From d3e79078212ecd9890e4010d9a6c9d014aaef317 Mon Sep 17 00:00:00 2001 From: Sergiy Kulanov Date: Wed, 15 Nov 2023 18:51:00 +0200 Subject: [PATCH] operator edp-keycloak-operator (1.19.0) --- ...-operator-manager-config_v1_configmap.yaml | 18 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 58 ++ ...ycloak-operator.clusterserviceversion.yaml | 941 ++++++++++++++++++ ...v1.edp.epam.com_clusterkeycloakrealms.yaml | 172 ++++ .../v1.edp.epam.com_clusterkeycloaks.yaml | 80 ++ .../v1.edp.epam.com_keycloakauthflows.yaml | 231 +++++ .../v1.edp.epam.com_keycloakclients.yaml | 378 +++++++ .../v1.edp.epam.com_keycloakclientscopes.yaml | 197 ++++ ....edp.epam.com_keycloakrealmcomponents.yaml | 170 ++++ .../v1.edp.epam.com_keycloakrealmgroups.yaml | 211 ++++ ...am.com_keycloakrealmidentityproviders.yaml | 229 +++++ ...edp.epam.com_keycloakrealmrolebatches.yaml | 188 ++++ .../v1.edp.epam.com_keycloakrealmroles.yaml | 177 ++++ .../v1.edp.epam.com_keycloakrealms.yaml | 408 ++++++++ .../v1.edp.epam.com_keycloakrealmusers.yaml | 228 +++++ .../manifests/v1.edp.epam.com_keycloaks.yaml | 157 +++ .../1.19.0/metadata/annotations.yaml | 14 + .../1.19.0/tests/scorecard/config.yaml | 70 ++ 18 files changed, 3927 insertions(+) create mode 100644 operators/edp-keycloak-operator/1.19.0/manifests/edp-keycloak-operator-manager-config_v1_configmap.yaml create mode 100644 operators/edp-keycloak-operator/1.19.0/manifests/edp-keycloak-operator-manager-role_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/edp-keycloak-operator/1.19.0/manifests/edp-keycloak-operator.clusterserviceversion.yaml create mode 100644 operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_clusterkeycloakrealms.yaml create mode 100644 operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_clusterkeycloaks.yaml create mode 100644 operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakauthflows.yaml create mode 100644 operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakclients.yaml create mode 100644 operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakclientscopes.yaml create mode 100644 operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmcomponents.yaml create mode 100644 operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmgroups.yaml create mode 100644 operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmidentityproviders.yaml create mode 100644 operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmrolebatches.yaml create mode 100644 operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmroles.yaml create mode 100644 operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealms.yaml create mode 100644 operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmusers.yaml create mode 100644 operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloaks.yaml create mode 100644 operators/edp-keycloak-operator/1.19.0/metadata/annotations.yaml create mode 100644 operators/edp-keycloak-operator/1.19.0/tests/scorecard/config.yaml diff --git a/operators/edp-keycloak-operator/1.19.0/manifests/edp-keycloak-operator-manager-config_v1_configmap.yaml b/operators/edp-keycloak-operator/1.19.0/manifests/edp-keycloak-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..be8934c1999 --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/manifests/edp-keycloak-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind: + ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n + \ bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect: + true\n resourceName: edp-keycloak-operator-lock\n# leaderElectionReleaseOnCancel + defines if the leader should step down volume \n# when the Manager ends. This + requires the binary to immediately end when the\n# Manager is stopped, otherwise, + this setting is unsafe. Setting this significantly\n# speeds up voluntary leader + transitions as the new leader don't have to wait\n# LeaseDuration time first.\n# + \ In the default scaffold provided, the program ends immediately after \n# the + manager stops, so would be fine to enable this option. However, \n# if you are + doing or is intended to do any operation such as perform cleanups \n# after + the manager stops then its usage might be unsafe.\n# leaderElectionReleaseOnCancel: + true\n" +kind: ConfigMap +metadata: + name: edp-keycloak-operator-manager-config diff --git a/operators/edp-keycloak-operator/1.19.0/manifests/edp-keycloak-operator-manager-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/edp-keycloak-operator/1.19.0/manifests/edp-keycloak-operator-manager-role_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..1ed1544cd75 --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/manifests/edp-keycloak-operator-manager-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,58 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: edp-keycloak-operator-manager-role +rules: +- apiGroups: + - v1.edp.epam.com + resources: + - clusterkeycloakrealms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - v1.edp.epam.com + resources: + - clusterkeycloakrealms/finalizers + verbs: + - update +- apiGroups: + - v1.edp.epam.com + resources: + - clusterkeycloakrealms/status + verbs: + - get + - patch + - update +- apiGroups: + - v1.edp.epam.com + resources: + - clusterkeycloaks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - v1.edp.epam.com + resources: + - clusterkeycloaks/finalizers + verbs: + - update +- apiGroups: + - v1.edp.epam.com + resources: + - clusterkeycloaks/status + verbs: + - get + - patch + - update diff --git a/operators/edp-keycloak-operator/1.19.0/manifests/edp-keycloak-operator.clusterserviceversion.yaml b/operators/edp-keycloak-operator/1.19.0/manifests/edp-keycloak-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..ae307e3357f --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/manifests/edp-keycloak-operator.clusterserviceversion.yaml @@ -0,0 +1,941 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "Keycloak", + "metadata": { + "name": "keycloak-sample" + }, + "spec": { + "secret": "my-keycloak-secret", + "url": "https://example.com" + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakAuthFlow", + "metadata": { + "name": "keycloakauthflow-sample" + }, + "spec": { + "alias": "MyBrowser", + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "priority": 0, + "requirement": "ALTERNATIVE" + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorConfig": { + "alias": "my-alias", + "config": { + "defaultProvider": "my-alias" + } + }, + "priority": 1, + "requirement": "REQUIRED" + } + ], + "builtIn": false, + "description": "browser with idp", + "providerId": "basic-flow", + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + }, + "topLevel": true + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakClient", + "metadata": { + "name": "keycloakclient-sample" + }, + "spec": { + "advancedProtocolMappers": true, + "clientId": "agocd", + "defaultClientScopes": [ + "argocd_groups" + ], + "directAccess": true, + "public": false, + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + }, + "secret": "$client-secret-name:client-secret-key", + "webUrl": "https://argocd.example.com" + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakClientScope", + "metadata": { + "name": "keycloakclientscope-sample" + }, + "spec": { + "description": "Group Membership", + "name": "groups", + "protocol": "openid-connect", + "protocolMappers": [ + { + "config": { + "access.token.claim": "true", + "claim.name": "groups", + "full.path": "false", + "id.token.claim": "true", + "userinfo.token.claim": "true" + }, + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-group-membership-mapper" + } + ], + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + } + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakRealm", + "metadata": { + "name": "keycloakrealm-sample" + }, + "spec": { + "id": "d1-id-kc-realm-name", + "keycloakRef": { + "kind": "Keycloak", + "name": "keycloak-sample" + }, + "passwordPolicy": [ + { + "type": "forceExpiredPasswordChange", + "value": "365" + }, + { + "type": "length", + "value": "8" + } + ], + "realmEventConfig": { + "adminEventsDetailsEnabled": false, + "adminEventsEnabled": true, + "enabledEventTypes": [ + "UPDATE_CONSENT_ERROR", + "CLIENT_LOGIN" + ], + "eventsEnabled": true, + "eventsExpiration": 15000, + "eventsListeners": [ + "jboss-logging" + ] + }, + "realmName": "d2-id-kc-realm-name", + "ssoAutoRedirectEnabled": false, + "ssoRealmEnabled": false, + "ssoRealmName": "openshift" + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakRealmComponent", + "metadata": { + "name": "keycloakrealmcomponent-sample" + }, + "spec": { + "config": { + "allowPasswordAuthentication": [ + "true" + ], + "cachePolicy": [ + "EVICT_WEEKLY" + ], + "debug": [ + "true" + ], + "editMode": [ + "READ_ONLY" + ], + "enabled": [ + "true" + ], + "evictionDay": [ + "3" + ], + "evictionHour": [ + "5" + ], + "evictionMinute": [ + "7" + ], + "kerberosRealm": [ + "test-realm" + ], + "keyTab": [ + "test-key-tab" + ], + "priority": [ + "0" + ], + "serverPrincipal": [ + "srv-principal-test" + ], + "updateProfileFirstLogin": [ + "true" + ] + }, + "name": "cr-kerb-test", + "providerId": "kerberos", + "providerType": "org.keycloak.storage.UserStorageProvider", + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + } + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakRealmGroup", + "metadata": { + "name": "keycloakrealmgroup-sample" + }, + "spec": { + "name": "ArgoCDAdmins", + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + } + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakRealmIdentityProvider", + "metadata": { + "name": "keycloakrealmidentityprovider-sample" + }, + "spec": { + "alias": "instagram", + "authenticateByDefault": false, + "config": { + "clientId": "foo", + "clientSecret": "$secretName:secretKey", + "hideOnLoginPage": "true", + "syncMode": "IMPORT", + "useJwksUrl": "true" + }, + "enabled": true, + "firstBrokerLoginFlowAlias": "first broker login", + "mappers": [ + { + "config": { + "role": "role-tr", + "syncMode": "INHERIT" + }, + "identityProviderAlias": "instagram", + "identityProviderMapper": "oidc-hardcoded-role-idp-mapper", + "name": "test3212" + }, + { + "config": { + "attribute": "foo", + "attribute.value": "bar", + "syncMode": "IMPORT" + }, + "identityProviderAlias": "instagram", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "name": "test-33221" + } + ], + "providerId": "instagram", + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + } + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakRealmRole", + "metadata": { + "name": "keycloakrealmrole-sample" + }, + "spec": { + "composite": true, + "description": "default developer role", + "name": "developer", + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + } + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakRealmRoleBatch", + "metadata": { + "name": "keycloakrealmrolebatch-sample" + }, + "spec": { + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + }, + "roles": [ + { + "composite": true, + "description": "default developer role", + "isDefault": false, + "name": "developer" + }, + { + "composite": true, + "description": "default administrator role", + "isDefault": false, + "name": "administrator" + } + ] + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakRealmUser", + "metadata": { + "name": "keycloakrealmuser-sample" + }, + "spec": { + "attributes": { + "baz": "jazz", + "foo": "bar" + }, + "email": "john.snow13@example.com", + "emailVerified": true, + "enabled": true, + "firstName": "John", + "keepResource": true, + "lastName": "Snow", + "password": "12345678", + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + }, + "requiredUserActions": [ + "UPDATE_PASSWORD" + ], + "username": "john.snow13" + } + }, + { + "apiVersion": "v1.edp.epam.com/v1alpha1", + "kind": "ClusterKeycloak", + "metadata": { + "labels": { + "app.kubernetes.io/created-by": "edp-keycloak-operator", + "app.kubernetes.io/instance": "clusterkeycloak-sample", + "app.kubernetes.io/managed-by": "kustomize", + "app.kubernetes.io/name": "clusterkeycloak", + "app.kubernetes.io/part-of": "edp-keycloak-operator" + }, + "name": "clusterkeycloak-sample" + }, + "spec": { + "secret": "keycloak-access", + "url": "https://keycloak.example.com" + } + }, + { + "apiVersion": "v1.edp.epam.com/v1alpha1", + "kind": "ClusterKeycloakRealm", + "metadata": { + "labels": { + "app.kubernetes.io/created-by": "edp-keycloak-operator", + "app.kubernetes.io/instance": "clusterkeycloakrealm-sample", + "app.kubernetes.io/managed-by": "kustomize", + "app.kubernetes.io/name": "clusterkeycloakrealm", + "app.kubernetes.io/part-of": "edp-keycloak-operator" + }, + "name": "clusterkeycloakrealm-sample" + }, + "spec": { + "clusterKeycloakRef": "clusterkeycloak-sample", + "realmName": "realm-sample" + } + } + ] + capabilities: Deep Insights + categories: Security + containerImage: docker.io/epamedp/keycloak-operator:1.19.0 + createdAt: "2023-11-15T16:04:45Z" + description: An Operator for managing Keycloak + operators.operatorframework.io/builder: operator-sdk-v1.32.0 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://github.com/epam/edp-keycloak-operator + name: edp-keycloak-operator.v1.19.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: ClusterKeycloakRealm is the Schema for the clusterkeycloakrealms + API. + displayName: Cluster Keycloak Realm + kind: ClusterKeycloakRealm + name: clusterkeycloakrealms.v1.edp.epam.com + version: v1alpha1 + - description: ClusterKeycloak is the Schema for the clusterkeycloaks API. + displayName: Cluster Keycloak + kind: ClusterKeycloak + name: clusterkeycloaks.v1.edp.epam.com + version: v1alpha1 + - description: KeycloakAuthFlow is the Schema for the keycloak authentication + flow API. + displayName: Keycloak Auth Flow + kind: KeycloakAuthFlow + name: keycloakauthflows.v1.edp.epam.com + version: v1 + - description: KeycloakClient is the Schema for the keycloak clients API. + displayName: Keycloak Client + kind: KeycloakClient + name: keycloakclients.v1.edp.epam.com + version: v1 + - description: KeycloakClientScope is the Schema for the keycloakclientscopes + API. + displayName: Keycloak Client Scope + kind: KeycloakClientScope + name: keycloakclientscopes.v1.edp.epam.com + version: v1 + - description: KeycloakRealmComponent is the Schema for the keycloak component + API. + displayName: Keycloak Realm Component + kind: KeycloakRealmComponent + name: keycloakrealmcomponents.v1.edp.epam.com + version: v1 + - description: KeycloakRealmGroup is the Schema for the keycloak group API. + displayName: Keycloak Realm Group + kind: KeycloakRealmGroup + name: keycloakrealmgroups.v1.edp.epam.com + version: v1 + - description: KeycloakRealmIdentityProvider is the Schema for the keycloak realm + identity provider API. + displayName: Keycloak Realm Identity Provider + kind: KeycloakRealmIdentityProvider + name: keycloakrealmidentityproviders.v1.edp.epam.com + version: v1 + - description: KeycloakRealmRoleBatch is the Schema for the keycloak roles API. + displayName: Keycloak Realm Role Batch + kind: KeycloakRealmRoleBatch + name: keycloakrealmrolebatches.v1.edp.epam.com + version: v1 + - description: KeycloakRealmRole is the Schema for the keycloak group API. + displayName: Keycloak Realm Role + kind: KeycloakRealmRole + name: keycloakrealmroles.v1.edp.epam.com + version: v1 + - description: KeycloakRealm is the Schema for the keycloak realms API. + displayName: Keycloak Realm + kind: KeycloakRealm + name: keycloakrealms.v1.edp.epam.com + version: v1 + - description: KeycloakRealmUser is the Schema for the keycloak user API. + displayName: Keycloak Realm User + kind: KeycloakRealmUser + name: keycloakrealmusers.v1.edp.epam.com + version: v1 + - description: Keycloak is the Schema for the keycloaks API. + displayName: Keycloak + kind: Keycloak + name: keycloaks.v1.edp.epam.com + version: v1 + description: | + Keycloak Operator is an operator that is responsible