From df8a93b68787b6243bdcff5ab12598644753ac9d Mon Sep 17 00:00:00 2001 From: RLRabinowitz Date: Sun, 29 Oct 2023 18:06:04 +0200 Subject: [PATCH] Create testing feature blog post Signed-off-by: RLRabinowitz --- ...30-what-we-learned-with-testing-feature.md | 184 ++++++++++++++++++ static/img/blog/lessons-learned.png | Bin 0 -> 32903 bytes 2 files changed, 184 insertions(+) create mode 100644 blog/2023-10-30-what-we-learned-with-testing-feature.md create mode 100644 static/img/blog/lessons-learned.png diff --git a/blog/2023-10-30-what-we-learned-with-testing-feature.md b/blog/2023-10-30-what-we-learned-with-testing-feature.md new file mode 100644 index 00000000..644ba32c --- /dev/null +++ b/blog/2023-10-30-what-we-learned-with-testing-feature.md @@ -0,0 +1,184 @@ +--- +title: What We Learned While Working on OpenTofu's New Test Feature +slug: what-we-learned-while-working-on-opentofus-new-test-feature +image: /img/blog/lessons-learned.png +authors: + - name: Eran Elbaz + title: OpenTofu development team, Full Stack Engineer at env0 + url: https://github.com/eranelbaz + image_url: https://github.com/eranelbaz.png + - name: Arel Rabinowitz + title: OpenTofu development team, Principal Engineer at env0 + url: https://github.com/RLRabinowitz + image_url: https://github.com/RLRabinowitz.png +--- + +Jumping into a newly forked project can be a difficult task, maybe even frightening! Now, think about jumping into a production-ready project with nine years of legacy code base there. On top of that, you have the task of taking one of the project’s new features from experimental to production-ready. + +This is our journey with the OpenTofu testing feature. + +It’s an interesting introduction to what’s going on behind the scenes at OpenTofu, as we work on our own pipelines. In this case, we are taking raw, experimental code and turning it into something that keeps up with (and possibly outperforms) Terraform v1.6.0 with the drop-in replacement, OpenTofu v1.6.alpha. + +## The Feature + +As part of [HashiCorp Terraform License](https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license) changes, we joined the [OpenTofu initiative](https://opentofu.org/). And one of our first tasks is to get OpenTofu up-to-date with the upcoming Terraform 1.6.0, which means getting the testing feature from experimental to production-ready. + +At the time of the fork, the testing feature did already exist in the codebase. However, it was still in an experimental state, without any documentation as to how the feature worked, and without much test coverage on the test feature’s own capabilities. + +That meant we had to figure out the purpose of what seemed like a WIP testing feature, the pros and cons of this approach, and figure out what was missing to get the feature out of “development hell” + +We started out mapping the feature by doing a few different things: + +First, we read previous tests to understand how the feature behaves in different scenarios. Next, we thoroughly read through its code to get its ins and outs. Then, we tried it out ourselves to get a feel of using the new testing capability. + +These are important, as you don’t want to just jump in and start changing code based on what you think it should look like. You need to understand the architecture and intent of the original implementer, so that the code you write complements it, rather than fighting it. + +After this effort, we had a full grasp of the testing feature. It was a framework built to help the users test out their configuration in modules in an end-to-end manner, per module. It makes sure the modules act as expected in common cases, while predictably and safely responding to failure conditions, like a misconfiguration. + +The testing feature introduces `*.tftest.hcl` files. These 1) describe your testing suite and 2) support a specific subset of HCL blocks. The most important block there is the new `run` block, which constitutes a test run. + +When executing `tofu test`, each `run` block executes a `tofu plan` or `tofu apply` behind the scenes, running your module with the configuration specified for the test, and actually creating resources in your cloud (in the case of `apply`). + +After each run, it performs validations; i.e., it makes sure that 1) all assertions pass, 2) none of the checks are failing, and 3) the `plan`/`apply` has finished successfully. + +After tofu is done performing all the runs and tests, it attempts to destroy all the resources that were created as part of that `tofu test` run. + +## How did we approach it? + +Throughout our initial testing and code reading, we made a list of feature behaviors that were not covered with tests in the codebase, and also listed behaviors that we felt