From 1dee09c0614c9dcbb4f8bde739f79b6148f61a45 Mon Sep 17 00:00:00 2001 From: isindir Date: Sun, 27 Sep 2020 21:23:20 +0100 Subject: [PATCH] fix: improve error message when decryption fails and fix helm charts imagePullPolicy (#25) --- Makefile | 4 +- chart/helm2/sops-secrets-operator/Chart.yaml | 4 +- .../templates/operator.yaml | 2 +- chart/helm2/sops-secrets-operator/values.yaml | 2 +- chart/helm3/sops-secrets-operator/Chart.yaml | 4 +- .../templates/operator.yaml | 2 +- chart/helm3/sops-secrets-operator/values.yaml | 2 +- controllers/sopssecret_controller.go | 3 ++ docs/index.yaml | 49 ++++++++++++++---- docs/sops-secrets-operator-0.3.3.tgz | Bin 0 -> 4823 bytes docs/sops-secrets-operator-0.4.4.tgz | Bin 0 -> 9066 bytes 11 files changed, 52 insertions(+), 20 deletions(-) create mode 100644 docs/sops-secrets-operator-0.3.3.tgz create mode 100644 docs/sops-secrets-operator-0.4.4.tgz diff --git a/Makefile b/Makefile index 82dbbbfa..3da023df 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ SHELL := /bin/bash GO := GO15VENDOREXPERIMENT=1 GO111MODULE=on GOPROXY=https://proxy.golang.org go -SOPS_SEC_OPERATOR_VERSION := 0.1.2 +SOPS_SEC_OPERATOR_VERSION := 0.1.3 # https://github.com/kubernetes-sigs/controller-tools/releases CONTROLLER_TOOLS_VERSION := "v0.2.5" @@ -37,7 +37,7 @@ reindex-helm: package-helm } ## test: Run tests -test: package-helm generate fmt vet manifests +test: generate fmt vet manifests USE_EXISTING_CLUSTER=${USE_EXISTING_CLUSTER} go test ./... -coverprofile cover.out ## manager: Build manager binary diff --git a/chart/helm2/sops-secrets-operator/Chart.yaml b/chart/helm2/sops-secrets-operator/Chart.yaml index 371790f8..4c66bf93 100644 --- a/chart/helm2/sops-secrets-operator/Chart.yaml +++ b/chart/helm2/sops-secrets-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 -version: 0.3.2 -appVersion: 0.1.2 +version: 0.3.3 +appVersion: 0.1.3 description: sops secrets operator name: sops-secrets-operator sources: diff --git a/chart/helm2/sops-secrets-operator/templates/operator.yaml b/chart/helm2/sops-secrets-operator/templates/operator.yaml index d3e60197..0c64fdb9 100644 --- a/chart/helm2/sops-secrets-operator/templates/operator.yaml +++ b/chart/helm2/sops-secrets-operator/templates/operator.yaml @@ -29,6 +29,7 @@ spec: initContainers: - name: init-myservice image: debian:buster + imagePullPolicy: Always command: ['/bin/sh', '-c', 'cp -Lr /var/secrets/gpg-secrets/* /var/secrets/gpg/'] volumeMounts: - mountPath: /var/secrets/gpg @@ -62,7 +63,6 @@ spec: args: #- "--metrics-addr=127.0.0.1:8080" - "--enable-leader-election" - imagePullPolicy: Always env: - name: POD_NAME valueFrom: diff --git a/chart/helm2/sops-secrets-operator/values.yaml b/chart/helm2/sops-secrets-operator/values.yaml index da5dd000..a2f288c8 100644 --- a/chart/helm2/sops-secrets-operator/values.yaml +++ b/chart/helm2/sops-secrets-operator/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 # Deployment replica count - should not be modified image: repository: isindir/sops-secrets-operator # Operator image - tag: 0.1.2 # Operator image tag + tag: 0.1.3 # Operator image tag pullPolicy: Always # Operator image pull policy imagePullSecrets: [] # Secrets to pull image from private docker repository diff --git a/chart/helm3/sops-secrets-operator/Chart.yaml b/chart/helm3/sops-secrets-operator/Chart.yaml index 3f9c9683..270a278f 100644 --- a/chart/helm3/sops-secrets-operator/Chart.yaml +++ b/chart/helm3/sops-secrets-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -version: 0.4.3 -appVersion: 0.1.2 +version: 0.4.4 +appVersion: 0.1.3 type: application description: sops secrets operator name: sops-secrets-operator diff --git a/chart/helm3/sops-secrets-operator/templates/operator.yaml b/chart/helm3/sops-secrets-operator/templates/operator.yaml index d3e60197..0c64fdb9 100644 --- a/chart/helm3/sops-secrets-operator/templates/operator.yaml +++ b/chart/helm3/sops-secrets-operator/templates/operator.yaml @@ -29,6 +29,7 @@ spec: initContainers: - name: init-myservice image: debian:buster + imagePullPolicy: Always command: ['/bin/sh', '-c', 'cp -Lr /var/secrets/gpg-secrets/* /var/secrets/gpg/'] volumeMounts: - mountPath: /var/secrets/gpg @@ -62,7 +63,6 @@ spec: args: #- "--metrics-addr=127.0.0.1:8080" - "--enable-leader-election" - imagePullPolicy: Always env: - name: POD_NAME valueFrom: diff --git a/chart/helm3/sops-secrets-operator/values.yaml b/chart/helm3/sops-secrets-operator/values.yaml index da5dd000..a2f288c8 100644 --- a/chart/helm3/sops-secrets-operator/values.yaml +++ b/chart/helm3/sops-secrets-operator/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 # Deployment replica count - should not be modified image: repository: isindir/sops-secrets-operator # Operator image - tag: 0.1.2 # Operator image tag + tag: 0.1.3 # Operator image tag pullPolicy: Always # Operator image pull policy imagePullSecrets: [] # Secrets to pull image from private docker repository diff --git a/controllers/sopssecret_controller.go b/controllers/sopssecret_controller.go index 4edeb45e..836653c6 100644 --- a/controllers/sopssecret_controller.go +++ b/controllers/sopssecret_controller.go @@ -317,6 +317,9 @@ func customDecryptData(data []byte, format string) (cleartext []byte, err error) return nil, err } key, err := tree.Metadata.GetDataKey() + if userErr, ok := err.