for establishing + a connection to provided Keycloak Server, reconciling Keycloak entities (realms, + roles, groups, users, etc) according to the created CRs. + + ## Quick Start + + 1. Create a User in the Keycloak `Master` realm, and assign a `create-realm` role. + + 2. Insert newly created user credentials into Kubernetes secret: + + ```yaml + apiVersion: v1 + kind: Secret + metadata: + name: keycloak-access + type: Opaque + data: + username: dXNlcg== # base64-encoded value of "user" + password: cGFzcw== # base64-encoded value of "pass" + ``` + + 3. Create Custom Resource `kind: Keycloak` with Keycloak instance URL and secret created on the previous step: + + ```yaml + apiVersion: v1.edp.epam.com/v1 + kind: Keycloak + metadata: + name: keycloak-sample + spec: + secret: keycloak-access # Secret name + url: https://keycloak.example.com # Keycloak URL + ``` + + Wait for the `.status` field with `status.connected: true` + + 4. Create Keycloak realm and group using Custom Resources: + + ```yaml + apiVersion: v1.edp.epam.com/v1 + kind: KeycloakRealm + metadata: + name: keycloakrealm-sample + spec: + realmName: realm-sample + keycloakOwner: keycloak-sample # the name of `kind: Keycloak` + ``` + + ```yaml + apiVersion: v1.edp.epam.com/v1 + kind: KeycloakRealmGroup + metadata: + name: argocd-admins + spec: + name: ArgoCDAdmins + realm: keycloakrealm-sample # the name of `kind: KeycloakRealm` + ``` + displayName: EDP Keycloak Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAABAAAAAQACAYAAAB/HSuDAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAoaJJREFUeNrs3Q+QXfV9GPpzM9iTKfJonWmN8mKXtS0iu/OiXcfEjG0q1vNiTJNIyEEi7UwESwjzXosk5ADB6RN/jNQ2LRBhpLZ5VV2B6XtpDR7Map5DVTqAQtPC4KBV37xWgQSpdRrszsSrifymY8903/2evdcIkGTt7vece869n8/M6YJTjq7O2Xvv+X5/3+/3VxQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBoHZcAAEbL/Pz8ZPfHWPkg0Ok864oAgAQAANCeoH6q+2O8d1zc+xl+EOwvwpHuMdc7Zns/43873ul0jrvaACABAABUH+iP9YL6CPgnev88XuNL6CcD4ngufkoKAIAEAACQE/Rv7P64ohf0TzbwJUYC4NleQuBZCQEAkAAAAM4v4I9V/gj6r+79bJuoDnike3xNMgAAJAAAgLcH/tMtDvolAwBAAgAAOEfQHyX9t/SC/rEh/+t+LZIBnU7na+48AEgAAMCoBP4be4H/1Aj+9Y8XC1UBD3Y6nTm/DQAgAQAAwxj4T3d/3F3UO7m/qSL4f7h7fFF7AABIAACAwH80RCLgcyoCAEACAADaGvhHqf8egf95ieD/i4XWAACQAACAFgX+k73Af8rVWFIiIKoBHnYpACDPj7gEAJAa+I91jwj8Xxb8L1nshnCgex2f6SVSAIAEKgAAIC/4j3L/A8Xwb+dXty8U2gIAQAIAABoQ+I/1Av+NrkZljnePz3Y6nSMuBQAsjRYAAFhe8D/V/fGa4L9y493j5e71vselAIClUQEAAEsP/iMYvduVqN2zxUI1gJYAAJAAAIBKA/8o+X+iMORvkOZ6SYBnXQoAkAAAgCqC/8le8D/e1r/D7NGjxdzcwuL5FevWtf2WxHaBD/rNBAAJAADIDP6nuz9ii79GTvk/ceJEcbx7HD58uJg7ebKYnZ0t//fnuv9+vi6++OJivHusHBsrJteuLf99YmKimOj+c4M93Ol0bvAbCgASAACQFfwfaNJrisA+gv34efqqflUiERAVA3Gs6x5jK1c26XI8W5gLAAASAACwzOA/Av/pQb+OWNWfmZkpnjx4sPw5aJEQuHr9+mLDhg1NqRCILQI/JQkAABIAANC64L9pQf/ZRKvA9Vu2FNd1j/hnSQAAkAAAAMH/eYh+/nt37y5muoF/1aX92aJF4LpeMmBA5npJgCN+iwFAAgAAGhn8Rz//rm7gv5jBfU0VlQB37dxZtggMYF5AJAHerxIAACQAAKBRwf8wBf5vNTY2VmzfurW4c+fOuv9o7QAAIAEAAM0I/mN6/6233TaUgf9b9SsCam4NkAQAAAkAAHhb8B+Bfy1b/cVwv1jxf2jv3pG7zjEj4IH7769z54AjnU7nI37DAZAAAAAi+N/Y/fFEHX9WDPa78aabWjfcL9v2bdvKtoCa5gM83Ol0bvCbDoAEAACMdvA/2f3xTPcYq/LPiVX/CPybvJ1f3aIt4Ev795dVATX4QqfTucdVB0ACAABGM/iPoP/l7jFe5Z8TPf6brr125Ff9zyZmA9Q0JPCznU7na644ABIAADB6CYBY+Z+q8s+IXv97uwfnFlUAjz/2WNUtAZGB+Uin0znuigMgAQAAoxP839P9cXdlkaaS/0WLLQOfPnSo6gGBhgICMJJ+xCUAYESD/6kqg/8TJ04UP3vllYL/RYoWibhuX3700Sr/mMnu/d/jagMwalQAADCKwX+lff+zR4+WQax+/+WJ4YDXbdlS5R/xqU6n86wrDcCoUAEAwCi6W/DffNE+EUeFnuglgwBgJKgAAGCk9Er/nxn24P/CVT9eHu+Z/Ony3/s/46v/HStWFGOrf7L4/qlTxXdefeUH/813X//T8ph79Q+7P/9r+bMJogogqgEq8mCn0/mcdwYAEgAAMHwJgNeKClb/Bx38v3v1Jd0g/yNloB/HO1a86yxf+Qs/58/5v7/xv/23I98ovvPqsfLnnzz/7LAmAWJXgCPeHQBIAADA8AT/090fB4Yl+I+g/wNX/Vzx3sv/arnaH/7HWwL65SYATve9U6fKJMB/7R5/8vwztd+/B+6/v9i+dWsVp3620+l8yjsEAAkAABieBED66n9M+7/0sstqDf4j6F+zaXOZAHjrV3mVCYD49/7//fun/rw4/tRM8crj/1fZLlCXCgcDGggIgAQAAAxJ8D9dJK/+z508Wa78z87OVv7637liRTfov7Y84p/P9lVeVwLgdMefOlj8vw//dm2JgJdefLGYWLs2+7SqAACQAACAIUkApK/+X3PttcXMzEzlr/1DmzYXPzX9K+XwvrMH9oNLAMz3/v3EUzO1JALGxsaKl154obj44ouzT/3+Tqdz3LsFAAkAAGhv8D9dJK/+79q9u7i3e1TposmPFB///G8UF65a9YMgu8kJgPjfv3fqz4tXHv8/i//48D+u9NpMTEyUSYBkD3c6nRu8YwCQAACA9iYAUlf/nzt8uCz9r0qU+P/U9A3lyv+ZguwmJwAWXkNRnHz1WPHSb95Z/qzK9m3bigfuuy/7tKoAAJAAAICWBv/TReLqf/T9X/qxj5XD/6rw7tWry1X/hQF/RWsTAOH7p06VlQCvPv7PK7u/X33ssWLD+vWZp1QFAIAEAAC0NAGQuvpfZd//B666qvjo1m29IX+d1icAih/MBniyOLrvH5Q7B2SLeQCvHDtWjK1cmXlaVQAADKUfcQkAGOLgf7pILv2vKvj/6M1bi4/f8fm3TPgfDhdfdXWx7sF/VrxjxbvSzx3bL956223Zp73buweAYaQCAIBhTgA80/0xlXW+6PuPJEC2CPxj9X/hm/nMq+9trgDoW5gLsLOSuQCvHjuWvSuAKgAAho4KAACGNfifygz+I/CvPPgfcitXrykrAeJntgp2ZFAFAMDQUQEAwLAmABq/+v+JO+7oBv9/7bTV+GKoKwD6YhbA4R2/kl4JoAoAAM5NBQAAwxj8TxUNX/1fCP6vGsn7E7MALv387vSZAF9+9NHsl6oKAIChogIAgGFMADR69f9Dm64pLr355t7XcGfkKgD6ogIgKgGydgewIwAAnJsKAACGLfifKhq8+v++yz/ZC/6JWQBrt/562vliR4C9e/dmv0xVAAAMDRUAAAxbAqCxq/8rVq0qfm7/Pzltq7/RrgDo+8Zv3lmceOrJlGusCgAAzk4FAADDFPxPZQb/s0ePpq7+f/yOO04L/umLKoCsnQFUAQCABAAAoyE1UHsoMZD84FWfKS6anHCHziCGAU5svSPvvu3bV8ydPJn5Eqfn5+fH3SkAJAAAoAGyV/9PnDiROlV+7fXXu0nn8BcnL1UFAAASAABQf4B27+7daeeK1f8LV13kDv0Qqzf9ctq5VAEAgAQAAEOo+av/17lJ5+Hiq64u/sKq/ynlXKoAAEACAIDh1PDV/1Xu0Hn68PTfTDuXKgAAkAAAYIhY/R8uqgAAQAIAAGoJyDJX/993+Sf1/i+BKgAAkAAAgDdp+ur/h675RTdpCVpQBXCLuwSABAAA1Kuxq/8XTU6UB0vTgiqAMXcJAAkAAKhB01f/J/T+L0vDqwAi+N/hLgHQNh2XAICWJgCeyUwA3HjTTakJgDOv/i/2a3fxX9PzFf4Z84t+Tct7zPju639S/H+v/9eciH1srHjl2LFibOXKrFs81z3e3+l05rwbAZAAAIDqgv8I/J/JOl+s/q9es8aFHXJ37dxZ3Nk9En2h0+nc48oCIAEAANUlABq9+k8zqQIAYNSZAQBA24L/8aLBvf80l1kAAEgAAEC7NHbyP81XwY4At9gRAAAJAABI1lv9n846n9X/0aMKAAAJAABoB6v/LNsj+UkfVQAASAAAQBar/zT43qsCAEACAAASWf2nyfdfFQAAEgAAsFxW/8mmCgAACQAAaCar/6RTBQCABAAANEj26n9sAWf1n6AKAAAJAABoltTV/+Qt4Gg5VQAASAAAQANUsfr/0L59Liw/oAoAAAkAAGiG9NX/ubk5V5U3UQUAgAQAAAyQ1X/qogoAAAkAABgsq//URhUAAKOg4xIA0DS91f/Xss4Xq/+XrFmTlgDYvm1bMbZypRvVAFHVkXVfv7R/f3Hdli2ZL+8LnU7nHncJAAkAADh7AuBAkVj+v2v37rQV3osvvrh49dgxN6khGn5vIzPx/k6no/QEgEbQAgBA04L/8aLBvf937dzpJjXItqjGGMuptK9oFsBGdwkACQAAOLPG9v7HCnFyiTjLjbBXriy2b92adr4KZgHc7S4BIAEAAG9h9Z+laHgVwHj393raXQJAAgAA3szqP4umCgAAJAAAaBGr/yyHKgAAkAAAoD1uyTyZ1f/RogoAACQAAGiB+fn5WLqdzjqf1f/RpAoAACQAAGi+HcXClmkprP6PJlUAAHBuHZcAgEHqrf6/lpUAiNX/S9asSUsAfGn/fgmAFsm+/08fOlRcsW5d5ku8odPpPOxOATAIKgAAGDSr/6TJrgLYpQoAgCGiAgCAgbH6TxVUAQDAmakAAGCQrP6TThUAAJyZCgAABsLqP1VSBQAAb6cCAIBBSV39jy3brP7TpwoAAN5OBQAAtcte/Q+r16wp927PYPV/OEQVwF+66KK086kCAKDtVAAAMAjpq/9Zwb/V/+ERVQCZ91IVAABtpwIAgFpZ/adO8XsRvx9ZVAEA0GYqAACom9V/apN9T1UBANBmKgAAqI3VfwZBFQAALFABAECdrP5TO1UAACABAECNeqv/t2Se897EQGz7tm1u0hC7a+fOtHM9d/hweSQa774/pt0lACQAABgWjV39Hxsbs/o/5FpQBXCLuwSABAAArdf41f+tW8st4xhuDa8CmOy+T6bcJQAkAABou0av/m9T/j8SzAIAQAIAACpk9Z8maXgVwJQqAAAkAABoM6v/NIYqAABGWcclAKBK8/Pz38lMAMR+7lkJgFgNvjNxRZh2iN+f+D3K8vShQ8UV69ZlvsRPdTqdZ90pALKpAACgyuB/urD6T8OoAgBgVKkAAKDKBMBr3R/jWeez+k+W7CqAl158sZhYuzbzJaoCACCdCgAAqgr+pzODf6v/ZMquAnho797sl6gKAIB0KgAAqCoBYPWfRsuuAnj12LEysZBIFQAAqVQAAFBF8D9dWP2n4bKrAO7NnwVwi7sEQCYVAABUkQB4uftjMut8Vv8XJ/amP3nyZDE7O1vM9X6e/n97q4mJiWJs5cryn1eOjRWTa9eWP6On/fT/2zBqQRXA+zudznGfKgBIAADQxOB/qvvjmazzxer/jTfdlHKuWP1/pRugDVNAGwFsBPVxzB49+qZgP0sEtJEIiMTAunXrsre8G7j4/YrfswxRUfCl/fszX97DnU7nBp8sAEgAANDEBMCB7o/prPNZ/X+7mYMHy4D/yZmZtGuzGJFIiUTA1evXFxs2bGh9QqXhVQBzxUIVwJxPFwAkAABoUvA/1v3xnazzRZD7s1demRa0tnn1P1b3Y5U6jrm5ZsWCkQS4fsuWYsP69a393W14FcANnU7nYZ8wAEgAANCkBMB098eBrPNF8H+mnvWlaOvqfwSlD+3bV0lpf7ZIsmzfurUMgJP74CuXmWwKyVUAz3Y6nU/5hAFAAgCAJiUA0ob/jfLqfwzu27t3b/FI4u4HdYskQCRd2pQIyEw4VVAFYBggAMtmG0AAsoL/8SJx8v+uxC3VYlW6LcF//L0vWbOm3FKurcF/iMqF6KuP0vq2/D0yK0S+nJ+82ehTBgAJAACaIi1A6U+1zxCr/9u2bWv8xYvBfqt7gX/TevwzEgGR2IjKhia7InmHg2jdSHS9jxgAJAAAaIq0ACVrGFto+up/rBJH6fk1mze3esX/h4nExqUf+1iZ6Giy7CqAxKTHZK/KBgAkAAAYnN70/5Ty/wiYshIATV/9jxXiSy+7LK3aoekiwRGJjmuuvbax1QCZVQBRyTEzM5P58rQBACABAMDApQUmmav/sS1dE1f/I/iNVf9bb7ttqMr9z1cExTHnoKmJj8wqgOQ2gCt81AAgAQDAoKUFJpkJgLsauO1fBL1NDn7rEomPSIJkDntM+2VOrAKI7RsTWzumfNQAIAEAwKClBCYRKGXtd9/EvehjNTiC3lFc9T+bmA1QXpOGtQRkVgE8mTf3YGx+fl4SAAAJAAAGozeYbLxhgVLjVv9jO7wo+eftohoikgCzR4825jVlVgFkVrUUqgAAkAAAYIDSApKsQKlJq//9fv/kIHDoROVH05IA25MGSCa3AUz4bQFAAgCAQUkJSCJQzir/396Qyf/94H/U+/3P+3r15gI0JQkQQySzEkmJ1S1TflMAkAAAYFBStv87nBQkT0xMFBNr1zYm+M9KakgCDEZWMikxCTTWa7sBgEW7wCUAYJmmmhQgRfm/4P8NkRCJrRD7/ewrx8belCA5eVrlxfETJ8pS9UFXLPSTAE8fOjTwZM7V69enzG44nHtNI+l23EcPAIvVcQkAWKreSuRrGee69LLLUgLmV48dG3j/f9bfZSk2bNhQBvsROC9niF0/EdA/EnvYz9vY2FgjkgBZ9/OlF1/M+rt8odPp3OMTCAAJAADqTABMdX88k3Gud/zojy77HLHa/dILLwz0msS0/7oH/kXQf/2WLWXPelWiJD/+XnHUuY1hJAFeOXasrGIYlNi+MaMK4Ev792dVqHyt0+l81icQAItlBgAAyzGVcZKskvOrKwyAz8eu3btrC/6jyiG2Ovxv3/pW8dWvfKXS4D/EyvUD991X/LfXXy8D2awt8n6YfjtAtFUMStbfNXGuwZiPHgAkAACoW8qybFZgtK6moPRMZg4eLO7dvbuWwD8C8Gh1uHPnzoGsjMcqdpTmx1FHIiDK7zNW4Jcqkh8ZbSWJbSFTPnoAkAAAoG4pOwCcTCopv2JACYDoj4/S/ypFKXys+EcfeRMGHfavdz8RUPXchX77wcCSABPL3+2yKTsbACABAAADk9ECkBGgLVUE/1X2xUegHbMNBrXifz6vLyoSIkFRpVtvv31gQfRkwvC+zN+R3vwNAJAAAKA2jQlCBjUpPvr+q9w274H7769lhT3Dnb0KhapeawTQVVdanE1We8mgt1gEQAIAAAYqIygaH0CAHKvRVfX9RxAdwfT2rVtbdS8jEROvO3YmqOSaz86WSZe6jTcvAWMQIAASAACMpkG0AFQ1mK7czjBvz/j6I9OVK8udCapqCYht+WLuQp2yqhoSX/ekdz0AEgAA1GJ+fn484zxZ27utrLk3PgbSVVHOHQP+ot+/ib3+ixUtAbFjQbZBtQJkJAHqTlwAgAQAABlSEgBZW6PFlPy6RNIiBtJVEfxXETAPUlV/p0i+1N1PP96COQwAIAEAwNCrs1x+79696VP/hzH4r/rvNqiBgAAgAQAAIyBW/6MHPVP0/A9r8F9lEiDK6aMVAwCQAACAdNmr/xH8xzZ/oyCSAHFkuncAOwIAgAQAAAy57NX/mFsQq+LDMPDvfMXfN3PHBlUAACABAADpItDMXP2PKflt3epvOWKLwMyhjRIAACABAACpHtq7N+1cGzZsKLZv3TqS1zG208ucBxC7AcwePeoXFAAkAAAgJ8jM2sM9Vr9/6777Rvp6bli/vrhi3bq082UmZwBAAgAARlhmmXms/F9sT/nUKoCZgwf9kgKABAAALE8M/8sKMCPwj95/Fq7FXUnXImYzmAUAABIAALAsMzMzacP/7hL8v8m2bdvSBgI+qQoAACQAAGA5ov8/Q6x4X7dliwt6mtgCMWsY4uGk+wQAEgAAMKKyyv+t/p9ZVlIkqjTMAgAACQAAWJLYXi6j/D/K3GPrP94uszLiOVUAACABAABLEf3/GWLbuyh358yuTkqOSAAAgAQAACzJkaNHGxXgDqtIkGRsjTg7O1vu2gAASAAAsAzz8/Nj3WNj99jT/dcDo/B3zhgsV5b/dwNczu2KdetSzhNJgBFwS/d9eKB7TMf70m8PABIAAGQE/ZPdY0f3eKb7r9/pHk90jx3dY3zY/+4nTpxI6f8X/J+frCqJEdkNIIL+6WIhEfed7vvz5e5xT7xf/SYBcDYXuAQAnCHo39j9cUX32DgKgf7ZHD9xIuU8WSvbwy4rUZJ131pmsnfc3X3/Rtbqa93jufjZ6XTm/HYBEFQAANAv7Y9S4ie6x3wxQqv855K1kiwBcP4mJiaWfY4To5kAON1bqwOe6VXxjPsNA5AAAGA0g/7xXlDwcrFQ2h/BwkZX5g0Zw+Si/z9juN2oyEiWzCYNbhwiU90j5na8plUAYLRpAQAYraB/shfkX10slAtzrkAyYZjcxNq1LuQiZCRLMuY2DLHTWwWOFwutAo90Op0jLg3A8FMBADACQX9M7e8er3X/NVb77xb81yejpH2krldSwkQVwHkZLxZafaIq4LXe54TPBoAhpgIAYEiD/u6P64sRH+LXhCBybOVKF3IxEWlSu4QqgCUnA3aoDAAYXioAAIYn6O/39PdX+kd+iF8TgkgVAItjXkKjkgEqAwAkAABoYNAfAX8E/nsE/c2yUgUAw5MMeNluAgDtpgUAoH1Bf2zx1R/kZ2o/nMHJhB0ceJv+AMGoCHi2+/OR7vG1Tqej3wKgJVQAALQn8J/qHrFVX6z027KPoZWyFWDCDg6c01Tvc+g78bnUPXweAbSACgCAZgf9490f08XCQL9xVwTOj9kLtYrPqOnThgd+sdPpHHdZAJpHBQBAMwP/eJh+plhY7b9b8D8YGQPpMlazWTyzFwYiPqdiXkAMDnwmPsdcEgAJAADOHPRP9kppv1MslNZODevf9cSJE8WXH320uPGmm8qjqZYbvFuFXpoNGzYs678fGxtrbOLloX37imuuvbb8mbHNZIPF51f5edb7XLOLAEADdFwCgIEG/f2BfrcUC8O1hjbgf+7w4R8c8e/Zvv/f/3v6OeO1/uyVVy75v//S/v3FdVu2+EVfwu/L6jVrlvzfxzWPa58tfhfidyJbJCsi6RE/J9auHeZbe6R7fLEwOBBAAgBgxAL/8V7QP909xgT8zUwAhFitnZmZWfR/F6v/L73wgl/2Jdq1e3dxb/dYrFj9f+XYsWKsghaAqhIAb33969atK5MBQ5wQiOD/4cKsAAAJAIAhD/wj4I+BflPD9nebOXjwBwH/ICawV5UAmDt5sgz8FvN3iiDu6UOHhn01t3KXXnbZon+XvvrYY8WG9esreT11JADeKuZQ9JMBUSUwNnyzDZ7tHo90Op2H/cYDSAAADEPQHyv8O4ohm+Qf/csRDMXqeN1BUZ0JgMUmASJgiyBU8J9z3WNGxPlUYETSJcr+qwr+B5UAeKuoLLm6+3eMZMCQ/Y4dj0RA93hQewCABABAGwP/6Onvl/kPhf4q/5PdgKyOsv6mJAD6oiz9kUcfPePfPQLQ7Vu3Ftu2bRvGVdqB/95FO8CZEjBx3SPov2vnzpRdG5qeADjT330IqwMeLhbaA4747QeQAABoeuAfAf9QlPn3e/mf7AZgS+mDH7YEQF9UP0QwGtcngs5+mTbV/z72r/3KbvAbK+B1XvemJQDeKqoDYgBiVAhUnQypybOF9gAACQCABgb9Q1PmH0FWBPyxTd8gevnbkABgNDU9AXC6SABcvWFDmRAYglaB48XC7gEPaw8AkAAAGGTgH8F+66f5x6pqBPxNLO2XAEACYPnJgKiUiIRAlTMSajB3WiLguN9IAAkAgLoC/9b39w9D0C8BgATA4vTnBgxBMuDh7vEFiQAACQCAKgP/qe6Pu4uW9vcPW9AvAYAEwMgnA57tJQKe9RsKIAEAkBX4TxctHew3zEG/BAASALnJgO3btrV1ZoBEAIAEAEBK4B8r/uNtet1tHeQnAYAEwOC1fIDg8V4i4GG/sQASAABDG/jPnTxZbtUXQf8oBCkSAEgAVK/FWwtKBABIAAAMX+A/c/BgWd4fgf8okwBAAqBaGzZsKBMBkRCQCACQAABoa9Af2/ftKBam+rdiK78o8X9o376h7+uXAEACoHlaOi9AIgBAAgAQ/Jcr/nvaEPiPeom/BAASAM3TbxGIY2zlSokAAAkAgMYG/q0o9Y8p/g/t3VuW+s/Nzbl5EgBIADRSPxFwxbp1EgEAEgAAAv/z1V/tjzL/YZvi/84VK4pVk2uLiybWlj+/d+pU8a8+9+sSAIxEAmBy+peLD37m08XrR44W35o9Wv489fq3huo6xbDAaA9oSVWARAAgAQAg8B+M6Oe/d/fuoVvtj0D/9KD/dBEASQAwSgmAiet/+U3/WyQA4n3wX/7tvyt/RlJsWLSoKuBI9/hcp9N51m86MMwucAmAIQ/8p4qFHv/JJr/O6Osfpt7+FasuKv7y5Z/4QcD/zhUX+mWEc7xfVl/16fIIf/bqHxf/5d/+fpkMiKPN+p9tMStg+9atTd5BIL4jnul+Z0QC4AsSAYAEAED7Av9Y8Z9q6muMMv+9e/cWj3Qfjodhkn8/4P/Ll3+8DGiApfmx1R8oj4nri+J7p77bqw74/Va3C0Qr04033VTcevvtZRIgkgHRKtBA8Z0x1UsE3NDpdI77jQQkAACaG/iP9wL/6cY+CPeG+sWqWJtFkB+r++/75Ces8kNF4n0VSbU4Qr864D8//++6//xHrfv7RGtTfP7FsWHDhjIR0ND2gEgEvNb9Tnm4WKgIkAgAJAAAGhT4j/UC/x1NfY3DUOb/Y6s/WAb7McQsViiBut+D/eqAX37T7ID//Pzvt+7vEoNO42h4e8B099jY/Y75Yvfng51Ox1YsQKsZAggMQ/B/T/fHLd1jrGmvrT/NPwb7tbXMP4L+CPirKu03BJC2qGoIYIZoFYgkQOwsENUBbRwkGC0B12/ZUmzbtq2puwdE8P85OwYAEgAAgwn8p4uGTvaPYD9W+2MbvzZO8++X9tfRzy8BgARAvkgC9FsF2pYMGBsbKzasX1/ctXNnU+cEHC8W5gM8610BtI0WAKCNgf9U0dABf/1t/NrY398v7Y9hfvr5od36cwM+eUf7kgGRNO23TJUDA7dtKybWrm3SSxwv3tgxwKBAQAIAoKLAf7xo6IC/WBXsP7C2SdXl/YBkwHL0P1djUOCdO3c2bWDgVLEwKPDBYmFQoPkAgAQAQFLwf0/RwD7/CPx37d7dqsF+Eeh/+JrPCvphhJMBP3PzwsyAtgwQjM/Y5668skwAREVAtAg0SAyfne5+T0US4EG/ZYAEAMDSA/+p7o8DRcP6/NsW+L9zxYpi9VWfNr0f6H0mXFh+JsQRAwRffepfF3/0r/5147cWLBMB3SNmA8SMgAbtHBDJ6T3d76zri4VBgc/6LQMkAADOP/Af7wX+U016XTMHD5b7V7cl8I+H+/4wP4CzJQP+yqaN5RFbC/7Hr36trAqIf26qmLdy4003lTNXGpYImCwW5gN8rZcIOO43DGgSuwAATQv8YxUlyinvbtLrih7UtmzlF339H75mY2uG+dkFgLZo0y4AGfrzAqI6oOkaWBEQYibAFzudzj3ePYAEAMDbg/+N3R97igaV+8eK/6/ddlvjA/82l/hLACAB0GzRIhAVAVEZ0PQWgYYmAo4Xtg0EGuJHXAKgAYH/ePd4ovuPTzQl+I+H/HjYv2bz5kYH/7F13yfvuLX4GwcfL37m5v9Vfz+Qrj8vYP3+f9g9/lH5z5F0bKJ+a8DqNWuatCtLfK9FW8ATvSo3AAkAYGSD/3u6P17uHhubFPhnrPRV9zC+ovgrmz5bXPM7jxSf2fMPyodxgDpEkjGSjvH5Ez+j5ajpiYCo5GqI+J6LbQN3+E0CBsUQQGBQgf9UsVDuP9mUwL/pU/1jtT9K/AX8wKCdvovAn736x8V//OoTjZwVEImAqOSK7QPv3Lmz/Dlg/d0Cri4WhgQe8dsE1EkFAFB34D/WPSLwf6YJwX/5cHjttY1d8e/39kfZrdV+oIn6VQF/4+BXi5+5+X8rVqy6qHGvsYHVXVPd4+WogtMWANRJBQBQZ/DfmCF/EfjHVP8G9Yi+STxAf/iazza61xZYquGcwdxvT4pjYWjgE+WQz6YlAp678spiw4YNxW/dd185NHDAYseb67vfj4YEAhIAwNAE/rG6caBoQJ//3MmTxd69e4uH9u0r5ubmGnetosw/Av/Ywk8wBH7f2yo+w+I49fq3itlHHi23FPzeqVONeX0zMzPlEbsFPHD//cXYypWDfDnjxcKQwK8VC7sFzHmfAFXRAgBUHfxPd3+81oTgP4L+S9asKVf+mxb8v1Hmf9+IBf/AMItqpk/ecVs5NHByekvj2gOiCiy+F2IGTCSIB6w/JHCj3xxAAgBoW+AfW/tFn3+s/A+0vzEmQMck6Ftvu61RgX+Uy8YD8TW/8+XyAbmp07QBMj7vJq7/5UZ+3sX3QiSGL/3Yx5rQFhbfl0/YMhCQAADaFPzHFkextd/UIF/H7NGj5cCnmAAdPf9NEStgMSgrVsTigbiJA7MAqnJ6xVO0PTVFf+vASy+7rAmDAvvVANN+Y4BMZgAAmYH/eLGw4j/QwD/KOGO1v2kD/iLQn7h+i0n+AMXCzJNVk/cVf/bqHzVqG8HZ2dkyedyAQYHl/Jzud+v1xcJsgON+a4DlUgEAZAX/jVj1jz7O6OdsUvAfD7mx0hWlr4J/gDeLdoCFOQHN+oyMIYGrmzEfIL5XXzYbAJAAAJoQ+I/1ev1je7+B9Sv2+/ybNOCvH/g3rcwVoIneGBj45XI+SlO2QL23GYllswEACQBg4MF/2aNYDHDVP3o2m9bnL/AHWF4iYGFg4CONSQREYjnmA8T3zYDnA9gpAJAAAGoP/GPV/4nuP8YxkJWIKMeMssxY9W/AsKZSlK7GypXAH2D53tg5oDmJgPi+iSRAJAMG2BagGgCQAABqC/6nioVV/4GtPkS5f2zXFGWZTQr8o3TVRH+A4U8ERDtAtAU8tG/fIF9GfA+/3PteBpAAANKD/+jzj37/gaw4NK3cP1b5Bf4AdScCmjEjINoCYseZ2DYwtp0dkPH4Xu59PwNIAAApgf9k94gJ/zsG9Rqi3L8hezN3A/+J4jN77i+PFatWdf+XjmPZB4wS7/nlHAuJgC2NSQTEtoFRlXbr7bcPsi1gR3xPx/e19xcgAQAsJ/jvb+83kIeKCPibMt3/jcBfjz/AoJ2eCFh91ZUDfz0P7d1btgVEm9qAxPf0M73vbQAJAGBRgX9/0N9AygpjFaU/cXnQ5f6xR7XAH6C5iYCF7QMfHXgiIBLV0aY2wO+uaNHbY0AgIAEALCb4nyoGOOgvVk8asOfyD/akXr//Hwv8ARqu/5kdiYCo2BqkqF6LtrUBDgnsbxc45TcDkAAAzhX831MMaNBfrJZcc+215erJIMv9YzXpZ27+m41YTQJg8YmAqNiKyq1BJgIaMCQwvsef6X2vA0gAAG8K/Md7g/7uHsSfH6sk8ZA0MzMz0OsQA6Win/SvbPqsXwqAFovKrUgEfGrXPQPdqaU/JHDX4Lauvbs3IHDcbwUgAQBE8F/uJVwMYNBff2u/WCUZ5Kp/rPTHin8MlGrCHtMA5PjLl3+i/HyPyq5Bfr7fO9jdbOL7/eXe9z0gAQCMcPAfQ/5i2F/tJf/9Vf9Bbu3Xn+wffaODXCECoFpR2TXoCq+oBiiT3oPZMjC+55/ofe8DEgDAiAX+Y72S/9q3C2rCqn8E+1EWarI/wOg4fcbLIOcDxJaB0RYwoAT4Di0BIAEAjFbwP1UsTPmvveR/0Kv+8fC30Of/aFkWCsDoOX1Q4KCqv36QDL/99kH88VoCQAIAGJHg/55iAFP+m7DqH33+saVf9PkDQFSADXo+QFkNMJidAvotAff4TQAJAGD4Av8o+Y9e/9qn/A961f/HVn+wXOX5xB23FReuuqiYj+vhaMwBI/VZ7Gjk8eFNny1+8Xe+XHxwQFu/DningNglILYLHPMOBQkAYDiC/7LUr3vUWuoXA46uufbaga3693s9f2H/Py4u0ucPwA/5zoiBsJEwjsTxIPR3ChhANcBU93it97wASAAALQ7+p4uFkv/xOv/cmYMHi0vWrClmZmYG8veOVZxYzfnwAKc9A9A+kTCOxPGg2gL6OwVE9VzNogLg5d5zAyABALQw+I+tfg4UNfb7x6p/DDS6ZvPmgaz698v9YxVnkPs9A9Bug2wLiO/PqJ6LRMAAtgs80H1+OOA3ACQAgPYE/tHvH6v+tW7xFyWL5arF3r21/50j2J+Y3qLcH4DU75Z+W8AgdguI2TllNd3Bg3X/0dO9rQLNBQAJAKDhwX+/33+qzj+3HPT3sY+VpYt1i72cf8F0fwAqEonlX/ydR8tEc92iGiCq6qK6ruZqgHieMBcAJACABgf/00XN/f7xMNLf3q9usTLzqV33FFfuuW9g+zgDMDoi0RyJgEg81y2q6+L7tuYBgeYCgAQA0NDgv/Z+/35p4iC29+v3Zr7v8k+4+QDUJhLOkXgexKyZAQ4INBcAJACAhgT+0e//RFFzv3+UIpbDiWoe9BcPXtGLOajpzDAMTpw4USbuBrDVGAyN/m4zdSei+wMCY5vdmlsCYi7AM+YCgAQAMLjgf7xYKPnfWGfgEHsUD2LQX6z6G/IHS3/v3njTTcVfWrWqWL1mTZnAi7kd7/jRHy0DiS8/+qiLBIvUb0WLo+6kdGyzW87eqTeRN1UstASYCwASAEDNwX9/2F9tX8IxhTiC/7oH/cXWfoPckxnabtfu3WXQH0H+map2IpCI5MCAthyD1osqgEFsGVgm5T/2sbpbAsa7R1QCbHTnQQIAqCf4n+4F/7WV4UXJf0whrrvkf2L6uuIX/ulvFz92yeqi6HQcQ3l4T1cpAvt7d+8+r/+/0RYgCVAD7/uhPN75rncVn/z87cVnHqx/y8ABtATE88cThgOCBABQffB/T7Ew7K8W8TAxiJL/ctW/G/gPYsslGBaxKrjY0v7+kDEqi/5dgiF3UWxN2/3+qrsaYEAtAYYDggQAUGHwH1+yd9f15/Wn/Ndd8v/hTb+4sOq/+oNu+ij8XrsElYjk3a7zXPk/UxLATABYumhXi2qAqd1fqLV1rd8SUPP713BAkAAAkgP/mPQfJf/Tdf2ZETjUPeV/YWul+4tLb/6b3b9z4RiRQwagGmfr9z9fA9hmbIQ+0x2jcrzvk58oPvs7j9a+U0C0/sRRY0vAVLEwF2DcOxwkAIDlBf/xZRqT/msZ9hcPC9FHeO8SVw6XKlb9f37/b5elk8DyRTnwckQVgFkAsHxRATC16wvlUWc1QCQBI5EfVQE1KYcT2yEAJACApQf/tU76j77BeFhYbuCwlAejS034h/T387LPUXP7DwyzqAKoO9Ed7+GY4xO7+NQk2gDsEAASAMASgv/48nymqGnSfzwcRPBf5wN/PAwNojQSRkHdO3YAP9zprW51fhbELj676qvss0MASAAAiwz+40vzibqC/3goqHOLv1jpj4efusshAaAJymG3+3+7eHeNw26jta/mrQJjh4A97jZIAADnDv7vKWra5m8Q/f7xsBOrH/HwAwCjahDfh9HiV1b71bdV4A7bBIIEAHD24L+2bf4G0e8/iBUPAGiqQVTERatffP/HVr81iW0Cn7BNIEgAAG8E/mO94H+6jj8vvvTr7Pc/fdAfAPBm/Zk4dQ0IjJa/eA6ocbvPcq6RJABIAIDgf+HL8Jm6gv/4so8v/br6/eNhxqA/ADi3SJZHS8DE9HW1/Zm33nZbceNNN9X1x032kgDj7jYMzgUuATQi+K9lm7/4ko99gesSDzFrr7/OjeaH6LgE+J2HnvjevGhionj2zruL7506VfmfF88F0Rb49KFDxdjKlXUkAV7uPv98qtPpHHG3oX4qAGBwwf94XcF/DPuLfYDrCv4XVjEeEPwDwBIsVM/989paAqIl8NKPfayu4YDl4kf3OWjSnQYJABiV4L/MgNcR/PeH/dXV71/3QwsADKN+Mr2uloATJ04sDAc+eLDOJMCUOw0SADAKwf8zvS+/oQr+4yElHlbqmmQMAMMuqunq+m6N+UDXbN5cV8VgPwkw7S6DBAAI/pcpvryjnK+OYX/9Kf9K/gEgX7+6rq5tdGNmUI3DAQ9IAoAEAAj+l2HX7t21fXHHw8jP7/8/ivdd/kk3GQAqEsn2X+h+33540y/W8ufFQsI1115bzhGSBAAJAGBxwf90XcF/BP737t5dy9/rg1d9pixLXLHqIjcZAGpw6c1/q/jEHb9eS0vAzMzMwtbBkgAgAQAsKvg/UHXwH1/O8SVd16T/ePj4xB236/cHgJp98Korewn4VZX/WTXvEBBJgD3uMEgAQNuD/0r1g//nDh+u/O/UL0GMhw8AYDAWWvB+u5YWvP4OATUlAXZ0n58OuMMgAQCC/zOIL+MyM1/DpP942KhzCBEAcHb9Ibx1bBUYQ4VrrDSclgSAalzgEkC7g/+yN6+GSf/R7x8l/wBAs8QuPBdetKp46R/+o+J7p05VmgToDxm+bsuWOpIARafTucEdBgkAGPngf+bgwfJLuI7gPwYOfWjTLxbzbi9VvGdcAkbs993vPFX4wFVXlhV6z915d3Hq9dcr/bPi+SPaAu7cuVMSAFpGCwC0MPgvt+bZvLny4D9KCz+954Ey+AcAmi0SAD+3/7dradW7t74th7UDgAQAjHbwX8cXbjw8RPB/0eSEmwsALRHJ+58vh/V+pvI/q65nEkkAkACAkQz+b7399lq+aCPoj+DfsD8AaKeP33F72cJXRxLg0ssuK3ckkgQACQAQ/CeJwP+hvXsr//vEikEE/7GCAAC0V7TwXbHrC5V/p8dOROVQYkkAkAAAwX9O8F/HtjufuOPXyxUDAGA4vO/yT9aS2JcEAAkAEPy3JPiPh4JYIYgJwgDAcImWvo2/888rb+3rJwFihwBJAJAAgGEK/qeqDv4jgx49dXUE/7EyECsEAMBwquv7PpIA8fwye/RoHUmAPe4sSABA1cH/ZPfHE1UH/5FBjy/RKsVKQEwKNuwPAEYjCRAVf1XvEBDbFJfPMdUnAXb0KjIBCQCoLPh/pnuMDUPwHysBF666yI0FgBFSxw4BNSYBDkgCgAQACP7PITL/sfJv0j8AjKbYISCG/0oCwGi5wCWA0Qv+P17xFz4A59JxCWiED3SfCaIi8F9/7tbie6dOVZoEePrQoWJi7dqqkwBFp9N52J2Fs1MBAD88+I+g/8AwBP8L2/wJ/hEMgd93WPDu1auLT+/5rUqrAmuuBJhyV0ECAJYT/MfK/+QwBP8fqHjoDwDQxiRA9UOBa0wCPNGr3AQkAGD0gv+FbX9+S/APAJzVhatWlc8LQ5AEKJ/fJAFAAgAW68CwBP8XTU64mwDAeT03DFESYNxdBQkA+KG6XxgR/G8chuC/yi9xAGD4kgA/v/+flEODhyAJ8ESvohOQAIBzBv/TbQ7+6+jlAwCGVwwNHoIkQLmLkyQASADA2YL/6WEI/mPlP3r5AAAkAYon3E2QAIAzBf8HhiH4r3IrHwBgtJIAH9p0TduTAFO9Ck+QAHAJoAz+JwX/AABvd+nNf6vcTrjlSYDp7vPeHncTCQAQ/Jf9YVX+GbfedpvgHwBordhOeAiSADt6FZ8gAQAjGvyXE2KLhUmxlbjxppuKLz/6aGV/h+jNE/wDAMOQBIjnpqicrNCB7vPfRneTUXWBS8CIB/+x8j/e5uD/43fc4WbSch2XAL/z0JokwFXl7/Dv//2/X8n5o2IyKgGePnSoGFu5ssokwPFOp3PEHWXUqABglEXP/6TgHwBgMUmAqASo7hmknwSosBKgXASan58fdzeRAIAR0JsEW1n510P79gn+AQBJgGYnAZ7oVYSCBAAMcfA/3f0xXdX5I/CPoX+CfwBAEmB5SYAqn6mKhUrQJ9xJJABgeIP/qaLC7f4i+I/Sf8E/ACAJ0Pxnq66pXmUoSADAkAX/lWZ5Y9sawT8AIAnQuiTAtO0BkQCA4Qr+K93uL4L/6FMT/AMAkgDVJAGqnK9ULOwMMOVOIgEAw6Gy7f5OnDixMKRmbk7wDwBIAlSk6h2WioWhgJPuJBIA0GK9vq5KPsxjMu01115bWfD/7tWrBf8AgCTAaUmAqLysSFSKHrAzABIA0N7gf7qoaOJ/BP+x8h8TaqsK/j+957fcRABAEuA05fNXdUkAOwMgAQAtDf6nigon/se2NFUH/+9cscKNBABamQRYO319JeeOysuy/fLkyapefuwMsMddRAIA2hP8jxcVZm+r7EET/AMAw2Dt9deXs4xamgTYYWcAJACgHcF/pRP/q5xCK/gHAIZJzDKqKgkQlZibNm+u8uUfMBQQCQBovijZquTDeubgwcr2oY2gf2rXvYJ/AEAS4Dw9d/hwZc9mPc8YCogEADRU9wN6R1HR0L8YNlNl8B8r/xeuWuUmAgBDmQS4aLKaxfSozHxo376qXnoE/8+4g0gAQPOC/6liYfU/XX/ifxXb/fWD/yj/BwAYVlfsurey550YzlxVi2bXZG9baZAAgIYE/+NFRUP/qgz+F74Mdwn+AYChV/Wix623317l9oDThgIiAQDNUdnQvyq3+/tEWQ434e4BACOVBKhi5lENOwPsMRQQCQAYsF5JViUfxrt2766snCyC/w9UNBAHAEASIF2505ShgEgAwOCC/+mioqF/Efjfu3t3Ja87JuEK/gGAUVXl1sdRuRkVnBUZ7x7mASABAAMI/mPVv5Khf9E/Fn1kVQX/MQkXAGDUkwCX3nxzJeeOhZxdFS3kdG3s7TwFEgBQU/AfpVeRfU0vwapy6F980Qn+AQAWREXkJyp6NopKzpmDB6t66Xt6O1BBq1zgEtBSlfX9Vxn8f3pPFCx03D2AkdXxPQBvSwJcVXxrdrb4o6eeSj/3jTfdVDx96FAxsXZtFS895gG8v9PpzLmLtIUKAFqnV3K1sYpzx5dEFRP/o79tateuSvrcAADaLiokP3jVVennjUWdazZvrnQooLuHBABUF/xX1vcfvWJVTPxfmHS7p7hw1So3EADgLD56881lxWS2EydOFJs2b67qZU91n0/vcfeQAID84L+yLGsM/YvV/ypERruKLzMAgGHSXzRZUcGiyXOHD1c24LnrbvMAkACAfNH3P5590v7QvyrEUJv3XX65OwcAcJ5JgCsqapt8aO/eSqo9e57oLVaBBAAsV/cDdbqoqO+/qqF/0cf2gQp62QAAhllUTkYSoApRBRCVnxUwDwAJAEgK/ivr+y+/BCoY+nfR5KTt/gAAlvEsVcX2gLHoE22fFQ0FnOoNqwYJAFiGKP1PL6mKErAoBctWZdYaAGBURCVlFTsDxOJPVbOfuvb0Fq9AAgAWq/sBGiv/6R+iUfpVxSCY6FeLbLXt/gAAli8qKqMaINvMzEzx0L59Vb1s8wCQAIAlBP/R859eRhUlX2XpVwV9/7Hyb+I/AEDzn69uve22cneACowXFbWvggQAwxr8R9b0QBXnjg/7Kvr+L7355koy1AAAo6zKCstN115b1TyA6d5iFjTKBS4BDRVTVNNLp6LUq4rtX6JHbc2mzcW8+waLNl90XAT8zgPnNLb6kuLjd3y+eO7OnannjYrQTZs3F08fOlTFyz4wPz9/pNPpHHcHaQoVADTvwWhheupU9nnLvv/bbkt/vVGSFl9IAABU572XX16snZ5OP2+0AezavbuKl1xZRStIADAswX/U0N+dfd4o7bpm8+b01xulaD+750E3DgCgBj91/XSZCMh27+7dVc0DsDUgEgBwDpVs+RdD/06cOJH+YiP4N/EfAKA+UXlZxVDACucB2BoQCQB4q+4H4z1FBVv+Rc9/bPWS7aM3bzXxHwCgZrH4EkmA7EWY/jyAimgFQAIATgv+Kyn9L/v+b789/fXG0L8PbdrkxgEADEBVM5gqnAcw2VvsAgkARj74j5L/J7LPGyVcUfof2dzsL5xY/QcAYHCqGgoY8wBiEakCd3efe6fcOSQAGHWx8j+efdLI3s7OzqaeM0rNrti1W98/AEADxFDAiybz2+tjeHRF8wAO9Ba/QAKA0dPLgqZPRp05eLB4aO/e9NcbpWYXrlrlxgEANMS6XbvTn89ieHRUklZgvKig7RUkAGhD8F/J3qj90v9s0fNfxbYzAAAsXb9CM1sMkY5h0hXYoRUACQBGUSWl/zG9NbvvP0rL9P0DADRTVTOaYph0FVtJF1oBkABglFRV+v/Qvn3l9NZMkVVet2u3mwYA0GBVVGvGopJWACQAYHnBfyWl/+WWf7fdlv561xn6BwDQClXMa6pwa0CtAEgAMBIqKf2vIjsbW8tUMVkWAIB8Vc0DqHBrQK0ASAAwvKoq/Y/+rOwt/yLwj61lAABoj6rmAcRiUwVbA44XWgGQAGCI7ck+YZRlZW/5F9njKCEDAKB9qpgHEItNFbYCKDlFAoDh0v1gu6f7I/XDraot/6roHwMAoD7xPJc9xykWnbIHTvcccMeQAGCYgv8I/NPLmyILm701SxUZYwAA6lXVTk4VtQJM9hbLQAKAodCK0v/oGdP3DwAwHGKmUwx1zhSLTxW1Atw9Pz8/7q4hAUCrdT/IYujfVOY5qyz9t+UfAMDwiMWdWOTJpBUACQA4c/Af25q0ovQ/psVmfzkAADB4sTVg9iJPRa0AU93n52l3DAkA2iqymKl7m1ZR+h/lYdH7DwDA8InhztltnhW2AuzpLaKBBADt0f3gmur+2Jh5zipK/6saEAMAQHNUMei5olaACP73uGNU4QKXgIqC//jgSu9hqqL0/+Of/43ine96l5sGg9LpuAb4nQdqEc99T/71Xyq+d+pU2jljceqlF18sxlauzHyp093n6Uc6nc6z7hqZVABQlRj8N555wipK/z9w1VW2/AOgzujfJYABisrPSAJkqrIVwB1DAoDG621fkjr4r4rS/+gF++jWbW4YDNh3Xn3VRWBk/Nmrr7gIMGCx+JM9+6miVoDJ7nP1Pe4YEgA0XXrp/97uh2olpf+2/IOB+uOnniq+sW+vC8HI+Obzzxf/7jf/ngsBA/ZT0zeUi0GZqtiiuuuW3uIaSADQPN0PqBj6N5V5ztmjR4t7k8uqIusbk/+BwQb/AiFG9Xf/6R23pPYgA4vTolYAAwGRAKCxwX8lH1BVlP5H1hcYnP/w8MOCf0bat44ckQSAAatiG+hYtIrFq2Qbe7trgQQAjZI++O+hffuK2dnZ1Bep9B8GKwL/ow8fcCEYeTH/QhIABquKVoBbb7utipfqixMJAJqjisF/VZRRKf2HwQf/Uf4MvDkJ8N3XX3cxYACqaAUod67aty/7pY53n7d3uGNIANAU6aX/v3b77cXc3Fza+ZT+g+AfmpoE+Pqv3mhHDBiQKloBYhErdrFKdnev5RYkABicXk/Sxsxzzhw8WMzMzKS+TqX/MBhR3hzBjeAfzv0+iUoASQAYjOxWgFjEqqAVwEBAJABohNSepMiW/lryB6bSfxDUgPcLcDZVtAJ8+dFHy3aAZNPz8/MeapEAYDB6vUjjmefcu3dv2f+f5Y3S/47D4ajxEMzA0pMACxUzPkccjjqPiyY/Unxo0+bU93T2blY9qgCQAGAgwX+UIaUP/rs3efDfpVu3Fe9c8S43DGoUA80E/7D0JMDCzIzfdTGgZrFolNkyWsVQ666p7nP4RncLCQDqFsF/6iCS7Czpey//q+UB1GdhoNmvCP5hmSQBoH5VtALEjgCZ1a09qgCQAKA+vW3/UrciicF/mX1SVXyAAz88+H96x3b7mkNiEuA/Pf6YCwE1yl5AioGAsbtVstgW8B53CwkA6pKadaxi8F92CRcg+IdB+Ma+vWUiAKjPQgtp3nNk7G5VwUDAW2wLiAQAlati27/swX9VDHEBzi7KlAX/UO17TBIA6vPGEOk8FQwEtC0gEgDUovGD/z66dZu7BDUHJoJ/kASAYRKLSe9evTr1mTfmASSb7rXmggQA+bofMNPdH1OZ58zuiVo7fUPqhzUgIIEmvedihw0JN6jHxz//t1PPFzsCROtrMlUASABQmdTV/+iFip6oLFGutUbpP9QiBpMJ/qF+3zryspYbqEksKmW2lcZAwFuT5151bey16IIEAHl6k0bHM8+Z3QuVPbAFOLMI/GMwGTAYhm5CfbIHS3/50UeL2aNHs1/m3e4UEgBkBv8xZOSWzHNm74mavWULcPbg397k0JwkwHdff93FgApF8J89X6qCKoCp7vP6RncLCQCy7CgWJo2miN6nXYmD/+KD+VKD/0DwDyOYBPj6r/5K+ROozgeu+mvlLlNZyjbYgwezX6ZZAEgAsHxVrP7Htn/RA5UlerOi/x+oRpQZx+AxwT809f25XRIAKpZdBfBr+VUA472B3SABwLJENjFt9T97278q9mkF3h5cxOAxQBIARlX2QMCKtgU0CwAJAJaut6/odOY5M4P/oPQfBBXAG+/Xbz7/ey4GVCR7IGAF2wKO9wZ3gwQAS5K+7V9MPs0SvVgG/0E1YrBYHcH/dVu2uNiMjA0bNhRjY2OVnT+SAM/t/N+160BFsgcCRktstMYmu6XXwgsSAJy/Klb/dyWv/n/887/hRkEF6hos9qX9+yUAGCmTa9cWTx86VFx88cWV/jkGdkJ1YiBgtANkierYzJ2xioXW3R3uFBIALFb66n8cWQz+g+qC/zr2Fxf8M6om1q4tXnrxxWJiYkISAFrqo1u3p54vu0W2UAWABACLUcXq/4033ZR2rii/MvgP2hn8R/lzrIAK/hllYytXlu+DOpIAcQC5LpqcLCsBskSL7OzRo6kfM4UqACQAWITU1f/4UMssbcoewAIU5UphXcH/FevWueBIAtSUBIj3tiQA5Fub/Dx6a/62gKoAkADgh+t+UEwVDZ78H2X/mVuwAG8ECHUE/1H+DLw5CRDDASUBoF2yn0mz22ULVQBIAHCeUlf/dyUPNvn45/+2OwQtCwxi4JngH86eBPjqV75SeVtMvNdjh4Cq53vAKFmzaXP6toDJVAEgAcDZ9Vb/p7LOF/uaPrRvX9rri23/oucKyPGfHn+s8uA/ypvLgWeCfzinOgZjfvP536tlyCeMiuxtAaMCYObgwcyXqAqAN7nAJeAtrs88WexrGvubZvnp7gfsfNFxlyDBv//Nv1v5hPAI/mPlP1Y4gfNLAoSYnVOVhWGftxT/y4MPmacDCd5/1c8VRx8+UHz39ddTzvdrt91WbFi/PvMlRhXAg51OZ87dQgUAP5A9+T979X9hz9VL3CgQ/MPQJwH6iYDqkgCvFP9GJQCkyWxRjdbZ5CSgKgAkADij1N7/7NX/n5r+FXcIWhL8Rxmz4B+W9x6qIwkw89c3lz+B5XlP2ab6kbTz3WsWABIAVKnpq/8R/MekVWDpYqXv8M6/XUvwH4GL4B+anwSIz4WoBJAEgIzn1RvSzqUKAAkAqtbY1f/oT1xj2z9IeciPAWBtD1hg1JIAX33ssXIbTUkAaLaoAoiW1SyqAJAAoBLZq/+Rscz8wFqz6VpDiqAFD/fbt20T/EMFYhhY2VJTQxKg6iQhDLvMllVVAEgAUJXU1f/M4D/K/q3+Q/OD/wj8H7jvPhccKhLbaNaRBKijTQiGWTy7NrwK4Hp3SQKAEdYrA5rOOl92pjKyqFb/YWnqGvBVx97lQD1JgFDHoFAYZpnPrxVUAYx3n/+n3SUJAEZXahlQ5uC/7AwqjFrwX8cWX4J/qD8J8MqxY+U2m5IA0EwLFazXpp2vgiqAu90lCQBGUG/1/5as88Xk/+zVf6CZwX+sQMZgMsE/1C922IhKgDqSAHEAixctrKoAkACgaWL1P62OMHPyv9V/WJoY4FVH8B/BRwwmA4Y7CRBVAJIAsHgLu1g1ugrALAAJAEZQ2hs/Vv8zy/9/avrG7v/bcTgcizj++KmnygFedQT/UYYMNCMJsGHDhhqSAH/P56zDscgjcyerCqoApubn56d8kkoAMCJ6ZT/jWefLXf3/cav/sKQH9L9TbbAh+IdGJgG++pWvVN6O88dPfb2sBKh6rggMkxZUAZgFIAHACEl7w+ev/uv9h6YF/1FmXA4eE/xDI9UxkDOSAP9mxzZJAFiEFlQBjLtLEgAMuV65T9qb3eo/DM7CkK7qg/9y67GVK11wGPEkwMKQUUkAOF/ZVQDJCYCgCkACgBGQ+ka3+g+DC/5jRU7wD5yeBIhDEgCaI7MK4LnDh8sj0XRvZzAkABhGvTKfqazzRRbS6j8MZ/Afg8UE/9A+UQVQRxLgd3/1hvIncG7ZVQC78mcB7HCXJAAYXqmr/5nDSKz+ww8XK26Hd/5G5cF/BBAxWEzwD5IAZ/Pd1/+0rASQBIAfruFVALe4QxIADKFeec901vli9T+GkWSw+g/nF/zHw/Y3n/+91gcOQH1JgNjBo+rPJUkAOLeGzwIY6+0QhgQAQya1vCfzg8fqPzTjIVvwD8OXBChbeWpIAnz7yMsuOJxDZhVA5kJcj2GAEgAMoeuzTpRZemT1H5oR/NcxPAyoX2zfWUcS4Onu51RsSwqcWXYVwL25swDGezuFIQHAMOiV9Yxnnc/kf6hHBP0zf31TLcF/1duHAcOdBAixLakkAJxdZgJg5uDBYu7kycyXZxaABABDJG31P8qNZmZmUs5l9R/OHfzXsdWW4B9GJwnw0gsvlNt7SgLAYEQVwAeu+rmUc8VOXHv37s18eRt7O4YhAUCbdd/Ik0Xi1n+Z5UaCfxhc8B8rgV997DHBP4yQiy++uKwEqCMJ8I19D7ngcAaZ1a+P5A4DDNPukAQA7ZdWzhNlRlFulCG7DwqGRQzSqiP4jyBgw/r1LjiMmNjes44kwLHHv1L8+9/8uy44vMWFq1alVQFEZW7yjgDaACQAaLPsrf+izCjKjTJkTkKFYRFls0/XFPxHOTAw2kmAK9atq/gz7euSAHDG5+DNaefKnM1V2BJQAoDWS30DZ5YZZWU+YZiC/yibrfShX/APvCUJUHUbUD8JUPU8E2iTd6++pLho8iMp55qdnU3bnatHFYAEAC2W9gbO3G80gv8ofwLqC/6j3PeVY8cE/8Cb1DEINJIAdQw1hTbJnAWQ3AYw2ZshhgQAbdLby3O8iR8stv6DN8SgrDqC/3ILsJUrXXBgIEmAunY2gbZ4z+RHyh2xsp7TsxbqelQBSADQQmlb/80ePZpWWnRR+WFn9R9ClMXGoCzBP9CEJMAD998vCQA1anAVwMbeLDEkAGiD7OF/DyXuMWr1H94I/qMstmqCf+B8bd+6tfLBgJEE+N1fvaH8CaMutsTOqgLIHgYYSQB3SAKA9kgL/mPrv6yMYnzAvSdp4Am0Vax81RX8l9/ggn+gYb77+p+WlQCSALCQBEh5Zp+bsyUgEgAjLHX4Xxar/wj+T5UPvXUF/wBN/zyUBGDUxdbYWZKrAAwDlACgDbKH/2WV/79zxYre1n8dh2MkDw+7AGdLArzqe8Ixssc7V7wrbXvs2BIwZnclUgUgAUALpA3/i8F/WRNF12z6JXcGD7mCf4C3fT7+7q9Oq4xipKVWASTO7ioMA5QAoNnSh/8llhFl9TdB2ywMvJoW/AOcQ2yHKgnAqHr36kvKnbIyzBw8WM7wSmIYoAQADZf2Bo2V/5mZmaTg/+fSJpxC24L/f7NjaznwCgBJADib9ye1AcQwwKxn+J7r3R0JAJqrkcP/svqaoI3Bv/2uARaXBPgPD/8zF4KRk7lgljwMcGp+fn7cHZIAoGF6UzrTJnU+kpQAiJImW/8xar595GXBP8AS/YeHv1QmAmAUkwAZKhgGOO3uSADQPGnlOdE7lDf871p3hpES5atPC/4Blv1ZKgnAqGnwMEBtABIANNB01omeTOobiq3/3nv5OncGD6wA+EyF83h2zqoCSB4GON7bahwJAJqg+4aM4X8pW3TEB0VW/38E//FBBh5UAVjqZ2vspKKqilHxAcMAkQDgPFyddaLM4X/K/xkV39j3RcE/QEUMVWWUxOyshg4D3NjbchwJAAap90aczjpfVr9Q7GUaAwBh2EXgf+zxr7gQAJIAkOJDSYtoMQwwa65XsVBtvNHdkQBg8NLeiDEtNOtD4v22/mNEgn97VgPUmwSInzDMMp+jk6sArnZ3JAAYvLR+nKzVf8P/EPwDIAkAS3+WzpoF8GTuHIBoAxh3hyQAGJDeG3Aq63wxLTSD4X8Msyg/rSP4n5iYcLGBVqr68ys+hyUBGHZZCYCo7s16xu8nAdwdCQAGJ+0NWG4VMjeXci7D/xhmv7fz85UH/9dt2VI8cN99LjbQSlevX1+89OKLxdhYdfPCJAEYdpnDAJ+0GwASAEMj7Q34SNL0/xj8Z/gfwypW/r915OVK/4wH7r+/+NL+/S420GoTa9cWTx86JAkAy5A1DDB2+YqtvpNMagOQAGAAem+8yYxzxQdC1j6hHzD8jyEO/qte+Y/Af/vWrS42IAkgCQDFey//q2nnmkmeBeDuSABQv+msE305afU/mP6P4H/pwX+U/gMMYxKgyrkA/dkstghk2EQLQNZg7czn/a5b3B0JAOqXVv6f9YEQq/+G/zFsvrHvi5UG/7EyJvgHJAGWp787gCQAwyarCuC5w4fTtvvuGp+fn590dyQAqEnvDTeeca74IJidnW3UBxQ0RQT+xx7/SqXBfzwUC/6BYTe2cmUtSYAY1ArDJHOB7cnc3QAMA5QAoEZpb7isD4L4YMoqUYIm+PaRl8uS0qqD/1gZA5AEyPGtij+7YRAa2gZgDoAEADVKe8M9tHdvynn0/jNMYhXpcIWrSIJ/YJSTAC+98EKllU9VV29B3bK22I6q39mjR7NeljYACQDqkFn+Hx8AWb1Apv8zLKoeJhUrX4J/YNRVPfsk5rd8u+JtW6EuscV2DATMkFwFoA2gZS5wCVqpccP/4kNp5eqfLP6He8MQiJX/qraT6gf/sQIGIAmwv4qA5E2f55/5p4+kBU4wSFFt+/88/KVln+fJmZnigfvuy3pZUZX8OXenPVQAtNNU1omeTNoPVPk/wyK+WKtaMRL8A5w5CXDXzp2VnDsquZ7f+fni+3YGYEgSABnKAeC5bQDj7o4EABXpvcFSem0yy/9/wvA/hkAE/hmZdcE/wOLcuXPnD6oBskVF1x/se9BFpvWikiWqbjMYBigBQHukvcEyy/+V1tF23y9Xie4Q/AMMSMwDqCoJ8NpTXy8PaLusKoCsKuAecwAkAKhQ3vZ/SW/8n9z0S+4KrRf7Rlcx9E/wD9CMJMDL+x4svvv6n7rItDwB8PMp50luA5jUBiABQAWaWv7/XuX/tNwfPv4vi28f+QPBP0BDkgBVzATozwOANnvHihVpz97aACQAaL6prBNlveHjAyg+iKCt5sre0C8K/gEaJGYCVLFFYMwDqGrWC9Qla/ZWchvA1e6MBAD50t5YWW94w/9ouxd+c3f6OcfGxoqvfuUrgn+AZYhWgCqSAJEAmKtoq1eoQ1YFQHIbwNT8/PyYuyMBQJLeGyqltEb5P7zxEPid5IfACP5j5f/iiy92gQGW6YH77y8rqrJVkfyFumgDQAJgNExlnei5w4fTgn/l/7RVDIKqogz0gfvuKybWrnWBARJEJVUVSVWtALRdVhVuVlzQow1AAoAmvqGyMn3K/2mzF37z76Sf866KelYBRj0J8NXHHisrrDLFAFi7AtBWWRUAs7OzaZXBReKCJRIAJJXUlL0+3Td6kz54oG6xF3T21P8NGzaUQ6sAyBeVVVFhlSl2BagiGQx1yGwDePLgwayXNTY/Py8JIAHAcnXfSLH131iT3uAL5f/v6v5Tx+Fo1fH9U98t94LOFKWpVe1bDcCCqLDavm1b6jkjGfwnz/+e70dHK4+faOYcAG0AEgAkuD7rRFl9Psr/aatjj//LctUnU1maauI/QOXKOSvJQwH/IDkpDHV57+VXpJwnqoPnTp7MelkGATbcBS5BK0xlnCTe2DNJ2/9lfeBAnRYG//3T3IfRmFBt6F8j7Nptqne2WBU6nDsgqtWO5/XJsgyxzeqll11WzM3NJX43fKn4n6dvdHFplWgDeM/kT6e0NUaMkDTHaHx+fn680+kcd4ckAFiCeAN1f0xmnCsr+H/36ktM/6eVsic+X7FuXbF961YXtiHulQCoJAEATRNtV1EJcONNN6Wd8w8f/xfFmk2/5PmG1om23IwEQLQJJw4yjioApTUNpQWg+aayTpRV/v/+q37eXaF14svxtaf+77TzxTTqxx97zIUFGIAIVGL4apZoDYsWMWibrLbc5GovpcISADThDTSTNABQ/z9tlL36H0P/9P0DDE75OZy4NWC0iNkWkLa5cNWPl9W5yxUtNTN5uwGYAyABwKDfQLNHj6b0ysWHTBzQJrH6n7ntX5T+b1i/3oUFGKBIwmZvDZidLIY6/ETSbK7nEqsA5ufnJQEkAFjCGydt+7+84X9W/2mfzAe6WG2y5R9AM0QrQCRls0SrmCoA2ibr+fzJpHihRxuABABLkJY5ezKppEf/P22TvfofQ/9iABUAzZCdlFUFQNuMrb4kpUL3xIkT5ZFkyp2RAGDxUjJnsf1f7O+5XO9csaL8gIE2yXyQi8D/zp07XVSABonP5rsSP5tVAdBGsR1ghifz5gBM9nYzQwKA89F9w0Tp/1TGubLK/7P6i6Auc6++krr6r/QfoJm2bduWWp312lNfd1Fplaw2gOdydwOYcmckABjAGybrjfyeyY+4K7RK5pZO0WOa2WcKQJ4YCJhZBfCHj/+L4vunTrmwtEbWLl0z5gBIADAwjdv+770qAGiRKN+MMs4sD9x/v4sK0GAxEHBiYiLlXN/rBv/ffP45F5VWaWAVwJS7IgFAzW+YrO3/Yn/Rd6xY4a7QGpnlm+VD5dq1LipAw2VuC2gYIG2TNQdgJm8OwLg5ABIAnIde//9kxrmyMnj6/2lfAiBv9f8ug/8AWiGzXSsqyTLnyEDVfqKZcwA2ujMSAPxwU1knyurjySopgrqC/6wJzrH6b9s/gPa4M3UWwL90QWmN2AowYzvA2D0sdhFLYhVRAoA63ygZGTzb/9E2f/J8Xuba6j9Ayx6iEqsAvtn9PjEMkDbJagM4bA6ABAC1SnmjKP9nFMXK/zeTEgBW/wHaKT6/s2S2lEHVsqp2n8zbDWBsfn5+0p2RAOAsMvv/D9v+jxGUufqf+QAJQL0JgKwErgQAbZJVAZA8B2DKnWmOC1yCxkl7gzyXlgD4aXeF1jiW1K+ZWUJKPdwvqpa1sw71iBauG2+6adnn+c6rrxRz3UM7JG0Qu3bF7l3xe7scJ06cKI+kRFqUEz/o7kgAcPY3SGMSAFnDRKAO8YCWOfyPdnn60CEXgUr97JVXZq+KUaENGzYUY7ffnpK0iSqAj2zd4aLSCtG+u9wEQD+WSHoe0gLQIFoAmmeqKcF/MP2fNskq04xstwQAQLuNrVxZbFi/PuVc33xe4of2yGrfTUx4js/Pz4+7MxIAvEUz+/+j/L/jcLTiyHpAu3rDBh9IAENg+7ZtKeeJ6rK5ckXVd62j+cd7Jj/atARAmPKJJAHA26WVx+T1/3/UXaEVMsv/t2/d6oICDIGJtWuLiYmJlHO99tTXXVBaI2OGV38OQBLbikkAcAZTTUoAvHv1T5aDRKANvn3kD3IeFrsPirb+AxgeWUndrO8ZaEsCICum6DEHQAKAM7iiSW9U0/9pk6z+f6v/AMNlQ1Jb13de/cO0SjNoSwIgdj/JSgD02p2RAOA0UxknOSwBwIj5/qlT5YNZkx4UAWiGchhg0me7KgBGLQFgDoAEABWZn59vYP+/BADtkPVAVm4Z1X1QBGC4XJ20G8Cf2A2AEUsCzM7OFnMnT2a9JG0AEgCcZirrRBmlOvr/aZNvPv9cox4QAWgWFQBIACzd4bwqAIMAJQA4TcqI2gj+5+bmGvOBAXXIeiC7Yt06FxNgCEV1V8Zn/PdO/XlvO0AYnQRAVAEkmXJXJAB4Q0pJjPJ/Rk30/2cMZTL9H2C4qQJAAmCw8UXIbHtGAqC1ehMxU94MWRm6sdWXuDG0QtaDmPJ/gOGWVeUlAcCoJQGSBwFKAEgAkPlGyHiDXrjqx8sDRikBsE75P8BQm1i7NqXSK2vXGWhLAiAkbgdoDoAEAEVSP0xM6Dxx4kTSB0XH4WjFkfUgpv8fYPhlfNZH29lC65nvYEfzjxjsnSGxCkAFgAQARdYAwKTy/6wPCqhDRgWA4B9AAmAxDAKkLRo4CFACQAKArDfCYQMAGTFzVv8BWIQY+JrhOxIAtMQ7VrwrpbU3sQUg5p9NuTMSACOrNwBwPONcWaU5YyoAaImM6f9B/z/AiCQA1q4txsbGln2ebx/5hotJa2Qs7kUFQLQbJ1EFIAEw0tLeABmZOav/tEnWCkzWihAA7UgCLFdWAhrqkNXem9gG4MFLAmCkTWWcJIb/zc3NJSQAPuqO0BoZKzAxEXps5UoXE2BEZA0ChLbIWuA7bBCgBAApcgYAJvXlvHv1Je4IrfH9U6eW/wa0+g8wWg9eSZ/7WdvQQtWy2nuP5M0BkACQABhpKW+ArJIc/f+0ScYWgJMJpaAAtEdUfmX4/qk/dzFpjaw5AFkMApQAGElNGwD4zqQpoVCHrPLLJlcA2J0AIN9EUuLXTgC0ScYcgLLlOG8Q4Li7IgEwiho1AHBM+T8jmADIWgmqynKnVTf97wc0T0bysem7q2Qkf1UA0CZjBgEiATA8CQADAJEAWMa3T8NbADasXz/wB3lgtGzYsGF5gcbYWOM/ezKGv2a0oUFdsuZ8GQQoAcAyY4+Mk2QNAFQBwKglADL2gq7aXTt3DvS/B0bw4WTt2mUF8Nu3bm3831FylFGTVQFw/MSJrJc05a5IAIyi8ZQEQOIAwPnuT4ejDUfWQ27TRQn/9m3blhz8awEAluKB++9f2ufqxESxbYmfWW0TuwD4Pna06UgZBJi3E0DMQxv3aSsBMGpSMl8ZW3K8wwBAWvfg9Y3ReRC/777iui1bFvXfxP//O63+A0sUCdIv7d+/qP8mqqriv8kor6/aOhUAjKCMKoDMnQAKgwAlAEZJZsYr4434buX/jKA2lYDGQ/X5lvPH/7/FPrgDvFUkEp8+dOi8Koni8/SlF15oRWUVSAAsz3N5cwCm3BUJgFGSlgA4kdCLYwAgNF+s6L967FjZEvDWB/J+q0D83638A1nKwP7FF8uWgLcmTWPFPwYGRpLgfBMFjQmEkmbARBsAtEVWte+JvDkA+hQH4AKXYGCmMk6SlYH7C8r/aZmsXQDaJh6woyUgDoBaguWVK8vBfm0Y7ne+VCowijJmACQnAOwEMAAqAAb4HN+kN6AWAP5/9u43xrLyzg/8uRZYlo1TFSlYGEfbhcLak12pq4hn9kWCmmI0a1nadGErzCiZBLuJ11pFojEdm+y8AAyJX8wO4GmMpVmtN6JsJtKIPzK0tZJlzQ4FgzTxmBlXI0VjPB1N9UrgjrHkKg/wAl7cPb+qe9wF9J/qur9z7vnz+Ug3l8mMbnc/9885z/f5Pb9niAFAxjnQAABdkbEN4FlHAQoA2JeFNgUAWXuCoEvmOtCoCgAgS8Y2ACcBCADYn+WMF8lI4Ez+AQCg//5uwn3/5uZmsbm1lfVXEgAIAPovM+naSKgAUP4PAHDphtqPhu66MqkPQOJxgMveFQHAEKQFABlbAD5w1dXeEQBgUDKOgn1DAEDHZJ0EkLgNwEkAAoBBWM54kawGHFlJIAAA0P8AYGtzM+uvtOBdaZZjAGcjpfNYVgPAnQqAkXcFAOCSuYeiWz609PHip+t/MdVrxELk3Tl/HScBNEwFwGykfNDzAoAPe0cAAGAAMu79N5LmIaX58Xg8710RAPTdQsaLZGwBiAQQAAAQAOzV6bwAIKgCEAAIAPYi4/iNy6+4wrsBAAADcWXSAmBiI8AF74oAoLfG43FawpVx/EbGWaAAAEA3vDdpATCxCkAAIADotfk2feHmBQAAADCcyUjS/X/GYuTEondFANBnyxkvktV44/IrPugdAQAAIcBM5iNF0gIpAoC2SjkCMGvPzYeW/pF3BAAABuS9CYuAiVsANAEUAPRaygd8a3Nz6tew+g8AAMOTsQioAkAAQIMf8IwjADUABACA4bm8XRUA0Sh92bvSjMsMQeNaU+KScQYodNkX77yzmJ+bMxAzlnGkafiNT3zCYFKrjO1333z00ZQQn3a8n9BVaY0Ay+/R4sGDBlQAwLmMx+O08paMmwcBAIO/+cvrXksLmFTRBbFilrlqBjDLecBmwrbkieXyseadEQD0Tcrqf9Zq2fy1Hyv/35F3BQBgX0bupehoAHB1yutEBcANhw4Z0A7RA6BZKRUAWauWl19xhXcEAAAGGQJMXwWwlVcBcIN3RADQR6064kITQAAAGGoAMH0VwLpeGgIA6vdc0j5XxwACAMBQA4BWVQAseUcEAH3UmtKWeav/AAAw4ABg+gqAxNM05r0jAgDOI6PT9Xut/gMAwGC9P6ECIPEUgDgxbcG7IgDom9aUtqgAAACA4co6CjDxaFMBgACgd3JOAUgotVEBAAAwnfcnTaBgFrLmAxt5AYBtAAKA/hiPx2kf6IxSGxcsuu4DPsMAuBbB/mfbSRXBW1tbWX8ljQAFAL2S8oHOKrFxwaLrPrT0cYMAwMzEaUquRVAUJ0+eNAgCAOqSVWJjCwBdt/DJf2oQAJiZv3/9DQaBzmtZiLXoHanfZYagMa0qaZm79qPF2HtCh11ZXrA+Ut58vfz8swYDgEbF6v/Sbf/WvRSU1h0F2CkqAJqT8oF+LuEIQOiL/+l3vuxECwAad/1X7t8OAaDzE5SE+6itxKMAEQDQ0i86tEHcfN14/P+0BxOARq87V7ru0KPP9LQ285oALntHBAB9krJRLOMLZv8/fbtwLZc3Y1ENoLklAHVda6L3zD/9o6dN/unZZ/uKqV9DE8Bu0QOgYzK+YBlfdGibuDGLx+tnflK8ceaV4uenfly89dprgx+X/7L6f6W8zj133TX4sfz3X/lKyiTiozf/C1/Ymj6rBw4cKD57yy0+qwmf1QhUFz55ePBj+aGlf7T9bNJPX/3dllUGx9Hpo9HIngIBQC+0pqnF/LUf827QW3HTGg83a8V2GJIxqbrh0KHibgFA8exzz20/pvHWa39bfPTmf27v8Du8uv4XxX9JeB2f1R3ffPTRqY8NfvO114r/8cjnfTiBPYnfnAhhE0Tj9DUjWh9bAJqTcgpA1jGAwDAmVRliUkXeOPx0/S8NZk1j4rOaNw4RVm2e+rHBhJ57/1VXp7yOOYoAgJqcTvhy2ScNQ5lU5QQAh0yqUsfBpOrdhFXtCwB8VmEYWjgvcBSgAIABfNEBk6rBTKqy3pc+yQirovQ0qfzUZzXxfQGG4XReBcCS0RQAdN54PF7OeJ3EIzaAnov9//Ew+W/fxMqk6u0EVfkiCJmfn2/NewO0W8bi4GlbAAQA5Ms6YiNrrw9gUjU0i4uLrXp/+sD+/3pkbFnJChKBtgcA5gYCAAbwJR95eHj0+JE1qbL/v55J5s7743Maj6wwZGVlxQe0hs/qTh8An1MPj34/En4r8iqVF/2CCwD6YMEQAE3KmFRFCbFV1XoCEc3Vdoch039WozJjfm7OYNYQAKhWgf7LOJo2q1K50ARQACAA2PXFevFFIwlc1E7Z7iutmez2SUwyM7YB6AOw4+Xn11o12e2TxYMHU/oA+KzCAK5t137UIAgAaKOtzc2pX+NDSx83kNBz9v/XP7GaljPWfVa78lmNz2l8XgEQAADQQlZV6+WItTxZY6BaxWcVmK3EHgDLRlMA0AcOJgY6NamK0uGM1UOTqvMb+t7qrCoI+//PT88KYC8yTgFI7AGAAKAXFjJe5Nnnnpv6NTKafADtlVWua0X1/OKM9XiYVE3np8r/ayesAvYWAHzYIAgA6CtNPsCkyqSqHeMTjRqHfMa6/f/d+azaAgAgAADApGqwMk4CyHy/usj+f59VgHMZj8eOAhQAANDUpMr+/4vTXG069v/7rALtkbVFOGO78sSSd0UA0HULhgCom/3/zck6Y32oq6q2qjTnkD4AwEXYIjwslxmC7gQAGanaTpfPkXcETKpMqhImVidOnJjqNaIPwFuvvTa4Bq2vrv+lz2pTN/Zzc9uVEtN26P75dsWG+weArlMBMDAZx3wAbZ1U5QQANx0+bDAbnHwOsbT6p+svpLzOis9qY5/VrG0bAAgAAGjJRDLriLshyOqTMLTS6qyJpNX/5j+rWcENAAIAAKaQtf/fpKr5sRrapOrl59daNf4+q3unDwBwIVtbW1kvtWA0BQAAmFT1cmI1tLJqx/81L6uyxxYA6K+MbcLT9hoRAAgAANijV5NWkQUAsxmvIa2svqpZZWc/q9G0Mh5AHwOADxsEAQAZxuNxyjmWp0+fNpjAedn/PxuHNAKcyQTS5H92Y2YbAIAAgAubz3iRjaQA4Mqlj3tHoGesqM5OHK+W8x6+4LPqs9qJz+pPBQAAAgAAZuenJlUzU52xblLV7L/T/v99BAAHDxbz89OvSagAABAAADBD9v/PltLq5v+NPqv7cyipD0DGiSMACAAA2Af7//sRAPz81Eu9Hif7//vzWbUNAEAAAMAMWFGdvUMqABr9962srPjQ7VNsA/BZBRAAANBR9v/PXvQByKie6Puqqs/q7OVVALxgMAEEAAA0LWv/v1XV2U+sYl/15qkf9/izOn0AEE3sslaxfVb3Lz6n+gAACAAAaFjGqmp0sY9VbGY7qdp5P/u5spq1/1/3//Z8VvscVsEQvf+qq6d+jfUXX0z7qfKOCAAAeIeXn19r1YTApMqkyme1/Q5pBAicwwcSAoCtzU0DKQAAoC4aALZH1ikKfW2u5rPaHnnHVuoDACAAAKAxWeXiyqpzxFaKaWWVyrfvs2r/f98+qyoAAAQAADQkq2Gc/f95bnAc4DllNYwTVPmsAiAAABgkR6r1d1LVtz4AWZUqPqvt+6z+/NRLBhOgYy4zBADdk7Xy9vSJE8XJkycNaA8nzH37rH7r0UeLE+Xnleltbm2lvbcfvfm3DSiAAACALkwST58+vf2gRZOzScn85Vd8sCef1ZwAQFDV3/cWgObYAgDQMW8m7f/HxKpuWfv/aae3/BYBdI4KgIEZFyODAJ2fHP6lQRhAAHD19Tf24t9B/z+rc9d+zEBAx70prB0MFQAAHeP87f7ry6qqz+oQPqsaAYLrzo7EZq3r3hEBAAC/nFRZVe3/e9yPibMKAL9HAPuwZQgEAAAU1Z5bK24mVt34+9v/33+vn3ll+wGAAACAZBpuDSkAeKHjn1VB1VC8ceYnBgFAAAAADJXV/+HQ6wFAAAAAwAC8/6qrDQKAAAAAGOqkytFww/EBAQCAAIBc8/PzKa9jTyZ025VLHy8uv+KDBmIg73WXfajjf3/2Jn6PrvReAwgA2DEajdYyXmfx4MGUv89br73mTYGO++jNv20Qej/5/9XOr6rGxPAj1y97M3vOewwgAACgRv/9zb+tCqDnlm77Yi/+HYu3fcmb2WPxO7TkPYZe0LhVAECvjTw8PDr8uPyKv1P8k6981U9ZT/3a79xXzF/7K734rH7gqo9s/3vo72c1fo/8Lnt4dP+RsU34wIEDWT8vm35hBQAA7BIl4svHv6ESoEfivYwJ1cInV3r174p/z85E0We1T5/Vf/yVrxYfuf5GgwHUEQCsG00BAADnCAH+lz/6f7YnWCZX3Z8k/8//9x/1bvI/lH/fkCb+8R7G747JP0A3jQxB/callAvv+9439WtI7KG/Xl1/oXjztb8ttk79+IL/dxvfPVG8fuYVA1azCGg+VD7O5/1XfXi70d+VF/i/6fNnNT6Db5z5yUX/b31eZ/9Znbv2o8V7t7v9/6rBgp56fPm6qV/jj7/3veKGQ4cy/jo3ZjVS590uMwSNiH0sU5/jt7i4WJw8eXKq14iJgQAA+nsTHy72Hf/pZPJFvWJC9T8c+d8MxHk+q1fu8f/W59VnFQABQNfEPpblaV9kfm7OSAKtESl/pP19k1Fthc+rzyrQFULWYdEDAAAAYKDeSAoAolo5iVMABAAAAAC0VVa18mg0cgqAAIAsGWd8AgAAIADg3DYyXiSjrCY6hAMAAJgfCACox+mMF9EEEAAAyHSx44P34sCBAwZSAAAAAEDfLeQFAPb/CwDIpAcAAADQ1umKIRAA+CBPHDp0aOrXeMseHwAAYOL1pGMAEQBwllIWAACglwFARrNyBADURBUAAACQJbFZ+bNGUwDARFZzDX0AAACAYHFQAEC+lC0AjtcAAAAyZSwOzs3PG0gBAJXRaNSqbpZvSvkAAIAkiwcPZr3UhtEUALDLfEK6tnXqxwYSAAAGroXl/wIAAUBvpHyYE9M1AABgwLJ6g83bAiAAoJ4AIIOzPgEAgCy2AAgAqElGI0ABAAAA0LZ5wWg0EgDU7DJD0Jg4CWB52hfJOgpwXIy8IwA1GvutxWcVaH0A8JOpX8NJZd2iAqA5W235i7y6/oJ3AwAAmNpCXgCwbjQFALzD4uKiQQAAAKbWsoXBTe+IAKBP1jJeZG5uLuUv84Y+AAAAwJRuOHTIIAgAqEvWERsaAQIAwLBlHQOY5FnviACgTzYyXiTriI23Xvtb7wgAAAxYxpxAE0ABAOfQtiMtWpb2AQAADcraEpwYAGx4VwQAnIN9NgAAwDSytgRnbVEWAAgA+mitLX8RRwECAMBwZW0JztqiXDgFQADAeb5kjgIEAACmmW23bEvwaDRa964IAPom5UM9n3AUoAoAAAAYrowKAFuTu+cyQ9CorYwXyasAGHlHAGrldxafVaCdWlYBsOYdaYYKgGZtZLzIXEIFQFAFAGBCBT6rMEwqAAQAdCQAWHDWJgAAMIWWVQDY/y8AEACcT9ZZmyoAAABgeN5IOgLwUF4FwJZ3RQDQO6PRaCPrtTL6ALz12i+8KQAAMDCvJwUAiVQACAB6KyUEyDgJoG1HfwAAAPXLqgBI7AGw6V0RAAgALiCjAuCN9iV/AABAzTIqAObn5zP/SioABAC9lfLhzqgAeF0AAAAAg7N56kdTv8biwYNpf5/RaKQCoCGXGYLGpTS4yGq48fNTLxXz137MuwJQg7EhwGcVaKGMSuC5vAqANe9Ic1QANC+nAiDpC5dx/icAANAdGb3AlhIrABAA9Pr7lvEiWSU3P3MUIAAADEZWH7Cso8lLz3pXmmMLQMNGo9HaeDxO+9KdPn16qtd4/czLyv4AajAulFXjswq0z+vtCwDs/2+QCoDZSPmQLyR86ZwEAAAAw/FqUgVw4hGATgAQAPReyoc84yjAV20BAACAwXjrtV9M/RrJRwBueFcEAH2X8iHPKrvRCBAAAIZhK6EBYPIRgAIAAUDvnc54kawvXsaPAAAA0H4ZJwBkVCJPrHlHBABDkPJBz/ribQoAAACg96LyN6P6d35uLuuvpAGgAGAQUj7o8cXL2H+zdepH3hEAAOi5rMrfQ3kNAE96VwQAvTcajdI6XWZsA3ASAAAA9F9W5e9C3hGATgAQAAyGkwAAAIDGZFX+HsgLADa8KwKAodho05dPFQAAAPRbxj3/yspK2t8nszIaAUDbpex3yToJQCNAGI43Hf0JAIOUUfl7+223Zf11NrwjzbvMEMxMa7YAhGgIcvX1v+5dgQHIagCUWP7XYyNDgM8q0JLrf075v/3/3aYCYHY2Ml4k7yQAFQDAzG4AwMQUoGavJ235TVwAcAKAAGBAtzMtOwlg01GAAADQWxkLfjfkHf8XVAAIAAYn5UOf8UWMhiBv2RcMAAC99LOE/f/J2/82vCsCAAHADL+ItgEAgEkB0E8ZFb9Z/ceCEwAEAEN0OuNFsr6Ir67/wDsCPSfog/5ILsUFeiyr2jfrBLJC+b8AYKDWUgKApC+iiQH0X+ZWn8xVAACgPln9vhKDRwGAAGCQ0j74GV9GjQCBSzE3N2cQoAdeP/OyQYCey1joS97/7wQAAcDwjEajzZh3Z7xWxkqcRoDQf4I+6I+5hGOAq+s/0G8ZvT6SK/9UAAgABivlw28bALAXmSHfQu5KAHCJlvL24gI9l7EAkPybIwAQAAzWsykBgEaAQMMBwAEBAPSGkwCgv2KBL+P6fyhv///GpBIaAcAgtaoCwA0A9P8mAOgHIRywF1nb/xK3AFj9FwAIADJoBAhczJuv/aI1vzdAewIA13/or4zwPyb/83nNfzUAFAAM12g02iha1AgwyoM0AwI3AUD7zSc1Aayu/0A/ZWzxXczd/7/mXREADF1KFUDWipw+ANBPmeFecidgYMY35LYAQn9lVQC0be6DAKDLchoB6gMANBQAJJYBAtN8F5OqALK2BwHtknVff4MGgAIAUqWkYLEXMCOdsw8Q+inzu60CANrBMcDAhWRV9iZWHFn9FwCQ+UX4zC23pNwE2AsI/ZNZATCnAgBaIbMRoBAA+iejAiC58e+z3hUBwOBNGgFuZLyWPgBAEzf3TgGAdlhIDABeP/OyAYWeyaj+S77mqwAQAJD5ZYjynIzVAKsA4CbgfDI7jwNTXvcTt+O49kO/ZFX1HkoMAEaj0Zp3RgDAjrTzMG9aWZn6NTQChH6J8v+srT3JRwEBU8jcAuDaD/2SVdGbWAFg9V8AwC5rWS+U8SW1BQD6RQNA6KfMQM4WAOiXjFAv+Zq/5l0RADCRWQ6TVaZjJQD6I7O0VwUAtCwESLpBj0qhzGahwGxlLOgl7/8/6V0RAPB2KWUxcT63KgBgt8xAL7PkGEgIABJDOUcBQz9k7f9PDgDWvDMCAGr6UmR8WVUAQH9kBnpOAICWBQCJJbqu/eC6v1tiA8DNyclnCADYJe1czEMqAICJ1PJ/+/+hfQFAYgWAkwCgHzLCvAj8o7I4yZp3RQDAu6V1xrxBHwBgIjPMs/8f2iezKkf4D679dfy2FIkLnQgAemNSFrPRphuCV57/E28MdFxmkKf8H9rJNgCgkrX//5D9/wIAGpH25dAIEMj+HtsCAC0NABKrc4T/4Lo/Pz+fGvqPRqN174wAgHNLK49ZWVmZ+jWyEkRgNmIlL+s7HDcDtgBAO9kGAOy+9k/L6r8AgOakfUHiRj1u2N0IwHBlfn8PKf+HQQQAwn/otowqnpsOH878K9n/LwDgfLL7AGTcsP/k+We8MTDgm4A6JhhArgMHDmw/2vjbATQnq4fHDSoABAA0Ku1LkpHeqQCAbnrjzCupR3oJAKDdMr+jGgFCN2WEd9HvJzNQHI1GAgABABeRViaTcTMQk4h4AN2SGd7Z/w/DCgBUAMBwr/1W/wUANC/tixLpXUbXbjcC0D2Z23fs/4dhBQDRA8C1H7olvrcZlX+fueWWzL+W/f8CAC4muw9AxjYApYDQvZsA+/9hWLL7AOgBBN2Scd2voeJvzTsjAKDhL0vGcYBWAWB4NwG7JXcDBmpyU8I137UfuiljwW4l93q/af+/AIC9SyuXiRQvY0XAjQB0R+bKXfaqIlAf2wBguFKO/0sMEQur/wIAZveFyfgy2wYA3ZB90558MwDUKFbvooQ3i20A0A2x9z+u/9OI347kCgD7/wUA7NWkD8B61utlrAic/u7TTgOADojvaqbkZkBAzQ4lnwYw7aQC6Ma1fyV/u9+ad0YAwIy+NBkrAnEDcOqJP/SuwIACAMf/Qfdk9uywDQDaL76nGdf+5Iq/jdFotO7dEQBwaVLLZjJSveyVRSBXlABmHAGU+bsBNGsledvO//fdEwYVWiyjUqeG8v8174wAgEs0Go2eyny9jFQvK2EE6pH9/bT/H7pnfm4uNQR4df0HtgBCi2VU6NYQ+Nv/LwBgn9ayXii+2BmdvK0EQDtlB3Q1rAYADck+utMWQGinrMq/GgL/p7w7AgD2J3U5L+PLbSUA2im7WZfmf9Bd2dsAVP9BO2WEczUE/uuj0WjTuyMAYH/WMl8s64beSgD08yZAAAD9ENsAMr/DtgBC+2Q16ayh2s+PhQCA/Zp0z9zIer3o5p2xDSBuAhwLBO3xs/UXUpv/xe+E7v/QbdklvcJ/aJes+/Hbjx7N/qsp/xcAMKW1zBfL+JJbCYB2yb4xr+FmAGhYVu+fSoSMETYC/bn21xD4bzr+TwDA9HL7ACSV+VgJgHaInhzZ53TfpPkf9EJ2FcBfrf6BQYUWiIW4jJ5cVv8FALRQ9nGAkfRlNAeKHx1VADB72Tfk8fuQuWoIzM7tt92W+noaAUM7ZJ3KdZPj/wQAtFZqCPDZpMZAVgJgtuoI4j6r+R/0RoR5Nxw6lPqarv0wW7EVJ8K4adUU+KsAEACQJPUOP2tfYB2lx8DeZW/F2a4QUv4PvZJ9okdW6TGwP1khXA2r/2uO/xMAkPiFyn7BrFW+//rEf/LuwAzU0YzT6j/0MwDIXuVTBQCzkbX6Pz8/X8dxv/YGCwDIMhqNNsqn1I6aWV/6+BFSBQDNe/Hrv5d+HOdR3f+hlz6rCgB6ISt8y+4PMqH8XwBAstRULasZYDURAZpTx97/CAXn5+YMLvRQHeGeKgBoVtbqf3XNT7YxWbBEAECi9FQtK/1zIgA0q44b79ut/kNvRbhXRy+ArVMvGVzo2LVf8z8BAB0xGo1iC8BG5mtGZ+DFxcXWTkiAd6sjcNv+LTh40OBCj91z113pr6kCEJoR1/2s1f+ayv+/6V0SAFCPVlcBCAGgfn/xu3env+bdNUwMgHbJ3PpXiQlJlCUD9cq6x67jaNBip/x/3bskAKAe6elaZnfgOJIsuykZcFbm/r9K3AjUcDMAtFAdK38v/K4AEeqe/Gc13bynnsBf+b8AgLpM0rX08zWzugPH5F8VANSnjhtte/9hOOoI/GJiEgsAQL64t876fsXRf9lVQBPPeqcEANQrPWWL7sDxo5AhfqQ0BYJ8mSsAle2S4MOHDS4MSB1bfuL3SQUg5Ms88jcqgGo47WdzNBqpABAAULP0dvvxY5BZFqgpEOSqa4XtHnv/YXDqqAKICYprP+SKbX+ZTX+P1lPxZ/IvAKBuk5QtfRtAZhVA7FFWDgh5MlcAdk8CajgHGOiAOqoAYqKiISDkOfn1/yPtteJ6X8Pqf3AOuACAhqSnbdlVAMoBIccrz//J9qMLEwCgG+pq/qkhIOTdR2duqa2p4k/5vwCABtWStmVWAcTkv47jymBI6iqr1fkfePCBB9Jf05HAkPM9yqykzTzx6x1M/gUANKWubQDZVQB1rVzCUNTR+C9Y/QcWDx6sZRtQ9solDE0soGVW0dbY70f5vwCAhtWSumVWAdTxIwZDEXtp6+ilETf8Vv+BOicGtgLA/sR1P3ppZV7za1r9V/4vAGAGakndogogc3XQVgDY3/fmz+76Qqdu+IHuiYlBHb8JUQFgKwBcmjq20NR4zTf5FwDQtEnqtlHHa8c2gMy0MLYBZB5jAn1XV+VM3AjUtBIAdFR25V8lJjJOBYC9i+A/89pf4+p/+KZ3TADAbNSWvn01uTlQNDKrYy8z9E2EZXX0zoibgJrOAAY6LCr/Hrz//lpeO7YC2AYIF1dH74waV/83RqPRmndNAMBs1Ja+rRw+nLpPuM6SZuiLuPjX0fW/uhGo6QxgoOPq6g0Swb9tgHBhUSmTXfpf8+q/8n8BALMyGo3Wi5q2AYTsI4LqnNxA10VIVtdqWdzY19HtG+iPOo4FDFHRVEdDU+jLtT97gSy29NT1fZ5Q/i8AYMZq+xLGEUG3J5cMx02AowHh3SIcq+vorP/4jW8YYKDxa34Tv2/QZf/5rjvSg//o5VVjxd/GZAESAQAztFrni8eJANnNgaIcUD8AOCv2/dfVKFPjP+BSrvl1/V5kNziDrouy/8wj/0ID/X4e8s4JAJix0Wi0UT7VlsTV0RyoKndyIwA7W2Pq2iO7uLiYeqwn0G9xzf9qTaXDEfzHaiewszWmjqMyG+j3Y/+/AICWqDWNq6M5kH4AsBOGPXfHv67t9evq7A30VzQBXllZqeW1Y7XTtZ+hqyv4b6Dfz9pk4REBAC1QexpXxx7iKHmuI/2ELk3+66qEib28dXT1BvovrvnZ2/8q0Quori1P0IVrf11VsA1U/Gn+JwCgLUaj0WZRcy+A2FNUx3miEQC4EWCI6myKpfQfmEaUENfZPDRWPzUFZIgi+K+jD1ZdR3nuEnMN5f8CAFqm9ll0TChiYuFGAKZTd/C1vXpX7x5AoOdiK0Cd5cQxEXLtZ0jqut9t4Ni/8NRkwREBAG1Rfikjlduo+8+pqyzQjQBDUffWl6jUieO8AKYVk4q6TgXQEJghiaq/uoL/6PfTQOiv/F8AQEvVXpoTE4s6SovdCDCUyX9dHf9DlP8p/QeyxKTiyccfr+31oxS6zl4o0JZrf/S+qOu6X3Pjv7AxGo3WvJMCANqpkbM5b7/ttlr2GbkRoM/qPvkiKnPq3LMLDFME//fUGCzGb6NrP32e/NcV/Dd43bf6LwCgrSZHc6w18Wc98fjjtWwFcCNAXyf/dX+u4yagrlJdYNiisqjOBmOOBsbk/9LFglxD1/1V76YAgHZrJKWrs0OwEACT/0u8CTh6dLthF0Bd6gr+m5osQdPX/jo/zw2e9vPUZIERAQAtFn0AGunSGROOmHgIAWB2n+O4CYgGQAB1iuD/icceq/XPEALQp2t/bd/FZrf8Kf8XANB2kyM6GjunMyYedRwNKATA5H9vNwF//L3vGWygEbENoO7jxoQAuPZf2N3NnfazOTllDAEAHfBQk39YTEDqKgsUAuAG4CLfvfqP/gH4pdh3XHfXcSEAXfTK839S+7U/Qrj4DjZk1bsqAKAjRqPRevm03tSfFxOQOlchhQCY/L9blP81tAIA8DZRBVBX9d87QwDXfrogPq//+a47aq/6e6LGYznP4SHvrACAbmn0SxsTkTr3IwkB6IIm0v8Qq28NnPsLcO6JyNxc8eRjj9XaFLCaVLn204XJfxMVK9GDo8GqvzXN/wQAdE9jzQCbmpRECPDdf/7J7Wdo4w1A3el/iPK/Bpv/AJxTHD9W5xbA3dd+IQBtdeqJP2xk8n9PzUdxnoPVfwEAXTNpBrja9J8bE5M6f6DiBiBuBIQADPEGIEpuGy7/Azj/b9LBg42cQhLX/P/3f/1N135aJa77L37992r/c+K+uqEj/yobmv8JAOiumaR3MUGpc29ghABxIxArrjCUG4BYZXuy2fI/gIuKyr+6TwYIb5x5ZXsB4GfrLxh0ZiruQ6Pir4n70Bns+w+O/hMA0FWTvTtrTf+5VVPAussCY+L1V6t/4I1mZjcAf3rH5xq7AYjvVJTcArRNEycDVL+7EQJYAGBWqiAqev40de2fQfC/6p0WANBtM0nxmgoBIgBoYt817FbtSX11/QeN/HnxXdLxH2iz2ALYVHPSWABwTCBNi+qTJreixPaaGVz7VzX/EwDQceWXeLV8mskXOX60mggBqs7r9gbShKY/b477A7oUAjTVqCyqAKIKywIATYheP002o7z96NFZnfaj/F8AQE/M7MvcZIOgpkqyGK7Y699kxUmTK2oAGeruA7RbVGE5HYg6xfW+qV4/le2+Gg3cO5/D+mg0WvOuCwDoh+Oz/MPjh6yJY8uqpixN/kgznBuAWGmKFYCmmPwDXVRtAWwqBKgaAzf5+8wwVItLTfaciO/NDI/6dfSfAIC+mNWRgLMIAULcBMTNQDRqgWlFVUmsMDW139/kHxACXLqmK7Tot5j0N729NL4v8b2Zkc3JtmEEAPTIzFO9JkOA6sxgnYLZr7iJnMUNpck/IATYnyqwdVQg01z747ofZf9NXvuryf8Mj/q1+i8AoG9Go9F6MYMjAWcZAlT7tqwIcKmqsr+mS0pN/gEhwPTX/vj9jgDXtZ9LEcFRBEhN95OKZtlx/Z/h5D+s+gQIAOinVqR7TYYAoVoR0CCQvYijJZs85sfkHxAC5Ku2A6oG4GKqir8mu/zvnvy34KhfR/8JAOir8sv9VDGjIwFnHQJUJV2qATifattIBABNM/kHhAD5oheQagAuJAKiWTWRbMnkPyj/FwDQc/e15S/SdAgQqmoAvQGoVMn/LFb9q7I/k39gCCHAC9///kx+71QDcK5rfywKRUA0i6bR1Z7/Fkz+1ybbhBEA0GNRBbDZthAgJkJN/uhHb4A41s1JAcMWgdCsk3+Tf2BIZhV6VtUAMelz7R+2uObPcmtoiyb/weq/AIC+mxwJ2Kove9wIbHc+bTAECHGsW1wAlAYOT9z8RQA0qxvBFpX9AcwkBLjnrrtm8mdXwe8stnsxW1W5/yzv+1rQ7X+3jcn2YAQADMDxtv2FYiI0ixAgVEmwbQH9V5X7x/sdAdCsLv5//dJLJv/AoN19112NbwPcfS2IAECD4GGIoD8qP6MCpOmtfrvFgldsg2nJ5D/c59MhAGAgJlUAq20NAZpuElTdDMTFwfnB/Z34Vzd7syj3r6ysrLQp+QeYqVlVAO6eGEYlWFSEufb3+9o/60WeBx94YGaB13lslvOBVZ8SAQDD0srUb5YhQHUzEAmxm4H+iIt+Ve45y60etx89Wjz52GMm/wC73HDo0Eyv+yEqwqpr/yxXiMmf+M96q0eEW08+/nhx+223tW2Y7P0XADA0k/M+V9v4d6uOC5plc7TdNwOCgO5O/OPiH5Uds2z4VHX6f/D++70pAOdQhf9RJTVLce2PwHjW1w1yJv6z7u8UoVaU/K8cPty2oYpK4OM+McN0mSEYvG+WjyNtDQGqUqlvPfroTG8GXr3jB8WVS79W/MMj/6b4e0u/6lPT8ot/7OeMC38bbt4OHDiwnfzb7w9w8et+VEn9h698pfj35WOWIkCOh2t/d679sb0vHm1p6hxNLu+eUaPLPXhosh0YAQBDU37518bj8Vr5n8tt/TtGCBDlgZ/7/Odn+veogoD3X3X19s3AgU/e5APk4n9B8bl9opz8K/kH2LuYNMXKaVz3NzdnO0fZvQjwD27+l8XV1/+6N6hFIuiP636ENW269sd+/5YH/6s+PQIAhu2+NgcAIbYCRBl1G24Gqk6yscIcIcC1N/+r4vIrPuhTNCOxV7O6+LdJy5N/gFaLkukonf5nv/VbxcmTJ2f+99kOAtZ3FgHiuh/Xf9f+2YmtmXHtb9MJDnGfGtf9Fu71f9fkf7INmIEaGQLCeDx+pu0hQDj54ovFb3ziEzMPAd4pbgTioUSwGVWZf1z829asKW4Annjsse0VALrp8ve9L+V1olIoHkwn+rBkHNlZNZqje754553F1x5+uF2/E+XkP6oBIgyYu/Zj3qSGrv0R9se1v239GaJiJSpWO7Ld7xoBwLCpAKDS+iqA7R/Y8oc1zk+PEKANKwKVaq9gtTIQNwXx3+SqVvtj8t+WUr/donlV3AAo+QfIEw1Uq62AbVkAqCaj8YgAoFoIUBWQL675P3n+mdZV+lXihJ9Y+e/Itd/qPyoAOGs8Hv+wfFrqwt91c2ur+OKXvjTT5oAXE/sF/7tPrmyHAW4I9i9S/uomq60dmTtU9sceqABoFxUA7L723/ybv1k8+9xzrf07xjX/w9ff6No/pQj847ofk/82X/sj9G9hh/8LsfqPAIC3BQBHyqdHuvR3PvGd77RqRcANQd6FP2744+Lf9vOYY1IRNwDR7R8BgABAAED9vvb1r2+fFODab9I/Kx2t+IvV/1t90hAA8M4Q4G/Kp4Uu/Z1jRSBCgBMnTnTi71uVCkaFgH2DZ8UFP5r6dOHCHyL5jxV/jf4EAAIAAQDNO3369Pa1v83VAO8MA6JPkC2CZ8U2ivhuR3l/PHfl2t/BVf+K1X8EAJwzADhSdKwKoNKVaoC3TTQmTYTipiACgSHdFFSr/NWFv0us+gsABAACANqhK9UAu8W1Pq75Q7z2R9Af3+fquUs63ufH6j8CAC4YAnSuCqAS1QBxI9C2bsGXclMwf+2vbN8UVM99ECl/NeHv4kW/Yq+/AEAAIACgfaIa4N/eeWdnKgHPFwhEVWCfqgNjRX/z1I+2r/9dvvZH2P/VBx7o6qp/xeo/v+QUAM4lTgToZBVApLLRLTh+pOPYoDadFLDXi2U8dp9rGzcCEQZUNwjx3ObVgrjQv37m5e3neMTFvwtlfRfzmVtuKR4sbwB0+Ado3wTtycce294OEJWAEQh07dr/zg73VRBQLQzEf7e5j8Dua39M9uPa38bTei5Vxzr8n4/O/7yNCgDOqctVALt1sTRwr+LmIG4GqpuCuEEIdVcNVKv5oUrz42L/5mu/aH3Dvv2Is32rI6gYBhUA7aICgEsRlYAPP/zw9vW/b9f+6lpfLQTE4wNXfaSRa3+1QFFd66t7gZj09yHkP9fvRYT+cfx0D1j9RwDAngKAI0VHqwDOdTPQ5W0B04YEu+11BaG