had the potential to not work properly. + +We mostly relied on the code we read, and our knowledge of legacy Terraform and prior issues. For most of those, we ended up creating [pull requests](https://github.com/opentofu/opentofu/issues/8#issuecomment-1697596854), adding test coverage, or actually fixing bugs. + +During our time testing out the feature, we encountered some bugs, and came up with some suggestions to actually improve the feature on top of what was already in the pre-forked codebase. Below are some examples of such bugs that we ended up fixing: + +### Bug 1: Sensitive Value in `run` block + +**Bug description**: `tofu test` crashes when evaluating a sensitive value inside a `run` block’s assertions. + +While playing around with our manual QA scenarios, we found out that running `tofu test` can, in a certain scenario, crash the program. Specifically, this happens when the configuration includes a `run` block that has an assertion, and that assertion itself relies on a sensitive value (see the code sample below for main.tftest.hcl). + +This isn’t ideal, as a crash in `tofu test` means that there are now resources in your cloud, for which tofu has no recollection. + +You could achieve this crash by running the following configuration: + +**main.tf:** + +```hcl +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "5.14.0" + } + } +} + +resource "aws_secretsmanager_secret" "my_secret" { + name = "my_secret" +} + +resource "aws_secretsmanager_secret_version" "my_secret_version" { + secret_id = aws_secretsmanager_secret.my_secret.id + secret_string = "secret_value" +} +``` + +**main.tftest.hcl:** + +```hcl +run "secret_test" { + assert { + condition = aws_secretsmanager_secret_version.my_secret_version.secret_string == "secret_value" + error_message = "bad secret" + } +} +``` + +Running this configuration with `tofu test` would actually crash tofu. `aws_secretsmanager_secret_version.my_secret_version.secret_string` is a sensitive value, and OpenTofu crashed while attempting to evaluate if it was `true` or `false`. (You can follow the [thread on GitHub](https://github.com/opentofu/opentofu/issues/254)). + +Debugging this was a simple manner of running the CLI in a debugger (using the [`debug-opentofu` script](https://github.com/opentofu/opentofu/blob/main/scripts/debug-opentofu) which uses [delve](https://github.com/derekparker/delve) for debugging), then following the code and the crash stack trace in order to figure out the source of the issue. Finally, in order to figure out how to fix the issue, we checked how this issue was solved for other types of conditions in the codebase. + +The issue stemmed from how the evaluation of values in HCL works, using the [`go-cty` library](https://pkg.go.dev/github.com/zclconf/go-cty/cty). We won’t get into too much detail about how this evaluation works, but certain values can be “marked” with additional information (such as marking the value as sensitive), and certain actions cannot be made on marked values, causing this panic. + +This is intentional, to make sure that the code authors always handle those marks explicitly, instead of relying on some (potentially unwanted) implicit behavior. + +In this case, simply unmarking the value prior to checking the boolean value of it was the way to go: `resultVal, _ = resultVal.Unmark()`. You can see the full code [here](https://github.com/opentofu/opentofu/pull/263). + +It’s interesting to note that this issue had already occurred for other such conditions before in the legacy codebase, such as the [`precondition` block](https://github.com/hashicorp/terraform/pull/30659) or for a [`variable`’s custom validation rules](https://github.com/hashicorp/terraform/pull/27412) which have similar behavior. + +### Bug 2: Null Output Reference + +**Bug description:** `tofu test` crashes when referencing a `null` output. + +Similarly to the previous bug, we went over our manual QA scenarios and found a scenario where `tofu test` crashes: When a `run` condition references an `output` that has a `null` value. + +You could achieve this crash by running the following configuration (More info [here](https://github.com/opentofu/opentofu/issues/257)): + +**main.tftest.hcl:** + +```hcl +output "my_output" { + value = null +} + + +run "test_run" { + assert { + condition = output.my_output != "something" + error_message = "good" + } +} +``` + +For this one, after some debug work, we found out that this is due to tofu not serializing `null` outputs as actual outputs. They will not appear as outputs in the state, for example. + +However, for the `tofu test` feature, the assertions had to evaluate those `null` outputs as having `nil` value, even though those outputs are not serialized. + +The code was as follows: + +```go +output := d.Evaluator.State.OutputValue(addr.Absolute(d.ModulePath)) +val := output.Value +if val == cty.NilVal { + // Not evaluated yet? + val = cty.DynamicVal +} + +if output.Sensitive { + val = val.Mark(marks.Sensitive) +} + +return val, diags +``` + +`OutputValue` returns `nil` if no output was found in the address, including the case where the output value was `null` and therefore was not serialized. So, for the fix, we made sure we return a `nil` value in this case + +```go +if output == nil { + return cty.NilVal, diags +} +``` + +You can see the full code [here](https://github.com/opentofu/opentofu/pull/267) + +### Other Test Feature Improvements and Suggestions + +Other than those crash fixes, we found it mostly lacking in test coverage (which makes sense, it was still in alpha). For the testing feature, we saw a bunch of scenarios not being covered by any kind of test, and bug fixes were also often missing test coverage. + +As a consequence, we’ve added many new test cases to the integration test suite of the testing feature. We felt higher test coverage was quintessential for an open-source project that will be widely used, considering most of its existing codebase is already pretty old. More info on those test cases can be found [here](https://github.com/opentofu/opentofu/issues/8#issuecomment-1697596854). + +Also, we’ve started creating issues for suggestions to better stabilize the feature. For example, a failure during the resource cleanup at the end of a `tofu test` run might fail, causing resources to still exist in your cloud provider. If such a scenario happens, OpenTofu simply lists the names of the resources (in HCL) that have not been deleted properly. + +This is probably not good enough, as it could be very hard to find those resources later inside your cloud provider without further information. So, we’ve suggested to at least print out the IDs of those resources, so you can find them more easily in your cloud provider for deletion. + +## What we’ve learned + +This blog walked through what we learned while working on and troubleshooting OpenTofu’s new testing feature. We used code debugging and black box testing to build out the feature’s functionality for the alpha release of OpenTofu. + +Through this adventure we’ve had, of learning the code of a mid-development feature and stabilizing it, we’ve gotten more familiar with the codebase and how to debug it. Beyond that, we’ve learned how to completely build the specs of a feature just by reading the code and playing around with it. + +It’s also given us a new appreciation for the criticality of testing for open-source projects of this scale (both for documentation, and for making sure a feature works in the long run), and we intend to increase the coverage in the project as we go. + +Of course, this is only a small example of the work put in, but it gives you an idea of how we have gone about creating something new for OpenTofu. It will not only maintain parity with past features of open source Terraform, but keep pace with newer features, and even go beyond just serving as a drop-in replacement for Terraform, developing capabilities that it can call its own. + +Please check out [OpenTofu version 1.6.alpha](https://opentofu.org/), plus our blog on [getting OpenTofu started](https://www.env0.com/blog/opentofu-alpha-launches-try-it-out-in-just-3-clicks) and installed. diff --git a/static/img/blog/lessons-learned.png b/static/img/blog/lessons-learned.png new file mode 100644 index 0000000000000000000000000000000000000000..8740c3e402d3196d34f1b6d7d0ac9a49fdb839f2 GIT binary patch literal 32903 zcmZVlc|4Tw7e9{QV;D;__H1Jr5wb+GWosB~DWgzPmXNVi_I1WEqHL{_7-Wf1Lb481 z5n+%$TV&0?@88?&{rUWU-^b%S|IK}$`#RTlp68tBb*@E5bX8+*D(bIf$>aDFNNUJhS4`Yp{OVetZZpr6!u4m5Biv3MAafLmczE(21 zuwQp4Ih&)ci}%8{jykx~9i5$R4_{8N9%yy!^^_x%*c+#Ij*dE()HO zy}g$6i;ER6UhqHx0KJ`?o9m9lHA_fJBG3+22sDO?AMALX;g)|@Q+KT}{`>MAL;&3k zKEvLQLZBZ6{ssI_If8$sv>Rb$pBh)ZI=dqH_Zg!-l*VUs4junr11&KhAo(ICJY?9y z!a@`r6gZs|LP<|gpGjw@G!DWkHS2_~fdQA}hCXknd%L^;1b)WH!R&;klf{mkN1JSs zo?rR~J|sg@Fq%&x;IowC!oo+d5ERWoKj4$yvKaVisu6Ew7ha=?=l@Ub2lhsooo9_S z-sQi)SQ+rIf6XcUjsN;cwuwSe1_G4%UKv zxEo<(;x-T|Io;!x6p#M^LE+HG-$a1_Mq?zfl`5qX346xswGX~FLT;r=od^G3b#|7_ zaX)_YX7NIGRTW$cdDU9#WNqi?^77+}O^UvhquY<~62+lie0_cY>lW%k6=P4W6qbh` zA;nPpacznf>|Bla#W+P!YP|gO=e6A9C%T~A3ow<4+FR@ zLcP>gRPLe8IF!gAd?!qr0kYH|8oA5roD==-MDL5IN7nm&;`7R`0{34;sXcy(VLZr3 zpJEmJgO0?