(sops.UserError); ok { + err = fmt.Errorf(userErr.UserError()) + } if err != nil { return nil, err } diff --git a/docs/index.yaml b/docs/index.yaml index 0200ab46..c85c2b6c 100644 --- a/docs/index.yaml +++ b/docs/index.yaml @@ -1,9 +1,24 @@ apiVersion: v1 entries: sops-secrets-operator: + - apiVersion: v2 + appVersion: 0.1.3 + created: "2020-09-27T21:08:08.259353+01:00" + description: sops secrets operator + digest: c6f5179aed0914a2129ca3d64dc082fceaa09ea65b08eb725b9532defa749e52 + maintainers: + - email: isindir@users.sf.net + name: isindir + name: sops-secrets-operator + sources: + - https://github.com/isindir/sops-secrets-operator.git + type: application + urls: + - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.4.4.tgz + version: 0.4.4 - apiVersion: v2 appVersion: 0.1.2 - created: "2020-09-21T11:45:24.08455+01:00" + created: "2020-09-27T21:08:08.258046+01:00" description: sops secrets operator digest: 4cd536dcadc61ae6d66324aa9ba4a5aebb73ac719068be0675094a65c1f0d551 maintainers: @@ -18,7 +33,7 @@ entries: version: 0.4.3 - apiVersion: v2 appVersion: 0.1.2 - created: "2020-09-21T11:45:24.083836+01:00" + created: "2020-09-27T21:08:08.256379+01:00" description: sops secrets operator digest: 043c4ddcfcae1adbd50e98eaa66a917e59044071efc858bed50fcc716d7df2c0 maintainers: @@ -33,7 +48,7 @@ entries: version: 0.4.2 - apiVersion: v2 appVersion: 0.1.1 - created: "2020-09-21T11:45:24.083085+01:00" + created: "2020-09-27T21:08:08.254776+01:00" description: sops secrets operator digest: 7067eee2ab76e1274f58031707fc422969b6d3d5f771bd76ad43e532496439e0 maintainers: @@ -48,7 +63,7 @@ entries: version: 0.4.1 - apiVersion: v2 appVersion: 0.1.0 - created: "2020-09-21T11:45:24.081435+01:00" + created: "2020-09-27T21:08:08.253433+01:00" description: sops secrets operator digest: f4d9ba94db37d679af817d759bb64aebb7605530b0ba412e264b051440ff3765 maintainers: @@ -61,9 +76,23 @@ entries: urls: - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.4.0.tgz version: 0.4.0 + - apiVersion: v1 + appVersion: 0.1.3 + created: "2020-09-27T21:08:08.252425+01:00" + description: sops secrets operator + digest: f61b070b640169439cf4ab500047c1e356748a85871f7aeefde46d63d87d453a + maintainers: + - email: isindir@users.sf.net + name: isindir + name: sops-secrets-operator + sources: + - https://github.com/isindir/sops-secrets-operator.git + urls: + - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.3.3.tgz + version: 0.3.3 - apiVersion: v1 appVersion: 0.1.2 - created: "2020-09-21T11:45:24.080166+01:00" + created: "2020-09-27T21:08:08.251772+01:00" description: sops secrets operator digest: 2b37dc4e545e8a9540f6b7693079b98bf161ec5a68899defcfc9420bdcbb33e3 maintainers: @@ -77,7 +106,7 @@ entries: version: 0.3.2 - apiVersion: v1 appVersion: 0.1.1 - created: "2020-09-21T11:45:24.079511+01:00" + created: "2020-09-27T21:08:08.250509+01:00" description: sops secrets operator digest: 2e2762b8f9d66aab0caacde225955fec8bfd5a4cc10dc6943a1de3809dda4091 maintainers: @@ -91,7 +120,7 @@ entries: version: 0.3.1 - apiVersion: v1 appVersion: 0.1.0 - created: "2020-09-21T11:45:24.078477+01:00" + created: "2020-09-27T21:08:08.249265+01:00" description: sops secrets operator digest: ce84f5b64402a582c7689cb842ba03fb10f968c38b57dc9e05f588493128019a maintainers: @@ -105,7 +134,7 @@ entries: version: 0.3.0 - apiVersion: v2 appVersion: 0.0.10 - created: "2020-09-21T11:45:24.077093+01:00" + created: "2020-09-27T21:08:08.24795+01:00" description: sops secrets operator digest: 504fd74af156d7287e52844c5bcd6acff9b43fc67ad960c13272468de22c7807 maintainers: @@ -120,7 +149,7 @@ entries: version: 0.2.1 - apiVersion: v1 appVersion: 0.0.10 - created: "2020-09-21T11:45:24.074971+01:00" + created: "2020-09-27T21:08:08.246848+01:00" description: sops secrets operator digest: 50b8ebab19008dfc43de1eaee8b0f6287f7a55134585dc6ae88df2520d779f8f maintainers: @@ -132,4 +161,4 @@ entries: urls: - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.1.10.tgz version: 0.1.10 -generated: "2020-09-21T11:45:24.073618+01:00" +generated: "2020-09-27T21:08:08.245403+01:00" diff --git a/docs/sops-secrets-operator-0.3.3.tgz b/docs/sops-secrets-operator-0.3.3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..d24b2f9c9d8baa725b59ac41fb495b41eb0da58f GIT binary patch literal 4823 zcmV;|5-9B-iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH;dbK5qu{h5EoKKX9kxFPl7B<|>@H_vCMzDyI_6Q}KT@-h}g zt|-JLzyhEgHTL`4Z}7oSNtW!mZhK?=V2dQMSS)rIi^XCk&!jIg6sV-nGZaK|(LIeuKKQD?ySMwSzt?;Ay!TbF|NPmD-dE7OkIvVX zTq+{I>V0uv?ZN#;3d!hCC?w@<2(!LNvaEdU1^r;xi%^DwX3D(M+yahUpx_oSC6p;b z845Y{e87~@WC&DJ7E$rPxkMoYISCjl4}g&r%a5LYTFQi;g1W*Xh6xb}Ga@J%Cn!O2 z7$amvN{oOq#bM5K0SePBAqr*Sc>=S9hU9?fObwwApy6Z*pQp$axUUfE&j3EiDbJG# z7*`r{$|E|V77C-Bc9zd2S$th20 zI3L1(a!KZLNmX45GE>XpcA6*2nMGj;??31^?om_8)VED1f~SxPIwJ}p;^75~+MtZm zJei>oG{PZtI;L~?EP>>T`!O<&3`Uw-LKD$yQ=@*pNuDIP0+MhRw_tc%KrW@1@o1kh zu83YB06CaZlflnNkrZ>f1N8sC@xg$A5P7GZ|O=F-FkQs)Szl#nA zrh~!#ci_cgww!RsJVHpw7!