b{5ZEWOUT&XE?oH+00cP|sv99lk&zUSg~fvn$r
z<^=9Ax8KHhaI1m&ucPX)1NuChRy$vP&0y%7YEupUX4+pY#m9LdDjr({Ybz{`<H>h%
zsf;F*zFqgbd_tPia$JzE^>`{XOlL26jd&g$<ua^dEe(Uxszef?pwqU?M}i-;5ps9e
zt&Rpvfd+vS*yI8S0ML;cM6~Hc$4xn$>dXc%6KqNt>*O#YWWSB)yOzdW(*iVGl=fEg
zZp25E9bDWN))nt2u2~(W2!3Z^vIeUZ1;V>ai3BEA?091C4;tT7yCVZh(V9L*cLTD|
z_fi?TLZmr8H)PzhL91dI7+fF3bJUDB77<7}=M~}{0$>q9$1_?)T3SXKAiw25f}T{d
zb9!mdZ|fw#XJ^OQ8FOCCku*LHCBAb|Xo;0y_#<d`VfQ`wU?-!}qx@&fmpsBNzKwx=
zoc<$y?@<khtopgK#M`?tx|MD*a+$5JF4VX7?qTQG()X<QHZm<!FEwa&ceu-UJ1j2a
z?i9cPp-dV125@%*Sw?_TInhucpOH+DlZ8v-JP8NBqp*AuNUF_Hs?pgG82BbPn$PRh
z7eayiejA#TW-O=>QjaT&#)pIQ=JnWUryQS~1%YmUW%8yBhYJsH%j_tf75BLI-|Rs#
zu1-ez*UQ3uN9-P}yjD7oeeeRp^w6S5)hi7SeNpKrd2(!Zb{HTZTmre;3B&QTXAGgO
zj^`8aHRkObBmUE^m(n$J-%Piu&;?aAP!7e^9}60QQm$Dp^xNh^H3I>G7QGqX({U}F
zfamX!*Kow?{@3mAR)g4TEQn0A^2Sz%KtRIcw#>)yc`SOYqVUa#o^&TeK!T2mY)@DM
zjv_`X?3JelAYU?hsUmm@lsKx-6uyV)X&GK8)+R$=M{+&7HGrx1er)iL8Ya1!OQ2dp
zfTF4RPyt$?Nz}+u1==tkcfjm=J)jBUgjr)l_cdvQC|+BCS=J!WN#A<~E!+}7##W_N
zXNk8DM|9jWe1T`-Bj9|J4^L_vVb|lDVb@lpr^bhRYAIr19XBG8(3#NpwSz5ND1oOz
zl$`PHgwmnu+;T~2=Zsm+A2g|KS5;)I)KQ5c{4`+T-mB4379RBalWhPb`sX&As)1s0
z#phDt(COX86-eikW|%v|QD+tZQ?=Np!b%_vdd+1b65UhJX7|ny;f-uHMM3IGhr^!@
zuDi2}qUIb7SHgP`cnP~uQm?Q>TIY)$Y%4S4?ddB*&gI6boC4Xys!l`F%2gOLx9Q{4
z;i^ves?L`k0g`NCBQs%-x31%C#?Z&>`{3HosX--!9d9+8<Q3#Pw{rVk7L3mERQK?u
zyk#?ncTpYAW5v5OgYkS*$12k@?+?QD<h`5VZAr&8_QzZiAOxtYLop+($R9CWh>jh`
zf7;BgB2Q+q=KC5%{IHi#+tu<Af%t6<hhU_xgMy*5TW;sfM|gyePDWRh@Ae5rKfHj6
z>?}=-ob)A){|W*HZ>l9jo_gSA9T~9>t>b>_gOLg%NB1a&Z;M^?ZNNXm{QNszBEZU+
z5}dZlD**K_grS*A(o?18@#J#cAceL`6iKkIw-+i5?!okX{$LDQ9s$X`3br(q0w9~P
zyaYXy>|3z6x#`b1hf38>7mc!sI#nnw`m@7n4~<6b#5@30DtuF$i^3-W*)ny&E}eWG
z$F`4bDPTM(&E7Vi0}mo0D30@zhiNnQD#zANb${R9S4f52bU3y|Vsw6fHO$u8g2LL;
z(_z`_ak_KT_B{JdjOTh{g+%DAL_BfqK~zA&6i2ka{bunHy4*vdIC#$#{P}t1v)8*#
zhIBDrBcu7fbDy$t>+KTi*f{d})sFA>(_Ffr?L2o4ZqvvTLg<?v30>4k+40%#Iv&Zb
zpG_%%Rj4+1$Tvted;3<|_PJtYRLQng&9&%s9vR{tZ0%1&0{GE?I<IP(>^Lm^Im0#C
zo^CylW@Q929&gFx((GdRZ>(_$9%bpT*;?*Y{pTU>J!Y}A`q(A&ag#%CbB5cqDfDZ_
zJdpb~*GIYcI@-A721Nm(O{ZOtr{}3wOLDC3%U5wii5SeQfl5MIslW?2d`pzQXI?LP
z(br6Lh&@$21=ann@ZErKk>`h%U#}gH^ZmrCfjpu8{U=1_RVRK==Tc^{pdA7($d4uA
z=Rb+|djy6q>ER}u0sW6|2ZMAAkC#Wl@zys+!=d4$&R0K&ItA_;?_Reo%9?8qXb{$X
z*ZvInZ5tCB&NOFFIZ&NuR$Ve1Y_r&dbV6Kn!~!QY3P30PWsJNeA3#@_HcasDNA7#4
zkJ0VI2BjTMR!oi!P0gx-@8i{V8|)k&n!XA+$B8arhs&?;IO$YPQ6TI7a`j(xRZBIR
zUv>@P{k{xP$eg-AFm5xf*bl@oARiRb+g#TbnAhp3?24O0&#MLTE(ozOg87fH>Xwx_
zSkI82C2J|ea(?+{4YRe++taLMD@A$6w%@Q%TzOvGLv@Few^b>!=OvmvBwX4!0}RV1
zOm{PViyr%D_3lmP8(u$$&dY_>C~<grjMmSMn_bmxqA#^he=#!V16|L|Eo1JhNZ+n_
zr~1|}1-=-=UVwuzmMCWvwFMI}6FrT1W7t}s7(;)+?l<T;ei9?(pU9zXTrC2&onR0z
z7ojM-)|Nmyst9<bLz6A{**A(~Ln#etU3c|`Vr5=!$nOJIxwH%&utKUE1a{l}i@5~s
z&{<m`KGSdW6>w1B=**mxGk^>`(sxTLlAfT3fdL)l6yj?^<2HrVA34nGmTKUc?7XB|
zbAv(7XcbAl(|vbQURh(ScK~(T{b~$Fd!n!h?xeS|&3yy0xZ0VXR21lP^BCQ4_CM|W
z-LFf{q1F_ZUD(p5;L9oeh$9&X9*1szs<@~~Sa4_&$1!{V`#~;VTNc)*iTIs$xHi+(
z-oEDk%3M9O9i{P44rSPROF0r`X@}++&C0?J$DKjD2FYD|gtH6as0FkcarA0P7NBjh
zJPd%*gi~@3vzO4&5zSVITq7Kbat29*WNz&DBr3XfMw6ru=wgmBPL{YMJReYtk(W`k
z%6)=ps|L)y20Y8_6OeOCV!RVJ4&a33hAmxgpLX272vFf)p&bq$Oc&?)JuGAurKTjw
zb4RIskfjv70{d3VrH(bcZmEr@4U|@Yn9A}pcxS4#{9$8!C?E&}7)CoSBgYBh>I0@S
zK)Qb5n83@33s5HbzXoBv9c8yVcFMie={@{-<M*~(Bz?-D&(p%<s=r^5<*_*Vh8DS+
z?|k8K?(|5OopD!zG2B%o?QPGp>*EcJCimZvA(rHT#CvXGg=Qr4gqV+qO-IsQ#e{ul
zr}C2Nb9Y*o6NLEEfMLd{%<%kq<F)JXY4s&^!ZpPyzD6`L2CnYKcQ(g&K2h1q-*+SB
zA_8Vb?La9#A{M=6<yGlBqsWERrE$@6!5NI@`Qg(=EzZ!b?1^;EpRkqO;v8TMDB;oZ
zHtuxkd$iZ^yjnQ|&GZxu3pa?MWC4|}i1)GnPu=3#mg@}MNP|kz(}|&mGzr0I+p_bL
zt?p5HMF<`0xmL+vUTK2Jd|70`{Obj3BdSBO?4BF6!pZbC!4=C8{K?(x{goy0LO<+V
z-x}Y`pN%*zpJGyRA%#<Qp5UO?OIFe-_LXms{avAC4l|QbD^4q1;YChpk0%}hhs%ZK
zt*6=iIQIb%p~oZp5IFOf!omHL{8-M&h2b89M_dH8oVf{i9hf#a-xCfv0c-BNCNq){
z-0Q;5zGxsu1k<a?!-_=u6qEpsYzg@U=O<Wwzs$YTSV6D21v2A<@d!$^!amrx)-C9+
zHh9jUZMxiV>!>7je8aYtos&DpeTm3tfPUZ@-*kxgb^YAnZ?A~s%|6#B=YFD4Q0dk2
z$mTFSr2RPwi&``sk-_*Il_4TvvZF~L_>)S>2OUG?KYg*J$9^yC-gSL;KL_3Ne2Oji
zcj`DqlL3_mho35e{fd@|%CxNZUq>d2QLbuf4ww_TECV~z^y=+*FM4b6@J3ydq1$xS
zidz>hVmIX4&2|+l<rA^XX^lY>r9gtlw|M}uRAWQZgHxEO@g_FZ7fCc8cFR{h2M-DV
zrUd}mpm3(Mak=B#?PZl9MkJBd8Fw=4d!1iN2Xfw@>9XDJms+4U!Wz~bmc*5JLqgh_
z0joMz*(VJvJLG5vl0&ss=1tD4_XN6xIDgJe#15Sr>2h4Y6Yi4$T?=4(8GpV8B4pI-
zEX$BYid2ZLi~4$r7+pIB?H2(+V?tme7dbH1z50F*Ry|kJNxU->U!g?u6jU1=@7ub(
z5)zXthYf(?zUz(^9&PkAgElNnWZ(S}B-yWk`z}Wnip=7UF3;sok>uF71%8$8#6l_f
ztIt8Y)hH;+YZw*seuCv|3?hvy6aaDf2Hc*UI;L46uVXtz8Zd*|@v?!k`5^i7P@ci~
zhwVGpw9mONz>?!Pco9RGo~mIaA%56AScWK{&GJXC?RydRMp3$DyfS7I1(f}>zNhnI
z9p(*}53Rp?xKdwY*sfV0uyeS~QhJ~^mmBy`_a3AtGc~j+0Hev)D5UuvMpt!PjeKXB
zr1$!Az7WgpT%U+v!-k>70|wO<y-*-0x4FT#4yBw`H+Tf@AZ$VeZ7P{N4a|~X%m71<
z+t3b3Tz5>IgA}>oHO)yKiyU5SF+Id%(I!+J<w{Ij37a|N+x*en7<L<MQM@Wyva53=
z6-&sE<#iwn-52j?aEFGBlAj4IV9J@*hbiej>0ECwzXs7L_D#8}6!gIgpo+l{&m&QI
zYIjuaOFG!dgEyNS(iKjjAt4w?Jfr!g(Cu>wps*{pq=I1Q_0&1Vks->5>LNB~9`-XT
zmY}z7t`Dw+->nfg@leHFV0C%ocfasU;f#K)*~;;M2;Z<8b2sw2DXh8uM%Mj>Lysb4
zwMrs#CxRl6o_u3Aj7+uA?UWYfoih=eTAU5pe47Aa`$smXpXN<d<$4%mg)yZ3h%`X`
z8dpEeCUJKDI$PXz3D3?UtXlj2n3LSV&}NtL$6?ow%w-?=OzbNGNbir4R_ck6a4gNW
z(<Q~J91FNJMc#Yy&}=XrGwEs5r2`HWr2_?;_tp=-6Qp72x7p44a4*3u7b=gE<sb1H
z?YN|6415d2Ut+>@!_gZo;UJmYWw%zr)}yyQn*N4&<+tH97d?{~{`zr${y;enC~(h*
zmK7uA)dpb*{w81iMB0A|g4r8={_IceaZ`+Ld1b@~d5*nZnea1%B1?Qd$DVc}O}mrA
zQX=BJT&{g{C=binJK6RphQ0w(Xa&sP$2F}REiYf<b<YUpZzlC<0jJ%KRKbM?4RKJI
z0C)gW5X}C>P>;PyQUY5{nW)G&v-?n0T7Meh5+A6s2&M{S3U0qA9w_yAc^^5{r$y`L
zoOIQrI>6D|r)6cP+|(ArY0I<{9MYWo0SgVLAra2Gm<b(@x>M$Ji*)gn1wO4G%$$=*
zV{ug)4w~7v(;Yz>w7JXnYwZU0;@`hf4UffJlzd<s+pclk)beu`ba$&yeHSX+I?x<U
za_}INZKkgYz(A32!pXsGru4c*V(+Pz3Z?yx9G`;<x=Zhske$d|>p&2nZRnu3N05zI
za7_U5J<M<JI^!1$EMTxDCtGq5Nby&7cdtLLBb;)_W8TwHiDbGg5?*Q-n>KXBXV+mA
z?#jG;4b}s%#iV}k(JJLmfbe1P-A#ORTvd@m|F!K=VnyzgAbW?~ct(Sf=z?nNlqtz9
zTW!@Nah`N!mU6U7P?ZsrY}xY6f<6dsCcIn0Szxxt=SLX+xXY;~$T=9V36gAI>}r(T
zX&O|*gX^CgcU^iH(BGqE{{Cv`uIRlm#wGFQ6e37qch}bM?BsK2EKzdx*PFRIdBEzU
zqkzL^w5BZPyiEr;xGofffX~^%g&e#B$Ssf4PNbM5M>*=adqUY}n2K1&k~KHxu-!qG
zVL*C*FDKhO0ZZ>}on6ExbX2uyY{Ni7eFkhs)djTeY@9739|5LS{9k_1BeX}g4$t%?