60Ff6Orm/EOX+AgABgACA7ur6toBpQ4Ld9hoOuPb3ptx/N3v/EQBwSSHAD8unpT7dDHSpYzCzc0858T969KhyfwGAAEAAQMfFNT8WAVz7uZAen+xj9Z93eY8h4AKO9ekfE6lu3PzFQzk35xL7/E+99FIf9vsBUJwNfp58/HEnt3BOEfr/9eTa3zP2/iMA4NKUPxpr5dOamwGGMvF3tB9AP0VJt995znXt73Hof593GQEAfjzcDGDiD+B33+++z0C/PwNW/xEAsD99rQI434XA1gAXfwBcB/Ced5zVfwQA+BHZy4VBj4D+igY/bvgAON+k0LW/n9f+2OP/6n/7b0O69t9n9R8BAFOZVAGsDuXfW/UIiBuCuDGg2+JiXzX4MfEH4HxBQLUI4Nrfj2t/XPP/eniNfTfLx3GfAAQAZBhcKVF18YjU+MEHHjBx7JgIcuL909UfgP1cOyI8du3vlpWVlbct4gzw2v/QaDTa9ElAAMDUJqVEq0P8t8fFI86GjYuJlYGWv1dxju/Ro94rAKYSE/8Ij+N6EqcGxcSS9r5X91Tv1WOPDXkrR9yrW/1HAECqqAIYdKpYrQxUVQGLi4s+FS0QN2Zxg/bqmTPFg/ffb8UGgLxrzOHD2xPLmGCqCGyHqq9Ptdp/t2qN7ft0q//sxcgQcCnG4/G95dOXjcRZp0+fLr729a8XT584sf3fNDfpv6m8KYtn5f1kuvx970t5nX945N9sP5jOn97xueLV9R9M/TpVfxfIcPLFF4tvPfqoa79rf1tslJP/awwDAgDqCADmy6e/KR/zRuP8NwTPPvdccfLkSQPiwo8AwIAKABAG4NpftxsnTbtBAEAtIcCR8ukRI3FhcRPw9He+sx0GnChvCrh0UeIXpZdx4+7CjwBAACAAoAthQFz3IxCwELA/Ucof39ebyut+3ANwUWvl5P9Gw4AAgLpDgKgCWDASe7O5tVU8V94QPDt5uCm48E16NeFfPHjQgCAAEAAIAOj0tT8qA+Larzrg/OKaX13/Xfsv2XWj0WjdMLBXlxkC9unW8vGMYdibWLmOFLtKsgUC757wH5o8A0Afr/0RAPzyuv/ii4O99kd1X1zzl8qJvmv/1FZN/hEA0IjYZzQej9fK/1w2GtPfFIS4IYhQYL28KYibhD7eGGwn+4uL2+l+9QwAQxCl7dG5vjqiNhYD4lpfXfvjv/tYJbD72h//rVt/muj4f59hQABAk46Vjx8ahrwL5DtT8KpksFo12Jj8dxf+LXPz89vpflz042Jvsg8AZ8ViwDuv/VUocHLXYkCXrv1xvV+Ia/5kwm+yX6uHRqPRhmFAAEBjouRoPB6vlv95xGjUdzGt3L3r/z9uBKobgnhUNwwhbho2N+s7Bra6uO/++8WFfq68kYlnjfoAIC8UqFTX93jeKp93BwN1X/t3X99d+1shJv7HDQMCAGYhqgA+VTgWsFExCd9Lqr47GHinrXf87w5dYA+e/XkAMFtVJd3FrsnVIsH5/ndVaBCVeuerzpu/wP+OVrhvNBptGgYEADQufnzG43HsP/p9o9E+1UrC+TheB2i7N1/7hUGAS7DXRQI6K479WzUM7Nd7DAEJIUCUIG0YCQCybZ16KW1SBNADGv8hAKAVbjUEAGe9ceYVg9AiCwIAoPvi2L81w4AAgJmb/Bg9ZSSArou9rwKAdjCGAL8Ue/6PGQYEALTJscmPE0BnZTW+ev3MywZTAACQReM/BAC0y+Qs0oeMBIDJa4bNUz9Ke61DTjMBumt90nMLBAC0LgS4t9AQEOiwzGMvf7b+ggGdQlYDQICOU/qPAIBW0xAQoMhdwTZ+07lBBQDQTRr/IQCg3TQEBLrskAqAVnjrtb91BCAwdBr/IQCgMzQEBDop87i4V9d/YED36ZXn/6SV7ylAgzT+QwBAN2gICHRVrBZnHQUYq9iqAPYnc9yU/wMdpPEfAgA6FwLcGz9eRgLomsxtAJkr2UOSOW6Li4sGFOgaPbUQANBJ9i0BnbN08GDaa53+7tMGdB9jFtUTWRwBCHTM8dFoZBENAQDdM2kIqHwJ6JTMCWNMZFUBXJqfPP9M2mvF6v/83JxBBbpio3zcZxgQANBl8SOmgQnQGbFnPKsPQPivT/wng7pHb5x5JTUwsf8f6JhjGv8hAKDTJj9i9jEBnZJZBRCnAcTElov7q9U/SH09AQDQIU+V982O0kYAQC9CgPgx84MGdMZNhw+3emLbR7FdIrNnQlRxrCS/jwA1sWCGAIDeOVbYCgB0xMrKSurrxcRWFcCFvfj138t9D03+ge64T+k/AgB6pfxR2yg0NQE6IhrHZYcAf/G7dxvY84hwJPvEhJuS3z+AmqyV98maZiMAoJchQPy4rRkJoAuytwFEL4Cfrb9gYM8hOxxR/g90hNJ/BAD03q2FrQBAB0QFQOZpAOGF370r9Yz7Poiu/xGOZPrMLbcYWKAL7ptUyYIAgH6yFQDoiu1tAMmryFHqriHgWRGG1LE14vbbbjO4QNsp/UcAwGBCAFsBgE6456670l/z1BN/mHrWfZfF5D+7IiKO/jtw4IDBBdpM6T8CAAbHVgCg9WIiWcdZ8jHxHfqpAHUFIXfXENoAJFP6jwCAYbEVAOiKOiaUser9Z3d9YbD9AGLin33sX1hcXKwlsAFIpPQfAQCDDQFsBQBaLyaUdUwqt069NMijAev8d9v7D7Sc0n8EAAyerQBA69VVVh4r4UMKAWLy/9wd/7qWyocIaXT/B1pO6T8CAIbNVgCgC2JyGccC1uH0d58eRAhQ5+Q/2PsPtJzSf2Y/9zIEtMV4PH6mfFo2EkBbnT59urj2Yx+r7fUPfPKm4uO/8x9M/vchwpknH3vMhxRoq6h2vc7qP7OmAoA2+XRhKwDQYnEiwD01rjJHJcCf3vG53jUG/Nn6C7VO/ufn54uv3n+/DyjQZrea/CMAgF3KH0VNUYDWO3r0aK1nzL+6/oPtyXKsmPdBHPVX5+Q/ROO/Ot8TgCk9Vd7nPmUYaMWcyxDQNuPx+JHy6YiRANrq2eeeK37jE5+o9c+4/IoPFgdv+3fb2wK6KCb80dcgmhzWKY79e+H73/ehBNoqFriumSx0gQAAzhEAzJdPPywfC0YDaKsv3nln8bWHH679z7n6+l/f7gsQgUBXRMn/n931hUa2Mrzw539eLB486AMJtNWN5eR/zTAgAIALhwDL5dMzRgJoq82tre0qgJMnT9b+Z3WlGuCNM68UL37992pf9a88+MAD2+X/AC11vJz8HzMMCABgbyHAveXTl40E0FYnX3xxOwTY3GymsnPu2o8Vi7f978XfW/rVVo1DrPTHXv94NNXAUNd/oOXWy8n/dYYBAQBcWggQWwGWjATQVt969NHic5//fKN/5pVLv1b8g5v/5fb2gKFN/EM0/IvS//m5OR9AoI0iFY7S/3VDgQAALi0AWCh2+gHMGw2grZrqB/BO77/q6uLam//VdhAQ/92U2OMfRxbGo2lx5N8ff+979v0DbXasnPwfNwwIAGB/IcCnyqdvGwmgzf7Zb/1WceLEiZn9+RECxNaAusKAmPTH3v54xF7/WXny8ceLlcOHfeCAtooj/z5tGBAAwHQhgKMBgVZrsingxUQAENsEomfA/LW/sv18KacIbJ16qXj9zMvbzzHxf3X9B60Y4//4jW8Un7nlFh82oK02ysd1jvxDAADTBwCxBSBOBdAPABAC7FMEAe+94u+c/+9/6keN7uU3+Qd6xpF/CAAgMQRYmoQA+gEAQoABiYl/BAAALXZfOfm/1zDQdu8xBHTFpJOqs1SBVovO9NtN6hYXDUaC248eNfkH2m7N5J/OzKkMAV2jHwDQBSoBpqfsH+jCz335uMa+f7pCBQBdFFUAzlUFWq2qBFhZWTEYJv9Af33a5J8uUQFAJ+kHAHTJ5z7/+eJbjz5qIPZgfn5+ZwvFwYMGA2g7+/7pHBUAdJJ+AECXxGq2fewXF30TXvj+903+gS54yuQfAQA0GwKslk+rRgLogihnf+HP/7w4cOCAwTiHaPYXk3/jA3TARvm41TDQyTmUIaDrxuPxD8unJSMBdEE0B/zil75kS8BElPxHdcTK4cMGA+iK6ybVqCAAgBkEAAvlU4QA+gEAnXHiO9/Z7g2wuTnc3lHRIDEm/9EwEaAjbp1UoUIn2QJA55U/whuFMiyga5Pfw4eLv37ppe3S96GJMv8nH3+8ePKxx0z+gS5ZNfmn83MnQ0BfjMfje8unLxsJoGtOvvji9raAZ597rtf/zij3v/2224qjR4+a+ANdEyX/NzryDwEAtCsE+Hb59CkjAXRRBABfvPPO4uTJk737t0UTxAcfeMDEH+iimPRfN6k6BQEAtCgAiD4AzxSaAgIdFv0Bvvbww52vCIgV/9jqcM9dd+nuD3RZrPyvGQYEANDOEGBpEgJoCgh0WgQAcVpA104MiMn+Z2+5Rak/0AfHysn/ccOAAADaHQLENoBvGwmgD+LowCoIaPP2gCjzv2llxZF+QF9E0z+NphEAQEdCgHsLTQGBnjl9+nTx9He+04owoCrxv+HQoe0j/az2Az2i6R8CAOhgCPBI+XTESAB9FJUBJ06c2N4qECcJ1B0IxIR/8eDB7Qn/ofIRzwB9/HktH9eY/CMAgO4FAJoCAoNShQFbm5u/bCJ4qc0Eq4n+XPm8VD4vLi5u/88a+QEDER3/1w0DAgDoZgiwUD79sNAUEOC8YUA16QcYuFvLyf+qYUAAAN0OAZYmIQAAAJzL8XLyf8ww0GfvMQQMwaSMSxdXAADO5SmTfwQA0K8QYLV8co4rAAC7WShiOHMiQ8DQOBkAAIAJHf8ZFBUADFGUd+nsCgBg8n+jyT8CAOixyY/8jeVjw2gAAAzWMcf9IQCA4YQAny52kl8AAIbFcX8IAGBgIcD6JAQAAGA4Vk3+EQDAMEOAtULXVwCAoYjj/tz7IQCAAYcAq+XTfUYCAKDXHPeHuY8hgB2OBwQA6PXkX8d/BACGAN4WAny7fPqUkQAA6I3quD8d/xEAGAJ4WwAwXz49Uz6WjAYAgMk/CABACAAAQPvdOGn6DAgA4IIhwN+Uj3mjAQDQSbc67g/ezikAcA6TBjE3FjtlYwAAmPyDAAB6HAKsCwEAADrnuMk/nGeOYwjgwsbj8XKx0xMAAIB2Wy0n/7caBjg3FQBwEZPGMS4kAAAm/9DtuY0hgL0Zj8dHyqdHjAQAgMk/CABACAAAQLO2+zZNmjgDF2ALAFyCSUOZY0YCAMDkHzo3nzEEcOnG43FUARwxEgAAJv8gAAAhAAAAJv8gAAAhAAAAJv8gAAAhAAAAJv8gAAAhAACAyT8gAAAhAABAn2xOJv/rhgIEACAEAAAw+QcEACAEAAAw+QcBACAEAAAw+QcBACAEAABolIZ/IAAAIQAAgMk/IAAAIQAAgMk/IAAAIQAAgMk/CAAAIQAAgMk/CACAlBAgAoBHjAQAgMk/NO09hgCaU17YVsunW40EAMC2NZN/EACAEAAAoN9Wy/sik39oci5iCGA2bAcAAAY++bcgAgIAGFQIsFQ+PVM+5o0GAGDyD9TJFgCYofLit930pnwofQMAhuCYyT/McP5hCGD2JpUA3y4fC0YDAOipWye9kAABAAw+BIhtALEdYMloAAA9EpWOx0z+QQAACAEAgH5P/m+cbHsEZkwPAGiRyTE40RNg1WgAACb/QOp8wxBAO43H4zgi8IiRAAA6aH0y+dfoGFpEBQC01KRD7jEjAQB0zJrJP7R0jmEIoN3G4/GR8ukRIwEAdMCqY/5AAABMFwJEU8BoDjhvNACAlrqvnPzfaxhAAADkhABRCeCEAACgbW51zB8IAIDcEMAxgQBAm+j0Dx2iCSB0SDTTKR/XFY4JBABmb93kHzo2nzAE0E3j8fje8unLRgIAmOHkX6d/6BAVANBRkyY70WXXhRcAaFJ0+r/O5B86OIcwBNBtTggAABp0rJz4HzcMIAAAZhcCaA4IANQpVvuj0/9ThgK6yxYA6AHNAQGAGlX7/U3+oevzBkMA/TIej+8on37fSAAACdbKx6ft9wcBANDeEGC5fPp2oS8AALB/x8uJ/zHDAAIAoP0hwMIkBNAXAAC4FLHaH83+Vg0FCACA7oQAUQEQ2wGOGA0AYA82ip2S/3VDAf2jCSD02KQ54K3lfyrfAwAuJpr8XWfyDz2eHxgCGAZ9AQCAC7ivnPjfaxhAAAD0JwSIyf8zhb4AAMCO2O9/qyP+YBhsAYABmWwJuK78z+NGAwAGL0r9rzP5BwEA0O8gIHoCfLrYSf0BgOGJI/5i8r9hKGBA8wBDAMPlqEAAGBxH/MGAqQCAAZuk/jeWDzcBANB/UfJ/o8k/DPj+3xAAYTwef6p8eqRwSgAA9FFM+mPl3/Y/EAAA2BIAAD2kyz/wS7YAAL8UWwKcEgAAvaHLPyAAAC4aBDglAAC6TZd/4N33+YYAOJ/xeBz9AGJLwLLRAIBOiPD+0+XEf81QAO+kAgA4r2gUVD7ilIBjRgMAWi9K/a8x+QcEAMA0QUD0BIjeAOtGAwBaJ1b9o8P/p3X5By54X28IgL2abAn4cvm4w2gAQCtEOB9d/oX0gAAAqCUIWC52egPMGw0AmJn7yon/vYYBEAAAdYcAMfl/pHx8ymgAQKM2ip1V/zVDAVwKPQCAfZk0CIyjAh0XCADN2e7LY/IP7Ose3hAA03JcIADUbqOw6g9MSQUAMLV3HBeoGgAAcln1B3Lu2w0BkGk8Hi8UO70Blo0GAEwlQvVY9X/KUAAZVAAAqcqblA3VAAAwtVj1v8bkH0i9VzcEQF0m1QC/XzgpAAD2aqOw1x+oiQoAoDaTagAnBQDA3tjrD9R7f24IgCZMTgqI3gCqAQDg7TYKq/5AA1QAAI2YnBQQlQA3Tm50AICiuK+8Pl5j8g8IAIA+BgFxg3NdsVPmCABDtX09LK+L9xoKoLF7cUMAzMp4PF4qdrYFLBkNAAYieuLEqr8gHGicCgBgZsqbn/XyEdUAjgwEYAhWi52j/Uz+gdncfxsCoA00CQSgxzYKTf6AFlABALSCJoEA9FBV7q/JH9COe25DALTReDy+t3z6QvmYNxoAdNBT5eNYOfHfMBSAAADg4iHAQvn05fJxxGgA0BEx4VfuD7SSLQBAa8WqSfm4tdjZFrBuRABosSj3P6bcH2j1/bUhALpiPB7fUexUBNgWAECbrE4m/060AQQAAIkhwPwkBLjDaAAwY2uTib8qNUAAAFBjELBQ7BwbuGw0AGjYxmTi/5ShALpEDwCgkyb9AaI3gP4AADRl97F+Jv9A9+6hDQHQB+Px+EixszVgwWgAUIPjk8m/ff6AAACgBSFA9AeI3gBfKDQKBCBHrPRHuf+GoQAEAADtDAI0CgRgGmvFzor/mqEABAAA7Q8CFiZBwBGjAcAebZSPW038gT7SBBDorUmjwFvL/7yu2FnJAYCLTfyvMfkHent/bAiAoRiPx8vFTkXAstEAYCKa+sUe/1VDAQgAAAQBAPRz4v9Q+Tiusz8gAAAYRhDwSOHoQAATfwABAMAggoAjxU5FgCAAwMQfQAAAIAgAwMQfQAAA0Kcg4FPl0xcKPQIATPwBBAAAgwgCIgDQLBDAxB9AAAAgCACgJTbKx32O8wMQAABkBAFLxc7WgCNGA8DEH0AAAND/IGCh2KkIEAQAzM7aZOK/ZigABAAAdQcB8+XTHcVOVcC8EQFoxGr5+KaJP4AAAGBWQUCcHOAIQYB6RDO/p4qdFf8NwwEgAABoQxjgCEGAPDHZj47+qzr6AwgAANoaBGgYCLB/a8VOmf+qoQAQAAB0JQio+gR8trA9AOBiYsL/UDnxXzcUAAIAgC6HAbYHALzbRvn4Zvk4rswfQAAA0LcgYKE4uz3A6QHAUEVTvyjzf8pQAAgAAPoeBFSnB0QYsGREgAGIFf7VYqfMf8NwAAgAAIYYBlRNAyMQUBUA9M1aoakfgAAAgLcFAVVVQDQNXDYiQIdtFDt7+1et9gMIAAC4cBiwUJytClgwIkBHrJaPp+3tBxAAALC/MCBCgJuKncaBAG0Tx/ZVq/06+QMIAABICAI0DgTaYqPY6eSvoR+AAACAmsOAhWKnIiD6BSwYEaABm5NJvxJ/AAEAADMKA5YmQYB+AUAdYrL/TZN+AAEAAO0KA5Z3hQGOFASmmfQ/Hc/29QMIAABofxhQNQ8UBgAm/QACAAAGFgYsF7YJACb9AAIAAAYRBugZAMNVNfJ71qQfQAAAwPDCgOVJIOBoQeinjfKxVujeDyAAAIBJGLAwCQOqvgFAd60XZ0v71w0HAAIAAC4UCEQIcENhqwB0QZTyr00m/WvlpH/DkAAgAABgP2HAwiQIqAIBYPbWi7Ol/WuGAwABAAB1BALLxdlTBfQOgGZsTCb8GvgBIAAAYCZhwPwkCLBdAHJt7prwr9nLD4AAAIC2BQILuwKBZYEAmPADIAAAYDiBwNKuQMCWAdixUezs4zfhB0AAAEAvA4H5SQiwvCsUgCGomvadLHTqB0AAAMBAQ4EqEFichAOqBOi6zd2T/Zj8a9oHgAAAAN4dCOyuEqhCgQUjQ4sn+1Up//pksr9hWAAQAABATiiwUKgUwGQfAAQAAAwmGFiehAG7tw/MGxkSrBU7jfpOF8r4ARAAAEArQ4H5XWHAAcEAe5jox8Q+9uvHqv6GjvwACAAAoPvhwHKxUzEQj8VJKLBsZHpvozh77N7pXRP9DUMDgAAAAIYVDFRVA1U4cGDXfy8YoU5YK86u5G+a5AOAAAAA9hMQVEFAFRSEGybPthc0M7kPMZk/vWuCv6lcHwAEAADQdEiwOxyoAoOwuCsg2P3/b1J/1rPnmuxbvQcAAQAA9MKkJ0Fld4BQqbYivNNCMZsgoVp5P5dn3/E/b0wehQk9AAgAAIAG7NrC8K4JvRJ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM7h/xdgAPUEY4Volf8FAAAAAElFTkSuQmCC + mediatype: image/png + install: + spec: + deployments: + - label: + control-plane: controller-manager + name: edp-keycloak-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + command: + - /manager + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: docker.io/epamedp/keycloak-operator:1.19.0 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: edp-keycloak-operator-controller-manager + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakauthflows + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakauthflows/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakauthflows/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakclients + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakclients/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakclients/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakclientscopes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakclientscopes/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakclientscopes/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmcomponents + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmcomponents/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmcomponents/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmgroups/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmgroups/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmidentityproviders + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmidentityproviders/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmidentityproviders/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmrolebatches + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmrolebatches/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmrolebatches/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmroles/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmroles/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealms/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealms/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmusers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmusers/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmusers/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloaks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloaks/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloaks/status + verbs: + - get + - patch + - update + serviceAccountName: edp-keycloak-operator-controller-manager + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - authentication + - authorization + - edp + - idp + - keycloak + - oauth + - oidc + - operator + - saml + - sso + links: + - name: Edp Keycloak Operator + url: https://github.com/epam/edp-keycloak-operator + maintainers: + - email: SupportEPMD-EDP@epam.com + name: epmd-edp + maturity: alpha + minKubeVersion: 1.20.0 + provider: + name: EPAM Delivery Platform + url: https://epam.github.io/edp-install/ + version: 1.19.0 diff --git a/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_clusterkeycloakrealms.yaml b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_clusterkeycloakrealms.yaml new file mode 100644 index 00000000000..46c3d9c5b36 --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_clusterkeycloakrealms.yaml @@ -0,0 +1,172 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: clusterkeycloakrealms.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: ClusterKeycloakRealm + listKind: ClusterKeycloakRealmList + plural: clusterkeycloakrealms + singular: clusterkeycloakrealm + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Keycloak realm is available + jsonPath: .status.available + name: Available + type: boolean + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterKeycloakRealm is the Schema for the clusterkeycloakrealms + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterKeycloakRealmSpec defines the desired state of ClusterKeycloakRealm. + properties: + browserSecurityHeaders: + additionalProperties: + type: string + description: BrowserSecurityHeaders is a map of security headers to + apply to HTTP responses from the realm's browser clients. + nullable: true + type: object + clusterKeycloakRef: + description: ClusterKeycloakRef is a name of the ClusterKeycloak instance + that owns the realm. + type: string + frontendUrl: + description: FrontendURL Set the frontend URL for the realm. Use in + combination with the default hostname provider to override the base + URL for frontend requests for a specific realm. + type: string + localization: + description: Localization is the configuration for localization in + the realm. + nullable: true + properties: + internationalizationEnabled: + description: InternationalizationEnabled indicates whether to + enable internationalization. + nullable: true + type: boolean + type: object + passwordPolicy: + description: PasswordPolicies is a list of password policies to apply + to the realm. + items: + properties: + type: + description: Type of password policy. + type: string + value: + description: Value of password policy. + type: string + required: + - type + - value + type: object + nullable: true + type: array + realmEventConfig: + description: RealmEventConfig is the configuration for events in the + realm. + nullable: true + properties: + adminEventsDetailsEnabled: + description: AdminEventsDetailsEnabled indicates whether to enable + detailed admin events. + type: boolean + adminEventsEnabled: + description: AdminEventsEnabled indicates whether to enable admin + events. + type: boolean + enabledEventTypes: + description: EnabledEventTypes is a list of event types to enable. + items: + type: string + type: array + eventsEnabled: + description: EventsEnabled indicates whether to enable events. + type: boolean + eventsExpiration: + description: EventsExpiration is the number of seconds after which + events expire. + type: integer + eventsListeners: + description: EventsListeners is a list of event listeners to enable. + items: + type: string + type: array + type: object + realmName: + description: RealmName specifies the name of the realm. + type: string + themes: + description: Themes is a map of themes to apply to the realm. + nullable: true + properties: + accountTheme: + description: AccountTheme specifies the account theme to use for + the realm. + nullable: true + type: string + adminConsoleTheme: + description: AdminConsoleTheme specifies the admin console theme + to use for the realm. + nullable: true + type: string + emailTheme: + description: EmailTheme specifies the email theme to use for the + realm. + nullable: true + type: string + loginTheme: + description: LoginTheme specifies the login theme to use for the + realm. + nullable: true + type: string + type: object + required: + - clusterKeycloakRef + - realmName + type: object + status: + description: ClusterKeycloakRealmStatus defines the observed state of + ClusterKeycloakRealm. + properties: + available: + type: boolean + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_clusterkeycloaks.yaml b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_clusterkeycloaks.yaml new file mode 100644 index 00000000000..a2ebf4037e7 --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_clusterkeycloaks.yaml @@ -0,0 +1,80 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: clusterkeycloaks.