~p*iwP?eE@=+*0D^(SfoUs}BE@gRyhgdd<>`FA;k$xve{_Py3nkM#&xq zJSINcp?j?6OH1T>%H@0*wDDaCsOb(#U$lrJk(iKJBXH1y;1t`uVd1iQr;F9s-Jj0C zV?MBQiM>;$wdm(M`>EncEWmN&3V>&fLP#k_!nor`K9uLBy!Hoz;@BF^KG3YrSU5#8 zuKbLBWx?U|7Yd;V&o{>0upDXXVfFb--QKQ*psx)M z4P|ff^x9-GF$u714)1d*0=V9FqSG%HopQQ+4`G1?7E{mXzRb$;76hUK0h+9Z@=R^? z7FSdP8KUzjWDp>8_#o*U=mgGLx9W4Nv12eG4#ONEA1Myak?e`=B}S{F@dk6rG?EG zDAF3h1N(*3x`s47%0&Xo2m?O7vME=15HFgP7x$EO^Mzu#S3GAMc6BG^T~&MSPPP^>E`NSu}9iDCuxwkW~!ZBb+9Y>y@bNB!YjE<&y&{%8Ly_w`SJ-NojfG4oGTJ> z4GlWb8ZjI`B(K*SB6sIJPsXn8r>N`_B>k^6?A!m4_VGd;pv=Bhh{J5e_p=fqpY zfzJB#N`hs{e4KoVu|N?2r&CMO!esd|8FKa;RRqEvLl>QY>0QyAxoAqctgS;4GJMc| z*r~Vc^UqvX5rx9=D~pG5S2je>O?m~p>1(zU@-omL6$Clc%io7lt8?Mrxp{dpU*Kq+ zuQ5Ueym6TuetlN+^G913j;b0-KZYaRmL-Kz#?PTx!C<-bf}Fx;oj`yRJRu3fWP7{r z%7(5_ew=+>lIZS*8#O)dWxG)ed)4qd>|cPJjVd~RGVekqr`E=M7y@W~8^EX2_5KtuHj1G^UnpB zOd90-G)&Z%g_4x`G3siME_wD1Z;hmiegx(R4U9dnhbemmdN*jA0Ilaoc}sv z!-Ec;`iG+P{5pn;G22nWht8~JfDLixX*=qwA}?KoOp4WwOWFZR%C$@D8=Lx!f)>Za z-N8D2yr;Y@pvS``kiws)ha%|5k00|TNkqclN{0tSP#W-H`my14LNZm1s-ms! z36y4rJgA+z85FDJ!yET&MnX6C4BmZ4xvzVeD~v-CVA9#I%b^jr6KFBm;)6e;@5&AdY}6EwEo6>0Yo*6K zzSBBY^<{BvN&r~5G4g{Zu?}V=i;v_aGg(RC9lvQkoim*(X8`idhJm-3Eu^`m*clT} zOgHWo@Z?*|CE(`G8kPs%xTM$}w60R9UudZ2pdLht7za~2ZS~Qxl|G57fDa&Ro2vpp zx@(!XL~)>JPSpjU!#$qS+U^@_^ync1WnoolJgu1ddOR3;n?N`tPA`w>xj{zyejvmwY~T zW)4OiW{Mz_7z>biN186--ZJZB5={}JBw27bp9I&GLn{=BQYRPdi)Qn#{vUut$@?T- z{(G9HW+g>~N5X!^gDp>FK??2+o1KK(3+bNUIf&tfBe@lS2^aw`aid-v`hH+!2}h-Ku1p!R=Og!~5)3ci;Y8)}=%`n3cp>a<6SE zj08t;v^&PxMw!5 zZ|Ir^usOv5V|bW;L6v);W6B(i%<7uSCn7TKM@;SfKuUF4mBkO1mzV25?O^8b>H&e= z%JPn*oKTHnrlxQ0XIWdJuuSb>uLQa=%aPXvtJwzTLI*Q8X#p%(P73@QovUG?UR4&R zcfPp1x36|(@-hB~iIBG4b%C3eTNwzcQ_-$PH)_gvCkjoE5>t~uE}g3g`z1PfsdMPE z3T_|L_7|ueWb}h0kIcFn_Ds?)8XFH%>vhlj&fH z@wDs8jwyjNo{c2+S=w96xOZnfV+qkSepwAkH8vmEh0Ppvf)y_}1F|NWX;!D1_`Axn z&8QQ?&3MW$-z!a`w+%mM`UmR{4Rv4sD}jYtNnvG1%+AS&ZQsYy@$ii1bGGCZ`cX~g z`4rQ3zkp%d!>Z!HbMx7LR14CsUJ-ZCmUrz-Xi7#q>}N)!E|Y+Qe1!>cqMK}9ewkhI zZHc}PMu-W?US&``{=)Ai{~Yh;4bv{@lEQ;i& zV!Og(a-1Nj%Pb2t+^$qqkkJMIEqMHNXl@&a_DZpOGU_HHnHXwBt60&fQQI!KOs50F)_hJc^?&)=jW6_B8~ zjz~VJ{!{mu*v8_ii`Qeq1;dnyA0RfT?|W>Dd^CMuWCIgb%hA~z5mVjaIs?=Qn!wo~zIXlc` zU%b9zANK*m&{;K}$8~}~H#PK*UHGnvosqb=3MeX33`^5(2GZVjS=rBIUkBGFPRg-= zy|9;Cmt^wIo~SJbqSq?gIV&jrTLpu%P&Z=Akx?OP6Tc+%hFufS*5qA7jUuu8P z566`xb`_LT6#QFOJU5tu8N*3>kI9*nd;oLW_uUq64iywP`10%SF1N{T^ z3VE%zw`}<<^r)mh4@Hyx%wpYp z#})m_s<4kk6caRaUf&*?At$9#AkY#YKzY*DZQbSn>{h5)^E^4_2@6tMUC^JsCF?># zk_(F{#ye}{B^VA}NV)Hg`)L(_4zg_M$>=bVsq1(*v9N^~=W!zKCogf7J!NqW-BD2!Rc zT1LVD{_^d|(t4Sr8E@3h-Kw6;n*R5vr(?*?vL5GhQ;2~_k{G92>%YVwv0%t}qo3e9 zv;0OL5D-q{Z&5fQ|&&$|;`jFvZNat&gN z76XKINsX~oQf8*;>y$JFvPr(HRNk>e;O)F-tS556hsc9fiGn{YH^-2IsiYqz!){Oa zgg>*NF$vtWNE~`y2q6~m>Sn7vGR&x<_=j$l+7${}S=Lqsx7F5f))SI4Y3q6c-rh+c zAUSW{G78dHQ8=mO;^MOs^;y15{0i6a*kd+6s2+|jSsUrH@lJ8Zu(E~D7mP^@aVtrA z-((lXoMBfXzyIFUEb`?+^i12m}bm zheL^*uLmx5LKnuJY$fIy*7`Y1ClQxG7t=Nr@q7+ec`VD%&;Rk`$8(r-|3?^lXCkaN z?Do7A_n>%JW(#S-ws!C;oU4&49}R~Rp`Bc|Cv!Q^Ydgl_u2d>Iwuhz z;So2Ut*Xtei;oiCZ6}bqPmqi*lqmHaaj_UE2rlOqPh(vAuejvk_t#7ca<%1@7x-gH=8(yxH z2nIcH+mH(jTh#|O;8KxncaHq-otwlDAeKFS-IY??*|_;F5a0ClF%WRJvaTof4(Ozi zmR(@fh{N*wkG7TjF{FR*s&qW0857Tbbhf$eiB~o2vDtXxdG~H3J}avrGlfZj#h?f7 z;o$+}J}C-~`=jh;^VsV2S(}3_(Tgm|@bT4%oac0&E|E|M$&DHz37)5RJFg}i$zO0qTKO@X3Ha2mJ{xRQ*aZUf=E|z_^ReiZ>+?* z6>mrUogjIG-nLN99f*4vlXt8es6m;T-??+=*~3$T>hC!fqhdk#?Xr-gEk?)!_r6*s zQ64DZ$Ld)*40N`a$A5VDL`Un0i5CnDx}4u?%Mh|eaZ<2I5(QkRQ?6bP@uwRNtMz<9 zB{E@_bLY9FI12>g2xL)jaEQ2H(mEHUbn{NW0KFV%4C4LiXw@?QtcPk7QHcRL_~Vtf zr_#rvMWHgXkBsf9B6ZVV@MXP>SMaL_oio9`vYb(m$f9=QVN$8Z?Pooov6mr>L(`Hn z$3VEbwMW~C@WM;FXQ4TKdYO?r81l1a9~34TN4BuGehta&>Rx0Up+L&uo>fzwGbfg# zu5e2U-03z~K5i2$9xC+&cVC4n!lAIc)oN&gDDVU{JEzZJ*0JJgL5=z}cGUBx8*K=8Y$M1rOU` zc0h(h_?#f8KIZvVa9`48N2O}}b2EU-)PhwGnYTd*ylR1IUR=@+!&@7dqpj@JWBucx_Bo6a?VO> z?75}Q{iBDpS%KXDNoMXN^eMMt+zn0PJ4fg3BtQ`}?&SckWwB6tggw|X`oFqTbZt&{ zDQ9%Iv{|2~K;^iXFIjxl{GdDI%kxKDQIH-%7}JlY&Bn4k;AdB_FtHPL&7|>;#Y?j& zi!n2Srag|rG2yS_Na$0JEd0SC!3d@|mnI0&*dCyys=E4Jl0Hq1H=0Nm1;hiG-bnLT ze$<&+f3{1K5mB`hEeN$&5ZAo6T+#wVIi|%oqG@Ak+U&U3=w=X1w$W(Oq3;(8_}LZPoKQXn95smpa2(}IUuaALtnzKg)MBwGRQH>K_7RhS-~>Zd(z_>w zd0u_AGE_j{0;=io_q1+qhzUt|*MK$#LO0XNLRm9$_y*>@c@Gfyt>tpm<4xvKCV{jr zo%m<0nRlO`j?;ZD0m4!wB>tKOb;DhT-~i_J`8WM$kvhcd&q_tj%S^~dYN%7p@Aadd z;hqM~`M}mAa)T(?Lun9d#8X=-5DsIk)8jgzq%5wgsF8pex9`cZrAM%yaU5eHvUe&H zPJKCSX@VQIytb+C13EyGr}9Y8+qdmn&lr~u5mR;rr3Wg(f$r-`as8Z+<()=lD=BvA zNLU8g(acncXqFS5ezszOrPV287XFcK^#Xx0q#QRB2SzmP6waHZEXTwl$0a2IE+@kL z2a3K7i_$Y!-p0_z9;UObozlVKUZFW^XZ%!WTxv56vOCLOXXsp;e~4w3QSdq*J$b zX=738@c9!=(Jj(v%rG2xHVT{(My+nWHRwJ1Nb)6Xa44MMdNls%Wgcnf;5>$B-jeWS z4=$tUy0B;jnrZ!32ZkXkssMHo94;yhV^q0~knhK2CyU+5zHm39c~5*}KK6^tsu!M1%_y%mT49F?`DTEtQD@^mAAL z{zF?9J1$GnWlMf7Gd;y!mOGtD7B##SeP&*VY5m?6#m89_%;!seSEM85qGB47m>3pj zcf@eb9N=DMC@jLl%#~1=3ttL3qr@ZMHYA~$@?D$3s3pN@fSqo`@mdfuD?1eubhCCp z1(FHcp{@=sNj{R4rhqsp`VfZpS9}fm*4Nio!R)xCT*y?(F45-kN1JD4R^V@gXE>9< zecgHuU9u$4ZzD3iUyY!dA4bQNyoktmMKh^A_!~nOWqj+#q+>2H(0+x!#lGztYiP4@ zpOEhNs>@M$>DB$^#U$v)37-b4M(?dG6HEE*8^Qzg^O;VJ<6X6~)U5G0#nmLw_E;svW_CZPh4k*-8H~T$%Du;~u)w_Z z%f;7?