zF=ZJgFXI*|rJoeZryXe;m?>x#cFe7qn`uo{Ml)G2{MM95IR6;Mm%9rU8(HVe8imX5
z3JgSZy0u`m)Jjd4Zawi8H}yC1!0+$5+?zna!JyuJ`mFhD*JhMU{JT66UG|6hD7KBc
zI8=}ny1+6P0ed!L&?j9#*>8GO6*x%oYCakc7XXf@VJ}A6UVCI)IOVvv@96_i^(z!I
zFIT{d`0wV-w1S>hySd7rOWIT)qVz!Q;jaEu48`L(oQY>rVeE-&9DwyFUyYxejxH<a
zE4Cck)GqulJ&Dnl9rhduu=Ci1!A`2$>wTN<MKGZKn?{~&{>qw;$IGc<wv0W`VHWPj
z`O0iEKVk%d>~_K4&pt)G7T+r1{nZ52z>bf{jhw^6Yat$PInNJtPdh$-X7-$LZH9v0
zh(|G8)x_spYDoU$aD;1b%^2nXd_4=4B5@Bh7*c3lK6r^kX3S1O0(+lc_vf)MiH~my
z6PyJg8XA8+Oc|bsWv$ZJUj&7_bxgv}8H#ZEjl8=}^_#W`4mWLJd1#F}wkTYXpG_^K
zjYM!3dbtw|m#j08+P@A1e}&-?QfiKvMv~Gl@<VwK-%BZ|6<F-dQ8g8T%FM2A$S4JT
zX0lsYv^Xrcxjb%ke)Dn35|Gra!ab%CcPwR3#n_r+Y#V5hbAXwhKG4^u(NF4+R+9V6
zMjD8<`R;evY>f(5AzUSlS&BLX;aNg{I8EdEi{rNgDswI0a7+#AY|u~yG0d4$={uK8
zh08s<Lw@0V`mM>%UNy!VqHWj~GO|e2ao}G&6!udQjs1)m<?}oQ2_!2a4`B&Lpz}iU
zX&m_BImfwyIktG6)^3EsnjobQ5LzZuuv}wj@A)#j<=13kr?vLWiOAZJw_}H^5-lS)
ziL9~-xM!bQH+H5@9DGNWLRUbQP(Lt=r&@n&6BB7Tl-xfvj;g1Bc*^qJir%pAWeOP-
zg*IXKIUwit7A4eeiUSIC+CdARj*4X?V`#y`W<f-PT!q<j=#7Ohi~FpSkqhY?-`4BN
zbeZxqwfO9h>^oHO)a}5H>Jvk~3(VKKsxJ(%+4*JTpys(gw+FxZ=W(Gpr{#upF<slH
zK|KFmBlt7^fOK%2K((d@A7^<M%Hara)*173@whsuBD)Ek!T&o%Z;#2~nR;qOtf2G>
zaqkG*F6ZzAII?!<g$tbFy%!`kK5Fu=Og$q74}7@f@!sPydTtKu`QFwT<qXRg&Q>`m
z0SY62O5q?#*{T$~9F>G?@7=YAX?fmbuxa8UhYl$<7Tu3-BABziPGGSjR_a4zbb=E1
zIQt||WjvCbi@7h=Vl`$tfyG0Jw%rR=3{^I3!YU@Isz7hng73>9U6yf5)=S#YoB?05
zKE2za=fH4gjfhCkX{fhVzMg(SKi9gd$j9$@tvH>UuG+TrV>EplLY{n+H}hujqd+4c
z!A=XjNX{|7VwJ2(=M^0#;hb4rAWOy}W`<G*8Jz!%?J@{ubN8^oMZmE<RyMPm{S0zX
zN2Fe!!s46Ar+0NoVC3HH+}RN@VY*75#G8soAiY<Hw0wFyU2`E%_bbgU?W&lP)KGOM
zDfF+2FW)l!X*4$vU=Q`~<0;NvI@{_(T_oBWq-XU{PxFPW?+Ovqt(#-##aF7I*5TxY
zb?S$6qL~IAfO7c&c!c?4CC65iu<vgNAf}Nz*wQW0;t3V56D<}@(=fGHnD^oqlSuaG
zbE?-`G~Mq~Oyb3|pU%CSkrjsg*S?^nE|mqBs~YeK_nq+aR}VGu^Kc(Onq3n)yIhgW
zDZrgI(R3ss3=$?40)2iP2d5=sVEFzKAKqp3N#mZCh8I`_yP1`Zmo1UK!|bA@vhZb|
zouK*=B`hC*?6G8@3On$dms3SRXangsK1vW2LWFX5RPYewd1a_OWF_J2)Z6(IesI~|
zcef0DEtbAAdN{bWOXTI?3DNr{Dt7gQyOD1_0nu`#?iA-oPr^0(-aEGTtvuLK9oqe|
z){`3r?4{LqtzRX0wiPvARI%al-k0;6N@?TdaQgtV>#2Q5XJ|4r)8JUM7&7y&RKYV!
zL%*Gc-RRBj^xxavFr5eji>8o<x$M@ZI>Ok;p}J7vEj1-!TRy88Vot29G)O<%dn&4$
zs2HVEl5y_Y(D^QoY8h^WTq_1Lz@xYfl;*6@qO#~0FrWLS9Ml<6?nG;qB-Lm$59a<a
z09up42FHcz1%TSHBIyJz%v0qd(eLe~M#%3GO)FofUN<+D4j|TvFh82K>hR`c3Aj^F
zb%)pE5n;r&7_j)CmQJa|5sG;1nHIG$L)f^IH7eEd(;K|LG7Fy9Z%U=rq(?NJ&CQ>m
zoMt$#m%$YgONXYi#3Tw)rF!0P*!aA>udA7L0SUz($|%ZDbU3)A3$Oa-1p0ZTFEso~
zwcrkZE}ank+~51GH_;;=8x|rmk%%ihRyCQrj6u$^f`^f~Yi=^0yllnS@06cq4z=8%
zpa=9Lt<u0G^5&4YBKc#&Y#<S|u;G(9w<vc4gC1bKTDR5L9kDYglA-VK*B`yI_B58N
z$ZIB=Dp!yctaJapFm6$fEmGaI7Esq=#g<jW9KpAI3g;|fglnd4_&5TBn)fhFM*)3*
zwZ+*Ok#0lU`_WIWX&JnXbQQvwAe-&2!Iyx(Q5!)Q;{gXve+A?$9(PLo*!BD8xk$CP
z1#o{`8^N)yNAEp!pFUwzR5CgF36hg5k0rKh6i=48e%E{;*QG43x~?S)GOb{LbmBE_
z2+op2XFgB&O=XohHLzgr^LT1`I6f&Ec-#Ml@nZ$z1mpoAVpI)SvcNjShg^ux`~w8D
z2!W0UfZ~&jq+poof=R>Kl%Tn&7e%kMSYpbRTUrQR;MuwmPP;J-OzNA$CjA%Z-01do
z?o79bE2D827A~?jhdZT>I;JhUc)don^-!uja)fl@Ox`~Zu~gB!9b2?7G<c%?%&XME
z>ygkzL>x9xQZ02(vJnt|y(rI|v$8GCRajZnC9hITWi8r;`CSX=gE}8Xs@DOQ29P05
z7Ad)*YSLfAUEAHx-wt@min_lcu>K<OM!{c*k+sy#06Ii0usFj;SS_r(lL4$7e#L--
z$cDm?o?nA%%iJzPRq0$}0W(wEkuW_f?b4=UD)~|w^ez<}Yum$XmBCSP5fSfCN~2>Y
zG^j{jS@(=<fn^4^&Vho9ZXA%r^rELTM$|o7I4{7e612e2NQkDMJy+ulzMdY1&C}Jl
z5@cb^7eqI}IGD|yK;W#m){eUnuUOXlR1F}Y6kd(?H@;H47I)y?*~{ex;^**$K~AW)
zJ%V$gNztF0QMKA4Qaw1RT7Zt*HJ|Q!)k7aj*?JLZtW9y9PtipDeWU7Gr5guj!HgEz
z77+w$%-s#xk($=Wbt$wtj+$|YE*IM&xl<hm-c3TaJtJDL8XQt7PSXlnJavRFI`62R
z>AT<XDH<!58FoJ`=(on{hR5tAz6{zI&9(sa&Oh(oW|Eohv>eUXIlD(EiH9G30SLi6
zIalY;W<N^Q;OFD7JN{?uguK6OeZxeJI$)lVXWz4uK0glhf`(y!zJU9nfo)?NJvfB4
zJ+<3@zY$p(9DoTPQuT~)YRK_>9ldgpnCe&f&e2O%l<P{{!|7{otD^OEhUu1)YMZ=*
zACac2d!)IyJo>Y3L$;EFe@^o=z2?MzxQlI?p{gB;QE-&*te%J9^Q;GHK|fPmm0=~S
zsSBPnT$Q_P7}=44b<K7gR@xzcpi{^R&{3<fr<m+)<Jjk|KWAf`5dV#stu|+fV~4cg
zyZqd2uI%nf&qhfYi}{vFgYTUT&DV{*ov1~L`E*KL)d~%jXr4XQXwfW#ObsuskPw4`
z$&j-8vsqJg{P%=}pZl-wvMN=-_f0}0DZQ34U`{D7o}NNdK3CV3mfJrZL>dlx;Do|p
z%YpA`@n3+!gw)>%nbaHAzu_@sof9*}IpXk1I*N{`QA4I<D&Yk45Za{u2@FyLiM6G<
zx_jtzI-MaX0d!x#{R8x^##N?xgX_G%=)UYD*-6zz@!IP^gn<XBN6NvR?Et<#tP9-F
zGO@MpTu4@7-^tYNTGBfneG7NUyYik57Eip}s!vFFA>Q8yyoXV8)+ppi?(cV?eevD6
zbLn|@J6`SHu>Orz+eB+BXX;!FEyfA86Tx&fMU`{dgpT~-SWDJ%p*C8_XQ~mQ%x)R)
zqa}c3jLq5pQwidHh5lUk7xZu!u`5JaUnB2hVQYq_Q4_@f@SB7%tHf+*a>|pmFS^xc
z<X{*WNOfCTq{u{psg7yK%@m4a5hK2Bov7Uu^Zv2qAU5#(Y)AJkN@qK(?ooYelsX>+
zquj9WM7g?u;&w5&*rZlp4Ed?7vj--@f<k~64S5GL;Q$54`xMJ?kza(FnLJ&Uy6IlW
zZnLU(12Oo*SpGRaEKEuHUH}FPu3M|_ipzc&;&c^3_dLcVLfnHij++H|aO57&3p_IH
z8!_7;o1=mpk<SD$?^sAO*ZO<NvGTdEt;i|p@jkRaKiF1EgDp&D*C8LF=E=?aCzr4M
zlCeE1i<JeBw?NrwroRap2R@FCO!qV=51qYN68U6sti6OTr&Pffi93Y4+}nxXPHCHg
zm7j>`{n~IY8G*LYS8uyEi+^ROsl4YhgCK`ic+o$te5im`BGLQebvytJ<C}jB$Un3v
zNB$3NjZY580pG@L=<`Q%_*+ie)o14SF@g{%dRSmEP|Qc0vid>3OQlomn-3s#W~4Zx
zj`(LUoDLXI#k%sKJ`O$h?t4X39Q9QfDU@<IHcqvfZ6BSBbk0wXEak})y5WU(T@(?<
zuwURBRVp<qHcUMKH`q;e8nD@u7atxaQX$1}P|cfd7B;TN+yp037p8>Z+%5c2!O5dO
zw^0iqkgsru^Unw?V2I;|Jg-r^qmdmQ0E~`jDEmf|O^_(WVg0a8GW}F~j^+%#bc{ds
zbKxLJ9u3zZ|B@y3`-w~6!29_}VcjrRH5jQ@_Uk@WZ+oEh_69WnmwO^qt*~m<LO&f6
z_m;c{<56CznA4tJakhRA?w$;@l{fS$GRxgZR&>iYD&wChAYgAoh)?|-$0__}dJED-
zq{wu0JGwxTg9#7vf0%eG+yRoaZ1V3A=MCdssJL+Qu^6rsMp)~u3`M0SnTuHO{ovG<
zq(L=<Y?2Xn@pP6>-UE}~K_U;H<WziuuBO4lAHS*Q^MSVS$D-(2zmb~hP(aIc-)|4j
z1Snh9^{`M4edDx)NkgXR_c%DxJZk^?v%T@e>yYugoZkIby*h=Nb3C7Lz;^%>KqK62
zeA^`2rk|))$xvxOcHu#2{>04~)27b`=jI>0ehMxe5!~6kHVji@1i_2+D=2{myp6@`
zFW<a_x|y))ea}`yPv(rIT1=s)-VTi644Y7YVJb85MJ^*xtR%}ghIS!O>H;{g9FDiX
z22`T^w_(?hrkcnGgMS7uqYeGKF^pM8vb27#;UN53U4WSPhZUKjZ;I=*?J{P`tV)nn
zWoGga5BV$%e1fL+QTsWTN4m00^=DXuFJuhHYYWqa3)^1+5?^!sIj~y}llJJZq4YMG
zJ|ll5f;giEWFxe_!!h>+kOUSi{7#0_znf`)T=Q7j&GENMNpW)6ThR?a{9RojE#wM>
zH9b<Ao)QrkOJ{!8|KW4c;(Ba3o2+e(ElwncKQGeIBycr*!DiMU<vzVV-LI>*cYr89
z`hr0218K44jnDE}m9agm=Lo`M{&eqYEUB0t%9DIJl_r?lFO*5Kp>(6OIUf1Z<_-O1
z*a_9IYxr+x#iW1xAWT>XScw$d%D{mDLC>(nGmBCMNRXOmNfcbar%5`FkLji&&;;;O
zDQwiKUwwLwRh~6jGM2t;GSl$8Uun;ksu8dpPiX*Vr&3V9(@$EbIvAklPONo(h87fe
zV~FRX=M&d7qM+b<=)8pkk-B9^bFa?-Y&aM?sLCe<e~<)fU`}9hpc>aXqqIZuV7Op;
z5CpbLSeGU{^+Clh4V?=?ol!_g|Kn2M0P$}=)plGkvndP_QD9GEVGD}L4l3RpoKaHf
zZRmZ?#eGtBj&0FUTi<a}J@khW`Dd?hjXU3uLG2@_2$HGdTKKd)&o@M=fo+&uDwAm7
z<7TW1v;d$wID_4+#W@CGK<w<sxzzz^YH)au0K6W)mwY)7wJq$mSh6`Eg}GT%()`i9
zLA69Q@A*u{Cv{T;Yw;97u%U*Hz8^sDMt{kGSKPQ3u<7GG|Bp}oyCb}L)hdBoWz#z#
z6x-0o{6&ujVQ~`86s)rLmCHBHrfhcm5Ei~6<Q;8w-OLfo`-lWpYf0KBYGY4cO+PO@
z3k_`VhIk<dF0G>Nz=?4#wf2S$2&_~Y-AdM#7i}m_v2J<g@Qg`=$eEIJSQA?{bT<jq
z9Dau5&a9!geScm&jR=1ED6)>f*CY+V3d;<2i>h)wuNv_z&eZGK0v0s&s-uJz+W6WP
zWE=aN_P_sR$f#17fxY+tANJ0&tF5SO*9lH>C|0a^Dee}mMT-}AE5+S{yB8_i;>F$F
zDemqT+#$HbNuT$9&QCa>&d9elMqp?8ob$e~y@-7D!+?m;pR|dz@~8A9K(XHsT@-mf
zn59DcoWo#d>XI%g0pE0aP8(S<Oj%u>YBK**0O}QVI#4B*%6mmo<b?@7iRVyYxU77~
zr-wIX1GO_E9d&ciBBEa_A2MwpTv~3Zo{6tkf2H)+MCDuv(J~lr@Lg4;xG@ka@G%8V
zpna{)bGf2v$U!$W{!%yn;M%$T;{icUVx}l>%h#E(pm&j-(WNh;qy{>;JpVm&W#izY
z-hkz<GD<kd6f}?;wtz7pzj2b^5H9_X4m-E&ulwx}o3c6wtr{^I+QA^5G=rb_!-;S1
z&}n8}12(M{euMNNys~J6JZ_BFS~7-QQlwfL;nW54sUJ;}Sdb(+P0wY(?7HMc5;7J|
zsRB05jJSKrw1goafpmVnW(tYvShsMI(+tBCUz;RLn-7a^_tIS*ORQY30<<+kKPFOc
z(u{WTDz*FS$|4-$EGQGq?_7)U0m!*f8UEAvhB7KylK`wrYM?p!6;mJ_>r^Ro39dB6
zSc#!CzIIYR&i3?#cipiD;cMGltQw{0O?-UQa;N0zT}LGvs1@C?T%#CY%US!gnBV-A
zy2!w=M8C$S$MvB_voIW(Dmo2h5vOk6Nl~E*NMP0o{=%#OAoxjhkJqZ)#W>Fsk2k3T
zg>lExWTJCaI#0XZ+m9=9c(a_%eB%B6nF|{`y(xg)udm&~r}!8+e&zM?GFz!!1dt(w
zxS{wzAqZ}PC^ekEUNVB;c%vYYoHS$abU-S>!jJwvlZN%^!RErt<=nEP(68dg-!`;!
z*39hR6?()_H397ElAUBm)usIRqbw{gj40azZkF^cwgE>WlMyR#`eG>dB1~b~fK$x!