#`>>T?K0N*WttXcTARei&M=KFFow>9JYix3_;6g4B8| z`p}achgsl8G1BVF&iYeOT7B6mO>=3~M+r_(tYwP^I~Co3l$=3E<_RZ})>wsc;uyY^ z{g69Ts1z6J=?Xt1cEn3p3iTN=hw91}rFy&_S2w^UgIgAA{w3#Rruw6~XcHn@fRLPYh_f&AQMZ zeEWvFA^w`9+_Z(qc!Xz|V5qn#X5Yw%bT2g>a%ty7%SXuBgvPlr8cb`vFc(zK4>(i! zNi7$+m*x$$>guH}XZ!L;iNc`R({+D*b*Q`4vq@x868^W%ubJVIcDJl$Hg^7e% zzwtc96BLF1wTsld>Q$kDvn-*@^f{SKD5GlLpiJ?yBuPzWcw$V#1`)KZ>ZS))Eoc_d z~ycM zJzdLt`6)B@$kgrt3Pa9V6M^UI`Pz!14571p6RBHvz_02Wizl!SM`IrbKUwEPeS-p5 zdRbs0yx28AX?m7VCiD|@{0f-1sPu1(ZLxfmedtZk9DdD7;_SUFGvf%npV2}$^_A{J zk4eH9L!y@+$y0|6O)k&}_fA;ks478{Al%W-Ut2 zL#e0OOts@1Tg&XXHlA+Nrn7Qzb=uqC&dm!~#=$~Dgw8h|=$v=%B5OQNIdeP2O)<8$ zEl84O!9^)x0p(rm82uY3pca8ZTl%nN)heWFR%U zqb5+6nER#Md^xPr6|F%nG`WIbbFNCTnzl=!q=bL}@JydN)?MPAn5v$3x~D$<>q#`kUDf1{dF2 z_U?NZltn{0u-x*NC+MZ9NJJDFmWMv;C9+zyj8KA8DMN34(?XpDa0Qe_$P_%&Fhri% zGbEBxv*|S(eIGg<<0&o=ne@AiN7DRoPN3#PcS0FS=x-?Odt_0@DO2`I8_85EWNOBf zJjE~}G<6kcSk$u4fRtnfXfp~A^inW(SZwcXFQQ8_)1-xPRJzG6yog}RnMC*KT<7Jp zR7BwkdMJ1k37QjB zLn6G-%B%@?cxR16s4u}zKgf(M zGaAinvmo&V-{M45VR6y?g1!soa>INqQ5@^!KMu2V`}ywC0PE!c#qOZ(|9QUq>{0$7 zqO|0{c5+sUzdc~{TA@OfI4^;*{2Z_n5-T4YH7Gak&Bhz=3;j6E-1j>F--jwu^9+Y@ zl969?^rX_3(xFpu7dQ_-N=>RO-@9R~Er|EHvTs(_$$v?MFNg)YS^oRI{-C}7_Xf{) zALaicN?oY6OzSQ2z}x z@Lvn)&WPx`v3BDuF2>#6S@_i5{!oK${UC2N1#4rnj)k15Q=+EB1rW7*g|0EgZhpEE zgkO18mVzqgOT+Xpa4!3|h1_+qd8V~L>j%-seGO`C(O|johWW3&#&scSut2A#3eBsa z3K)dz>*2y@MPj(V?%c#J3vH^n$0iPr$GKQ)N8ZT#H!;crjbMp9H4WB{CX(|w!SyqC zfxeuDJ}I|_x58`HU>~{vCMp*CsDV>Am!g~SkR(P&*<+Bpo+Bb|FwT|_9p6t;2^vbD zM3MNeKiCU;K`-bJzwLe7>onkZeBVx$pCE})_{MOcoYku#n++S|EQIs)|IN$B zN3dar-wU1&TOYt49Xl7m(r=djg-u`<)kf7#WuQXx=;Y++^~>}9)6>_l4)))@IypW+ zc>D73)TIp}tgTy2Z9;0iA`J+*~4RSRVg)di3v;<+NNQElZJTI8&Q-TLx1V zb6MF3{lUUAeis#I)mw?e0-~GDrhh9HWogv3e{QisZ-P0#-FCe(ALX`v1;{&X;#bc2 zTFNe)ofVW_P>yYyt|m_w2QCzR(_RK&(#v2)FLeRIG*k0KY64boB38rFu1C67)f(}y z8(Y}xC#Mzbx;Rlw0%vWh#l+SK)P`5qsxxFgR(4%mQ?1^3vO&v9yV-iOm(jA-UattM z{Zeu_`l$u_R<-KUzjy2Hk9KH0mRpr|{y(?pJaVNdO4eZ2OqX$RNM9Ej7M_Y2K6W+ zRN+`V#ujs_+&_HtGDxF)>0{mb z|BJ=^KfTBJzlSMXE8=XuS4=9BBof{)t?=RNyX53~ViH~0wg@+{fFm`Mx&53$rJSc25x;WG76N@cxH@V ztpdriWDfqsMGtpF5y=Ak^I4xH*_8Cpbt{Y7c_<=d^lBh_ZG=3F1&I)RpISoM+(_n1 z$@1}c;r~1U-)~~2kqC_gHK--s(Zlk*e`-Z65Jrm?MmB+g{Xiww!l2E~qTGUx zX9xCw(}Z@-4R^j`O7JKT?UjGCXxd9%W6qUSf@BiNJxf-N131&rs~d|J?(oSO^F_O zS1K}2(1P-Iij)JIvx$^>iiW|PeB`n_{P5-sF3_els939l(Yh{b#i@}yrJAp&mdVT* zDoN8qYSh$d>7nxNLz zq)O)jHWk#+C}g9-+R0>;$Z;WM%aw2AZ`_`#qvjcQhR|tw9Xn55g&+vbuWPFy??mmp z(zQr#qDPCLlpu9-7~cMo(WTt|jzeC2>PDELvgu4l>D+hMfk!n2hpko3px~PMewK^a zEog=Y@1|I6QC+GOsVCKRP$Nso(~L8dscg$qS?bpr5hO*0LKb(%&z5H6s*q4qq@uhz?AATcyMogK6tv0}99D@6 z7rt0H#S8BW{1pXOep>iq;Ed{Fha=P1Z4;Nl6^!