=Bq9j{f+x<)w-(u;@zQ`%9lMEl`mTvax(D07~#^o#g_F{1OGn-q!s2y*f#fP z)5r1g{G}LL(zycuF`;=`(V`xz(frAJyD$0LE*`_{g`J5{tB-n1llq=Ip=6vwu83KK z{<-%e%?p2n9x>oxfFYSzP@mon%yosqo@ar4#B>1am4rH9t>;sSeuV_F0A|x|g#7eo zOlU~5)R2}WstX2{%22%+hiOVF>!(ut1W!0TS$?@SMWV%@!5F7mY zlK|(9M+u&8xBQZG-X+F!NqtbP%S~ppP+q3crTg%-^5|d;aIf(JzXefUpMTf5_-u#J zMK-tz@c+qV(98}yWlfLZ7j?ut|K_8VcY?^REWAjbT&V4m-{1PH)HDC*S^K_vNwEF%J}`XX4H)I zkek5Hgea`0%kRg4?6EjG6=LHfh93Z_D6AHI|5jbtuWYKym-)5MB?hTd*~qgt-OU0P z2=G`#6dC&RJemfSfc?FlyQy`L>*zs5*;<`bPvIx)#2Z?VO%@I+u7n?r=TBp`dc$s)ny`Eaa9(vtLYPHwHlwYsbxs z;f(k_xRxJ+M1=`sg7+9^lTR-$tGm`9B%~TL!mjidG<y8^G~#2%mR_Bx|t}$}J{=Q;96-yQE_Q ztr@R*aklQ$nQ;Zi#K9qO827S!W4WkzKnROHZio$ZBpl8a>tJ7_t_cQae|=HGZ0C7V z{X--EJyxGs+DS;rYg#6qw+;?0&x`Vfk0@;Lr-(3Kbd0q-;q(>C7MQ*KNOX1YW98HxhikgVciMm_-- z1$FjnU?Za%EyZhptOxeisVP8S8IWZ2H&>=`wcr173TMR5E2%k7MdE&Do7zxPFTd6G z;Hs(v(teG6uVvXElYJ>0Ns7XHLQVPTn3bHT0|MtBPj;$6(u}vHf0s~B430eowXjP} zH*%5CbZwwRcOiSwsUg?ijxjq|O)kGNVe)#i95v5@OK2H7<74;)_Zqm@WO633QOox} zI0w4B4D#C)*prnF5qAaDnXS+bXRu-+YjeVKP;w0VzZSrW8DlnLyW%1j$Z|ZII0p@g>Sio%EnpKy(=!mM!(T} ze<1RDoGjKy8N;LXIKctQzR%940&HqSr$I*nd26$rRZ9%}g?_@v5_|8RQ=}WyO+L2E zV+_vKj>~u4Il*p3!_J&DVKy4kvUPYUBJi2Gi6l!@Wk|T=8Ov71iR4UUahv7HCm58F zxiZX%MH$r)U?F(mYw|?fw@0OQyDWM|L zR#KY+J}|>s2)t!ifZ6N%RMvECHcX@b!I_f^Agl(`vH5-%bH}lc)=GG@c(|7 zPfY*&>irV3_5~zRkofO3ZHPQB1IH@)_dl5@5hx8wlEwnTFuVo-<@Z`o;lfz*H?Rn% z%#;Fc4{j61;plipG{FUL?%kZzS&b#iAX1E>sL!8V=x_pTW?;W-r`VO0j6ArW6^eO* z{o2|7*{+II-~xG9M^G7CN;gfg?g8RY7Lif>5Us5=vqUfifg^XG07*jM$7SFd&6SlB zy6+P!XT~5NTO0Os5fg zi3K9^>-ACml9$4>j%?FAlo!k>eJ~dCf=9Uvj+Vm|G9W=>|L8(@CW(FLN-`bSNB6jT zjuwHg>^&jYpk}0V{rBY-55Oz18R@}=m!InxtvPtpBT^0jOFkN5Oq5jtX8)u!22K3y zJ6EQZluZnl7-kX6%}cesPHoW7h(OPSYe#@B#Ea-BzsupToq&X{AaR= zLdK07GFloOX+b85F|y#mD7z~{g~Ctmde$bloq<1nxyd4?o;Y4v1D;q{)x8}33WYH>AY>P%5*&Q{lh^bo=x ztLEF6kRj#>q|vl!Gc);+pofL7$0b_j?__PNS0+fQ`Hm!|lR&U5$JPL?%Q8&ZJZ@ZV9h}2z3JD? z{6JHRMYQG$r9_(^;Wze2H~rZks1)hV=$BvN3r9Q38i9_nq7l1G%jq45At7VQg>by> z?-Qb?n(KvZI+*yIg~XbbDHu11;g7Q8VWWXg{?OHxnd`iIM?&GgcF~aK_=bPYPm8sR z>j!=A7juY0SHH4fBd2hy>^EJk9?@PKD?|+Jd9mHWyq{c1XhrRH~pY9z+VKWLn4;w zLjDXq9bfp`|4=As{1y@^R9fshgMC+q1nR8{j+%7Xf?lPjmd3_1QycSf`DWm$9$1U; zDc_4D#|jOBr>nU$rvG+u5L;tp?mL{s4<8^I^F57d>(Znh*;_t!MQRbm@&I2X5aCPH z=!|H@Yd%g)99mxfU~f;4P@Y>@_)Cttjnl@M1|&k5Ueb|xx0cEqCSvAy_dJibz6LeAhqHP{aa5^^S)jVq;)KzIOBQD70=tP!%pPT-z)uT-x`DzrHG>NG>B!oj(DO0h7;EqA(%dgRHL#qAV&84rC6nq;0dZQ4u!3yq?eT9PT*u}?e zvx&k_uTAl@YKYu&A3Agmx(A_}v|8T5O~1D?9RnuOMO@$v3ioT8AtOlw>+9=!rY{KZ z&rHtY@={^TMnvKA0>u)%y?QhvF>H}p=5?!QUH_)mXg|5>EiRn8x^}kgZx026_BUuU zxbRPu*F8NSkvQvy20_l;N(M&ZZL`NRP{%Q*NV4Ut>8%3_>%}7_u*YzpMEY&ZTQ&X@ zO^65AnrS2HOWmB$UiMlkGI1{JK&Y1)Gs+Gw9`f>9z&{p--=!T+T#5PDb>n48RG_)$B6J$Ip}i)*9LW!pmv?#=xB2S(2DNcz>6TjZvJ_u9@sN46fx_akm( z2p{H?$9v}A`-bnoFA%tTxYF=)Xdzv`xJ+pDwre_A;WBHF5?^hMYmMemk_7{aBCcZt zZfDg!i((UolJvEn`gdE~6o=PxAFTM&Bl3a}g6%~l#O1U*_kT%VR8zvCdvE%DQHUfld>G^my7lYxLw*F>K&g4@FUE9ed^*ENHD)~fv!=6K z`>UfZJ(_~5g^K&=$0rns6l$Y+i)|g5q_VSXC(Q>@nmlg>Fa3J!kTUk{BJLK$ptCLHCO=y#eAIxPW@arzD zRD$G|o;6(!jog$tTv|Vchm?0On}pd0gg$sRy!P$nR6{exCuH@bAs-*Jl8$xNcggRF z=4+u>#V1pdClPBj`;zL{Y+;TiVANQpUJXaDYO)3Y5+oU5JFy}v=D@fA8F@C$@k$Zb z`^q$=4pmc${u&iUct2Y;k6Tgzesq!zEfk_kjkAR55%DX0YPfLXJyj`h;Df@IqrTM3 zC^zskks_|OW5;F2kHR~CB?{XP*7s?eojEG1-)@W~3MZ#mTKtW_7}U79D^hs-rx#Wx zvAD-Ue!A7C&JB35-tNf$^`>ljQ>fTUwR}254{dr@ z%I`phhc({y+7}~9LCfExH5H<`ap~!>dHj?MZQ>g*d?;ol=pnx0oW-k|%M08Z_2s`T z#=OgduatbjiLD{={JtG;p(3@b%>rBVYYqnBNSU78mvy}INhi1}1dcwaVGaJ3WY~7s z=)`$}CruP1lwfKnxn_h}5Ufk7ma;uPC=;1RiszM?Aom+%RPW!Oh0Y zR9;SlLI*DA{)}9QQ=Rc$@3(ii{@rwPTB}2{-ZGtza{AFtX-=VIgc)T0JU;aFe#q(X zXj;Velkt@h6*Y}+rN2+jVf=Y{JhFhVU)*Q#_5?FMS&Rz0bYljVzdtLkkCfqT6Q;4(&F5^MS2)&2EY)%#onxU3uu7 zI4F7aFH{vOW_!(Ut1BF4K!g=~Qp3qJ{uU_o{U(3XOu<`e$7QMTWR;9uP?bTFlsHB#KmLc+*S z$sq2H)+6wokf+xlr1r!*j#Yq@ajfF|JlSw#(2WP0L=XDh_x}H1qmFIF>O%pL+nu5i z*n&_e^>2YQo?cLDOy}eid{P=I4Hkv}uiHF=n@PMQ@3FqAR5A;R8k4SKy8iVRQJ9%8 zNu>iR&Asp9Po!f+DgCY&lYejdMo5P$tM*TnEfk&A%(u>z_G5y?(&lA{VbJ|fU|S}V zA>NT>h<*;H6?C)Wc18m|UX?8^_h$bPdyba!4sto%^MNN+s_rBK@8o|hZANQe6%xdpsTZ((!nfGYx2p?^kqI|Y-o}hNzOy2)C`oW zx|o|CfBsfXWySyW!iRu0lJ6_^roeEna`B#yK6H%!BtnX%x^ zxmPKEs-P*~T6W|Q8mq$O{~rSyNPQsXte29@_Wiz-stL&*OM5yST4OFSgGNNUEHoV4=8>vr zfRv0W1)Ov(E7InxX#_JL)?DCjfqV&4T1lbQx${1BwehLbB;nJJYivB zFh^qxrLfxD0n5}i31*m9yXW!R4py~%g4o^PPtn?17NEXL53FbnpIG!eJ9y^q!kc0E zW4(L3jJqE9pZI-mwv33VA2%tx3b2;(om5($0ArTy3-EN9mQ85Ghp?G9F-&|@nZ$rs zkJ&CdsJ*t4i8$CZtrX%j9s|e^%@N?~S(*V&0lLPY6!XF|5;oa!Y)F})Ax){?pR}K! zss7z^_bx8O-ZNd*yar4q{0|FNteiVeL7(LMjXyQehnDKoyj4K=EOh~<#Y4p%ZM`=k zC2G6hOlgE!&@F6FDOOKElKDwYCQNKjIwXQy?A=4*5feUq8ffzrcB4t1S&bydHZa~L z=3RiV6kMVs?LL0?Z%oUw)Gmj=u!H|Wb*3&va)BGrZQ@^bhZEB>uf4k&p!!3-w5M~# z9;C!U7I7!+V%f2s$}7#RfWbwRM6AU7+D&|Uh1|z1q{xUfW8H=o#zE6FpXSfPz>5Av zBE`77KkndgbUVHcBq5das`!5;4Oh)*v|fWu#?qeNk$WIrq~SPCxgPRw=0ry-BMYCl ze`|OFA18KJtwa4~%}AW*%s2T#+GP!ReCPbXD>u?U$jA$qEgk0fU4>i9dZlt?s}$?E zwx1{S52`f~*lu+zH&r}64-Oj*rl~WjU~!oxw_?8I1uyC8!