zvM<WI`<W<AHMN!klp~s2ZC^|YrsNt#Loe=2rij8(;;pjMshd7#g_;Nmv?r<`=In$D
zNFNjXQ&7nR#<wfxkTpoIgT*5EE*^Lt$jD!Qx;xTRR&fN+n`uklaT>g-O=2N7`M4JO
zo6~HrXkAGwJ!0cO9x>*BHzQV&N58gGxeGQYqS(qWKtrW+@NcGt2y*n!&u*c^02J7D
zx}#6gJ_aN(^2{(SL)xW-cHH~{K~q*9q1NOR?HsBu(aJ1MIJYka|JUZW@4H!R1><kt
zhzl(TD8p+vk^%DnvJiJb67;`|<+H060n8-`)Yaz!qf=ieXl@a8Y2HGb2?~iASy259
z{P{%3dKZeii5wg{=k2C)!`~Pr9bxhr`Zl~g94*%w*?$&E#Pv0Pa_sDi+6oPgb|@fo
zt4w`Zd!%TD>6vp~0tsF6I2A-@Z8}!#T~mA>Pwjr%6I}BX=D)hkX)TxKU=dEiG@_?I
z&nFGFE&ThPFY3u=P?#o1wna|>->&IivSH{WW9l_@13spBI`>bt0Df{D{MEeP^+r>+
zm*L};{$zb?4S;`c(!lpJ>TxI8z@}aEOGw%cThiPu>j@ePe$>BRoN-*p+%N>^jbHya
z#czoNgwcZ{{XZmIPtgeBFW8vw&kJ6gUZ;!qa{7O8pQ2-8oTB>yHQDGk7?bOcE0+-N
z@-2+!W$@^KE#R$^SuNwRs;r?+BFbzJ-iI$2Z4~O|1v4>H>;4um@*@*b<7AOrbLm?p
zmMZq*<LtnKILO&s;ASBc#Wjw3wT;}pfr}PAt_)oEI4YwOo&T*9&e>zWJ7A*N@bLRZ
z%j9}?HHuf)YE{=^XZC{jiEWyNB=5Nz4jfAA6?@s~a%AJym~7zAeRAZxllNNFTv`R5
z@cTS%o2<|qB3kyR+WA30&E=)&JtnM*piA+GnFMt5t%y|;be{XKLVn_HS$Sdn@msW5
zCf0}fWLO7Pw4aAO&HRgy^}TlewaZyj?tokXWEQN-56Ou%lPZufs_7Tf+h@1+rq`!E
z5!)Z?l3_{r47_738lquae17m*N*yJnJva`=x^R_=DA<fwd8@jAIsu~MneH6qgQMZ<
zg4jQPlfe0Du*81;W@$(-N<b5+inAY%$mN&hV;6n+;Pfe<udpkRonVNXg|!&XZ|l7Q
zLo@+PEW%#Hd7rP7@8hy$HNnZZlN$=9+mh9fEIpZd*THCh4cNS#bGejCR)tJ+y|}9q
ziS`#V^v&0EdIe*AV1qseY*0~|I)g=#8*PTq(*eEP?Cg9K!-Jn*TzJe<K?Znaw^-<Q
ztzqpCQ`wn88$2c=!++w`i>K~<*1+KnWC)Omt~!C78Lr)$SM8yRwc}yPyNJ!$OC}NR
z0|2{}t3++xPXf{%P<FTS6HpE3pmBmoWB;|0v2q1V=K>XdR9F_Pi+hT~uRlg@e3-VF
z=87mwqrCZ@Djbwb62n$OSEno*$1sxK7d;diIkJ%;D-a%Wgx`QgtYkLYv8S<TTl}^m
zBS7V>aVy$(!l9tAMR))Ce}48v!^}G#1WSxWQ`fmZ3z#0xs)>=Mg@zJHDf(Es5z}PX
z@vQ$+o^#@TZU#rxuwv}g&|ti9VTAHN!)xf^wBaYUcOq@|$z)qg%h_6sbt%kiI>4-1
zN<T^j%^-7#aS))@E+b{ZgirzbN=5xVJ7K!KP2uNbPI$@A0Vlbdo>BZ^;xufdFjgxz
zV;n%zATwa1M+kUlNsWo6N1i>pLK;riTl9w&0DXht3W!R1w_nN4UOZ;-@zhaWxvEov
z;EzE47{ZSPvqkkyxkTc92^4ctq+j<GkmWB_Sbd+b2rhtiDBF#F-*HXU7hO!wWylUU
z5flv%?b=^w_kSK_0>HnO*}}Lua||4<dhXp;d?Jq~b3*aGFHhV~^HW2)J`m(moym5z
z-8xUdCEc9WFi<>ot)j52-3U3o7-qrrYgl0D_@?j+mXWwR{!9QwToeL?uDxOV&0I2c
z*8aNIIo7Ep>h}w$lCq1L(lNnMc~g#b(5hC+D%d}UKW}*7<i`5o5+UemNt(Xz0X({m
zhfIyMZ(0-ug=L`7s&YD`ooZP0Wx`3v5j$1#6=F(1T}y<Uc_26w<r->sJBos7MrKFZ
zd9Yl4D9XqB=&9fNMY~QWVVmP<46<K;$Pu|1Oyy|%Wy_%egmO?D0a{1)lUE*M1Cgca
zJ^V~x@3s_AM{35j=$M_|R(A|egSKMO{F1!_Q}-QU>7f<8+hy^XWq^9(J>uxfz)$MD
zoX3hsEwomSgDo}%^9lk4PXhWd3UUa57eT6j$<>cEDaso7!wZNj&?0U9+f<+>iD~I$
zH^E$miP)l-e`IX0EymuUdZyOq4dj?^c#!lNGNRR6$C@20?^hslGdwz`M)9x%-}z~1
z=`FILC?<fKodtJmS9d0dNs3Cob2N}j6f=34-Do=E%g0i^d|!gMP^F&RS>p!r4B{Mn
zOW&vaemE_qzq2<dEpY^+C%N{vzD*)8chjdD7cMjOQ$58t82l%n7uS7XSLI{5ZJSxp
z_9Y$Q57x?3SLEm#m8&5V4XHBPx_%8=&UVt)i%MD?%mj#|apM~?p4Z2er>E+kzS!~^
z;EST>{v0od92;fY(#F4U${U!3?_<fiEfemKd7R-0-1`izR~j9{_sDQQ3P>__z83Hw
z{4<K}Zw~l}ws_wj5CT}me&)BuvqOZQ7rg)C=;B(U@4vues^dS#CxW^N5j}bMC<w!E
z4{~+g@1~RqE4NI6e3kp+q!H5C*g##)C++|`2{W9m_x0BK7fEoSq$|n?8Glh)#ghYM
zb!I8nu!(`u1fyX-|6>GZ+JwB93HlTwyhyo&BO=1TU*StZosr*h!tR+H(jDNw1Bf1f
zM4o@`e+{b*_!Z*VC)Vy?4?48q&G|4T_5Fb;4-NclJ=6K`d3ga{9@yAxT;w&t(|n)$
z<|hto<XKKK|9ubM*ZS9s;ffXJhBbAwDH){Jx;b4HgOR|x8^b+t1Ln_pm-*E!bKdF0
z?S3rH66jlE(W`@L!3>*6*l-oJxDS-wSdXgwlI+VyY7Nfw{G2tX^t)qQLWa{fdYjp!
zF$bB<Vv$uw&tdt*jZR~5pU6+(pl54!-4xLG_*SuzZ{@Y~^Jx_CdW0GM&GY45yRKV#
z<Ker8QIYy2<x$j|=&z_c0VdIcUFoiegKtFFd#@9u=X8t|)%O2_n=i{-R*@-uzG)q_
z`<~wz`5xr_%Zc_>ddd}WTQ9KPu6dr3G(sk#ntpo80stiV|5yN9ylB<9Cp0mgqX<p}
z12BF7+&ME)pp+Ge10Svp2$Ca;1330HUkL~%ZNdh{DqL~-i-=_DFdXn*WG|exJ(zZ?
z2}jwqn*12oA*M746XIa&b!o`|>&Zc?(@dd0xsTa{5CQAk4<KNxAI->?z^{1hvuAw}
zh`RNc-Dkb>?qrpMLcUG(1J?M2F*LV@Kgi36SQB^+F_}Iunfg$R-7KtFhbYalbmt+9
z8~>l63?MSuJ`(B7`YEz09-SPv8Q+p~A!DS@mF_)5LB>Yk4>GIKXN2yqnsK4Cn<XbK
zE5&7oX5>=Yu*TG&s;S9-X|LSJjI@X0<Z}oR`JEm^j!>Fu!|Cde>8+HkGuX+{vJoSc
zvEtR<ABhX)`17B^BPMJuv{0u|RusCYX_!{{skon)Y;Yj_u)p<C%wjM6-tEDnAcDlo
z)W&Q83F7A9x__>r>wxGP!f>aw*LwOuf`?@LBL3q3bUnYm;=;SKZA<2uGs@qd_H;S+
z+Tdw@mlNLZrFD_?vYwP1kudgXhTol;m-6p2cBzQrGA{g>=K1=3OZ(+VBXMVRo}WF4
zmr?#;_R9_clMMit0|Usb7%=>UKH=OADoMn1plSd|9gtjSx+MH5vO-Bj|2%YktqDe#
zHkYNr7yoX$WQOR>#L2#qMja{$h@p^VM*_nM|Ipv>pks_E-vo|3+4~WQ&}sFJ@Jqi$
zP9J)rGHjKUjnCb7)q{CHq`GU{)TynG^6J}><)wV%S+-Vj+vpgtxzMOvnOePFGce=W
zhZUO{rM534hU}WIZv+C3vzxXz(U{Lz!vk5S#cv8a#|n6~6%IOI9!Z!(Rvc5uU3~)1
ziS632>)}w*lU01Srx9*t$<*`SujV)af1KCC?#@jm<&7iNe0!!Ex~4}I4+1d1iVLBh
zef#HH34yb9!sd$hhb6*-Iz3gtWQJ7|xVn%b0_4#{>f=#fy$Tl^jk?X87~-_MyP^u8
z=KC<xv*cbH3hCasyZ1PES2g2!qwYxxLOV1K*XlajYg^PA&RDX>IEpXsLGh^!?B<WI
zC#%qY3b&4@GmS^S-f_39eRiI4sMy2V<+zLQviWB`i_>*q(bkeBeg+TUz1x>r3nI)U
z?SGL8udescmd8`ix9wIT@*$esDbXyv>wfgOZq*NBO%5pbvinVP+YAmy@=?zAa8gWU
zKx#l7LV<VyT3|QzF=4j6D4H_;pAJWaTx)(w5e*3u%l;J4?`c#})np`BoKQj_x&9tG
zv}d1KW21>nG$Iq3jdkiOjl`5jRB55amiiUs_fwpoHBPaY_Q(6n+OL_yr#H(Xno@-N
z&f$;8m#nzypQc;RnpeFD&g}#)M`n-^NQOnAQ?e}8R)Vfj)SJy|)OnwNn}!8KuIycE
zB+NJ$D-Quqk*<kx?^}^r4&1>Z@5g2xyQc7unDC*~<Dli6d-yWj4wtZW5~0;jYGjLQ
zMwx_1vH)DrRcG6GcG-mATZ()P)ved~yERep<hz%qn=jMyrHRsCTtVXrr&o*Eg|iy<
zjpluKad>B=(~41SIFx7N9o{!OS&y+R22VunyB#l0HKys5)W2XBN_PFUg^r5|*;S;v
zpHb2Lr{L+!hrf51VJQgn$ik3AS+DK$s{XW@Se;Lw&kVf1L!a_u{w*lXW$S#IW2w|e
zfM8<@$idJlx0^#&BK&CtRTmFkJ<VQ{s2G49beN)ou_w;Q2I!7NuaXD{Aav%eyu6uc
z9Vc~f^=fsN1NBhTXr(D!V{l6O5><)6=Sl9)5pPl!w#7W8#{?&Mo<=)Nb?iYwza;t?