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: ClusterKeycloak + listKind: ClusterKeycloakList + plural: clusterkeycloaks + singular: clusterkeycloak + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Is connected to keycloak + jsonPath: .status.connected + name: Connected + type: boolean + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterKeycloak is the Schema for the clusterkeycloaks API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterKeycloakSpec defines the desired state of ClusterKeycloak. + properties: + adminType: + default: user + description: AdminType can be user or serviceAccount, if serviceAccount + was specified, then client_credentials grant type should be used + for getting admin realm token. + enum: + - serviceAccount + - user + type: string + secret: + description: Secret is a secret name which contains admin credentials. + type: string + url: + description: URL of keycloak service. + type: string + required: + - secret + - url + type: object + status: + description: ClusterKeycloakStatus defines the observed state of ClusterKeycloak. + properties: + connected: + description: Connected shows if keycloak service is up and running. + type: boolean + required: + - connected + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakauthflows.yaml b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakauthflows.yaml new file mode 100644 index 00000000000..189ad0cc0e0 --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakauthflows.yaml @@ -0,0 +1,231 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: keycloakauthflows.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakAuthFlow + listKind: KeycloakAuthFlowList + plural: keycloakauthflows + singular: keycloakauthflow + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KeycloakAuthFlow is the Schema for the keycloak authentication + flow API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakAuthFlowSpec defines the desired state of KeycloakAuthFlow. + properties: + alias: + description: Alias is display name for authentication flow. + type: string + authenticationExecutions: + description: AuthenticationExecutions is list of authentication executions + for this auth flow. + items: + description: AuthenticationExecution defines keycloak authentication + execution. + properties: + alias: + description: Alias is display name for this execution. + type: string + authenticator: + description: Authenticator is name of authenticator. + type: string + authenticatorConfig: + description: AuthenticatorConfig is configuration for authenticator. + nullable: true + properties: + alias: + description: Alias is display name for authenticator config. + type: string + config: + additionalProperties: + type: string + description: Config is configuration for authenticator. + type: object + type: object + authenticatorFlow: + description: AuthenticatorFlow is true if this is auth flow. + type: boolean + priority: + description: Priority is priority for this execution. Lower + values have higher priority. + type: integer + requirement: + description: 'Requirement is requirement for this execution. + Available options: REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL.' + type: string + type: object + nullable: true + type: array + builtIn: + description: BuiltIn is true if this is built-in auth flow. + type: boolean + childType: + description: 'ChildType is type for auth flow if it has a parent, + available options: basic-flow, form-flow' + type: string + description: + description: Description is description for authentication flow. + type: string + parentName: + description: ParentName is name of parent auth flow. + type: string + providerId: + description: ProviderID for root auth flow and provider for child + auth flows. + type: string + realm: + description: 'Deprecated: use RealmRef instead. Realm is name of KeycloakRealm + custom resource.' + type: string + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + topLevel: + description: TopLevel is true if this is root auth flow. + type: boolean + required: + - alias + - builtIn + - providerId + - topLevel + type: object + status: + description: KeycloakAuthFlowStatus defines the observed state of KeycloakAuthFlow. + properties: + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - deprecated: true + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alias: + description: Alias is display name for authentication flow + type: string + authenticationExecutions: + items: + properties: + alias: + type: string + authenticator: + type: string + authenticatorConfig: + nullable: true + properties: + alias: + type: string + config: + additionalProperties: + type: string + nullable: true + type: object + type: object + authenticatorFlow: + type: boolean + priority: + type: integer + requirement: + type: string + type: object + nullable: true + type: array + builtIn: + type: boolean + childType: + description: 'ChildType is type for auth flow if it has a parent, + available options: basic-flow, form-flow' + type: string + description: + type: string + parentName: + type: string + providerId: + description: ProviderID for root auth flow and provider for child + auth flows + type: string + realm: + description: Realm is name of keycloak realm + type: string + topLevel: + type: boolean + required: + - alias + - builtIn + - providerId + - realm + - topLevel + type: object + status: + properties: + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakclients.yaml b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakclients.yaml new file mode 100644 index 00000000000..bbb66e81f40 --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakclients.yaml @@ -0,0 +1,378 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: keycloakclients.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakClient + listKind: KeycloakClientList + plural: keycloakclients + singular: keycloakclient + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KeycloakClient is the Schema for the keycloak clients API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakClientSpec defines the desired state of KeycloakClient. + properties: + advancedProtocolMappers: + description: AdvancedProtocolMappers is a flag to enable advanced + protocol mappers. + type: boolean + attributes: + additionalProperties: + type: string + default: + post.logout.redirect.uris: + + description: Attributes is a map of client attributes. + nullable: true + type: object + clientId: + description: ClientId is a unique keycloak client ID referenced in + URI and tokens. + type: string + clientRoles: + description: ClientRoles is a list of client roles names assigned + to client. + items: + type: string + nullable: true + type: array + defaultClientScopes: + description: DefaultClientScopes is a list of default client scopes + assigned to client. + items: + type: string + nullable: true + type: array + directAccess: + description: DirectAccess is a flag to set client as direct access. + type: boolean + frontChannelLogout: + description: FrontChannelLogout is a flag to enable front channel + logout. + type: boolean + protocol: + description: Protocol is a client protocol. + nullable: true + type: string + protocolMappers: + description: ProtocolMappers is a list of protocol mappers assigned + to client. + items: + properties: + config: + additionalProperties: + type: string + description: Config is a map of protocol mapper configuration. + nullable: true + type: object + name: + description: Name is a protocol mapper name. + type: string + protocol: + description: Protocol is a protocol name. + type: string + protocolMapper: + description: ProtocolMapper is a protocol mapper name. + type: string + type: object + nullable: true + type: array + public: + description: Public is a flag to set client as public. + type: boolean + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + realmRoles: + description: RealmRoles is a list of realm roles assigned to client. + items: + properties: + composite: + description: Composite is a realm composite role name. + type: string + name: + description: Name is a realm role name. + type: string + required: + - composite + type: object + nullable: true + type: array + reconciliationStrategy: + description: ReconciliationStrategy is a strategy to reconcile client. + enum: + - full + - addOnly + type: string + redirectUris: + description: RedirectUris is a list of valid URI pattern a browser + can redirect to after a successful login. Simple wildcards are allowed + such as 'https://example.com/*'. Relative path can be specified + too, such as /my/relative/path/*. Relative paths are relative to + the client root URL. If not specified, spec.webUrl + "/*" will be + used. + example: + - https://example.com/* + - /my/relative/path/* + items: + type: string + nullable: true + type: array + secret: + description: 'Secret is kubernetes secret name where the client''s + secret will be stored. Secret should have the following format: + $secretName:secretKey. If not specified, a client secret will be + generated and stored in a secret with the name keycloak-client-{metadata.name}-secret. + If keycloak client is public, secret property will be ignored.' + example: $keycloak-secret:client_secret + type: string + serviceAccount: + description: ServiceAccount is a service account configuration. + nullable: true + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a map of service account attributes. + nullable: true + type: object + clientRoles: + description: ClientRoles is a list of client roles assigned to + service account. + items: + properties: + clientId: + description: ClientID is a client ID. + type: string + roles: + description: Roles is a list of client roles names assigned + to service account. + items: + type: string + nullable: true + type: array + required: + - clientId + type: object + nullable: true + type: array + enabled: + description: Enabled is a flag to enable service account. + type: boolean + realmRoles: + description: RealmRoles is a list of realm roles assigned to service + account. + items: + type: string + nullable: true + type: array + type: object + targetRealm: + description: 'Deprecated: use RealmRef instead. TargetRealm is a realm + name where client will be created. It has higher priority than RealmRef + for backward compatibility. If both TargetRealm and RealmRef are + specified, TargetRealm will be used for client creation.' + type: string + webUrl: + description: WebUrl is a client web url. + type: string + required: + - clientId + type: object + status: + description: KeycloakClientStatus defines the observed state of KeycloakClient. + properties: + clientId: + type: string + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - deprecated: true + name: v1alpha1 + schema: + openAPIV3Schema: + description: KeycloakClient is the Schema for the keycloakclients API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakClientSpec defines the desired state of KeycloakClient. + properties: + advancedProtocolMappers: + type: boolean + attributes: + additionalProperties: + type: string + nullable: true + type: object + clientId: + description: ClientId is a unique keycloak client ID referenced in + URI and tokens. + type: string + clientRoles: + items: + type: string + nullable: true + type: array + defaultClientScopes: + description: A list of default client scopes for a keycloak client. + items: + type: string + nullable: true + type: array + directAccess: + type: boolean + frontChannelLogout: + type: boolean + protocol: + nullable: true + type: string + protocolMappers: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + name: + type: string + protocol: + type: string + protocolMapper: + type: string + type: object + nullable: true + type: array + public: + type: boolean + realmRoles: + items: + properties: + composite: + type: string + name: + type: string + required: + - composite + type: object + nullable: true + type: array + reconciliationStrategy: + enum: + - full + - addOnly + type: string + secret: + type: string + serviceAccount: + nullable: true + properties: + attributes: + additionalProperties: + type: string + nullable: true + type: object + clientRoles: + items: + properties: + clientId: + type: string + roles: + items: + type: string + nullable: true + type: array + required: + - clientId + type: object + nullable: true + type: array + enabled: + type: boolean + realmRoles: + items: + type: string + nullable: true + type: array + type: object + targetRealm: + type: string + webUrl: + type: string + required: + - clientId + type: object + status: + description: KeycloakClientStatus defines the observed state of KeycloakClient. + properties: + clientId: + type: string + clientSecretName: + type: string + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakclientscopes.yaml b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakclientscopes.yaml new file mode 100644 index 00000000000..d3a87db8829 --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakclientscopes.yaml @@ -0,0 +1,197 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: keycloakclientscopes.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakClientScope + listKind: KeycloakClientScopeList + plural: keycloakclientscopes + singular: keycloakclientscope + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KeycloakClientScope is the Schema for the keycloakclientscopes + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakClientScopeSpec defines the desired state of KeycloakClientScope. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a map of client scope attributes. + nullable: true + type: object + default: + description: Default is a flag to set client scope as default. + type: boolean + description: + description: Description is a description of client scope. + type: string + name: + description: Name of keycloak client scope. + type: string + protocol: + description: Protocol is SSO protocol configuration which is being + supplied by this client scope. + type: string + protocolMappers: + description: ProtocolMappers is a list of protocol mappers assigned + to client scope. + items: + properties: + config: + additionalProperties: + type: string + description: Config is a map of protocol mapper configuration. + nullable: true + type: object + name: + description: Name is a protocol mapper name. + type: string + protocol: + description: Protocol is a protocol name. + type: string + protocolMapper: + description: ProtocolMapper is a protocol mapper name. + type: string + type: object + nullable: true + type: array + realm: + description: 'Deprecated: use RealmRef instead. Realm is name of KeycloakRealm + custom resource.' + type: string + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + required: + - name + - protocol + type: object + status: + description: KeycloakClientScopeStatus defines the observed state of KeycloakClientScope. + properties: + failureCount: + format: int64 + type: integer + id: + type: string + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - deprecated: true + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributes: + additionalProperties: + type: string + nullable: true + type: object + default: + type: boolean + description: + type: string + name: + description: Name of keycloak client scope + type: string + protocol: + description: Protocol is SSO protocol configuration which is being + supplied by this client scope + type: string + protocolMappers: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + name: + type: string + protocol: + type: string + protocolMapper: + type: string + type: object + nullable: true + type: array + realm: + description: Realm is name of keycloak realm + type: string + required: + - name + - protocol + - realm + type: object + status: + properties: + failureCount: + format: int64 + type: integer + id: + type: string + value: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmcomponents.yaml b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmcomponents.yaml new file mode 100644 index 00000000000..867e42f8256 --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmcomponents.yaml @@ -0,0 +1,170 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: keycloakrealmcomponents.