{rj;xVql7*6ut#6ISb` zxviU>Lc@En-QO7DZ30{^y4+R_JN%}F)gHssQSRt&-!bs(UN92-{sZQXuRH7bH|HSa z0UJNxdWtZ@=ohy6lvf6J=<9N4go3!_2zG@xA|N5`&~19MDpPmKwCK6Nb@?JERG>lY z2#9JKiQZwC$luP|fb7sj0 zZEsBVN``9kcP}kj1MGC|NzP(8KoECsBrWM|G~7XK=XaScxXFhPlJoi{k~yN`lIaKU zPbTYf-#hP!ArNgo2Sp>exE%b)erUk}CN2o7fDOY|&a)))z)lA-`KQ;&1$c*Ia-|rM|rH@rsZ9L{u^+ zVmabwGP~j=<~bs$0y{ad$^ev~!l@ziTmdPC4K+5wj-}W!w_aA{Y9@kP-zAezZTm~U z2i;EPWaB<;-mC`z>`&nUJYDOai`^0Xkol^46i-~fQ`YVhVSnBC@y+zBfkR%_vRb}@X`?Wp-hMt=5lnjLzb$v`YxV7Ea^5m7+NQ_s(s$%er|GzJ^ zJ%9FSf805$qt$&3`6zl(AeZk_KY3J=DzcVy>FtsCv}r%#WoX$&(7gcmF6RNXXuR4x z9D6k4$YqFObM2y*<58ddMKCMiS9Uaw+4^|6H1Gv^(F^o-Kap*Y*w-=A3Q26`mqOOY?snzm`MKHhl?pe8;KfL=$o>Ohou1r7)NBPr| z5!`IiuP|6I$-B?BKG#Q3vj< z;`&`a0_MAK%EjfPzQHFaB3fV6%zc*gYRcFv@!x+pS|TiwC{TKm5zZF6@q12WZy~=2 zZ3LjzK=%WD0SimP)QpFLwctLwB0=k5PsMvi+xl?u;>Y3~ud?^=^#5#MuLtX*uX1mC zjDGBD6NCY1A9f`GxSz9w7&OVG5h$V|1)hQ9;2~h}joK!jJInLEodI8R;_;%k0_&Aw zO)QojbilRl(oMuts$yDKceg`Pk?aJzf@eeS?$KG!&s(;2_6}kgp46V{#{*5C170@{ zzT!ng?p!X3*NqwJS^6mMLd%}Quq#YX$2wOpoVQhz@5hgqm(;i8qfM?}wK_uALvE#l z6b%8gXq}s#We;Nw0g_5^LQ{G2j&_b$x#?!+n@2{=79V&$jEre_@^Z&{zio`pFU( zJ8r336TFaDaoTcLn_t@`Ug(i7L)g2M4q3Z7a-8l-%{Qco!UXZzABuSJEF2JCe#P_? zED%!lmoI%ivRXR4U%}Peea^i(T^AbGxycT*kjE_=g9YK`k>vsYNPuz?bW`{c$;8&#|8-i zznok~pUJ%o7n=9_n0=rvP3gxHO8Eq5OZVzZo1G{h4kMNQ|J|$?(hC2LuL1V}SP=jK zuJ?CH%tN~b$dK>1{&zeC^j4vNqfYULnFqnI1!j7pj*|M0f!B`vw2wRj(gMndQ$p^&AU} zirS=4f_FsTQ#&p?Jms2r5%szR`LTYNI#J=-^GfUC?t=s6gYEv2iu@K)uLI1;1gEBrL+Mzs)B7^ z*ylt>+oQ!lGmi+#%PsQ~v2GEYqx}maU)oeGBHSmJ?vw_86mmd|D>kO;P#A@WJ1B3h z0JZKai+C;muHU5U&+9`DY=W^0T(1VB^L*lFcO8Zj+(zBraF?q$cl`ay^ zO3&K-qzRunqLT;!Kf&8x-uQ6cXR(7)>wlHKx5318p&)}#0fi7)%&!nCzZ7`iTG_7h zfLec*f*-rW5B7=?bU^qZq4^u^NuhkXA9RLf7en$}7i;>OTGSa>UtbIpg^DGsbr6M@ z>gKoHhX<8m+>qK;Ja~QW{QnXcqO(hJ{;z#lB2s$2?3OJ(t5GA=R;#He$reY1Df=|<2E+CGEFlkMz|lKWhWINHR)(L%ja ztufv5!;mu+@Cpn-CQCnG9{Dpt(Xppa6@{IhQkAj;v%|UZAlk%&NF7-22*v^X|M_jH zNqw2KGIE;d7#zD#I#f&(#N6}ISTLx)o?-1Z8eT)K0dK9fMC}EF1kVykV&J(tN1Rh% z;m?0XN>^z0I|W?qUy%NP16CePOFC+Gaw?!sER{+j8v@5cBOrORiT>w81u|xVbS1lo zlBvNWr1@}n$twZ@6}t>3>tGs^^_Z`j@i-BLI>|Sm5J{lyE7jZ2Gr|fosq9GUB#i^r z(K?45p}-#&ur|&TCu|-%%C(g zD+Nq}hP2nB*KT`0v7?E3b8f91%i_7fAB-Fhx)LxA964G_=&ujcI?0;ZB}h72ed)H~ zCA@gv)bo+0#i2R`s&GZ=CbAhK+6R_60Frz#W+h2hL8bcfL)V$H)85-}7GxHd>bspp zLZ{b$dNDnm)=3N)-3W1i0^DnO45P3`lKA;13CCmlLHkDn0n%StVRe4=j$qh11;yhS zAT3`Y`U)rdCYayaRBpCUO>=PrPB+lHe+bEmTHfLX_m_2{V&$A`#~u+XAHWwHYx&}^ z_uHmnhV5So$D98bxHUxfySrlG4%ryk&uF6X*ol*fPayr6lk*M#{@r9r*R^xNkCeL1 zKf?jC6-x^nE4z2?-pbpk8iOfxz7U&R5^r(s0O%eQq~c4;IF$h7>ti3>_RKy*#h3+G zeLx46U#0h4B0XO}%LsxAasCW(nfMR`j;bx8H})1bIJ#!pfZ^?B5AG0QHBO5Q?`{81 z)M~Q|hR<$3x}#+#uZRdXr!1$N)(u)TdsBx-?j{~g-1xW2HfotKO;VP5flR81HLeH{ z75QD?kq}3^<^2&Q|CFnTXj%<1dPNuGR>JpbPk63WV`*ch%z{9jGPP}{G;<>odP8m%Ny8m@WEm6^Jx{TupYN$*P{0+NR}E?N!|UhcpBvO+eb zgOP(esRAg*sN0{i{qFMImTf-ap@H7i^vd7MVb0uL-M z`YZ{k7z3xzodb8nB=J9*;a&5wcSguJaObceh1MlWfwSB*vh}o^o*TR zYch7;%RlYjJss&d&2#LW%cn=M9~T-H=We_VBKw1NSBC;HgF4+cS(&p6TC13=Wl{bn9<9>tjdzEWoLrxNeZl6HV09XBB!);% z#{U1uvH~8Co@9Ic%j##FHSYkmIxO_Dv^yvb9W<#UZnb|k^C{Ik2>nrP<`qtX^?bW;PlpO1)CG}4KROsnvg|6#G)>6a z5M(1Ij>P0y1S${l3LvHQjy8U9wD|B~s4vELd<+D};ednmqW`C+Zx3Yp`~TmJxova5 z4pBtPCHK3{+$xtTm!jNK=1w7Za~qLM_11-ABVs~fNR&uP)ZFj)l1nbR7Rm3d&-eFV z&Fh?<^V&JjbI$WTE>5rBL%!m6EW|b$WBTRq-!-8mkR^1Nl-3KM%gX}9J_k$U#(uky6Qsds1E$;9b1Tz^ZKpT&Sn^4|r# z{NXdZxnNnlPB-ZtIgLt)n%^y}xmFJ|DjY_F1^0)y>({zNt8CYBNpnh3>t80^?jbI-FfZZQiC#e&~k=-?C<&nt{(%AJcS$xr6FnPuMhfs>+c>0`GfSek=t7%++He4yQM7 z^G3+pKjyn`fjs=GGURp8mqfk)OW@WMfV4rpO0Fz%W(`D+%XL5M!0lIa)lB%^L?)7D z{~_qF_wNBxU@3r6HyHsB?|no9_<6bN=5o3!mHI7$Y%jlF(??$~-0%O8gA)7y z@qdg30R~^od&U=;v@%LzGxgSuPjmfeCZ<(V?!GZ#Ahdxtu114n+=W)y5%uJ0RhRPu zNrHJ}_DEs>gSARNWk?*zp5(EK%z<&p)f8?gF92I7FJ(UGl)G=~aBDb^HG}yLrDcQs z;nnJ{KA7?>HpS2r}w|BJePRw|$|4*Km$2b^)dJO8HR!yZOVtMU8Y%32WD zJAZF5?)$bgCL6Rkjy5JDID}tsPUVk$UK9dINW|C?senfU-_1-~^}=Adi5hecRg~Pw zuXQo9?ZNmC{(de}z*=wg%4+?-y3LhVbnJR!x%ST2KP0pK`E(<=b*}V)OW~fQc~$^--LD`x;kXyNo>~v#0fOwz*vo z+`+H(9+O_5|0$TsIRd7+T!pd^X+0Mw{;E%2sqv$?|y6*)?Ob-Yx+gS`Ux$y@ge@GMYuK z;gHB0YvoIVQ_ns~V}i0Eau%}q^&iRxmgF-fKfWQ(8S3f*R;iUQQ9$tllNfn83 zlkv+4@#v*|SA*o0G`Kd@;7Gj(VzeupBUdyP3L7X^9AcqYLJs$l2VmMrY4Z-Py`-k&ikMuWV z-zKnv_`7H3Uwz3XTsh|h1X4}u5taxvc!tE{ko8$pP<8{o9x=F`00HB1PYP$TaoBd8 ztkmbZ3&s>Id30h&0Dr?&}O~=vM7w`I4_Zs3J+@@e$FU0709YoQh}AwLm?lfjezHK z__%I0M&Z^qH~+UuPoI)ta}Lz_*R8P22||}=FT*_;`}K3$!Np0>Dd8OVLywM~4*Fem z-}pKZLf{#Lz2*E&V)Q6Z@#vl7Vaf(pA0@p9CmxQCCF&X~6Qrbk33)A~8?su`*OtKg z1;rG~IV1})BWWNN_cjGr$q>k@3SJhtY;y(IQzm`io~wE=K$Mn_eqR>*>}?{Sjno|X(TW~dtOom=~wSN!$YL)Vt&}&@Huk2d^7pfcAQu~BRQT=pTKx00?tTN)5FWnwN zgPvHJos(2rQq-D+kZlqXYw=`CXpL20N*aeV-5{<}j+?Qs@fr9Arm0&3hoZNLTB#q~ zNaETM%&Y*LwAG`Ls*t~Y5`uX!qybgZ;v2{yQ%pMvM4>0U?RQbTgU;Q*koiU=FcGRl zkO+~!$--vJ?X5H_$-H412FXH7R5gQp=n)>ZzLZw+M*Mu+R*K$u(>G(>aU}uN*g@&6 zW#uQ^AhM0$JE7}yas8QM!Qz(LM7`h5v4^#!%6>hS%_54p zP^nOd(6IfeJh+O@MuKy_?ciixxKFqn_T7^RV%$Q|CR z5g$>KGd;)bAoE`BJ2nnit|oRT97zM|$}COrIExf68X)(Y+gOxJo?