z?PJ5(s3*;46lpedvA#OUIFn6I{(bEQzKY4;<xY?D$tqj=C^(1sPT%jPoAehoc8E)y
zpi}V75VW+N=To8zNvE}tocE}l{s|53OXX^$$TU1eWA5|z__iNNAVg2hb=TZ}JQaCD
z+D$=XWVCxIxbY_x9Xpv=3rXMkJkO>5<;ZI5a?5Y;lE66?bR%~#c7Fu_Z-Eewew_@(
zYWrv1Un3S)ifhVNwc)vc?7P9FP2Na>h+&+b5Ca*`CSbn7_a);_@g?-pTPr89aW26s
zL&h^b-#hn5rf^ggzLv{onpJ4_o1b`0E?$pqaQ>H~I+|_E@h3Ep&P5r}TyUv(a0Ud0
zlhS5yn{N2CB!7r!2L1wqs7l2F)Cr%i3Nd7n|4?v_p|Vq^r!KJJ+EA_0aN;sg(ZOjh
z6+69Xia03e?Jey`TwcQOKUE<M8L+;aCT+nik9h!)g&)D~18fwebcXotYNN)Kb>C_I
z)XqVFfjssHiGIT3k$hmzMETttqyPuCU#nmxb3115lmCY($bTwW6MnvNl_GNw;^v1n
ztd37T=cR7q$-$J41^^C#*pf|5+lfiovybQ54iXu6te)G_ftk!1AK?Hq=Z)DYx4Ijz
zE=910Nt{WwEN?F`Mh4m)LuC@=ytMAz?V`?14CTlZOlLudFteo0N|6Y|IJHy2XXFu$
zchLQb(6`{WXV5BT`F3~k+hjOsS8pgx3x!p<m+85*_6(+&i4loG#^e*14WGprNMAAg
zpWa<D<J0%}7ks&#%*>I40GL&HvX=mR0D@oFHdetNKkZEk0`4Ll`t$~BBTDCw7mOpB
ztSFm0pZc}5LmfD@MgL(HJ)a~t>#F)X-K1(D_1Rf}JMw!g{pC6Mx28U64xOA?QDcVl
z{ntvTz?kg)=F0a`*&}!DA51b094u&3Xj!MPRyY-xq`HM4uPe5w?8g?(nteY+?*-7T
zNR}sl&2X+3mw7G4r^VpgW+QHuQ*0@@Lzu>f^!7JCW<29k9W@diK|aT@F*ZLatZA_j
zV2ND$;dk6TkbJMxGFaVy;)8IjGmYMH(`Ht*Z}F`b)v)<BG@7fgbL)QaKK!0)Yut+w
zPVVh_2yZUza=g&B7R9G&B=3HsWu^(UBXx+`%AegGGBjYV`NotowWRPlL6oKF4|5+u
z4@d`a<kv@@uU-a5EmtbA*=aRj9~?aYsU!csjbNY34c?g+hyJZU-io>eZ57XsnOQR^
zm>f?EIhM%m12htVrJ(F-ZxG^G7gUNUga!7?W$r8%U_$%`$w%@6UTjee24dMCdUtt|
z>tNZ|nlX`!T8(Rmc3;ka7A&W(zWI?hIhbSPtdOp;xsW|Iu+V#(I7omd&7^|!+#8?i
zhmF7PX@G!oexdpp7RPo?uje(12pd-hOvxnnOpyZxHV6B#Ollun=MVZ{V-IVkQGPi~
zmxAq$nB8KFZ5`LL0j;nVO+<(Ug{|i}i~X3bY||f^YysM_T$@!=qx3A8;K!?F*{>mC
z(;bk%k*j;!*v)^qw)079r7u6`lP{L6`-B%C2*<Q{1pxHD&oa*#t&@HJ9bIHg!(N(B
zAVBv81K{_;E`q*XCjjssj;NA(x)>RN&hhw$xcb**_z)XUxG1KwQEqpRJn0n`<M4pv
zR3oDrf+~Q0%x-g7``0i&7-tWcjN(~yijEjMV21+za47)tW!`o-98sCDB%wFC-c!yz
z=HY=Xa_8Q0Lc_XOeI9RW;+}8LGN<;bC2GXys`}9#Jx{Az$V@6Zj5d437oS|G(hUz`
zP6>WqgDbDaczy6Wty_P(+qfM#{6Yc<{yml61#_ap79MR_axGqi92xf^mfK&M0-Ciy
zxy1}vD!{efRGVFvyW1x9*ZfpFhl-B#??d&%PKA8l0Ur%#BY{bZ|N7)50FYsaS3k`1
zueNz(qgBDOX$^q8(#{w*veJ$9i{=ndC+7m7<JuxMelXNRHT=nUlLaS*f6Zu*7csF$
zF^w#Gz|RR!UPr$^e{FJZnBaAMRCR5V?VGuuY6aO_{wgWFwc}y2H-4}@MbWWn8kN(1
zxg}F)nhqMNlPO4Z?Sm6EJF7opIlb$eZ1&#E@b!O$ApyRo)0yfw|J$baJ_}CXFYcwC
zwa<QecTJmZs_Q+AukIC^7GMD0$a^Rri|_aVU{z`690&%s_Da;ahiRsE_3yaM>z&N$
znqUk!J!U+vIE_omewdx7%gB5Kh2^7nPJiaHql(Dt>Kw`<B>J8%7M!G;{ANlTzF=70
zo1Dk;+heHmvgSl;tuMou)>@Gx4Fj=N?)3LyVFSR{Ks29^Q=dtQ>+ZY;Fg1`mV*$A9
z1|07l<b)n>!$IpI9P54a=ic`w9oKut!<tWx3<VSyUQ{vX)4T;Yk?jxl)<rpt^Oo37
z%l9`?ZM5iw`Oh?S#F3AKc}^^8Qxz?{A4?)ARxx<j(iAvL;!hD&C?LHU%1{c@xNQm|
z3TfT>Fno$RuY>&mnE_R-|Cs^Y;>$2?ZAvP-fQ>3)!Jy+WsMA5Ns$YNqRy=h`>UO9f
zd_SomA7zxxsnfE}%f^@hr?y#KZ_XCgi*u&by4gQ<%#KMaJEZQz$n>YepNX{ZabCqf
zMFWvUsfnQoXvOTwR+lu$x`pGcaD6CTuy_eK_Uj;gYK0;>E2hl=Jl`VyWONT$`eosE
z<1zoo<=64~jbAT((V{F%)pkAshfDKOx2)Z&5~<;1QXRi(dWr?lYI9utyCkd2k6N9^
zU3F}lf}`-P`oXQ8ckY7bMyqoXUjsjU%&={IdG~0%C!h$Dslt(piXdDTPO^k?T}m*K
zfB&avCeQJc4Gwu$-fOdyzcx1_7E>T7-=C>E`_O6fDe=J)vXO95KHq$21ES8Y)+jMf
zbQzu%d-&VQ{!BhE5<)Jr%GdT&Xg6lv_g1SIA>qG5_uDEM4?EX~i`^Ja_jEd+7|XkJ
z;$gIdJxswX?4y_%7UA|dJXyQd4<(Ch5fBqJCM<zDf~cG8DQ|LbZ#$t8PtS?2&^fDF
z{*K%6Tf%x-Uf7xfB|$A_sYJSf=MXjvk4{50Ho!Z%sRZDspLZN^AnEPpDl9M*4jB7$
z!Jg$#N#O#}og^$Iecyf%0~+#PE!<h@Xdj75G!emkxax1WD-V3}7OW2vnWl5VTzY&N
zGOeImPL-57w^x8!lJi?E2AEwQdIQd3=oT(Uh5e_A?wH2gw~DcdJj8Al`a)z>d_Bpz
z@rpuiV}$%j0CC5Slsn^&=jfId`b;n52hmfYBy%H+^H2T<L_+<|_B#%akJ4@d7AR0`
zvsKChkFn1|QOmY1pPzkA@rcEK@=oP?ZK4J;!y(@qSBm~LCq|1Sz=xQAxeZ2am9q#D
zzVd%Ot$!4<QvWG<97cU4zAF=2--;F#NPXvcB`gT9a7uQx@qFKJ-jb<@uaS6Z)4rHr
zuRt?SbP%s7>_TYZ;l8QL#P2+x-XJ(PwngUQykLKuZ~R>$1=M@B&v>ghnEoNsxHCFo
z$dC@UYBRaYL%kn<@4aodZG4gt+}B%N>nVnbhVR>a+dC@tn*ZG>9NdFP9r2I(rv}fn
z`hakdFnIDE@&p7tOQB?|9J0ZAWT^BD;`!sbNlBJSS}5$u!`-9GD?YpA*J#!EdYUnk
zBY)bTzm+Gp5en^RxA8WZjoAIFM%K2FV44yZGzAmL9w8kKZ6RfvKc0*1H!298yq(u7
zDSHfRK|%WTW0`&vTfd}Io(R7e&kwv(C8gti(Ue3Sku|OUQxb$B_43m4c#B9#+a5HX
zZukxkG!}gM$UvWI9vSE;XH0d&j?dqRWjhe7vr3=o)3*VaCxHk?r^0JyWr8@Y$(i@T
z^=cUK6Iw$K30>LMjdgMDy)f=&^5aoB?|fNX&3zL1D*EwAA;bll-wA#RXU1gxUEoAV
z0fs0F-(P`@$Ny~uyf~_1a6K(@o4;?zJyslq(qVI$xL%g^pZcM(^=|;_{j>xG2N`tZ
z{tJM?I<;-Z28T&rjq(;e0jlgdy0m``{fYcDQzSY*@y5YEJGw$q=oMRq)kn_9QNNXf
zRp82S?=cVS1_)YTv)ec<-W6w!O)tfH>HLi$d`fhLdej3OaemW^yH8XEpTrk(q;7j$
z@DTT4)kNN-KCou>w!$y_=md8@*+=Z<33~Cginf~&&-+A;sK=Xo*ahMe9`s;hk=~6Z
zGE-J_vsB&^Ao<zAeCR9dKli*R^v@r<zKcEm*b^8ttFNlkc^m=CclLJ*y*qvye=DIe
zp*1FylxHFrc-6!f{!+hetAoZ;SuWg)?c0xs3EAp9685<b^pvb}!;zXx2G3Uttm&R>
zXpy5hP=(+9>Uidv!tnm4`Q@je3v44OI-0(D2diZY5Aah2gsJ?D!}g3%IDOoEL|@K}
z|A+X~)#of@ricHSiv7C~Y%gT!fDWmGMT%nSKmi{btgkcFF`?su=<YZJGj)HjvU-~e
zyV<X$ePqeQ9pgl9Y`il>Dk_kbCXh{b_l|0I9;9ckMNmIo&n`9^n$b^Ej5o=rfELZT
z8++|A&athq6*771#8$r)NAnr@x0h<U0~H(`=;-*9?2LkgzbQC7M4K3mB{HlM?xxjh
z5v8PiO`$$?Y7UdRTsfe5F1atAx7XS%_u<&5dCzgtNFM#AS#q0h4wHZzaNcTR8F2?E
zw;btFK3~r_y7Nh05MDj!$V<x-BEG|iHgXl!BD{ekTl|o{4!;fl1wg=(CWor3u!?`X
zq1Zd!?}v{@24x~oKyhP1(hnTb7E(<WpS|POAAFvx?1tGzhP*`*-1ppn&=R?|wj+ad
zKSB;IY5KN@KEHXZN$|lBIPHDAwnGly-#~Oc*CZ%s{=u&F9v=~gm;9PevyJ#q0;Bh~
zGx;Q9nAPbX@t&ZY>*c)BIg0BCol@30jK^7VZcgk0`%~XPbVgjk;*sc<{kY*3=Q3^V
zuUVZJqA-BxaJL@jJkf{P063zQJ0(wsh|lU-qVYK}RwtdCY&YV+fAQ~=n+<DGRYm>3
z@K5<@7_T#Bg&BkJzmU+_2w2NkW!nEd*1zv?@xz#%R*nr^x=Q~m=@k74Ymt>mj3xXp
zR&@K{Lk_M^*^B*GSx^LPVZ~Sbr2pUV{QrmfU*78f%bwv9fRwdfMA$|$^Ez6UHdP-j
zRFw@6IkE@}>gYUIJL%Tf=Q82XoGzWG@pIdbrSX?b>KxAB?`$`wkuDWsJ?Aim3Jk>@
zR_%b)znqol(;dbL-%rNnS__tEubfXCaFn&<Ym@ca1kNj9ysDOe^{}5+n=LOc9#R`G
za>U0^wB76}I`tKK-W7g;aPl5DOsX?JX<fY?7$0_G)~RzGee>qnUHi&x<Ov-lWxBId
z-dH%GrmFsZ&1j$UpT5K94cA8q25DpFvd<&4l|OoHSSO9FIRXUe3V2)j76?NC{7_dz
z6vvU4@FVai6-BPx+1{4)1~@+rRGbW#695o(@jev8+oNNv?KyOo6lZJ|Cu(pPEQyZ8
zXZWWa(qqS90^66q#TEzy1s{vNUFv+^@xJcv-<|NTImHNH)!O0KM~1=q>GemGxs03e
zn&YHfDLW6>@R$xI06ZcC8vl%o`g?qUslnX35Mia;c^z3lcqrg48~~vB3R>6!fZ-}o
zph2XnoPJZ$m{Hx+;<3~U6FzWtX}TwSyTy98&ZvGwD+D^v@H8dGB?~1d8s2b0T9yTw
z=fUq3%a`_wMf&JkrxpD)RBQ~1fawCYFP35{N0mO-=1zkJmT48$1Xuf^M^|Yy%N6Y}
zYkDq=%udTeZIT6|k2fcJMm67~*3LGMD{D(f<YBZmhYXH1MkT|he9;`h+Ic_4q3iR!
zE0STKw@j^cF-|{T7oxGWe~c(Sy$(czGHW2jw|<-)f|8s>Z68oFt!Qwu2-o&*CplT8
zc@c)$)RO2em+pvLq%F_QRi(=Q>aXO?Vi@VPv%TB2i|fKYpSw^kfi|BnZ#7?RDm(w_
z@%}!n(~|#7T_7iXp>-*sNTKgnHTF-*?%MOE^4R(>*>YpZ3+_;EdqTf=(4w)+*W2cn
z`+U#Fp5CMj@q+KcqpQc8#{O&x=FLT(4YsZ^Njr?&i^MR`YPA=t(Xl_=@Y{c(AgmPB
zyXtd<k7HIK%WGRs07YO3V58IT{QMqa9~J7XDw~U<gsz)_@1NdSwbaZ#RQR^=ZE{lM
zZ;6_fgu&^R?IM-cnWAaED!S{qDGm*7b(Z%`gm(ZiPBMyF5@QzA$T%-cmg(?rxy#X9
zxn4_s`RA6K^3S0+<#o;?%qjTI0V`hV$?TH4DH}n+48uh%mETSqIZ3I3C0jwt@bE;I
z4k!x%FDVRxS?}A`@fmHJBDXXARdpTP1D+K_@A(o9MR+HL9&rH}RO|NftfOVT<8I0u
z+J$U8wapOu4PCZ)ntZi|wMd2c(EartZ@Ka#TKc~&eMa#g$TN*I#_jRAE%IOhy>WrF
z9>tb90JV|R51T#bV6~LA8y5?lU{Z=poB;rbeH`wYluzd#j!I=)d**j7B@uLOO=WY4
z1K6eblN$GaA&yNLw(n`=d`2_}fEv3&&u@BmxEY!3gGbTybb$H=(PX-c@=2>L&MvD0
zF0Lob_4pqM8dp}V;otm8jAEqH`t}rnsr0)ptDl=vG|DgdxtVrInZj>vTCoFC-gvQF
zSR(nfET?+}ONQG2%N|TR`RL`?d7Z$hXa87hTG@M3aoQ1EbZV-q3wC0C_y9YxLj1#j
z>OfKdR~UW$^>w`h6AbuYSoTRevZ1QlT)(0RUA#UD4Gql|6`7c(hTf5O!;)YYm7$IZ
zT7=%QaRp;iU0I2hmWJN4cIBk!SvvNV=j+Ss<*qzkH-a>sKcy$@NUP78_n!PN@7{{j
z7{-_30b6X5A^Njd`D%`qFG@<WPy>4<HcPa>k+a$rNTk!=<xch-^(1Jl8|4seD=h;J
z*5F`?Y7?{a(#2YtIhz$GoqC)2)t1ZL#zygvLyWoY?U)rvMHN=DDNEX@ZzPYr{tQB5
z4PoeEO)Lzo#L6&xR7{MY0|V0G(XL;<eu{IJIiVr8(96}4)Q~w^k-^2oqoD%HRoIC>
zx)e5$<8wg?R&I@N`K51XcxS9c-c@e%?_<_GB<jz+Pi?S{uNiAzX)lyd3XLIRiKo|N
zNEdLibntF*blNFzIZeDK;i<h_s&9Qyg!KrcDkd335tq%j-!#ncoSn5UXVXnhPiZ^*
zWM#D4Jl=?&q#Pvw6b+3RjqT{vVZS9oMWrnIkZKs5VFkaOi<s5*ndyxH>w-~yB|1{6
zA8}D}c|vO|XtCC%q;$PeVh-TCT)!u6yJpM4$edgp@ujG!T&xa&hB6K4oZ0AY)<PyR
z@mBW@prK(>4LILykDX9Ljd_1%OvBHwEKraS@UWQTZi~!yJ77wW!=?Gi@#!yMq`6t3
zEE!wn*VaRp;n53N<l67uc+ouJa)14&U+>G!+};lKllj)KdFZr85esSCrV8ZEs;Oyc
z3@65y$DJ&@)iy`hH?o!J@VditC@X4pyig8Kj$EsGXB)fc2aIY?`u^4Wy)Ur9la`i$
z(J5I~T}?(z4CrHhk`xy=Mc01^Z@Dl*DSvY=rR1O-t{-1xmFz>1k_M?W^4p`uuCbt*
zh{lDIfR6~CAxJ5CgJODCoegbeJ3#cA#N%u>M>{Cf6FgbK=YZVSYTXO8i*MJ>+|`bw
z+FETsIo7M~XiNH435gnCY+TA_W@n^@xCAT;oq#dgL`MzprA~(CV6Kjds{p{aV1gt{
zBO_d#gV_BAA{pr)@wq+X2TOU8-|`D&)g@DM^Lu1<<=!5Ct`HM!mu9v6L0KGt#CVKS
zr+pQ;WDZ{|h6dg@AkzmJut5gq!|BuQ*2@fr_xH`+&+pA>C@GC%JP25HX+&N*War9t
z=v!QOBBqIHS8Hl^3Uhpzb0o>jZ^t5E9;SvbU|Q-^hiCsahoz!|f!uJsmC<@$C<}>O
zk#iU4cdfSX@-<7_XTEMB=<mS4S`0E65f-z1Ww$$CpVeUi@GI=hUbTt(R7S*L#EaSa
z^??X{##BMri(+7j>@Bkjo$vWGkTX-pQtC41C-&4gR?-CtZ;OhHlSrR52l}!6o|%;~
zL!D34K1x)MKtru%-!KCY4m>R{b}FH7-x8c&_lxW5ruFoR%Q9rBiHRA>rp!92sHo7A
ziX^!0?Z`?<NJLif5+dXyJRz-V17d<jl_3nrOf~r!<of~;<ZG%U5Q_`ik8JfmEFSLs