~L3#}cwqan7^ie15|bK`2zX~0q> zUIIjs*Z}GU{h-%uP{sHxX;;f>X4>0$vIc-!0GU{R>-BDGXio2S z%cFM7-PJ88RkQD1UM<~XP_?KXv+G(LC)jFe#v&}Br1lMYwi-09AM)wOtxQ|`b90id zR=V=MGnd~DNjR;R_1gYn1WK`SZgFh=_BW3Xa3bm^IES8U^q@7l5Bg znkD$u^Y#;kf*C(zGJopwjatJ~O^GU*+*%v8)TR27jQOl#b%cbOB&3DfyqsDKwqdN< zJT@&n{;9WlG~3x3!Y@2GfHaA8{X(wa*S6&!zOFqy@jT!6z4JpJno(P3uhy9H9NvE~ xXiOAVo0f@v5eOuanxfe}Q~o44{|osPAIoETEPsvip8x;=|Nk@JM3Mkt004bKeL4UD literal 0 HcmV?d00001 diff --git a/docs/sops-secrets-operator-0.4.4.tgz b/docs/sops-secrets-operator-0.4.4.tgz new file mode 100644 index 0000000000000000000000000000000000000000..a7ce70a78a5c88092a82afdff4d4d9e613527f3c GIT binary patch literal 9066 zcmV-wBbD4AiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBxbK*L(`2NkO&@XehX3sESn>XA#x2|~;-j9SNC#Mo&%f{dr zmJES2=l9ufNw&c}5|Yg9oZYRcrZQl+TCG-ht0lD>Y}q)5k>ntPW0s8^NGyjdO`${L zYiQ_y`vHaLc|Ma$vHy9VKm4ChW>bF?lG$WR$nvQ)|2JMpr!uL(0scocey+HfK<97# zcei!exqp)aZS5L4ShLImSSBLSwzpsTxDZc9WP~M0vk7}dr3LuX0s?7?7*I0_)J){y zLL>%|0X4kzx06B`!ItYth@qSkV&ekGsT!HO zlelCVoR5J!SvRg~Btq6UDgbEPx+XzNe`LAqS}LB3{MEewS170Te+hLL;U8rH&gg$C zk>wBdKbsIf^#5m+PoRtx=;{P`V-6I{IjxWJ$R{wGY8Yr3KyWLzTQS9Q3`hu)fuiY% z0+f-YLkEE+bTl~85eCEp69jCCF_M915(}&?*8v0>whjrx@kqo$OhrqUYmx#G0HAnm z-C7&SB*1?QB>EbF7{F7@)n#B>gkm- zHD%^EqPV*LCM3FLss}hCp8#Cph;7NDX#EOtYpKyTm{I^}%D|w=kqjUP$XsfUWisgu1U&+LghBzRw#tOK0}TW$ z#ix?BMl8P}5c68Le3k>*S3@6=@)&3ez&4UR`3@RLum%!8zJZ7;*{2!Tv19~vI6=B+ zAHrh@AjX=?m_bQgN}?orQeAQ}v5XFz;Xi-=r!XYcTF?d^WL2``elH%Wx$;K+DY(EJQrCa~dJx1dZdR^XiY0>9OL$?{#Ht-9a{1sEgXVi)TA z8aPO@3_2Z)>JDcPA)L zS-rMgAX{Js&Apz4s=21uTf&G_EM2!&nyE7Ex@J-kD9`9pji{54S7{nT&`tfzlomsIJngCC@BS5uofG6va|V zr~Ycc=|82M_W!ru8Q1BKD#JK=BHz)*x%EH&yzl>Kg*5-+|No3~Zu}pnNVn+%p4jhR z3Z5DNL^he+AO8f;XFkUNr<6bb;J$#RW)uKMge~L9+D5-p_XtW;Q~+PNKmUwSs7U3> zX8y?3TLA=)9P=jP5g#r_y%^0z;NtWmlGeNcu^lY)c;eoMBl8dA*WTtsc!2`G(P_by zKqkpPYR1r26zvII#CFK2M@2t-)CSYXwhg-IS%ZZOb>H8!ZPt%?WQ;uQ44%+7XrC~c zAPLf`2U`XLO?QGE6A^^H-YXi?Wen(Imw6n)f<(jMACooXOt~|pu$rkd$LN=Mq@e%@ z>C_wZkoexB?~?gG?ru%uV$UyyjCh~gS28+Su4qidF7Sf;;1 zd@aQuw1*Pfc6`27u()P%-p24Bf6(QN?#gHENgVw7XJm?WBaWvWW5sLg`aENmk15bh zOz3)vVcM6DkV1LP6t~;vr*UmJo++xMD&N4uwa6AN7SUP&|e(;(3U&tQ%e+fYl(jW8x&nO2I16_>;TPL0n?v97pJLr<>ZvyRq;S|k;y0$@%_Z*qB zZD}U)zELMx!vvXRY3Z(kBpqso54c1Dl(!jRKs!LqdJzG1Dwz0GeE#zJm|SSHDhCA1 z+ih|WpA3;{QADQ){CjzgZ82&}30qjm@ zNFr<|@H#czJ9_#a>gX42!&9yzd(5UGOGg8wP%a!#mEX~JU{YQfg%{1mIsI29`@wtt z{%C-6{vV$>)PFvmOn&J9&nO4_A38bPslRu?wx{xYihTmd>2tuHx_FxMstVhM`+ntD zuM120{}nNbidtrgKYquPu+8q>3)1wsKHQ}6lE!~ zZlR$+S8dD3+<~3b>1uT0q(GKWUFBZ%ctDbNXgp8PzQ9!f@o<|BQay`Q?