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakRealmComponent + listKind: KeycloakRealmComponentList + plural: keycloakrealmcomponents + singular: keycloakrealmcomponent + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KeycloakRealmComponent is the Schema for the keycloak component + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakComponentSpec defines the desired state of KeycloakRealmComponent. + properties: + config: + additionalProperties: + items: + type: string + type: array + description: Config is a map of component configuration. + nullable: true + type: object + name: + description: Name of keycloak component. + type: string + parentRef: + description: ParentRef specifies a parent resource. If not specified, + then parent is realm specified in realm field. + nullable: true + properties: + kind: + default: KeycloakRealm + description: Kind is a kind of parent component. By default, it + is KeycloakRealm. + enum: + - KeycloakRealm + - KeycloakRealmComponent + type: string + name: + description: Name is a name of parent component custom resource. + For example, if Kind is KeycloakRealm, then Name is name of + KeycloakRealm custom resource. + type: string + required: + - name + type: object + providerId: + description: ProviderID is a provider ID of component. + type: string + providerType: + description: ProviderType is a provider type of component. + type: string + realm: + description: 'Deprecated: use RealmRef instead. Realm is name of KeycloakRealm + custom resource.' + type: string + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + required: + - name + - providerId + - providerType + type: object + status: + description: KeycloakComponentStatus defines the observed state of KeycloakRealmComponent. + properties: + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - deprecated: true + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + config: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + name: + type: string + providerId: + type: string + providerType: + type: string + realm: + type: string + required: + - name + - providerId + - providerType + - realm + type: object + status: + properties: + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmgroups.yaml b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmgroups.yaml new file mode 100644 index 00000000000..cb8d578e900 --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmgroups.yaml @@ -0,0 +1,211 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: keycloakrealmgroups.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakRealmGroup + listKind: KeycloakRealmGroupList + plural: keycloakrealmgroups + singular: keycloakrealmgroup + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KeycloakRealmGroup is the Schema for the keycloak group API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakRealmGroupSpec defines the desired state of KeycloakRealmGroup. + properties: + access: + additionalProperties: + type: boolean + description: Access is a map of group access. + nullable: true + type: object + attributes: + additionalProperties: + items: + type: string + type: array + description: Attributes is a map of group attributes. + nullable: true + type: object + clientRoles: + description: ClientRoles is a list of client roles assigned to group. + items: + properties: + clientId: + description: ClientID is a client ID. + type: string + roles: + description: Roles is a list of client roles names assigned + to service account. + items: + type: string + nullable: true + type: array + required: + - clientId + type: object + nullable: true + type: array + name: + description: Name of keycloak group. + type: string + path: + description: Path is a group path. + type: string + realm: + description: 'Deprecated: use RealmRef instead. Realm is name of KeycloakRealm + custom resource.' + type: string + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + realmRoles: + description: RealmRoles is a list of realm roles assigned to group. + items: + type: string + nullable: true + type: array + subGroups: + description: SubGroups is a list of subgroups assigned to group. + items: + type: string + nullable: true + type: array + required: + - name + type: object + status: + description: KeycloakRealmGroupStatus defines the observed state of KeycloakRealmGroup. + properties: + failureCount: + format: int64 + type: integer + id: + description: ID is a group ID. + type: string + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - deprecated: true + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + access: + additionalProperties: + type: boolean + nullable: true + type: object + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + clientRoles: + items: + properties: + clientId: + type: string + roles: + items: + type: string + nullable: true + type: array + required: + - clientId + type: object + nullable: true + type: array + name: + type: string + path: + type: string + realm: + type: string + realmRoles: + items: + type: string + nullable: true + type: array + subGroups: + items: + type: string + nullable: true + type: array + required: + - name + - realm + type: object + status: + properties: + failureCount: + format: int64 + type: integer + id: + type: string + value: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmidentityproviders.yaml b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmidentityproviders.yaml new file mode 100644 index 00000000000..08fb16beedc --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmidentityproviders.yaml @@ -0,0 +1,229 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: keycloakrealmidentityproviders.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakRealmIdentityProvider + listKind: KeycloakRealmIdentityProviderList + plural: keycloakrealmidentityproviders + singular: keycloakrealmidentityprovider + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KeycloakRealmIdentityProvider is the Schema for the keycloak + realm identity provider API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakRealmIdentityProviderSpec defines the desired state + of KeycloakRealmIdentityProvider. + properties: + addReadTokenRoleOnCreate: + description: AddReadTokenRoleOnCreate is a flag to add read token + role on create. + type: boolean + alias: + description: Alias is a alias of identity provider. + type: string + authenticateByDefault: + description: AuthenticateByDefault is a flag to authenticate by default. + type: boolean + config: + additionalProperties: + type: string + description: Config is a map of identity provider configuration. Map + key is a name of configuration property, map value is a value of + configuration property. Any value can be a reference to k8s secret, + in this case value should be in format $secretName:secretKey. + example: + clientId: provider-client + clientSecret: $clientSecret:secretKey + type: object + displayName: + description: DisplayName is a display name of identity provider. + type: string + enabled: + description: Enabled is a flag to enable/disable identity provider. + type: boolean + firstBrokerLoginFlowAlias: + description: FirstBrokerLoginFlowAlias is a first broker login flow + alias. + type: string + linkOnly: + description: LinkOnly is a flag to link only. + type: boolean + mappers: + description: Mappers is a list of identity provider mappers. + items: + properties: + config: + additionalProperties: + type: string + description: Config is a map of identity provider mapper configuration. + nullable: true + type: object + identityProviderAlias: + description: IdentityProviderAlias is a identity provider alias. + type: string + identityProviderMapper: + description: IdentityProviderMapper is a identity provider mapper. + type: string + name: + description: Name is a name of identity provider mapper. + type: string + type: object + nullable: true + type: array + providerId: + description: ProviderID is a provider ID of identity provider. + type: string + realm: + description: 'Deprecated: use RealmRef instead. Realm is name of KeycloakRealm + custom resource.' + type: string + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + storeToken: + description: StoreToken is a flag to store token. + type: boolean + trustEmail: + description: TrustEmail is a flag to trust email. + type: boolean + required: + - alias + - config + - enabled + - providerId + type: object + status: + description: KeycloakRealmIdentityProviderStatus defines the observed + state of KeycloakRealmIdentityProvider. + properties: + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - deprecated: true + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addReadTokenRoleOnCreate: + type: boolean + alias: + type: string + authenticateByDefault: + type: boolean + config: + additionalProperties: + type: string + type: object + displayName: + type: string + enabled: + type: boolean + firstBrokerLoginFlowAlias: + type: string + linkOnly: + type: boolean + mappers: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + identityProviderAlias: + type: string + identityProviderMapper: + type: string + name: + type: string + type: object + nullable: true + type: array + providerId: + type: string + realm: + type: string + storeToken: + type: boolean + trustEmail: + type: boolean + required: + - alias + - config + - enabled + - providerId + - realm + type: object + status: + properties: + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmrolebatches.yaml b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmrolebatches.yaml new file mode 100644 index 00000000000..b19ff4bdda0 --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmrolebatches.yaml @@ -0,0 +1,188 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: keycloakrealmrolebatches.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakRealmRoleBatch + listKind: KeycloakRealmRoleBatchList + plural: keycloakrealmrolebatches + singular: keycloakrealmrolebatch + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KeycloakRealmRoleBatch is the Schema for the keycloak roles API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakRealmRoleBatchSpec defines the desired state of KeycloakRealmRoleBatch. + properties: + realm: + description: 'Deprecated: use RealmRef instead. Realm is name of KeycloakRealm + custom resource.' + type: string + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + roles: + description: Roles is a list of roles to be created. + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + description: Attributes is a map of role attributes. + nullable: true + type: object + composite: + description: Composite is a flag if role is composite. + type: boolean + composites: + description: Composites is a list of composites roles assigned + to role. + items: + properties: + name: + description: Name is a name of composite role. + type: string + required: + - name + type: object + nullable: true + type: array + description: + description: Description is a role description. + type: string + isDefault: + description: IsDefault is a flag if role is default. + type: boolean + name: + description: Name of keycloak role. + type: string + required: + - name + type: object + type: array + required: + - roles + type: object + status: + description: KeycloakRealmRoleBatchStatus defines the observed state of + KeycloakRealmRoleBatch. + properties: + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - deprecated: true + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + realm: + type: string + roles: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + composite: + type: boolean + composites: + items: + properties: + name: + type: string + required: + - name + type: object + nullable: true + type: array + description: + type: string + isDefault: + type: boolean + name: + type: string + required: + - name + type: object + type: array + required: + - realm + - roles + type: object + status: + properties: + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmroles.yaml b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmroles.yaml new file mode 100644 index 00000000000..9cf822e0de0 --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmroles.yaml @@ -0,0 +1,177 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: keycloakrealmroles.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakRealmRole + listKind: KeycloakRealmRoleList + plural: keycloakrealmroles + singular: keycloakrealmrole + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KeycloakRealmRole is the Schema for the keycloak group API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakRealmRoleSpec defines the desired state of KeycloakRealmRole. + properties: + attributes: + additionalProperties: + items: + type: string + type: array + description: Attributes is a map of role attributes. + nullable: true + type: object + composite: + description: Composite is a flag if role is composite. + type: boolean + composites: + description: Composites is a list of composites roles assigned to + role. + items: + properties: + name: + description: Name is a name of composite role. + type: string + required: + - name + type: object + nullable: true + type: array + description: + description: Description is a role description. + type: string + isDefault: + description: IsDefault is a flag if role is default. + type: boolean + name: + description: Name of keycloak role. + type: string + realm: + description: 'Deprecated: use RealmRef instead. Realm is name of KeycloakRealm + custom resource.' + type: string + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + required: + - name + type: object + status: + description: KeycloakRealmRoleStatus defines the observed state of KeycloakRealmRole. + properties: + failureCount: + format: int64 + type: integer + id: + description: ID is a role ID. + type: string + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - deprecated: true + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + composite: + type: boolean + composites: + items: + properties: + name: + type: string + required: + - name + type: object + nullable: true + type: array + description: + type: string + isDefault: + type: boolean + name: + type: string + realm: + type: string + required: + - name + - realm + type: object + status: + properties: + failureCount: + format: int64 + type: integer + id: + type: string + value: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealms.yaml b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealms.yaml new file mode 100644 index 00000000000..42f97f8d9fd --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealms.yaml @@ -0,0 +1,408 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: keycloakrealms.