z^cL5l2l*q@!3)!B%T<rXMvK&Kcvm(2SwFOqQ1Il+f~b5kCPW2eyf|4?O<HWL`nHm+
zwlH782k56+e4;!YX)i95JI$crSD{j%D$`G4>S0;^%?!>*Pf*s&y7sVSX0uQxJNdYE
zPO4R#ZQI)d&7%;O_)X7<ak4NLdI@q`MC};9_H9y+7CBv@yT)$h)b~*ne%d#Xzwxwn
zKFeUHPX`BV@9hn@oV}>*9J@ammacnEV>ogdS|{Hikat+KQizP%zPUAERRrB%kuSYd
zgd(hM(#oFyIHIAV`ZQ(u5FHscEl_W}{IR0-q4}lo0zsc;q&J9A#O$eh)URlT<1DiE
z`qu5+$&$;dFu1%H8M?41%hD|RaC=m+bPOW^9xrbDRA5o?s4Dcw;GI!u4QrIfVhKMb
zPl&fSOfk@Ev2<9sT8@f5-Nm;)j^Ez8K9Ki=DX>;WY+{~Qx+v1_?-4JCOSLXmM}B{m
zFNu-5e<m&%wu|Q1_DvAJ8_0S1Jh27U*9gTVM!(l9+-rT~^a%Hq#g%6woi*xb*6nAG
zVu|7^CWV6_)77&FM}FS<N%SX$<xo$ul8i-B>1w4|Qn@b6usYNHdBw_#7XxcW+)|39
z4d%M$gHc6AsB18m(2JGL6P3ydrXbUugRhB^VDY&T6YE=TeQ9uR(5GowO3rv|la`%Q
z|EtmN$e3I*`6BTYHKU3#P(oYgsBrMlD?z7)hs!Gb&E&u!E6<v&P_2TMHBS0p%z#_o
z{*1+iaP@KwaxNuu=y@m%7tDHs@5*cuz1xJ-9V)~7i=@S+yRE+mLTvpLc1;_u-WfLC
z>XR2PAz{nv@MMZ!f@K+en3uDZX<(*z_Pf8tLJufji^p*>ug~E@!67o^8LK<66YHnu
zz$%L@AbE#ed!k|8d*0gfhWk-4#O-2`esH5Z^oY<G-RE2|C+%XiVSR9f!l$;xkyXh5
zw)1lgM7CBt2FJJ{(=`H}oJ+bvq!SDMW)TlOQ`zx!XyvAt{)bZ6aWHrS_pchY2P|E+
z(ht&DdIxr>s`4A*`*pyK$1>Vb23-4T(l_wi_a(<?H<{UhQirWa)Fz58OoBv0qW4qm
z!czI3kV85_$hirte_dBm=o8{v@vIe;I#2V+F^fV*MusR(de$cTR?+tf)%@q2!)dL5
z|8?GQ(y)P9>&UEkk`lV-ipOOX(X`@>69)8#q5AV7LWh5Y$Dh0nt@kye5L9k8e*iUe
z(xE8@(lHa%Va4`wEWH}Rz#}q=B~gt{aA#*%MoR|K=Z|t~_jO?)CPR<{S(aH;vKDr>
zOnfJGf;}9g%~xx{)Nfjp?=pHJK{9MyLdfl4YG8d~;fG(mc)5%|qqifcblt$;T;^Vr
z(I`KN;hITHw!D=BX;%RPh&;*7n4MKvL2O-8$JrE8<kydM-WH>MYVq_#4D_${gL$N(
zsrEbKe8)4~i|Z*-KSN_;W!Oe1t#?Y4b~C*mh`CZbHjt&=<5d(yo>hPIZM?Z{KQnuI
zKMs0q1)bmJoU+o8KV8+l9y?&2Mz*S-w!DgEie7+heEkSRD0t@eJQKw?`SBdt!E@9h
z7%EN+FvIqdR(d%vGKf5P&UI8R{;E~0W^Z86z^h3Ea^Ax^#wQ=r`2K!^dOEMV`fJ6l
zmz69;8L!Rw2^=01qw>DDx3~UFw`?EZF7w1+i@N)x9~w}TZ^13YGtK3&bpOFrQ_a)W
zCF{jl%UM&*BI6ADxZs{OB`5+&2{&Z`5xQJKvy84^hEyY$62jCV{%dE&vn4zCgfEuf
z$dF(3Q1I#Wom{zAOHzp^^UNFfGCg#twT$zRy!B2UeqTBoBkv{^nqt!pw78TE3398b
zerM9C$8!Vu-$V^1aB^=V-h3NvuB&$L{is!C8D+iFs`dp<Hn+K2yGyJr{JR`th9#H<
zQuVbyFV=ro>MwLh%^B+jyeKS-z4}RP*)V#KKZlkyg<L+(Vdg?0uhWTBFNBOo^x<Ye
zeSda-{sVNsY0#4jQu^Awi^PuE^r$2I8?wGXSzwv^(%SZLAuABQsns9pn+~j*lFDe&
zuJh^L*_usg5FvCz-({U&2dK>1-X5%V4i7HUHnlkIR082w_Uv~k?u<c4BO<(u^DB}%
zz?hWtGw4q59&~1UTn4>Q4CdaavbllD$^se=`{?u*NT7vkEB4PW9x!GN+Mg<)W<|*J
zO)g%r2%RRm?*+p(+Z;wrLp_}Sdb{_x<6godRM)vQ{%TU~#k>XEs1T`Xe)-=udn1Xw
z>n|-*c4f0T6TetNuexO8E#t$w9)HjK2aE0;`p*1s*IohLhzyP+%2IV`(1lbV@5dno
zuMn-%->xEkE2R#fNWiVWmI2H4Hpx=?BD+Z0`jG2BinfMT4nz?jvO}DVv@{wdu>L23
z9^Pl9wF~!korx|Dp>_?Zf3;j>y>3dU*q_g4m;(L~ltvX*U6d2sP$qrJQQJ1_g<7=^
zrD55jw_w#mCQeFHu>le|EMK{+5!I+j3?q?0X8aZAZnf?^6!S`<J4!h%Mj=6i_}-{}
ztP^a%E<T-?aKDvB9sxhaPFpz{o~>~d`WhTe=a9%bK$m*%C=K4II>wJ|Jy(9=${nI0
z5jQ)mRF<{DTF#Nm{L87Wx6cJVmpW@Pve9scY5ay(+%Hc?)tN*8c0=1e&ukr;`<ZwF
z2*DB(Qzd3tv(_NRUxBP$%V*ZDeI($FJ&*Er(2hE{16}u9Zn!`A8Ns_#@+cxz!=bMa
zn(F1crgjgyr!gUJgS~`rgt&O^7MUvAZ$jp}W243SQYYkY6}>1uliGkWV@#m2PbbmZ
zYin{TT!9LW#;r8;w6YSW!JwxBlMMN$`Q<m@c|GsMlx&gbW2gJgl8SHd9|T{fWU-fO
zRLnDMWGHhzZ}urOeeV+$rQ%CVZU5d7VP5(2t{s=Bh<vb3cf@<C58O$d*H6Z0)EJ`h
zeHA3D$V2@Nu$DO|?Y_+0sA8$V9tgZGDY*Ngp^qQkR=v>qPj~c<Xr$8l(}w29OdY4*
z_7D@-4HV^f6CE8ueW$+y;<t|&t)@;LHSZ0H&##ind{+^b$>1@WAX=wS3*qN1LC6!e
zC`;_<l%dfdN#=&1BqG19hK#=R)cC4Rhi{7i6+YSiy`+D^J95JU`_IojnzMfk(>4||
z$~53a7YY=Zz1XsF6{{jv>5qfl<Nv&&#No1&lt#%)4s&Sb3i@z$oJ8A=OhFg;a2*0K
z`@_R{PJP-7rE>G@3euay&A8Qo8?!q97P#XpM3flft;~>q*4c(Na8wjGLvnPRoNpWN
zVmOA!46H~t?b+a&`kl<u=!wI9qsc7AJeoA7X{+4x8*v{<^KW<e4#5wzAMd!QyoEH#
zdkFVo2WiD)3OxDIX0j|!CowMWN6zo9OtVB=TX&GlapBe6_8WWcKU%h%2#iP<>zOcz
z4<XYG&jC|6Vb{w7o+3B<qzBwt;`~eg1}o|E$jC^i6X;X_77A<17*RF^wY66^X@Iq3
zWR4ZW_v<YxhKEe`)7|v=#kFt8q{|s>fs^;^sz7L}ZJ&{BjD7w3Dd2tYo{0q%hAD_2
zbwV(SvlZB{7Ov)?`)Y%gl*@neR{cXoI+0IXG(^TLK3g^TA}m245b~X)84NJ{X`=<#
zJYV5YtF*=+^BQ=JMjhATu?8t#p@Q%rMW9Qp3+yoUI=#JHYG^-91b!s4ZsD=!%x;ta
z6a>*A7E{(z3-`NV{`C0R8XSq^)<6tcDJ!4heivZKAE`+v|6>FA{tHKKmzw%t56!ow
znz&^XWvcMod=y>%YX@i~D|7Ap!Ceogq(4}<v)Fo$C`E+`#s~)eB)`u)6AKh(q6?L>
z{w0_~Fi#KwU}^S7ikb<Pt1luk6iO|G%(h#CO%(cG<_KRX+s_|LJXP&CdQG@_MjkuE
z>B(c*lS<m$S{f)kH)UYtfQp%WNV~;t<E_(<5O{L(Xu4)%`gB&~J49VCps!1-=KFBE
z+j>dCJ)FMnscqEl<<5kCmY>@uYX2Zkj$~2tT271*F!|x*i5=X?oQ8Z#;n7SG3PTGR
zZhUR8X?yRwJ4QHZ);`Pd93f-RJ>v)+-+hnbjKNUocKOH#5!52=*(B0w(imdn;j=$^
zV0lwhvA!IaLVfgl^LRF^<7Br7i;bqRZ5^jE=B)@%`?0FhC(N}#{<nx+voabAv1@G}
zL%vz(%14(hgxw`BM4~UNx12lP==i$AKBd5nhFF2l`hN$cUH(O&oh=>(f{C|~_Sv@|
zrxT+{h~$5iP@Hxj<Vj|(s_apPI2*cW8?g<(qVQ+Mqok?rBN(SLl3;Ir$3usip$oLs
zl$vH;D}`|dqGsS+x%mwG-!>7ZXPu$(Tik|fe@98vFz5M3M^MPM85S~6m!|Rcr?;u$
z>l%l(p~1m?O@nxd1Qin;TcBHE3DP579Y%H%K3>?IpnNF?$6;9h7#$x>PLn2cnWSTP
zdBD=v(fJ53Cx5kj$uz%iA0Pb;KHYjyQ3N5K4UwO&&S0|=TScYb!L4!er9VNs(c<t)
zQ6S3Soz=ttHZqxP?2hU{P6agz%g%`c2Q$52ByQOiA&Fi5q2n>pbm*Y<CQf7)XiaL*
zH+Q%g@?tgU;r3pNHnZNY1&>}Jc&aTi5Vh4LTKLNgfRlOaklgD|Ia7ff#@R1&;xPW;
z-f_EjD~dNRedg4(n$ek)XuOG^j3!@tg+K?r^X}Tj09j`6KJ5r(KIhZDBwJO495j7B
zO?Ra*z8%7Vsz#8VjoLxV^r3+|A8QM03VE{LVe!0$n+XT|^_#n4!OdXzGz%hkO<BQq
z7OSKRO=>~cZR6uYA`{cQO(iLONcYa4qAjO)o>H+{(eHx@u~oTb9YNU8>LuC*lvZuT
zjO7|!QDZfieL`;07p+PPqdyx-TCn$U`7L{WXh)$oBL5;fm-yn{%m{^DUc@)k>~s1h
zu35t3R$Cd5#=!BeACPV}wcn2u@gLHxH5u&GX_y^vh~2~X_<?>3-)gBgsTa#1D-pGN
zqxd@AIRw&t9!awOdZ#bJ$4#$eg0|BDS5FEtXaVQ=B&)AM=i~4-?_mtlqu2P3KS2NW
z<#~JD_bJe<X0&|Txyf``UFZ}QG+r6B%W{K|;imb?X&!tg@~hLtVAE*wL+JhQ-Cb{d
zk79k_6K<mUsKohoFOuDE_s8bkQNRAmq_Xn&-t=j*e001IVao4>KVM#5^=De+8lGW*
zT(4k4izMYx3Kr)>ci0;mR=hhrE@-arzL6L-$&E{PJ4F_JF1y2MO++gL)4};|IcZmB
zAxU!JI433L4NS9R22>O`!%;v+t38;ji#s`;PMYQ8YB&`muwiKcv`f6KUL(<{_3n!A
zw$rtPSiDCjU|>I-1-U8G+o)iZ-VZ!bORKCXBSJA!T+$E+5kG=0ui3(wHcFb$pLILY
zsG){SKkTK6I1+pMBxJ`=e{*bCu5noIqsT-nCRJuBjpk;v(Ye&whd-)9nhZl9m_t*L
z_>F6Q>EwAf7@7PR)$&D$FIi@6_X)`1%`as){-TXpIYwZBKK-=6V%pQQud?LKcx?1R
z>*Mk9-mXYFZioDprNQbt_D5+&gNP0Au~}M(JT;oNl3`5tlY63Pco#D1wrajySNI;a
zJ+s1941Qi6M%p?k7Xzb<sQlo4;{B_7Q&5{2GOw#cTJvoavG0cmfk7vAWx;06h<zgL
zc3194ieh&Ri_T`15-lb)55l^QVUnWJ=$cbrsQQ8f7$FjkkKhdo1sakwIpq`6T@V1t
zg^eO%aJP&Eo1_NwoEti}Qi=FI+>1f%P4?0|5-`f~Zl2|wGf=S$830#~z+@!3(DWzN
zI|$=Xzn{ZRfFU|Yl&D<*u+^g|+v4rJ>=e$T4Ir+Zh&sg^X=)|Dx3+_m0R4s$E^~LG
zZzEydw9K?>X&cJ6P9=yAYgA{GZK5PIqLcNX67^GF;A6IEv4re1>$mRvM3nk?xi$E{
zpZ9D{r;^tDyKNxu9kJ?<2gcJGz$0g4WVARxQ-ZtBBfD7S=AC!7_71;i0b||`tHoFJ
zIAH}$k643MeN5e22IItLoh=G1qL+aEcj(ZRuz@z5C<;G3b|lI1g|qK36WLeJusz?y
zfFqp<%|z_?V#xOqW}Swn$AhL#G%(0#$W9T4e{){T=Jy<mdMyZFSO*`SahRRzy5S>%
zZIzu1@n8KL%=3+-zHTJ{FjIcU6rFJ3i$r@vkwPLn9AP@WdtGh2ie&Ca0%$FZYiLpW
zvhha?D?Z;6?5Dye9}7qbp~I#jU8V-;VN~_L|0~Na%wnXi3UPQEM+A|gbrX?N7QG`E
zm0k!A7Bn0~pHDD3<bJa@D>j|epO4omt9bUq|J0f|urbG0ulWn8@0Kf>e#y<#FPl1u
z;*9)TU)=83d68q0zvJwnd7GiSdEGqU!W*7s(!l1Eo0ixBoA^E3+lMtjx0#BV1O{m5
z6;sTn#+in}>%0@8Tsx(Gio1MZ=n4Ff^Gz^?EUb6^yX$#|R{l5-->P}sp3?56nVNR}
zp<f3Dfr%g|3=E13lgkOw^6$=?_lksXYw@8eXtL1753W4Opy)^WV3$DsGP$_U4tN80
z4<zuY%+18w880-6`A(tZ=pHFUvo~H+Q-iOOi_%hMmQ9Nw`7PD1EwdwfdB0VTwPuIf
z8?=bL>TJ00aw(iRaDYlk1zL)B)NsPW{<FDQAL6^(FOcBotb!1U&QL?unh*ZSmFzcT
z@A|C($5fCZbV#t+Ww#F|KaagN&P0h61$7QtTnM-oc2W<Rf7{!i<o+D@GoUp3x4{Jc
zV~jqx&`Rn~o(x1QBTbw<CW>??b2>sc`)}voUWR+I3=uGfJ(Di5kQn9UH)8P8*`)oK
z#>t(o@AD>BU~~iUeI6k*Ud_?_Hd8ym0H~&c4du5xNC<6fUO(kL;?$A>$^m&ZPP34)
z1G91@!`!p8PV>U^-n|<R=(kH&bkv<7q|^JO9r-6qyYdN+&KZsLpX}dYMavZB9zaD=
zEm4@z?-Vjp;r+_XF_ASF-_z8L#V2*x*a+<`WImgOF3()uE#5LAfitG|`Hp<x?FL)z
zfC6Z)cbH;E5zJQMtJ<p6)M!edve;GClc`(2w3ixmAkoRg*})t8*UPe3m(0AU7Now)
z+VvOZlKol|7*des0E~GrPN_7b9DMBv!ZcLrC;l7x3ZNqpXhbk6ji!@7rCi`Mfm4Y<
zL^jdIyjC(REeHuUxn}bZk&t-bEzAYl_8|>suhRd$%I2+v`{2*1Trn4T1g@~%cVHDQ
zvC-ik+Ms@R)1FN2B#}?WS`!)d9>4MNlsOw5P37HMqvA@=PRE)M9?Qc3mB+MQ;f^K`
zxU?{7HOmP<j{9<b5BF~{OTVX=$1$ZS=-=GIqZ7kpoz-JTB;Q(E^F2$ayX_P}oh&V7
zx<|2nb>3OmI7e*t*24?y$Eu(H;>1CDOsD4_>=XUVVaEo+W?AGSrKNBFMHH53rT)bo
zN{Jz74_%4$UClW{0(*w#em;iP10r$23YF&)5G}yp5SumC_o9qc#Fa6fj1^45-Ji=n
z%*(s($hcd}blko$1h^j+TQb24+!)ZIT%^yO`6(QKGMYZ)qmayng)G*?HXY06R&ED5
z|H2gd8wP0MAkc@X#0i46v|*nOXQdls;)9?sl#O?owGk{C!T{5b?z4nqkukMZSLez)
zM&KKk-}XEd^*UJ8<z=Zr{y5A+4^4Xp@ERw-n-W0;-8U1L8s=0FE$Y7+^4Cf38m_Ew
zrr(t0b(#pyKnoA<Kgy|l!)(Z0lN{dZW`29JA7NT1dd!NZPA9r>^#zxckC(fw6IaGJ
zSi^k;P*jcS_M_xd7)|yX);TRw@pPOoPd~h}(50X(NZ>Wx1EOWvR6~Uu*XqOoj88TC
zy%+VHFxeo=zyPJepA?m5BWx-1r;NDF9=Z_qFC)}Uu@rS8RJcG(gC0>jKTY8LpYFag
zDypdaduAA7=q?FKLFsM*kq$wnyE~)?6lG`xhVGUQX%HkFLP9zu6$j}aLO?-zFZw+H
z5C8Rkf7g2Fe7kGix##S?&ptbU2QK134xczMHO_N(FCg^grv4)s5z<n)69utO40g?9
zZ$Qw*)=Qnm*y}(ur3FY2gCkTtbe4un%(b!v3cvp%g%(a1FA&f#3#{4heIA9Flm6+V
z@|;<%d$YSpgvwa@6~BpzDNu-rmmnT);e~!)pnY{b+jTbk39w2}V|H-?eA+*HWlqV6
z`QAv9rKR;j9zE8PZ`-o{a{!JFQZ7PD#K8PvIViOGT>oPC%Un8Uxdzr`b9Ln!DcSt?