-5Vcewy$G|`}0 zn6MSa;p^T}uwn>8vJ3-KZU5~vH_=QEPd|SJpJNjJE7>5{asao44(IokQ*AZqH}~b} z75Dk~5N>ZDtW7x>>XWyzNjb8;Q=qUgUQC`UX3C-iB5!Sbqsv@BIe=SOUgVt6UV;C6%HO>{li z*$?S|iHm_f+M|hcvBT+>1a)SkykoGior8|LCpe#C;35_?5OFjK$Dk}bzY2+LoR9Ny zp^)Qq{KX#ri&)GXs+f+TjGP#A95l-egCTQS*z0GYoV{-Op(C~{doO_(W?FSDqj2y7 zc%cLSX3)uZ9{&TMfK94sh^S14pz46#?+dPBvU7I-1j`&&5o*JEJID2Fq4|)1L zdu%oCUj=w=D~a!ECGkuvVFf{kP1a?N1uVbBtUXUV9O=9R+lzmGwTFFva1LUfj|b{R z;IvmlG0`Cg9pc+Ug#|JkD}Amm0}EGHUQtsytahI5+i2~}&If;rdDk}Jx%1!D;r-8qkj{Rb|NfNnhWMZD&fvkx>Hgl; zo{ibxM~TD3ovi0}v7SGe_)9k+{{zk3IsGRH6Ypx+) z|9?t3so*_JKC$P2@m8IS9f-}v4?1++vl`U>xClajris&B2kl zsu7O;^~jIJCmV-je}e~8m7{-xuXt&4J46#G&0U+_eZrA1alEo4U*Z!uk9>&}!;XCU z|B+AN8akTgV$dj8a3pR!)(lA`64zt|ISQy4S-C^S=%f} ziGP%ee@7yZkB^dNVoOJn{{sH} z9AuQ(#$~cTMnVA4w)HiLDSq@gCpj_>sDD@rP`9U0c%ZdB(jFv7W==0fLgz-{+NuL( z1Y$AGW0aR0i(M%?-G2_;M*xV$_Nk&oNNfW&9!k1IyA_H24>iON0*}W4k6r=`?}dg@ zC=8z6EDMqjusjwBGvi*;EmsE3_AnCp0>tqU>`Xb5!BT_Zajrq*F~m2Die1T9Y=IOle1$r)ubtax^As7kP(wMI`z1iPHPksWyTj!>(x%-^kkCF zP84E4kHZ)6<;$pB?iRj$0pf--+ON)}vtbg)l3mG5`M@Sk?^55yvIr&)v@w7`ShGSB zV3`#A?#8NzvcPeBaTvb@ATOH}fjsoAW{w44MfPePp>0r-64qCVx)`)*q zCUi+whzp4*d&u-98ISs$VcHV3$4<5Bi%(P{sbG3xN8mRqiYHm&;+00EDMtZ*@kwXU z9*a-bp(J?s0x?G%gg67zj&qp6iHul*P~P#2F4@5DxJ%~(yi{NXW{{Z$J4_}-92Xs>?D-b+;&1#l(*;@E z=%N5F4t5SxKpbUYdE5Jx1-uq~6N_kkE&lE(5} zF_GKdHl{c{(lC4K)8#38X+MR{D4fU#Fckv2hKW~mYbWVr8#>TH1UWcJ7ce}Th;2s% znIg^EUK;nOyh!95=mn_2LHP#CyBw8AZ#+D~gUB}!d!~SAUmd++cpk$MhmWkSx8|$^ z-@v2r=wUky+MyT^GRl1ej~6da1Q&a_2vkoXAy8$A__z?~_bcqedrs5~rL$x8y->0} z1fkeFir_uD?I`Nse)o}vvjZ@S-jL&t(HKy7n9bltWXHMg_HgY-R#Hr_Om;`H{PCxc zC3F-`QS36)sgnJJGt<#_Sz@VB)BgE1ZTg4iWMiCCZB@89YAo?jYb>#CES&c3+iSDd z9r5Sc@P>a*4=$c*H;{|>CbRP->1;B)JsP%AFnb2zL{7UsVGf4`Y#INmbZC2Mo{0dU z7!UHHNgl-E$US@HPf=WH@-77$GrT;{zf_SO+|!!1!o;-sr>Eh_T%r506MDcWdXFnBlBo{f95d`s+I%L6EticeT_s!ogl|#TZsDltDkDt z^Et^BlC6+?-bN^EE&U27)^gA5kf6!(&jx05HT9g=JwMG$VRS&p|IihlW`Fro0JoOQ z5K$IU_&~3J3$4h1|3~P{FOf(r7K=QTEs6Eo6ZYL4Gg*V*s*a{Yf_Cc_#d{EU5R}Oj zv30X%{StrpXKp8+-l|wE7IEs3{+JBVXZHWosdVCC|1Tq?KhFPuN(rC;p(lb&`Vn(W zVS)%ea~0_59B#LUIk@rRprz)uagn%)0B^q3EOVq82oq@7^aU^EV|+HoCq{g_Amj_l z#2tn8wT9JBMD{PMymYsOt&>gzg%jzFG+p<=J|Mr0UhKeI*Bdj zCEMSNo_?;`&~QsYHR zTum+jC7%+Mw3LeFrCcs12q+(eFrA2{61>2}JmmR|uswve9ZPi(#$^O$T{F=TNtP+& z0?6?E-pww7ee^PSH`J66Z*$c4`j_1eXs8nYG_QRf7svNyP5q|$n=>2nH_Xi;m`!CPN;|FwfdzFDW z>JCm4^Aa1ud&2bJ5~A-%HN3cUP}rF(@QRCL=R^bS#oq6Nj;U-rhGsGWZX=9oGu~wr z87;Zc%b0GdFIDpCs%oK|Jg4swz2PFz>tpO?69**ti9D*BgM+sR;U0U;!_pMVu8tfp zq}z8TW825iL_6XF)%b!Gh8DeP}4QC_O`Yi1X<>Wwg(XqE(SgEOt05Na4~XRbP<|L z!eHn7wdZHO)UV`7$kBeKj{4=(H$)_e<2vcyq_dN}l9w_{`hxY}56<#(vIb58lJ{BA zL8~45S2CdITN5h$NUk0DkaUT)9vnCu;cs5XFgXnJS9|LJobvqok7`vepUz}r zDFG!E0m=D^kYrQK8{0Uu{!68V)M5UIB%l3Q|NV^eN94@0+l3$O^q|QUWGfZHOSX~! zFh^@2AS^7(L{=n0k@MN)1jvnxrD9WBsp@bhsufYR8bz^Ru2yoW+d8e3AMwL~)TwD#@?s)uE8tJR2y347qQd|maZCsrb^QkMOQ*&{+ z=_DG(tky~2o0m81n~v=kd+_Eadp)~xQcy7 zGE&c8;b}A5zE(?