|C!;;SU6SIyIy zZbh`fyL^UTq;)AkrXH`{s6QYHT};~oBLo)xb1m_#QR3H;<2_BzOGq?<0)ZTWH)XBG zIgtG7nNF7b+q*wc8btBH{c_B`HCm(iHTra_r$Ou-4-cq=vVCBd*(_>pLg`JPIDaUf zq!SqQmapg!V8}3|H9c+=mOMn#P}IJLGqrfg^n*v_JCzo}la?m1|NrQp29g-z$r&8zjriKpP5w1QoJI0uak?9UECil`z~M z^ZK>$beu%y_7|6+!c<~iY+z6qB`GFv;GFZJef{k4*p*sQ2j|b~W!N{b|7!2lbUsy`AlAI?6-Mpm8$>*0$n zCP*>Gk7?!`F0k^e2r zGAi-IpiBj`q^0Sthlx$b6catJc?(Za~_mWNjjCXXT^a-t~km8veYpv&(}STp;~-m|LT zsij{{S<>tm4D^c(+{RVQ9|ooAp%Wn|IK=K0Y$rUdmh#?jiogy*$OwR)d09s~Gv=Vl z=rjTz=Wyi6e-blK25P_7>2ww|MxAP>SvitJOd@j1+|rJhHl%%d;O#ebkC&38E<1E=aar%`r@iL!=-6-@+?@+sQGmfz(iFGZD?d#JCOTo>g}q}9|2 zca)#~xT4_9`ePWbY$X(sf4(Fd8^=Ii1=B}9T+N$bTJ5LAo|^pVdOj{CW5SZg|+FUIc5!h`~)A?$niUz&Xqmh{*>jkVgE?;Iwt|cdTbWQ&^#;j-%))pbh zSfYJ=!iO3#!Y40@X{nu?Cgc8gk`I@*Hna$I-KS@6*agp5mR`ZNDxvpp++;Pb+U3P` zuk{H#2l;6vlPT;Mqt?8mZavLwzlZA8>{C9#2q3p=p%z?XqFyFLFPA!FofZ5fIBjTc z16+u{eILt%8>KgX6;YKn0+!Vwa=f*c&BrC=H5oNE{IV@Tg{hv@#&VN7{VEKGD^2w6 zki8386>+y2yP8YMo2$!yx=VvzBzfK(amUih);#Ya{Ay)k*40m*>}Uvo!ipV(F*Nt{ zA2~s6Zb~2_J4?OGxuj@jYT98=K+XHyR(>I_K_2GKF4h+c#<|Ld{J_gzdfiwCFG5%8-Z(;|bO8*HLE?;gR! z-rr>cfr$#ILDU*nf;2W*P`wH8B(e08D??XQ7m?`Arotp9ObK9#R6h8Ug@`9HXNA2z z-gN3(^kE;WcgYsMLXh~xK|?-}9(O50&{MZYQ>Suz*K)yu?U--<>bVa-dBfc9oGcJP z{>ckkeS}!C;%#nY`(kPu=1%<4->_@b&$9aZvdv8Lw~$JNpY4=#_4xEd_^8}~XP;5v zZ_>^AJqJ!ZZ{Nu0Ki}p+0Dw_AY#s=2VMM2to@_Zfj1zIp#Dbz0Z4QKSh<`)Niq54D2 zZOf|Km)sA!AYZ_{6q5(MpLLcmreF4$x7uG5g!bL;vxMm`^H3r?u%~Q*VE?#ulOJZW(*WZ2N zyj4T?wUm3(z2o)CGqNzto3lH&z+iVMe+c|uoRqF z<7H51fgmv=S>U}Lq^nblTYM$=@jm(K-fqYpvUgm>D6S@{;2xDbNs9K2!!9zBDn!VH zWC_S0pBDFg`LB{Rz6q~>nZaZ01qz6C-)ur~Ndan%F=P+Jj)rgt)aJP9?CbXL?NMn| z?5OfpKCT;$Q>1S;G`4mEt8n(6 zNk9q+&X>kC1#1lsB6CfbcNg#Ht$nH0x#pl&M)v#Mf7iL>4klZIYG0BRFG{mHvAOyr zc69-!wY5**aeB*?%?Vj=#&{ z8Rrc%QRq`?2{eO9JojRflJqbKajFIAfih()SIMx1pOtC({3=71SHq(;PyI3NtT49& z;e_#Iomvc+szUkS>$dtoixy)GL(1xZGtq?stDmEymqGNqrGB4{W&cjQlb8l!&PYxz z%O-hsi~Z2+r3>NV`^B4isKv=M8{*q~;Cex4IG9D#86pZuzD8IR+&`M(U%N!3WxhoB z_S_bDc~f8S1~=GV2#UWB;eHc&Ce}SJVeS~%+#gPNHMQgAz;CXGM5x#4+3 ztQH)s3L~JH0w5$Hr}e4`(Cb*9nPTMtRaZ9RPQ@Z=E5nnC5H{NhO*_Sc;xhBm_CZgC z`SDSRRH45GyV1pD7lG5=g_R^b-m;>)KC7OZtl^NSN9l<_-^+>BY)Fa6oo|x!O`o~Wt zgIYmV^4S`k5A&K0tM&=Of!4iXLC(wJqLlN}>aS-|Nka{U$W~W=t-g&t2Om=f0clzV z%cVN+!@CA&n;??MfuewPqWc1fD(pbPfE`ebPqT*74(r)RAI=ZfP0HIY%bu!5TXRwR zek3^l)u!tGnwUsRc(m~5z!8?5d_!r>z{V#K|7n#6a>oe#);JSf1e@qtqc>beMu2Ra zHhOGP`}r4{iCS>&(|y5-eIojjUztY0fp2C%HLuz2%S4CKn~Po81bOLG z(3-{cGl?Qf(^2VoNWr}<@mD%Ow!dtfVoxdDK^>`j4vy@#jQk8<54-_2ox<+9JVh(M zV@HnR2&816C2Q8ymCsy#wQ=rF>REIL)jpx_{` zY15AeBW?DuDFI}(+1nvy(XgbFeW{yBE*lvW0IP2Ah8!1#@ZVhlnv57i{h%c{GIpH5 zev{kF9tJ6s*tPCc8wK--5o6V44|D3?P-tZ0gH$Q2>3LwxhfoiY@gxMkpGXJVD36|K zkVgHVl|MFD;0QRFnz0x-HSlVg3DQG84M+L1Aw8>oxz#*~X(CcRd>qsu$uDB^I~b?( zmd3{SU~i4Cs3al1>@|K+Nr-39jLkE|o$AHe+}t%_M(+SGeyr33V@=Y2E~OS>L;>O+ z4v}VcGT7viDnsmKZP9i@&(5}eK?kX(g|sI@4e(pnA!#4>)P3{E4)^m`M#kAL;?z4Q z=xu{|(ygpVQpOE8C8aqXe4MULHxESKWmhl?0lS+9`}6Pp_)jGxBdJoRP1x2u1}LWX zFSU^do?Nj@qxTZGKVN&p72eXy#t_@nWe5onFe&^h%EBravrjv@YtB&#?bn7VW;y-% zB|#3Gp}=9wGs~YN?@~{c4!v4A@4Mx$FSCAaQt0pd+Nh{9nWE~tze|S}@Sm7LNaI1D zWoQfVjL34!>%W+~diY{f+C8VUp+6Q=@_GjMjGN3s?)ql~*NS8G@Q*P#@PITs>W&S!vMNWt@{cmUM^98kZ`9=LREpXBxN<##7h0I_~`T0^dC zA{^O!?9okF^5a)JbC;4zU9o;byT8*D5miC3N~b5QLqGXKzdx-TRu5?EUfFALaT2}r z?6c71}!((aEo|7^WS3Y(wq z8cZKzT(vdWeG79W$4*|}SE&6~-88_)f(kN8iRX--EOt00*BE{@PT*c{#Z)oJLeKLL zx(5U&bzd!iFUP9GkLmndZjWV*Oh%2jf&N4B(-uI|bLLA{ZsRM~)$JI~KSaG!rf8u+ zNNHpJuEK&6MU|!|UQO2b7N6VME>`sbsSsu$Nj9h4c+h%d=(XpL(@396H;8^KeJXD| zk1|F}WQ~=_t@Z1Pw?gi_Io1SUx!TkP20SBGkt^5;5|D4@&i^#0Z~?S)O&GwwDSPm! zw5M)p3a=Lt<3NzVReSRXkiobGqVmIvaf(!avV5n~Cv*snpU`V`0d5+BMDv3S^=|S9 zEm!jh`fL>conmz#IPEe-+Q@X&*Z?S-VC-Nr2&-Qcx7qpM zt_5zh9#dOw47p!FbgHs>nz18qM+$i7)8kwe5Etw;=ku!p^h426llz{2=7I8kZ02=s zz))ou5d&h8YLdZ^Uao^#%vbbI4{17o^r-CoIHE6SF}*SQId%h`+DI|-L+Jc@+5|O{ zYTeJ*k+3@lp#emQ!kZ0No7}`?aBxBRD2@=KKiP|}7j2t&bn)msrqyR`fI5%xYVgOw ze<)vt(KO%VQxHdMKLmbV4(f-E{;TcjC_)6( zR=(}h4(Xb3zHp{IT1O{!OS<8Npu#1uOXF!j01SM2{>*PAG1tltx!V(WF?k`REcJRd zxXo}(F0~W`8ArSQ7u%VaSrEAaVzs0GV(tOtUZoP_7u=9k{%K3>^@iTBv~ zlO*P^DSQW!$5ZD~$PLvsw&`;ZuK=PkBdgL>- z-Q2!Mwf<`jN3}KbOxPlMHd&8w>P^l#n7TN# znhJ)?9PI!AirUD(kFc5MoonsNtSbB{Kfc$2)DU9 z;9gY3C@JSQaMuOpA;)X)d@u7m0|rF&%wqtuPDbT?0`$OCAkGu}t0wTM;+~s5ER~df z|C^eApw_QG3A9$skRE=BET0VUWEo7Xk^v0DEw-FD?}SSTrTlzr)`!EcKpiesD$C#` zqFHKp4sV+?h?%(vu2lyvtw%VWLy9;0meBvek!g)Timw2?pg+J1ezp#%_L+z%EX%?s zNNE1~n)?I9T5c77BFY^MnG!AC-|u9TaX<;>cByYQkOz-j$@^a+BhabE)Mct|1&CTQwGu@twSH8)~lQ6q&N3K7$ zohgO^VaZv(+3rR-#@cGo1@vlhKCt?-gINv5$PTrKvO}1sGLaZNucm#6iKU|+bg~%> zLg-QixF~>nDJEQ%hMJhDC%D*x#${pM5;X7-6QF)58qqOzE^HDXw5N~|x)D-nt3`GL z!1>>}H(f{BJx=$(=)8iteUiCHQ(jc8H;q-UiZU%FeD z@Xdy{1PP_Rhjk4cB7zFKUlbcQ7v;u|c*q@{Qz0V=xohdtf;8P}&W}|}W_Iwgtzan;d$#2;wro-+*vd4m|UBdm}z9zTZ zS~sSJunE_tL*#U#%}bK`ADr5s$%7?ddgbNUI$Tq5woG2%?