z6ZU5AYRz31IR%?LKkd3GVGH}m3!4`2r^A2Z%an0nEmpl1vFnIf6lX-d7|ME;J}z_K
zA>B?euCqU*rY-Tuu*P{vDfZU+WVbCvH3`p^$;->!S6jc9m(T7r8+y-)i$~0T`MG>a
zgz4az5^VX6%k<1CiT~=sq>uHN+is@DBnH)jG9XYpOj)XWZQ~%!f5UiwZ0<V=4xRq9
zXNlU?raRycfgB~3RH@h>Wbm_CSmpYpW_0?xh+=u2HVA)i-UhzY79GR`<!^p}JA>~n
zF>rxz&QAs#xIk?<geeef%Yl(kVX&R=fhD!(VOHq^T?FA){1cn6#Tt5d7%A3hQn87c
zQEcD^KJ4K45yT!>t8-Xx7ip8CX4+EQ?76<u($ZCGqgOvhPqmlOANw^a2%+atv*hG@
zuRRas<O1P)mMHN>(Gr4PbTy$yIxj`(^>-1T<q}bp4P#DcP!CnQlN3+8w*Bn&`JH?x
zJ=Y~$XXX?0DbroliF68qRbK%9Ql*Sw&^JlpGPY^rW=CoZ#Aeu%**l%DhkU>H<HVm5
zH1S(n{#xezxE`=9DY5U;nSLX#f=hqYQLoUW*UG&R+CDcbjrPW_b2VATNQ-NcYb#3L
zVzBo&suh}V+D73Q?Wy=3ar0xz>aDlt=4R9+z85{|eE?U~(h@}tL_g*AE}gZ*(zyjx
zXFi}L%?jRqG95Z3L`cv4Ds{G^D~eV+DUF`#Oz;)wW*<Q$H4XSAu9W%#qmOt6f;&~1
z@lmga3h_rd%*HL5g8b7yTJ!W`N>IEN3ACo9n|t|`sba<GTvf7wqeFBMZS|qPZ))t2
z;Z}@FjxJ9~$S`{Qy^Fz^+-S(CZ*%~c)A5St!dZ^zXzuRe%dzZ%vu6chQuw7w&(Re;
zmw(je)viRw=8?B1|I%;Rh5Pu+7IsXB?4{L?7`X)LO`7v$<3(ixiz_Wt@TACv8)=|n
zvy(ja&OCJwq2(D5FRwoOt!W$1W60YXiH<K{1N6*vOMVJftO%af<ZWnz;=yYop`={+
zR18HQAB{#<-{Kz@4A0B*R0S`w))Dr$n#t}|D&#wZ?_Rw8PVe|eMj5RT6BFi?40<B*
z=0i?GlrZCr)y|t5fq~QAIThue;vw6q+{B-GaovhlsKzD<$k)%}8F1Ifob4Z961m|f
zb5@CAXQDBLMc@rp$K6Q$3%vL0eOIYHN-yfH9OND-L#|zJmShohgm3ysaFiI*LO0hx
z!l5vz`d!bn&OLf&>Ln>BC?O>^O_fgu-=Nym4eYTWI8vBa#+1b}u^gpEirxQ`AW#&*
zcL7&P*K&?E{xSM7T}%(4;bZwFmfyx-^;yAtSP)@=od7PGSeB5AB3`-AqJoxulZ$`9
zl#6Yva>AVmjKgK`GfY}qK@UDu9WDm?W8N!o(zWB#uOW|=k&;t;&R7XE9x*V>x6&eq
z%8-BKk1EOoxFcfYx0FAnmNQbdtiL6kwI$AbY%<{Cc8I@XFg~+zR!VP)ERBudFt}sA
zO5f&qjwqv5khziUHaj>0564GBSdp~!OQB?PUKYbZRnaErStDO=kgAK)+YTIhhEox*
z9$R{#zg$;9Edm1nEMba#6!MIr${jDfjeL>q{l_+p1d@g^6lU4W=G%^6SJ^*rCAuhY
znQv<ghGYHuMB2J}9v0B(ZA}i+-k%nYi1Krr7i_6(siEgI?4jfLovBEl*6Eth-?XU_
zB^UTR9NA!iYd65$PJQIMGAPFk)8f~ZWiCP=)T(8I#Ub&Fbm`sm#47#C&qjRH8-;1q
ziVQw|620XUanci_2#V*_(mefiQmCM&CEK5{)oQJvGwn;J3^Ip`ycYo7f$}fX!ajLA
z+C?XJCy`QcOkz;gH3Vs_#mKvTRfKJP_X<`%g8~(Tjqo_(gt*14q?$}*Fb^$T^9ocz
zsz8xGg?_NLy}p4XJjhl)-+YRZn5QDDw}?}%F$E`oRYvNwXHMcq#a;PYd?V{tZO2*A
zV0!Mt)e~8_Q$j7#|1#~81^fZwKVY^BlFYz4!pBn00crX8G$}ol6qV!`Wp$SJA%sP4
z(9o@fMHsM11NZPa4hcEJU3}6`gdBr>Gdu{f{4|+a6(+XmL0y5GoI~)A+ww@O)o#NG
z#ZK=Y=ysU*YYNV(iANd2-LrU(enT+r5m$8Bs)j^E+Y?oH-HJWs=XRdm)#XG<>cO?t
zLDtJ7x8aUbIrW$s9}s*3how$^#v+`?klSb>6J&0&{jI&d*jGIb?ijig`+bTBCWrHJ
zdbgTBxTZUZJWbOgqCHrQ``Hg89Qfstq(~Vp>}E8z-z3+4#dC0@bQ?oqWGI`1P6-L}
zzP|pQ*aZblTJb`>&GSUn^>v@V+gAnZey-n2PTF|QTF7BB;%ZbfBDV@gt=`)vKn^&9
z%}5*GhM^Y)pdSQ(G-7!Y4BW&2$+rrchd0s1r1v5Ol?cCt4=AZxZ&G?Gq0AT;t>o-2
z<};HckGie7Ys=H|=f#JeF(GG95x*)6-eN1Py5cG9PhfWH*1DV>{hM3U-DMkWK{6tj
zV0bjFo}3PLIEiB&t1UEPbfkBv3#y@h%{f{UyJABN^<50Cw)nlN7T6Ua{2x)3XuZ)J
zt2Gi>+RTHpbZU+E&|_MuL`T}>a&kE4P2)xvR_oRyNUM^Kd7IP(%PW5bk8!I~8oxQ;
zEz8;J3a(^QM|G=-nw~;Q1*c@Z*a1n*>yR_*P%-NjTXLG+go`joHFd3&i(&~cYgrlm
zx`%KDF8N*6gE#gAQWE`?9!sp@OV5hA?pS=nFIZ2#9eJmzv*%cyy9aIsYj~f+Lih&%
zY}i@i-3)fPLOTHtrjB@@ztLZ3TY5`id-5JZ;~fbrobbi6uDpr6g&b30mC<YwF9_Us
z9@lKPS=&rNwMJ$-%j^;@XFvTuG5Fv3hPw6q=OOxtmJpZJmLHs8ozM_7QDh{{0A8-d
z*0t%qKXxCuI+chWx+}4qwLVzV_M+LfFe0+an#J?NvVT~$T<6guJN^&lNL)1rkwG|0
zgcz2)3Th2oqm4ey;nJ;8BhSpa%_3kGq4ZI`jtw@f)CAqHY*4E7J4|@p!Kl|JZBTg}
zQ^HeA`BUoXE?>H0EE~1LH2al$m5bm@T>m2}_7)tBGpGg!#LtM@6|Bqm33n0}>gVoW
z8TmXksd_J!PWy2rU0^}a2W9YpynmKRW`42_a&=6EKJTaSKc?bAZ?umW#dYkFFtP|7
z=n0LEIKgLB&Y9GuudxKj7k=@1K{&a`NruU*#<mq>E1_*}cf0jYRnlIHq({yfP8{3^
zqvEFzj_$q3a#xQ$C)kXE(>^Xft(Dy|f&1t?2-73bLY<azyL;>j?6uOo{G+B%&4t9u
z!^bie{0rQ^AMtv|coT#=UVFzBOMFmz{rX-p2tC{@VWIG_nbN=tDHnV4l+17f6H-v`
zx1Y+pfb~l?J+|gM>cWgx=6+}bLCU$(mTsiW3}#DGJuaTwDA4(tX018j)pVFVe5{n@
zp9;D@xe;3$9T^H@?m<@wDQTcKh@W~Dp5v8GQJVzHS&mGx+%sV>U5E9;joj?ws&O&;
zZ%t#2D8w{iIT|~p3Ae%oI|O3CN`jId9Rs`s?D`)psRs`UvEZO%;!^r9xYSS?#)^Tj
z`y70z?<6rta+Yd%y54~yV<+ptNZi?UD%A&0c{9`pID5y%pw)=>pFQ*D2M6Rsh)iz-
zqmngnQ~0CFyD)2Q8t8m@kLF^dj=v<K4g71OU3eQTH<+)Nj$VYbhblbsa{6|_i<EK<
zS!nFXRrW?vc<%E>!>=yOvCw~mxaLL+Jv7M2ddzXhFnkrSU{l`pR^g_tyf{czD=Pd1
z?Nlco3}IBeE11?oUT4zg+zFJfQ3>a!tIHyAC2+u$g>XSv8GOp<5N;8iRfHE(AUX~N
z0vEv@irGupRmnB81#^=>lI8P|!G^xa>V)}yzP(<~&z$^9pOQ+Iqro_(C&ehiAj-Bi
zT);_R-HLl8ld4&d@NG5Z#~jE{bjyS&*OgXog)n(JsKIW~DyYOkxm25|&&T9cY+cK!
zm2KQ<cr8uH>@XFzT1D*@>cH?VW5R$WOPme-cOXJpfrCW+?3ypkJ~9ETzZo1zHrV<-
zc$;5u^*EuC+?XkTmmrH#xIx5Hv$nV#supc9`1<KBL7Q_wP^Bh)!PiOQWZ_id5?WcY
zUaRkfy&2|EoDtT<G#-5ZJ1yINNwl{()F#fX(T@~SQi&=;u*`*fD^Wm5N>vP891b#*
z)J(H`+N`H%6n7-mH_Ad?OD-7j)JH&p$DFqR)&nwSU6PC=;|Sd_8@Y~`LG42mh#-NV
zE(U5^2r)W}GIYzd;dU&kx=$Bbz^q1@z_WE?*|RwZh7?>E`u{Nm?%pi#C-Nwm-Vzu6
z5Ou1G_WG5DCm+u}pjh}L9L!$1LI$5G&Je3^Ehn8$<4Ip1o*U{XTJmu&z=3P;Fu+F)
zLwvIoSBfj>StM}9RmV~Xyt<^K!;A!}kwSu=vC()~q+pYfG;P7BpMTJ1-%Do1eyB$r
z{Mk|yDNuB7=jKV<zw$<e5PSl)dSifVeS}_#mU}E*4JCzjaK+v_J0v0Ucx17S5bSuu
zjzsoqE{^m@19q@uVc_?N7e=74G!-qKW?8@4sf+$t=XRK7v)+k4yXD_8arZ{aWHWV?