-=biH_51bb9H??lBA(^y-C_?ww@YS z${REh2lbmp4i;ON1Dvw*iFq}(xi_2cwL-=)7k%O^cvCDz%}hg_sO!7Qs%y-1(fPWk zuXE|_a@y`@T5HW2OtRR;-NkZHor@*w-i)pq#fh6Mi)yZQ1wUlo5Rrh+6 zsM^Ep!MM6^jh`mHr@B5%4OdySIBF%IvbA>S-o(XH&l*IbD%Xn(zEW@6y;gTPb8?r< zzEGD@?M@|0W!bt~)y9%C)VlNjXfzjBF0OBy{f&5UE>QL^KWSY@rAFGSp}elNs+Tu> zrYPDQx0I_6>od1DjG|REi|hH$+U+TdJk-*cxw4ZhrJDCN zy;)AJd0uqJ9BFlzsH^1ERaIInQ@3Q@zmzITLo_Dkja;7>n?t;^rnOC{U6pdB)Oc`J z%BbmkGcm66l{r@&UoQJgm`OETa(gQDvPR7o>X&PhCk{UsZ>^{LU9W*=(ZODA|wRo40C7Z?7B1detndV!BsK-ER0!#a-R>X4!=03aYXu+G04Dg;|4?r^9h4 zS#1&Cc6%@yC5?O25E7m4@GdR1mcndRzP{z6Esfk^v8%5TO!ZV*QM!sP%r>^x#?k)9 zl=FAD^ObU$$fj@C$$K-MYxU>(Xk|(k&K2(8JZ%JNJuRV9-?CPnS%2zGqwD$8Jl(mJ zWYik8He8~pnzm@wiegin+?!6VcfDwe%~pP@&#$zo*?d}#BtfFMzcBh&Mvnbv)hDul_(2pJF!@6#YtVey-{vaadvO2?sdb+i20iQQP2cO|9Vx4HAm)Q zT@T8y32luf|K%8Hs6qc+#d&y2^Z5q}Ipo20^e~>)YITUjCtxXXv;yAi=UebN*2E$d zO|Ub=(c0V*tN)(j&oevnpL3_{E#(FO-&W%+=|=o}e+~59{SQ8Sl>aT6`8faiDdm&@ ztC^qnf7P;~bS%w|Nbc@eE4ykkDd$eLIgLzEgSpUfcKB3yj@>Ecp|pDI1$+$68SeNwpWXTTbM!R zN~iRjSQ#eLnTJ}b{gvT{gGH+H)N@9o#bBP*huT8?^{cil)I~db*GoD@SR7wBl!=hT zvuwRuytc5V=TcXK;0QU_QL$e6^(%pDVa8Wh&Fgt)nM;>v6|K0o+4*aIWgBQ_emxcXGe zZx%_XH`pZdol-rw&=+R3#`k8Mak_73$_X3titRk99`X5Rm+y^k`JN=#DmlTrtkq3h zJxTo0k^Gq+?ESj?sgCqBO{_JeZsKNG8wln~U-ea6Giu8lm5U}ichH?RXs7O!t7~;7 z8)Esgb8DK(YJX!?Z&Dk`RTXRDE}HnNHqArZuIIc?sp(?5krAik+U?pYO=~SB*`&B^I7hub-f;3mFlzfEvz(Cr|F}`h8V9bM?OtadRXZ-lCybr*6VBB zic!>&R;08LyO&n&>8d+gB$w#6mbzXSxrKW(Pj#Z>bgw*2cb3z+M^Ussu1$xPoLq8? z4N@H~HV#I|GW@bejc%gRh9(WAu|6C3J>E#=;_A-GT*>32xo8x7?v>HHY0ZbcVbc|3M(32~aZI$w98W0q%9J27vo zdJbm=rG6Dv@4Ai&b7FgOl~5Ydr@_b&x=OLRQPIs@9Sk(3-4+MS;_RkbmoD$-)5+Wx zSG~H?<#QX+>!jFSuG9Rex7_5#_GMmvvgO)H;mqOH0M>@pWGx}Lg=q5@nJcf8mz&F* zf!RapR3*`CCV5rImG(Znsh#sWH#gX?rLxbeWIxdF+tCP4LLW4_0Q~J#%x#w>EVUg| zSx(ih3DmhcS`Rc+^}{jPT@0&<)_yd`9Idwu^<#q{ASr;);p3WYA)PNI(s!Rjr|VJy zl(fF6&M)WHj@ucoZ`G^YVrQx6qfX~iUu;(0mb~uexXMahXvy0d6nM8W9Ev3oTKV9(GXr^I5lblUlL^SW)7=692Jl;hN2fAykiHm-vn=F2T7b%;q2D}Suc1sVcp-JIrAe-? z&#L0Jv{44@vehu9{>pBQj8@xyvg>lRm?@<$JBC8IybHy;YeCbf;HT_Tp10L{ZG5K> z=cyqgqm*EDaca5JrG#EeDy4c$GJ477B6-!zRr%7o9-RyM?wDs%YDSx>JP(^ZKkgE< zua0`rR{gG=#S=AYv}Skh+nTlEdaLPD^rVzql=SwZx)GGT-K``?C6v|I$40?c?JZZg z_bwkW`(d{N*iFg|U>n1fj3?v&sRv&lg_YO)|L+e4J-7bPW{!UUBbgFD{QsX(eu)2n z*86|X_xCF9OWHGmY!@&1;1>mO5x9gs-w_LPx1RKfpFH_@x z4$jUoHP%=D=g6^-__+tusca@gzkS~01-1+nV=mH3{J!%vo}@O~om^?n)*mc~=+d;(2CAnzVy#{^?8W7}g3cN2|HI|~ cw{!VF%18MqABC0w3jhHB|D3-gi~y(r022-hBLDyZ literal 0 HcmV?d00001