=F4G44PoyS!G%9%NA%A zAWY1@)y4LG(tcWFbyKYjV&joBNDirB2yJyf0Xh7_FqvY2$mp{Q+6Xxk3g8l8DgY4D zbbOsQ0))rs-^vEi9oV-`S5+Y<#nn86FJpm7B%SjnOgPob+EqUL^d?K^6WOZoud5=y z%rXG`>mwV#xctCOf&x0SuKx6uUq?EKsjJFs3w#h3{U1v{V@D z*5k;BlY!6P$c*5FKsr!Z_<}1~Z6i1Ui0Y@^{Y!jJifkesG7^8=FT($W9#?3^(z)4y zE0M{j?bQcQRZ7yYYCfkhT^J7i^4-es&YB7XBSOJuUIG--Z-rkhP|k9kBS%}XU&T|x z`epW)k{~-|pOZxvt zwpm$*+%zIjH>!dPE76W3_iAC6T2hPp>t+8jeiAM#miQ@^WejbN zcKPMA;qjZwSs0SdjBo|7&9vHFm`Oy?pp>cb0#d92e-sFx7J_pDYyQY(*axm$Rt~i7 zx4?~%R+}k^q1t@VsD7;fXl?B0E(E+=jMQJbuA0pJ`)oV;iz(2UzRCvlN?dCe&lY_J zRS5#47>2TJq?&QEDzZa&yC)_x=)hTX16@Ozd7a!qb!&CC{e};w@~(AUZzhv1aMsY9 zIQVX#&Cv#-J`pxIw6Q*=5I+dZA^O;Wb$=9XkZ0y{0eag$Q8q#5_p7zR@W(?-f+5NQCn8-RCe zw_phsbDI3>gf#$uvqLmnCo92Ci_H|oat${}eeYoK1?u-~YYGz2dx21AF@6La45%MM@M0a*K} zj>keZO71vSq{WoZtt=CTFvC7vfZuw8_5yG}_d$Q^@LVA_lfilz{X@|mV@3dK^U?yC zM3&7&mW66Rg4O|+hH(Z%00mCsdXwoAdjHI}#^hqnm_Cz$GLiwY~UzE&7=cefDww#Q%nkR03RoQAayqTqY4wazRWbu-RxhsP-7#V4s6Xg--1X)pM>>maEPe#UIx8zeT#eGyi|GN5Dn<42qQvd{&U9f0fA`6!gQ5=70tRV<3R+E<}F(Q}s@JiW$(_~e4=&#?NKh`KuyAnX0Fxx=qhyaA_VfMW| zUDtG=U(t1F*AFx%kUxbBi3Giu*;3rQwTXt>(&mwlI^OM*n*_{R5cF}O8Y(Ue5j=Zhj(+(0P6M7iI2T1Ny@;BV2X zh5x7YjXQJ^%tiRr*CjXisKXJKz~bOc_99<^xH;{yyT^QDZrtt2?b_jtOX5IErwzaa zqTc3LLhtI985*)5IZ|jdv=&gY`!PH=kBRgpYWsk;GqH`{zTq-?#Tl@v=9C{*?-tCz zQKHL%cjF7vk2Ot#Ku7=WJPS3IG+_Te00La(^cFDGiT#Yl-qq>1d>Yy>)}{^oI7C91 z{WCRePb}nCebVfV8R}O4$Ux*s?~e~2dZ_73Pd&|o0LdxZd~q+#PVr*k&+KjucB(M_ z1mlZkiy`^FOntA zu=$vsoz>9O^OZXqPhz@k4^!4`frqK8gtegbXdg(d8R#mo$?TWWPXl;;HSm0l=&g>W z!g?ST4qOL6jmSY+t^&pOOg+@C6QX{Z=YO8wx59 zGh5*HEiIhlF${pd9tdNcKlLQbt3am)E(jjVuVQ)1^$G|{`2bTaOCYB_&bCN;{;Dh& zj{%cNZ~Il*7l^;CdCUni~~VY|nFD8E*Q+d&;Kf$FrP7p*U!GYm!ug8xc z!^7T@Qb)kMzR;8U`nJu$CX~~r9Ye>XfUv9a7-Pqx{N|VG?dMR5h0;HZX&NJU1ip^~ zxfta)Zi2fK<)ty1Y{FRr$Qrcx>=g3}V}U2$xfpGr`*PS;9YO=zE-5YW7VWV2&F#HF z6M*UtsUqXCNB(h9ZnqcphMh>=U}wUin!l&9UCLysbF7fi@^9fIysd; zeI>igvsQtC9TC|~X)Ninl!7fCj~g*5d&de#d^4isjTpWOkP@yXB_3Xu|G$xNvI*Wg zQM)nVV$@8$`2005p>s-70CUB7$(a3E`k;^<5)&PqP->f(&d(M%!VV55yGDpxKpn?! zN%7{K4J6z(T81v{_fXP9P8Jw&^sp9FMdx){7Yosr(XQSD?3ITSB_)JK+@}CV>8rxX ziIaN1muC?#072cCv_5n0)stX+&sT?z=D6Jj(slR1c&XcLV3+=G1Kr4q0%M2p@0^eE z7v5!4Gn0Z<=C9B6zIw;6_I!nxaLYgoytM1+5iK?;Nzno={lGQT1PO;X-bZq!vyPJt zn7X=s%>4M|lt|cnKxJsRD{c;0;jQZ!W$F2qfWuFt>--VA9?ffsa=l{}53b~J|0%^AMaW{?5gS6@J(!Xhpe=64WX>uDyXvj(Dq8dh5eU8W)Sd&G`juT2;$cmx z99RbH+{bfeaz1V+0g?Z+ii%2$8=E;cxKLNCIr${S!+iB+#HyVxn)nqM2n=(pO`Z7Z zY7Xqdmd-dGvweMr%nDh!>11@_68n>6Xx0PZdUv&m9LIGa({(?%0r>Y7CYmInxiRbrv__Kqzz|0{DgUeRKF<{+{kG{np=!eO?qul^Lk=QSpuuRhSqBQdJS$YUHc(cV|9Av$&{e$bSzV zwP-d*t4WPqOv9J`(ThObCuadkx^_&`FeoI!IeCl#lS}wDk&w=dc}*gb5G7{0&=5Kw zi=770g+LRd2xg5PBwbyda0Mp0X8;(17L_=Bp5)Yk2_?Y z!WA`6TrzD02DXDoh%NNJT&nPcR>;@Pd+chd1MGe2f*j46;Iu_DVUlAWcTxVqvu09x zikeDilNY6PJIX;^)Fdq_Fox#Glf@I|Wl!|bYq-iY(a>~|;A#bU)u@}J$M~5-Z`{}z zVV;uk<0V>ytj2{JE3#V+9%8USdJKx{rL9WU)ZWj6u7QvsU`l`sAPF1_{6v?Zp{W_$ zsHORNWk|czpZ{!Et(hrAYw!E?eSL;Un;N5al_e*_J+vB1J!4>C<1w8$@+#~!$1jsl z%y*2Im~%`yS*Bd{-e9kEGz_y6pUvxg1_mmR9L2UneicVXI6pOK5z z(X?~Hp`mAQGE1s6m@5U5;S#2j$G}Yn0z9GBcbcNa#0p4y&D`Z?a0R}9PJDcI zctW`ZQ5i_PnV*ir+q6R@PvCGk1i_>L2sFz9*?VOkEeL@>SDN_zMF+1Jcr`OX=;s+w zNAWpcZ5l@h1xo~=Fm40KqgjH$t?;lvWh#p)@n$o$`68PzaRyw7Wr0=viP1NQ2KH_! z3#J}eFTMkRakmjr0gV82sUB5s% zD2IE*6q!=Vd=nGo)m)tymH~7%i8HQ>uqvQ*V*6s9SFTtqkWf}*5(mq@N}Q2&g`}q6 zWB;Ga;x`%mMV*xSGgtZ_i$At`#V=ri37e691R(EX7$Q^e(nX;BIs(3oy{VK@k)pT- zBjq?)PyJ_x83)b8goELJ0$5e@^*YIEMM2sG{2o2j3nzF5_|$=|!kiWa)hz-2FKwmm z!j+qh=Tx6HGIyBB4DFuHhWQC#{sQbv$C=7#=bd(5;6_<=0jU$LTnUxStS>hjvWI#o zq3R7YcO09r$7aK_D(WM!tha7{WQXCcB9!pC{8{Sp za1X^5p3BZKyt8VV7{As$C+7OhFeisli8F*8=|91l#k#VX#W|-ANwKWFMt{$N%<{k? z@w!Qz)QhgynTZShIx6>};o#!azwdalfnT0GQ`Q3dxO{oGTp*do^x)E%D3Ckx&44Jw zu8U-8T7|V|-?2|Zib+E(o>r~a(?HrxRPxk3u?lGBQ8H#P&n9w0=H6X|1EL4<;>k)V z&>bhIa@i%K*Lm{_o2?*YR&0k&amD&;LeK@CzTxt`Bf5hMRex%S=LS` zh!qC9MLm+ug5>rH1~JKY*uw|m@Jn;j?LtgNO99fy=; z{|T%?`QqXA1u!Eq4G5-sCgJgGV;|Mye%U1>*laFlF7vw;hS3!^G>D{S!;QIpmI=@b z@$5U)&9rGC3tdcm$XCc`LrVZpzr}4H@e?GR6+0nkOZOD17KA*p%=e6V18tNd5YLEu z6z0Zc>%cIMGsCDOp;eV35o?$>n4pU4d3=_ME;E?qO|q!Z&;YHrx8-44(we)FDixAZRUV-hPuX|Uw_^|&=Dy@m@8ORZmR zx8AJ2^Wc|PK93|iP(7yfIVO12n)OLIrnM6hGv&OyLAw3dC}b%PN$NE2A`2FB+mHp+ zPd>QHA@HCKA}I|rBZ7*}z{Hyw+bR`ucVc3~A2M~R@6*BQ(YD}f7Vh22%@5|EMFcqd zpT?ZKdrmfiB@e>H_FyGhWi5ajOhmwCV0!}`UtQ;qs^kqeTWS&uv}tc$GfY6zDdpZ>3eXVx^pU%u zXv_AO=z;L!-sQ2^++1$AVjk)IzN~&mOI)5?8Y1`bmxM4II~EpSfVR-EfyfmSxQqHj z+cT(=&%X8TeJ$lK*!r4p=9Xl+H+x~i+NWG1t&H>PUuWz65Z(R3{ubr^Rhum3jqfms zRhp*7n!!yv=!8~8p&go~RSN1F>N%dp(67PxKERX^Ld~*-NiYb6c=&QFvk}-cx&EBv zWc+uABFeCdCVMHPzA=p25giMz5%nqiNQNnsPgOEV+oZiOw&fd6yz4xBF_FwD9w=2^g>&4X8|k>|<4JsPjo zcmcFSlDQ$^o0Ldu3aI4CdNo*Y!G{pNo+f$V?U4#TG^s@Y`#_(%ViyPW12Aqcwt;X7 zaJrcY4hwq_Y0D4HTseS^JNOKYuVUNrf_YGTSi}+8e+>fUNBmLHAeI(5c;ahP7W4|x zPVRA?2j1%dTbFh1KcK90+QcW3jqyEM0s|F=w?KIv;Boik1So=84E|CYX-)P8AD)ir z{a>Yy^^?XAfyH`F*ajoIqL(|kOf2-OD_nkTLt1G>uba7h(C zJ&Pgm36Zqme0JwQ2%9MJ+`sRnvw3P`f>N26D>8%DBSFHU9qr%CK6{ literal 0 HcmV?d00001