z>h`j2ftoxONiZyXKA)H}VB2+y{8}6Dsw3NK@lYl>L;#$!Xa<vG%oETf5hvs1F6%TX
zD4tHgfJ?zE1P6P304G=g&&#tgYS;!N>CjrF;=onVTRaK9w^Sa2V}$f-V~t(ymdBrG
zkqNQ!D5TAQa2eZ4(BJjQHUbtJK?5dvG?w=WON9awZ=POXuic0Kkzy5ksU{}Up&gx}
z0Aiu?G1Sd2t=WojpK7Qm)#7W*zTIbiTHcZiqJElX{omE#->l|&es1NWN%?RNopuxk
zJ5EPb8im|$rG2MNtK0h+O{Lgt(q)>)^N?>;^j1lAt5U8$x+{8h29wbcv!PXb1UUq$
zb+GUh<T>$)uHv((UXwuy9B(NRit-Q<1P72sKNVQHx4JIz5^t0^fq)fLH&YSTls}<F
zrcD<6XR5IQ->Ey}hcJ`2U?|Ry#FYoXH1wqq>8$m-o>96)V|E=-TDLgjDy|t!ou|{w
zFTxvmSTdiwDgU#HcmXLpU&|%|E2iO;acXKdIV0jcL%EZeK=OEFuu!$c%M4^yFv_IG
zl$sBqXoqi9{5{1|D)xBJc~D2?-L+!q=}y9hQ6VI$Tn>95xdIAfwi<jIfi-_U$Y@7W
zpnB#>4b6S8${mg8mm#t(Q?$s~^j;t^4gzP1`oYF^Z<5bBEi6TePO7ywmR1U61J6uK
znozS&h=@HwZ@+-wW^i~0l+<tCI&aM9`7xtvwmvA>U+gs8!xQ&c%Mt%AW2|D9tzAsj
zM(sfI$K;6jqnEP_K}?O+q=8{N5|$6jD6>Rp_{})I6W#2#kDuy64~K9Z4OpPK6au{+
zYFl1RGEcKpIG9##p(LVruR^EFP^;1e0Yx@$6Fdu?$@(_fmlgDH_$Q9Hlx&>d2z=<N
z2K+5Tj&k{IB7yi)AGO572LhrK3E&KF785CsVpWllrQIj1O_m1Z3%APG+s^9w_wKdt
zSToz7$?0C&{x9u(Y0(7>Wd#-4=;s759QonPrTeL%L2!3oQe!Hd)r9#ryrH7>PkR9b
zwq!X5_$Oq-xN&^Y;3_PPGbQ|K9Eweul1FnDyWG?4r@cZ%74<>EE*TtOIzxCe{q`wh
zIMA$Y&au@wNDRXYl0hClee)GRLpQW;S(1&4-uxAv;5@_}z*LkefC_krRw}EkHSohH
zg(<{K`AxdnPLZ?$3}?+|E4F2Vcp>qzVMRnEgEOvLg8wo8=HK0%F6rNXPlqsqdTXDT
z5*4+Sl`8SUq#X@Uo!4HDi7-JM+3z6CLIgW3HpY^%W71V$nuDhhPgyYxM(UP}YfbXN
zIo<k3l;Um}gA6xJM$A6+qg~%j?aRPN4WxmDQ3ec_Y?Mfm%5`vHS|-JY<|zjQr`A}^
zfS{cAl`$;YSwQCgv{3utgu-vz`P(Dm>4>#SuV}n1f37V&Y0kKojSDu+1eWVA{$fLi
z*a9pukqv3(zgS$%eh2JV@1~bt(Wi<62Ktp21PI1$=rFf;p?S4>pDnx-k#c@Mvv)yq
zH!V+PT&tQ@tcH*RRRh6nd;*F)?9OYx>Y12>x4_Rp=2Rjwit*qtk2X)+61c<in$<9E
zO?O51X9alsxR2)9u$h0M>ae70MJ#buuwb&zfw45~r;4Ea$dzt8Wkq!JP#cC49yzHY
ze2WE^Ax^Sc<yVFYPm4TD?flX|>>Q7B2|HL}L%JuAKiM3sP#t3|@l7>I(cpN=Fw+Co
zRJrx|zbF0K%_bIincbv*YFe<8-s$WOWyG`8%1{RxmMZT>{3K1T|4#6HJ*!#BW!W_I
zooC_RVrD3G3Qvpc&K5mlpvjCq2b&u8IxDw}K3BQCjoWmx<xND24H%^=Qz|hnlOYjr
zp8X}xd`rTdeX8K0Wxuyng8)w<buMwdmuh_80-n_2od*J|0q>gJRbMlPf-VG1V|ecJ
zC6|`0gHh#i{GvrWL3%iW147n)wF?;*A7}UG`Gh|{k}Lh^Edl<L<_!zRay(9l%|44Y
zy|wst(Ngwv>N`^Olagu$wGzLEW5DOZHw}Kh%8qbv+p&&-2Ad_n3U1zXDcgtj4ElGy
zh`%4J-Z9m*L$2C->RR1{lfhNhi9lYlW6mVY1=LQIubu7tGG~OGy4EBZn`OpqNtIOS
zGX#qg3d6lZt3!qJ=E7N+xfIE9PIu#)tbf~Dev?beOykxbd98iIvt--p-pIN0?zP<~
zb~u$U-v*NQfEgoUpPrUhs<k&ZEL`WUw#4&~7sh`N?dM_$72p0}J?}JQsBP!z=Fa7s
zSdqR)oT|?799_$kvwi#yBkzsDw7Be&N=kZjj(&_O@jcOC*6ue$nJ~K8Z%$JDof<X0
zUtpLDo7Ytw5EZT0hR*XL^a5}DJ`?hh;H=FP0LJ?U&!^}nYY>Z8Zpr5iuiVFEEGnB(
z-J!Mu!E?0+IwO90e8d^DPBm{IWXHmuY$bl@QhNU>c-NKry8Ps*`~#}7xxL|72;M?n
zr2IdEWXyIWNCc?qHwE>W(!=={!k}5JAC<*GACjf!9i?eY?Pd22k<B4~prYh`vr9?H
zPmx5H5~RYWr(xkXa+6HJcQ8+pM9nVtS%fh?IFutr?nfGQh!P&0DT-9)GA4bqN{FBd
z@sgnCMA#GN^&;9%K^;;vk4=pbKTmr&up3LSo!9WN&GVULNs|&@A4vzMi<R5Nj6JKd
ziK#iGgqP2}_i{IC?fu#Ndj=zvupYkXWd5=X>EgUOn*ARiO+JPLEslAa_oG>?lJJ?R
zN88Ty6&{4UP!(cA(Brx>f!V_7J~HJYK-V3gR7*CzSkU9XXAN-zA?qHOQQ4b$#btv1
zs2%sDz_()GbsMYgaG5OdeZK3$kmyGK+L7iC8N8cNMc(xGr6PK=c!*ZUIj}BVT}?C?
zH!^jmN&7fkuqaW*JNR^G*(^zr;sMu4CX|mbt47Yq-&H(b-RxtRj*IvFgvA1`ar4O7
zm|pO~VyX?p6Jrhq@5F!e=eVK&Ntw<Ni73UQjmhi<^}rkt?}(W2Vj+GSOt%=ysX3M*
zkX;BPpjKA{Yx;rAb0M{gz2q6AN;cn2?UkHg?+k|gdEDC=jO##oJn)@SsJ2zUY{0Az
z3tbJDffiE0M?hE;4{r~v)5=H~>3Tg4mq>V!%#=02=v&M%%gmIONtY4HuS;P#r#M`V
zUG7#!6<*=o;JO5{Ob(itwcbjEdjxIg<-Voy_*P%^BQ@jRzhgKS+UJ1|5<S84#7XY3
zjvdXz)lQe{nk~>~r;j2=lM2n$Wq2eT8_@NT>c2I=cS6ILB<a1OW@X+rV}SC4+W3DK
z;MeaiHqw}A8_i@GFUp*nJ;tNcBjWEt@>i3?fvf7;dmlVr1yw94#IPlhB5G^`X7*UY
zGFei)_4z0bRka=&IFQgQddbll_#@$zFIR9WFl5#!G(-L@vXQ%v*)?ru{epREQ!&@U
zM_jDVW=-HaN1qTgVo~vz>heo}<A~RvUGSxGqUKP;i8Cxu@N!5=5p_21TF(CX9k-FW
zEQBD={%4?@UYW}E(fkjF&sz2qj(f;+aiWOtJ;h8_cV{q(-cx*HgHaVlQT0u>)IFSS
z#b?1Sx6<ei^^L<)GGW0GevCMaORtiouz@EEIFW094mRW-DX06|K7{VZvRlIxCM70v
zat~HyQf5clepYC`e+J_p>j}QJYsKo6gFPvIJRLUEYVf3df3-YT?uypnoAEmVluPcH
zk*EJW+vOX_R(Ls^m=^5EhjzjP<;b(5wQDQd3r4+$wh=sAR(=pi{V)ro0LhJ>CH5-)
zn%RZ%ckYX?jXrsoFfAt$s#&4~M1^X(_9)@D4491wCSQ#|-c%v_2o)`2<D6S?(>s{G
zBT-xPZa5Rxn4|}D^R)Af1(x0!;{-F3^FhgTYI{i?t(34n30tFR1JAkLpjk&kD?5&m
z?}Z<6z=1x2D>A`k<?-jGHc^-@b_|ly`}Nm$eO@ArF^AZHb^wa$W(_2A{uGpa&K3ec
z!1Px=@ljEI&`Rykc>o+V0?Sje;A?o8;mNvSX&lProjY6bJLMMl1wIpTx5vD-mDNg>
zcL9hW(TRhtR>g@nQ5l-kRvqx*5@hcJGTmBu{RLHIADIq`-@Txrj!3cIx-~#SH9JAe
zmRNLLr+{Tgs!0CbriepOlDbwRdO&l>r-{W;QqD+M7rfs@7+so(PedeC{xzD1i%eCv
z6g4e2L9F_szuuwo!CN4+_m(=hZQ`$0Q4oD&9TndigGdN01+a^9I{Oh<ODE)$bGKXa
zv0o{AnKJ4pRIn2!*8=f-HDQN<hb25l9h%g<rmxo~A139S+{Okv=(s%6Q_@qxfvWk~
zqq^Such@XOeH65<228y64IIc6wfuEAL!GD&E4L@V;MGl5S1e~qjAsdg3vsxfI<j%`
zC`}0oaa27|^HJNa-k5Ky$z?AxaagPMDgT+|*1(u0Mir=f^zlV*B5`CN>i|cy;XZNy
zxgq@EXPMT-kJ&CdbhG}m4XJ-_Lg@`xHj&b>dRMaVKIG5zh3uVmpbQSOB)C@$x-#}o
zPZ9?W$?3>S7PKl?5+z?Pvu6H2F<of!#btPE$yr^Q_&r2Mi_Z*9^vLGOl%B~gT@2IO
z6tgZ5=_I=Sn4)Yq0}}s>A$UMgx+mHuGK^VN(Aj^-HT0x+a^RpdFb1olUlH`d@rzEp
zdFE83KW8va1%?#^m+e%BbsoRg!{&0}i;8YZl9~hO&G@9g04-nK|NZg6zA6o133+zg
z;9r(llHB-d(__Cx8&Z`(q`DZtri~0XO4>5{!-2taRj(cy+I1hu3vDlDD@K0j5LH)h
z?@hjh%x}Nhhtq5NI{b*fgLv*G8X9Xw*p=+ezcFUgj9$yIH|u^KCoSq^{XkR(RC*NU
zTkHIV9W&#Fv+5kobV-GL1eMD4d?7%)q@BUr7<if>lyNUcL!(3^U0cY~(qsGEeG_YI
z#`1hOaW1ZHn0nn){ZyBBk+|b!!`A$S7Lf^@O!ydO72Dev;wYCA^oZTRZEk+U43&H_
z(>LhFL+JbyZ^#}V%|=r(&PNIHJJw4%w9GLf3-QxSef@n->io8?DcC18L+`#_ae3R1
zrW%i=pu^gP8R+%hcyk}zEpCFY24M1v%Qy$d@ni@%<NV(|dW^+cP)vrH6+F08Au-nP
ziMNzfVa#-?Do`Y0W5dD6qVUGrhW$gGA<I&cgMaM$4+I5)y?RuUK}AFc)(n{x^<dXT
zMTACA8a*4M-#k`e)na{M@_75xCCB}2u(=C|L(RWfqvMUO<Ug{_#*SaA(cidT4L$wz
z1U>lz&kcVyaLh4MNw3$t6Hm5`qLCy_d9Z=w-g;SPquuOyV+oW6CLr?$&<`Ry&z3uc
za`7W48gmU?y{%T?PQZtHI6ljNty@kB*dnmB{kYnl2@P(rKINI_wAzb8rr|Uh>FI+F
zqXBT-VTkz$o@kvg81-sGi@j=;p0F*%)j8j^Ofof?BVpf5#cyqgz~g*NbJze-QGCMQ
z;r|Y4{u@DBeRZE)o6FM}5uHG4^+>Xr(HTx36S;uPF!6^~;*h~%J0gM-`^4c1B?~#n
zu7O8NKqJj?wS~QgxpvpaBw?u2Orf@b)x;ZTPzV0`mB-8hrAPUPL|4PP1xo}&&3lAH
zt>Fs(UcTtqK!S{m={Pu&LTV0LG%gxO<wz4DceeA@gg8{K(LY}^j8kcaNkW&W|F<X8
z5>V8F^QJv`K#VR=0Vw?PLtl#0d|S~txa=GUd3<<ir!Df=dz-Ji(N6VcBv1FFjTyBv
zq0Enc!-WXJ^vOL0#J8auv`z8}I7Zq6kHO;vaVd-@{zI=hs;s7R?zDR!7vtw;|L_$}
zlcWq@xu6}*&cQqx=odiR$IVnc$9G3AiEu1VxO7-#38~%hiOS2vmx<j>j1zfBKH~gZ
z>3;nKD?(NPp4YM)ZvO4%*Luz5En0b*kWG^y2PW;YgfXddUgIo|hBpeUHpCP3u`7a@
zT+V41J~4XpRSH3uf6|Yu12_wZTaR(un<RrFW6bz6!F^Mw3Ce^M&y*iOfM5zFy&$u<
zi!byXp^?K#UdaaMZF<Lm6Aq7bY?+YIaGMY)6TxO-)kD(vW6`)k3u6WGJ$xC($d3{6
z%|sgsk%3Hw4%tF<@nu%zprk<0sRbNkbM}pXmtZy`hbLQE3q*@%)C@-NRedPIqjGFs
zA|bo1XeVdMWz_TJ^9OF!!E>M&C?u*8vL9-9jBQV-!yNaYe2K*1-)+kv4YKi0gC(O@
zZ7azHydrv+l8BiS35}u(BRL_B;M72DCRHU>k+4r`L?(70zdsdvH3sQJuWQ6PKlAwo
zG6iuv>lT72w8DHyCvB%{Ow)X@OY$66$7Y)fl<y8o_$ElT7BDffWt9IQ(>rT}TCtD3
zW$5+paVjZI6OB;4vo^7}Ag$5RUZzo<yvW!g`9Q!Ow~=FWA|^U+4*mcri7g#Oidf3j
zQfuEM3?2Mt#`U=N<wUKDt7g{A=y6lmzacMlTJSg2?)|2ApWV#LNBFooJ(PYUEf6%=
zQ^ZcHP*SifZWT^65w;}*5e0zlL<fI8-L;+k!qMQltf<9g7HZf*FP%#}njTD{l?Y{u
z?r{p2P|2GjMK$7&^;*e3Jlceb3>OcbP{PBKs`!Z1RbFN2Ocw_EK;X0k588F>y`qMP
zlk(steQe&b#x^b`l{Lnr^(#>vwh>hAxP&cbtHh!v_F;vRCuJU+pG^3JwsvfGseyAK
zIlJxC-*W(E0>}?PH-|P-+Lyh6vY1n=|GVH|PWOBmuoEUH@>uKHDJ}V*pmq7HxNFl=
zqdsI`55IsG@XJS}LUQS&5KF#N?QNCziw;|M?`Kfn))6+|d_*L-0%xXLJhP<gNCRc2
z@MMU$j~JMUA)Y_2d6*D1(O&(kj)jDGYZdXJ<(%7@W*qG*;%bMK{F8%%jPxTgr^MU0
zTJ*-=(%_>j)F|Zb89Q{Ag$WSn7fo~xR-^h~-TyC&GcOqw1_Du}+<;{d>>y?A%TJlV
zFfzsF*br}M2BQ#Pk~G^Mjv~7^zSw8gTRH-<7Q7mv5zj8$Zt~2NRR$vvnragZ4pdrg
zHxL_>kH+a63-YyD@$wStO*i%*!%;Y_j>VhX<Ux<m+72=YpKw6}8N3_&k7(~X1|&{3
zsqI(e(^*z}S}B%kC#7ZbnMvQ#$Prd$C=?aw)pxR>m)ONRxC1>OsaNJKob@CKlc<Z6
zyw9I_{_X0^=V!Y#06)@m+ot~U<1xeyBBKvKdw549zU%Ah@O?_Aj2R!1X4<AsF41!%
z?vILO&j-9Dk&{%Gf7-E6NRu$VJVs5Hh?F%NW8u7M*9sf>te%ld3G&*NRI$AgF|ewx
z(kXlk{(h1YE}=ACZuiO7l}SVfq#>)k!tem2+g63}Gm4b|QQj&Mt=1C@Q#(q^A!Rwz
zoj7(*)Fuon@}tG~7$XJcNlInj&R(G=c6^;JzA^Z`_LY?{YW%zfY7Pn6U0q!jnXv&H
z#N?h+$9RnZQ6<Osz6}8<)cKoDwwq1Q50h$uo@~=&0A2LcG1a}Zd5=Sh7k!?YGTZ9U
zr#nrX1LMB<e|WX}=HL^=GyHy<GLxL*uOGYja;5##-n?NoYWK^nHfq!t^H_NEiUvHt
zPwmgmm=Ei3X#fE4hkhw6eK#J#R)+8<%V&e*NB<n;P}rVM_7;9rn8t!WSq)XDfoVnk
z6lTLb^W2L;_0sH&F}B-we+d`bEn8@CJtF76cQ@^J2BjpQ{dm`-0m6GTYvo@nI39nN
zq1m&XnaN$tEjh1eW~%z)L-Qit5U9uD+ADAp>Ik+Xe-R#mCP^sO9@!!#-%i1U4yq^(
zps6@uM`TH)w^-|0p5h?~epIK9@r!u8Vfu3v(W~I_b;s>^RXir3NlV=XatMHnr{2Hb
zCQ+Q%>iPvV7)bv}Nw&Lc)hL0|x%0iZ%^CMLZb$~|bTzy!$YZL-uJk^vj<wqzC6yff
zUcLuiE{=|ie)k!Se_s`E$fRs}B`7d*o(X6c*39t?FD~&t3b^ml`5W1BxqLr}NqRzB