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakRealm + listKind: KeycloakRealmList + plural: keycloakrealms + singular: keycloakrealm + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Is the resource available + jsonPath: .status.available + name: Available + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: KeycloakRealm is the Schema for the keycloak realms API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakRealmSpec defines the desired state of KeycloakRealm. + properties: + browserFlow: + description: BrowserFlow specifies the authentication flow to use + for the realm's browser clients. + nullable: true + type: string + browserSecurityHeaders: + additionalProperties: + type: string + description: BrowserSecurityHeaders is a map of security headers to + apply to HTTP responses from the realm's browser clients. + nullable: true + type: object + disableCentralIDPMappers: + description: DisableCentralIDPMappers indicates whether to disable + the default identity provider (IDP) mappers. + type: boolean + frontendUrl: + description: FrontendURL Set the frontend URL for the realm. Use in + combination with the default hostname provider to override the base + URL for frontend requests for a specific realm. + type: string + id: + description: ID is the ID of the realm. + nullable: true + type: string + keycloakOwner: + description: 'Deprecated: use KeycloakRef instead. KeycloakOwner specifies + the name of the Keycloak instance that owns the realm.' + nullable: true + type: string + keycloakRef: + description: KeycloakRef is reference to Keycloak custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - Keycloak + - ClusterKeycloak + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + passwordPolicy: + description: PasswordPolicies is a list of password policies to apply + to the realm. + items: + properties: + type: + description: Type of password policy. + type: string + value: + description: Value of password policy. + type: string + required: + - type + - value + type: object + nullable: true + type: array + realmEventConfig: + description: RealmEventConfig is the configuration for events in the + realm. + nullable: true + properties: + adminEventsDetailsEnabled: + description: AdminEventsDetailsEnabled indicates whether to enable + detailed admin events. + type: boolean + adminEventsEnabled: + description: AdminEventsEnabled indicates whether to enable admin + events. + type: boolean + enabledEventTypes: + description: EnabledEventTypes is a list of event types to enable. + items: + type: string + type: array + eventsEnabled: + description: EventsEnabled indicates whether to enable events. + type: boolean + eventsExpiration: + description: EventsExpiration is the number of seconds after which + events expire. + type: integer + eventsListeners: + description: EventsListeners is a list of event listeners to enable. + items: + type: string + type: array + type: object + realmName: + description: RealmName specifies the name of the realm. + type: string + ssoAutoRedirectEnabled: + description: SsoAutoRedirectEnabled indicates whether to enable automatic + redirection to the SSO realm. + nullable: true + type: boolean + ssoRealmEnabled: + description: SsoRealmEnabled indicates whether to enable the SSO realm. + nullable: true + type: boolean + ssoRealmMappers: + description: SSORealmMappers is a list of SSO realm mappers to create + in the realm. + items: + properties: + config: + additionalProperties: + type: string + description: Config is a map of configuration options for the + SSO realm mapper. + nullable: true + type: object + identityProviderMapper: + description: IdentityProviderMapper specifies the identity provider + mapper to use. + type: string + name: + description: Name specifies the name of the SSO realm mapper. + type: string + type: object + nullable: true + type: array + ssoRealmName: + description: SsoRealmName specifies the name of the SSO realm used + by the realm. + type: string + themes: + description: Themes is a map of themes to apply to the realm. + nullable: true + properties: + accountTheme: + description: AccountTheme specifies the account theme to use for + the realm. + nullable: true + type: string + adminConsoleTheme: + description: AdminConsoleTheme specifies the admin console theme + to use for the realm. + nullable: true + type: string + emailTheme: + description: EmailTheme specifies the email theme to use for the + realm. + nullable: true + type: string + internationalizationEnabled: + description: InternationalizationEnabled indicates whether to + enable internationalization. + nullable: true + type: boolean + loginTheme: + description: LoginTheme specifies the login theme to use for the + realm. + nullable: true + type: string + type: object + users: + description: Users is a list of users to create in the realm. + items: + properties: + realmRoles: + description: RealmRoles is a list of roles attached to keycloak + user. + items: + type: string + type: array + username: + description: Username of keycloak user. + type: string + required: + - username + type: object + nullable: true + type: array + required: + - realmName + type: object + status: + description: KeycloakRealmStatus defines the observed state of KeycloakRealm. + properties: + available: + type: boolean + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - deprecated: true + name: v1alpha1 + schema: + openAPIV3Schema: + description: KeycloakRealm is the Schema for the keycloakrealms API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakRealmSpec defines the desired state of KeycloakRealm. + properties: + browserFlow: + nullable: true + type: string + browserSecurityHeaders: + additionalProperties: + type: string + nullable: true + type: object + disableCentralIDPMappers: + type: boolean + frontendUrl: + description: FrontendURL Set the frontend URL for the realm. Use in + combination with the default hostname provider to override the base + URL for frontend requests for a specific realm. + type: string + id: + nullable: true + type: string + keycloakOwner: + type: string + passwordPolicy: + items: + properties: + type: + description: Type of password policy. + type: string + value: + description: Value of password policy. + type: string + required: + - type + - value + type: object + nullable: true + type: array + realmEventConfig: + nullable: true + properties: + adminEventsDetailsEnabled: + description: AdminEventsDetailsEnabled indicates whether to enable + detailed admin events. + type: boolean + adminEventsEnabled: + description: AdminEventsEnabled indicates whether to enable admin + events. + type: boolean + enabledEventTypes: + description: EnabledEventTypes is a list of event types to enable. + items: + type: string + type: array + eventsEnabled: + description: EventsEnabled indicates whether to enable events. + type: boolean + eventsExpiration: + description: EventsExpiration is the number of seconds after which + events expire. + type: integer + eventsListeners: + description: EventsListeners is a list of event listeners to enable. + items: + type: string + type: array + type: object + realmName: + type: string + ssoAutoRedirectEnabled: + nullable: true + type: boolean + ssoRealmEnabled: + nullable: true + type: boolean + ssoRealmMappers: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + identityProviderMapper: + type: string + name: + type: string + type: object + nullable: true + type: array + ssoRealmName: + type: string + themes: + nullable: true + properties: + accountTheme: + nullable: true + type: string + adminConsoleTheme: + nullable: true + type: string + emailTheme: + nullable: true + type: string + internationalizationEnabled: + nullable: true + type: boolean + loginTheme: + nullable: true + type: string + type: object + users: + items: + properties: + realmRoles: + description: RealmRoles is a list of roles attached to keycloak + user + items: + type: string + type: array + username: + description: Username of keycloak user + type: string + required: + - username + type: object + nullable: true + type: array + required: + - realmName + type: object + status: + description: KeycloakRealmStatus defines the observed state of KeycloakRealm. + properties: + available: + type: boolean + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmusers.yaml b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmusers.yaml new file mode 100644 index 00000000000..b8aff74beda --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloakrealmusers.yaml @@ -0,0 +1,228 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: keycloakrealmusers.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakRealmUser + listKind: KeycloakRealmUserList + plural: keycloakrealmusers + singular: keycloakrealmuser + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KeycloakRealmUser is the Schema for the keycloak user API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakRealmUserSpec defines the desired state of KeycloakRealmUser. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a map of user attributes. + nullable: true + type: object + email: + description: Email is a user email. + type: string + emailVerified: + description: EmailVerified is a user email verified flag. + type: boolean + enabled: + description: Enabled is a user enabled flag. + type: boolean + firstName: + description: FirstName is a user first name. + type: string + groups: + description: Groups is a list of groups assigned to user. + items: + type: string + nullable: true + type: array + keepResource: + description: KeepResource is a flag if resource should be kept after + deletion. If set to true, user will not be deleted from keycloak. + type: boolean + lastName: + description: LastName is a user last name. + type: string + password: + description: Password is a user password. Allows to keep user password + within Custom Resource. For security concerns, it is recommended + to use PasswordSecret instead. + type: string + passwordSecret: + description: PasswordSecret defines Kubernetes secret Name and Key, + which holds User secret. + nullable: true + properties: + key: + description: Key is the key in the secret. + type: string + name: + description: Name is the name of the secret. + type: string + required: + - key + - name + type: object + realm: + description: 'Deprecated: use RealmRef instead. Realm is name of KeycloakRealm + custom resource.' + type: string + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + reconciliationStrategy: + description: 'ReconciliationStrategy is a strategy for reconciliation. + Possible values: full, create-only. Default value: full. If set + to create-only, user will be created only if it does not exist. + If user exists, it will not be updated. If set to full, user will + be created if it does not exist, or updated if it exists.' + type: string + requiredUserActions: + description: 'RequiredUserActions is required action when user log + in, example: CONFIGURE_TOTP, UPDATE_PASSWORD, UPDATE_PROFILE, VERIFY_EMAIL.' + items: + type: string + nullable: true + type: array + roles: + description: Roles is a list of roles assigned to user. + items: + type: string + nullable: true + type: array + username: + description: Username is a username in keycloak. + type: string + required: + - username + type: object + status: + description: KeycloakRealmUserStatus defines the observed state of KeycloakRealmUser. + properties: + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + - deprecated: true + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributes: + additionalProperties: + type: string + nullable: true + type: object + email: + type: string + emailVerified: + type: boolean + enabled: + type: boolean + firstName: + type: string + groups: + items: + type: string + nullable: true + type: array + keepResource: + type: boolean + lastName: + type: string + password: + type: string + realm: + type: string + reconciliationStrategy: + type: string + requiredUserActions: + description: 'RequiredUserActions is required action when user log + in, example: CONFIGURE_TOTP, UPDATE_PASSWORD, UPDATE_PROFILE, VERIFY_EMAIL' + items: + type: string + nullable: true + type: array + roles: + items: + type: string + nullable: true + type: array + username: + type: string + required: + - realm + - username + type: object + status: + properties: + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloaks.yaml b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloaks.yaml new file mode 100644 index 00000000000..3bddd96b53f --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/manifests/v1.edp.epam.com_keycloaks.yaml @@ -0,0 +1,157 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: keycloaks.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: Keycloak + listKind: KeycloakList + plural: keycloaks + singular: keycloak + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Is connected to keycloak + jsonPath: .status.connected + name: Connected + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: Keycloak is the Schema for the keycloaks API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakSpec defines the desired state of Keycloak. + properties: + adminType: + description: AdminType can be user or serviceAccount, if serviceAccount + was specified, then client_credentials grant type should be used + for getting admin realm token. + enum: + - serviceAccount + - user + type: string + secret: + description: Secret is a secret name which contains admin credentials. + type: string + url: + description: URL of keycloak service. + type: string + required: + - secret + - url + type: object + status: + description: KeycloakStatus defines the observed state of Keycloak. + properties: + connected: + description: Connected shows if keycloak service is up and running. + type: boolean + required: + - connected + type: object + type: object + served: true + storage: true + subresources: + status: {} + - deprecated: true + name: v1alpha1 + schema: + openAPIV3Schema: + description: Keycloak is the Schema for the keycloaks API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakSpec defines the desired state of Keycloak. + properties: + adminType: + description: AdminType can be user or serviceAccount, if serviceAccount + was specified, then client_credentials grant type should be used + for getting admin realm token + enum: + - serviceAccount + - user + type: string + installMainRealm: + nullable: true + type: boolean + realmName: + type: string + secret: + description: Secret is the name of the k8s object Secret related to + keycloak + type: string + ssoRealmName: + type: string + url: + description: URL of keycloak service + type: string + users: + description: Users is a list of keycloak users + items: + properties: + realmRoles: + description: RealmRoles is a list of roles attached to keycloak + user + items: + type: string + type: array + username: + description: Username of keycloak user + type: string + required: + - username + type: object + nullable: true + type: array + required: + - secret + - url + type: object + status: + description: KeycloakStatus defines the observed state of Keycloak. + properties: + connected: + type: boolean + required: + - connected + type: object + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.19.0/metadata/annotations.yaml b/operators/edp-keycloak-operator/1.19.0/metadata/annotations.yaml new file mode 100644 index 00000000000..823973eafc9 --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/metadata/annotations.yaml @@ -0,0 +1,14 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: edp-keycloak-operator + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.32.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/edp-keycloak-operator/1.19.0/tests/scorecard/config.yaml b/operators/edp-keycloak-operator/1.19.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..6643020929c --- /dev/null +++ b/operators/edp-keycloak-operator/1.19.0/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.22.2 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.22.2 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.22.2 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.22.2 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.22.2 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.22.2 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}