z_`Tm}X63ea|J}`sl6{?5Yb--!V^hOpa_0~t$tfZr9|2$%I6g+#=Nrkke_HuK&)S)o
zbWc*0?snY<5S*7JBh%;8k^)f61?`5@7(vUB%#&dTqk7lOCn+iTGS@3ZLz<j97pcjg
zSSi8usevYosL;}~%R1Y73iYL87h<>!%`e7f^b?4o?ld9J7utS@xLp=(I%}-n$?@`e
zC`?6h>k;lV+wV+oY#s>mn`abDkf}0<?1GK^ai^fhy1KmBKkXU<ruh~+t1?ELj3j3e
zo4iqT<^gJWok8I7%lFBzo+p{UTxcaG=$KTAP1>#LH0H%NX>m<`)p5yGI%Zs}9~v7=
zDEVjp+aT)|7a=8@Y~)UkXU>b`ZHMEjSc4AcIk|U-*?#e-yGtt9HP;so*QFDS4mKN5
zHgGz0kpZsU;C2s;C8LqYNC)TU<~}}6j^B>&<(LRO>^hhGUBCHT?R&fmrv+ZvcYe%4
zM^GgplZ+~bdd~Ad4-uXkr6ku_<N_!H0H7e)LAC%%*pcntYK{z!FnDbw#i`k${z-tw
zwt(gp!v91|e6Tz*Qp3tB(NyZ7LH>i;^ao;AFjfcXRRRKE2DxJE;Lxqf$g(T$ngFzk
zU(Tp^e0*M@m9=N_&OP(jT`sN^qFr%SAP(gJj(E}U#fy%Pt0@Ahnx7jc9>dSCuL_<9
zMMp;`9xNE`Y&Ezo`2}&VXXrGvDV7NZQX3d}nGfL0#vRpQ{W|ZRF*FnS@if&{MK)W^
zV|L+w$L<jgT;v-7)XT=<Fvpkaxo&&7Guo0U->!-R)tdD!`laFk(8=2YUquauP>4v;
zwjoAo|4$D{?pHGTYZ1fU7`V`rf*bx0IeauZuWI_00{v{b`(uC$IEpDLDd7ilT)Pao
zY%+#5m%~I2Uel%2KSGc44YXTLS5^X820HFvj&C0CxYS-kXItyjKRK1<@mRe4(JXWM
zg+S=Vg+Lp`rdXslFb%l4Sc8lI5a7Yy?l$bjsPEi!1CN$C=;A{N4t$?=wxvoWA(#f{
z=Cs)9uW^2`&=7P<{PW=QaHZ}s%=?S#_P1K*QjN+)mzv)(dtWlAt3kw23|@P-$JKp0
zSTbEF;zRz=P^n;cmcFpkUOqnmYw5%H?>+`Qo%I_BppCEK62HnVT<(uc9`^j6O4=`_
zwHDgXYyVu8yh0%S>H;=y*KTWX&jpfXgE3l^F8f6~yPo-)20}bU6=gZi1Hz?3cukuO
zpLu(G$#VKBH{j`@J278`rz##lz8yHb-S+3EZztX2<$hb$&@X@ppw_a%9Z{FH((K>E
z;!DNWjaKY+G%%o;{-FfIvs^Y<WptzYL+8rLSp*>+&j3Tv43ia1#9ynsbr>&<fXBQ+
zsr2i4!4e`QxNR4?^knz)Q2g7cn}+d5_X8PH6q`I=l6r9k040HIJ2a(C6i%A)?1bpq
zd@#5H00(Nb+u0vI`ytQJdO5cA)IGMoePc1rNs4eu;!mrMC=a@(y$tpMx|amhavq?B
z)zmegjB7`Tz^QM+p{!b6Oa6NaDog>IEw0T%ShBy@R+IAbI3Ig_c$~&-Qj@;yw@ay}
z6vQ($q?Tn=4&de-2W3QU+x<G>Z#*@%@bHTw%=K|siF(bg48c_d*ov$8>1ER-6KW~{
z06wrnbW7~XMfkuYGAaGF^>xvTez8&AqW75Z^%GasUWJ@@tcp4j1CNpc<UHdKTlcTF
zY=VFL9`ZSwq90>kvzIf!*dqIBH@hc0CizG@4}PUPq%_}6a{mu|y!NXXAF?@$nVz3o
zbw)lvd@jE+n*Cv*`3?h#H@Aqm^Rj_<4xxZ(mZux~h}C)Rv3qVMF}oi}SFi)~>XevT
zix>~$s32@Pr|m?_hZU@onfW7>AK2BQ*Mw(_p=Tg-FR%I+m=zVdrTw{gwONo(g#Vv_
z&D)N@;~Oly6@9bMyE4XTYDeI@{@$9UZ9KgDL^2`hqwRRd`<&YEjU`&Ps^+sk19y+{
z@pp;z&T-?~<}(J%o<uSW)?6qhi+O|?oki)geZBniXRQ4gDE<HJCanNs^z65or7bv=
zqq`S&o$b+4D(MbfOY;7vqyL~+3`09EwLZHPX0J8=Y%+Y4?Ve7@)yZ#?Ae^*I0sxCl
z`f0y;pjV8-;etw|JNtwlAa~7AtZ^@{fVH>?z5U{S&ghJ@W~i%RRj9-5Gd$8Hf^<3`
z?)XXYB5!&bbxYX3>87(?iph6Ya&vb+qZT<ax!Om8G&tE~^j}`xO~Gn7JX>;4Efip@
zHEdIN2g7BCOVUkwLeUH}R2ynN!xV7B9*1(A(Kr!lF@wB-9T?;4$=H-N*5N?@%QO|H
zpz5~a?5~IX7}prooW(0Po%@%jjr$o`$`Chhfb1<P_R=#{T&U-(9<@=^+bIA*lZd&i
z$Gcx=($@(Kjhh!TC7lQd7vdRf{w|-6aXHV;fXzH!hd)1cDmz8e?cXlMEMbCWiB-H;
zTZef(v<`RjU!8HQX=wqb8?tPQd-D!xccl}wD<?rG$iE3(S;`H7cp3PA7Q?vmYn>y0
zn*yp-#VRLtx$CWH^nru;sFN~8i`_DKPKg2WjtrRAS>~P3?ML~CuWoyE{Pe5B{=AGT
zf+dv7zhBP}I13nchKo5;^O&;xe-nQD`F!;-{6mQHuU8YQMq6)HYabp0tw&;YXY242
z01ci+jQ^?mt5x2B>(Kr-y8T@eYD{?>5@?0^`Rl{C!GY^PeV1wfON--U_FQjY3Kj0}
zjxF7SpK8B225PTVYE=U7|GMkPH}LA!am5Jy=TnO^hJ+wO(DhQ4@Qm%x&vVzQ4tYT@
z<Nbobhwtv>av7M)nKNqjBR`me4}(}j4=OUJ8GfNcNrrhy-Y!|71-m5%$mjx5q);H;
zLW~WF5B9}ld`k2}7KQ8|_YSAm_WDk7TZ^~gIq>s}JEbly3D+<Fgm+-RYdrT6mX_Ao
z;^}#|`Stu0YhRwIK}JAW_nA+98Lsp5l;QsP)W_O?-bUzZ0!oUh9?=y%V5k_Fb^KBi
zXP_Q{PL&YvZ%<7(7)(v(BzS<g2OJe+a=V(6n|s39zSa#(f*NcH`J`a5`E6Mu<{%g)
zdNMq}^qpW){6s=ncB$r9HW9?C=GFH<_zTi|aK1wmXAg9JXRl!X7hdsi<t&u(vVUwT
z4wV9#ggQdHPkgG|Xo$r|sgOrr)$!p>$WtHJ_?~%rsdRya9BqZ1KaRH`gZnp~V#;M{
zz{P@32c8}(^f>9bwdmw8Kif^o7U1@Z?KgdSG5KL{$7h=#6G6<#`c9|wVPmTR(w!s6
zeXl2DG*340LS%e#v+mWatKLJq&y}CGG~b?iHHwfslHBad$R|s6WAb1okLctt%K-yV
z{Pk0*h7IuU*lK~4gaAyl{N>JY%Z`<P?gqcFQu%syi1g%SHmcOr18<3bkq>m^+IhBj
z;_U@~j^*?}3N>qgw*Ci~$8FS%PT!SZ6S*$<d{F8%l46ONQAnw~XTGuhpv}M5$ciao
z3%os9)UL0wkJJ{}Po2*U&IsHcC682#T)-)V7$e%Q{r2Xgqdo69=gW4AEO1MaeSNva
zJJoK$ANQOcm3f_%sh@E-cHD)fpR3HO$FyH3kopxuW%O7K<bf$bRA!Fl39B?70_p4F
z0w7u7e{j%=^W(nQZ>yo5S*>;-;U?pdaY{DCSsK8|=Nj|lzp!BNj?@gtGSh%{XdDUK
zmp#Qg9+izG;Ep+B?g9H>Bi{zS-Ovkj3mW|eg4A!@tg*%~B_8K!z2Bif{Q5p<L{MdT
zUV~4McR&t-{zbRA=so^nOFPRI=qC`O+5AXjRzSKb82Di7UPC9o=$Zy!*CPiqOv>A@
zdE%JXe6-cb7Z0*Gq{OI&@cV>YmVGq&asGe?sE)S@C3JNlcRcImD=D#4j7xG8Hz>Cg
z&IDhIffbIfR;*tq%0JfttgB9rJ%`_JFq!-9Q)|b4eNbDxp&6KZ=JP~)iqOwk^~HWW
z?3s9~4(g&~JC8!W27mK*q&2oYmM*SH6s~#aZ<QS+AnCk0qg|Qlw(wr7<@>|88Hn#)
z_=sM3=U6c3iIaPH=_Y|sSIrN9X3?R&Y91}|e))@Lm$`lKj^tAPkR<a8m)Ytc?+7*m
z*$}^ht+D(vdK;ZfS&ov1lS|g|KA!${X;MotP%_qz{!ZO}j5?cXx+!j|<G(RRG!$`v
zwt|<tgFpaKcM{OVp2M(5X^U%sU+T+-K(hR`Y>~hrz6sWCY<E6Z%6;!Zr0J7mJ+O4N
zias4_at8is!uUpz^`GHxNnv$hu{+k<OYnWnB>Z!d&mRU}d7dr%WmgZtT(e{+Ex56=
z0fb@yVbFM5AHqU!So#r?8TZeDW(-i-|NO5F?%*CwgC-gD83!D0bV4E^A;I_W-Wb^O
zrO$7IYLT%}LJZ_emkv-#SVCWK!m|>#fOe)q$A1FxqnH!6^MJ@FiiPd(+@IjU!GD4^
z&u=o`#B_i4SdkE5>EqhIcK~MO3545kUP`_B%I#@cAc24Ynhb7UD!=&(IP(B_3C1Aw
zcWNqj{|~12)Xy&sy7H~YOj6IpfEnE>`gh3!<ankxt2t<#%(L^^znc>)!hheQva%A=
z@$Mg;lpzSfBkDi}i7hs!tg!=rMe3(d>O=foc$np^zpJ8!L2GVkdA{H{&dSEh&daMc
z7ncSQfA}x)Zx?U?RGo+)*vWaj4z!c00Zxyg8xv%F#Ag!V&27vL(c$BL4)Id{+NoSB
zDNOfjxeO>Ae0`f|=EN^#zU}=B;0llf!E>yR(qp_WUXy78U}KKm&=mN3`OVi)yG7=B
zk=q~plr(IMA1L-JirN;od5^yQo67;%p$sfj^ixmuzjtV1K9;}(Uv#94`{=)rjB0@{
zz_7Rmf&au@l_89VzyrpMl`ND0R)0ID0CH5sGm`Z$D4r;fd!u@AU$$<{{<kiL9$4)h
s7eV9y6#gM@9w3-&+C=~VoeJt2tCyRx&rH&h0R;Ti9%?JqC|ZX69|=_>DgXcg

literal 0
HcmV?d00001


From 743f04c5a8f2c8d9ed5a12dad739edd881099e72 Mon Sep 17 00:00:00 2001
From: Matthew Titmus <matthew.titmus@gmail.com>
Date: Tue, 13 Jul 2021 10:43:14 -0400
Subject: [PATCH 19/21] READSME tweak

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 538f667..10cf3ee 100644
--- a/README.md
+++ b/README.md
@@ -136,6 +136,10 @@ More information about permissions and rules can be found in the Gort Guide:
 
 All command activity is emitted as log events and recorded in [an audit log](https://guide.getgort.io/audit-log-events.html) in the database.
 
+More information about audit logging can be found in the Gort Guide:
+
+* [Gort Guide: Audit Log Events](https://guide.getgort.io/audit-log-events.html)
+
 <!-- - execute triggered commands anywhere a relay is installed using a tag-based targeting system, -->
 
 <!-- ## Gort Design

From 898bbfc34ff92614768574d08d119f1d36e97ab7 Mon Sep 17 00:00:00 2001
From: Matt Titmus <matthew.titmus@gmail.com>
Date: Tue, 13 Jul 2021 10:50:00 -0400
Subject: [PATCH 20/21] Update README.md

---
 README.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 10cf3ee..7abb281 100644
--- a/README.md
+++ b/README.md
@@ -10,9 +10,7 @@ Gort is a chatbot framework designed from the ground up for chatops.
 
 Gort brings the power of the command line to the place you collaborate with your team: your chat window. Its open-ended command bundle support allows developers to implement functionality in the language of their choice, while powerful access control means you can collaborate around even the most sensitive tasks with confidence. A focus on extensibility and adaptability means that you can respond quickly to the unexpected, without your team losing visibility.
 
-## Documentation
-
-You may wish to skip this page and go directly to the documentation: [The Gort Guide](http://guide.getgort.io/).
+The official documentation can be found here: [The Gort Guide](http://guide.getgort.io/).
 
 ## Features
 

From c5c5eb21de4adc8e1c63a7f85c397fe915458f28 Mon Sep 17 00:00:00 2001
From: Matt Titmus <matthew.titmus@gmail.com>
Date: Tue, 13 Jul 2021 11:02:08 -0400
Subject: [PATCH 21/21] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 7abb281..effe6db 100644
--- a/README.md
+++ b/README.md
@@ -87,7 +87,7 @@ commands:
       - must have echo:can_echo
 ```
 
-This shows a bundle called `echo`, which defines a command called `echo` and a permission called `can_echo`. Once [installed](https://guide.getgort.io/managing-bundles.html), any user with the `echo:can_echo` permission can execute it in Slack.
+This shows a bundle called `echo`, which defines a command (also called `echo`) and a permission called `can_echo`. Once [installed](https://guide.getgort.io/managing-bundles.html), any user with the `echo:can_echo` permission can execute it in Slack.
 
 More information about bundles can be found in the Gort Guide: