From f82483c3b74b543d463d7c2d9f583641aad893d5 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 17 Nov 2023 09:41:07 +1100 Subject: [PATCH 001/131] dev environment --- environments/dev/Chart.yaml | 121 ++++++++++++++++++ environments/dev/templates/_helpers.tpl | 62 +++++++++ environments/dev/templates/aws_config.yaml | 10 ++ .../dev/templates/global-manifest.yaml | 19 +++ environments/dev/values.yaml | 18 +++ 5 files changed, 230 insertions(+) create mode 100644 environments/dev/Chart.yaml create mode 100644 environments/dev/templates/_helpers.tpl create mode 100644 environments/dev/templates/aws_config.yaml create mode 100644 environments/dev/templates/global-manifest.yaml create mode 100644 environments/dev/values.yaml diff --git a/environments/dev/Chart.yaml b/environments/dev/Chart.yaml new file mode 100644 index 00000000..48948d02 --- /dev/null +++ b/environments/dev/Chart.yaml @@ -0,0 +1,121 @@ +apiVersion: v2 +name: gen3 +description: Helm chart to deploy Gen3 Data Commons + +# Dependancies +dependencies: +- name: ambassador + version: "0.1.8" + repository: "file://../../helm/ambassador" + condition: ambassador.enabled +- name: arborist + version: "0.1.8" + repository: "file://../../helm/arborist" + condition: arborist.enabled +- name: argo-wrapper + version: "0.1.4" + repository: "file://../../helm/argo-wrapper" + condition: argo-wrapper.enabled +- name: audit + version: "0.1.9" + repository: "file://../../helm/audit" + condition: audit.enabled +- name: aws-es-proxy + version: "0.1.6" + repository: "file://../../helm/aws-es-proxy" + condition: aws-es-proxy.enabled +- name: common + version: "0.1.7" + repository: file://../../helm/common +- name: fence + version: "0.1.13" + repository: "file://../../helm/fence" + condition: fence.enabled +- name: guppy + version: "0.1.8" + repository: "file://../../helm/guppy" + condition: guppy.enabled +- name: hatchery + version: "0.1.6" + repository: "file://../../helm/hatchery" + condition: hatchery.enabled +- name: indexd + version: "0.1.10" + repository: "file://../../helm/indexd" + condition: indexd.enabled +- name: manifestservice + version: "0.1.10" + repository: "file://../../helm/manifestservice" + condition: manifestservice.enabled +- name: metadata + version: "0.1.8" + repository: "file://../../helm/metadata" + condition: metadata.enabled +- name: peregrine + version: "0.1.9" + repository: "file://../../helm/peregrine" + condition: peregrine.enabled +- name: pidgin + version: "0.1.7" + repository: "file://../../helm/pidgin" + condition: pidgin.enabled +- name: portal + version: "0.1.7" + repository: "file://../../helm/portal" + condition: portal.enabled +- name: requestor + version: "0.1.8" + repository: "file://../../helm/requestor" + condition: requestor.enabled +- name: revproxy + version: "0.1.11" + repository: "file://../../helm/revproxy" + condition: revproxy.enabled +- name: sheepdog + version: "0.1.10" + repository: "file://../../helm/sheepdog" + condition: sheepdog.enabled +- name: ssjdispatcher + version: "0.1.6" + repository: "file://../../helm/ssjdispatcher" + condition: ssjdispatcher.enabled +- name: sower + version: "0.1.6" + condition: sower.enabled + repository: "file://../../helm/sower" +- name: wts + version: "0.1.10" + repository: "file://../../helm/wts" + condition: wts.enabled + + +- name: elasticsearch + version: "0.1.5" + repository: "file://../../helm/elasticsearch" + condition: global.dev +- name: postgresql + version: 11.9.13 + repository: "https://charts.bitnami.com/bitnami" + condition: global.dev + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.20 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "master" + diff --git a/environments/dev/templates/_helpers.tpl b/environments/dev/templates/_helpers.tpl new file mode 100644 index 00000000..3ae97a91 --- /dev/null +++ b/environments/dev/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gen3.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gen3.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gen3.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "gen3.labels" -}} +helm.sh/chart: {{ include "gen3.chart" . }} +{{ include "gen3.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "gen3.selectorLabels" -}} +app.kubernetes.io/name: {{ include "gen3.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "gen3.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "gen3.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/environments/dev/templates/aws_config.yaml b/environments/dev/templates/aws_config.yaml new file mode 100644 index 00000000..3b51159c --- /dev/null +++ b/environments/dev/templates/aws_config.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: aws-config +type: Opaque +stringData: + credentials: | + [default] + aws_access_key_id={{.Values.secrets.awsAccessKeyId}} + aws_secret_access_key={{ .Values.secrets.awsSecretAccessKey}} \ No newline at end of file diff --git a/environments/dev/templates/global-manifest.yaml b/environments/dev/templates/global-manifest.yaml new file mode 100644 index 00000000..945088d5 --- /dev/null +++ b/environments/dev/templates/global-manifest.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: manifest-global +data: + "environment": {{ .Values.global.environment | quote }} + "hostname": {{ .Values.global.hostname | quote }} + "revproxy_arn": {{ .Values.global.revproxyArn | quote }} + "dictionary_url": {{ .Values.global.dictionaryUrl | quote }} + "portal_app": {{ .Values.global.portalApp | quote }} + "public_datasets": {{ .Values.global.publicDataSets | quote }} + "tier_access_level": {{ .Values.global.tierAccessLevel | quote }} + "tier_access_limit": {{ .Values.global.tierAccessLimit | quote }} + "netpolicy": {{ .Values.global.netPolicy | quote }} + "dispatcher_job_num": {{ .Values.global.dispatcherJobNum | quote }} + "dd_enabled": {{ .Values.global.ddEnabled | quote }} + {{- with .Values.global.origins_allow_credentials }} + "origins_allow_credentials": {{ . | toJson | quote }} + {{- end -}} \ No newline at end of file diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml new file mode 100644 index 00000000..223f5932 --- /dev/null +++ b/environments/dev/values.yaml @@ -0,0 +1,18 @@ + +global: + dev: true + hostname: localhost + namespace: dev + + aws: + enabled: false + +portal: + enabled: true + image: + repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal:latest + tag: latest + resources: + requests: + cpu: 0.2 + memory: 500Mi \ No newline at end of file From aa40d685127656e163bbf25f2b634609f516da42 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 17 Nov 2023 10:56:26 +1100 Subject: [PATCH 002/131] comment out credentials --- environments/dev/templates/aws_config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/environments/dev/templates/aws_config.yaml b/environments/dev/templates/aws_config.yaml index 3b51159c..289a55b3 100644 --- a/environments/dev/templates/aws_config.yaml +++ b/environments/dev/templates/aws_config.yaml @@ -6,5 +6,5 @@ type: Opaque stringData: credentials: | [default] - aws_access_key_id={{.Values.secrets.awsAccessKeyId}} - aws_secret_access_key={{ .Values.secrets.awsSecretAccessKey}} \ No newline at end of file + # aws_access_key_id={{.Values.secrets.awsAccessKeyId}} + # aws_secret_access_key={{ .Values.secrets.awsSecretAccessKey}} \ No newline at end of file From 9217987326a40be8f29c8b02c1d5b09eda3b90a3 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 17 Nov 2023 11:20:10 +1100 Subject: [PATCH 003/131] helmignore --- environments/dev/.helmignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 environments/dev/.helmignore diff --git a/environments/dev/.helmignore b/environments/dev/.helmignore new file mode 100644 index 00000000..e313c9c5 --- /dev/null +++ b/environments/dev/.helmignore @@ -0,0 +1 @@ +gen3/ \ No newline at end of file From 0d4d26d1b13508adb737372e01c5b8b4557ebd0b Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 17 Nov 2023 11:25:09 +1100 Subject: [PATCH 004/131] helmignore --- environments/dev/templates/aws_config.yaml | 10 ---------- environments/dev/values.yaml | 4 +++- 2 files changed, 3 insertions(+), 11 deletions(-) delete mode 100644 environments/dev/templates/aws_config.yaml diff --git a/environments/dev/templates/aws_config.yaml b/environments/dev/templates/aws_config.yaml deleted file mode 100644 index 289a55b3..00000000 --- a/environments/dev/templates/aws_config.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: aws-config -type: Opaque -stringData: - credentials: | - [default] - # aws_access_key_id={{.Values.secrets.awsAccessKeyId}} - # aws_secret_access_key={{ .Values.secrets.awsSecretAccessKey}} \ No newline at end of file diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 223f5932..7fce64ab 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -6,7 +6,9 @@ global: aws: enabled: false - +gen3: + enabled: false + portal: enabled: true image: From 0093dbdf33f390eec64d2ca0f424eabe9e92c8c3 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 17 Nov 2023 11:56:45 +1100 Subject: [PATCH 005/131] fix invalide type error --- environments/dev/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 7fce64ab..a123111e 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -8,11 +8,11 @@ global: enabled: false gen3: enabled: false - + portal: enabled: true image: - repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal:latest + repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal tag: latest resources: requests: From 8be19f055f2b7d24f48de4f7ea5f610c9dcab526 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 17 Nov 2023 12:05:26 +1100 Subject: [PATCH 006/131] fix invalide type error --- helm/guppy/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml index 9857944f..bf7635e3 100644 --- a/helm/guppy/values.yaml +++ b/helm/guppy/values.yaml @@ -47,7 +47,7 @@ global: # -- (string) Access level for tiers. tierAccessLevel: libre # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. - tierAccessLimit: 1000 + tierAccessLimit: "1000" # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. From 1b9058f7bcdee970771bc1016f8d27399bda0113 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 17 Nov 2023 12:26:33 +1100 Subject: [PATCH 007/131] fix invalide type error --- helm/guppy/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/guppy/templates/deployment.yaml b/helm/guppy/templates/deployment.yaml index ebb8bcac..47d0cc03 100644 --- a/helm/guppy/templates/deployment.yaml +++ b/helm/guppy/templates/deployment.yaml @@ -73,7 +73,7 @@ spec: - name: TIER_ACCESS_LEVEL value: {{ .Values.global.tierAccessLevel }} - name: TIER_ACCESS_LIMIT - value: {{ .Values.global.tierAccessLimit }} + value: {{ .Values.global.tierAccessLimit | quote }} {{- with .Values.volumeMounts }} From c87343870ec19b92bdfe358a9c996c0bf39fc5e2 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 17 Nov 2023 13:16:28 +1100 Subject: [PATCH 008/131] remove elasticsearch --- environments/dev/Chart.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/environments/dev/Chart.yaml b/environments/dev/Chart.yaml index 48948d02..f96a5fe6 100644 --- a/environments/dev/Chart.yaml +++ b/environments/dev/Chart.yaml @@ -88,11 +88,6 @@ dependencies: repository: "file://../../helm/wts" condition: wts.enabled - -- name: elasticsearch - version: "0.1.5" - repository: "file://../../helm/elasticsearch" - condition: global.dev - name: postgresql version: 11.9.13 repository: "https://charts.bitnami.com/bitnami" From f3a4bdc04bc757350bc88d80f77126d74d1df769 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 17 Nov 2023 14:45:54 +1100 Subject: [PATCH 009/131] enable for aws --- environments/dev/values.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index a123111e..f2b66521 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -4,8 +4,10 @@ global: hostname: localhost namespace: dev + tierAccessLimit: 1000 + aws: - enabled: false + enabled: true gen3: enabled: false From 5fb6a44f957603afbd066f0f7827e0a96fcbf972 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 17 Nov 2023 14:57:15 +1100 Subject: [PATCH 010/131] enable for aws --- environments/dev/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index f2b66521..64cc74db 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -7,7 +7,7 @@ global: tierAccessLimit: 1000 aws: - enabled: true + enabled: false gen3: enabled: false From 971fa290d5efe303a26d5b80040ed3776456c02d Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 17 Nov 2023 15:37:43 +1100 Subject: [PATCH 011/131] use default portal image --- environments/dev/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 64cc74db..d9600010 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -13,9 +13,9 @@ gen3: portal: enabled: true - image: - repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal - tag: latest + # image: + # repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal + # tag: latest resources: requests: cpu: 0.2 From 1af126bc8292cf9b8d49707241e4a91ce48205d2 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 17 Nov 2023 16:21:07 +1100 Subject: [PATCH 012/131] es --- environments/dev/Chart.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/environments/dev/Chart.yaml b/environments/dev/Chart.yaml index f96a5fe6..63644831 100644 --- a/environments/dev/Chart.yaml +++ b/environments/dev/Chart.yaml @@ -88,6 +88,12 @@ dependencies: repository: "file://../../helm/wts" condition: wts.enabled + +- name: elasticsearch + version: "0.1.5" + repository: "file://../../helm/elasticsearch" + condition: global.dev + - name: postgresql version: 11.9.13 repository: "https://charts.bitnami.com/bitnami" From 7a840e9f15a7d4a714d726e1417b3b62c16b0961 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 20 Nov 2023 13:25:01 +1100 Subject: [PATCH 013/131] enable aws --- environments/dev/values.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index d9600010..c5012416 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -4,10 +4,8 @@ global: hostname: localhost namespace: dev - tierAccessLimit: 1000 - aws: - enabled: false + enabled: true gen3: enabled: false From 668235451a6d5698b2e8273a0c3db47781e6317b Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 20 Nov 2023 13:38:37 +1100 Subject: [PATCH 014/131] sower credential commented out for testing --- helm/sower/templates/pelican-creds.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/sower/templates/pelican-creds.yaml b/helm/sower/templates/pelican-creds.yaml index cc6f526c..f3235efe 100644 --- a/helm/sower/templates/pelican-creds.yaml +++ b/helm/sower/templates/pelican-creds.yaml @@ -7,9 +7,9 @@ type: Opaque stringData: config.json: |- { - "manifest_bucket_name": "{{ .Values.pelican.bucket }}", +# "manifest_bucket_name": "{{ .Values.pelican.bucket }}", "hostname": "{{ .Values.global.hostname }}", - "aws_access_key_id": "{{ .Values.global.aws.pelican_user.access_key }}", - "aws_secret_access_key": "{{ .Values.global.aws.pelican_user.access_secret }}" +# "aws_access_key_id": "{{ .Values.global.aws.pelican_user.access_key }}", +# "aws_secret_access_key": "{{ .Values.global.aws.pelican_user.access_secret }}" } {{- end }} From cf1ef4f879c0f893308da021bdaf43f87845277c Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 20 Nov 2023 13:48:41 +1100 Subject: [PATCH 015/131] reverse proxy - aws --- helm/revproxy/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/revproxy/values.yaml b/helm/revproxy/values.yaml index 9c1c9b02..364a21a0 100644 --- a/helm/revproxy/values.yaml +++ b/helm/revproxy/values.yaml @@ -10,7 +10,7 @@ global: # -- (map) AWS configuration aws: # -- (bool) Set to true if deploying to AWS. Controls ingress annotations. - enabled: false + enabled: true # -- (string) Credentials for AWS stuff. awsAccessKeyId: # -- (string) Credentials for AWS stuff. From 676d5437714a3407068e777706bd5a1a817c9f96 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 20 Nov 2023 13:52:29 +1100 Subject: [PATCH 016/131] disable global aws --- environments/dev/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index c5012416..e5976db6 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -5,7 +5,7 @@ global: namespace: dev aws: - enabled: true + enabled: false gen3: enabled: false From daaebe8c4d16dd242e02017466519036bc2f1492 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 20 Nov 2023 14:30:59 +1100 Subject: [PATCH 017/131] reverse proxy --- environments/dev/values.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index e5976db6..0c35f0f2 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -5,10 +5,16 @@ global: namespace: dev aws: - enabled: false + enabled: true gen3: enabled: false +revproxy: + service: + type: "LoadBalancer" + +revproxyArn: arn:aws:acm:ap-southeast-2:690491147947:certificate/f7b5d099-96b9-414a-98f7-ac40abab5429 + portal: enabled: true # image: From 587a3b77bd68886fe2b59a8a5c68a0fae883d063 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 20 Nov 2023 15:50:13 +1100 Subject: [PATCH 018/131] pelican bucket --- environments/dev/values.yaml | 15 +++++++++------ helm/sower/templates/pelican-creds.yaml | 2 +- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 0c35f0f2..2c13e499 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -9,11 +9,8 @@ global: gen3: enabled: false -revproxy: - service: - type: "LoadBalancer" - -revproxyArn: arn:aws:acm:ap-southeast-2:690491147947:certificate/f7b5d099-96b9-414a-98f7-ac40abab5429 +pelican: + bucket: sandbox-s3-buckets-pelicancredss3bucketsandboxs3bu-veftfoxeyecg portal: enabled: true @@ -23,4 +20,10 @@ portal: resources: requests: cpu: 0.2 - memory: 500Mi \ No newline at end of file + memory: 500Mi + +revproxy: + service: + type: "LoadBalancer" + +revproxyArn: arn:aws:acm:ap-southeast-2:690491147947:certificate/f7b5d099-96b9-414a-98f7-ac40abab5429 diff --git a/helm/sower/templates/pelican-creds.yaml b/helm/sower/templates/pelican-creds.yaml index f3235efe..2da3a1f0 100644 --- a/helm/sower/templates/pelican-creds.yaml +++ b/helm/sower/templates/pelican-creds.yaml @@ -7,7 +7,7 @@ type: Opaque stringData: config.json: |- { -# "manifest_bucket_name": "{{ .Values.pelican.bucket }}", + "manifest_bucket_name": "{{ .Values.pelican.bucket }}", "hostname": "{{ .Values.global.hostname }}", # "aws_access_key_id": "{{ .Values.global.aws.pelican_user.access_key }}", # "aws_secret_access_key": "{{ .Values.global.aws.pelican_user.access_secret }}" From f6e3b0252f492070a38a713ffdebab72527b3283 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 20 Nov 2023 22:15:07 +1100 Subject: [PATCH 019/131] pelican bucket --- environments/dev/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 2c13e499..81e956be 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -14,9 +14,9 @@ pelican: portal: enabled: true - # image: - # repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal - # tag: latest + image: + repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal + tag: latest resources: requests: cpu: 0.2 From 1bee68cc9278631588c53c3cfd2bc070bc1fb26f Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 20 Nov 2023 22:35:08 +1100 Subject: [PATCH 020/131] not dev --- environments/dev/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 81e956be..a842fa9e 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -1,6 +1,6 @@ global: - dev: true + dev: false hostname: localhost namespace: dev From 51ca16c9c689331620ba0235330d75bef4577a15 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 21 Nov 2023 09:16:09 +1100 Subject: [PATCH 021/131] disable wts --- environments/dev/values.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index a842fa9e..0cffc040 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -27,3 +27,9 @@ revproxy: type: "LoadBalancer" revproxyArn: arn:aws:acm:ap-southeast-2:690491147947:certificate/f7b5d099-96b9-414a-98f7-ac40abab5429 + + +## disabled services +wts: + enabled: false + From e991b8ecb6798d45826c5a37ed3a1a34e9624e05 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 21 Nov 2023 09:17:45 +1100 Subject: [PATCH 022/131] disable sower --- environments/dev/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 0cffc040..cf0d9213 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -33,3 +33,5 @@ revproxyArn: arn:aws:acm:ap-southeast-2:690491147947:certificate/f7b5d099-96b9-4 wts: enabled: false +sower: + enabled: false From 1e832a7426751954c9bac84228b22da35afb3def Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 21 Nov 2023 09:21:25 +1100 Subject: [PATCH 023/131] disable sheepdog --- environments/dev/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index cf0d9213..5b589054 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -35,3 +35,6 @@ wts: sower: enabled: false + +sheepdog: + enabled: false \ No newline at end of file From d05258efcaeb30e1e77e3d5fdc49c1befbfd310a Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 21 Nov 2023 09:23:40 +1100 Subject: [PATCH 024/131] portal default image and dev env --- environments/dev/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 5b589054..d9774e6b 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -1,6 +1,6 @@ global: - dev: false + dev: true hostname: localhost namespace: dev @@ -14,9 +14,9 @@ pelican: portal: enabled: true - image: - repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal - tag: latest + # image: + # repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal + # tag: latest resources: requests: cpu: 0.2 From d30375e1459a299a2bd5b6acb864009303993dbf Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 21 Nov 2023 09:40:34 +1100 Subject: [PATCH 025/131] sheep dog --- environments/dev/values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index d9774e6b..5d9cc454 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -36,5 +36,3 @@ wts: sower: enabled: false -sheepdog: - enabled: false \ No newline at end of file From d44627fb88ab4a24f017b88f029faaf03a4c9f06 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 21 Nov 2023 10:00:23 +1100 Subject: [PATCH 026/131] disable aws --- environments/dev/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 5d9cc454..3862b21f 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -5,7 +5,7 @@ global: namespace: dev aws: - enabled: true + enabled: false gen3: enabled: false From bb9b4338d0848a2d1323bcb0100150802c049e08 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 21 Nov 2023 10:26:26 +1100 Subject: [PATCH 027/131] dev env --- environments/dev/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 3862b21f..cf6a5edf 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -5,7 +5,7 @@ global: namespace: dev aws: - enabled: false + enabled: true gen3: enabled: false @@ -31,7 +31,7 @@ revproxyArn: arn:aws:acm:ap-southeast-2:690491147947:certificate/f7b5d099-96b9-4 ## disabled services wts: - enabled: false + enabled: true sower: enabled: false From 1c8c40e0e802b1c67bf220d0d8d837955f92f627 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 21 Nov 2023 10:36:00 +1100 Subject: [PATCH 028/131] hostname --- environments/dev/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index cf6a5edf..d1c645c7 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -1,7 +1,7 @@ global: dev: true - hostname: localhost + hostname: dev.gen3.internal namespace: dev aws: From 13832d517d5ca68f954174528037b09bb672ce0b Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 21 Nov 2023 11:22:42 +1100 Subject: [PATCH 029/131] remove alb --- environments/dev/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index d1c645c7..6ccfb548 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -22,9 +22,9 @@ portal: cpu: 0.2 memory: 500Mi -revproxy: - service: - type: "LoadBalancer" +# revproxy: +# service: +# type: "LoadBalancer" revproxyArn: arn:aws:acm:ap-southeast-2:690491147947:certificate/f7b5d099-96b9-414a-98f7-ac40abab5429 From 61bbc790357a70e59ab98e521673d2b8c2f860d5 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 21 Nov 2023 11:51:45 +1100 Subject: [PATCH 030/131] portal image: --- environments/dev/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 6ccfb548..7eba5dd4 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -14,9 +14,9 @@ pelican: portal: enabled: true - # image: - # repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal - # tag: latest + image: + repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal + tag: latest resources: requests: cpu: 0.2 From ce0f7fec2d0e1cd18ae52bbfe6f87b13f0f3db61 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 21 Nov 2023 15:35:47 +1100 Subject: [PATCH 031/131] update image --- docs/portal/Dockerfile | 6 +++--- .../gitops.json | 0 environments/dev/values.yaml | 6 +++--- helm/revproxy/values.yaml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) rename docs/portal/configurations/{qureshi.planx-pla.net => dev.gen3.internal}/gitops.json (100%) diff --git a/docs/portal/Dockerfile b/docs/portal/Dockerfile index 49b6fc43..abec3809 100644 --- a/docs/portal/Dockerfile +++ b/docs/portal/Dockerfile @@ -1,7 +1,7 @@ ARG CODE_VERSION=master -FROM node:16 as builder +FROM --platform=linux/amd64 node:16 as builder -ARG PORTAL_HOSTNAME +ARG PORTAL_HOSTNAME=dev.gen3.internal ENV APP gitops ENV BASENAME / @@ -42,4 +42,4 @@ COPY --from=builder /data-portal/src/img/ /usr/share/nginx/html/src/img/ COPY --from=builder /data-portal/src/css/ /usr/share/nginx/html/src/css/ COPY overrides/dockerStart.sh dockerStart.sh -CMD bash ./dockerStart.sh \ No newline at end of file +CMD bash ./dockerStart.sh diff --git a/docs/portal/configurations/qureshi.planx-pla.net/gitops.json b/docs/portal/configurations/dev.gen3.internal/gitops.json similarity index 100% rename from docs/portal/configurations/qureshi.planx-pla.net/gitops.json rename to docs/portal/configurations/dev.gen3.internal/gitops.json diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 7eba5dd4..0434cd2e 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -22,9 +22,9 @@ portal: cpu: 0.2 memory: 500Mi -# revproxy: -# service: -# type: "LoadBalancer" +revproxy: + service: + type: "LoadBalancer" revproxyArn: arn:aws:acm:ap-southeast-2:690491147947:certificate/f7b5d099-96b9-414a-98f7-ac40abab5429 diff --git a/helm/revproxy/values.yaml b/helm/revproxy/values.yaml index 364a21a0..9c1c9b02 100644 --- a/helm/revproxy/values.yaml +++ b/helm/revproxy/values.yaml @@ -10,7 +10,7 @@ global: # -- (map) AWS configuration aws: # -- (bool) Set to true if deploying to AWS. Controls ingress annotations. - enabled: true + enabled: false # -- (string) Credentials for AWS stuff. awsAccessKeyId: # -- (string) Credentials for AWS stuff. From d71f7897381580da7a58669e91972839c79634dd Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 21 Nov 2023 16:11:09 +1100 Subject: [PATCH 032/131] update image --- environments/dev/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 0434cd2e..d1c645c7 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -14,9 +14,9 @@ pelican: portal: enabled: true - image: - repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal - tag: latest + # image: + # repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal + # tag: latest resources: requests: cpu: 0.2 From c6d0fb519cfab684e5eb4f1d3221691517221bbb Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Wed, 22 Nov 2023 08:51:00 +1100 Subject: [PATCH 033/131] db persistence --- environments/dev/values.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index d1c645c7..dd2f1654 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -22,6 +22,12 @@ portal: cpu: 0.2 memory: 500Mi +postgresql: + primary: + persistence: + # -- (bool) Option to persist the dbs data. + enabled: true + revproxy: service: type: "LoadBalancer" From f29fbd6863c910582356a3cc336d71bf7356e41e Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Wed, 22 Nov 2023 10:52:00 +1100 Subject: [PATCH 034/131] dictionary url --- environments/dev/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index dd2f1654..23e99060 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -12,6 +12,9 @@ gen3: pelican: bucket: sandbox-s3-buckets-pelicancredss3bucketsandboxs3bu-veftfoxeyecg +peregrine: + dictionaryUrl: https://biocommons-gen3-schema.s3.ap-southeast-2.amazonaws.com/cad/dev/cad.json + portal: enabled: true # image: From 06dda01e97d0bd3ff2f5a3f4df42a0df1550056b Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Wed, 22 Nov 2023 11:29:18 +1100 Subject: [PATCH 035/131] portal image --- environments/dev/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 23e99060..4ff2bb81 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -14,12 +14,12 @@ pelican: peregrine: dictionaryUrl: https://biocommons-gen3-schema.s3.ap-southeast-2.amazonaws.com/cad/dev/cad.json - + portal: enabled: true - # image: - # repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal - # tag: latest + image: + repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal + tag: latest resources: requests: cpu: 0.2 From f5d27074898089ffbbaddff62f75d3053d67fcae Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Wed, 22 Nov 2023 11:38:31 +1100 Subject: [PATCH 036/131] peregrine image --- environments/dev/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 4ff2bb81..ffb54b51 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -13,6 +13,7 @@ pelican: bucket: sandbox-s3-buckets-pelicancredss3bucketsandboxs3bu-veftfoxeyecg peregrine: + image: quay.io/cdis/peregrine:2023.12 dictionaryUrl: https://biocommons-gen3-schema.s3.ap-southeast-2.amazonaws.com/cad/dev/cad.json portal: From f1c93cb30976fbfcee6004e07398548deb53a5dc Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Wed, 22 Nov 2023 11:40:43 +1100 Subject: [PATCH 037/131] peregrine image --- environments/dev/values.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index ffb54b51..1f1d11cd 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -13,7 +13,9 @@ pelican: bucket: sandbox-s3-buckets-pelicancredss3bucketsandboxs3bu-veftfoxeyecg peregrine: - image: quay.io/cdis/peregrine:2023.12 + image: + repository: quay.io/cdis/peregrine + tag: 2023.12 dictionaryUrl: https://biocommons-gen3-schema.s3.ap-southeast-2.amazonaws.com/cad/dev/cad.json portal: From 61c517442869c9687a75abb0514df84bc751cd70 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Wed, 22 Nov 2023 11:51:56 +1100 Subject: [PATCH 038/131] peregrine image --- environments/dev/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 1f1d11cd..4a40f34a 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -16,7 +16,7 @@ peregrine: image: repository: quay.io/cdis/peregrine tag: 2023.12 - dictionaryUrl: https://biocommons-gen3-schema.s3.ap-southeast-2.amazonaws.com/cad/dev/cad.json + # dictionaryUrl: https://biocommons-gen3-schema.s3.ap-southeast-2.amazonaws.com/cad/dev/cad.json portal: enabled: true From cd8084d7e4f98a8c4db382dab63305d5a16685c4 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Wed, 22 Nov 2023 13:29:12 +1100 Subject: [PATCH 039/131] hardcode testing passwords --- environments/dev/values.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 4a40f34a..dc455f16 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -4,6 +4,31 @@ global: hostname: dev.gen3.internal namespace: dev + postgres: + dbCreate: true + master: + username: postgres + password: testingConfiguration! + port: "5432" + +fence: + postgres: + username: fence + password: testingConfiguration! + port: 5432 + +peregrine: + postgres: + username: peregrine + password: testingConfiguration! + port: 5432 + +sheepdog: + postgres: + username: sheepdog + password: testingConfiguration! + port: 5432 + aws: enabled: true gen3: From 85653be8ad7eb8a802cf37d9f985f2ac9b5c22ca Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Wed, 22 Nov 2023 13:36:59 +1100 Subject: [PATCH 040/131] hardcode testing passwords --- environments/dev/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index dc455f16..891ccf15 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -15,19 +15,19 @@ fence: postgres: username: fence password: testingConfiguration! - port: 5432 + port: "5432" peregrine: postgres: username: peregrine password: testingConfiguration! - port: 5432 + port: "5432" sheepdog: postgres: username: sheepdog password: testingConfiguration! - port: 5432 + port: "5432" aws: enabled: true From 6570087133ea7827752a395092a3b898b0cfc463 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Wed, 22 Nov 2023 13:41:43 +1100 Subject: [PATCH 041/131] hardcode testing passwords --- environments/dev/values.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 891ccf15..ae01aeb4 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -22,6 +22,10 @@ peregrine: username: peregrine password: testingConfiguration! port: "5432" + image: + repository: quay.io/cdis/peregrine + tag: 2023.01 + dictionaryUrl: https://biocommons-gen3-schema.s3.ap-southeast-2.amazonaws.com/cad/dev/cad.json sheepdog: postgres: @@ -37,11 +41,6 @@ gen3: pelican: bucket: sandbox-s3-buckets-pelicancredss3bucketsandboxs3bu-veftfoxeyecg -peregrine: - image: - repository: quay.io/cdis/peregrine - tag: 2023.12 - # dictionaryUrl: https://biocommons-gen3-schema.s3.ap-southeast-2.amazonaws.com/cad/dev/cad.json portal: enabled: true From 9a4103d2d76faab8d27b3ef166864ea2b1aa9aed Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Wed, 22 Nov 2023 13:49:28 +1100 Subject: [PATCH 042/131] portal and peregrine images --- environments/dev/values.yaml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index ae01aeb4..a4bcd19a 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -22,9 +22,6 @@ peregrine: username: peregrine password: testingConfiguration! port: "5432" - image: - repository: quay.io/cdis/peregrine - tag: 2023.01 dictionaryUrl: https://biocommons-gen3-schema.s3.ap-southeast-2.amazonaws.com/cad/dev/cad.json sheepdog: @@ -44,9 +41,9 @@ pelican: portal: enabled: true - image: - repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal - tag: latest + # image: + # repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal + # tag: latest resources: requests: cpu: 0.2 From 3ae1072d131b065deac36f01a02457fff97ef270 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Wed, 22 Nov 2023 13:50:55 +1100 Subject: [PATCH 043/131] peregrine images --- environments/dev/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index a4bcd19a..d18ac27f 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -22,6 +22,9 @@ peregrine: username: peregrine password: testingConfiguration! port: "5432" + image: + repository: quay.io/cdis/peregrine + tag: 2023.01 dictionaryUrl: https://biocommons-gen3-schema.s3.ap-southeast-2.amazonaws.com/cad/dev/cad.json sheepdog: From 1c83b70d9940ba50702c9a06f79bffb7e60945b0 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 13:45:17 +1100 Subject: [PATCH 044/131] secrets manager --- environments/dev/values.yaml | 45 +++++++++++++++---------- helm/arborist/templates/db-init.yaml | 2 ++ helm/audit/templates/db-init.yaml | 2 ++ helm/common/templates/_db_setup_job.tpl | 41 +++++++++++++++++++--- helm/fence/templates/db-init.yaml | 2 ++ helm/fence/templates/fence-creds.yaml | 15 +++++++++ helm/indexd/templates/db-init.yaml | 2 ++ helm/metadata/templates/db-init.yaml | 2 ++ helm/peregrine/templates/db-init.yaml | 2 ++ helm/requestor/templates/db-init.yaml | 2 ++ helm/sheepdog/templates/db-init.yaml | 2 ++ helm/wts/templates/db-init.yaml | 2 ++ 12 files changed, 97 insertions(+), 22 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index d18ac27f..24b2ce86 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -3,38 +3,47 @@ global: dev: true hostname: dev.gen3.internal namespace: dev + aws: + enabled: true postgres: + cloudsecrets: + enabled: true dbCreate: true - master: - username: postgres - password: testingConfiguration! - port: "5432" + # master: + # username: postgres + # password: testingConfiguration! + # port: "5432" fence: - postgres: - username: fence - password: testingConfiguration! - port: "5432" + cloudsecrets: + enabled: true + # postgres: + # username: fence + # password: testingConfiguration! + # port: "5432" peregrine: - postgres: - username: peregrine - password: testingConfiguration! - port: "5432" + cloudsecrets: + enabled: true + # postgres: + # username: peregrine + # password: testingConfiguration! + # port: "5432" image: repository: quay.io/cdis/peregrine tag: 2023.01 dictionaryUrl: https://biocommons-gen3-schema.s3.ap-southeast-2.amazonaws.com/cad/dev/cad.json sheepdog: - postgres: - username: sheepdog - password: testingConfiguration! - port: "5432" + cloudsecrets: + enabled: true + # postgres: + # username: sheepdog + # password: testingConfiguration! + # port: "5432" + - aws: - enabled: true gen3: enabled: false diff --git a/helm/arborist/templates/db-init.yaml b/helm/arborist/templates/db-init.yaml index abbefb6e..1f63aa61 100644 --- a/helm/arborist/templates/db-init.yaml +++ b/helm/arborist/templates/db-init.yaml @@ -1,6 +1,8 @@ {{ include "common.db_setup_job" . }} --- +{{- if not .Values.cloudsecrets.enabled }} {{ include "common.db-secret" . }} +{{- end }} --- {{ include "common.db_setup_sa" . }} --- diff --git a/helm/audit/templates/db-init.yaml b/helm/audit/templates/db-init.yaml index 50bd8e8f..4c7de025 100644 --- a/helm/audit/templates/db-init.yaml +++ b/helm/audit/templates/db-init.yaml @@ -1,6 +1,8 @@ {{ include "common.db_setup_job" . }} --- +{{- if not .Values.cloudsecrets.enabled }} {{ include "common.db-secret" . }} +{{- end }} --- {{ include "common.db_setup_sa" . }} --- \ No newline at end of file diff --git a/helm/common/templates/_db_setup_job.tpl b/helm/common/templates/_db_setup_job.tpl index 7acd75bb..4179f31a 100644 --- a/helm/common/templates/_db_setup_job.tpl +++ b/helm/common/templates/_db_setup_job.tpl @@ -59,17 +59,41 @@ spec: key: postgres-password optional: false {{- else }} - value: {{ .Values.global.postgres.master.password | quote}} + # Store secrets in cloud vaults or aws secrets manager for environments other than dev + # value: {{ .Values.global.postgres.master.password | quote}} + valueFrom: + secretKeyRef: + name: postgresql-secret + key: postgres-password + optional: false {{- end }} - name: PGUSER - value: {{ .Values.global.postgres.master.username | quote }} + #value: {{ .Values.global.postgres.master.username | quote }} + valueFrom: + secretKeyRef: + name: postgresql-secret + key: postgres-username + optional: false - name: PGPORT + {{- if $.Values.global.dev }} value: {{ .Values.global.postgres.master.port | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: postgresql-secret + key: postgres-port + optional: false + {{- end }} - name: PGHOST {{- if $.Values.global.dev }} value: "{{ .Release.Name }}-postgresql" {{- else }} - value: {{ .Values.global.postgres.master.host | quote }} + #value: {{ .Values.global.postgres.master.host | quote }} + valueFrom: + secretKeyRef: + name: postgresql-secret + key: postgres-host + optional: false {{- end }} - name: SERVICE_PGUSER valueFrom: @@ -145,6 +169,14 @@ kind: Secret metadata: name: {{ $.Chart.Name }}-dbcreds data: +{{- if $.Values.global.postgres.cloudsecrets.enabled }} + {{ $secret := ( lookup "v1" "Secret" .Release.Namespace "postgresql-secret" ) }} + database: {{ index $secret.data "database" | b64enc | quote}} + username: {{ index $secret.data "username" | b64enc | quote}} + port: {{ index $secret.data "port" | b64enc | quote}} + password: {{ index $secret.data "password" | b64enc | quote}} + host: {{ index $secret.data "host" | b64enc | quote}} +{{- else }} database: {{ ( $.Values.postgres.database | default (printf "%s_%s" $.Chart.Name $.Release.Name) ) | b64enc | quote}} username: {{ ( $.Values.postgres.username | default (printf "%s_%s" $.Chart.Name $.Release.Name) ) | b64enc | quote}} port: {{ $.Values.postgres.port | b64enc | quote }} @@ -154,4 +186,5 @@ data: {{- else }} host: {{ ( $.Values.postgres.host | default ( $.Values.global.postgres.master.host)) | b64enc | quote }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} +{{- end}} \ No newline at end of file diff --git a/helm/fence/templates/db-init.yaml b/helm/fence/templates/db-init.yaml index abbefb6e..1f63aa61 100644 --- a/helm/fence/templates/db-init.yaml +++ b/helm/fence/templates/db-init.yaml @@ -1,6 +1,8 @@ {{ include "common.db_setup_job" . }} --- +{{- if not .Values.cloudsecrets.enabled }} {{ include "common.db-secret" . }} +{{- end }} --- {{ include "common.db_setup_sa" . }} --- diff --git a/helm/fence/templates/fence-creds.yaml b/helm/fence/templates/fence-creds.yaml index 24cfb7ad..ed7a84d4 100644 --- a/helm/fence/templates/fence-creds.yaml +++ b/helm/fence/templates/fence-creds.yaml @@ -5,6 +5,20 @@ metadata: type: Opaque stringData: creds.json: |- + {{- if $.Values.cloudsecrets.enabled }} + {{ $secret := ( lookup "v1" "Secret" .Release.Namespace (printf "%s-%s" $.Chart.Name "cloudsecrets") ) }} + { + "db_host": {{ index $secret.data "host" | quote}}, + "db_username": {{ index $secret.data "username" | quote}}, + "db_password": {{ index $secret.data "password" | quote}}, + "db_database": {{ index $secret.data "database" | quote}}, + "hostname": "{{ .Values.global.hostname }}", + "indexd_password": "", + "google_client_secret": "YOUR.GOOGLE.SECRET", + "google_client_id": "YOUR.GOOGLE.CLIENT", + "hmac_key": "" + } + {{- else }} { "db_host": "{{ include "gen3.service-postgres" (dict "key" "host" "service" $.Chart.Name "context" $) }}", "db_username": "{{include "gen3.service-postgres" (dict "key" "username" "service" $.Chart.Name "context" $) }}", @@ -16,4 +30,5 @@ stringData: "google_client_id": "YOUR.GOOGLE.CLIENT", "hmac_key": "" } + {{-end }} diff --git a/helm/indexd/templates/db-init.yaml b/helm/indexd/templates/db-init.yaml index 0393aa73..f87ce031 100644 --- a/helm/indexd/templates/db-init.yaml +++ b/helm/indexd/templates/db-init.yaml @@ -1,4 +1,6 @@ +{{- if not .Values.cloudsecrets.enabled }} {{ include "common.db-secret" . }} +{{- end }} --- {{ include "common.db_setup_sa" . }} --- diff --git a/helm/metadata/templates/db-init.yaml b/helm/metadata/templates/db-init.yaml index 0393aa73..f87ce031 100644 --- a/helm/metadata/templates/db-init.yaml +++ b/helm/metadata/templates/db-init.yaml @@ -1,4 +1,6 @@ +{{- if not .Values.cloudsecrets.enabled }} {{ include "common.db-secret" . }} +{{- end }} --- {{ include "common.db_setup_sa" . }} --- diff --git a/helm/peregrine/templates/db-init.yaml b/helm/peregrine/templates/db-init.yaml index abbefb6e..1f63aa61 100644 --- a/helm/peregrine/templates/db-init.yaml +++ b/helm/peregrine/templates/db-init.yaml @@ -1,6 +1,8 @@ {{ include "common.db_setup_job" . }} --- +{{- if not .Values.cloudsecrets.enabled }} {{ include "common.db-secret" . }} +{{- end }} --- {{ include "common.db_setup_sa" . }} --- diff --git a/helm/requestor/templates/db-init.yaml b/helm/requestor/templates/db-init.yaml index abbefb6e..1f63aa61 100644 --- a/helm/requestor/templates/db-init.yaml +++ b/helm/requestor/templates/db-init.yaml @@ -1,6 +1,8 @@ {{ include "common.db_setup_job" . }} --- +{{- if not .Values.cloudsecrets.enabled }} {{ include "common.db-secret" . }} +{{- end }} --- {{ include "common.db_setup_sa" . }} --- diff --git a/helm/sheepdog/templates/db-init.yaml b/helm/sheepdog/templates/db-init.yaml index 0393aa73..f87ce031 100644 --- a/helm/sheepdog/templates/db-init.yaml +++ b/helm/sheepdog/templates/db-init.yaml @@ -1,4 +1,6 @@ +{{- if not .Values.cloudsecrets.enabled }} {{ include "common.db-secret" . }} +{{- end }} --- {{ include "common.db_setup_sa" . }} --- diff --git a/helm/wts/templates/db-init.yaml b/helm/wts/templates/db-init.yaml index abbefb6e..1f63aa61 100644 --- a/helm/wts/templates/db-init.yaml +++ b/helm/wts/templates/db-init.yaml @@ -1,6 +1,8 @@ {{ include "common.db_setup_job" . }} --- +{{- if not .Values.cloudsecrets.enabled }} {{ include "common.db-secret" . }} +{{- end }} --- {{ include "common.db_setup_sa" . }} --- From 9d6b261c1eaed93ffaa23e579f965bc2fab61919 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 13:46:14 +1100 Subject: [PATCH 045/131] secrets manager --- environments/dev/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 24b2ce86..2db59d3e 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -43,6 +43,9 @@ sheepdog: # password: testingConfiguration! # port: "5432" +indexd: + cloudsecrets: + enabled: true gen3: enabled: false From 364919fbedd66b37926bd5c87b6348a9d750fa17 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 13:46:36 +1100 Subject: [PATCH 046/131] secrets manager --- helm/fence/templates/fence-creds.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/fence/templates/fence-creds.yaml b/helm/fence/templates/fence-creds.yaml index ed7a84d4..1a46ee31 100644 --- a/helm/fence/templates/fence-creds.yaml +++ b/helm/fence/templates/fence-creds.yaml @@ -6,7 +6,7 @@ type: Opaque stringData: creds.json: |- {{- if $.Values.cloudsecrets.enabled }} - {{ $secret := ( lookup "v1" "Secret" .Release.Namespace (printf "%s-%s" $.Chart.Name "cloudsecrets") ) }} + {{ $secret := ( lookup "v1" "Secret" .Release.Namespace (printf "%s-%s" $.Chart.Name "dbcreds") ) }} { "db_host": {{ index $secret.data "host" | quote}}, "db_username": {{ index $secret.data "username" | quote}}, From fdfb9ab405823ce943d076993b158ee1c4fbd88b Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 14:47:22 +1100 Subject: [PATCH 047/131] update values --- environments/dev/values.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 2db59d3e..178cb079 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -1,8 +1,8 @@ global: - dev: true - hostname: dev.gen3.internal - namespace: dev + dev: false + hostname: beta.biocommons.org.au + namespace: argocd aws: enabled: true @@ -64,11 +64,11 @@ portal: cpu: 0.2 memory: 500Mi -postgresql: - primary: - persistence: - # -- (bool) Option to persist the dbs data. - enabled: true +# postgresql: +# primary: +# persistence: +# # -- (bool) Option to persist the dbs data. +# enabled: true revproxy: service: From 5caa0a964df3b3cffd0e8d2a7d4baecc657bfdc7 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 15:12:47 +1100 Subject: [PATCH 048/131] fix typo --- helm/fence/templates/fence-creds.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/fence/templates/fence-creds.yaml b/helm/fence/templates/fence-creds.yaml index 1a46ee31..3dc47875 100644 --- a/helm/fence/templates/fence-creds.yaml +++ b/helm/fence/templates/fence-creds.yaml @@ -30,5 +30,5 @@ stringData: "google_client_id": "YOUR.GOOGLE.CLIENT", "hmac_key": "" } - {{-end }} + {{- end }} From ab397eeead75768da3ceb027c974671885652ba0 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 15:22:46 +1100 Subject: [PATCH 049/131] fix typo --- helm/fence/templates/fence-creds.yaml | 2 +- helm/wts/templates/db-init.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/fence/templates/fence-creds.yaml b/helm/fence/templates/fence-creds.yaml index 3dc47875..5b0bce27 100644 --- a/helm/fence/templates/fence-creds.yaml +++ b/helm/fence/templates/fence-creds.yaml @@ -5,7 +5,7 @@ metadata: type: Opaque stringData: creds.json: |- - {{- if $.Values.cloudsecrets.enabled }} + {{- if $.Values.cloudsecrets.enabled | default false }} {{ $secret := ( lookup "v1" "Secret" .Release.Namespace (printf "%s-%s" $.Chart.Name "dbcreds") ) }} { "db_host": {{ index $secret.data "host" | quote}}, diff --git a/helm/wts/templates/db-init.yaml b/helm/wts/templates/db-init.yaml index 1f63aa61..205bbb13 100644 --- a/helm/wts/templates/db-init.yaml +++ b/helm/wts/templates/db-init.yaml @@ -1,6 +1,6 @@ {{ include "common.db_setup_job" . }} --- -{{- if not .Values.cloudsecrets.enabled }} +{{- if not .Values.cloudsecrets.enabled | default false }} {{ include "common.db-secret" . }} {{- end }} --- From 72f309d6c3f92a464962e2ec6f437edadeaeacee Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 15:26:02 +1100 Subject: [PATCH 050/131] fix typo --- helm/wts/templates/db-init.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/helm/wts/templates/db-init.yaml b/helm/wts/templates/db-init.yaml index 205bbb13..c550dd4a 100644 --- a/helm/wts/templates/db-init.yaml +++ b/helm/wts/templates/db-init.yaml @@ -1,6 +1,7 @@ {{ include "common.db_setup_job" . }} --- -{{- if not .Values.cloudsecrets.enabled | default false }} +{{- if .Values.cloudsecrets.enabled }} +{{- else }} {{ include "common.db-secret" . }} {{- end }} --- From c2d77467c617feaab90b455ad12e6dffbe765feb Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 15:40:39 +1100 Subject: [PATCH 051/131] fix typo --- helm/wts/templates/db-init.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/wts/templates/db-init.yaml b/helm/wts/templates/db-init.yaml index c550dd4a..314ac3cc 100644 --- a/helm/wts/templates/db-init.yaml +++ b/helm/wts/templates/db-init.yaml @@ -1,6 +1,6 @@ {{ include "common.db_setup_job" . }} --- -{{- if .Values.cloudsecrets.enabled }} +{{- if eq ( default .Values.cloudsecrets.enabled false) true }} {{- else }} {{ include "common.db-secret" . }} {{- end }} From aab6851bc4d0aaeee994abc2e7739611bf1bd09b Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 15:44:00 +1100 Subject: [PATCH 052/131] fix typo --- helm/wts/templates/db-init.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/wts/templates/db-init.yaml b/helm/wts/templates/db-init.yaml index 314ac3cc..0940c88b 100644 --- a/helm/wts/templates/db-init.yaml +++ b/helm/wts/templates/db-init.yaml @@ -1,6 +1,6 @@ {{ include "common.db_setup_job" . }} --- -{{- if eq ( default .Values.cloudsecrets.enabled false) true }} +{{- if .Values.cloudsecrets.enabled | default false }} {{- else }} {{ include "common.db-secret" . }} {{- end }} From 8d76ad5b954233bb42b8dfdb8a9669deca1332de Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 15:46:45 +1100 Subject: [PATCH 053/131] fix typo --- helm/wts/templates/db-init.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/helm/wts/templates/db-init.yaml b/helm/wts/templates/db-init.yaml index 0940c88b..abbefb6e 100644 --- a/helm/wts/templates/db-init.yaml +++ b/helm/wts/templates/db-init.yaml @@ -1,9 +1,6 @@ {{ include "common.db_setup_job" . }} --- -{{- if .Values.cloudsecrets.enabled | default false }} -{{- else }} {{ include "common.db-secret" . }} -{{- end }} --- {{ include "common.db_setup_sa" . }} --- From c06d8058a986ce7a4220fb90e52db6dc5543788a Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 15:56:21 +1100 Subject: [PATCH 054/131] fix typo --- helm/common/templates/_db_setup_job.tpl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/helm/common/templates/_db_setup_job.tpl b/helm/common/templates/_db_setup_job.tpl index 4179f31a..152cb651 100644 --- a/helm/common/templates/_db_setup_job.tpl +++ b/helm/common/templates/_db_setup_job.tpl @@ -171,11 +171,11 @@ metadata: data: {{- if $.Values.global.postgres.cloudsecrets.enabled }} {{ $secret := ( lookup "v1" "Secret" .Release.Namespace "postgresql-secret" ) }} - database: {{ index $secret.data "database" | b64enc | quote}} - username: {{ index $secret.data "username" | b64enc | quote}} - port: {{ index $secret.data "port" | b64enc | quote}} - password: {{ index $secret.data "password" | b64enc | quote}} - host: {{ index $secret.data "host" | b64enc | quote}} + database: {{ ( index $secret.data "database" | default (printf "%s_%s" $.Chart.Name $.Release.Name) ) | b64enc | quote }} + username: {{ ( index $secret.data "username" | default (printf "%s_%s" $.Chart.Name $.Release.Name) ) | b64enc | quote }} + port: {{ index $secret.data "port" | b64enc | quote }} + password: {{ index $secret.data "password" | b64enc | quote }} + host: {{ index $secret.data "host" | b64enc | quote }} {{- else }} database: {{ ( $.Values.postgres.database | default (printf "%s_%s" $.Chart.Name $.Release.Name) ) | b64enc | quote}} username: {{ ( $.Values.postgres.username | default (printf "%s_%s" $.Chart.Name $.Release.Name) ) | b64enc | quote}} From c615a89fe7aed33a55e49b6f189da227975e5f5b Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 16:05:33 +1100 Subject: [PATCH 055/131] fix typo --- helm/common/templates/_db_setup_job.tpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/common/templates/_db_setup_job.tpl b/helm/common/templates/_db_setup_job.tpl index 152cb651..e8f49489 100644 --- a/helm/common/templates/_db_setup_job.tpl +++ b/helm/common/templates/_db_setup_job.tpl @@ -171,8 +171,8 @@ metadata: data: {{- if $.Values.global.postgres.cloudsecrets.enabled }} {{ $secret := ( lookup "v1" "Secret" .Release.Namespace "postgresql-secret" ) }} - database: {{ ( index $secret.data "database" | default (printf "%s_%s" $.Chart.Name $.Release.Name) ) | b64enc | quote }} - username: {{ ( index $secret.data "username" | default (printf "%s_%s" $.Chart.Name $.Release.Name) ) | b64enc | quote }} + database: {{ ( index $secret.data.database | default (printf "%s_%s" $.Chart.Name $.Release.Name) ) | b64enc | quote }} + username: {{ ( index $secret.data.username | default (printf "%s_%s" $.Chart.Name $.Release.Name) ) | b64enc | quote }} port: {{ index $secret.data "port" | b64enc | quote }} password: {{ index $secret.data "password" | b64enc | quote }} host: {{ index $secret.data "host" | b64enc | quote }} From bbe488375b081e1005ba5b51e019dfd6a8d1d194 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 16:11:28 +1100 Subject: [PATCH 056/131] fix typo --- helm/common/templates/_db_setup_job.tpl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/helm/common/templates/_db_setup_job.tpl b/helm/common/templates/_db_setup_job.tpl index e8f49489..287e1b20 100644 --- a/helm/common/templates/_db_setup_job.tpl +++ b/helm/common/templates/_db_setup_job.tpl @@ -171,7 +171,8 @@ metadata: data: {{- if $.Values.global.postgres.cloudsecrets.enabled }} {{ $secret := ( lookup "v1" "Secret" .Release.Namespace "postgresql-secret" ) }} - database: {{ ( index $secret.data.database | default (printf "%s_%s" $.Chart.Name $.Release.Name) ) | b64enc | quote }} + {{ $name := (printf "%s_%s" $.Chart.Name $.Release.Name) }} + database: {{ ( index $secret.data.database | default $name ) | b64enc | quote }} username: {{ ( index $secret.data.username | default (printf "%s_%s" $.Chart.Name $.Release.Name) ) | b64enc | quote }} port: {{ index $secret.data "port" | b64enc | quote }} password: {{ index $secret.data "password" | b64enc | quote }} From 38a2a5dddaf88ea7f65fa8eee67564fac7d281de Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 16:16:55 +1100 Subject: [PATCH 057/131] fix typo --- helm/common/templates/_db_setup_job.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/common/templates/_db_setup_job.tpl b/helm/common/templates/_db_setup_job.tpl index 287e1b20..7b3bbbab 100644 --- a/helm/common/templates/_db_setup_job.tpl +++ b/helm/common/templates/_db_setup_job.tpl @@ -170,7 +170,7 @@ metadata: name: {{ $.Chart.Name }}-dbcreds data: {{- if $.Values.global.postgres.cloudsecrets.enabled }} - {{ $secret := ( lookup "v1" "Secret" .Release.Namespace "postgresql-secret" ) }} + {{ $secret := ( lookup "v1" "Secret" "argocd" "postgresql-secret" ) }} {{ $name := (printf "%s_%s" $.Chart.Name $.Release.Name) }} database: {{ ( index $secret.data.database | default $name ) | b64enc | quote }} username: {{ ( index $secret.data.username | default (printf "%s_%s" $.Chart.Name $.Release.Name) ) | b64enc | quote }} From b34f1faa602ed4a00585fb488c5ad993c82f3eba Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 18:10:42 +1100 Subject: [PATCH 058/131] updates --- helm/common/templates/_db_setup_job.tpl | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/helm/common/templates/_db_setup_job.tpl b/helm/common/templates/_db_setup_job.tpl index 7b3bbbab..0c6e1373 100644 --- a/helm/common/templates/_db_setup_job.tpl +++ b/helm/common/templates/_db_setup_job.tpl @@ -169,15 +169,6 @@ kind: Secret metadata: name: {{ $.Chart.Name }}-dbcreds data: -{{- if $.Values.global.postgres.cloudsecrets.enabled }} - {{ $secret := ( lookup "v1" "Secret" "argocd" "postgresql-secret" ) }} - {{ $name := (printf "%s_%s" $.Chart.Name $.Release.Name) }} - database: {{ ( index $secret.data.database | default $name ) | b64enc | quote }} - username: {{ ( index $secret.data.username | default (printf "%s_%s" $.Chart.Name $.Release.Name) ) | b64enc | quote }} - port: {{ index $secret.data "port" | b64enc | quote }} - password: {{ index $secret.data "password" | b64enc | quote }} - host: {{ index $secret.data "host" | b64enc | quote }} -{{- else }} database: {{ ( $.Values.postgres.database | default (printf "%s_%s" $.Chart.Name $.Release.Name) ) | b64enc | quote}} username: {{ ( $.Values.postgres.username | default (printf "%s_%s" $.Chart.Name $.Release.Name) ) | b64enc | quote}} port: {{ $.Values.postgres.port | b64enc | quote }} @@ -187,5 +178,4 @@ data: {{- else }} host: {{ ( $.Values.postgres.host | default ( $.Values.global.postgres.master.host)) | b64enc | quote }} {{- end }} -{{- end }} {{- end}} \ No newline at end of file From a5d0caedda202a32f470266a4b62bd4b1ac97afb Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 18:15:03 +1100 Subject: [PATCH 059/131] updates --- helm/wts/templates/db-init.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/wts/templates/db-init.yaml b/helm/wts/templates/db-init.yaml index abbefb6e..233f4e7d 100644 --- a/helm/wts/templates/db-init.yaml +++ b/helm/wts/templates/db-init.yaml @@ -1,6 +1,6 @@ {{ include "common.db_setup_job" . }} --- -{{ include "common.db-secret" . }} +#{{ include "common.db-secret" . }} --- {{ include "common.db_setup_sa" . }} --- From b7f07314c063f767c6b76cc1e7b13a4d3db26486 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 18:17:57 +1100 Subject: [PATCH 060/131] updates --- helm/wts/templates/db-init.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/wts/templates/db-init.yaml b/helm/wts/templates/db-init.yaml index 233f4e7d..26cc609a 100644 --- a/helm/wts/templates/db-init.yaml +++ b/helm/wts/templates/db-init.yaml @@ -1,5 +1,6 @@ {{ include "common.db_setup_job" . }} --- +# TO DO: check if cloudsecret is enabled #{{ include "common.db-secret" . }} --- {{ include "common.db_setup_sa" . }} From f552f6c04ea9d8a56d44401f6a4b125bee3f3b70 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 18:23:19 +1100 Subject: [PATCH 061/131] updates --- helm/wts/templates/db-init.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/helm/wts/templates/db-init.yaml b/helm/wts/templates/db-init.yaml index 26cc609a..6223a6e5 100644 --- a/helm/wts/templates/db-init.yaml +++ b/helm/wts/templates/db-init.yaml @@ -1,7 +1,6 @@ {{ include "common.db_setup_job" . }} --- -# TO DO: check if cloudsecret is enabled -#{{ include "common.db-secret" . }} ---- +# TO DO: check if cloudsecret is enabled + {{ include "common.db_setup_sa" . }} --- From 4eb18d6364fdae1aabbea686380190d8e74b3b46 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 18:27:05 +1100 Subject: [PATCH 062/131] updates --- helm/arborist/templates/db-init.yaml | 4 +--- helm/audit/templates/db-init.yaml | 4 +--- helm/metadata/templates/db-init.yaml | 4 +--- helm/requestor/templates/db-init.yaml | 6 +++--- 4 files changed, 6 insertions(+), 12 deletions(-) diff --git a/helm/arborist/templates/db-init.yaml b/helm/arborist/templates/db-init.yaml index 1f63aa61..4a94566c 100644 --- a/helm/arborist/templates/db-init.yaml +++ b/helm/arborist/templates/db-init.yaml @@ -1,8 +1,6 @@ {{ include "common.db_setup_job" . }} --- -{{- if not .Values.cloudsecrets.enabled }} -{{ include "common.db-secret" . }} -{{- end }} +##{{ include "common.db-secret" . }} --- {{ include "common.db_setup_sa" . }} --- diff --git a/helm/audit/templates/db-init.yaml b/helm/audit/templates/db-init.yaml index 4c7de025..ce2f3a60 100644 --- a/helm/audit/templates/db-init.yaml +++ b/helm/audit/templates/db-init.yaml @@ -1,8 +1,6 @@ {{ include "common.db_setup_job" . }} --- -{{- if not .Values.cloudsecrets.enabled }} -{{ include "common.db-secret" . }} -{{- end }} +##{{ include "common.db-secret" . }} --- {{ include "common.db_setup_sa" . }} --- \ No newline at end of file diff --git a/helm/metadata/templates/db-init.yaml b/helm/metadata/templates/db-init.yaml index f87ce031..4dea7bd7 100644 --- a/helm/metadata/templates/db-init.yaml +++ b/helm/metadata/templates/db-init.yaml @@ -1,6 +1,4 @@ -{{- if not .Values.cloudsecrets.enabled }} -{{ include "common.db-secret" . }} -{{- end }} +## {{ include "common.db-secret" . }} --- {{ include "common.db_setup_sa" . }} --- diff --git a/helm/requestor/templates/db-init.yaml b/helm/requestor/templates/db-init.yaml index 1f63aa61..f566c58a 100644 --- a/helm/requestor/templates/db-init.yaml +++ b/helm/requestor/templates/db-init.yaml @@ -1,8 +1,8 @@ {{ include "common.db_setup_job" . }} --- -{{- if not .Values.cloudsecrets.enabled }} -{{ include "common.db-secret" . }} -{{- end }} + +## {{ include "common.db-secret" . }} + --- {{ include "common.db_setup_sa" . }} --- From a97fe13358cd9fd8f4cee18a51fa7452ab200823 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 18:30:43 +1100 Subject: [PATCH 063/131] updates --- helm/arborist/templates/db-init.yaml | 3 +-- helm/audit/templates/db-init.yaml | 3 +-- helm/metadata/templates/db-init.yaml | 3 +-- helm/requestor/templates/db-init.yaml | 3 --- 4 files changed, 3 insertions(+), 9 deletions(-) diff --git a/helm/arborist/templates/db-init.yaml b/helm/arborist/templates/db-init.yaml index 4a94566c..4ee9b048 100644 --- a/helm/arborist/templates/db-init.yaml +++ b/helm/arborist/templates/db-init.yaml @@ -1,6 +1,5 @@ {{ include "common.db_setup_job" . }} --- -##{{ include "common.db-secret" . }} ---- + {{ include "common.db_setup_sa" . }} --- diff --git a/helm/audit/templates/db-init.yaml b/helm/audit/templates/db-init.yaml index ce2f3a60..802ec4a1 100644 --- a/helm/audit/templates/db-init.yaml +++ b/helm/audit/templates/db-init.yaml @@ -1,6 +1,5 @@ {{ include "common.db_setup_job" . }} --- -##{{ include "common.db-secret" . }} ---- + {{ include "common.db_setup_sa" . }} --- \ No newline at end of file diff --git a/helm/metadata/templates/db-init.yaml b/helm/metadata/templates/db-init.yaml index 4dea7bd7..01f05854 100644 --- a/helm/metadata/templates/db-init.yaml +++ b/helm/metadata/templates/db-init.yaml @@ -1,5 +1,4 @@ -## {{ include "common.db-secret" . }} ---- + {{ include "common.db_setup_sa" . }} --- {{- if .Values.dbRestore }} diff --git a/helm/requestor/templates/db-init.yaml b/helm/requestor/templates/db-init.yaml index f566c58a..3745ff53 100644 --- a/helm/requestor/templates/db-init.yaml +++ b/helm/requestor/templates/db-init.yaml @@ -1,7 +1,4 @@ {{ include "common.db_setup_job" . }} ---- - -## {{ include "common.db-secret" . }} --- {{ include "common.db_setup_sa" . }} From d98d354891808f7ef276e0405c92c9f553deb588 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 19:49:57 +1100 Subject: [PATCH 064/131] updates --- helm/fence/templates/fence-creds.yaml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/helm/fence/templates/fence-creds.yaml b/helm/fence/templates/fence-creds.yaml index 5b0bce27..24cfb7ad 100644 --- a/helm/fence/templates/fence-creds.yaml +++ b/helm/fence/templates/fence-creds.yaml @@ -5,20 +5,6 @@ metadata: type: Opaque stringData: creds.json: |- - {{- if $.Values.cloudsecrets.enabled | default false }} - {{ $secret := ( lookup "v1" "Secret" .Release.Namespace (printf "%s-%s" $.Chart.Name "dbcreds") ) }} - { - "db_host": {{ index $secret.data "host" | quote}}, - "db_username": {{ index $secret.data "username" | quote}}, - "db_password": {{ index $secret.data "password" | quote}}, - "db_database": {{ index $secret.data "database" | quote}}, - "hostname": "{{ .Values.global.hostname }}", - "indexd_password": "", - "google_client_secret": "YOUR.GOOGLE.SECRET", - "google_client_id": "YOUR.GOOGLE.CLIENT", - "hmac_key": "" - } - {{- else }} { "db_host": "{{ include "gen3.service-postgres" (dict "key" "host" "service" $.Chart.Name "context" $) }}", "db_username": "{{include "gen3.service-postgres" (dict "key" "username" "service" $.Chart.Name "context" $) }}", @@ -30,5 +16,4 @@ stringData: "google_client_id": "YOUR.GOOGLE.CLIENT", "hmac_key": "" } - {{- end }} From 070c7d7fb2646f54743a08018884096beba450d1 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 1 Dec 2023 22:11:26 +1100 Subject: [PATCH 065/131] update secrets --- helm/common/templates/_db_setup_job.tpl | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/helm/common/templates/_db_setup_job.tpl b/helm/common/templates/_db_setup_job.tpl index 0c6e1373..23d45523 100644 --- a/helm/common/templates/_db_setup_job.tpl +++ b/helm/common/templates/_db_setup_job.tpl @@ -63,16 +63,16 @@ spec: # value: {{ .Values.global.postgres.master.password | quote}} valueFrom: secretKeyRef: - name: postgresql-secret - key: postgres-password + name: {{ .Chart.Name }}-dbcreds + key: password optional: false {{- end }} - name: PGUSER #value: {{ .Values.global.postgres.master.username | quote }} valueFrom: secretKeyRef: - name: postgresql-secret - key: postgres-username + name: {{ .Chart.Name }}-dbcreds + key: username optional: false - name: PGPORT {{- if $.Values.global.dev }} @@ -80,8 +80,8 @@ spec: {{- else }} valueFrom: secretKeyRef: - name: postgresql-secret - key: postgres-port + name: {{ .Chart.Name }}-dbcreds + key: port optional: false {{- end }} - name: PGHOST @@ -91,8 +91,8 @@ spec: #value: {{ .Values.global.postgres.master.host | quote }} valueFrom: secretKeyRef: - name: postgresql-secret - key: postgres-host + name: {{ .Chart.Name }}-dbcreds + key: host optional: false {{- end }} - name: SERVICE_PGUSER From af288ccb79f5d0bff796f67e0bc6067dc90de3f8 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 4 Dec 2023 09:21:59 +1100 Subject: [PATCH 066/131] secrets manager --- environments/dev/values.yaml | 22 +-- helm/arborist/templates/db-init.yaml | 13 +- helm/audit/templates/db-init.yaml | 15 +- helm/common/templates/_cloud_db_setup_job.tpl | 142 ++++++++++++++++++ helm/common/templates/_db_setup_job.tpl | 32 +--- helm/fence/templates/db-init.yaml | 14 +- helm/fence/templates/fence-creds.yaml | 3 +- helm/indexd/templates/db-init.yaml | 17 ++- helm/metadata/templates/db-init.yaml | 15 +- helm/peregrine/templates/db-init.yaml | 14 +- helm/requestor/templates/db-init.yaml | 13 +- helm/sheepdog/templates/db-init.yaml | 17 ++- helm/wts/templates/db-init.yaml | 14 +- 13 files changed, 241 insertions(+), 90 deletions(-) create mode 100644 helm/common/templates/_cloud_db_setup_job.tpl diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 178cb079..ebc383aa 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -5,10 +5,9 @@ global: namespace: argocd aws: enabled: true - + cloudsecrets: + enabled: true postgres: - cloudsecrets: - enabled: true dbCreate: true # master: # username: postgres @@ -16,16 +15,12 @@ global: # port: "5432" fence: - cloudsecrets: - enabled: true # postgres: # username: fence # password: testingConfiguration! # port: "5432" peregrine: - cloudsecrets: - enabled: true # postgres: # username: peregrine # password: testingConfiguration! @@ -36,16 +31,11 @@ peregrine: dictionaryUrl: https://biocommons-gen3-schema.s3.ap-southeast-2.amazonaws.com/cad/dev/cad.json sheepdog: - cloudsecrets: - enabled: true # postgres: # username: sheepdog # password: testingConfiguration! # port: "5432" -indexd: - cloudsecrets: - enabled: true gen3: enabled: false @@ -78,9 +68,9 @@ revproxyArn: arn:aws:acm:ap-southeast-2:690491147947:certificate/f7b5d099-96b9-4 ## disabled services -wts: - enabled: true +# wts: +# enabled: true -sower: - enabled: false +# sower: +# enabled: false diff --git a/helm/arborist/templates/db-init.yaml b/helm/arborist/templates/db-init.yaml index 4ee9b048..9f08d0e9 100644 --- a/helm/arborist/templates/db-init.yaml +++ b/helm/arborist/templates/db-init.yaml @@ -1,5 +1,12 @@ -{{ include "common.db_setup_job" . }} +{{- if .Values.global.cloudsecrets.enabled | default false }} + {{ include "common.cloud_db_setup_job" . }} --- - -{{ include "common.db_setup_sa" . }} + {{ include "common.cloud_db_setup_sa" . }} --- +{{- else }} + {{ include "common.db_setup_job" . }} +--- + {{ include "common.db-secret" . }} +--- + {{ include "common.db_setup_sa" . }} +{{- end }} \ No newline at end of file diff --git a/helm/audit/templates/db-init.yaml b/helm/audit/templates/db-init.yaml index 802ec4a1..9f08d0e9 100644 --- a/helm/audit/templates/db-init.yaml +++ b/helm/audit/templates/db-init.yaml @@ -1,5 +1,12 @@ -{{ include "common.db_setup_job" . }} +{{- if .Values.global.cloudsecrets.enabled | default false }} + {{ include "common.cloud_db_setup_job" . }} --- - -{{ include "common.db_setup_sa" . }} ---- \ No newline at end of file + {{ include "common.cloud_db_setup_sa" . }} +--- +{{- else }} + {{ include "common.db_setup_job" . }} +--- + {{ include "common.db-secret" . }} +--- + {{ include "common.db_setup_sa" . }} +{{- end }} \ No newline at end of file diff --git a/helm/common/templates/_cloud_db_setup_job.tpl b/helm/common/templates/_cloud_db_setup_job.tpl new file mode 100644 index 00000000..cca46652 --- /dev/null +++ b/helm/common/templates/_cloud_db_setup_job.tpl @@ -0,0 +1,142 @@ +# DB Setup ServiceAccount +# Needs to update/ create secrets to signal that db is ready for use. +{{- define "common.cloud_db_setup_sa" -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-dbcreate-sa +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Chart.Name }}-dbcreate-role +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-dbcreate-rolebinding +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-dbcreate-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ .Chart.Name }}-dbcreate-role + apiGroup: rbac.authorization.k8s.io +{{- end }} + +# DB Setup Job +{{- define "common.cloud_db_setup_job" -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-dbcreate +spec: + template: + metadata: + labels: + # TODO : READ FROM CENTRAL FUNCTION TOO? + app: gen3job + spec: + serviceAccountName: {{ .Chart.Name }}-dbcreate-sa + restartPolicy: Never + containers: + - name: db-setup + # TODO: READ THIS IMAGE FROM GLOBAL VALUES? + image: quay.io/cdis/awshelper:master + imagePullPolicy: Always + command: ["/bin/bash", "-c"] + env: + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-dbcreds + key: password + optional: false + {{- end }} + - name: PGUSER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-dbcreds + key: username + optional: false + - name: PGPORT + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-dbcreds + key: port + optional: false + {{- end }} + - name: PGHOST + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-dbcreds + key: host + optional: false + {{- end }} + - name: SERVICE_PGUSER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-dbcreds + key: svc_username + optional: false + - name: SERVICE_PGDB + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-dbcreds + key: database + optional: false + - name: SERVICE_PGPASS + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-dbcreds + key: svc_password + optional: false + - name: GEN3_HOME + value: /home/ubuntu/cloud-automation + args: + - | + #!/bin/bash + set -e + + source "${GEN3_HOME}/gen3/lib/utils.sh" + gen3_load "gen3/gen3setup" + + echo "PGHOST=$PGHOST" + echo "PGPORT=$PGPORT" + echo "PGUSER=$PGUSER" + + echo "SERVICE_PGDB=$SERVICE_PGDB" + echo "SERVICE_PGUSER=$SERVICE_PGUSER" + + until pg_isready -h $PGHOST -p $PGPORT -U $SERVICE_PGUSER -d template1 + do + >&2 echo "Postgres is unavailable - sleeping" + sleep 5 + done + >&2 echo "Postgres is up - executing command" + + + if psql -lqt | cut -d \| -f 1 | grep -qw $SERVICE_PGDB; then + gen3_log_info "Database exists" + PGPASSWORD=$SERVICE_PGPASS psql -d $SERVICE_PGDB -h $PGHOST -p $PGPORT -U $SERVICE_PGUSER -c "\conninfo" + + # Update secret to signal that db is ready, and services can start + kubectl patch secret/{{ .Chart.Name }}-dbcreds -p '{"data":{"dbcreated":"dHJ1ZQo="}}' + else + echo "database does not exist" + psql -tc "SELECT 1 FROM pg_database WHERE datname = '$SERVICE_PGDB'" | grep -q 1 || psql -c "CREATE DATABASE \"$SERVICE_PGDB\";" + gen3_log_info psql -tc "SELECT 1 FROM pg_user WHERE usename = '$SERVICE_PGUSER'" | grep -q 1 || psql -c "CREATE USER \"$SERVICE_PGUSER\" WITH PASSWORD '$SERVICE_PGPASS';" + psql -tc "SELECT 1 FROM pg_user WHERE usename = '$SERVICE_PGUSER'" | grep -q 1 || psql -c "CREATE USER \"$SERVICE_PGUSER\" WITH PASSWORD '$SERVICE_PGPASS';" + psql -c "GRANT ALL ON DATABASE \"$SERVICE_PGDB\" TO \"$SERVICE_PGUSER\" WITH GRANT OPTION;" + psql -d $SERVICE_PGDB -c "CREATE EXTENSION ltree; ALTER ROLE \"$SERVICE_PGUSER\" WITH LOGIN" + PGPASSWORD=$SERVICE_PGPASS psql -d $SERVICE_PGDB -h $PGHOST -p $PGPORT -U $SERVICE_PGUSER -c "\conninfo" + + # Update secret to signal that db has been created, and services can start + kubectl patch secret/{{ .Chart.Name }}-dbcreds -p '{"data":{"dbcreated":"dHJ1ZQo="}}' + fi +{{- end }} diff --git a/helm/common/templates/_db_setup_job.tpl b/helm/common/templates/_db_setup_job.tpl index 23d45523..7acd75bb 100644 --- a/helm/common/templates/_db_setup_job.tpl +++ b/helm/common/templates/_db_setup_job.tpl @@ -59,41 +59,17 @@ spec: key: postgres-password optional: false {{- else }} - # Store secrets in cloud vaults or aws secrets manager for environments other than dev - # value: {{ .Values.global.postgres.master.password | quote}} - valueFrom: - secretKeyRef: - name: {{ .Chart.Name }}-dbcreds - key: password - optional: false + value: {{ .Values.global.postgres.master.password | quote}} {{- end }} - name: PGUSER - #value: {{ .Values.global.postgres.master.username | quote }} - valueFrom: - secretKeyRef: - name: {{ .Chart.Name }}-dbcreds - key: username - optional: false + value: {{ .Values.global.postgres.master.username | quote }} - name: PGPORT - {{- if $.Values.global.dev }} value: {{ .Values.global.postgres.master.port | quote }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Chart.Name }}-dbcreds - key: port - optional: false - {{- end }} - name: PGHOST {{- if $.Values.global.dev }} value: "{{ .Release.Name }}-postgresql" {{- else }} - #value: {{ .Values.global.postgres.master.host | quote }} - valueFrom: - secretKeyRef: - name: {{ .Chart.Name }}-dbcreds - key: host - optional: false + value: {{ .Values.global.postgres.master.host | quote }} {{- end }} - name: SERVICE_PGUSER valueFrom: @@ -178,4 +154,4 @@ data: {{- else }} host: {{ ( $.Values.postgres.host | default ( $.Values.global.postgres.master.host)) | b64enc | quote }} {{- end }} -{{- end}} \ No newline at end of file +{{- end }} \ No newline at end of file diff --git a/helm/fence/templates/db-init.yaml b/helm/fence/templates/db-init.yaml index 1f63aa61..ba790d32 100644 --- a/helm/fence/templates/db-init.yaml +++ b/helm/fence/templates/db-init.yaml @@ -1,8 +1,12 @@ -{{ include "common.db_setup_job" . }} +{{- if .Values.global.cloudsecrets.enabled | default false }} + {{ include "common.cloud_db_setup_job" . }} --- -{{- if not .Values.cloudsecrets.enabled }} -{{ include "common.db-secret" . }} -{{- end }} + {{ include "common.cloud_db_setup_sa" . }} +--- +{{- else }} + {{ include "common.db_setup_job" . }} --- -{{ include "common.db_setup_sa" . }} + {{ include "common.db-secret" . }} --- + {{ include "common.db_setup_sa" . }} +{{- end }} diff --git a/helm/fence/templates/fence-creds.yaml b/helm/fence/templates/fence-creds.yaml index 24cfb7ad..fa229b07 100644 --- a/helm/fence/templates/fence-creds.yaml +++ b/helm/fence/templates/fence-creds.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.global.cloudsecrets.enabled | default true }} apiVersion: v1 kind: Secret metadata: @@ -16,4 +17,4 @@ stringData: "google_client_id": "YOUR.GOOGLE.CLIENT", "hmac_key": "" } - +{{- end }} diff --git a/helm/indexd/templates/db-init.yaml b/helm/indexd/templates/db-init.yaml index f87ce031..9f08d0e9 100644 --- a/helm/indexd/templates/db-init.yaml +++ b/helm/indexd/templates/db-init.yaml @@ -1,11 +1,12 @@ -{{- if not .Values.cloudsecrets.enabled }} -{{ include "common.db-secret" . }} -{{- end }} +{{- if .Values.global.cloudsecrets.enabled | default false }} + {{ include "common.cloud_db_setup_job" . }} --- -{{ include "common.db_setup_sa" . }} + {{ include "common.cloud_db_setup_sa" . }} --- -{{- if .Values.dbRestore }} -{{ include "common.s3_pg_restore" . }} {{- else }} -{{ include "common.db_setup_job" . }} -{{- end -}} \ No newline at end of file + {{ include "common.db_setup_job" . }} +--- + {{ include "common.db-secret" . }} +--- + {{ include "common.db_setup_sa" . }} +{{- end }} \ No newline at end of file diff --git a/helm/metadata/templates/db-init.yaml b/helm/metadata/templates/db-init.yaml index 01f05854..85067f72 100644 --- a/helm/metadata/templates/db-init.yaml +++ b/helm/metadata/templates/db-init.yaml @@ -1,8 +1,13 @@ -{{ include "common.db_setup_sa" . }} +{{- if .Values.global.cloudsecrets.enabled | default false }} + {{ include "common.cloud_db_setup_job" . }} +--- + {{ include "common.cloud_db_setup_sa" . }} --- -{{- if .Values.dbRestore }} -{{ include "common.s3_pg_restore" . }} {{- else }} -{{ include "common.db_setup_job" . }} -{{- end -}} \ No newline at end of file + {{ include "common.db_setup_job" . }} +--- + {{ include "common.db-secret" . }} +--- + {{ include "common.db_setup_sa" . }} +{{- end }} \ No newline at end of file diff --git a/helm/peregrine/templates/db-init.yaml b/helm/peregrine/templates/db-init.yaml index 1f63aa61..9f08d0e9 100644 --- a/helm/peregrine/templates/db-init.yaml +++ b/helm/peregrine/templates/db-init.yaml @@ -1,8 +1,12 @@ -{{ include "common.db_setup_job" . }} +{{- if .Values.global.cloudsecrets.enabled | default false }} + {{ include "common.cloud_db_setup_job" . }} --- -{{- if not .Values.cloudsecrets.enabled }} -{{ include "common.db-secret" . }} -{{- end }} + {{ include "common.cloud_db_setup_sa" . }} --- -{{ include "common.db_setup_sa" . }} +{{- else }} + {{ include "common.db_setup_job" . }} --- + {{ include "common.db-secret" . }} +--- + {{ include "common.db_setup_sa" . }} +{{- end }} \ No newline at end of file diff --git a/helm/requestor/templates/db-init.yaml b/helm/requestor/templates/db-init.yaml index 3745ff53..9f08d0e9 100644 --- a/helm/requestor/templates/db-init.yaml +++ b/helm/requestor/templates/db-init.yaml @@ -1,5 +1,12 @@ -{{ include "common.db_setup_job" . }} - +{{- if .Values.global.cloudsecrets.enabled | default false }} + {{ include "common.cloud_db_setup_job" . }} --- -{{ include "common.db_setup_sa" . }} + {{ include "common.cloud_db_setup_sa" . }} --- +{{- else }} + {{ include "common.db_setup_job" . }} +--- + {{ include "common.db-secret" . }} +--- + {{ include "common.db_setup_sa" . }} +{{- end }} \ No newline at end of file diff --git a/helm/sheepdog/templates/db-init.yaml b/helm/sheepdog/templates/db-init.yaml index f87ce031..9f08d0e9 100644 --- a/helm/sheepdog/templates/db-init.yaml +++ b/helm/sheepdog/templates/db-init.yaml @@ -1,11 +1,12 @@ -{{- if not .Values.cloudsecrets.enabled }} -{{ include "common.db-secret" . }} -{{- end }} +{{- if .Values.global.cloudsecrets.enabled | default false }} + {{ include "common.cloud_db_setup_job" . }} --- -{{ include "common.db_setup_sa" . }} + {{ include "common.cloud_db_setup_sa" . }} --- -{{- if .Values.dbRestore }} -{{ include "common.s3_pg_restore" . }} {{- else }} -{{ include "common.db_setup_job" . }} -{{- end -}} \ No newline at end of file + {{ include "common.db_setup_job" . }} +--- + {{ include "common.db-secret" . }} +--- + {{ include "common.db_setup_sa" . }} +{{- end }} \ No newline at end of file diff --git a/helm/wts/templates/db-init.yaml b/helm/wts/templates/db-init.yaml index 6223a6e5..ba790d32 100644 --- a/helm/wts/templates/db-init.yaml +++ b/helm/wts/templates/db-init.yaml @@ -1,6 +1,12 @@ -{{ include "common.db_setup_job" . }} +{{- if .Values.global.cloudsecrets.enabled | default false }} + {{ include "common.cloud_db_setup_job" . }} --- -# TO DO: check if cloudsecret is enabled - -{{ include "common.db_setup_sa" . }} + {{ include "common.cloud_db_setup_sa" . }} --- +{{- else }} + {{ include "common.db_setup_job" . }} +--- + {{ include "common.db-secret" . }} +--- + {{ include "common.db_setup_sa" . }} +{{- end }} From a286b70d3afd4f524a40439a895942c1344e970d Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 4 Dec 2023 09:29:44 +1100 Subject: [PATCH 067/131] comment unused properties --- environments/dev/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index ebc383aa..ea8917d3 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -14,13 +14,13 @@ global: # password: testingConfiguration! # port: "5432" -fence: +# fence: # postgres: # username: fence # password: testingConfiguration! # port: "5432" -peregrine: +# peregrine: # postgres: # username: peregrine # password: testingConfiguration! @@ -30,7 +30,7 @@ peregrine: tag: 2023.01 dictionaryUrl: https://biocommons-gen3-schema.s3.ap-southeast-2.amazonaws.com/cad/dev/cad.json -sheepdog: +# sheepdog: # postgres: # username: sheepdog # password: testingConfiguration! From 2fb0953ce720b3567d647041ed89837ffad15ba4 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 4 Dec 2023 09:32:29 +1100 Subject: [PATCH 068/131] code fix --- helm/common/templates/_cloud_db_setup_job.tpl | 3 --- 1 file changed, 3 deletions(-) diff --git a/helm/common/templates/_cloud_db_setup_job.tpl b/helm/common/templates/_cloud_db_setup_job.tpl index cca46652..bb55e268 100644 --- a/helm/common/templates/_cloud_db_setup_job.tpl +++ b/helm/common/templates/_cloud_db_setup_job.tpl @@ -57,7 +57,6 @@ spec: name: {{ .Chart.Name }}-dbcreds key: password optional: false - {{- end }} - name: PGUSER valueFrom: secretKeyRef: @@ -70,14 +69,12 @@ spec: name: {{ .Chart.Name }}-dbcreds key: port optional: false - {{- end }} - name: PGHOST valueFrom: secretKeyRef: name: {{ .Chart.Name }}-dbcreds key: host optional: false - {{- end }} - name: SERVICE_PGUSER valueFrom: secretKeyRef: From e7aa321e0bcc2d032384517da1d5c9d998e598ad Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 4 Dec 2023 09:36:28 +1100 Subject: [PATCH 069/131] sower pelican bucket --- environments/dev/values.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index ea8917d3..2d5df1e2 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -71,6 +71,7 @@ revproxyArn: arn:aws:acm:ap-southeast-2:690491147947:certificate/f7b5d099-96b9-4 # wts: # enabled: true -# sower: -# enabled: false +sower: + pelican: + bucket: sandbox-s3-buckets-pelicancredss3bucketsandboxs3bu-veftfoxeyecg From 877a2b5598716152cf1d5d46af1ac3af2b648e7e Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 4 Dec 2023 09:43:35 +1100 Subject: [PATCH 070/131] pelican aws access keys --- helm/sower/templates/pelican-creds.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/helm/sower/templates/pelican-creds.yaml b/helm/sower/templates/pelican-creds.yaml index 2da3a1f0..e9862f8b 100644 --- a/helm/sower/templates/pelican-creds.yaml +++ b/helm/sower/templates/pelican-creds.yaml @@ -9,7 +9,6 @@ stringData: { "manifest_bucket_name": "{{ .Values.pelican.bucket }}", "hostname": "{{ .Values.global.hostname }}", -# "aws_access_key_id": "{{ .Values.global.aws.pelican_user.access_key }}", -# "aws_secret_access_key": "{{ .Values.global.aws.pelican_user.access_secret }}" + } {{- end }} From 3bc46233c17a994ead118eac79fbe753e6082c4b Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 4 Dec 2023 09:46:33 +1100 Subject: [PATCH 071/131] error converting YAML to JSON: yaml: line 9: could not find expected ':' --- helm/sower/templates/pelican-creds.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/helm/sower/templates/pelican-creds.yaml b/helm/sower/templates/pelican-creds.yaml index e9862f8b..80d82d05 100644 --- a/helm/sower/templates/pelican-creds.yaml +++ b/helm/sower/templates/pelican-creds.yaml @@ -6,9 +6,6 @@ type: Opaque {{- if .Values.global.aws.enabled }} stringData: config.json: |- -{ "manifest_bucket_name": "{{ .Values.pelican.bucket }}", "hostname": "{{ .Values.global.hostname }}", - -} {{- end }} From 1decf7585047b9ffae8cd97d7639527177b223a0 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 4 Dec 2023 09:50:00 +1100 Subject: [PATCH 072/131] pelican aws access keys --- helm/sower/templates/pelican-creds.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/helm/sower/templates/pelican-creds.yaml b/helm/sower/templates/pelican-creds.yaml index 80d82d05..ab9bcd0d 100644 --- a/helm/sower/templates/pelican-creds.yaml +++ b/helm/sower/templates/pelican-creds.yaml @@ -1,11 +1,17 @@ +{{- if not .Values.global.aws.enabled }} apiVersion: v1 kind: Secret metadata: name: pelicanservice-g3auto type: Opaque -{{- if .Values.global.aws.enabled }} stringData: config.json: |- +{ "manifest_bucket_name": "{{ .Values.pelican.bucket }}", "hostname": "{{ .Values.global.hostname }}", + +# "aws_access_key_id": "{{ .Values.global.aws.pelican_user.access_key }}", +# "aws_secret_access_key": "{{ .Values.global.aws.pelican_user.access_secret }}" + +} {{- end }} From c7631f205e28c635fd4df8565a41523168a0c5d0 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 4 Dec 2023 11:04:57 +1100 Subject: [PATCH 073/131] add namespace --- helm/common/templates/_cloud_db_setup_job.tpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/common/templates/_cloud_db_setup_job.tpl b/helm/common/templates/_cloud_db_setup_job.tpl index bb55e268..12194fa1 100644 --- a/helm/common/templates/_cloud_db_setup_job.tpl +++ b/helm/common/templates/_cloud_db_setup_job.tpl @@ -123,7 +123,7 @@ spec: PGPASSWORD=$SERVICE_PGPASS psql -d $SERVICE_PGDB -h $PGHOST -p $PGPORT -U $SERVICE_PGUSER -c "\conninfo" # Update secret to signal that db is ready, and services can start - kubectl patch secret/{{ .Chart.Name }}-dbcreds -p '{"data":{"dbcreated":"dHJ1ZQo="}}' + kubectl patch secret/{{ .Chart.Name }}-dbcreds -p '{"data":{"dbcreated":"dHJ1ZQo="}}' -n {{ .Release.Namespace }} else echo "database does not exist" psql -tc "SELECT 1 FROM pg_database WHERE datname = '$SERVICE_PGDB'" | grep -q 1 || psql -c "CREATE DATABASE \"$SERVICE_PGDB\";" @@ -134,6 +134,6 @@ spec: PGPASSWORD=$SERVICE_PGPASS psql -d $SERVICE_PGDB -h $PGHOST -p $PGPORT -U $SERVICE_PGUSER -c "\conninfo" # Update secret to signal that db has been created, and services can start - kubectl patch secret/{{ .Chart.Name }}-dbcreds -p '{"data":{"dbcreated":"dHJ1ZQo="}}' + kubectl patch secret/{{ .Chart.Name }}-dbcreds -p '{"data":{"dbcreated":"dHJ1ZQo="}}' -n {{ .Release.Namespace }} fi {{- end }} From b12e8397eac037785bafddf0dd12e518ef559966 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 4 Dec 2023 12:51:45 +1100 Subject: [PATCH 074/131] add namespace --- helm/common/templates/_cloud_db_setup_job.tpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/common/templates/_cloud_db_setup_job.tpl b/helm/common/templates/_cloud_db_setup_job.tpl index 12194fa1..bb55e268 100644 --- a/helm/common/templates/_cloud_db_setup_job.tpl +++ b/helm/common/templates/_cloud_db_setup_job.tpl @@ -123,7 +123,7 @@ spec: PGPASSWORD=$SERVICE_PGPASS psql -d $SERVICE_PGDB -h $PGHOST -p $PGPORT -U $SERVICE_PGUSER -c "\conninfo" # Update secret to signal that db is ready, and services can start - kubectl patch secret/{{ .Chart.Name }}-dbcreds -p '{"data":{"dbcreated":"dHJ1ZQo="}}' -n {{ .Release.Namespace }} + kubectl patch secret/{{ .Chart.Name }}-dbcreds -p '{"data":{"dbcreated":"dHJ1ZQo="}}' else echo "database does not exist" psql -tc "SELECT 1 FROM pg_database WHERE datname = '$SERVICE_PGDB'" | grep -q 1 || psql -c "CREATE DATABASE \"$SERVICE_PGDB\";" @@ -134,6 +134,6 @@ spec: PGPASSWORD=$SERVICE_PGPASS psql -d $SERVICE_PGDB -h $PGHOST -p $PGPORT -U $SERVICE_PGUSER -c "\conninfo" # Update secret to signal that db has been created, and services can start - kubectl patch secret/{{ .Chart.Name }}-dbcreds -p '{"data":{"dbcreated":"dHJ1ZQo="}}' -n {{ .Release.Namespace }} + kubectl patch secret/{{ .Chart.Name }}-dbcreds -p '{"data":{"dbcreated":"dHJ1ZQo="}}' fi {{- end }} From f91edcb7b804d6479bf9b7bb67eb4f4826a6dda3 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 5 Dec 2023 09:02:42 +1100 Subject: [PATCH 075/131] remove portal and guppy --- environments/dev/values.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 2d5df1e2..254d3e7a 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -45,7 +45,7 @@ pelican: portal: - enabled: true + enabled: false # image: # repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal # tag: latest @@ -75,3 +75,7 @@ sower: pelican: bucket: sandbox-s3-buckets-pelicancredss3bucketsandboxs3bu-veftfoxeyecg +guppy: + enabled: false + + From b6b40a8610d7318b1749ac7801cfb4a0c1f6d27d Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 5 Dec 2023 09:32:01 +1100 Subject: [PATCH 076/131] enable portal --- environments/dev/values.yaml | 1069 +++++++++++++++++++++++++++++++++- 1 file changed, 1068 insertions(+), 1 deletion(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 254d3e7a..3f5d891b 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -45,7 +45,7 @@ pelican: portal: - enabled: false + enabled: true # image: # repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal # tag: latest @@ -53,6 +53,1073 @@ portal: requests: cpu: 0.2 memory: 500Mi + gitops: + createdby: iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg== + css: ":root {\n --blue: #4b5196;\n --light-blue: #7986b3;\n --dark-red: #971e1f;\n\ + \ --very-dark-red: #5c1414;\n}\n\n/* Buttons */\n\n.g3-button--primary,\n.g3-dropdown-button__button--primary,\n\ + .data-dictionary__switch-button--active,\n.popup__title, .button-primary-orange\ + \ {\n background-color: var(--blue);\n}\n\n.g3-button--primary:hover,\n.g3-dropdown-button__button--primary:hover,\n\ + .data-dictionary__switch-button:hover,\n.button-primary-orange:hover {\n background-color:\ + \ var(--light-blue)\n}\n\n.g3-button--default:active, .g3-button--default:active\ + \ svg path {\n border: 1px solid var(--blue);\n color: 1px solid var(--blue);\n\ + \ fill: 1px solid var(--blue);\n}\n\n/* Nav Bars and Footer */\n\n.top-bar,\n\ + .top-bar__header,\n.top-icon-button.body-typo {\n background-color: var(--very-dark-red);\n\ + }\n\n.top-bar__link {\n border-right: 2px solid #fff;\n}\n\n.nav-button:hover,\n\ + .button-active,\n.nav-bar__link--home:hover {\n border-bottom: 3px solid var(--blue);\n\ + }\n\n.nav-bar__logo {\n padding: 15px 0;\n}\n\n.nav-bar__logo-img {\n height:\ + \ 50px;\n}\n\n.footer__version-area {\n width: 600px;\n}\n\n.footer {\n background-color:\ + \ var(--blue);\n}\n\n.footer-container {\n background-color: var(--blue)\n}\n\ + \n.footer__nav {\n background-color: var(--blue);\n}\n\n/* Data Explorer */\n\ + \n.filter-group__tab,\n.g3-filter-group__tab {\n border-top: 1px solid var(--blue);\n\ + \ border-right: 1px solid var(--blue);\n border-left: 1px solid var(--blue);\n\ + \ color: var(--blue);\n}\n\n.tier-access-selector__radio-input:checked + .tier-access-selector__customized-radio-input::after\ + \ {\n background-color: var(--blue);\n}\n\n.filter-group__tab--selected,\n.g3-filter-group__tab--selected\ + \ {\n background-color: var(--blue);\n color: #fff;\n}\n\n.aggregation-card\ + \ .bucket-item .bucket-count {\n color: var(--blue);\n}\n\n.aggregation-card\ + \ input[type='checkbox']:checked {\n background: var(--light-blue);\n}\n\n.g3-single-select-filter__checkbox:checked\ + \ {\n background: var(--blue);\n}\n\n.sqon-clear {\n background-color: var(--blue);\n\ + }\n\n.sqon-value {\n background-color: var(--light-blue);\n}\n\n.sqon-value-group,\ + \ .sqon-more, .sqon-less {\n color: var(--blue);\n}\n\n.input-range__track--active,\n\ + .rc-slider-track,\n.g3-single-select-filter__count .g3-icon--under {\n background-color:\ + \ var(--blue);\n}\n\n/* Charts */\n\n/** changes for CAD **/\n.guppy-explorer\ + \ .summary-pie-chart {\n\tmin-width: 30em;\n}\n\n.guppy-explorer .summary-pie-chart__legend-item\ + \ {\n\tmin-width: 9em;\n\tdisplay: inline-block;\n}\n\n.guppy-explorer .recharts-wrapper\ + \ {\n\twidth: 100% !important;\n\theight: 200px !important;\n}\n\n.guppy-explorer\ + \ .recharts-surface {\n\twidth: 100% !important;\n\theight: 200px !important;\n\ + }\n\n/** end of changes for CAD **/\n\ntspan.special-number,\n.special-number,\n\ + .form-special-number,\n.g3-single-select-filter__count {\n color: var(--blue);\n\ + }\n\n.special-number {\n fill: var(--blue);\n}\n\n.data-explorer__charts {\n\ + \ tspan.special-number,\n .special-number,\n .form-special-number {\n color:\ + \ var(--blue);\n }\n\n .special-number {\n fill: var(--blue);\n }\n}\n\n\ + .explorer-button-group__dropdown {\n margin-right: 10px;\n}\n\n/** fix study\ + \ overview on main page **/\n\n.index-page__bar-chart {\n width: 770px;\n padding:\ + \ 0px;\n}\n\n/** add mouse pointer to Study Explorer **/\n.discovery-container\ + \ tr {\n cursor: pointer;\n}\n\n/** increase size of font under discovery search\ + \ bar **/\n.discovery-input-subtitle {\n font-size: 14px;\n}\n" + favicon: !!binary | + QUFBQkFBTUFFQkFBQUFFQUlBQm9CQUFBTmdBQUFDQWdBQUFCQUNBQUtCRUFBSjRFQUFBd01BQUFB + UUFnQUdnbUFBREdGUUFBS0FBQQpBQkFBQUFBZ0FBQUFBUUFnQUFBQUFBQUFBQUFBQUFBQUFBQUFB + QUFBQUFBQUFBQUFBUC8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCjZPam8vLy8vLy8vMDlQVC9i + VzF0LzQyTmpmL1MwdEwvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + L3cKOFBEL1ZGUlUvd2tKQ2YvcjYrdi8vLy8vLzBCQVFQOEFBQUQvQUFBQS8wQkFRUC9WMWRYLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLzl2YjIveE1URS84QUFBRC9aMmRuLy8vLy8v + LzgvUHoveWNuSi8zTnpjLzhJQ0FqL0RBd00vN201dWYvLy8vLy8vLy8vCi8vLy8vLy9yNit2L3Vi + bTUvLy8vLy8rWm1abi9BQUFBL3dBQUFQOU9UazcvbnA2ZS83T3pzLy9lM3Q3L3pjM04veGNYRi84 + TURBei8KMTlmWC8vLy8vLy8vLy8vL2FtcHEveEFRRVAvT3pzNy8vLy8vLzVtWm1mOFlHQmovQUFB + QS93SUNBdjhJQ0FqL0F3TUQvekF3TVArRQpoSVQvQlFVRi8wWkdSdi8vLy8vLy9QejgveEVSRWY4 + QUFBRC9FQkFRLzZTa3BQLzkvZjMvL2YzOS8ram82UC96OC9QLzVlWGwvOG5KCnlmK2dvS0QvVUZC + US94UVVGUDhCQVFILzJkblovLy8vLy8renM3UC9EZzRPL3dBQUFQOEFBQUQvR1JrWi96dzhQUDh5 + TWpML0VCQVEKL3dBQUFQOEhCd2YvRWhJUy94OGZILzhaR1JuL0FBQUEvNWVYbC8vMTlmWC8vLy8v + LytQajQvOXhjWEgvS3lzci94WVdGdjgyTmpiLwpkSFIwLzdLeXN2L2o0K1AvL2YzOS8vLy8vLy8w + OVBUL1lXRmgvd0FBQVA5M2QzZi9vS0NnLzBoSVNQL2UzdDcvLy8vLy8vLy8vLy8vCi8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vOGZIeC84QUFBRC9mSHg4LzhYRnhmOEFB + QUQvaVltSi8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8ram82UC9BQUFBLzZPam8vLzYrdnIvRnhjWAoveW9xS3YvNysvdi8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy9Sa1pHL3dZR0J2L3A2ZW4vCi8vLy8v + NGlJaVA4QUFBRC9nWUdCLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly9vNk9qL3dBQUFQOWwKWldYLy8vLy8vLy8vLy8vNStmbi9PRGc0L3dFQkFmK0FnSUQvK3ZyNi8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vKy92Ny9tWm1aL3dZRwpCdjhqSXlQLzdlM3QvLy8vLy8vLy8v + Ly8vLy8vLyt2cjYvODZPanIvQUFBQS95VWxKZitDZ29ML3M3T3ovN2EydHYrTWpJei9Nakl5Ci93 + QUFBUDhvS0NqLzNOemMvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vK3ZyNi80Mk5qZjhjSEJ6 + L0FBQUEvd0FBQVA4QUFBRC8KQUFBQS94TVRFLzk3ZTN2LzgvUHovLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy9QejgvODdPenYrcApxYW4vcHFhbS84Zkh4Ly81K2Zu + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vOEFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB + CkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB + S0FBQUFDQUFBQUJBQUFBQUFRQWcKQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBUC8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vL2IyOXYvT3pzNy81ZVhsLy9iMjl2Ly8vLy8vLy8vLy8vLy8v + Ly8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8rWGw1 + Zis4dkx6Ly8vLy8vLy8vLy8vLy8vLy8zZDNkL3dFQkFmOEFBQUQvQ3dzTAovek16TS85NmVuci8w + TkRRLy83Ky92Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8rRGc0UDlqWTJQL0NB + Z0kveDBkSGYvNysvdi8vLy8vLy8vLy8vLzkKL2YzL0tDZ28vd0FBQVA4QUFBRC9BQUFBL3dBQUFQ + OENBZ0wvUUVCQS84REF3UC8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy9Cd2NIL0RRME4vd0FBQVA4 + QUFBRC9BQUFBCi83UzB0UC8vLy8vLy8vLy8vLy8vLy8vQ3dzTC9GeGNYL3dBQUFQOEFBQUQvQUFB + QS93QUFBUDhBQUFEL0FnSUMvMkppWXYveTh2TC8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vOXJhMnY4QwpBZ0wvQUFB + QS93QUFBUDhBQUFEL016TXovL3I2K3YvLy8vLy8vLy8vLy8vLy8vL3o4L1AvdExTMC8zRnhjZjhq + SXlQL0FBQUEvd0FBCkFQOEFBQUQvQUFBQS95NHVMdi9nNE9ELy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8wcEtTdjhB + QUFEL0FBQUEvd0FBQVA4QUFBRC9jSEJ3Ly83Ky92Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8v + Ly96OC9QK3NyS3ovSUNBZy93QUFBUDhBQUFEL0FBQUEveU1qSS8vaDRlSC8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vL2g0ZUgvLy8vLy8vLy8vLy8vLy8vL3pzN08v + d2NIQi84QUFBRC9BQUFBL3dBQUFQOEFBQUQvVmxaVy85M2QKM2YvLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy91N3U3L1RrNU8vd0FBQVA4QUFBRC9BQUFBL3pFeE1mLzA5UFQvLy8vLwov + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vc2JHeC94MGRIZi9uNStmLy8vLy8vLy8vLy8vLy8v + Ly9rWkdSL3dFQkFmOEFBQUQvCkFBQUEvd0FBQVA4QUFBRC9CQVFFL3kwdExmOU1URXovV0ZoWS8z + ZDNkLytmbjUvLzI5dmIvLzcrL3YvNysvdi9YVjFkL3dBQUFQOEEKQUFEL0FBQUEvMnBxYXYvLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vWDE5ZjhnSUNEL0FBQUEvejQrUHYvMjl2Yi8vLy8vLy8v + LwovLy8vLy8vL2pvNk8vd1lHQnY4QUFBRC9BQUFBL3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBQUFE + L0FBQUEvd0FBQVA4QkFRSC9MeTh2Ci81T1RrLy94OGZIL1NFaEkvd0FBQVA4QUFBRC9Bd01ELzh2 + THkvLy8vLy8vLy8vLy8vLy8vLy8vLy8vL2taR1Ivd0FBQVA4QUFBRC8KQUFBQS8wMU5UZi8zOS9m + Ly8vLy8vLy8vLy8vLy8vLy8wTkRRLzFaV1Z2OE1EQXovQUFBQS93QUFBUDhBQUFEL0J3Y0gveEFR + RVA4UQpFQkQvREF3TS93QUFBUDhBQUFEL0FBQUEveVVsSmYreHNiSC9GUlVWL3dBQUFQOEFBQUQv + VEV4TS8vLy8vLy8vLy8vLy8vLy8vLzM5Ci9mOG9LQ2ovQUFBQS93QUFBUDhBQUFEL0FBQUEvejgv + UC8vbTV1Yi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vWDE5Zi9ZMk5qL3pNek0KLytIaDRmL3o4L1Av + Ky92Ny8vejgvUC8zOS9mLzR1TGkvN0N3c1A5aFlXSC9EQXdNL3d3TURQOU5UVTMvQUFBQS93QUFB + UDhEQXdQLwozTnpjLy8vLy8vLy8vLy8vOC9Qei94c2JHLzhBQUFEL0FBQUEvd0FBQVA4QUFBRC9B + QUFBL3hZV0Z2K1hsNWYvOWZYMS8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vcjYr + di9kM2QzL3Y3Ky8vNmlvcVAram82UC9xS2lvLzhqSXlQL2EydHIvVDA5UC93UUUKQlA4QUFBRC9B + QUFBL3dBQUFQK0ppWW4vLy8vLy8vLy8vLy8vLy8vLzA5UFQveGtaR2Y4QUFBRC9BQUFBL3dBQUFQ + OEFBQUQvQUFBQQovd0FBQVA4VEV4UC9VbEpTLzNWMWRmOTdlM3YvYzNOei8xZFhWLzh6TXpQL0Rn + NE8vd0VCQWY4QUFBRC9BQUFBL3dBQUFQOEFBQUQvCkFBQUEvd3dNRFA5Z1lHRC9Ta3BLL3dBQUFQ + OEFBQUQvQUFBQS8wZEhSLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8zOS9mL3prNU9mOEEKQUFEL0FB + QUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4 + QUFBRC9BQUFBL3dBQQpBUDhLQ2dyL0V4TVQveWNuSi84aUlpTC9FQkFRL3dFQkFmOFdGaGIvQlFV + Ri93QUFBUDhBQUFEL0dob2EvLzM5L2YvLy8vLy8vLy8vCi8vLy8vLy8vLy8vLyt2cjYvNVNVbFA4 + ZEhSMy9BQUFBL3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4UUVCRC8KU1Vs + Si8zOS9mLyt4c2JILzNkM2QvL2IyOXYvKy92Ny8vLy8vLy8vLy8vLzgvUHovMU5UVS8xSlNVdjhB + QUFEL0FBQUEvd0FBQVA4QwpBZ0wvOHZMeS8vLy8vLy9WMWRYLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly9qNCtQK3hzYkgvYkd4cy8wRkJRZjhvS0NqL01EQXcvMUJRClVQK0lpSWoveXNySy8vajQrUC8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLysvdjcK + L3pZMk52OEFBQUQvQUFBQS93QUFBUC9xNnVyLy8vLy8vems1T2Y5UlVWSC96TXpNLy83Ky92Ly8v + Ly8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8v + Ly8vaW9xSy93QUFBUDhBQUFEL0FBQUEvKzN0N2YvLy8vLy9TRWhJL3dBQUFQOENBZ0wvZlgxOS8v + Ly8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLytWbFpYL0FBQUEvd0FBQVA4TURBei85L2YzLy8vLy8vOXdjSEQvCkFBQUEvd0FBQVA4NU9U + bi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vMjF0YmY4QUFBRC9BQUFBL3l3cwpMUC8vLy8vLy8vLy8vNmVucC84QUFBRC9BQUFBL3dZ + R0J2L282T2ovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vOS9mMy8KSXlNai93QUFBUDhBQUFEL1ltSmkvLy8vLy8vLy8vLy82K3ZyL3dnSUNQOEFBQUQv + QUFBQS80eU1qUC8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8v + Ly8vLy84akl5UDhCQVFIL0FBQUEvd0FBQVArdnI2Ly8vLy8vLy8vLy8vLy8vLy8vVTFOVC93QUFB + UDhBQUFEL0d4c2IKLy9EdzhQLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8rL3Y3L1QwOVAvd0FBQVA4QUFBRC9HQmdZLy9iMjl2Ly8vLy8vLy8vLy8vLy8vLy9ICng4Zi9B + Z0lDL3dBQUFQOEFBQUQvYVdscC8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vNnVycS84QkFRSC9BQUFBL3dBQUFQK0VoSVQvLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8v + OVhWMWYvQUFBQS93QUFBUDhCQVFIL25aMmQvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + UjBkSC9FQkFRL3dBQUFQOEEKQUFEL0lDQWcvL0x5OHYvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8rZm41LzhaR1JuL0FBQUEvd0FBQVA4RkJRWC9tNXViLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy95TWpJ + Ci94a1pHZjhBQUFEL0FBQUEvd1FFQlArNXVibi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vOEhCd2Y4SUNBai8KQUFBQS93QUFBUDhCQVFIL1kyTmovK3pzN1AvLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vK3ZyNi81Q1FrUDhM + Q3d2L0FBQUEvd0FBQVA4QkFRSC9oNGVILy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vCi8vLy8vLy8vLy8vLy83R3hzZjhKQ1FuL0FBQUEvd0FBQVA4QUFBRC9FeE1ULzRDQWdQL2Qz + ZDMvLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vN3U3dS81MmRuZjh0TFMzL0FBQUEv + d0FBQVA4QUFBRC9BUUVCLzNWMWRmLysvdjcvLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vOFhGeGY4Y0hCei9BQUFBL3dBQUFQOEFBQUQvQUFBQS93 + TURBLzhxCktpci9XVmxaLzNaMmR2OTRlSGovWW1KaS96azVPZjhKQ1FuL0FBQUEvd0FBQVA4QUFB + RC9BQUFBL3dnSUNQK1ZsWlgvL3Y3Ky8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLyt2cjYvOWhZV0gvQkFRRQovd0FBQVA4QUFB + RC9BQUFBL3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dB + QUFQODdPenYvCno4L1AvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vUTBORC9ZV0ZoL3hB + UUVQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dVRgpCZjlHUmti + L3RMUzAvLzM5L2YvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + OVBUMC83aTR1UCtEZzRQL1lXRmgvMFpHUnY5RVJFVC8KV0ZoWS8zZDNkLytwcWFuLzZPam8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8v + LzhBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQpB + QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB + QUFBQUFBQUFBQUFBQUFBQUFBCkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB + QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUEKQUFBQUFBQUFBQUFBQUFBQUFB + QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB + QQpBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB + QUFBQUFLQUFBQURBQUFBQmdBQUFBCkFRQWdBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB + QUFQLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLwovLy8vLy8vLyt2cjYvKzd1N3YveTh2TC85L2YzLy92NysvLysvdjcvLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLwovLy8vL3Y3Ky8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy95OHZMLzA1T1R2OVpX + Vm4vYVdscC8zbDVlZitabVpuL3ZMeTgvK25wCjZmLzkvZjMvLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8ram82UCtSa1pIL3FhbXAvLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vMHRMUy93TURBLzhBCkFBRC9BQUFBL3dJQ0F2OEpDUW4vRkJRVS95 + a3BLZjlxYW1yL3k4dkwvLzM5L2YvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vcjYrdi9hMnRy + L2ZuNSsveFVWRmY4QUFBRC9SRVJFLy96OC9QLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8rUGo0L3ln + b0tQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9CUVVGLzBkSFIvKzcKdTd2 + LzhmSHgvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLzUrZm4vNGlJaVA4cUtpci9BZ0lDCi93QUFBUDhBQUFEL0Nnb0svOUxT + MHYvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy81NmVudjhPRGc3L0FBQUEvd0FBQVA4QUFBRC8K + QUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4UkVSSC9YRnhjLzhIQndmLzcrL3YvLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLysvdjcvZFhWMS93Y0hC + LzhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBLzJabVp2LzkvZjMvLy8vLy8vLy8vLy8vLy8vLy8v + Ly8KLy9UMDlQK0lpSWovRUJBUS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQ + OEFBQUQvQVFFQi94d2NIUCtQajQvLworUGo0Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vL3E2dXIvd0VCQWY4QUFBRC9BQUFBL3dBQUFQOEFBQUQvQUFB + QS94c2IKRy8vSHg4Zi8vdjcrLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8rL3Y3LzN0N2UvNU9Uay85 + UVVGRC9KaVltL3hBUUVQOERBd1AvQUFBQQovd0FBQVA4QUFBRC9BQUFBL3dBQUFQOEZCUVgvYzNO + ei8rM3Q3Zi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy84Zkh4 + L3lrcEtmOEEKQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dNREEvOVpXVm4vN2UzdC8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy84L1B6LzQrUGovNit2ci85c2JHei9IaDRl + L3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0F3TUQvMXRiVy8vZjM5Ly8vLy8vCi8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vNW1abWY4REF3UC9BQUFBL3dBQUFQOEFB + QUQvQUFBQS93QUFBUDhJQ0FqL2NIQncvL3Y3Ky8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLzI5dmIvMHRMUy8xSlNVdjhFQkFUL0FBQUEvd0FBCkFQOEFB + QUQvQUFBQS93VUZCZjlkWFYzLzd1N3UvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vRHc4UC8rL3Y3Ly8vLy8vLy8vLy8vLy8v + Ly8vLy8vLytibTV2ODdPenYvQVFFQi93QUFBUDhBQUFELwpBQUFBL3dBQUFQOEFBQUQvQVFFQi8x + cGFXdi9aMmRuLytmbjUvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8v + Ly8vLy8vLy9YMTlmK0Nnb0wvRXhNVC93QUFBUDhBQUFEL0FBQUEvd0FBQVA4REF3UC9lSGg0Ly9u + NStmLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + LzRPRGcvMTVlWHYvVjFkWC8vLy8vLy8vLy8vLy8vLy8vLy8vLwovL3o4L1ArcnE2di9GUlVWL3dB + QUFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0lDQXY4cUtpci9jM056LzZXbHBmKy92Ny8v + CnpzN08vOWJXMXYvajQrUC85ZlgxLy83Ky92Ly8vLy8vLy8vLy8vLy8vLy8zOS9mL282T2oveHdj + SFA4QUFBRC9BQUFBL3dBQUFQOEEKQUFEL0NBZ0kvNWVYbC8vOC9Qei8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vMzkvZi9XbHBhL3dVRgpCZjlrWkdULzh2THkvLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLzQrUGovaTR1TC93TURBLzhBQUFEL0FBQUEvd0FBQVA4QUFBRC9B + QUFBCi93QUFBUDhBQUFEL0FnSUMvdzBORGY4VkZSWC9HaG9hL3gwZEhmOGxKU1gvTVRFeC8xWldW + ditOalkzLzFOVFUvL3o4L1AvLy8vLy8KL2YzOS83aTR1UDhjSEJ6L0FBQUEvd0FBQVA4QUFBRC9B + QUFBL3lBZ0lQL0t5c3IvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vNysv + dit1cnE3L0VSRVIvd0FBQVA4R0JnYi9rcEtTLy9yNit2Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy92 + NysvNHFLCml2OFRFeFAvQVFFQi93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQ + OEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEKL3dBQUFQOEFBQUQvQkFRRS96YzNOLytXbHBiLzNk + M2QvL2YzOS8rZ29LRC9FQkFRL3dBQUFQOEFBQUQvQUFBQS93SUNBdjltWm1iLwo5UFQwLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vKzd1N3Y5UVVGRC9BUUVCL3dBQUFQOEFBQUQvRGc0 + Ty81V1ZsZi8zCjkvZi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vZjM5LytvcUtqL1BqNCsvd1VGQmY4 + QUFBRC9BQUFBL3dBQUFQOEFBQUQvQUFBQS93QUEKQVA4QUFBRC9BQUFBL3dBQUFQOEFBQUQvQUFB + QS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4REF3UC9LaW9xLzRDQWdQL1UxTlQvYzNOegovd0VCQWY4 + QUFBRC9BQUFBL3dBQUFQOFlHQmoveHNiRy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + LzcrL3YvOE5EUTMvCkFBQUEvd0FBQVA4QUFBRC9BQUFBL3hJU0V2K1dscGIvK3ZyNi8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vOC9Qei81K2ZuLzZhbXB2OUQKUTBQL0N3c0wvd0FBQVA4QUFBRC9BQUFB + L3dBQUFQOENBZ0wvRVJFUi94a1pHZjhjSEJ6L0d4c2IveFlXRnY4SUNBai9BQUFBL3dBQQpBUDhB + QUFEL0FBQUEvd1lHQnY4OVBUMy94TVRFL3pnNE9QOEFBQUQvQUFBQS93QUFBUDhCQVFIL1hGeGMv + LzcrL3YvLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy92NysvMXhjWFA4QUFBRC9BQUFBL3dBQUFQOEFB + QUQvQUFBQS93QUFBUDhQRHcvL2s1T1QvL0h4OGYvLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vOS9mMy81dWJtLzhYRnhmK21wcWIvdGJXMS84bkp5Zi9iMjl2LzcrL3YvL2YzOS8vNgor + dnIvK3ZyNi8vVDA5UC9rNU9UL3lNakkvNHlNalA5S1Nrci9IUjBkL3djSEIvOEFBQUQvSVNFaC80 + T0RnLzhMQ3d2L0FBQUEvd0FBCkFQOEFBQUQvQ2dvSy85dmIyLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly82ZW5wL3hFUkVmOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEKL3dBQUFQOEFBQUQvQmdZRy8y + QmdZUC9LeXNyLy9QejgvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + LwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy83 + Ky92LzQrUGovMGRIUi80ZUhoLzh2Ckx5Ly9BZ0lDL3hzYkcvOFdGaGIvQUFBQS93QUFBUDhBQUFE + L0FBQUEvNENBZ1AvKy92Ny8vLy8vLy8vLy8vLy8vLy8vOXZiMi8waEkKU1A4QUFBRC9BQUFBL3dB + QUFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd01EQS84Z0lDRC9lbnA2LytYbDVmLysvdjcv + Ly8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy85L2YzLzgvUHovOVBU + MC8rc3JLei9pWW1KLzNCd2NQOXBhV24vCloyZG4vMnhzYlArRWhJVC9yYTJ0LytEZzRQL1UxTlQv + VEV4TS93RUJBZjhCQVFIL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3pZMk52L3kKOHZMLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLytQajQvOUZSVVgvQXdNRC93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9B + QUFBL3dBQQpBUDhBQUFEL0FBQUEveEFRRVA5VVZGVC9scGFXLzcyOXZmL0d4c2IveU1qSS83Ky92 + LytycTZ2L2hZV0YvMk5qWS84ME5EVC9EUTBOCi93TURBLzhBQUFEL0FBQUEvd0FBQVA4QUFBRC9B + QUFBL3dBQUFQOEFBQUQvQUFBQS93b0tDdjlLU2tyL3NMQ3cvMVJVVlA4RkJRWC8KQUFBQS93QUFB + UDhBQUFEL0FBQUEveHNiRy8vUTBORC8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vNysvdi9WMWRYL1ZG + UlUvd01EQS84QQpBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQ + OEFBQUQvQVFFQi93SUNBdjhEQXdQL0F3TUQvd0lDCkF2OEJBUUgvQUFBQS93QUFBUDhBQUFEL0FB + QUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEKL3dBQUFQ + OEFBQUQvQ2dvSy8wcEtTdjhuSnlmL0FRRUIvd0FBQVA4QUFBRC9BQUFBL3c4UEQvK3JxNnYvLy8v + Ly8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vN2UzdC80YUdodjhRRUJEL0FBQUEvd0FBQVA4 + QUFBRC9BQUFBL3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBCkFBRC9BQUFBL3dBQUFQOEFBQUQvQUFB + QS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQOEFBQUQvQUFBQS93ME4KRGY4 + YUdoci9JU0VoL3o0K1B2OUdSa2IvTURBdy94MGRIZjhPRGc3L0FRRUIvd01EQS84TURBei9BUUVC + L3dBQUFQOEFBQUQvQUFBQQovd2NIQi8rU2twTC8vdjcrLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vL3o4L1ArN3U3di9QVDA5L3c4UEQvOEJBUUgvCkFBQUEvd0FBQVA4QUFBRC9BQUFB + L3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QkFRSC9DQWdJL3hVVkZmOGkK + SWlML1EwTkQvM0J3Y1Ara3BLVC96OC9QLyt2cjYvLzUrZm4vL3Y3Ky8vLy8vLy8vLy8vLy8vLy8v + L3o4L1AvbzZPai9vS0NnL3pjMwpOLzhHQmdiL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dFQkFmOTNk + M2YvKy92Ny8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLzd1N3Uv + NmlvcVA5Z1lHRC9KU1VsL3dVRkJmOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4Q0Fn + TC8KRnhjWC8wRkJRZjlxYW1yL2xKU1UvNzYrdnYvaTR1TC8rZm41Ly8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vK1BqNC85WVdG + ai9CQVFFL3dBQUFQOEFBQUQvQUFBQS93QUFBUDl1Ym03LytmbjUvLy8vCi8vL1QwOVAveGNYRi8v + Nysvdi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy83Ky92L3o4L1AvMzkvZi83eTh2UCtLaW9y + L1pHUmsKLzBORFEvOURRMFAvVjFkWC8zdDdlLytycTZ2LzF0YlcvK3JxNnYvMzkvZi8vdjcrLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vL0p5Y24vR3hzYi93QUFBUDhBCkFBRC9BQUFBL3dB + QUFQOXFhbXIvK1BqNC8vLy8vLysxdGJYL0Z4Y1gvMkJnWVAvTnpjMy85UFQwLy8vLy8vLy8vLy8v + Ly8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8v + Ly8vNCtQai9PVGs1L3dBQUFQOEFBQUQvQUFBQS93QUFBUDl0YlczLytmbjUvLy8vLy8rK3ZyNy9G + UlVWL3dFQkFmOGMKSEJ6L1ltSmkvN0N3c1AvNysvdi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLysvdjcvVmxaVy93QUFBUDhBQUFEL0FB + QUEvd0VCQWY5emMzUC8KK3ZyNi8vLy8vLy9OemMzL0dob2Evd0FBQVA4QUFBRC9BUUVCL3kwdExm + L2k0dUwvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy85L2YzL1MwdEwKL3dBQUFQOEFBQUQvQUFBQS93WUdCditMaTR2Ly9mMzkvLy8vLy8v + bjUrZi9KU1VsL3dBQUFQOEFBQUQvQUFBQS94Y1hGLy9EdzhQLwovLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ci8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vL3g4ZkgvTHk4di93QUFBUDhB + QUFEL0FBQUEvd3dNRFAraW9xTC8vLy8vLy8vLy8vLzQrUGovUTBORAovd0FBQVA4QUFBRC9BQUFB + L3drSkNmK1dscGIvL3Y3Ky8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy9KeWNuL0dSa1ovd0FBQVA4QUFBRC9BQUFBL3hjWApGLy9GeGNYLy8vLy8v + Ly8vLy8vLy8vLy9mMzkvL3dBQUFQOEFBQUQvQUFBQS93RUJBZjlnWUdELzlQVDAvLy8vLy8vLy8v + Ly8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLzcrL3YrVAprNVAvQ0FnSS93 + QUFBUDhBQUFEL0FBQUEveWtwS2YvcDZlbi8vLy8vLy8vLy8vLy8vLy8vejgvUC93VUZCZjhBQUFE + L0FBQUEvd0FBCkFQOGpJeVAvMmRuWi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vTHk4djlaV1ZuL0FRRUIvd0FBQVA4QUFBRC9BQUFBLzJWbFpmLzkvZjMv + Ly8vLy8vLy8vLy8vCi8vLy8rdnI2L3pzN08vOEFBQUQvQUFBQS93QUFBUDhEQXdQL2dvS0MvLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vODNOemY4Y0hCei9B + QUFBL3dBQUFQOEFBQUQvCkJRVUYvNysvdi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy82T2pv + LzhFQkFUL0FBQUEvd0FBQVA4QUFBRC9GQlFVLzlmWDEvLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwov + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vZjM5Ci8xeGNYUDhCQVFIL0FBQUEvd0FBQVA4QUFBRC9QVDA5Ly9uNStm + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vK1hsNWY4MU5UWC8KQUFBQS93QUFBUDhBQUFEL0FB + QUEvMHhNVFAvdjcrLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + LwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy85L2YzL3A2ZW4vd0lDQXY4 + QUFBRC9BQUFBL3dBQUFQOElDQWovckt5cy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8v + Ly8vcjYrditNakl6L0NRa0ovd0FBQVA4QUFBRC9BQUFBL3dvS0N2K0lpSWovK1BqNC8vLy8vLy8v + Ly8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLzcrL3YvRnhjWC9KU1VsL3dBQUFQOEFBQUQvQUFBQS93RUIKQWY5S1Nrci82K3Zy + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vbTV1Yi9ORFEwL3dBQUFQOEFB + QUQvQUFBQQovd0FBQVA4VkZSWC9yS3lzLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLytMaTR2OUEKUUVEL0FnSUMv + d0FBQVA4QUFBRC9BQUFBL3hBUUVQK3NyS3ovL2YzOS8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLwovLy8vLy8vL3Y3Ky8veEFRRVA4QUFBRC9BQUFBL3dBQUFQOEFBQUQvREF3TS82 + eXNyUC8zOS9mLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8v + Ly8vLy85L2YzLzNkM2QvMFJFUlA4QUFBRC9BQUFBL3dBQUFQOEFBQUQvQWdJQy8yUmtaUC80K1Bq + Ly8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vdjcrLzVD + UWtQOE9EZzcvQUFBQS93QUFBUDhBQUFEL0FBQUEveFVWCkZmK0RnNFAvN096cy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vL241K2YrMnRyYi9OVFUxL3dBQUFQOEFBQUQv + QUFBQS93QUFBUDhCQVFILwpSMGRILytqbzZQLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vTHk4djl1CmJtNy9CUVVGL3dBQUFQOEFBQUQv + QUFBQS93QUFBUDhLQ2dyL1IwZEgvODNOemYvKy92Ny8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8K + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy84 + Zkh4LzMxOWZmOFlHQmovQVFFQgovd0FBQVA4QUFBRC9BQUFBL3dBQUFQODNOemYvMTlmWC8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vL3M3T3ovVjFkWC93VUZCZjhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3cwTkRm + OXcKY0hELzB0TFMvL0R3OFAvOC9Qei8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vKy92Ny85L2YzLytMaQo0ditob2FIL0t5c3Ivd0FBQVA4QUFBRC9BQUFBL3dBQUFQ + OEFBQUQvQUFBQS95WW1Kdis4dkx6Ly92NysvLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLzdlM3QvM0p5Y3Y4 + UUVCRC8KQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QkFRSC9HUmtaLzFOVFUvK0lpSWovc3JL + eS85VFUxUC9uNStmLzgvUHovL1B6OC8vdAo3ZTMvMjl2Yi84TEN3ditibTV2L2EydHIvekF3TVA4 + SEJ3Zi9BQUFBL3dBQUFQOEFBQUQvQUFBQS93QUFBUDhDQWdML1B6OC8vOFhGCnhmLzkvZjMvLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vVDA5UCtZbUpqL0V4TVQvd0FBQVA4QUFBRC9BQUFB + L3dBQUFQOEFBQUQvQUFBQS93QUFBUDhHQmdiLwpFUkVSL3gwZEhmOG5KeWYvTHk4di95OHZMLzhy + S3l2L0lDQWcveFlXRnY4S0Nnci9BUUVCL3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBCkFBRC9BQUFB + L3dVRkJmOWNYRnovMzkvZi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vKy92Ny95TWpJL3pvNk92OExDd3YvQUFBQQovd0FBQVA4QUFBRC9BQUFBL3dBQUFQOEFB + QUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQOEFBQUQvCkFBQUEv + d0FBQVA4QUFBRC9BQUFBL3dBQUFQOEVCQVQvSGg0ZS80dUxpLy8wOVBULy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vK3pzN1ArWW1K + ai9QejgvL3dnSUNQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBCi93 + QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQOEFBQUQvQVFFQi95TWpJLzkwZEhU + L3pzN08vLzcrL3YvLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLzgvUHovNmVucC83UzB0UDlSVVZIL0RRME4vd0FB + CkFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQOEFBQUQv + QUFBQS93TURBLzh1TGk3L2pvNk8KLzl6YzNQLzM5L2YvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vCi8vLy8vLy8vLy8vLy8vLysvdjcvNCtQai81cWFtdjlkWFYzL016TXoveUlpSXY4Ykd4di9G + eGNYL3hZV0Z2OFpHUm4vSHg4Zi95Z28KS1A5TFMwdi9nSUNBLzhyS3l2LzM5L2YvLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vOS9mMy84L1B6LytUazVQL1IKMGRIL3hNVEUvOExDd3YvS3lzci8zZDNkLyszdDdm + LzYrdnIvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8v + Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v + Ly8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy93QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB + QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUEKQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB + QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQpBQUFB + QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB + QUFBQUFBQUFBQUFBQUFBCkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB + QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUEKQUFBQUFBQUFBQUFBQUFBQUFBQUFB + QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQpB + QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB + QUFBQUFBQUFBQUFBQUFBQUFBCkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB + QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUEKQUFBQUFBQUFBQUFBQUFBQUFB + QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB + QQpBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB + QUFBQUFBQUFBQUFBQUFBQUFBQUFBCkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB + QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUEKQUFBQUFBQUFBQUFBQUFB + QUFBQUFBQT09Cg== + json: "{\n \"gaTrackingId\": \"UA-119127212-17\",\n \"graphql\": {\n \"boardCounts\"\ + : [\n {\n \"graphql\": \"_subject_count\",\n \"name\": \"\ + Subject\",\n \"plural\": \"Subjects\"\n }\n ],\n \"chartCounts\"\ + : [\n {\n \"graphql\": \"_subject_count\",\n \"name\"\ + : \"Subject\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n\ + \ },\n \"useArboristUI\": true,\n \"showArboristAuthzOnProfile\": true,\n \ + \ \"showFenceAuthzOnProfile\": false,\n \"components\": {\n \"appName\": \"\ + Australian Cardiovascular disease Data Commons\",\n \"index\": {\n \"\ + introduction\": {\n \"heading\": \"Australian Cardiovascular disease Data\ + \ Commons\",\n \"text\": \"This data sharing platform supports the management,\ + \ analysis and sharing of Australian Coronary Artery Disease (CAD) cohorts as\ + \ part of the Australian Cardiovascular Alliance (ACvA) Precision Medicine flagship.\"\ + \n },\n \"buttons\": [\n {\n \"name\": \"View Studies\"\ + ,\n \"icon\": \"stage-access\",\n \"body\": \"Use the Study\ + \ Explorer to view summary information about the information collected across\ + \ the ACDC cohorts and apply for access.\",\n \"link\": \"/discovery\"\ + ,\n \"label\": \"Explore studies\",\n \"color\": \"#4b5196\"\ + \n },\n {\n \"name\": \"Explore Data\",\n \"icon\"\ + : \"stage-explore\",\n \"body\": \"The Data Explorer allows you to explore\ + \ and filter data by the harmonised variables. Detailed information is only available\ + \ after gaining access to a particular study.\",\n \"link\": \"/explorer\"\ + ,\n \"label\": \"Explore data\",\n \"color\": \"#4b5196\"\n\ + \ },\n {\n \"name\": \"Understand Variables\",\n \ + \ \"icon\": \"stage-planning\",\n \"body\": \"The platform has a harmonised\ + \ data dictionary that describes the captured variables across all studies. Please\ + \ study the dictionary before you start browsing.\",\n \"link\": \"/DD\"\ + ,\n \"label\": \"Explore variables\",\n \"color\": \"#4b5196\"\ + \n },\n {\n \"name\": \"Analyze Data\",\n \"icon\"\ + : \"stage-analyze\",\n \"body\": \"Analyze your selected subjects using\ + \ Jupyter Notebooks in our secure cloud environment\",\n \"link\": \"\ + /workspace\",\n \"label\": \"Launch workspace\",\n \"color\"\ + : \"#4b5196\"\n }\n ],\n \"homepageChartNodes\": [\n {\n\ + \ \"node\": \"subject\",\n \"name\": \"Subjects\"\n },\n\ + \ {\n \"node\": \"sample\",\n \"name\": \"Samples\"\n\ + \ }\n ]\n },\n \"navigation\": {\n \"title\": \"Australian\ + \ Cardiovascular disease Data Commons\",\n \"items\": [\n {\n \ + \ \"icon\": \"query\",\n \"link\": \"/discovery\",\n \"\ + color\": \"#a2a2a2\",\n \"name\": \"Study Explorer\"\n },\n \ + \ {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\"\ + ,\n \"color\": \"#4b5196\",\n \"name\": \"Data Explorer\"\n\ + \ },\n {\n \"icon\": \"dictionary\",\n \"link\"\ + : \"/DD\",\n \"color\": \"#4b5196\",\n \"name\": \"Data Dictionary\"\ + \n },\n {\n \"icon\": \"workspace\",\n \"link\"\ + : \"#hostname#workspace/\",\n \"color\": \"#4b5196\",\n \"name\"\ + : \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \ + \ \"link\": \"/identity\",\n \"color\": \"#4b5196\",\n \ + \ \"name\": \"Profile\"\n }\n ]\n },\n \"login\": {\n \ + \ \"title\": \"Australian Cardiovascular disease Data Commons (dev environment)\"\ + ,\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\":\ + \ \"This data sharing platform supports the management, analysis and sharing of\ + \ Australian Coronary Artery Disease (CAD) cohorts as part of the Australian Cardiovascular\ + \ Alliance (ACvA) Precision Medicine flagship.\",\n \"contact\": \"If you\ + \ have any questions about access or the registration process, please contact\ + \ \",\n \"email\": \"gen3-support@biocommons.org.au\"\n },\n \"categorical9Colors\"\ + : [\n \"#0A2463\",\n \"#A31621\",\n \"#3E92CC\",\n \"#E2711D\"\ + ,\n \"#40476D\",\n \"#FFA630\",\n \"#AE8799\",\n \"#1A535C\"\ + ,\n \"#462255\"\n ],\n \"categorical2Colors\": [\n \"#0A2463\"\ + ,\n \"#A31621\"\n ],\n \"footerLogos\": [\n {\n \"src\"\ + : \"/src/img/gen3.png\",\n \"href\": \"https://gen3.org/\",\n \"\ + alt\": \"Gen3 Data Commons\"\n }\n ,\n {\n\t\"src\": \"/src/img/sponsors/gitops-sponsors/acva.png\"\ + ,\n\t\"href\": \"https://ozheart.org\",\n\t\"alt\": \"ACvA\"\n }\n ,\n\ + \ {\n \"src\": \"/src/img/sponsors/gitops-sponsors/ausbiocommons.png\"\ + ,\n \"href\": \"https://www.biocommons.org.au\",\n \"alt\": \"Australian\ + \ BioCommons\"\n }\n ]\n },\n \"featureFlags\": {\n \"explorer\"\ + : true,\n \"analysis\": true,\n \"discovery\": true\n },\n \"explorerConfig\"\ + : [\n {\n \"tabTitle\": \"Subjects\",\n \"charts\": {\n \"\ + project_id\": {\n \"chartType\": \"stackedBar\",\n \"title\"\ + : \"Subjects per Study\"\n },\n \"node_id\": {\n \"chartType\"\ + : \"count\",\n \"title\": \"Subjects\"\n },\n \"sex\":\ + \ {\n \"chartType\": \"stackedBar\",\n \"title\": \"Sex\"\n\ + \ },\n \"smoking_status\":{\n \"chartType\": \"stackedBar\"\ + ,\n \"title\": \"Smoking Status\",\n\t \"outerRadius\": 50\n \ + \ },\n \"hypertension\":{\n \"chartType\": \"stackedBar\",\n\ + \ \"title\": \"Hypertension Status\"\n },\n \"diabetes_type\"\ + :{\n \"chartType\": \"stackedBar\",\n \"title\": \"Diabetes\ + \ Type\"\n }\n },\n \"filters\": {\n \"tabs\": [\n \ + \ {\n \"title\": \"Study Info\",\n \"fields\":[\n\ + \ \"project_id\",\n \"_measured_lipids\",\n \ + \ \"_measured_proteins\",\n \"_measured_metabolites\",\n \ + \ \"_measured_serum_markers\",\n \"data_format\",\n \ + \ \"data_type\",\n \"data_category\",\n \"\ + _aligned_reads_files_count\",\n \"_lipidomics_files_count\",\n \ + \ \"_proteomics_files_count\",\n \"_metabolomics_files_count\"\ + ,\n \"_serum_marker_files_count\"\n ]\n },\n\ + \ {\n \"title\": \"Demographic\",\n \"fields\"\ + :[\n \"sex\",\n \"baseline_age\",\n \"\ + bmi_baseline\",\n \"education\",\n \"height_baseline\"\ + ,\n \"height_measurement_type\",\n \"weight_baseline\"\ + ,\n \"weight_measurement_type\"\n ]\n },\n \ + \ {\n \"title\": \"Blood Pressure\",\n \"fields\"\ + :[\n \"_blood_pressure_tests_count\",\n \"max_sbp\"\ + ,\n \"min_sbp\",\n \"max_dbp\",\n \"min_dbp\"\ + \n ]\n },\n {\n \"title\": \"Lab result\"\ + ,\n \"fields\":[\n \"_lab_results_count\",\n \ + \ \"max_total_cholesterol\",\n \"max_ldl_c\",\n \ + \ \"max_hdl_c\",\n \"max_trigs\",\n \"max_egfr\",\n\ + \ \"max_creatinine_serum_jaffe\",\n \"max_creatinine_serum_enzymatic\"\ + ,\n \"max_creatinine_urinary\",\n \"max_hba1c_mmol\"\ + ,\n \"max_hba1c_percent\"\n ]\n },\n \ + \ {\n \"title\": \"Lifestyle\",\n \"fields\":[\n \ + \ \"smoking_status\",\n \"cigarettes_per_day\",\n \ + \ \"drinking_current\"\n ]\n },\n {\n \ + \ \"title\": \"Medical\",\n \"fields\":[\n \"diabetes\"\ + ,\n \"diabetes_type\",\n \"incident_diabetes\",\n \ + \ \"hypertension\",\n \"angina\",\n \"stroke\"\ + ,\n \"myocardial_infarction\"\n ]\n },\n \ + \ {\n \"title\": \"Medication\",\n \"fields\": [\n\ + \ \"lipid_lowering_medication\",\n \"antihypertensive_meds\"\ + ,\n \"diabetes_therapy\"\n ]\n }\n ]\n\ + \ },\n \"table\": {\n \"enabled\": true,\n \"fields\"\ + :[\n \"node_id\",\n \"sex\",\n \"baseline_age\",\n\ + \ \"smoking_status\",\n \"drinking_current\",\n \"\ + angina\",\n \"hypertension\",\n \"diabetes\",\n \"\ + myocardial_infarction\",\n \"stroke\",\n \"antihypertensive_meds\"\ + ,\n \"diabetes_therapy\",\n \"lipid_lowering_medication\",\n\ + \ \"max_hdl_c\",\n \"max_total_cholesterol\",\n \"\ + max_trigs\",\n \"max_fasting_glucose\",\n \"max_hba1c_percent\"\ + , \n \"max_sbp\",\n \"max_dbp\",\n \"bmi_baseline\"\ + ,\n \"all_sbp\",\n \"all_dbp\",\n \"diabetes_type\"\ + \n ]\n },\n \"dropdowns\": {},\n \"buttons\": [\n \ + \ {\n \"enabled\": true,\n \"type\": \"export-to-pfb\",\n \ + \ \"title\": \"Export to PFB\",\n \"leftIcon\": \"datafile\"\ + ,\n \"rightIcon\": \"download\"\n },\n {\n \"\ + enabled\": true,\n \"type\": \"export-to-workspace\",\n \"title\"\ + : \"Export to Workspace\",\n \"leftIcon\": \"datafile\",\n \"\ + rightIcon\": \"download\"\n }\n ],\n \"guppyConfig\": {\n \ + \ \"dataType\": \"subject\",\n \"nodeCountTitle\": \"Subjects\",\n\ + \ \"fieldMapping\": [\n { \n \"field\": \"hypertension\"\ + , \n \"name\": \"Has Hypertension\" \n },\n { \n\ + \ \"field\": \"baseline_age\", \n \"name\": \"Age (years)\"\ + \n },\n {\n \"field\": \"project_id\",\n \ + \ \"name\": \"Study id\"\n },\n {\n \"field\"\ + : \"bmi_baseline\",\n \"name\": \"BMI (baseline)\"\n },\n\ + \ {\n \"field\": \"height_baseline\",\n \"name\"\ + : \"Height (m)\"\n },\n {\n \"field\": \"weight_baseline\"\ + ,\n \"name\": \"Weight (kg)\"\n },\n {\n \ + \ \"field\": \"max_total_cholesterol\",\n \"name\": \"Max. total\ + \ cholesterol (mmol/L)\"\n },\n {\n \"field\": \"\ + max_ldl_c\",\n \"name\": \"Max. Low density lipids (mmol/L)\"\n \ + \ },\n {\n \"field\": \"max_hdl_c\",\n \"\ + name\": \"Max. High density lipids (mmol/L)\"\n },\n {\n \ + \ \"field\": \"max_trigs\",\n \"name\": \"Max. Triglycerides\ + \ (mmol/L)\"\n },\n {\n \"field\": \"max_egfr\",\n\ + \ \"name\": \"Max. eGFR (mL/min/1.73m^2)\"\n },\n \ + \ {\n \"field\": \"hba1c_mmol\",\n \"name\": \"Max. Glycated\ + \ Haemoglobin (HbA1C mmol/mol)\"\n },\n {\n \"field\"\ + : \"hba1c_percent\",\n \"name\": \"Max. Glycated Haemoglobin (HbA1C\ + \ %)\"\n },\n {\n \"field\": \"max_sbp\",\n \ + \ \"name\": \"Max. Systolic Blood Pressure (mmHg)\"\n },\n \ + \ {\n \"field\": \"min_sbp\",\n \"name\": \"Min. Systolic\ + \ Blood Pressure (mmHg)\"\n },\n {\n \"field\": \"\ + max_dbp\",\n \"name\": \"Max. Diastolic Blood Pressure (mmHg)\"\n \ + \ },\n {\n \"field\": \"min_dbp\",\n \"\ + name\": \"Min. Diastolic Blood Pressure (mmHg)\"\n }\n ],\n \ + \ \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \ + \ \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\"\ + : \"_subject_id\",\n \"referenceIdFieldInDataIndex\": \"_subject_id\"\ + \n },\n \"accessibleFieldCheckList\": [\"project_id\"],\n \ + \ \"accessibleValidationField\": \"project_id\"\n },\n \"getAccessButtonLink\"\ + : \"https://www.biocommons.org.au/cad-data-access\"\n },\n {\n \"tabTitle\"\ + : \"Files\",\n \"charts\": {\n \"data_type\": {\n \"chartType\"\ + : \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"\ + data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\"\ + : \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\"\ + : [\n {\n \"title\": \"File\",\n \"fields\": [\n\ + \ \"project_id\",\n \"sample_provider\",\n \ + \ \"data_type\",\n \"data_format\",\n \"data_category\"\ + \n ]\n }\n ]\n },\n \"table\": {\n \ + \ \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \ + \ \"file_name\",\n \"file_size\",\n \"object_id\"\n \ + \ ]\n },\n \"dropdowns\": {},\n \"buttons\": [\n {\n\ + \ \"enabled\": true,\n \"type\": \"export-to-pfb\",\n \ + \ \"title\": \"Export to PFB\",\n \"leftIcon\": \"datafile\",\n \ + \ \"rightIcon\": \"download\"\n },\n {\n \"enabled\"\ + : true,\n \"type\": \"export-to-workspace\",\n \"title\": \"\ + Export to Workspace\",\n \"leftIcon\": \"datafile\",\n \"rightIcon\"\ + : \"download\"\n },\n {\n \"enabled\": true,\n \ + \ \"type\": \"manifest\",\n \"title\": \"download manifest\",\n \ + \ \"leftIcon\": \"datafile\",\n \"rightIcon\": \"download\",\n \ + \ \"fileName\": \"file_manifest.json\"\n }\n ],\n \"\ + guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n\ + \ { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \ + \ \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \ + \ \"resourceIndexType\": \"subject\",\n \"resourceIdField\": \"_subject_id\"\ + ,\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"\ + referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\"\ + : [\"project_id\"],\n \"accessibleValidationField\": \"project_id\",\n\ + \ \"downloadAccessor\": \"object_id\"\n },\n \"getAccessButtonLink\"\ + : \"https://www.biocommons.org.au/cad-data-access\"\n }\n ],\n \"discoveryConfig\"\ + : { \n \"requireLogin\": false,\n \"public\": true,\n \"features\": {\n\ + \ \"exportToWorkspace\": { \n },\n \"pageTitle\": {\n \"\ + enabled\": true,\n \"text\": \"Study Explorer\"\n },\n \"search\"\ + : {\n \"searchBar\": {\n \"enabled\": true,\n \"inputSubtitle\"\ + : \"To find out what variables were collected in these studies, click anywhere\ + \ in the study row. To filter by variables across studies, please use the 'Data\ + \ Explorer' (data access required).\",\n \"placeholder\": \"Search studies\ + \ by keyword\",\n \"searchableTextFields\": [\"project_description\"\ + , \"name\", \"code\", \"acknowledgees\", \"collected_variables\"]\n },\n\ + \ \"tagSearchDropdown\": { \n \"enabled\": false,\n \"\ + collapseOnDefault\": true,\n \"collapsibleButtonText\": \"Study Characteristics\"\ + \n }\n },\n \"advSearchFilters\": {\n \"enabled\": false\n\ + \ },\n \"authorization\": {\n \"enabled\": false\n }\n \ + \ },\n \"aggregations\": [ \n {\n \"name\": \"Studies\",\n \ + \ \"field\": \"code\",\n \"type\": \"count\" \n }\n ],\n \ + \ \"tagSelector\": {\n \"title\": \"Associated tags organized by category\"\ + \n },\n \"studyColumns\": [ \n {\n \"name\": \"Study Name\"\ + ,\n \"field\": \"name\"\n },\n {\n \"name\": \"Acknowledgees\"\ + ,\n \"field\": \"acknowledgees\"\n },\n {\n \"name\":\ + \ \"Data access URL\",\n \"field\": \"data_access_url\",\n \"contentType\"\ + : \"link\", \n \"errorIfNotAvailable\": false,\n \"valueIfNotAvailable\"\ + : \"No access url has been provided for this study.\",\n \"width\": 50\n\ + \ },\n {\n \"name\": \"Subject count\",\n \"field\": \"\ + subjects_count\",\n \"errorIfNotAvailable\": false,\n \"valueIfNotAvailable\"\ + : \"n/a\",\n \"contentType\": \"number\" \n },\n {\n \"\ + name\": \"Aligned Reads files count\",\n \"field\": \"aligned_reads_files_count\"\ + ,\n \"errorIfNotAvailable\": false,\n \"valueIfNotAvailable\": \"\ + n/a\",\n \"contentType\": \"number\" \n },\n {\n \"name\"\ + : \"Variant files count\",\n \"field\": \"variant_files_count\",\n \ + \ \"errorIfNotAvailable\": false,\n \"valueIfNotAvailable\": \"n/a\"\ + ,\n \"contentType\": \"number\" \n },\n {\n \"name\":\ + \ \"Lipidomics files count\",\n \"field\": \"lipidomics_files_count\",\n\ + \ \"errorIfNotAvailable\": false,\n \"valueIfNotAvailable\": \"\ + n/a\",\n \"contentType\": \"number\" \n },\n {\n \"name\"\ + : \"Proteomics files count\",\n \"field\": \"proteomics_files_count\",\n\ + \ \"errorIfNotAvailable\": false,\n \"valueIfNotAvailable\": \"\ + n/a\",\n \"contentType\": \"number\" \n },\n {\n \"name\"\ + : \"Metabolomics files count\",\n \"field\": \"metabolomics_files_count\"\ + ,\n \"errorIfNotAvailable\": false,\n \"valueIfNotAvailable\": \"\ + n/a\",\n \"contentType\": \"number\" \n },\n {\n \"name\"\ + : \"Serum marker files count\",\n \"field\": \"serum_marker_files_count\"\ + ,\n \"errorIfNotAvailable\": false,\n \"valueIfNotAvailable\": \"\ + n/a\",\n \"contentType\": \"number\" \n }\n \n ],\n \"\ + studyPreviewField\": { \n \"name\": \"Description\",\n \"field\": \"\ + project_description\",\n \"contentType\": \"string\",\n \"includeName\"\ + : false,\n \"includeIfNotAvailable\": true,\n \"valueIfNotAvailable\"\ + : \"No description has been provided for this study.\"\n },\n \"studyPageFields\"\ + : { \n \"header\": { \n \"field\": \"name\"\n },\n \"fieldsToShow\"\ + : [ \n {\n \"groupName\": \"Count of subjects with non-null values\ + \ for each variable\",\n \"includeName\": true,\n \"fields\"\ + : [\n {\n \"name\": \"Total subjects\",\n \ + \ \"field\": \"subjects_count\",\n \"contentType\": \"number\" \n\ + \ },\n {\n \"name\": \"HDL\",\n \ + \ \"field\": \"lab_result.hdl\",\n \"contentType\": \"number\"\ + \ \n },\n {\n \"name\": \"LDL\",\n \ + \ \"field\": \"lab_result.ldl\",\n \"contentType\": \"number\"\ + \ \n },\n {\n \"name\": \"Fasting status\"\ + ,\n \"field\": \"lab_result.fasting\",\n \"contentType\"\ + : \"number\" \n },\n {\n \"name\": \"hba1cc\ + \ (%)\",\n \"field\": \"lab_result.hba1cc_ngsp\",\n \ + \ \"contentType\": \"number\" \n },\n {\n \"\ + name\": \"EGFR\",\n \"field\": \"lab_result.egfr_baseline\",\n \ + \ \"contentType\": \"number\" \n },\n {\n \ + \ \"name\": \"Triglycerides\",\n \"field\": \"lab_result.triglycerides\"\ + ,\n \"contentType\": \"number\" \n },\n {\n\ + \ \"name\": \"Creatinine serum\",\n \"field\": \"lab_result.creatinine_serum\"\ + ,\n \"contentType\": \"number\" \n },\n {\n\ + \ \"name\": \"Sex\",\n \"field\": \"demographic.sex\"\ + ,\n \"contentType\": \"string\" \n },\n {\n\ + \ \"name\": \"Age at baseline\",\n \"field\": \"demographic.baseline_age\"\ + ,\n \"contentType\": \"number\" \n },\n {\n\ + \ \"name\": \"BMI at baseline\",\n \"field\": \"demographic.bmi_baseline\"\ + ,\n \"contentType\": \"number\" \n },\n {\n\ + \ \"name\": \"Highest level of education\",\n \"field\"\ + : \"demographic.education\",\n \"contentType\": \"string\" \n \ + \ },\n {\n \"name\": \"Smoking status\",\n \ + \ \"field\": \"exposure.smoking_status\",\n \"contentType\"\ + : \"string\" \n },\n {\n \"name\": \"Cigarettes\ + \ per day\",\n \"field\": \"exposure.cigarettes_per_day\",\n \ + \ \"contentType\": \"string\" \n },\n {\n \ + \ \"name\": \"Current Drinking status\",\n \"field\": \"\ + exposure.drinking_current\",\n \"contentType\": \"string\" \n \ + \ },\n {\n \"name\": \"Systolic blood pressure\"\ + ,\n \"field\": \"blood_pressure_test.sbp\",\n \"contentType\"\ + : \"number\" \n },\n {\n \"name\": \"Diastolic\ + \ blood pressure\",\n \"field\": \"blood_pressure_test.dbp\",\n \ + \ \"contentType\": \"number\" \n },\n {\n \ + \ \"name\": \"Myocardial infarction\",\n \"field\": \"\ + medical_history.myocardial_infarction\",\n \"contentType\": \"string\"\ + \ \n },\n {\n \"name\": \"Hypertension\",\n\ + \ \"field\": \"medical_history.hypertension\",\n \"\ + contentType\": \"string\" \n },\n {\n \"name\"\ + : \"Angina\",\n \"field\": \"medical_history.angina\",\n \ + \ \"contentType\": \"string\" \n },\n {\n \ + \ \"name\": \"Stroke\",\n \"field\": \"medical_history.stroke\"\ + ,\n \"contentType\": \"string\" \n },\n {\n\ + \ \"name\": \"Diabetes\",\n \"field\": \"medical_history.diabetes\"\ + ,\n \"contentType\": \"string\"\n },\n {\n\ + \ \"name\": \"Diabetes Therapy\",\n \"field\": \"medication.diabetes_therapy\"\ + ,\n \"contentType\": \"string\"\n },\n {\n\ + \ \"name\": \"Antihypertensive medication\",\n \"field\"\ + : \"medication.antihypertensive_meds\",\n \"contentType\": \"string\"\ + \n },\n {\n \"name\": \"Lipid lowering medication\"\ + ,\n \"field\": \"medication.lipid_lowering_medication\",\n \ + \ \"contentType\": \"string\"\n }\n ]\n },\n\ + \ {\n \"fields\": [\n {\n \"name\": \"\ + Description\",\n \"field\": \"project_description\",\n \ + \ \"contentType\": \"paragraphs\", \n \"includeName\": false,\n\ + \ \"includeIfNotAvailable\": true,\n \"valueIfNotAvailable\"\ + : \"No description has been provided for this study.\"\n },\n \ + \ {\n \"name\": \"Data access URL\",\n \"field\"\ + : \"data_access_url\",\n \"contentType\": \"link\", \n \ + \ \"includeName\": true,\n \"includeIfNotAvailable\": true,\n\ + \ \"valueIfNotAvailable\": \"No description has been provided for\ + \ this study.\"\n }\n ]\n }\n ]\n },\n \"\ + minimalFieldMapping\": { \n \"tagsListFieldName\": \"tags\", \n \"authzField\"\ + : \"authz\", \n \"dataAvailabilityField\": \"data_availability\", \n \ + \ \"uid\": \"code\" \n },\n \"tagCategories\": [\n {\n \"name\"\ + : \"data type\",\n \"color\": \"rgba(112, 182, 3, 1)\",\n \"display\"\ + : true\n }\n ],\n \"tagsDisplayName\": \"Tags\" \n }\n}\n" + logo: !!binary | + aVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQW5jQUFBRGpDQVlBQUFEbm9qSWVBQUFBQ1hCSVdYTUFB + QXNTQUFBTEVnSFMzWDc4QUFBZwpBRWxFUVZSNG5PMmQvWFhiTnR2R2llZjBmN3NUV0owZzZnUlJK + b2c2UWVRSm9rd1FaWUlxRTBTZUlQSUVsU2VvTkVHbENWNXBBcndICjdrVVhoa21LeEJjQjh2cWR3 + OU0wc2ZrQmdzQ0ZHL2VIa0ZJV0pEeENpTnVpS0taVkY1SlM3dmdLQ0NHRUVPSURpanNITk1FMk1Z + NEMKZjM5amVmWlRVUlJIL0hsZkZNVzUvQytGSUNHRUVFS2FvTGhyaVJCaUNzR21IN2JpelpWUy9P + MGcrdlpTeW1QWVN4SkNDQ0VrQnlqdQphaEJDeklxaUtJLzNTZDdrYTA0UWVrcnc3YVNVKzVSdWpo + QkNDQ0Z4b0xnRFFnaTFuVHFIbVB1WXhFMjVjU3FGWGxFVVd5bmxPZWVICklZUVFRa2c3UmkzdU5F + RzNLSXJpWFFLM0ZKSkhKZklvOUFnaGhKQmhNenB4aHlDSXhVZ0VYUjJQRUhtYk5HK1BFRUlJSWJh + TVJ0d0oKSVVvTDNSQzJYSDF4S1lwQ0NidzFBeklJSVlTUVlUQm9jYWRaNlpaRlVkd2xjRXNwOHdT + UnR4MTdReEJDQ0NFNU0waHhCMSs2VXRUMQpsYTRrVjFRZ3hvcGJ0b1FRUWtpZURFcmNRZFN0aXFM + NGxNRHQ1QTVGSGlHRUVKSWhneEIzMkg1Vm91NXpBcmN6TkNqeUNDR0VrSXpJCld0eEIxQzI1L1Jv + RkpmS1c5TWtqaEJCQzBpWmJjU2VFV01CYXgwQ0p1RHhCNUxFQ0JpR0VFSklnMllrNytOVnRNaWtK + Tm1TK1k3dVcKQ1pFSklZU1FoTWhLM0FraGxLWHVhd0szUXY2Rlc3VVpBN2VHS1o1Z2dzTkVXV2lW + Z0QvVFdrc0lJWG1RaGJnVFFreGhyUnRyUlluVQpVUlV2RnJUaXBRc3Mzak9JdWFtRDVmc0F3ZmRj + dHppbjVOZFlITTQ4bkVvSjNibUg4MWdoaEZocm9qd1dSLzJRVXU3NmVuNUN5SFdTCkYzZTAxbVhE + QlFLUFZyeEVpRlE3K1lDRjF5WmxjUThyNWRGajROV0h2Z1NPRUdLWGlGdktRUlA1L080SlNZaGt4 + UjBtcGkydGRkbngKWFVxNUhIc2o5QWxLN1MxN0VBQVA4TU5NenBxSEFLd2ZIay81SUtWY2VEeGZh + eElTZHpvWGpOY2JXdlVJNlovL3BmZ09NRG50S2V5eQo1TE1RWW8rdGRCSVI5ZDBJSVpTdyt0blQ1 + SytTaC84amhOakFVcFlTdnJkUmU5dVdUWlFidlArL1ZCK0VtQ2FFOUVSeTRnNytKRCtaCnR5NXJs + Q2pmUWFTVHdDZ3JONnc1UHhOSkRhUW1lVFhCSjJIQnhTN0FSOCtudldIL3JrWDF3UjhVZVlUMFJ6 + TGJzbGpwN3daa3JUc2cKeXJEUUlnNmJVSmF1MHRveEhaQzQ1VFp0UUNDZy9rejRGbnNQdGduWVJv + OTlCRllrdWkzYkJITmpFaEtaSk1RZHR2QzJHU1lrdm1pUgpnMlUwMmQ3WFJBYUx3MFNMY0p4a210 + K1AwYlNld1dKb0U4QWlGWUlEM244dmt6dTJxa09OTGIvRzd0Y1ppcnVTYjFMS1ZScTNRc2l3CjZW + M2NZV3RqazRtbDZsUkdoL1daQmdKaWVLWWRPYlNkbXVCbkZIanVaQnBzZE1IN2p5cnc4SzM4SGZB + Uzk3SHJMbWNzN2dwWThlWWMKQndnSlM2L2lMa0FFV3dnZU1aRW1tOU1MRTlnY1I4b1RmaThUL0pE + QXU5NWx1bTBmL2YzRGgvZHp3RXNjcEpSUmc0Y3lGM2RGMzVaYwpRc1pBYitJdThmeDFwYURiNXJi + Q2pKVGJ6QVVLUEVzeUYzWWw2djFQWXkyVWhCRG5DTzMxVzh5RjN3REVYY0Z4Z0pDdzlCSXRxMUls + CkpDanMxSmJyRi9qUXFHMkRwSk95MXFFbUdTbmxHdGFFMzVGNzdKTFFMZDR3a3JZN21vOWQ3b0Uy + NnY2M01WS2xvSS9GYUM5R2hIYW4KSEFlWU1vbVFBRVFYZHhCMm54SjZtWS9JTmorQktCcU1MNGhh + RlNQUnFyTG0zVVBBcG9BYTJIOHlUVUluaHBUUVd6MUhETWY2V0FzSQo5bU03U29HWFdrNUVRcklu + NnJac1lzSXUyV3o2SWVteGVrRWQwUjNTY3lPd0MwTVo4VzJtNjduVklyUkRSWm9HSytFRndmQi9J + YzVkCncrK3h0aGdIc2kyckU5MXZrWkNoRTAzY0pTVHNSaW5xVElRUU0xaFBVcGdrS1BCcUNCVHRl + ZEhxd1Y0VkpKb2Y1OUt6MERzcGk3bkgKODczUVE3Qld0SEpranVLdWN6b1M5TUh5bUFjUys4eUhT + WWhIb216TEppTHNudUQ0dkJpN3NDdiszYkpWMGIrelJMWnIxL1M5cWNXbgo2RldpN291VThsWk5w + RzB0VFpvZnArL3QvYnVBVy9PeHQwb0g2ME1LOTQ0TitzeEU4K1gxeVdjc09Ba2hIZ2d1N2pCNDl5 + bnNUdGorCm1WSFV2UVdEdGhxd3YvVVllRUhuNmdydzdmanlzMU9MbTJlL1VwZVR3TUk2aGErcUQ3 + ejczc0hTR05zaVBacHlaSm92NzI4ZSs0RWkKeFpyRWhHUkpVSEhYY3g2N0M3WWdKcUg4ZW9ZRXRt + cDhUdHBkS1FWZWtHMjZUUEVsZkI2d3VQRVNMS1RPZzdKYlBxdzNJYXgzTHVkegpXZUNNS3JBQ0Z0 + MDVyTGsrRm9aMzJQb25oRGdTVE56QkN0T1hzSHRDTGkyV3V1bUFObGovMFpNVkwxcWFqTlNCNFBI + aDJ4VE1Gd3puCjlTSHdVaEYzSjBRbDIvSnhqSDBYMXR5WnB6Rmp5UVVlSWU0RUVYZGFzdFUrK01J + dFdEZWtsRnRFU2ZaaHhYdm5PTUVPQlI4TGs4ZlEKVHY0NC81UGphZDc3bXRBeDl0aUs0cTJIdmpm + Sy9JM3czL1FoOEc0aXBja2haTkI0RjNjOUpsczlJQjJCazA4UitSZHQ2KzFMRDFhOAo5d2pDR1NW + d0xIZTEycDBpYmhQT1BmUVJYNkxJWlZ0dmc0V05TOERJYUxjVklmQjg5TGs1cmZlRXVCSENjcmZw + SWRucUEwdlpoQUZpCmVRYnhISk5QSTA1eTdPTzVGN0VTY3VNNnJvc3FYNUdTdGlMeG9JMGZMdGE3 + ZDJQZVZvUTQvdVo0bWhzbWhpYkVEYS9pRHNsV1AwWisKSi9kSWJ6S1l5aEtwb1cyNXhONm1IV3VL + RkZjcjFrTVBRVVJyUit1ZHM3aHpMRGUycWZtekRhTVdKdkIxZGsyWHc4QUtRaHp3SnU2dwpsUlN6 + WHV3RktVNlkvRFlDMmpidDk0aVhIVjJBaGFkNnFORjlsckM0Y3ZrV2J6d0llUmRSOVdLdHcyTEdS + WnpRNnVUZUJuZE1qVVNJClBWN0VuZVpuRjRzRHRtR1o0aVF5eUNKL0gvR3FkNUg3VnQrNFdyQWVl + d3dtY24xUDF0dVpHSU5zZHcwT0ZXM21zalU3ZW1HQ3NkazEKMElZaW1SQkxmRm51TmdIclQ1b2M2 + Ri9YTDdDV3hreVg4bkZFL25ldTRxNDNJWXh2MHFWUHVBZ2lsNjNzcWpaemJVZHVLN3EzSVN0VwpF + R0tKYzIzWnlJbUtTMkZILzdvRTBGTGV4SWlNdmlCMzRXQlQzSGdvZG45UnBjVTgzbEpuTUI3WVd1 + QjJ0dFo0SWNUZUlaRHJ0NnArCjVYak9ZTzhpZG0xWkY0UVFaOGZ4NFZlTzk0UjA1eGVYTmtOVVdL + elVJeFIyaWFFc05mQzFqQ0h3Ym1BSkdQSnEzblVyci9mOGdIMzQKd0dJY3NoVmhUdzBMQnZVc2Yx + cWU5N2tjR2FKSHg4eldzZnhrbnpsVENja1cxMjNaV1Buc0tPd1N4V1B5MGphby9IZEQzdTV5Rlhk + agpuUVJkdHV5YnhLaXJNS1BQbUhzYmNtdVdFQXVzeFIyaSttSVU1NmF3UzV6SUFtODE0T2haMStj + YXF4K3FseWhaRTFqMFhQSTdqckljCm1ZRnJuMlRFTENFV1dJbTdpTkd4RkhhWkFJRVhvL1RTellD + alo1MnNGR01NTW5LczV2SFlZbXh4N1d1akxFZFdBb0hzc3VnYnV6Z20KeEFwYnk5MHF3bmJzaGNJ + dUwrQU1IeU5OeWtkTTZ1US9ZbGNRU1lVZ1Zqc05SczI2NDdMb29PV09FQXM2aXp0RVNINE8zTmdV + ZHBrQwpoM3JYOGtOdEdLTDF6cVZzMVZpL0ZSZkwyRlZ4aHpISXBUTExxTXVSQVpjSTk5ZzF5Z2ta + QkRhV3V4alJzVXZtc2NzWHBGb0lYYXJzCmJvREJGUzY1SWtjbjdwQjJ4WGJ5YjdNbFcrSWFGRERx + clZsSGNVY0lzYUNUdU1OV1dPZ2dpdThzS1RZSUZoRzJDb2NjWE5HVk1TNkcKZkNjdXJzTlYzSEZy + MWdGKzQ0UjBwNnZsTHJUb2VrSjVLNUk1c0lvc0FrZlEzbkRpSENlTzVjWXVYZkxQZWRpYUhYMDVN + a2ZZZG9SMApwTFc0d3haSXlCSmpGMjVmREF0c3JZY1dYMHV1N0VkSjZFQUtFOWVGTFhQZUVVS2kw + Y1Z5Rjdwa3pZSUJGTU1EVyt3aC9lOXVJbFpKCklla1FWZHpCMHVkaWhhYTRzNGZ6QWlFZGFTWHVJ + bGp0dnJOTXo2QlIvZWNVOEFFLzBYbzNubnhnanVYR09tM0pHcmlNVVRkSS9FNDYKd3VBNlFyclQx + bklYMG1wM2ltQVZKRDJpK2QrRlpPeStkMlB5UzNKNTF5NENqVkd6aEpBc3VDcnVJbGp0dUIwN0Fw + RGdPT1QyN0JCOAo3NTRTdUljY2lCVWwrd29QVzdOanRUQXpJSUtReUxTeDNJVzB1RHhpMGlmaklH + VDA3TTNJL1pwR01ZRmlhOU4yc1hueU1ONndIRmwzClhBVHRXQ3V2RU9KRW83aEQrSDZvdkhZWGJx + V05DMWhvUTI3QjU5NmZYQ3pZTnlPeENnV3RTTkVDUnMxMngyVU80YTRPSVJiOGN1VlgKUWs2V2F4 + U1ZKaU5DU3JuR1ZyK3RRM3dUS3AvWVBPUGduTDFEN3JZQzFydkJXc0loWGwzRTNkRlRUZUtMUTJX + TTl5b2daQ3hqbjRmOApmZ3ltSU1TQ1duR0hnZlJUb0VZOU1YM0ZxRkdMaHI4Q05jRFNrNFdtRDF3 + bnN0bVF4UjJFblV1dDBUODkzb3NMOHhHTmY2NWltdUtPCkVBdWF0bVZEYmgrc0dFUXhYdUQzRkNw + NDRIM0doZHBkclRsRDkrY2F5dk9OeVIzRmRSNmh1Q1BFZ3FadDJWRGk3c1Rhc1FTK2Q2R3MKZDRz + YzArdW9mRjVDQ0pjdHYzZDliL2tKSWRTM2JTdXVOM1ZqQXdTN3k1WjFTanlYSXh0Ni9qYkhmSVFG + Y2hKUzNCRmlRYVc0ZzU5RQpDSitvZ2pudFNBSHJuUkRpS1ZEQVRwYmlEdXdjUlV4dnorN0JsYU5w + TzMxb1ZzbkZDQ3g0cnMvSFRBcUVXRkszTFV1ckhZbEJLTCtqCm5BdTF1MDVvZlVaanVncXdKaXZO + MEtKTUJ4MDFDNkh2K295c1drU0lKWFhpTHRRcW1VRVU1QVZFdFlZcVM1YnI1T2s2b2QwaEdya1AK + Z3ZoWEJkNUo2SXVobHlOYk9nYS9GQlIzaE5qelJ0eGhJQTFSa2VMaUlVY1VHUjZoQnZBc0owNzR5 + N2ttYmwzSHpua0gveXFYTGZaVApRNURWVUsxY2d4UjNtRU8rT3A3bWdVRjNoTmhUWmJrTE5aQnUr + TEdTQ3JnMSt4YlhSZEJORDM1M3J2ZmN0QjA5VkhFM3VISmtlQjRmCmkzZ2FBZ2h4b0VyY2NVdVdS + TU9UcGFxT3NXN05LajdIMnZiRGRWd0RZeXFmR2VkMjNkNUxtYUZaNzlZZXR0QjlsSWtqWk5TOEVu + ZlkKV2dteEpmdkVhaFNrZ1ZDcmRCL1ZDS0tEYitYQnczVTNvYTJYT0wvcis3czBWQlVaZXU2K3dW + Z2xrUWJIUitKN1psUWd4QkhUY2hkcQpJS1dKblRRUnl1L3VYY1lKalgxTWNNcml0UXNsOExRdHVD + Q084NEdyNUtSQ3prbTNuMUh2eWFPd096Q2pBaUh1bU9JdWxLV0RVVStrCkZsaXFRa1hOanQxNlZ3 + bzhyKzBBd2JqM0ZNVmFKMlNIYnJVcnlmWTUwUTkySGtYNG1LcDNFQktNR09MdWtZRVVwQVdoRmdC + WmlqdmcKYTN0S0NieS9oQkJlemllRVdHSkM5K0hDOGRqZ3N1R3laYW44dGtTTW95aUtMdzczV2VR + b2FKUzFFZGE2dnoybXFYbWdyeDBoZm5nUgpkMWlCaFhCY3B0V090SUYrZHdZUVBkODhudktyRU9L + bzh1RFpSR25pOS9Zb3dPOXJyS2dVTmg1U3E4UWNkM3prSmt3K3NodmJyNm9QCnFPZjl4L09XK1lW + V08wTDhvWmNmNDVZczZRM1VWVDBGQ09pNTY3dmVxZ3RTeWhVaVJuMVpSMVQ3L2tBdXZCMHNjUHNx + aXdtMmNpY1kKRzBKRXJYNXZlQyt1VzVYUi9MYlVNM2dvcFJlckhObWs1UmI5UktzUlBNV2ZReWFT + bm5PSGh4Qi9xRzJGNTVONWRJalZVVkd5T1crTAprWWdJSVZRYWhjOEJydmhIUXpSbThtaCtUVU5L + Q2FLRS9MUnVRbGNXUmdlaHI3Wmtvd1lwb0NySUQ0ZFRxSWpoVnRaVWlQSVFOWm43CjRvdVVrcW15 + Q1BHSTduTVhRb1RSZjRKMElaUzFKZGRreHM4b3ErWUF0NndXRGNMT3RVcE9IMExCZGZFdzlISmtk + VHhRMkJIaW4yZHgKQi8rYkVQbnRLTzVJYXlCaUxnRmFMSHZyTWRKRGZFL2dWbnp3NVlyanZLdVFq + VzZsaFZCOWREek4yTVNkRW5aRHJUNUNTSytVbHJzZwpsZzFHUGhFTFF2U1pyQzEzSlZMS3BhZjBL + SDNTeGxMakluSU9QZnBYdW9ySytkREtrVFZBWVVkSVFFS0t1eWUrT0dMQlBrQ2ozZVNlCktMWUVF + Mkt1QXUvcWhPNmgzRmh2Q1hCaFhYV3hQTitNeEhyM2hjS09rTENVNGk3RXhFZXJIYkVoVkw4WmhM + Z3IvaE40OXduY1NoZmEKV21wY0ovMitxeHM0Vys4ODNVZUtLT0g3Z1Q1MmhJUW5wT1V1aEFXR0RK + OVEvV1lRVzdNbHNCSjlDT1NqNkp0V2xocHNTWDUwdUhZSwpDZE5keGQzSG9WaVpEWlEvNG9TdU9v + VEVJYVRsanVLT2RDYmc1RHc0WHlaTWxCTVBqdnloT0hXMDFMaGFyWHBQZDRPVU82NkNlMGpXCnV4 + TlNFVEdQSFNFUktjV2Q5MGpaWEpQR2tpUUk0YTg1eUh5TGFzSlVFeWVzZUtIcTg5cndIWG5zdWxo + cXNvdVNyY0YxYTNnSS9taXEKTDk2cmZJTTU1NWdrSkZmK0YyZ0xnTUVVaEVSRWlTZ2s3cjN2V2VT + cFlJL2ZWR1J2RjBzTnhpR1hDZ2dQQ1ZtR1hNWGR1eHpLa2RWdwowRVJkMy82UGhJeVcvd1hha3FY + NW5hVEdrREw2MTZJbVZJaThEeEczYXkrYXFGdFlXdTFkclZYSldJZVFyOUZWWU9ka3ZUdWdCcko2 + Ci8xT0tPa0w2NTVjQXZraUhuakxFRTBJQXRrTjNDRktZWTF0NjV0RUY0d0pCdGZXMDdlWWlaaTRK + YnYxdEhVdnB6Uk90U25LQlAvVWUKa2UwNyt0SVJraDYvZUlvaUxBZjZOVmF0aENTSDJ2b2JteThv + SnQ1TnVWV0k3YytwVmd5K3ROelhXVFl2V25DVW1zeFYrKzBEZk9jdQoxcDRVMytuYWRRZWpvYjl1 + SXFXYTJtdlBjT2JZVGtnK2lLSW9Wa1ZSZkxXODR4TUdzUTFYYjhRWEFRdWpmMkFxQmtJSUlVUG5G + OHZuCmU0S1ZqbEZRaEJCQ0NDRUowWFZiVm9tNkZhMGZKRENEU2poTUNDR0V4S1J0UUFWRkhZa0NB + Z0JjYW9zMk1aYWk3SVFRUWtiTS82NDgKK2dGK1NqTUtPeEtKa01tR2FSRWtoQkF5ZU9wODdsU0Uz + Skw1aWtnUERMS1NCQ0dFRUJLTEtzdmROeFI0cHJBamZUQ2t1cHFFRUVKSQpkSFRMM1JPc2RkbmxN + aEpDekxTY1hWUDRWazA2Sm13dFM2WWR5MXhlNnIvTTdSUVBJY1FpUkoxalFnZ2haRXo4Z2lTVlg2 + U1VXVlNWClFNM0ZHVVNjejR6Nzc0My9sdGNySVB5WWtUMDhReWlZVGdnaGhQU0trRkltL1FhTThr + bnpnSkdVWFRob1FvKzUvandBcTkyUHdKZjUKSnFWY1JYa2dRZ2docENlU0ZIZWFvRlBIeHdSdTZS + cFBtdGhqVkhGSDhMNlBFWVE3eFIwaGhKREJrNVM0ZysrY3N1QjhTdUIyWEtEWQo2MERBY21NbWY5 + RFNTZ2doWk9qMEx1NDBLOTFxd003MEZIczFDQ0UyRWNVOGE4c1NRcUlqaEpoZ25pdUQvczd3NDk1 + endVbEMwSnU0Cmc2aGI0a2pCank0bUx6NTdZdzdRaUN6c0NvbzdRa2hNTU0rdHI0eHpGMVNBeWlL + b2tlUkJkSEUzY2xGWHh3bENidyt4TitqMEsxakYKcXRYcXU4aVhwcmdqaEVRQm1SMTJIZWE1Qnlr + bE13WVFMMFFWZDBLSUZVVmRhOHIwSzZYcGZoQ0NyK2MrOEdzT1ZsSk1Dcm11NHJQTQpsVW1JVHh5 + Q3hMNUxLWmQ4R2NTVktPSk9DREhIWk1VRXRXNlVndThJd1plRkZRb0QzUUtpcnJjK0lLVVVmVjI3 + Q3dncytpdUhlNjJBCjFsRXllaHhkVG42VFVoN0gzb2JFamJyYXNsN0E5dHNtVWlUa0dIaXZ0eVVT + TEovMGlocGFaWTFlQjRjTTA5a1FRb2d6R1B0Y2ZJbFgKVE9oT1hBa203b1FRUzNSU2JzR0c1UTVI + VldXTmsxWk9yUlI3TDFZVkh4WVdDUGdKU3I1TnRXaXcyUDUwMTNoeSszVkNDR25GekxHWgpYSCtm + RVAvaWp0YTZwS2dTZmwvTFAwQUE2cHcwRVZoSDE1cTloQkFTQlNIRUdvdkxydXc5K3JyWlhGK0g0 + eXR4eHF1NFF3bXBOYTExCjJYSTM0SUdGZm1DRURKOHBEUXVFRk1YL2ZMU0I4akdBQStrUENqdGl3 + UVc1LzBJeXlseUNoQkJDeG9lenVNTTI3RzRBSmNOSWYyd2kKK09neFBRY2hKQWF1dXdTaEY3cGtC + RGlKTzZSczJDZm9QRS95UUZuc3ZpQ2lOalFVZDRTUTRDQlE3ZUp3SFpZakk4NVlpenY0MS8zRgpi + VmhpeVFWUllkTUlmbjZYc1paNEk0VDBnbTBTOGt2R0NjeEpRbGlKTzFRWitNRVhTU3c1UU5STkky + M24wMnBIQ0ltR2xISmx1YjI2CjVFS1UrS0N6dUVQZ3hOY1dQMHBJRmQra2xGUGt4WXUxUW1Xa0xD + RWtOck9PK1RYdnBaUWJ2aVhpZzA3aXpyR2tDaGszVHlpcnM3SW8KcU8wS0xYZUVrS2dvQzV5VWNn + YS80bFBEdGRYWStEdUZIZkZKNnp4M0l4QjJCNjE4MTFrWEJFMlZIQ0JVYnJXL0tyT0w2NVVieGh4 + dwpvZ2F1VmRtR0tNMnppZXlyT1RiTDNZY2VyMDBoVFlpR2xGTHRVS3dSZ0tqUEYycSsyYkdPTEFs + QkszRTNVR0gzaUVuZnFRQy9sTktjCnpDclBCVkV6MVVSZitlZWhDcjhISmVMMHRrVWI3Q0kvODJG + c1Bpd3MzRTlJZXVDNzVMZEpvbkJWM0ExSTJGMFFZcjZWVWtZUE5ZZkEKcUJOK3BlQ2JhZUl2eHl6 + ckIxamxOcWFnZ29VelJqNDdFMXFTQ0NHRWpJcEdjVGNRWWZjRXNaR3NQd1BNOGtkVC9HVWcrazY0 + NXgxRQpjNldGckFjZk94M21qQ0tFRURJcWFzVWQ4dGpsTE96ZWJBdm1Sb1BvTTdkNFEvdjNYV0FC + MCs5bjMyYTdFLzJvejdRNTNBWWhoQkF5CktpckZuUkJpbm5FZXV3YzQ4QS9XU2JWcGk3ZEVzL3FW + bVA5ZngxNnJ3M3EwYlVjSTBIWFBDNFRSK2R1bEJwekl1OUpxNGFCVEVkaWsKT0ZmNHhEcWpMYTdL + YTE1N3hxTVdyTFdQTVRaWnRIdnJieDF0UGROOGgrdllhMEVEenU5QmEvY216RDdRbHR1T2JkYllS + eXZHMzlhRQpOa2pnM3FhR2dhQ09zL1llOXlHK3A0cDc2OXB1bmIvemhyN1VlZXlwT2Y5TVM5SmZY + cXRwNTZwTW1iUHoxdFpTeWxjSGJrSTluTXpzClVJMHlNNStIUi93RG5mcVlRUDlaNXZqKzBYN1d6 + NTNZczlnOFErTjNqTUZ5aVMzM3BuNjI4L2djVXl4VzloNzY1Um4rcDhxcWZadEkKdTI5YlBQL0dZ + VzRvbjlsNmpIYjlMandmMS9yb0txWHZGMjIzOFRRdWIwUDFYY3QydS9xZDQvblgwQW5XWTAvRCtX + L1JKbHVQL2F6OApadVpXOTFSeGs4dUVQcUMyRFdEMThEeThmNWhsbXBOVStzWTB4M2RNY2Zkc2Vh + ODYxNlJqLzNJU2Q5cUE3VVBRTlkxZjZwa21QYmY3CnNhSE5yMDJJWFErcmhUakZuVlgvWFFaZWFH + OTlHbFVzMiszY2NMNUZ4K2Z2OUN6NFB0WVJER0pudEUzcmNhSXFpWEZPUGtyZjhiQjAKbXU4Ulpl + SkdTYnFqeFRhc1M0SHRKazZodHhCSU1ONXN5OEIzY3g5cm0xOElVVTZLUHdKSGVOL2dtZjVSQVd6 + WWx1cURPL1BhK0tiLwpDUkRFcGM3M2x4QmlpKzB4NGhtdC8vNFp1SGIzUjd6TG5hVUxoZzl1S3Zx + dW1wTjIrSDZEUEQrK0R6VW1mWTRRTEhpRHltQnFuRmkxCitXN2VpRHRNaUUzWnRGTkEzZDhIS1NY + cjhQV0lJZXErV25Ud3A0Q3BTaWo0ODhVY3FEY1lwSU5IV3l0L01pSEVIcE5pN09qdVV1U3QKSWwr + MzVOa0hTWnNZUTVlWlZNTGdDQjgrNG9FZSsyOHAyTmM5Q2ZhWE1RUDk2UmdxczRRU2ttaGptem5Q + QitxNisydGl1cTc4V0t5YQpuelk4WXJ1TlVaQTlnYzY5ZGhCMUJYTGlyUU9tZG1FcG4zeDU2Uk14 + MHpGQlZQMmRRR0x4cjJyeTZNR0tOOVVTamNkS3VhVEdqcjloCm1TVU9vQTFqSjRrMytRemhFVnV3 + UHd1ZDBHbTNjUDU5QW1QRUhjUjA3VUt3VHR5bGF2WDRJcVdjMDFvWEg2em1GMm9yQlZzMUxxWm8K + dFJVN2h6OUlDQTdja3MwYkxDQ1dNWVFkK3ZZbWdxV3FDKzk2bUNUblBZcURIOGpTUUN6QUpCL0Z1 + dDBDSlR4MmtRWDdCQXVUYldCaAoxMWUrMWpxK1l1eDZRMlVxRkJVU0w0UjRTaWhoN2dXT2pweXdJ + NEtQWlk3am82Y3JYN1EwQ3JUYWtUcm0yRm9LU2s4bDhkcHlnMGt5CjF0alhkeHNvbjhNcGE2MTJJ + OUZpQXpjUTdFV2tBZ0psc0ZVby83cmJCSVZkeVNjaGhBb3FlV1VzYWFwUXNVbEUzQjBnN0dpdEN3 + dzYKOEV3N2ZBLzJMeUlkUGoyaG9MakxuK0RDRHZSUkVxOExzUVZlbjl5VTZWSUcvcHpleUtEWXdB + OElqOUM3Z2FHMVNqQ0xvQ2MrcXpsVgpiK2RhY2FmVU52eXErbnlnQnlsbHNyNFlEY2tncXlwRkhM + VGt3SVdSTExnVU9sNFNLTGE0YjdQQ1JXbEpDeGxWcFF1N2VjQ1A4WUVMCkFkSUdqRysrTE5JaEtR + WGVaQVI5KzcwU0xDbVhpMHdGT05UblVHeGdrL1BpSlBCODVaTTFCTjd6R05GWVd4YXJxTTg5M1do + eXdrN0wKekY0ZVhZU3ZLZmIwenZMaTY2UE0yRnE1cjBMTEVLNVQ5WGNsVlJtK3k1VndxUEprMTFE + Q2RxRjkzQ0VEZGpncGtLdGd3TzVyYkxQaApwc3dwTm9LM3UrSjMzSXptWDVZRHBVVTIxNmhvSDlI + ckI3d3ZjKzZlYVZWdVhPZm1PL2l4UDkvdk5YRzM3bWtBdkU5bDVRWkJ0NEFQClVFakxsczZOSWY1 + eXNDN1U4V3BiSFk2L29kcnh4Q2pxbHpZT3pURlg2d29teGh6dlhWbTFWUHFubExNWitFRGwzSnN6 + ZjJranZuYlYKbnZBdHZDbDNaYmpwTEJ5djkwNk5TMUxLdnRMOFdJSDUzMFYwZlVPTit6by8wcGY1 + Q3RkeURTSmJ2SWpSRmhtWVkxY2NXUGpNMU82UQoyVHQwWnZveEhKdUtiTjRoTTNuMzNuYzg5YitV + TXZIWEhhMnFQNlI0ajVnWXZWMERBL0tiYWlnWVIrYWVNOWlmMjVSOUN0U2VaZG1wCnFYR3RTWURu + ZkZNT2pSVXF2TFpEcHlvaDZNc3JEKyszc2NLQ1M3dUZlSzhPWThYWnRrSVMzcTlMT3o5WDdFcHRv + dWwxY3ZiWWdjZCsKbkt2ZXBlZTZlMjgrcGo3N2p1ZCtTSEhYL3Roam9xbzYxaFgzTS9GNFhadkow + Y2UxSzh1ekJXejNYZHV5UjNoT0wrTFo4dHV4TFpYbQpyUTZ4REMvdVhNdkJ2Zmt1T2p6WDFOSG9z + UW5WYmkyUGM4TjRzYXRZdU5pMnRWTkpOc2NhLzgvdk4vUUgwK1hvVGRoUjFIazk5alZXCmpIbmc2 + MTZkOEhJNUtPNGFqMk9kcGF6bC9mallpV2ljb0ZvTTJxNjFQcTlhN3p5Mjk5THlPUmNlcm0xVGYz + YlE0Zzc5Si9yN3JKZ3YKWFFSZTdVSWhrTGpiWVA2NWF2SDI5QjN0UGZVaDIyL291UyszdlVqb3lh + WlBZVGNQWEZoNVRFZGR3ZmZid01LNTFWWlZMZ2ZGWGUwNwpkaG9uUFBWRGEySG4rVDRhSjJsUGJl + NjBZUEl3VVhlKy9nakVuY3ZpNU0xV3Q4UHp1WWpNMnI3cldkeHR1eFRhOS9nZGVldEx0dHBFCi9X + NWRoWXBYd0VuOXFhMUhYMGQ2Q1o1QUJuejFYRDhqQmtvTUZkVTNmbXR3bGcyZEkyak45Q2VEcGt5 + ajR6cE96QjM3NGFPUENINzAKMVJtZXk1WlExVjFLbmx5ZDMvSDdCNGRUTU4vZFcyeXJlRng4OWhr + RVgzeXovUFhRZlZmeGdHcFd1U2ZFdGs0ZjAwcmNnUkJSTHQ5NgpFblp6TkZvT3VXdFM1bFFVeFI5 + U3lsbmRSNFFTVWlIYitaSjRMV1RpanE4Y1dTN2xyUzdZSnZFQ25zZWwzOTRGTGszbTYxbGRuakYy + CmJkMmt3YnhsdXpqWkJoQTZ0dS8yTG5EZFpDK0xNQWZlKy9vMklWQkYxNlBvSXU0Q1dPOGUrZ2lM + UnFtV240bG5tMDZkRXl5dWs2WjAKQmVqZ29Tc04wR28zYkw1NVRIN3FrbEpvNmJ1ZllmdzdPWndp + bEdYcndaY1F3T0xkMWtMSkhaWFh1THh2N3d0Z2ZBK1BscjhlcXU5NgpYWVE1c0lOaG96ZTZXTzRL + ajQwV1hWbWpPUGcrOFZJdHFhT0x1a2FMYTZRa202ZmM4aWFSVG5penlpS2J2eTJYZ0RzTUx2MDMx + QVRwCis3dTFQbDlnQzA5dTJMN3ZTOERxRUxaNVJVUDFYZCtMZmR1RmlUSWUvYWxLcnltRGtoSjZh + Z3lLMlordkpURitoVnJOQ1NFZUhBWFMKSWJheWhnVXAxYUsvT2ZBQXMzNlhRWG9YWWVWTllUZHNO + aDRIYXBmSkpLVHJ5TmFoaEZTUUNUSkE4bUNYUmZVRVR1WEVQcG51T1dCaQpjMXV4RWtyaytMWlF1 + cnB2M2FEdnYvUi9WS0U2b1YrZnRWS2tleVNIOTlMZk80azdzSFJ3VEw0Z3dWNjBiVFFLTzJ2S3pP + WGJydThMClc5K2h5NXc5c2Y3azRQSDVmbDBtazJCVlQ5UzNKWVI0c3B4QWJwU0YzUE40R2lKd0xz + dWFvaW5oNk1OMXA1ZTRUSVFRZnRpUEFiVEYKTnRDOTNtbkdqMWZ1SWhCL1QvaHU5b2krN1N6NHVt + N0xsdnZzdHF1QVdzZjdFRkRZZFVaWlZiOGc4dlU1T3RGQzJMbVdUMmxMci80TQpKRGkrdDVLc3hW + MkVNbGd1NHRGM1VFVUlJVWJMbXp1M3VUOUFCRUlzd3ZvcWdmY2VwVitWVmY4ZklZVGFOVjEzRWZt + ZHhWM3g3MkMzCnRnaHh2dys0Ny84R0NydldQR21DVGlXR1hkc0tjQ0hFSWtJQWhlSjd6TDVFZXNI + Mys3VVZkeTRCRDIxSnFTOTczMVVaUURxS0ZNaTEKNkg1TXZIOUg2THZmRTNpMk80aTl2eUgwVnZC + cnI4VkszSUV1Zm5NUE1iZlFLT3dhT2FDejNoZEY4U3NzZFBPMlpaMEFBQmkyU1VSQgpWTmFDcmdU + Q3p0WjNxQXNuK3RvMVl4TTZiM0dFemtIbWU2QzI5ZitNSVV4Y0JKWHZTWitSNTJreU9NdWRZNUJU + RmFFV1NhNzVHbjFUCmJyTTNpandibjd0bmxPVkVDUEd0eFY3K0llWVdHaDZVd3U1ZkRxV1RKdHBr + SDhMZk1hS3dLMEtrcENCSk1xWjM3UEtzdmlkOVdzUkoKbG9TYUYrQVh1MGhRVjl4QWY2bEkzSVhw + UG1JdDdncmthVUppeFRybitRdEtCa1VacUVjcTdBNUd4TTBPUmZTakROS1JoZDFqQlA4bgpRcUtD + aFRJYm5ZeU5iQllTK0VZbm1GOURCd3QyUmVtZG4wS0lWOVcrbk1RZFVKUDczelgvdG96c0c3Vk9z + T0hiY3FubzdMcUQ2Rm43CjkyamlyWW5Jd2k2VjVKU0VlSVc1M01nWXlXMEhCdmM3UlZxWjFLS1BG + VDlVWHIzU0FPSXM3aHEyWng4ais5a3RNa3BRZklKdzJ5R3YKVGJCVUM2R0lMT3lLMkNsMENJa0l4 + UjBobVlBZHl3MTg4VkxUSENwaHNpb3ljSFlKcUhnQlZRTDAvRWlubUZZV0JGQ2tYbC8wcEVXbApx + c1pmSU5WSWpzSnVIVm5ZZmMreG5VaFMyR2FhVDkyUm5kOEZ5WkVRK1JTam9RSVFVV1hyVndRbjJw + Wmg4ODFOR2VQZ1JkeUJ1VGFBClJ2T3pBNXVFL2V4VUovNEFRZWNjbGRvbktPRzJRVWgyTEE1U1N1 + YTBJNjdZdWpIRWNQTUlIWGxNOHNkRnhIK0xGRUhmNVJoRW4xYzYKQjBhYU9RcjJmMUR0RGJFWEk0 + MVNGYy96cFErZnUyY1FVVExIOWxtMDFTVDJ2MVAwczFPaWJqVVVpeFA4Z3JhUjIvcUNSUU1ocmxn + dgpObFhLaHNEZnNVczZFK2FRSTlmZ3RuOGtNRTY4akJVSThweml1TVZDN2pid1BLb3ExOHk5aWJ1 + aTRzRkNBOEdSbW1QakNZRWtnNG5xCjdERnY0SndKVUlrbjltYVpudzdNQTQ5cnR2ZkZCTUVqUWMy + dERoSFZUSURjRTlqQnJOUkZtdkNiNEpqaHZ6NXFzazk5YnN2MlFXcTEKUlZXQi9lbkFoTjBTMGRD + eGhkMFgrdGtSajdoRWx3ZXpIaU13eVphcy9aWklaMndUNmI2N1ZzMkF4QWRidWp0czY2NVFVRUNK + dTk4OApWTVdZZWJYY3hRVFpyVU1VOUxYbGZraUY3REVZYkZ5c0NnNDhvTVFkSWI1d1dTamNJVWxv + aU8vYnBkb0tGei9qWXUrd25UY1BZUXpCCnJvNk5jQXlTVUg4SXdCcS9oSCs3OVk1WnR1SXVJYXVk + OGd1YkRhbldLWVR6eHBONXVDc0hSQ0VSNGczNEJCOGNKa2VWL21EcmMwS0MKMWM3bEcyTkM3M0d4 + ZFVpOXNmUTlaOElBVUpmajlob2ZVbDZjWUE3OHkrSlh2eUY3aUROSU03ZXlyZGVlNWJhc2gwSFJG + NE1TZG9pRwpYYU5UOXlMc0dEbElBdUl5dWQzNXJHa01mMkVYNi9ScFNBdEswZ29YTWZRdVFDMVhG + M2VGMVB1dXJTK3JiLzlHNjNlZXE4OWRDb1hqCmh5YnNadmpnWXFZNTBia3dVVEVKakt2bDRyT2pq + OXd6c0hoc0hmMVlhYlh6Uy9KQkJ4Z2JIeHhPc2ZIbGU0ZnoyTTdEaDlUSGVZZEEKcFkrZUs4NVl0 + MU4yNGk0UnE5MWdoSjNxaUdxN3FVZHJYYUcxSnlQL1NEQThUSTRGU3Z4WTUxM1U2bCs3cGtLZ1Q2 + cGZibHplYTBSYwpyYysrdG1iWER2TkZMcjdwdGdGTFByOU42MFZIanBhN3ZxMTJneEIyMklKZE9h + YUk4TUhnZkJaSjB2Z1lQLzVVQzZLdUszUXNUSThlCmhOMERGMEsxdUZpRWxGL2xNdVhJVW1RUWNJ + bVMvb2krYS8yTWNQUjNLYnVWaTlYWmRrNzZpTG5WQjdibjJXVWw3cEFrdVcrcjNUSm4KSWFLSnVp + TnlCUFpaMllQQ2prUUZvc2pWZWxkZ1FmU1BtdWd3TGxVQ3k3Z1NERWVVN1BQeHZhWGdscElxTG1Q + SkRaelgvMDhJc2J0Mgo5UGo4cnU5ZjlkMTlWeDg4OWZOQ2lMMmpzTXRwWWVKaVlmeUtzY0ZLUkd2 + Vm9Hd1hncnZjb21YN05wdC96elhkQ2F3TUt6akJwbENxCmpjS085SVhQNzBCTmRKK1FZUFprT0dL + SFNOWDBqVmE3Um56NWNxV1VadXNWU0dqODZMampvb3drZndraFRoQXhPek05aVpaa2Q0YnYKeFVk + VmhXd1dKb2hXZlhMb0MycHNtQ05JY2RQbXUwV2J6OUZPdG9Zc0ZXeVZqN2lET09uemc4dXV4cW5X + VVJhSkRWWVVkcVEzMUNEcgprbUtnZ2J2QU93c0hYMmtXQnN4WXhwUnlpOTkxZ1hLSEhaem5TazhP + VlREYThEM0RoY25LTWlWS3lVM1p2a2pGdE1NQzVJaWp6Qk5ZCkNta2Y4L1N6QVNvbnkxM2Z3aXFM + M0d1YW9KdjM3RXRYeHdsUnNSUjJwRGRVa213a1lIWFpZb3JKSlpjeHFFOWcxYm9rc2pzUkRLMlcK + dTR2d2lNa3BSM2NDOUNjWDY1M091d2kxMlM5bFFFZE9QbmQ5RG16ZlVoWWo4SVZZd1IvaS8rRGJr + Nkt3TzZBOEc0VWRTWUdsUTBtbgoyQ3o0M2JSbUZHbGlFRnh4bjhDdHRDSG5ORmR6aUtZY1dKVHRu + SVc0d3dxbHI1WFlLYlcwQTVxWVU2c0tpZFhiMXdpckFoY2VzUlhMClBIWWtDZEFYWnhrSXZQc2gx + YXVPd0dES1FGNERQdUNwQzd6N25CY20yamlSdXNEN3JvOFR1V3pMQml2YzNZSlYzNElFVVUzbGth + eWoKYndQZmMvTlhKT01BMjFzelQ3bm5mSE5CZFA1b3hJb1BQRytsSlkvcUgvQ1YrNUhndlE2aTVq + cUNLMll1dFY0RDgyRE9zYmxzeS9ZbAo3cDc2NnBoSW9hRDhnczZhWlM3SHdlcWV3bzZrakJKNFVz + cXBweFFwdmpqQjBrMWhaOGNpbzYwMFo5QlAva2pvbVM5REVYWWxzRDdPCjhHMm14RU5WUGZia3hW + M1BXN0xSSFVBaDZ0UUg4UTlLZ2VYcUdLdytnTjg1T1pGY3dBQ1p3Z1Q1UU45VU54Q1ZPYW82MWRp + U204QUYKcGs4T1ExMlk0SnVjSnRER0JjYXBQNnFFWFpHSjVhNVBxMTNVUkpYSVlPK2FKRElGSGpr + NWtSelJKc2p2UGR5KzJrcjhvQVpyK3FhNgpnL0huOTVGWjhKUVZXczJaSDNxd01GMFFmRGpvc2Iv + bk5pNVJDOEJKa3k5dUR1S3VyOVZYVktzZHJIVytNdGozeVJmVjhUazVrVnpCCjRLMWNDWDZEeUFz + dERrcFJONHU5b0J3NkVCbVR4TGJjZzZQNmtaUnlBa3UwUzdteU5qeUxPb2lOMGVSaDFOcjRQa0li + RjJobjFZOS8KYTdNQXpFSGM5ZUU3Y1lvNXlIcW8xWmNDQjJ6RHNxQTVHUVJxYTArSlBDbmxMU2JK + QjQ5amtmcGV2bUNncHFnTENNUzZta2QrUlp2SAptSWlUUUZsMlZQL0NRc1gzc3ovQ3IrNVdpYnF4 + THVqVjlyUFJ4ajZqN3k5bE8wTThMOW9tZ2haU1NvLzNFUVlrNXQxRXpOMFd6UkVVCnBVayt4N2hX + UUw0eGM3NC9VSTNGT3E5alN1L0NvWUQyTGxYQmcrVEgrbEUwQkRzZGpJejBiOG84QmJwSDIzWnZW + U2FwSzZuZFQvSGYKZXl4cmYzYmVJV3I2enJRTUI1Mko4ZjNpL3Fhd2FsN3J3eWV0L3g1RGZwdXB0 + MXRiak5KdHR5M2ErS0pWVjltaG5mY3UyOXRaaUxzUwp2UGhONEJJL0Z5ams0S3NRQkl2OERIMmRn + RHdoVlFOOTZ3Z2hoSkJFeUtsQ1JabVJlNHI5L1ZCc0l3bTcyNHlUYlY3Z1c4ZjZzSVFRClFraGla + Q1h1aXYvOEoxYlkzdzdoT3hITFoyeVphZkJFR2FWRDN6cENDQ0VrUWJMYWxxM0M4MWJ0Q2RFdlFZ + SFY3cGladU9NV0xDR0UKRUpJQjJWbnVUSXh3Wk5lY003SHFOeTR5RW5aNm1nWUtPMElJSVNSeHNo + ZDNKUWhIZGhWNXNYemdyQ01oSThMY1c0UVFRa2lHWkw4dApXd2VxUFN3N0ZBT1B0U1U3UVdteFZG + R2lia1ZCUndnaGhPVEpZQ3gzSnJEa1RWRWlwRTBkdUZoaUpzVjZoM3JtYTFycUNDR0VrSXo1Clpl + Z3ZEMEpscHlXR1hkUUVYOFR5dDB0SjNCMFFIUndsL1FzaGhCQkN3alBZYmRrbWtEeTRQTXJBaGw4 + ajViZmJkOWdxRHNFSlFuYkQKQUFsQ0NDRmtlSXhTM09sQTZFMWpsUzRSUXZUUjRCUjBoQkJDeUVn + WXZiaUxDZkxiL1Yra1N6NUIwTzBvNkFnaGhKRHhNSGlmdThTWQpCcnlkSndTRkpGdHduUkJDQ0NI + aG9iakxEeFhadXRjUFd1WUlJWVFRVWtKeGx4WXFlclVNNmpoRHdCVmxtaFphNUFnaGhCQnlEZnJj + CkVVSUlJWVFNaU1FbU1TYUVFRUlJR1NNVWQ0UVFRZ2doQTRMaWpoQkNDQ0ZrUUZEY0VVSUlJWVFN + Q0lvN1FnZ2hoSkFCUVhGSENDR0UKRURJZ0tPNElJWVFRUWdZRXhSMGhoQkJDeUlDZ3VDT0VFRUlJ + R1JBVWQ0UVFRZ2doQTRMaWpoQkNDQ0ZrUUZEY0VVSUlJWVFNQ0lvNwpRZ2doaEpBQlFYRkhDQ0dF + RURJZ0tPNElJWVFRUWdZRXhSMGhtU0NFdUJWQ0xJUVFXeUhFV1FnaHRVUDkvMDRJc1ZRL3gzZnFC + eUhFCkhPMjlNOXA3TjRUbkd4dDhoeVFXUW9pWjBkOVdNUnYvRjc1cFF0SkhpYmFpS05UZ2NGTnpz + K3J2MytOWUNTSFdVc3FvZzBuZkNDRW0KUlZFc3ROdllTU210SjNBTXhsK3pieGhDTkF5UmNaUlNi + dnBzSHlXQ2lxS1lsZjlmTjI2bGR0K3BRM0ZIU01MQUNxY0dzWThkN2xJSgp2YThZTk9kU3l2Tkkz + dkdrUW94WmlUdTBPNFVkR1NKNnYzN0MrTkluTStPZTZoYWxxZDEzMGxEY0VaSTJXMWpqVEI2TG90 + aHJmemV0CkVJRHZJVzZtZk1lZE1kdnNnc21rRk1ySHhPK2ZFREppS080SVNSUnNRNWpDVHExWUYx + TEtOK0lDMjVJYjQzZmVxZk9NYll2V0F6UGoKRktvTjExaytDU0ZrZERDZ2dwQUVnVkF6dHdVZnBK + U3pLbUZYL091cm92eFFsQ2g1TVA3cEs4NUg3Tm16N1FnaHVVQnhSMGlhTEkyNwpPbFg4WFIxTC9M + ek9LOHRkbDZoQlpmblRmNzdoNXlZcWtFTUljYXlJNUZVUnA0dTYzOVhPb1NLQ054WG5VTWUrS2hw + WXU2Ky9qTk45CjdSS3Rwa2UzVlFqcnY2NjFXVU1rOHhIUFZMczlia1RqYnZGM1UvemVya3UwWFVX + N3RUbXFudWNXN2IyditQM0d5T3lxUG9QenJmRzcKNTVwcmxuMm84elZ0d1hzenIzZEcyMTlkRkRY + MGU5bTIzeGZOL2VmcTkyUDgvRXc3MzA2N0w5TWFyWGp2R2tGODVaM3QwUmZNYjNhbAo5WTJ2eHI5 + SnMrL1kzSGREZTNaOUw3T2FNYWw4TDFYdDJvbUt0bHNiOTFDT2kxWFBzcXQ4RmlrbER4NDhFanZn + MHlXMVk5SGxIaEUxCnF2LysyZmgzL2Q5MlY4NjEwbisrNFhwbjQ3eFZoN0tBVFdyT01hMTQ3cXBE + WFdkYTh5eE54K3JLYzg0Nm5HdG4zUGUrNWUrdGE2NjkKMDgrTmM1cnQyWGovRnUxUjJ3ZHFybDkx + SFBWM1VkZG5hdHJJdk9heXd6Vm5OdCtzZVgyNE1WenJhN1hmWHNkKy82YWRjSTViNC8wMwp2aWYx + ODFlZWExbnpYTE1XL2FOeExHZ3h6clQ5WnMzK1VYdTA3TmM3bisycG5XdmQ4anhiOHp3VjQwbmw5 + MXZ4cnZZVjUrbmN4emlwCjgrQ1IySUdKMFB4d2F3ZWdob0hKSEJEcUJKR1R1T3N3d09zRHZUa1Ex + b21KdWtIdFhJckVEdGYxTHU0NmlDRDkyRlJjMjV5TXFzNFoKVXR4dGpYZlI5ZmVuc3FIUDFEeVBQ + aUczblVUMVkyN3hUZGkwelp2bmMrajNieFkySFJZRzVmRm1nZER5bS9FcTdsVDcyejUvWUhIWAp0 + VDIzTmMrM2RUbFBHM0ZYSmV6MHNiRmhUS3A3eDhmeTl4bFFRVWg2bU50T1Q1YnBUUFpHY01YVXQr + OFl0cTErR0grdElubVhwVzhnCnRpM1U1UDBPLzM2RGdWUGZ6cGdiT2Z5K1F3VHRzYVV6dzRTZ24y + T0o0eHYrVHQzTEorMGNUMFlxbEd0YlRrZnRYRE9qN1I2TUNObnkKenh2anZpOTQxbDI1a3NZOTZw + SE1uOVFXejVVZ2wvS2NCNXpyM0NHdHk3Y3IvNjVFeVoxeHo4OWIvbWpycmZIelQ1aVlkdmlaS2Q2 + Rgova3hxYTJqUzBFL0w1em5oT1k1bEc2Si9mSzY0NXJxYzdOQ09LK08rTjFldTJaWVR6bDIrMHhu + YVEzK3ZLL1RSb3VqVzcvV2dxQnYwCmw1bDJub1hXcHd1OGl4WEVTdG4zbDhiVzVXZmtzYXlMMk5i + dlc0K3FyL3I1azVGU3BFc1V1QmxnOUloenFYcy8xM3ozSy9RL3ZTK2IKMzlxMS9sdDczeTNiVS8z + TW45clBmRVEvZW5sMnVFQ1kyUWNlY00zeXUxNFk0NDA2ejZKdC9qMjF6V3I4L2dFQ1hPL1A1bmJy + TjR5TApSenpMM1BndTd2QTdhMXB0ZVBCSTdLaFkxYjZ4OUxSY1dadm5XV24vMW5xMTNtUzVxMWg1 + MWxxWEtxeFRNKzNmOU5YMnNlYjN6VlZzCjFmWkZxM3V4YUxzMzI0QlZXOThOVzI5VlA2dXYwS3Uy + a1RwdHhiZDhyaXByazI3UlhiYXhhdFM4KzJWRCs5WDI0d3BMUzkzUDNWYjgKYk9VMmQ4TTltL2Uw + cjlubWJMU2VWeng3N1gxYzZmZW1kV2paOGh5TEZzOVY1LzdRK3R0dmVLWTMzMkpOTzVyV3ZYM0Z6 + MXgxKzJoNwozMDE5OGtwNzZuMzN0c0l5VnZrdFZyeS92YXh2STMzOE5TM1Z4NXIyTzdkNFpyT05u + MytPQVJXRXBFL0tPZFgwbGVmcGlqWEtEQWlaCmEzL1dWOXUzVlU3enNCejlYaFRGQnh4dEEweENN + VGZPcXlhSVNzc29Wdk9QMmwvZFZQeSt6b1B2RFB5d3VKbldwbnZqbmsxTFFWTWIKTDJFWnFmdGRu + Y3FBSU56VHUycy9WL3piaHVlS05tdmxGTi9Bc3NyeWh6WXhvODcxZ0JpOTMxK2tsTmZhcWU2ZVYx + cC8vdENRYnNmOAorMnVCSHNzR3k1NFA5dnA5MXlWTGwxSnVqZUN1ZDE3djRpMXJ5L2JVeHh0ekYr + R3A0VnRjR04vQXUydEJPTEF1NnBicVMwT3llZjArCkpqWGo0dFo0RjgvOWpkdXloS1NIK1pIYkpp + RU9XbU8yS2txc1kvMUUvYmtPeHZiTkVSRndlMjBMYjE4bm5ucEMzN2E1dEJCalpxV1IKV1VPVy9S + REN6dHpXL1Y1eHorYVdsb280YkRyMVdadUFtaWJ1YmMza1pmYWhUZE0ySzdham52U3RUdlZzbHYz + aWRLVTgzZDRRY2M5VQo5UHR6eDM3L012bWI5NjJkMjd4R2wxUkdCNWV5ZTIzQU8zcTVCaUptWjdq + UDN0SXVlV3BQODk5cXYwVnNQMCtOMzZudHZ4QjI1Z0pyCjF0Qi9MOXIzZFlkeGNWdU9od2lVcXl5 + elNIRkhTSHFZSDNydFFBUUJWRTUwVC9qZEZRWmZVeFNHRmtaM0RpVzcxT1Q0VS92L0d3aWgKVjM0 + dlFvZ0RCRUJxQ1lXdnRxMWFZUnRDcWZhOStweWN0UkoydWhYZ3diUTJWVmdjYmp5V1lLdDdIbk1C + MHVhNWQ0YVBsdTBpNXBwbAp5M3luczVyNzY5cnZYN1V6M3MrNndtSmtTN1FGRU1TSzZRdlpLeDdh + MHhTQ2plMEpDMmtiSyttOFpnRTBhYmpHMGhDRE4rYUNBMlBLCkFlUCtpNzhzdDJVSlNROXpvSGpY + TXJmWGU1ajdkNWlvemVvV3lTYml4YUQwT3dScUUycHcvQk81blppWXVSMWJZMUk1MUd4OWhtelAK + c2RRM2JvUHV1RC9CLzMveUpPeUtXRzRjQ0FqNGtaaXc4OTZlSG5jTDZpemI2N3J4SFpiMUQvaG1y + NTM3Si9MdVBaK0xsanRDRWdOYgpUeWRqMEZ3MkZOUTJlVmNoNUU0T1BqaHR0NFVmT200bnZwcndN + WWpPc0pVeXczVnZhMnJydmpjakQxUEhkL0xkTm1BQzF0dnZVaEdSClYyTDJqem9SR0pMb2JlUUJs + MzV2V2xSUEVPUG0rekVqd1hzRjM2aDVQMmE5NnhJek9qc2tWZEhybTQ3dCtlcG4xYk42M3VhKzRC + cDYKaE91cXdkZjBPZTlseTNIeEk2eVdDNG83UXRKa2JZVHJxOHo4bXdxQnRzRlcwY1RZaGpCWHJV + MlR6N1VKdFU3Y21RUG1yWTlCRU9kNApkUjR0SllTZW91SzltY0lnTWhmalhtNnZwT1V3Z3dHQ1ds + S3haZmJLOGI5QjJKV0xDdjJ2dkx6UEs1anZibGFSaXNYRWJNZlk3OTlMCnYwZWZOaWZveXZLQ05X + S3FUOHhBRnJYTlh4bmNnbnNQTHU1cTJuTnEwWjU3d3gya3lsOVZQOWZjR0NPcnhtbWRKZnFzWGxG + SHBiZloKTnZXam1uRnhnbmVodXdXbzUxcHdXNWFRTk5rWVVWalB1ZUZNNjQ4eTI2c0lWUXlzTStO + M1NpNFYwV0c2bWI4MndxdHBZSWFsVGIvZQp4eWJybEZtU3FuUkMxOHQrMVpYWlVvSUVrYmpteE4v + bjFxeDVMOWVzWE9hL0J4Tk9tSEJNeCszYWFGNE5QYUwzcnFtMFVzVjdzM2tlCjgzY1dWL3JRekl5 + dWpTM3VhL3A5azE5c1piK3ZXRFE5Tmp4TGFoWnE4M2tyZHhWcUJGY2pEaFp1c3owUGx1MXA5c25h + N3hydi9TZkUKMWZOeHBUL2VZOHplSVplbnprWi9kcFRhMC92Tm0vdEFQZkdWOGQwK1EzRkhTSUxB + dW1LdWhOOGhXcW91L2NPMHhyZXBLZ0xSbk9RMwpGZlVmSnkyMm0welJ1S3NhbkJGUlpqcWRsK0xJ + SEF5L05reVc1cURjTkpDR25oRE50dmxhOTI2d1BXcUtrbXNXS2l2UTF1YTlmV21aCldzVzhwemY5 + b25nZHBQSHFaN3ZlTHlaQzNjL3k1a29mZW5OL1hhL3BDYlBmdjFsNEZkZjd2Y21zNFJ6bXhHNGJR + Vy95M3BPN1FOMjMKOXViOU5OVllCazBwZ2tyYVBIOWw2cEJyN1FuaHBhZHZ1Y1AzVzRYNTkyOUVs + b1labmI0eXIyT0laSE9NZmxPanQvanZXM3piL2pZSgpESG53NEJIbmFLaDlXYVlpS0xkbHI1WEFP + dUxuRmpVSk5zdWZXZUZZMTUyeklyR3MrWE5IREo2bGowaFZ6VkN6cnFpWlZIUVBjVHZSCjd0ZE1H + SHFzdUplcVpLN3JNak4raHlTdFY1TVkxeVF4bFhpVzh2bkx5Z2Ztejh5Ym50KzJmNkVOek91ZHRm + ZGFlelM4aS9MM3kvZTUKcUxqRzBVankyNnI5WkgzQzRMTVc4YmlvK1E0cUU3OWVhWityaVhCYkpx + R3RhdWRPL2I2bXYyN3h2SHBWanJwdmUxdFRndTlhbVQzegovUjdSdnF1MmliOHJrdkNXZldTcXVZ + alUxWGQ5VmErM0p1SDFWdXVuWmRtMHFuRm1yZDkzemJlNHdEMTFhYytxMG1wSDdUdFkxcFE1Cm03 + WHBQdzAvWTU3RDdHTTczTnN0amxsRk96OG5IdWNrellOSDRrZVhPb3d0RG4yQzZsbzdVVllKRDR2 + NnFtK3kyVnZXYUsycUdsRWwKcE41TXJDMG1yN2JpcnFwcXdyWGphbTFaMno3WnNUNXU1WHUxZUtZ + M2xUbTZpRHRwWDZlMXNocklsZXUwN2cvWEptZUxQbHRWVTdsdApUZDF6alZpcXFoZDdUZHcxamlj + dDIzSFM0ZG1yN250bnRHUFQ3NWZDclc2aCszTGZ2dHF6NDducStrZXJpamxOMVNvc3Z1ZVg3NExi + CnNvUWtEbndxUHJSSUUxS2lmdTZQRmorL3VMS05VT0FjWDVwK0FENUkwNWIzOTFUbDFGOUd5cllJ + K1Mrd2xmRkhqZlB4dk1idk1BaDQKamxtRi8wd1ZGL2pjdUZaVmlQVk1ab1dHS2s1WGtyQzJ2V2Fa + OHVIVTRzZWZNSUgxbXRySG90Ky9xWU9MWElQWDJ2bUM5K0VydCtPNgo1WGRXQzdiVDIzeHJhaXV5 + OGJ1dXFRWlNoYm1OV1hXdUx1M1ptSDBBNTdwdjhZd1h1RDEwU1dTdFU3czlpekd1N1hmeDZsdGt0 + Q3doCkdZQ1BmQVova1htTmo4c09Kdmx5MHR2Q0IyeWkvZnlMajFwWnpnbE82Z3ZEU2ZvSUM5TU8x + Mnljd0REWWwvZTNxRW1nZkMwYWJJK1EKLy9MNXpITWNzZUp2eWhpLzE5ckl6QnpmUlF5WXZtQk5W + UlBPaUdZdXR4Rk5uNkV6cktSMVZScTYzbHNUNXc2TGdGcEtuMDg0L3k4cQordHUxZDlHNi9VclFO + eVo0Ly9NS3AvMDkrcVJMVytuM2RPMDhabHUrOGU5czBlOWZ2cU82aXlpeEQ1OHVNK3F5UUw4cGZX + WlYzNzdICnV5amJwbXpYeHZzMHJsY1c5Uyt2WitXL2g3RmhvdlVQM1IvTWZPNjUwWS8yeHJuS05w + alY5TFVDMGR4Nk8xZjY1ZUpjeitsQXJyU24KOGxlcmE4L3lYTXJuVlAxTzJTZjFaM3h4amFuNXJx + LzJIMXhEdlk4eUdYU0pHZ2VmTXdHMCtDN1VlZFhZOHA4dloxRVUvdzlscURkVwo1cjdLVGdBQUFB + QkpSVTVFcmtKZ2dnPT0K # postgresql: # primary: From e1b5b81b59459dbb8d760968be5a4cdc40b4eeb4 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Wed, 6 Dec 2023 11:23:23 +1100 Subject: [PATCH 077/131] external secrets --- helm/common/templates/_cloud_db_setup_job.tpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/common/templates/_cloud_db_setup_job.tpl b/helm/common/templates/_cloud_db_setup_job.tpl index bb55e268..45db948f 100644 --- a/helm/common/templates/_cloud_db_setup_job.tpl +++ b/helm/common/templates/_cloud_db_setup_job.tpl @@ -79,7 +79,7 @@ spec: valueFrom: secretKeyRef: name: {{ .Chart.Name }}-dbcreds - key: svc_username + key: serviceusername optional: false - name: SERVICE_PGDB valueFrom: @@ -91,7 +91,7 @@ spec: valueFrom: secretKeyRef: name: {{ .Chart.Name }}-dbcreds - key: svc_password + key: servicepassword optional: false - name: GEN3_HOME value: /home/ubuntu/cloud-automation From 99f8a53a4eb6421367a62f676b0869433bf4fc96 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Thu, 7 Dec 2023 15:50:27 +1100 Subject: [PATCH 078/131] external secrets --- docs/portal/Dockerfile | 4 +- helm/external-secrets/.helmignore | 23 + helm/external-secrets/Chart.yaml | 24 ++ .../templates/arborist-postgres-secrets.yaml | 14 + .../templates/audit-postgres-secrets.yaml | 14 + .../templates/clustersecretstore.yaml | 18 + .../templates/fence-creds.yaml | 16 + .../templates/fence-postgres-secrets.yaml | 14 + .../templates/indexd-postgres-secrets.yaml | 14 + .../templates/master-postgres-secrets.yaml | 14 + .../templates/metadata-postgres-secrets.yaml | 14 + .../templates/peregrine-postgres-secrets.yaml | 14 + .../templates/requestor-postgres-secrets.yaml | 14 + .../templates/sheepdog-postgres-secrets.yaml | 14 + .../templates/wts-postgres-secrets.yaml | 14 + helm/external-secrets/values.yaml | 400 ++++++++++++++++++ helm/gen3/Chart.yaml | 4 + helm/guppy/values.yaml | 2 +- 18 files changed, 628 insertions(+), 3 deletions(-) create mode 100644 helm/external-secrets/.helmignore create mode 100644 helm/external-secrets/Chart.yaml create mode 100644 helm/external-secrets/templates/arborist-postgres-secrets.yaml create mode 100644 helm/external-secrets/templates/audit-postgres-secrets.yaml create mode 100644 helm/external-secrets/templates/clustersecretstore.yaml create mode 100644 helm/external-secrets/templates/fence-creds.yaml create mode 100644 helm/external-secrets/templates/fence-postgres-secrets.yaml create mode 100644 helm/external-secrets/templates/indexd-postgres-secrets.yaml create mode 100644 helm/external-secrets/templates/master-postgres-secrets.yaml create mode 100644 helm/external-secrets/templates/metadata-postgres-secrets.yaml create mode 100644 helm/external-secrets/templates/peregrine-postgres-secrets.yaml create mode 100644 helm/external-secrets/templates/requestor-postgres-secrets.yaml create mode 100644 helm/external-secrets/templates/sheepdog-postgres-secrets.yaml create mode 100644 helm/external-secrets/templates/wts-postgres-secrets.yaml create mode 100644 helm/external-secrets/values.yaml diff --git a/docs/portal/Dockerfile b/docs/portal/Dockerfile index abec3809..5567c6e0 100644 --- a/docs/portal/Dockerfile +++ b/docs/portal/Dockerfile @@ -1,7 +1,7 @@ ARG CODE_VERSION=master -FROM --platform=linux/amd64 node:16 as builder +FROM node:16 as builder -ARG PORTAL_HOSTNAME=dev.gen3.internal +ARG PORTAL_HOSTNAME ENV APP gitops ENV BASENAME / diff --git a/helm/external-secrets/.helmignore b/helm/external-secrets/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/helm/external-secrets/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/external-secrets/Chart.yaml b/helm/external-secrets/Chart.yaml new file mode 100644 index 00000000..c89d8882 --- /dev/null +++ b/helm/external-secrets/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: gen3-external-secrets +description: A Helm chart for installing ClusterSecretStore + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/external-secrets/templates/arborist-postgres-secrets.yaml b/helm/external-secrets/templates/arborist-postgres-secrets.yaml new file mode 100644 index 00000000..2e53913f --- /dev/null +++ b/helm/external-secrets/templates/arborist-postgres-secrets.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ .Values.postgresql.arboristcreds.name }} + namespace: {{.Values.postgresql.arboristcreds.namespace }} +spec: + refreshInterval: {{ .Values.postgresql.arboristcreds.refreshInterval | default "2m" }} + secretStoreRef: + name: {{ .Values.postgresql.arboristcreds.secretStoreRefName }} + kind: {{ .Values.postgresql.arboristcreds.secretStoreRefKind }} + target: + name: {{ .Values.postgresql.arboristcreds.targetName }} + data: + {{- toYaml .Values.postgresql.arboristcreds.data | nindent 6 }} diff --git a/helm/external-secrets/templates/audit-postgres-secrets.yaml b/helm/external-secrets/templates/audit-postgres-secrets.yaml new file mode 100644 index 00000000..34a9a1fa --- /dev/null +++ b/helm/external-secrets/templates/audit-postgres-secrets.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ .Values.postgresql.auditcreds.name }} + namespace: {{.Values.postgresql.auditcreds.namespace }} +spec: + refreshInterval: {{ .Values.postgresql.auditcreds.refreshInterval | default "2m" }} + secretStoreRef: + name: {{ .Values.postgresql.auditcreds.secretStoreRefName }} + kind: {{ .Values.postgresql.auditcreds.secretStoreRefKind }} + target: + name: {{ .Values.postgresql.auditcreds.targetName }} + data: + {{- toYaml .Values.postgresql.auditcreds.data | nindent 6 }} diff --git a/helm/external-secrets/templates/clustersecretstore.yaml b/helm/external-secrets/templates/clustersecretstore.yaml new file mode 100644 index 00000000..a0743818 --- /dev/null +++ b/helm/external-secrets/templates/clustersecretstore.yaml @@ -0,0 +1,18 @@ +# external-secrets-chart/templates/clustersecretstore.yaml +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: {{ .Values.clusterSecretStore.name }} +spec: + provider: + {{- if $.Values.global.aws.enabled }} + aws: + service: {{ .Values.clusterSecretStore.provider.aws.service | quote }} + region: {{ .Values.clusterSecretStore.provider.aws.region | quote }} + auth: + jwt: + serviceAccountRef: + name: {{ .Values.clusterSecretStore.provider.aws.auth.jwt.serviceAccountRef.name | quote }} + namespace: {{ .Values.clusterSecretStore.provider.aws.auth.jwt.serviceAccountRef.namespace | quote }} + {{- end }} + diff --git a/helm/external-secrets/templates/fence-creds.yaml b/helm/external-secrets/templates/fence-creds.yaml new file mode 100644 index 00000000..6b4cdb09 --- /dev/null +++ b/helm/external-secrets/templates/fence-creds.yaml @@ -0,0 +1,16 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ .Values.fence.fencecreds.name }} + namespace: {{.Values.fence.fencecreds.namespace }} +spec: + refreshInterval: {{ .Values.fence.fencecreds.refreshInterval | default "10m" }} + secretStoreRef: + name: {{ .Values.fence.fencecreds.secretStoreRefName }} + kind: {{ .Values.fence.fencecreds.secretStoreRefKind }} + target: + name: {{ .Values.fence.fencecreds.targetName }} + data: + {{- toYaml .Values.fence.fencecreds.data | nindent 6}} + + diff --git a/helm/external-secrets/templates/fence-postgres-secrets.yaml b/helm/external-secrets/templates/fence-postgres-secrets.yaml new file mode 100644 index 00000000..92a2f4ec --- /dev/null +++ b/helm/external-secrets/templates/fence-postgres-secrets.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ .Values.postgresql.fencecreds.name }} + namespace: {{.Values.postgresql.fencecreds.namespace }} +spec: + refreshInterval: {{ .Values.postgresql.fencecreds.refreshInterval | default "2m" }} + secretStoreRef: + name: {{ .Values.postgresql.fencecreds.secretStoreRefName }} + kind: {{ .Values.postgresql.fencecreds.secretStoreRefKind }} + target: + name: {{ .Values.postgresql.fencecreds.targetName }} + data: + {{- toYaml .Values.postgresql.fencecreds.data | nindent 6 }} diff --git a/helm/external-secrets/templates/indexd-postgres-secrets.yaml b/helm/external-secrets/templates/indexd-postgres-secrets.yaml new file mode 100644 index 00000000..c2d73d44 --- /dev/null +++ b/helm/external-secrets/templates/indexd-postgres-secrets.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ .Values.postgresql.indexdcreds.name }} + namespace: {{.Values.postgresql.indexdcreds.namespace }} +spec: + refreshInterval: {{ .Values.postgresql.indexdcreds.refreshInterval | default "2m" }} + secretStoreRef: + name: {{ .Values.postgresql.indexdcreds.secretStoreRefName }} + kind: {{ .Values.postgresql.indexdcreds.secretStoreRefKind }} + target: + name: {{ .Values.postgresql.indexdcreds.targetName }} + data: + {{- toYaml .Values.postgresql.indexdcreds.data | nindent 6 }} diff --git a/helm/external-secrets/templates/master-postgres-secrets.yaml b/helm/external-secrets/templates/master-postgres-secrets.yaml new file mode 100644 index 00000000..9e7ed189 --- /dev/null +++ b/helm/external-secrets/templates/master-postgres-secrets.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ .Values.postgresql.mastercreds.name }} + namespace: {{.Values.postgresql.mastercreds.namespace }} +spec: + refreshInterval: {{ .Values.postgresql.mastercreds.refreshInterval | default "2m" }} + secretStoreRef: + name: {{ .Values.postgresql.mastercreds.secretStoreRefName }} + kind: {{ .Values.postgresql.mastercreds.secretStoreRefKind }} + target: + name: {{ .Values.postgresql.mastercreds.targetName }} + data: + {{- toYaml .Values.postgresql.mastercreds.data | nindent 6 }} diff --git a/helm/external-secrets/templates/metadata-postgres-secrets.yaml b/helm/external-secrets/templates/metadata-postgres-secrets.yaml new file mode 100644 index 00000000..ca88ad1d --- /dev/null +++ b/helm/external-secrets/templates/metadata-postgres-secrets.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ .Values.postgresql.metadatacreds.name }} + namespace: {{.Values.postgresql.metadatacreds.namespace }} +spec: + refreshInterval: {{ .Values.postgresql.metadatacreds.refreshInterval | default "2m" }} + secretStoreRef: + name: {{ .Values.postgresql.metadatacreds.secretStoreRefName }} + kind: {{ .Values.postgresql.metadatacreds.secretStoreRefKind }} + target: + name: {{ .Values.postgresql.metadatacreds.targetName }} + data: + {{- toYaml .Values.postgresql.metadatacreds.data | nindent 6 }} diff --git a/helm/external-secrets/templates/peregrine-postgres-secrets.yaml b/helm/external-secrets/templates/peregrine-postgres-secrets.yaml new file mode 100644 index 00000000..6e881af6 --- /dev/null +++ b/helm/external-secrets/templates/peregrine-postgres-secrets.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ .Values.postgresql.peregrinecreds.name }} + namespace: {{.Values.postgresql.peregrinecreds.namespace }} +spec: + refreshInterval: {{ .Values.postgresql.peregrinecreds.refreshInterval | default "2m" }} + secretStoreRef: + name: {{ .Values.postgresql.peregrinecreds.secretStoreRefName }} + kind: {{ .Values.postgresql.peregrinecreds.secretStoreRefKind }} + target: + name: {{ .Values.postgresql.peregrinecreds.targetName }} + data: + {{- toYaml .Values.postgresql.peregrinecreds.data | nindent 6 }} diff --git a/helm/external-secrets/templates/requestor-postgres-secrets.yaml b/helm/external-secrets/templates/requestor-postgres-secrets.yaml new file mode 100644 index 00000000..746e7d62 --- /dev/null +++ b/helm/external-secrets/templates/requestor-postgres-secrets.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ .Values.postgresql.requestorcreds.name }} + namespace: {{.Values.postgresql.requestorcreds.namespace }} +spec: + refreshInterval: {{ .Values.postgresql.requestorcreds.refreshInterval | default "2m" }} + secretStoreRef: + name: {{ .Values.postgresql.requestorcreds.secretStoreRefName }} + kind: {{ .Values.postgresql.requestorcreds.secretStoreRefKind }} + target: + name: {{ .Values.postgresql.requestorcreds.targetName }} + data: + {{- toYaml .Values.postgresql.requestorcreds.data | nindent 6 }} diff --git a/helm/external-secrets/templates/sheepdog-postgres-secrets.yaml b/helm/external-secrets/templates/sheepdog-postgres-secrets.yaml new file mode 100644 index 00000000..5b5bd897 --- /dev/null +++ b/helm/external-secrets/templates/sheepdog-postgres-secrets.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ .Values.postgresql.sheepdogcreds.name }} + namespace: {{.Values.postgresql.sheepdogcreds.namespace }} +spec: + refreshInterval: {{ .Values.postgresql.sheepdogcreds.refreshInterval | default "2m" }} + secretStoreRef: + name: {{ .Values.postgresql.sheepdogcreds.secretStoreRefName }} + kind: {{ .Values.postgresql.sheepdogcreds.secretStoreRefKind }} + target: + name: {{ .Values.postgresql.sheepdogcreds.targetName }} + data: + {{- toYaml .Values.postgresql.sheepdogcreds.data | nindent 6 }} diff --git a/helm/external-secrets/templates/wts-postgres-secrets.yaml b/helm/external-secrets/templates/wts-postgres-secrets.yaml new file mode 100644 index 00000000..230f41b2 --- /dev/null +++ b/helm/external-secrets/templates/wts-postgres-secrets.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ .Values.postgresql.wtscreds.name }} + namespace: {{.Values.postgresql.wtscreds.namespace }} +spec: + refreshInterval: {{ .Values.postgresql.wtscreds.refreshInterval | default "10m" }} + secretStoreRef: + name: {{ .Values.postgresql.wtscreds.secretStoreRefName }} + kind: {{ .Values.postgresql.wtscreds.secretStoreRefKind }} + target: + name: {{ .Values.postgresql.wtscreds.targetName }} + data: + {{- toYaml .Values.postgresql.wtscreds.data | nindent 6 }} diff --git a/helm/external-secrets/values.yaml b/helm/external-secrets/values.yaml new file mode 100644 index 00000000..ce27bc88 --- /dev/null +++ b/helm/external-secrets/values.yaml @@ -0,0 +1,400 @@ +global: + aws: + enabled: true +clusterSecretStore: + name: "gen3" + provider: + aws: + service: "SecretsManager" + region: "ap-southeast-2" + auth: + jwt: + serviceAccountRef: + name: "external-secrets-sa" + namespace: "external-secrets" +fence: + fencecreds: + name: gen3-fence-creds + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: fence-creds + data: + - secretKey: creds.json + remoteRef: + key: gen3-fence-creds +postgresql: + mastercreds: + name: gen3-postgres-master + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: postgresql-secret + data: + - secretKey: postgres-username + remoteRef: + key: AuroraServerlessClustersand-CkcQYbq6Uu8P + property: username + - secretKey: postgres-password + remoteRef: + key: AuroraServerlessClustersand-CkcQYbq6Uu8P + property: password + - secretKey: postgres-port + remoteRef: + key: AuroraServerlessClustersand-CkcQYbq6Uu8P + property: port + - secretKey: postgres-host + remoteRef: + key: AuroraServerlessClustersand-CkcQYbq6Uu8P + property: host + fencecreds: + name: gen3-postgres-fence + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: fence-dbcreds + data: + - secretKey: username + remoteRef: + key: AuroraServerlessClustersand-bVcQp2QiQjf7 + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClustersand-bVcQp2QiQjf7 + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClustersand-bVcQp2QiQjf7 + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClustersand-bVcQp2QiQjf7 + property: host + - secretKey: database + remoteRef: + key: AuroraServerlessClustersand-bVcQp2QiQjf7 + property: database + - secretKey: serviceusername + remoteRef: + key: AuroraServerlessClustersand-bVcQp2QiQjf7 + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: AuroraServerlessClustersand-bVcQp2QiQjf7 + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: AuroraServerlessClustersand-bVcQp2QiQjf7 + property: dbcreated + indexdcreds: + name: gen3-postgres-indexd + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: indexd-dbcreds + data: + - secretKey: username + remoteRef: + key: AuroraServerlessClustersand-M2akH2oVAcge + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClustersand-M2akH2oVAcge + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClustersand-M2akH2oVAcge + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClustersand-M2akH2oVAcge + property: host + - secretKey: database + remoteRef: + key: AuroraServerlessClustersand-M2akH2oVAcge + property: database + - secretKey: serviceusername + remoteRef: + key: AuroraServerlessClustersand-M2akH2oVAcge + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: AuroraServerlessClustersand-M2akH2oVAcge + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: AuroraServerlessClustersand-M2akH2oVAcge + property: dbcreated + peregrinecreds: + name: gen3-postgres-peregrine + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: peregrine-dbcreds + data: + - secretKey: username + remoteRef: + key: AuroraServerlessClustersand-XHb0zhuAkyFm + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClustersand-XHb0zhuAkyFm + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClustersand-XHb0zhuAkyFm + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClustersand-XHb0zhuAkyFm + property: host + - secretKey: database + remoteRef: + key: AuroraServerlessClustersand-XHb0zhuAkyFm + property: database + - secretKey: serviceusername + remoteRef: + key: AuroraServerlessClustersand-XHb0zhuAkyFm + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: AuroraServerlessClustersand-XHb0zhuAkyFm + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: AuroraServerlessClustersand-XHb0zhuAkyFm + property: dbcreated + sheepdogcreds: + name: gen3-postgres-sheepdog + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: sheepdog-dbcreds + data: + - secretKey: username + remoteRef: + key: AuroraServerlessClustersand-EqTNMerrts4W + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClustersand-EqTNMerrts4W + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClustersand-EqTNMerrts4W + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClustersand-EqTNMerrts4W + property: host + - secretKey: database + remoteRef: + key: AuroraServerlessClustersand-EqTNMerrts4W + property: database + - secretKey: serviceusername + remoteRef: + key: AuroraServerlessClustersand-EqTNMerrts4W + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: AuroraServerlessClustersand-EqTNMerrts4W + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: AuroraServerlessClustersand-EqTNMerrts4W + property: dbcreated + wtscreds: + name: gen3-postgres-wts + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: wts-dbcreds + data: + - secretKey: username + remoteRef: + key: gen3-wts-service + property: username + - secretKey: password + remoteRef: + key: gen3-wts-service + property: password + - secretKey: port + remoteRef: + key: gen3-wts-service + property: port + - secretKey: host + remoteRef: + key: gen3-wts-service + property: host + - secretKey: database + remoteRef: + key: gen3-wts-service + property: database + - secretKey: serviceusername + remoteRef: + key: gen3-wts-service + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: gen3-wts-service + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: gen3-wts-service + property: dbcreated + arboristcreds: + name: gen3-postgres-arborist + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: arborist-dbcreds + data: + - secretKey: username + remoteRef: + key: gen3-arborist + property: username + - secretKey: password + remoteRef: + key: gen3-arborist + property: password + - secretKey: port + remoteRef: + key: gen3-arborist + property: port + - secretKey: host + remoteRef: + key: gen3-arborist + property: host + - secretKey: database + remoteRef: + key: gen3-arborist + property: database + - secretKey: serviceusername + remoteRef: + key: gen3-arborist + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: gen3-arborist + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: gen3-arborist + property: dbcreated + auditcreds: + name: gen3-postgres-audit + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: audit-dbcreds + data: + - secretKey: username + remoteRef: + key: gen3-audit + property: username + - secretKey: password + remoteRef: + key: gen3-audit + property: password + - secretKey: port + remoteRef: + key: gen3-audit + property: port + - secretKey: host + remoteRef: + key: gen3-audit + property: host + - secretKey: database + remoteRef: + key: gen3-audit + property: database + - secretKey: serviceusername + remoteRef: + key: gen3-audit + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: gen3-audit + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: gen3-audit + property: dbcreated + metadatacreds: + name: gen3-postgres-metadata + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: metadata-dbcreds + data: + - secretKey: username + remoteRef: + key: gen3-metadata + property: username + - secretKey: password + remoteRef: + key: gen3-metadata + property: password + - secretKey: port + remoteRef: + key: gen3-metadata + property: port + - secretKey: host + remoteRef: + key: gen3-metadata + property: host + - secretKey: database + remoteRef: + key: gen3-metadata + property: database + - secretKey: serviceusername + remoteRef: + key: gen3-metadata + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: gen3-metadata + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: gen3-metadata + property: dbcreated + requestorcreds: + name: gen3-postgres-requestor + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: requestor-dbcreds + data: + - secretKey: username + remoteRef: + key: gen3-requestor + property: username + - secretKey: password + remoteRef: + key: gen3-requestor + property: password + - secretKey: port + remoteRef: + key: gen3-requestor + property: port + - secretKey: host + remoteRef: + key: gen3-requestor + property: host + - secretKey: database + remoteRef: + key: gen3-requestor + property: database + - secretKey: serviceusername + remoteRef: + key: gen3-requestor + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: gen3-requestor + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: gen3-requestor + property: dbcreated \ No newline at end of file diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index a95d45b9..24d29ccc 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -27,6 +27,10 @@ dependencies: - name: common version: "0.1.7" repository: file://../common +- name: external-secrets + version: "0.1.0" + repository: file://../external-secrets + condition: external-secrets.enabled - name: fence version: "0.1.13" repository: "file://../fence" diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml index bf7635e3..9857944f 100644 --- a/helm/guppy/values.yaml +++ b/helm/guppy/values.yaml @@ -47,7 +47,7 @@ global: # -- (string) Access level for tiers. tierAccessLevel: libre # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. - tierAccessLimit: "1000" + tierAccessLimit: 1000 # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. From d6b85c073a15195112faa3cb7e7a78f2e0ba84a9 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Thu, 7 Dec 2023 22:04:22 +1100 Subject: [PATCH 079/131] update defaults --- helm/external-secrets/values.yaml | 219 +++++++++++------------------- 1 file changed, 81 insertions(+), 138 deletions(-) diff --git a/helm/external-secrets/values.yaml b/helm/external-secrets/values.yaml index ce27bc88..3965e8f2 100644 --- a/helm/external-secrets/values.yaml +++ b/helm/external-secrets/values.yaml @@ -30,22 +30,40 @@ postgresql: secretStoreRefName: gen3 secretStoreRefKind: ClusterSecretStore targetName: postgresql-secret - data: + commonClusterCreds: &commonCreds + # Credentails for service databases hosted in the same cluster + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host + data: - secretKey: postgres-username remoteRef: - key: AuroraServerlessClustersand-CkcQYbq6Uu8P + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp property: username - secretKey: postgres-password remoteRef: - key: AuroraServerlessClustersand-CkcQYbq6Uu8P + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp property: password - secretKey: postgres-port remoteRef: - key: AuroraServerlessClustersand-CkcQYbq6Uu8P + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp property: port - secretKey: postgres-host remoteRef: - key: AuroraServerlessClustersand-CkcQYbq6Uu8P + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp property: host fencecreds: name: gen3-postgres-fence @@ -56,35 +74,35 @@ postgresql: data: - secretKey: username remoteRef: - key: AuroraServerlessClustersand-bVcQp2QiQjf7 + key: AuroraServerlessClusterdevf-UlravMUjgrhO property: username - secretKey: password remoteRef: - key: AuroraServerlessClustersand-bVcQp2QiQjf7 + key: AuroraServerlessClusterdevf-UlravMUjgrhO property: password - secretKey: port remoteRef: - key: AuroraServerlessClustersand-bVcQp2QiQjf7 + key: AuroraServerlessClusterdevf-UlravMUjgrhO property: port - secretKey: host remoteRef: - key: AuroraServerlessClustersand-bVcQp2QiQjf7 + key: AuroraServerlessClusterdevf-UlravMUjgrhO property: host - secretKey: database remoteRef: - key: AuroraServerlessClustersand-bVcQp2QiQjf7 + key: dev-cad-fence property: database - secretKey: serviceusername remoteRef: - key: AuroraServerlessClustersand-bVcQp2QiQjf7 + key: dev-cad-fence property: serviceusername - secretKey: servicepassword remoteRef: - key: AuroraServerlessClustersand-bVcQp2QiQjf7 + key: dev-cad-fence property: servicepassword - secretKey: dbcreated remoteRef: - key: AuroraServerlessClustersand-bVcQp2QiQjf7 + key: dev-cad-fence property: dbcreated indexdcreds: name: gen3-postgres-indexd @@ -95,35 +113,35 @@ postgresql: data: - secretKey: username remoteRef: - key: AuroraServerlessClustersand-M2akH2oVAcge + key: AuroraServerlessClusterdevi-9OSjwLpIXcIC property: username - secretKey: password remoteRef: - key: AuroraServerlessClustersand-M2akH2oVAcge + key: AuroraServerlessClusterdevi-9OSjwLpIXcIC property: password - secretKey: port remoteRef: - key: AuroraServerlessClustersand-M2akH2oVAcge + key: AuroraServerlessClusterdevi-9OSjwLpIXcIC property: port - secretKey: host remoteRef: - key: AuroraServerlessClustersand-M2akH2oVAcge + key: AuroraServerlessClusterdevi-9OSjwLpIXcIC property: host - secretKey: database remoteRef: - key: AuroraServerlessClustersand-M2akH2oVAcge + key: dev-cad-indexd property: database - secretKey: serviceusername remoteRef: - key: AuroraServerlessClustersand-M2akH2oVAcge + key: dev-cad-indexd property: serviceusername - secretKey: servicepassword remoteRef: - key: AuroraServerlessClustersand-M2akH2oVAcge + key: dev-cad-indexd property: servicepassword - secretKey: dbcreated remoteRef: - key: AuroraServerlessClustersand-M2akH2oVAcge + key: dev-cad-indexd property: dbcreated peregrinecreds: name: gen3-postgres-peregrine @@ -134,35 +152,35 @@ postgresql: data: - secretKey: username remoteRef: - key: AuroraServerlessClustersand-XHb0zhuAkyFm + key: AuroraServerlessClusterdevp-39s4edfR4V3g property: username - secretKey: password remoteRef: - key: AuroraServerlessClustersand-XHb0zhuAkyFm + key: AuroraServerlessClusterdevp-39s4edfR4V3g property: password - secretKey: port remoteRef: - key: AuroraServerlessClustersand-XHb0zhuAkyFm + key: AuroraServerlessClusterdevp-39s4edfR4V3g property: port - secretKey: host remoteRef: - key: AuroraServerlessClustersand-XHb0zhuAkyFm + key: AuroraServerlessClusterdevp-39s4edfR4V3g property: host - secretKey: database remoteRef: - key: AuroraServerlessClustersand-XHb0zhuAkyFm + key: dev-cad-peregrine property: database - secretKey: serviceusername remoteRef: - key: AuroraServerlessClustersand-XHb0zhuAkyFm + key: dev-cad-peregrine property: serviceusername - secretKey: servicepassword remoteRef: - key: AuroraServerlessClustersand-XHb0zhuAkyFm + key: dev-cad-peregrine property: servicepassword - secretKey: dbcreated remoteRef: - key: AuroraServerlessClustersand-XHb0zhuAkyFm + key: dev-cad-peregrine property: dbcreated sheepdogcreds: name: gen3-postgres-sheepdog @@ -173,35 +191,35 @@ postgresql: data: - secretKey: username remoteRef: - key: AuroraServerlessClustersand-EqTNMerrts4W + key: AuroraServerlessClusterdevs-14IQBQ549zKC property: username - secretKey: password remoteRef: - key: AuroraServerlessClustersand-EqTNMerrts4W + key: AuroraServerlessClusterdevs-14IQBQ549zKC property: password - secretKey: port remoteRef: - key: AuroraServerlessClustersand-EqTNMerrts4W + key: AuroraServerlessClusterdevs-14IQBQ549zKC property: port - secretKey: host remoteRef: - key: AuroraServerlessClustersand-EqTNMerrts4W + key: AuroraServerlessClusterdevs-14IQBQ549zKC property: host - secretKey: database remoteRef: - key: AuroraServerlessClustersand-EqTNMerrts4W + key: dev-cad-sheepdog property: database - secretKey: serviceusername remoteRef: - key: AuroraServerlessClustersand-EqTNMerrts4W + key: dev-cad-sheepdog property: serviceusername - secretKey: servicepassword remoteRef: - key: AuroraServerlessClustersand-EqTNMerrts4W + key: dev-cad-sheepdog property: servicepassword - secretKey: dbcreated remoteRef: - key: AuroraServerlessClustersand-EqTNMerrts4W + key: dev-cad-sheepdog property: dbcreated wtscreds: name: gen3-postgres-wts @@ -209,38 +227,23 @@ postgresql: secretStoreRefName: gen3 secretStoreRefKind: ClusterSecretStore targetName: wts-dbcreds - data: - - secretKey: username - remoteRef: - key: gen3-wts-service - property: username - - secretKey: password - remoteRef: - key: gen3-wts-service - property: password - - secretKey: port - remoteRef: - key: gen3-wts-service - property: port - - secretKey: host - remoteRef: - key: gen3-wts-service - property: host + data: + - *commonCreds - secretKey: database remoteRef: - key: gen3-wts-service + key: dev-cad-wts property: database - secretKey: serviceusername remoteRef: - key: gen3-wts-service + key: dev-cad-wts property: serviceusername - secretKey: servicepassword remoteRef: - key: gen3-wts-service + key: dev-cad-wts property: servicepassword - secretKey: dbcreated remoteRef: - key: gen3-wts-service + key: dev-cad-wts property: dbcreated arboristcreds: name: gen3-postgres-arborist @@ -249,37 +252,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: arborist-dbcreds data: - - secretKey: username - remoteRef: - key: gen3-arborist - property: username - - secretKey: password - remoteRef: - key: gen3-arborist - property: password - - secretKey: port - remoteRef: - key: gen3-arborist - property: port - - secretKey: host - remoteRef: - key: gen3-arborist - property: host + - *commonCreds - secretKey: database remoteRef: - key: gen3-arborist + key: dev-cad-arborist property: database - secretKey: serviceusername remoteRef: - key: gen3-arborist + key: dev-cad-arborist property: serviceusername - secretKey: servicepassword remoteRef: - key: gen3-arborist + key: dev-cad-arborist property: servicepassword - secretKey: dbcreated remoteRef: - key: gen3-arborist + key: dev-cad-arborist property: dbcreated auditcreds: name: gen3-postgres-audit @@ -288,37 +276,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: audit-dbcreds data: - - secretKey: username - remoteRef: - key: gen3-audit - property: username - - secretKey: password - remoteRef: - key: gen3-audit - property: password - - secretKey: port - remoteRef: - key: gen3-audit - property: port - - secretKey: host - remoteRef: - key: gen3-audit - property: host + - *commonCreds - secretKey: database remoteRef: - key: gen3-audit + key: dev-cad-audit property: database - secretKey: serviceusername remoteRef: - key: gen3-audit + key: dev-cad-audit property: serviceusername - secretKey: servicepassword remoteRef: - key: gen3-audit + key: dev-cad-audit property: servicepassword - secretKey: dbcreated remoteRef: - key: gen3-audit + key: dev-cad-audit property: dbcreated metadatacreds: name: gen3-postgres-metadata @@ -327,37 +300,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: metadata-dbcreds data: - - secretKey: username - remoteRef: - key: gen3-metadata - property: username - - secretKey: password - remoteRef: - key: gen3-metadata - property: password - - secretKey: port - remoteRef: - key: gen3-metadata - property: port - - secretKey: host - remoteRef: - key: gen3-metadata - property: host + - *commonCreds - secretKey: database remoteRef: - key: gen3-metadata + key: dev-cad-metadata property: database - secretKey: serviceusername remoteRef: - key: gen3-metadata + key: dev-cad-metadata property: serviceusername - secretKey: servicepassword remoteRef: - key: gen3-metadata + key: dev-cad-metadata property: servicepassword - secretKey: dbcreated remoteRef: - key: gen3-metadata + key: dev-cad-metadata property: dbcreated requestorcreds: name: gen3-postgres-requestor @@ -366,35 +324,20 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: requestor-dbcreds data: - - secretKey: username - remoteRef: - key: gen3-requestor - property: username - - secretKey: password - remoteRef: - key: gen3-requestor - property: password - - secretKey: port - remoteRef: - key: gen3-requestor - property: port - - secretKey: host - remoteRef: - key: gen3-requestor - property: host + - *commonCreds - secretKey: database remoteRef: - key: gen3-requestor + key: dev-cad-requestor property: database - secretKey: serviceusername remoteRef: - key: gen3-requestor + key: dev-cad-requestor property: serviceusername - secretKey: servicepassword remoteRef: - key: gen3-requestor + key: dev-cad-requestor property: servicepassword - secretKey: dbcreated remoteRef: - key: gen3-requestor + key: dev-cad-requestor property: dbcreated \ No newline at end of file From 2495b64a1861f097e56b052cc6da32ebbc14cd68 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 8 Dec 2023 15:26:20 +1100 Subject: [PATCH 080/131] add env folder --- environments/dev/Chart.yaml | 4 + environments/dev/secrets-values.yaml | 340 +++++++++++++++++++++++++++ 2 files changed, 344 insertions(+) create mode 100644 environments/dev/secrets-values.yaml diff --git a/environments/dev/Chart.yaml b/environments/dev/Chart.yaml index 63644831..a6f0ed62 100644 --- a/environments/dev/Chart.yaml +++ b/environments/dev/Chart.yaml @@ -27,6 +27,10 @@ dependencies: - name: common version: "0.1.7" repository: file://../../helm/common +- name: external-secrets + version: "0.1.0" + repository: file://../external-secrets + condition: external-secrets.enabled - name: fence version: "0.1.13" repository: "file://../../helm/fence" diff --git a/environments/dev/secrets-values.yaml b/environments/dev/secrets-values.yaml new file mode 100644 index 00000000..9ad6f873 --- /dev/null +++ b/environments/dev/secrets-values.yaml @@ -0,0 +1,340 @@ +clusterSecretStore: + name: "gen3" + provider: + aws: + service: "SecretsManager" + region: "ap-southeast-2" + auth: + jwt: + serviceAccountRef: + name: "external-secrets-sa" + namespace: "external-secrets" +fence: + fencecreds: + name: gen3-fence-creds + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: fence-creds + data: + - secretKey: creds.json + remoteRef: + key: gen3-fence-creds +postgresql: + mastercreds: + name: gen3-postgres-master + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: postgresql-secret + commonClusterCreds: &commonCreds + # Credentails for service databases hosted in the same cluster + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host + data: + - secretKey: postgres-username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: postgres-password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: postgres-port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: postgres-host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host + fencecreds: + name: gen3-postgres-fence + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: fence-dbcreds + data: + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevf-UlravMUjgrhO + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevf-UlravMUjgrhO + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevf-UlravMUjgrhO + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevf-UlravMUjgrhO + property: host + - secretKey: database + remoteRef: + key: dev-cad-fence + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-fence + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-fence + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-fence + property: dbcreated + indexdcreds: + name: gen3-postgres-indexd + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: indexd-dbcreds + data: + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevi-9OSjwLpIXcIC + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevi-9OSjwLpIXcIC + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevi-9OSjwLpIXcIC + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevi-9OSjwLpIXcIC + property: host + - secretKey: database + remoteRef: + key: dev-cad-indexd + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-indexd + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-indexd + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-indexd + property: dbcreated + peregrinecreds: + name: gen3-postgres-peregrine + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: peregrine-dbcreds + data: + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevp-39s4edfR4V3g + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevp-39s4edfR4V3g + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevp-39s4edfR4V3g + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevp-39s4edfR4V3g + property: host + - secretKey: database + remoteRef: + key: dev-cad-peregrine + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-peregrine + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-peregrine + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-peregrine + property: dbcreated + sheepdogcreds: + name: gen3-postgres-sheepdog + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: sheepdog-dbcreds + data: + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevs-14IQBQ549zKC + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevs-14IQBQ549zKC + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevs-14IQBQ549zKC + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevs-14IQBQ549zKC + property: host + - secretKey: database + remoteRef: + key: dev-cad-sheepdog + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-sheepdog + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-sheepdog + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-sheepdog + property: dbcreated + wtscreds: + name: gen3-postgres-wts + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: wts-dbcreds + data: + - *commonCreds + - secretKey: database + remoteRef: + key: dev-cad-wts + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-wts + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-wts + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-wts + property: dbcreated + arboristcreds: + name: gen3-postgres-arborist + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: arborist-dbcreds + data: + - *commonCreds + - secretKey: database + remoteRef: + key: dev-cad-arborist + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-arborist + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-arborist + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-arborist + property: dbcreated + auditcreds: + name: gen3-postgres-audit + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: audit-dbcreds + data: + - *commonCreds + - secretKey: database + remoteRef: + key: dev-cad-audit + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-audit + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-audit + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-audit + property: dbcreated + metadatacreds: + name: gen3-postgres-metadata + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: metadata-dbcreds + data: + - *commonCreds + - secretKey: database + remoteRef: + key: dev-cad-metadata + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-metadata + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-metadata + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-metadata + property: dbcreated + requestorcreds: + name: gen3-postgres-requestor + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: requestor-dbcreds + data: + - *commonCreds + - secretKey: database + remoteRef: + key: dev-cad-requestor + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-requestor + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-requestor + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-requestor + property: dbcreated \ No newline at end of file From 08375d2123e6f7bb4dcf17f41ef344e4eedf727a Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 8 Dec 2023 16:03:56 +1100 Subject: [PATCH 081/131] add env folder --- environments/dev/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environments/dev/Chart.yaml b/environments/dev/Chart.yaml index a6f0ed62..6f89b545 100644 --- a/environments/dev/Chart.yaml +++ b/environments/dev/Chart.yaml @@ -29,7 +29,7 @@ dependencies: repository: file://../../helm/common - name: external-secrets version: "0.1.0" - repository: file://../external-secrets + repository: file://../../helm/external-secrets condition: external-secrets.enabled - name: fence version: "0.1.13" From 517452040e8252e9b80db5b33c332c3011d19081 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 8 Dec 2023 16:13:37 +1100 Subject: [PATCH 082/131] add env folder --- environments/dev/Chart.yaml | 2 +- helm/{external-secrets => gen3-external-secrets}/.helmignore | 0 helm/{external-secrets => gen3-external-secrets}/Chart.yaml | 0 .../templates/arborist-postgres-secrets.yaml | 0 .../templates/audit-postgres-secrets.yaml | 0 .../templates/clustersecretstore.yaml | 0 .../templates/fence-creds.yaml | 0 .../templates/fence-postgres-secrets.yaml | 0 .../templates/indexd-postgres-secrets.yaml | 0 .../templates/master-postgres-secrets.yaml | 0 .../templates/metadata-postgres-secrets.yaml | 0 .../templates/peregrine-postgres-secrets.yaml | 0 .../templates/requestor-postgres-secrets.yaml | 0 .../templates/sheepdog-postgres-secrets.yaml | 0 .../templates/wts-postgres-secrets.yaml | 0 helm/{external-secrets => gen3-external-secrets}/values.yaml | 0 helm/gen3/Chart.yaml | 4 ++-- 17 files changed, 3 insertions(+), 3 deletions(-) rename helm/{external-secrets => gen3-external-secrets}/.helmignore (100%) rename helm/{external-secrets => gen3-external-secrets}/Chart.yaml (100%) rename helm/{external-secrets => gen3-external-secrets}/templates/arborist-postgres-secrets.yaml (100%) rename helm/{external-secrets => gen3-external-secrets}/templates/audit-postgres-secrets.yaml (100%) rename helm/{external-secrets => gen3-external-secrets}/templates/clustersecretstore.yaml (100%) rename helm/{external-secrets => gen3-external-secrets}/templates/fence-creds.yaml (100%) rename helm/{external-secrets => gen3-external-secrets}/templates/fence-postgres-secrets.yaml (100%) rename helm/{external-secrets => gen3-external-secrets}/templates/indexd-postgres-secrets.yaml (100%) rename helm/{external-secrets => gen3-external-secrets}/templates/master-postgres-secrets.yaml (100%) rename helm/{external-secrets => gen3-external-secrets}/templates/metadata-postgres-secrets.yaml (100%) rename helm/{external-secrets => gen3-external-secrets}/templates/peregrine-postgres-secrets.yaml (100%) rename helm/{external-secrets => gen3-external-secrets}/templates/requestor-postgres-secrets.yaml (100%) rename helm/{external-secrets => gen3-external-secrets}/templates/sheepdog-postgres-secrets.yaml (100%) rename helm/{external-secrets => gen3-external-secrets}/templates/wts-postgres-secrets.yaml (100%) rename helm/{external-secrets => gen3-external-secrets}/values.yaml (100%) diff --git a/environments/dev/Chart.yaml b/environments/dev/Chart.yaml index 6f89b545..3267cb8c 100644 --- a/environments/dev/Chart.yaml +++ b/environments/dev/Chart.yaml @@ -29,7 +29,7 @@ dependencies: repository: file://../../helm/common - name: external-secrets version: "0.1.0" - repository: file://../../helm/external-secrets + repository: file://../../helm/gen3-external-secrets condition: external-secrets.enabled - name: fence version: "0.1.13" diff --git a/helm/external-secrets/.helmignore b/helm/gen3-external-secrets/.helmignore similarity index 100% rename from helm/external-secrets/.helmignore rename to helm/gen3-external-secrets/.helmignore diff --git a/helm/external-secrets/Chart.yaml b/helm/gen3-external-secrets/Chart.yaml similarity index 100% rename from helm/external-secrets/Chart.yaml rename to helm/gen3-external-secrets/Chart.yaml diff --git a/helm/external-secrets/templates/arborist-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/arborist-postgres-secrets.yaml similarity index 100% rename from helm/external-secrets/templates/arborist-postgres-secrets.yaml rename to helm/gen3-external-secrets/templates/arborist-postgres-secrets.yaml diff --git a/helm/external-secrets/templates/audit-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/audit-postgres-secrets.yaml similarity index 100% rename from helm/external-secrets/templates/audit-postgres-secrets.yaml rename to helm/gen3-external-secrets/templates/audit-postgres-secrets.yaml diff --git a/helm/external-secrets/templates/clustersecretstore.yaml b/helm/gen3-external-secrets/templates/clustersecretstore.yaml similarity index 100% rename from helm/external-secrets/templates/clustersecretstore.yaml rename to helm/gen3-external-secrets/templates/clustersecretstore.yaml diff --git a/helm/external-secrets/templates/fence-creds.yaml b/helm/gen3-external-secrets/templates/fence-creds.yaml similarity index 100% rename from helm/external-secrets/templates/fence-creds.yaml rename to helm/gen3-external-secrets/templates/fence-creds.yaml diff --git a/helm/external-secrets/templates/fence-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/fence-postgres-secrets.yaml similarity index 100% rename from helm/external-secrets/templates/fence-postgres-secrets.yaml rename to helm/gen3-external-secrets/templates/fence-postgres-secrets.yaml diff --git a/helm/external-secrets/templates/indexd-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/indexd-postgres-secrets.yaml similarity index 100% rename from helm/external-secrets/templates/indexd-postgres-secrets.yaml rename to helm/gen3-external-secrets/templates/indexd-postgres-secrets.yaml diff --git a/helm/external-secrets/templates/master-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/master-postgres-secrets.yaml similarity index 100% rename from helm/external-secrets/templates/master-postgres-secrets.yaml rename to helm/gen3-external-secrets/templates/master-postgres-secrets.yaml diff --git a/helm/external-secrets/templates/metadata-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/metadata-postgres-secrets.yaml similarity index 100% rename from helm/external-secrets/templates/metadata-postgres-secrets.yaml rename to helm/gen3-external-secrets/templates/metadata-postgres-secrets.yaml diff --git a/helm/external-secrets/templates/peregrine-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/peregrine-postgres-secrets.yaml similarity index 100% rename from helm/external-secrets/templates/peregrine-postgres-secrets.yaml rename to helm/gen3-external-secrets/templates/peregrine-postgres-secrets.yaml diff --git a/helm/external-secrets/templates/requestor-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/requestor-postgres-secrets.yaml similarity index 100% rename from helm/external-secrets/templates/requestor-postgres-secrets.yaml rename to helm/gen3-external-secrets/templates/requestor-postgres-secrets.yaml diff --git a/helm/external-secrets/templates/sheepdog-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/sheepdog-postgres-secrets.yaml similarity index 100% rename from helm/external-secrets/templates/sheepdog-postgres-secrets.yaml rename to helm/gen3-external-secrets/templates/sheepdog-postgres-secrets.yaml diff --git a/helm/external-secrets/templates/wts-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/wts-postgres-secrets.yaml similarity index 100% rename from helm/external-secrets/templates/wts-postgres-secrets.yaml rename to helm/gen3-external-secrets/templates/wts-postgres-secrets.yaml diff --git a/helm/external-secrets/values.yaml b/helm/gen3-external-secrets/values.yaml similarity index 100% rename from helm/external-secrets/values.yaml rename to helm/gen3-external-secrets/values.yaml diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 24d29ccc..d2c433ff 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -29,8 +29,8 @@ dependencies: repository: file://../common - name: external-secrets version: "0.1.0" - repository: file://../external-secrets - condition: external-secrets.enabled + repository: file://../gen3-external-secrets + condition: gen3-external-secrets.enabled - name: fence version: "0.1.13" repository: "file://../fence" From cbb54ef66ba66e89bc7074be385793b1c742da10 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 8 Dec 2023 16:20:16 +1100 Subject: [PATCH 083/131] add env folder --- environments/dev/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environments/dev/Chart.yaml b/environments/dev/Chart.yaml index 3267cb8c..a94bad58 100644 --- a/environments/dev/Chart.yaml +++ b/environments/dev/Chart.yaml @@ -27,7 +27,7 @@ dependencies: - name: common version: "0.1.7" repository: file://../../helm/common -- name: external-secrets +- name: gen3-external-secrets version: "0.1.0" repository: file://../../helm/gen3-external-secrets condition: external-secrets.enabled From 3c4e30e552a23a32dd3fc4cac9c9e86b44a4a721 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 8 Dec 2023 17:41:20 +1100 Subject: [PATCH 084/131] values updates --- environments/dev/secrets-values.yaml | 61 ++++++++++++++++++---------- 1 file changed, 40 insertions(+), 21 deletions(-) diff --git a/environments/dev/secrets-values.yaml b/environments/dev/secrets-values.yaml index 9ad6f873..f1871143 100644 --- a/environments/dev/secrets-values.yaml +++ b/environments/dev/secrets-values.yaml @@ -29,22 +29,26 @@ postgresql: targetName: postgresql-secret commonClusterCreds: &commonCreds # Credentails for service databases hosted in the same cluster - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: host + postgresuser: &postgresuser + - secretKey: + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + postrespassword: &postgrespassword + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + postgresport: &postgresport + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + postgreshost: &postgreshost + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host data: - secretKey: postgres-username remoteRef: @@ -225,7 +229,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: wts-dbcreds data: - - *commonCreds + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-wts @@ -249,7 +256,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: arborist-dbcreds data: - - *commonCreds + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-arborist @@ -273,7 +283,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: audit-dbcreds data: - - *commonCreds + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-audit @@ -297,7 +310,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: metadata-dbcreds data: - - *commonCreds + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-metadata @@ -321,7 +337,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: requestor-dbcreds data: - - *commonCreds + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-requestor From 94b8c01ececcffc1fe075eb0bc970b16dbfc8813 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 8 Dec 2023 17:54:33 +1100 Subject: [PATCH 085/131] values updates --- helm/gen3-external-secrets/values.yaml | 64 ++++++++++++++++---------- 1 file changed, 40 insertions(+), 24 deletions(-) diff --git a/helm/gen3-external-secrets/values.yaml b/helm/gen3-external-secrets/values.yaml index 3965e8f2..f1871143 100644 --- a/helm/gen3-external-secrets/values.yaml +++ b/helm/gen3-external-secrets/values.yaml @@ -1,6 +1,3 @@ -global: - aws: - enabled: true clusterSecretStore: name: "gen3" provider: @@ -32,22 +29,26 @@ postgresql: targetName: postgresql-secret commonClusterCreds: &commonCreds # Credentails for service databases hosted in the same cluster - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: host + postgresuser: &postgresuser + - secretKey: + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + postrespassword: &postgrespassword + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + postgresport: &postgresport + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + postgreshost: &postgreshost + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host data: - secretKey: postgres-username remoteRef: @@ -228,7 +229,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: wts-dbcreds data: - - *commonCreds + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-wts @@ -252,7 +256,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: arborist-dbcreds data: - - *commonCreds + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-arborist @@ -276,7 +283,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: audit-dbcreds data: - - *commonCreds + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-audit @@ -300,7 +310,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: metadata-dbcreds data: - - *commonCreds + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-metadata @@ -324,7 +337,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: requestor-dbcreds data: - - *commonCreds + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-requestor From deb9db75b95c9f13a7231b196a1c48aa23b61ed6 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 8 Dec 2023 18:12:29 +1100 Subject: [PATCH 086/131] values updates --- environments/dev/secrets-values.yaml | 83 ++++++++++++++++++++------ helm/gen3-external-secrets/values.yaml | 2 +- 2 files changed, 67 insertions(+), 18 deletions(-) diff --git a/environments/dev/secrets-values.yaml b/environments/dev/secrets-values.yaml index f1871143..c5a2fe89 100644 --- a/environments/dev/secrets-values.yaml +++ b/environments/dev/secrets-values.yaml @@ -27,7 +27,8 @@ postgresql: secretStoreRefName: gen3 secretStoreRefKind: ClusterSecretStore targetName: postgresql-secret - commonClusterCreds: &commonCreds + commonPostgressCreds: AuroraServerlessClusterdevm-eAb5qgt3cDXp + commonClusterCreds: # Credentails for service databases hosted in the same cluster postgresuser: &postgresuser - secretKey: @@ -256,10 +257,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: arborist-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: username + - secretKey: password + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: password + - secretKey: port + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: port + - secretKey: host + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: host - secretKey: database remoteRef: key: dev-cad-arborist @@ -283,10 +296,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: audit-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: username + - secretKey: password + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: password + - secretKey: port + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: port + - secretKey: host + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: host - secretKey: database remoteRef: key: dev-cad-audit @@ -310,10 +335,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: metadata-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: username + - secretKey: password + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: password + - secretKey: port + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: port + - secretKey: host + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: host - secretKey: database remoteRef: key: dev-cad-metadata @@ -337,10 +374,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: requestor-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: username + - secretKey: password + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: password + - secretKey: port + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: port + - secretKey: host + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: host - secretKey: database remoteRef: key: dev-cad-requestor diff --git a/helm/gen3-external-secrets/values.yaml b/helm/gen3-external-secrets/values.yaml index f1871143..f05cd1c2 100644 --- a/helm/gen3-external-secrets/values.yaml +++ b/helm/gen3-external-secrets/values.yaml @@ -27,7 +27,7 @@ postgresql: secretStoreRefName: gen3 secretStoreRefKind: ClusterSecretStore targetName: postgresql-secret - commonClusterCreds: &commonCreds + commonClusterCreds: # Credentails for service databases hosted in the same cluster postgresuser: &postgresuser - secretKey: From c56660c81002bf727e59b5dbdc7e4dfb957bdb19 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 8 Dec 2023 18:14:09 +1100 Subject: [PATCH 087/131] values updates --- helm/gen3-external-secrets/values.yaml | 81 +++++++++++++++++++++----- 1 file changed, 65 insertions(+), 16 deletions(-) diff --git a/helm/gen3-external-secrets/values.yaml b/helm/gen3-external-secrets/values.yaml index f05cd1c2..c5a2fe89 100644 --- a/helm/gen3-external-secrets/values.yaml +++ b/helm/gen3-external-secrets/values.yaml @@ -27,6 +27,7 @@ postgresql: secretStoreRefName: gen3 secretStoreRefKind: ClusterSecretStore targetName: postgresql-secret + commonPostgressCreds: AuroraServerlessClusterdevm-eAb5qgt3cDXp commonClusterCreds: # Credentails for service databases hosted in the same cluster postgresuser: &postgresuser @@ -256,10 +257,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: arborist-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: username + - secretKey: password + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: password + - secretKey: port + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: port + - secretKey: host + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: host - secretKey: database remoteRef: key: dev-cad-arborist @@ -283,10 +296,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: audit-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: username + - secretKey: password + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: password + - secretKey: port + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: port + - secretKey: host + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: host - secretKey: database remoteRef: key: dev-cad-audit @@ -310,10 +335,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: metadata-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: username + - secretKey: password + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: password + - secretKey: port + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: port + - secretKey: host + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: host - secretKey: database remoteRef: key: dev-cad-metadata @@ -337,10 +374,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: requestor-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: username + - secretKey: password + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: password + - secretKey: port + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: port + - secretKey: host + remoteRef: + key: {{ tpl .Values.postgresql.commonPostgressCreds }} + property: host - secretKey: database remoteRef: key: dev-cad-requestor From 16bd4067031b0f39c400b2923bdf33ffcaafadc7 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 8 Dec 2023 18:20:34 +1100 Subject: [PATCH 088/131] values updates --- environments/dev/secrets-values.yaml | 51 +++++++++++++++++----------- 1 file changed, 31 insertions(+), 20 deletions(-) diff --git a/environments/dev/secrets-values.yaml b/environments/dev/secrets-values.yaml index c5a2fe89..e6008350 100644 --- a/environments/dev/secrets-values.yaml +++ b/environments/dev/secrets-values.yaml @@ -230,10 +230,21 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: wts-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" + property: username + - secretKey: password + remoteRef: + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" + property: password + - secretKey: port + remoteRef: + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" + property: port + - secretKey: host + remoteRef: + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - secretKey: database remoteRef: key: dev-cad-wts @@ -259,19 +270,19 @@ postgresql: data: - secretKey: username remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" property: username - secretKey: password remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" property: password - secretKey: port remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" property: port - secretKey: host remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" property: host - secretKey: database remoteRef: @@ -298,19 +309,19 @@ postgresql: data: - secretKey: username remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" property: username - secretKey: password remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" property: password - secretKey: port remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" property: port - secretKey: host remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" property: host - secretKey: database remoteRef: @@ -337,19 +348,19 @@ postgresql: data: - secretKey: username remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" property: username - secretKey: password remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" property: password - secretKey: port remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" property: port - secretKey: host remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" property: host - secretKey: database remoteRef: @@ -376,19 +387,19 @@ postgresql: data: - secretKey: username remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" property: username - secretKey: password remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" property: password - secretKey: port remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" property: port - secretKey: host remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} + key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" property: host - secretKey: database remoteRef: From ab49d25814c2f98c05d95b68667bcf3f3afa7a00 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 8 Dec 2023 19:28:20 +1100 Subject: [PATCH 089/131] values updates --- environments/dev/secrets-values.yaml | 99 ++++++-------------------- helm/gen3-external-secrets/values.yaml | 80 +++++---------------- 2 files changed, 36 insertions(+), 143 deletions(-) diff --git a/environments/dev/secrets-values.yaml b/environments/dev/secrets-values.yaml index e6008350..d62c295c 100644 --- a/environments/dev/secrets-values.yaml +++ b/environments/dev/secrets-values.yaml @@ -230,21 +230,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: wts-dbcreds data: - - secretKey: username - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: username - - secretKey: password - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: password - - secretKey: port - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: port - - secretKey: host - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-wts @@ -268,22 +257,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: arborist-dbcreds data: - - secretKey: username - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: username - - secretKey: password - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: password - - secretKey: port - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: port - - secretKey: host - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: host + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-arborist @@ -307,22 +284,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: audit-dbcreds data: - - secretKey: username - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: username - - secretKey: password - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: password - - secretKey: port - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: port - - secretKey: host - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: host + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-audit @@ -346,22 +311,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: metadata-dbcreds data: - - secretKey: username - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: username - - secretKey: password - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: password - - secretKey: port - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: port - - secretKey: host - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: host + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-metadata @@ -385,22 +338,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: requestor-dbcreds data: - - secretKey: username - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: username - - secretKey: password - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: password - - secretKey: port - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: port - - secretKey: host - remoteRef: - key: "{{ tpl ( .Values.postgresql.commonPostgressCreds | toYaml ) }}" - property: host + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-requestor diff --git a/helm/gen3-external-secrets/values.yaml b/helm/gen3-external-secrets/values.yaml index c5a2fe89..d62c295c 100644 --- a/helm/gen3-external-secrets/values.yaml +++ b/helm/gen3-external-secrets/values.yaml @@ -257,22 +257,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: arborist-dbcreds data: - - secretKey: username - remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} - property: username - - secretKey: password - remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} - property: password - - secretKey: port - remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} - property: port - - secretKey: host - remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} - property: host + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-arborist @@ -296,22 +284,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: audit-dbcreds data: - - secretKey: username - remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} - property: username - - secretKey: password - remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} - property: password - - secretKey: port - remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} - property: port - - secretKey: host - remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} - property: host + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-audit @@ -335,22 +311,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: metadata-dbcreds data: - - secretKey: username - remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} - property: username - - secretKey: password - remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} - property: password - - secretKey: port - remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} - property: port - - secretKey: host - remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} - property: host + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-metadata @@ -374,22 +338,10 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: requestor-dbcreds data: - - secretKey: username - remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} - property: username - - secretKey: password - remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} - property: password - - secretKey: port - remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} - property: port - - secretKey: host - remoteRef: - key: {{ tpl .Values.postgresql.commonPostgressCreds }} - property: host + - << : *postgresuser + - << : *postgrespassword + - << : *postgresport + - << : *postgreshost - secretKey: database remoteRef: key: dev-cad-requestor From 0bcd5ec1a44c0f4b3b7b4ff02c39d3fe8bb9298d Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 8 Dec 2023 19:42:08 +1100 Subject: [PATCH 090/131] env secrets values --- environments/dev/secrets-values.yaml | 121 ++++++++++++++++++--------- 1 file changed, 80 insertions(+), 41 deletions(-) diff --git a/environments/dev/secrets-values.yaml b/environments/dev/secrets-values.yaml index d62c295c..f5c07719 100644 --- a/environments/dev/secrets-values.yaml +++ b/environments/dev/secrets-values.yaml @@ -29,27 +29,6 @@ postgresql: targetName: postgresql-secret commonPostgressCreds: AuroraServerlessClusterdevm-eAb5qgt3cDXp commonClusterCreds: - # Credentails for service databases hosted in the same cluster - postgresuser: &postgresuser - - secretKey: - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: username - postrespassword: &postgrespassword - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: password - postgresport: &postgresport - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: port - postgreshost: &postgreshost - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: host data: - secretKey: postgres-username remoteRef: @@ -230,10 +209,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: wts-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host - secretKey: database remoteRef: key: dev-cad-wts @@ -257,10 +248,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: arborist-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host - secretKey: database remoteRef: key: dev-cad-arborist @@ -284,10 +287,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: audit-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host - secretKey: database remoteRef: key: dev-cad-audit @@ -311,10 +326,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: metadata-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host - secretKey: database remoteRef: key: dev-cad-metadata @@ -338,10 +365,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: requestor-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host - secretKey: database remoteRef: key: dev-cad-requestor From b97b3057928eb15ab5d64901ea3484516bd7c204 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 8 Dec 2023 19:51:15 +1100 Subject: [PATCH 091/131] env secrets values --- environments/dev/values.yaml | 429 ++++++++++++++++++++++++++++++++--- 1 file changed, 400 insertions(+), 29 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 3f5d891b..33394238 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -9,46 +9,417 @@ global: enabled: true postgres: dbCreate: true - # master: - # username: postgres - # password: testingConfiguration! - # port: "5432" -# fence: - # postgres: - # username: fence - # password: testingConfiguration! - # port: "5432" - -# peregrine: - # postgres: - # username: peregrine - # password: testingConfiguration! - # port: "5432" - image: - repository: quay.io/cdis/peregrine - tag: 2023.01 +peregrine: dictionaryUrl: https://biocommons-gen3-schema.s3.ap-southeast-2.amazonaws.com/cad/dev/cad.json -# sheepdog: - # postgres: - # username: sheepdog - # password: testingConfiguration! - # port: "5432" - - gen3: enabled: false pelican: bucket: sandbox-s3-buckets-pelicancredss3bucketsandboxs3bu-veftfoxeyecg - +clusterSecretStore: + name: "gen3" + provider: + aws: + service: "SecretsManager" + region: "ap-southeast-2" + auth: + jwt: + serviceAccountRef: + name: "external-secrets-sa" + namespace: "external-secrets" +fence: + fencecreds: + name: gen3-fence-creds + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: fence-creds + data: + - secretKey: creds.json + remoteRef: + key: gen3-fence-creds +postgresql: + mastercreds: + name: gen3-postgres-master + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: postgresql-secret + commonPostgressCreds: AuroraServerlessClusterdevm-eAb5qgt3cDXp + commonClusterCreds: + data: + - secretKey: postgres-username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: postgres-password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: postgres-port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: postgres-host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host + fencecreds: + name: gen3-postgres-fence + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: fence-dbcreds + data: + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevf-UlravMUjgrhO + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevf-UlravMUjgrhO + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevf-UlravMUjgrhO + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevf-UlravMUjgrhO + property: host + - secretKey: database + remoteRef: + key: dev-cad-fence + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-fence + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-fence + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-fence + property: dbcreated + indexdcreds: + name: gen3-postgres-indexd + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: indexd-dbcreds + data: + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevi-9OSjwLpIXcIC + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevi-9OSjwLpIXcIC + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevi-9OSjwLpIXcIC + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevi-9OSjwLpIXcIC + property: host + - secretKey: database + remoteRef: + key: dev-cad-indexd + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-indexd + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-indexd + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-indexd + property: dbcreated + peregrinecreds: + name: gen3-postgres-peregrine + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: peregrine-dbcreds + data: + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevp-39s4edfR4V3g + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevp-39s4edfR4V3g + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevp-39s4edfR4V3g + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevp-39s4edfR4V3g + property: host + - secretKey: database + remoteRef: + key: dev-cad-peregrine + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-peregrine + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-peregrine + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-peregrine + property: dbcreated + sheepdogcreds: + name: gen3-postgres-sheepdog + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: sheepdog-dbcreds + data: + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevs-14IQBQ549zKC + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevs-14IQBQ549zKC + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevs-14IQBQ549zKC + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevs-14IQBQ549zKC + property: host + - secretKey: database + remoteRef: + key: dev-cad-sheepdog + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-sheepdog + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-sheepdog + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-sheepdog + property: dbcreated + wtscreds: + name: gen3-postgres-wts + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: wts-dbcreds + data: + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host + - secretKey: database + remoteRef: + key: dev-cad-wts + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-wts + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-wts + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-wts + property: dbcreated + arboristcreds: + name: gen3-postgres-arborist + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: arborist-dbcreds + data: + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host + - secretKey: database + remoteRef: + key: dev-cad-arborist + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-arborist + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-arborist + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-arborist + property: dbcreated + auditcreds: + name: gen3-postgres-audit + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: audit-dbcreds + data: + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host + - secretKey: database + remoteRef: + key: dev-cad-audit + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-audit + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-audit + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-audit + property: dbcreated + metadatacreds: + name: gen3-postgres-metadata + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: metadata-dbcreds + data: + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host + - secretKey: database + remoteRef: + key: dev-cad-metadata + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-metadata + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-metadata + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-metadata + property: dbcreated + requestorcreds: + name: gen3-postgres-requestor + namespace: argocd + secretStoreRefName: gen3 + secretStoreRefKind: ClusterSecretStore + targetName: requestor-dbcreds + data: + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host + - secretKey: database + remoteRef: + key: dev-cad-requestor + property: database + - secretKey: serviceusername + remoteRef: + key: dev-cad-requestor + property: serviceusername + - secretKey: servicepassword + remoteRef: + key: dev-cad-requestor + property: servicepassword + - secretKey: dbcreated + remoteRef: + key: dev-cad-requestor + property: dbcreated portal: enabled: true - # image: - # repository: 690491147947.dkr.ecr.ap-southeast-2.amazonaws.com/gen3/portal - # tag: latest resources: requests: cpu: 0.2 From 2be45ab4dbe3231c658616dafe38031dbe12fb71 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 8 Dec 2023 19:54:32 +1100 Subject: [PATCH 092/131] env secrets values --- helm/gen3-external-secrets/values.yaml | 121 ++++++++++++++++--------- 1 file changed, 80 insertions(+), 41 deletions(-) diff --git a/helm/gen3-external-secrets/values.yaml b/helm/gen3-external-secrets/values.yaml index d62c295c..f5c07719 100644 --- a/helm/gen3-external-secrets/values.yaml +++ b/helm/gen3-external-secrets/values.yaml @@ -29,27 +29,6 @@ postgresql: targetName: postgresql-secret commonPostgressCreds: AuroraServerlessClusterdevm-eAb5qgt3cDXp commonClusterCreds: - # Credentails for service databases hosted in the same cluster - postgresuser: &postgresuser - - secretKey: - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: username - postrespassword: &postgrespassword - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: password - postgresport: &postgresport - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: port - postgreshost: &postgreshost - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: host data: - secretKey: postgres-username remoteRef: @@ -230,10 +209,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: wts-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host - secretKey: database remoteRef: key: dev-cad-wts @@ -257,10 +248,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: arborist-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host - secretKey: database remoteRef: key: dev-cad-arborist @@ -284,10 +287,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: audit-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host - secretKey: database remoteRef: key: dev-cad-audit @@ -311,10 +326,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: metadata-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host - secretKey: database remoteRef: key: dev-cad-metadata @@ -338,10 +365,22 @@ postgresql: secretStoreRefKind: ClusterSecretStore targetName: requestor-dbcreds data: - - << : *postgresuser - - << : *postgrespassword - - << : *postgresport - - << : *postgreshost + - secretKey: username + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: username + - secretKey: password + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: password + - secretKey: port + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: port + - secretKey: host + remoteRef: + key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + property: host - secretKey: database remoteRef: key: dev-cad-requestor From 6265a08d5e51f175ede319c1b7e4302a21f30f92 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 8 Dec 2023 20:21:57 +1100 Subject: [PATCH 093/131] env secrets values --- environments/dev/values.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index 33394238..af746cd4 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -16,6 +16,11 @@ peregrine: gen3: enabled: false +requestor: + enabled: false + +audit: + enabled: false pelican: bucket: sandbox-s3-buckets-pelicancredss3bucketsandboxs3bu-veftfoxeyecg From fcb098cd855bbb31e8ca636c99fd3ceca51270c4 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 8 Dec 2023 20:23:31 +1100 Subject: [PATCH 094/131] enable services --- environments/dev/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml index af746cd4..233df516 100644 --- a/environments/dev/values.yaml +++ b/environments/dev/values.yaml @@ -16,11 +16,11 @@ peregrine: gen3: enabled: false -requestor: - enabled: false +# requestor: +# enabled: false -audit: - enabled: false +# audit: +# enabled: false pelican: bucket: sandbox-s3-buckets-pelicancredss3bucketsandboxs3bu-veftfoxeyecg From 9991fdcc314bb4dae63a645e1229a040bbfacffe Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sun, 10 Dec 2023 14:05:23 +1100 Subject: [PATCH 095/131] fix chart.yaml --- helm/gen3/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index d2c433ff..283f2374 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -27,7 +27,7 @@ dependencies: - name: common version: "0.1.7" repository: file://../common -- name: external-secrets +- name: gen3-external-secrets version: "0.1.0" repository: file://../gen3-external-secrets condition: gen3-external-secrets.enabled From 8d7ce885ca31f820bcb829c9e5e3e375f1381fe5 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 22 Dec 2023 15:16:15 +1100 Subject: [PATCH 096/131] fence volumes --- helm/gen3-external-secrets/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/gen3-external-secrets/Chart.yaml b/helm/gen3-external-secrets/Chart.yaml index c89d8882..59340f6d 100644 --- a/helm/gen3-external-secrets/Chart.yaml +++ b/helm/gen3-external-secrets/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: gen3-external-secrets -description: A Helm chart for installing ClusterSecretStore +description: A Helm chart for installing ClusterSecretStore and external secrets # A chart can be either an 'application' or a 'library' chart. # From d632cb6f71c1e6c85ce9d9b91c4bfd0c194651f7 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 22 Dec 2023 15:30:12 +1100 Subject: [PATCH 097/131] fence volumes --- helm/fence/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index f0352346..f8281c23 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -308,8 +308,8 @@ volumes: secret: secretName: "fence-creds" - name: config-helper - configMap: - name: config-helper + secret: + secretName: fence-secret optional: true - name: logo-volume configMap: @@ -338,8 +338,8 @@ volumes: volumeMounts: - name: "old-config-volume" readOnly: true - mountPath: "/var/www/fence/local_settings.py" - subPath: local_settings.py + mountPath: "/var/www/fence/fence_settings.py" + subPath: fence_settings.py - name: "json-secret-volume" readOnly: true mountPath: "/var/www/fence/fence_credentials.json" From 5c114911d2fb986d540639ca13495a7e2dd89a2c Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 22 Dec 2023 15:57:03 +1100 Subject: [PATCH 098/131] fence volumes --- helm/fence/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index f8281c23..6b5c3177 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -361,7 +361,7 @@ volumeMounts: mountPath: "/fence/fence/static/privacy_policy.md" subPath: "privacy_policy.md" - name: "config-volume" - readOnly: true + readOnly: false mountPath: "/var/www/fence/fence-config.yaml" subPath: fence-config.yaml - name: "yaml-merge" From 16a3a7a193379ad7c669350d7785f4b1bb80c84e Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 22 Dec 2023 16:14:45 +1100 Subject: [PATCH 099/131] fence volumes --- helm/fence/templates/fence-deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index 2fe2c6ec..d2650f38 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -63,6 +63,7 @@ spec: - | echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml + python /var/www/fence/config_helper.py -c /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then openssl rsa -in /fence/keys/key/jwt_private_key.pem -pubout > /fence/keys/key/jwt_public_key.pem fi From 9b333189d3dfa783691493f76d88018093d3a62a Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 22 Dec 2023 16:53:28 +1100 Subject: [PATCH 100/131] fence volumes --- helm/fence/values.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 6b5c3177..6140792f 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -360,10 +360,10 @@ volumeMounts: readOnly: true mountPath: "/fence/fence/static/privacy_policy.md" subPath: "privacy_policy.md" - - name: "config-volume" - readOnly: false - mountPath: "/var/www/fence/fence-config.yaml" - subPath: fence-config.yaml + # - name: "config-volume" + # readOnly: true + # mountPath: "/var/www/fence/fence-config.yaml" + # subPath: fence-config.yaml - name: "yaml-merge" readOnly: true mountPath: "/var/www/fence/yaml_merge.py" @@ -380,6 +380,7 @@ volumeMounts: readOnly: true mountPath: "/fence/keys/key/jwt_private_key.pem" subPath: "jwt_private_key.pem" + # -- (list) Volumes to mount to the init container. initVolumeMounts: From fada4f4342097d57ab6dd88b53ac85a777da88a3 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 22 Dec 2023 16:57:36 +1100 Subject: [PATCH 101/131] fence volumes --- helm/fence/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 6140792f..d0d1a667 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -360,10 +360,10 @@ volumeMounts: readOnly: true mountPath: "/fence/fence/static/privacy_policy.md" subPath: "privacy_policy.md" - # - name: "config-volume" - # readOnly: true - # mountPath: "/var/www/fence/fence-config.yaml" - # subPath: fence-config.yaml + - name: "config-volume" + readOnly: true + mountPath: "/var/www/fence/fence-config.yaml" + subPath: fence-config.yaml - name: "yaml-merge" readOnly: true mountPath: "/var/www/fence/yaml_merge.py" From 209cf08a3edd1e97886427121edd0fdb78907df9 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 22 Dec 2023 21:59:56 +1100 Subject: [PATCH 102/131] openid --- helm/fence/values.yaml | 10 ++++++++++ .../templates/openid-creds.yaml | 14 ++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 helm/gen3-external-secrets/templates/openid-creds.yaml diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index d0d1a667..528c0e64 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -289,6 +289,16 @@ env: secretKeyRef: name: indexd-service-creds key: fence + - name: CLIENT_ID + valueFrom: + secretKeyRef: + name: openid-creds + key: client_id + - name: CLIENT_SECRET + valueFrom: + secretKeyRef: + name: openid-creds + key: client_secret - name: gen3Env valueFrom: configMapKeyRef: diff --git a/helm/gen3-external-secrets/templates/openid-creds.yaml b/helm/gen3-external-secrets/templates/openid-creds.yaml new file mode 100644 index 00000000..1b0fa31b --- /dev/null +++ b/helm/gen3-external-secrets/templates/openid-creds.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ .Values.fence.openidcreds.name }} + namespace: {{.Values.fence.openidcreds.namespace }} +spec: + refreshInterval: {{ .Values.fence.openidcreds.refreshInterval | default "2m" }} + secretStoreRef: + name: {{ .Values.fence.openidcreds.secretStoreRefName }} + kind: {{ .Values.fence.openidcreds.secretStoreRefKind }} + target: + name: {{ .Values.fence.openidcreds.targetName }} + data: + {{- toYaml .Values.fence.openidcreds.data | nindent 6 }} From 324accd406fa6665371fc03bf2122250f5b85032 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 22 Dec 2023 22:00:36 +1100 Subject: [PATCH 103/131] openid --- helm/fence/templates/fence-deployment.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index d2650f38..2fe2c6ec 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -63,7 +63,6 @@ spec: - | echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml - python /var/www/fence/config_helper.py -c /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then openssl rsa -in /fence/keys/key/jwt_private_key.pem -pubout > /fence/keys/key/jwt_public_key.pem fi From 2894ece58182cd823eda56fb9759f9da419ae391 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 22 Dec 2023 22:00:53 +1100 Subject: [PATCH 104/131] openid --- helm/fence/templates/fence-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/fence/templates/fence-config.yaml b/helm/fence/templates/fence-config.yaml index 29d0df2e..2b69f7ce 100644 --- a/helm/fence/templates/fence-config.yaml +++ b/helm/fence/templates/fence-config.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -kind: Secret +kind: ConfigMap metadata: name: fence-config stringData: From 965b675a45f18e7580c36491043aa63a08c9aa58 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 22 Dec 2023 22:32:55 +1100 Subject: [PATCH 105/131] openid --- helm/fence/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 528c0e64..6a5a560f 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -325,8 +325,8 @@ volumes: configMap: name: "logo-config" - name: config-volume - secret: - secretName: "fence-config" + configMap: + name: "fence-config" - name: fence-google-app-creds-secret-volume secret: secretName: "fence-google-app-creds-secret" From 23f7eb7911be76546e3022076da2788824d0c5a1 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 22 Dec 2023 22:44:37 +1100 Subject: [PATCH 106/131] openid --- helm/fence/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 6a5a560f..fb557d88 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -372,7 +372,7 @@ volumeMounts: subPath: "privacy_policy.md" - name: "config-volume" readOnly: true - mountPath: "/var/www/fence/fence-config.yaml" + mountPath: /var/www/fence/fence-config.yaml subPath: fence-config.yaml - name: "yaml-merge" readOnly: true From 34b2519eb5add77f10417059447ab1784544751e Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 22 Dec 2023 22:58:23 +1100 Subject: [PATCH 107/131] openid --- helm/fence/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index fb557d88..d71206a3 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -373,7 +373,7 @@ volumeMounts: - name: "config-volume" readOnly: true mountPath: /var/www/fence/fence-config.yaml - subPath: fence-config.yaml + subPath: "fence-config.yaml" - name: "yaml-merge" readOnly: true mountPath: "/var/www/fence/yaml_merge.py" From 9a257f44c10d918b4ab582e640bfc96167ac6510 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 22 Dec 2023 23:06:55 +1100 Subject: [PATCH 108/131] openid --- helm/fence/templates/fence-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/fence/templates/fence-config.yaml b/helm/fence/templates/fence-config.yaml index 2b69f7ce..a97b908c 100644 --- a/helm/fence/templates/fence-config.yaml +++ b/helm/fence/templates/fence-config.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: fence-config -stringData: +data: fence-config.yaml: | BASE_URL: https://{{ .Values.global.hostname }}/user {{- with .Values.FENCE_CONFIG }} From 26e43556faf37e024b821fbef44b07fbd8324ecd Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sat, 23 Dec 2023 12:20:03 +1100 Subject: [PATCH 109/131] openid --- helm/fence/templates/fence-config.yaml | 2 ++ helm/fence/templates/fence-deployment.yaml | 2 ++ helm/fence/values.yaml | 14 ++++++++++++-- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/helm/fence/templates/fence-config.yaml b/helm/fence/templates/fence-config.yaml index a97b908c..4cd86dae 100644 --- a/helm/fence/templates/fence-config.yaml +++ b/helm/fence/templates/fence-config.yaml @@ -5,6 +5,8 @@ metadata: data: fence-config.yaml: | BASE_URL: https://{{ .Values.global.hostname }}/user + CILOGON_CLIENT_ID: 'REPLACEME-OPENID-CID' + CILOGON_CLIENT_SECRET: 'REPLACEME-OPENID-SECRET' {{- with .Values.FENCE_CONFIG }} {{- toYaml . | nindent 4 }} {{ end }} diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index 2fe2c6ec..0193847d 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -96,6 +96,8 @@ spec: - | # echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" # python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml + sed -i -e "s/REPLACEME-OPENID-CID/$client_id/g" /var/www/fence/fence-config.yaml + sed -i -e "s/REPLACEME-OPENID-SECRET/$client_secret/g" /var/www/fence/fence-config.yaml if fence-create migrate --help > /dev/null 2>&1; then if ! grep -E 'ENABLE_DB_MIGRATION"?: *false' /var/www/fence/fence-config.yaml; then echo "Running db migration: fence-create migrate" diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index d71206a3..1676df32 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -443,6 +443,16 @@ initEnv: name: fence-dbcreds key: dbcreated optional: false + - name: CLIENT_ID + valueFrom: + secretKeyRef: + name: openid-creds + key: client_id + - name: CLIENT_SECRET + valueFrom: + secretKeyRef: + name: openid-creds + key: client_secret - name: DB value: postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB) - name: FENCE_DB @@ -1606,8 +1616,8 @@ FENCE_CONFIG: # Free tier users may request OIDC clients at https://cilogon.org/oauth2/register cilogon: discovery_url: 'https://cilogon.org/.well-known/openid-configuration' - client_id: '' - client_secret: '' + client_id: '{{CILOGON_CLIENT_ID}}' + client_secret: '{{CILOGON_CLIENT_SECRET}}' # When registering the Callback URLs for your CILogon OIDC client be # sure to include the FULL url for this deployment, including the https:// scheme # and server FQDN. From 2c12a4c7595dc635d25bfc8eb520e8a7e549dc01 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sat, 23 Dec 2023 12:38:47 +1100 Subject: [PATCH 110/131] openid --- helm/fence/templates/fence-deployment.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index 0193847d..e574375e 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -63,6 +63,8 @@ spec: - | echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml + sed -i -e "s/REPLACEME-OPENID-CID/$client_id/g" /var/www/fence/fence-config.yaml + sed -i -e "s/REPLACEME-OPENID-SECRET/$client_secret/g" /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then openssl rsa -in /fence/keys/key/jwt_private_key.pem -pubout > /fence/keys/key/jwt_public_key.pem fi From 6966a00993189bc0caec61750ec16b30d09f9286 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sat, 23 Dec 2023 12:58:15 +1100 Subject: [PATCH 111/131] openid --- helm/fence/templates/fence-deployment.yaml | 7 +++---- helm/fence/values.yaml | 16 ++++++++-------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index e574375e..8e28b182 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -63,8 +63,6 @@ spec: - | echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml - sed -i -e "s/REPLACEME-OPENID-CID/$client_id/g" /var/www/fence/fence-config.yaml - sed -i -e "s/REPLACEME-OPENID-SECRET/$client_secret/g" /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then openssl rsa -in /fence/keys/key/jwt_private_key.pem -pubout > /fence/keys/key/jwt_public_key.pem fi @@ -98,8 +96,9 @@ spec: - | # echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" # python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml - sed -i -e "s/REPLACEME-OPENID-CID/$client_id/g" /var/www/fence/fence-config.yaml - sed -i -e "s/REPLACEME-OPENID-SECRET/$client_secret/g" /var/www/fence/fence-config.yaml + sed -i -e "s/REPLACEME-OPENID-CID/$client_id/g" /var/www/tmp/fence-config.yaml + sed -i -e "s/REPLACEME-OPENID-SECRET/$client_secret/g" /var/www/tmp/fence-config.yaml + cp /var/www/tmp/fence-config.yaml /var/www/fence/fence-config.yaml if fence-create migrate --help > /dev/null 2>&1; then if ! grep -E 'ENABLE_DB_MIGRATION"?: *false' /var/www/fence/fence-config.yaml; then echo "Running db migration: fence-create migrate" diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 1676df32..659b3ded 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -370,10 +370,10 @@ volumeMounts: readOnly: true mountPath: "/fence/fence/static/privacy_policy.md" subPath: "privacy_policy.md" - - name: "config-volume" - readOnly: true - mountPath: /var/www/fence/fence-config.yaml - subPath: "fence-config.yaml" + # - name: "config-volume" + # readOnly: true + # mountPath: /var/www/fence/fence-config.yaml + # subPath: "fence-config.yaml" - name: "yaml-merge" readOnly: true mountPath: "/var/www/fence/yaml_merge.py" @@ -396,19 +396,19 @@ volumeMounts: initVolumeMounts: - name: "config-volume" readOnly: true - mountPath: "/var/www/fence/fence-config.yaml" + mountPath: "/var/www/tmp/fence-config.yaml" subPath: fence-config.yaml - name: "yaml-merge" readOnly: true - mountPath: "/var/www/fence/yaml_merge.py" + mountPath: "/var/www/tmp/yaml_merge.py" subPath: yaml_merge.py - name: "fence-google-app-creds-secret-volume" readOnly: true - mountPath: "/var/www/fence/fence_google_app_creds_secret.json" + mountPath: "/var/www/tmp/fence_google_app_creds_secret.json" subPath: fence_google_app_creds_secret.json - name: "fence-google-storage-creds-secret-volume" readOnly: true - mountPath: "/var/www/fence/fence_google_storage_creds_secret.json" + mountPath: "/var/www/tmp/fence_google_storage_creds_secret.json" subPath: fence_google_storage_creds_secret.json # -- (list) Volumes to attach to the init container. From 800e29a11e842d66238efc68966b71030caf5e33 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sat, 23 Dec 2023 13:05:46 +1100 Subject: [PATCH 112/131] openid --- helm/fence/templates/fence-deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index 8e28b182..6d9d0bd1 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -94,6 +94,7 @@ spec: args: - "-c" - | + set -x # echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" # python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml sed -i -e "s/REPLACEME-OPENID-CID/$client_id/g" /var/www/tmp/fence-config.yaml From ecc1f6d6a83358e093cff9d646284d89ea877c0a Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sat, 23 Dec 2023 13:39:17 +1100 Subject: [PATCH 113/131] openid --- helm/fence/templates/fence-deployment.yaml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index 6d9d0bd1..6070daa4 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -61,8 +61,8 @@ spec: args: - "-c" - | - echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" - python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml + #echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" + #python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then openssl rsa -in /fence/keys/key/jwt_private_key.pem -pubout > /fence/keys/key/jwt_public_key.pem fi @@ -95,11 +95,10 @@ spec: - "-c" - | set -x - # echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" - # python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml - sed -i -e "s/REPLACEME-OPENID-CID/$client_id/g" /var/www/tmp/fence-config.yaml - sed -i -e "s/REPLACEME-OPENID-SECRET/$client_secret/g" /var/www/tmp/fence-config.yaml - cp /var/www/tmp/fence-config.yaml /var/www/fence/fence-config.yaml + echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" + python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/tmp/fence-config.yaml > /var/www/fence/fence-config.yaml + sed -i -e "s/REPLACEME-OPENID-CID/$CLIENT_ID/g" /var/www/fence/fence-config.yaml + sed -i -e "s/REPLACEME-OPENID-SECRET/$CLIENT_SECRET/g" /var/www/fence/fence-config.yaml if fence-create migrate --help > /dev/null 2>&1; then if ! grep -E 'ENABLE_DB_MIGRATION"?: *false' /var/www/fence/fence-config.yaml; then echo "Running db migration: fence-create migrate" From 72dcb1bc5e3bb5dbaea7993c09f8a6b8b8ade7b0 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sat, 23 Dec 2023 13:46:49 +1100 Subject: [PATCH 114/131] openid --- helm/fence/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 659b3ded..e070e006 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -396,11 +396,11 @@ volumeMounts: initVolumeMounts: - name: "config-volume" readOnly: true - mountPath: "/var/www/tmp/fence-config.yaml" + mountPath: "/var/www/fence/fence-config.yaml" subPath: fence-config.yaml - name: "yaml-merge" readOnly: true - mountPath: "/var/www/tmp/yaml_merge.py" + mountPath: "/var/www/fence/yaml_merge.py" subPath: yaml_merge.py - name: "fence-google-app-creds-secret-volume" readOnly: true From f50c096303de774b74d64decd5cf62133a0e4f63 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sat, 23 Dec 2023 13:56:52 +1100 Subject: [PATCH 115/131] openid --- helm/fence/templates/fence-deployment.yaml | 4 ++-- helm/fence/values.yaml | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index 6070daa4..c34c0155 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -97,8 +97,8 @@ spec: set -x echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/tmp/fence-config.yaml > /var/www/fence/fence-config.yaml - sed -i -e "s/REPLACEME-OPENID-CID/$CLIENT_ID/g" /var/www/fence/fence-config.yaml - sed -i -e "s/REPLACEME-OPENID-SECRET/$CLIENT_SECRET/g" /var/www/fence/fence-config.yaml + sed -i -e "s@REPLACEME-OPENID-CID@$CLIENT_ID@g" /var/www/fence/fence-config.yaml + sed -i -e "s@REPLACEME-OPENID-SECRET@$CLIENT_SECRET@g" /var/www/fence/fence-config.yaml if fence-create migrate --help > /dev/null 2>&1; then if ! grep -E 'ENABLE_DB_MIGRATION"?: *false' /var/www/fence/fence-config.yaml; then echo "Running db migration: fence-create migrate" diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index e070e006..3e209ac6 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -394,10 +394,10 @@ volumeMounts: # -- (list) Volumes to mount to the init container. initVolumeMounts: - - name: "config-volume" - readOnly: true - mountPath: "/var/www/fence/fence-config.yaml" - subPath: fence-config.yaml + # - name: "config-volume" + # readOnly: true + # mountPath: "/var/www/fence/fence-config.yaml" + # subPath: fence-config.yaml - name: "yaml-merge" readOnly: true mountPath: "/var/www/fence/yaml_merge.py" From df1a7c2fbe2ef3cc4f2104ffe1704a21ebda4b8b Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sat, 23 Dec 2023 14:16:14 +1100 Subject: [PATCH 116/131] openid --- helm/fence/templates/fence-deployment.yaml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index c34c0155..116d4831 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -61,8 +61,8 @@ spec: args: - "-c" - | - #echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" - #python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml + echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" + python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-init-config.yaml > /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then openssl rsa -in /fence/keys/key/jwt_private_key.pem -pubout > /fence/keys/key/jwt_public_key.pem fi @@ -95,12 +95,13 @@ spec: - "-c" - | set -x - echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" - python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/tmp/fence-config.yaml > /var/www/fence/fence-config.yaml - sed -i -e "s@REPLACEME-OPENID-CID@$CLIENT_ID@g" /var/www/fence/fence-config.yaml - sed -i -e "s@REPLACEME-OPENID-SECRET@$CLIENT_SECRET@g" /var/www/fence/fence-config.yaml + #echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" + #python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/tmp/fence-config.yaml > /var/www/fence/fence-config.yaml + cp /var/tmp/fence-config.yaml /var/www/fence/fence-init-config.yaml + sed -i -e "s@REPLACEME-OPENID-CID@$CLIENT_ID@g" /var/www/fence/fence-config-secret.yaml + sed -i -e "s@REPLACEME-OPENID-SECRET@$CLIENT_SECRET@g" /var/www/fence/fence-config-secret.yaml if fence-create migrate --help > /dev/null 2>&1; then - if ! grep -E 'ENABLE_DB_MIGRATION"?: *false' /var/www/fence/fence-config.yaml; then + if ! grep -E 'ENABLE_DB_MIGRATION"?: *false' /var/tmp/fence-config.yaml; then echo "Running db migration: fence-create migrate" cd /fence fence-create migrate From 1dfdac4b717a56cded10ed0d3c5062d807d7b1d8 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sat, 23 Dec 2023 14:18:48 +1100 Subject: [PATCH 117/131] openid --- helm/fence/templates/fence-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index 116d4831..6cfe9440 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -98,8 +98,8 @@ spec: #echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" #python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/tmp/fence-config.yaml > /var/www/fence/fence-config.yaml cp /var/tmp/fence-config.yaml /var/www/fence/fence-init-config.yaml - sed -i -e "s@REPLACEME-OPENID-CID@$CLIENT_ID@g" /var/www/fence/fence-config-secret.yaml - sed -i -e "s@REPLACEME-OPENID-SECRET@$CLIENT_SECRET@g" /var/www/fence/fence-config-secret.yaml + sed -i -e "s@REPLACEME-OPENID-CID@$CLIENT_ID@g" /var/www/fence/fence-init-config.yaml + sed -i -e "s@REPLACEME-OPENID-SECRET@$CLIENT_SECRET@g" /var/www/fence/fence-init-config.yaml if fence-create migrate --help > /dev/null 2>&1; then if ! grep -E 'ENABLE_DB_MIGRATION"?: *false' /var/tmp/fence-config.yaml; then echo "Running db migration: fence-create migrate" From 85e48bf841f829ded64090bb0a2e56f742d480a3 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sat, 23 Dec 2023 14:24:27 +1100 Subject: [PATCH 118/131] openid --- helm/fence/values.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 3e209ac6..6c7f1fad 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -394,21 +394,21 @@ volumeMounts: # -- (list) Volumes to mount to the init container. initVolumeMounts: - # - name: "config-volume" - # readOnly: true - # mountPath: "/var/www/fence/fence-config.yaml" - # subPath: fence-config.yaml + - name: "config-volume" + readOnly: true + mountPath: "/var/tmp/fence-config.yaml" + subPath: fence-config.yaml - name: "yaml-merge" readOnly: true mountPath: "/var/www/fence/yaml_merge.py" subPath: yaml_merge.py - name: "fence-google-app-creds-secret-volume" readOnly: true - mountPath: "/var/www/tmp/fence_google_app_creds_secret.json" + mountPath: "/var/www/fence/fence_google_app_creds_secret.json" subPath: fence_google_app_creds_secret.json - name: "fence-google-storage-creds-secret-volume" readOnly: true - mountPath: "/var/www/tmp/fence_google_storage_creds_secret.json" + mountPath: "/var/www/fence/fence_google_storage_creds_secret.json" subPath: fence_google_storage_creds_secret.json # -- (list) Volumes to attach to the init container. From 75fee630c54724e8e5899ce3ca9862adba7fb987 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sat, 23 Dec 2023 14:35:53 +1100 Subject: [PATCH 119/131] openid --- helm/fence/templates/fence-deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index 6cfe9440..c33f9560 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -61,8 +61,8 @@ spec: args: - "-c" - | - echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" - python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-init-config.yaml > /var/www/fence/fence-config.yaml + #echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" + #python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-init-config.yaml > /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then openssl rsa -in /fence/keys/key/jwt_private_key.pem -pubout > /fence/keys/key/jwt_public_key.pem fi @@ -97,7 +97,7 @@ spec: set -x #echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" #python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/tmp/fence-config.yaml > /var/www/fence/fence-config.yaml - cp /var/tmp/fence-config.yaml /var/www/fence/fence-init-config.yaml + cp /var/tmp/fence-config.yaml /var/www/fence/fence-config.yaml sed -i -e "s@REPLACEME-OPENID-CID@$CLIENT_ID@g" /var/www/fence/fence-init-config.yaml sed -i -e "s@REPLACEME-OPENID-SECRET@$CLIENT_SECRET@g" /var/www/fence/fence-init-config.yaml if fence-create migrate --help > /dev/null 2>&1; then From 11eba7f0a6ba7ddf7e8a4c7f295afb52696096d8 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sat, 23 Dec 2023 14:39:57 +1100 Subject: [PATCH 120/131] openid --- helm/fence/templates/fence-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index c33f9560..d8b17f7f 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -98,8 +98,8 @@ spec: #echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" #python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/tmp/fence-config.yaml > /var/www/fence/fence-config.yaml cp /var/tmp/fence-config.yaml /var/www/fence/fence-config.yaml - sed -i -e "s@REPLACEME-OPENID-CID@$CLIENT_ID@g" /var/www/fence/fence-init-config.yaml - sed -i -e "s@REPLACEME-OPENID-SECRET@$CLIENT_SECRET@g" /var/www/fence/fence-init-config.yaml + sed -i -e "s@REPLACEME-OPENID-CID@$CLIENT_ID@g" var/www/fence/fence-config.yaml + sed -i -e "s@REPLACEME-OPENID-SECRET@$CLIENT_SECRET@g" var/www/fence/fence-config.yaml if fence-create migrate --help > /dev/null 2>&1; then if ! grep -E 'ENABLE_DB_MIGRATION"?: *false' /var/tmp/fence-config.yaml; then echo "Running db migration: fence-create migrate" From 903f6cba9f8e4dfeb457898551c53ce27dae656d Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sat, 23 Dec 2023 14:40:19 +1100 Subject: [PATCH 121/131] openid --- helm/fence/templates/fence-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index d8b17f7f..7ab0c099 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -98,8 +98,8 @@ spec: #echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" #python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/tmp/fence-config.yaml > /var/www/fence/fence-config.yaml cp /var/tmp/fence-config.yaml /var/www/fence/fence-config.yaml - sed -i -e "s@REPLACEME-OPENID-CID@$CLIENT_ID@g" var/www/fence/fence-config.yaml - sed -i -e "s@REPLACEME-OPENID-SECRET@$CLIENT_SECRET@g" var/www/fence/fence-config.yaml + sed -i -e "s@REPLACEME-OPENID-CID@$CLIENT_ID@g" /var/www/fence/fence-config.yaml + sed -i -e "s@REPLACEME-OPENID-SECRET@$CLIENT_SECRET@g" /var/www/fence/fence-config.yaml if fence-create migrate --help > /dev/null 2>&1; then if ! grep -E 'ENABLE_DB_MIGRATION"?: *false' /var/tmp/fence-config.yaml; then echo "Running db migration: fence-create migrate" From 580278b45578b34130fc7fa9b3d79bdacf96f943 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sat, 23 Dec 2023 14:48:53 +1100 Subject: [PATCH 122/131] openid --- helm/fence/templates/fence-deployment.yaml | 7 ++++--- helm/fence/values.yaml | 18 ++++-------------- 2 files changed, 8 insertions(+), 17 deletions(-) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index 7ab0c099..bf04ac89 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -61,8 +61,12 @@ spec: args: - "-c" - | + set -x #echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" #python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-init-config.yaml > /var/www/fence/fence-config.yaml + cp /var/tmp/fence-config.yaml /var/www/fence/fence-config.yaml + sed -i -e "s@REPLACEME-OPENID-CID@$CLIENT_ID@g" /var/www/fence/fence-config.yaml + sed -i -e "s@REPLACEME-OPENID-SECRET@$CLIENT_SECRET@g" /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then openssl rsa -in /fence/keys/key/jwt_private_key.pem -pubout > /fence/keys/key/jwt_public_key.pem fi @@ -97,9 +101,6 @@ spec: set -x #echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" #python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/tmp/fence-config.yaml > /var/www/fence/fence-config.yaml - cp /var/tmp/fence-config.yaml /var/www/fence/fence-config.yaml - sed -i -e "s@REPLACEME-OPENID-CID@$CLIENT_ID@g" /var/www/fence/fence-config.yaml - sed -i -e "s@REPLACEME-OPENID-SECRET@$CLIENT_SECRET@g" /var/www/fence/fence-config.yaml if fence-create migrate --help > /dev/null 2>&1; then if ! grep -E 'ENABLE_DB_MIGRATION"?: *false' /var/tmp/fence-config.yaml; then echo "Running db migration: fence-create migrate" diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 6c7f1fad..d55bc867 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -370,10 +370,10 @@ volumeMounts: readOnly: true mountPath: "/fence/fence/static/privacy_policy.md" subPath: "privacy_policy.md" - # - name: "config-volume" - # readOnly: true - # mountPath: /var/www/fence/fence-config.yaml - # subPath: "fence-config.yaml" + - name: "config-volume" + readOnly: true + mountPath: "/var/tmp/fence-config.yaml" + subPath: "fence-config.yaml" - name: "yaml-merge" readOnly: true mountPath: "/var/www/fence/yaml_merge.py" @@ -443,16 +443,6 @@ initEnv: name: fence-dbcreds key: dbcreated optional: false - - name: CLIENT_ID - valueFrom: - secretKeyRef: - name: openid-creds - key: client_id - - name: CLIENT_SECRET - valueFrom: - secretKeyRef: - name: openid-creds - key: client_secret - name: DB value: postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB) - name: FENCE_DB From 09cfd19cb1c2c5379feaa9724d8ba3ba457daa1f Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sat, 23 Dec 2023 15:25:17 +1100 Subject: [PATCH 123/131] openid --- helm/fence/templates/fence-deployment.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index bf04ac89..de1aaf3c 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -61,7 +61,6 @@ spec: args: - "-c" - | - set -x #echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" #python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-init-config.yaml > /var/www/fence/fence-config.yaml cp /var/tmp/fence-config.yaml /var/www/fence/fence-config.yaml @@ -98,7 +97,6 @@ spec: args: - "-c" - | - set -x #echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" #python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/tmp/fence-config.yaml > /var/www/fence/fence-config.yaml if fence-create migrate --help > /dev/null 2>&1; then From 5ab94c42b4e30ff104c49fed21488a7d1398e78b Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sat, 23 Dec 2023 16:14:10 +1100 Subject: [PATCH 124/131] secrets volume --- helm/fence/values.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index d55bc867..3403fb51 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -343,6 +343,9 @@ volumes: configMap: name: "fence-yaml-merge" optional: true + - name: openid-creds + secret: + secretName: "openid-creds" # -- (list) Volumes to mount to the container. volumeMounts: @@ -390,6 +393,10 @@ volumeMounts: readOnly: true mountPath: "/fence/keys/key/jwt_private_key.pem" subPath: "jwt_private_key.pem" + - name: "openid-creds" + readOnly: true + mountPath: "/var/www/fence/openid-creds" + # -- (list) Volumes to mount to the init container. From 116902ae06d81fe4a6fcf3f1335d325b9c84725c Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Sat, 23 Dec 2023 16:30:36 +1100 Subject: [PATCH 125/131] secrets volume --- helm/fence/templates/fence-deployment.yaml | 2 ++ helm/fence/values.yaml | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index de1aaf3c..805a813a 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -64,6 +64,8 @@ spec: #echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" #python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-init-config.yaml > /var/www/fence/fence-config.yaml cp /var/tmp/fence-config.yaml /var/www/fence/fence-config.yaml + CLIENT_ID=(`cat /var/www/fence/openid-creds/client_id`) + CLIENT_SECRET=(`cat /var/www/fence/openid-creds/client_secret`) sed -i -e "s@REPLACEME-OPENID-CID@$CLIENT_ID@g" /var/www/fence/fence-config.yaml sed -i -e "s@REPLACEME-OPENID-SECRET@$CLIENT_SECRET@g" /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 3403fb51..1cacb6cf 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -289,16 +289,16 @@ env: secretKeyRef: name: indexd-service-creds key: fence - - name: CLIENT_ID - valueFrom: - secretKeyRef: - name: openid-creds - key: client_id - - name: CLIENT_SECRET - valueFrom: - secretKeyRef: - name: openid-creds - key: client_secret + # - name: CLIENT_ID + # valueFrom: + # secretKeyRef: + # name: openid-creds + # key: client_id + # - name: CLIENT_SECRET + # valueFrom: + # secretKeyRef: + # name: openid-creds + # key: client_secret - name: gen3Env valueFrom: configMapKeyRef: From e9a1d825bc73a45803469af6472429fae1e1e813 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 2 Jan 2024 21:27:47 +1100 Subject: [PATCH 126/131] comments --- helm/fence/templates/fence-config.yaml | 4 +- helm/fence/values.yaml | 15 +- .../templates/arborist-postgres-secrets.yaml | 2 +- .../templates/audit-postgres-secrets.yaml | 2 +- .../templates/clustersecretstore.yaml | 3 +- .../templates/fence-postgres-secrets.yaml | 2 +- .../templates/indexd-postgres-secrets.yaml | 2 +- .../templates/master-postgres-secrets.yaml | 2 +- .../templates/metadata-postgres-secrets.yaml | 2 +- .../templates/peregrine-postgres-secrets.yaml | 2 +- .../templates/requestor-postgres-secrets.yaml | 2 +- .../templates/sheepdog-postgres-secrets.yaml | 2 +- .../templates/wts-postgres-secrets.yaml | 2 +- helm/gen3-external-secrets/values.yaml | 248 +++++++++++------- 14 files changed, 176 insertions(+), 114 deletions(-) diff --git a/helm/fence/templates/fence-config.yaml b/helm/fence/templates/fence-config.yaml index 4cd86dae..c10ff7e9 100644 --- a/helm/fence/templates/fence-config.yaml +++ b/helm/fence/templates/fence-config.yaml @@ -5,8 +5,8 @@ metadata: data: fence-config.yaml: | BASE_URL: https://{{ .Values.global.hostname }}/user - CILOGON_CLIENT_ID: 'REPLACEME-OPENID-CID' - CILOGON_CLIENT_SECRET: 'REPLACEME-OPENID-SECRET' + DEFAULT_CLIENT_ID: 'REPLACEME-OPENID-CID' + DEFAULT_CLIENT_SECRET: 'REPLACEME-OPENID-SECRET' {{- with .Values.FENCE_CONFIG }} {{- toYaml . | nindent 4 }} {{ end }} diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 1cacb6cf..db489ba2 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -289,16 +289,6 @@ env: secretKeyRef: name: indexd-service-creds key: fence - # - name: CLIENT_ID - # valueFrom: - # secretKeyRef: - # name: openid-creds - # key: client_id - # - name: CLIENT_SECRET - # valueFrom: - # secretKeyRef: - # name: openid-creds - # key: client_secret - name: gen3Env valueFrom: configMapKeyRef: @@ -1613,8 +1603,9 @@ FENCE_CONFIG: # Free tier users may request OIDC clients at https://cilogon.org/oauth2/register cilogon: discovery_url: 'https://cilogon.org/.well-known/openid-configuration' - client_id: '{{CILOGON_CLIENT_ID}}' - client_secret: '{{CILOGON_CLIENT_SECRET}}' + # DEFAULT_CLIENT_ID and DEFAULT_CLIENT_SECRET is added by fence-config configMap + client_id: '{{DEFAULT_CLIENT_ID}}' + client_secret: '{{DEFAULT_CLIENT_SECRET}}' # When registering the Callback URLs for your CILogon OIDC client be # sure to include the FULL url for this deployment, including the https:// scheme # and server FQDN. diff --git a/helm/gen3-external-secrets/templates/arborist-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/arborist-postgres-secrets.yaml index 2e53913f..fa14d8f5 100644 --- a/helm/gen3-external-secrets/templates/arborist-postgres-secrets.yaml +++ b/helm/gen3-external-secrets/templates/arborist-postgres-secrets.yaml @@ -2,7 +2,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: {{ .Values.postgresql.arboristcreds.name }} - namespace: {{.Values.postgresql.arboristcreds.namespace }} + namespace: {{.Values.postgresql.namespace }} spec: refreshInterval: {{ .Values.postgresql.arboristcreds.refreshInterval | default "2m" }} secretStoreRef: diff --git a/helm/gen3-external-secrets/templates/audit-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/audit-postgres-secrets.yaml index 34a9a1fa..5609f86d 100644 --- a/helm/gen3-external-secrets/templates/audit-postgres-secrets.yaml +++ b/helm/gen3-external-secrets/templates/audit-postgres-secrets.yaml @@ -2,7 +2,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: {{ .Values.postgresql.auditcreds.name }} - namespace: {{.Values.postgresql.auditcreds.namespace }} + namespace: {{.Values.postgresql.namespace }} spec: refreshInterval: {{ .Values.postgresql.auditcreds.refreshInterval | default "2m" }} secretStoreRef: diff --git a/helm/gen3-external-secrets/templates/clustersecretstore.yaml b/helm/gen3-external-secrets/templates/clustersecretstore.yaml index a0743818..9fd73b77 100644 --- a/helm/gen3-external-secrets/templates/clustersecretstore.yaml +++ b/helm/gen3-external-secrets/templates/clustersecretstore.yaml @@ -1,4 +1,4 @@ -# external-secrets-chart/templates/clustersecretstore.yaml +{{- if .Values.clusterSecretStore.enabled }} apiVersion: external-secrets.io/v1beta1 kind: ClusterSecretStore metadata: @@ -15,4 +15,5 @@ spec: name: {{ .Values.clusterSecretStore.provider.aws.auth.jwt.serviceAccountRef.name | quote }} namespace: {{ .Values.clusterSecretStore.provider.aws.auth.jwt.serviceAccountRef.namespace | quote }} {{- end }} +{{- end }} diff --git a/helm/gen3-external-secrets/templates/fence-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/fence-postgres-secrets.yaml index 92a2f4ec..4e16205f 100644 --- a/helm/gen3-external-secrets/templates/fence-postgres-secrets.yaml +++ b/helm/gen3-external-secrets/templates/fence-postgres-secrets.yaml @@ -2,7 +2,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: {{ .Values.postgresql.fencecreds.name }} - namespace: {{.Values.postgresql.fencecreds.namespace }} + namespace: {{.Values.postgresql.namespace }} spec: refreshInterval: {{ .Values.postgresql.fencecreds.refreshInterval | default "2m" }} secretStoreRef: diff --git a/helm/gen3-external-secrets/templates/indexd-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/indexd-postgres-secrets.yaml index c2d73d44..66aa5077 100644 --- a/helm/gen3-external-secrets/templates/indexd-postgres-secrets.yaml +++ b/helm/gen3-external-secrets/templates/indexd-postgres-secrets.yaml @@ -2,7 +2,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: {{ .Values.postgresql.indexdcreds.name }} - namespace: {{.Values.postgresql.indexdcreds.namespace }} + namespace: {{.Values.postgresql.namespace }} spec: refreshInterval: {{ .Values.postgresql.indexdcreds.refreshInterval | default "2m" }} secretStoreRef: diff --git a/helm/gen3-external-secrets/templates/master-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/master-postgres-secrets.yaml index 9e7ed189..772a6b59 100644 --- a/helm/gen3-external-secrets/templates/master-postgres-secrets.yaml +++ b/helm/gen3-external-secrets/templates/master-postgres-secrets.yaml @@ -2,7 +2,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: {{ .Values.postgresql.mastercreds.name }} - namespace: {{.Values.postgresql.mastercreds.namespace }} + namespace: {{.Values.postgresql.namespace }} spec: refreshInterval: {{ .Values.postgresql.mastercreds.refreshInterval | default "2m" }} secretStoreRef: diff --git a/helm/gen3-external-secrets/templates/metadata-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/metadata-postgres-secrets.yaml index ca88ad1d..4bfb813f 100644 --- a/helm/gen3-external-secrets/templates/metadata-postgres-secrets.yaml +++ b/helm/gen3-external-secrets/templates/metadata-postgres-secrets.yaml @@ -2,7 +2,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: {{ .Values.postgresql.metadatacreds.name }} - namespace: {{.Values.postgresql.metadatacreds.namespace }} + namespace: {{.Values.postgresql.namespace }} spec: refreshInterval: {{ .Values.postgresql.metadatacreds.refreshInterval | default "2m" }} secretStoreRef: diff --git a/helm/gen3-external-secrets/templates/peregrine-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/peregrine-postgres-secrets.yaml index 6e881af6..6f8cfb32 100644 --- a/helm/gen3-external-secrets/templates/peregrine-postgres-secrets.yaml +++ b/helm/gen3-external-secrets/templates/peregrine-postgres-secrets.yaml @@ -2,7 +2,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: {{ .Values.postgresql.peregrinecreds.name }} - namespace: {{.Values.postgresql.peregrinecreds.namespace }} + namespace: {{.Values.postgresql.namespace }} spec: refreshInterval: {{ .Values.postgresql.peregrinecreds.refreshInterval | default "2m" }} secretStoreRef: diff --git a/helm/gen3-external-secrets/templates/requestor-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/requestor-postgres-secrets.yaml index 746e7d62..5e019f92 100644 --- a/helm/gen3-external-secrets/templates/requestor-postgres-secrets.yaml +++ b/helm/gen3-external-secrets/templates/requestor-postgres-secrets.yaml @@ -2,7 +2,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: {{ .Values.postgresql.requestorcreds.name }} - namespace: {{.Values.postgresql.requestorcreds.namespace }} + namespace: {{.Values.postgresql.namespace }} spec: refreshInterval: {{ .Values.postgresql.requestorcreds.refreshInterval | default "2m" }} secretStoreRef: diff --git a/helm/gen3-external-secrets/templates/sheepdog-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/sheepdog-postgres-secrets.yaml index 5b5bd897..c8726374 100644 --- a/helm/gen3-external-secrets/templates/sheepdog-postgres-secrets.yaml +++ b/helm/gen3-external-secrets/templates/sheepdog-postgres-secrets.yaml @@ -2,7 +2,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: {{ .Values.postgresql.sheepdogcreds.name }} - namespace: {{.Values.postgresql.sheepdogcreds.namespace }} + namespace: {{.Values.postgresql.namespace }} spec: refreshInterval: {{ .Values.postgresql.sheepdogcreds.refreshInterval | default "2m" }} secretStoreRef: diff --git a/helm/gen3-external-secrets/templates/wts-postgres-secrets.yaml b/helm/gen3-external-secrets/templates/wts-postgres-secrets.yaml index 230f41b2..174ea8ae 100644 --- a/helm/gen3-external-secrets/templates/wts-postgres-secrets.yaml +++ b/helm/gen3-external-secrets/templates/wts-postgres-secrets.yaml @@ -2,7 +2,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: {{ .Values.postgresql.wtscreds.name }} - namespace: {{.Values.postgresql.wtscreds.namespace }} + namespace: {{.Values.postgresql.namespace }} spec: refreshInterval: {{ .Values.postgresql.wtscreds.refreshInterval | default "10m" }} secretStoreRef: diff --git a/helm/gen3-external-secrets/values.yaml b/helm/gen3-external-secrets/values.yaml index f5c07719..58a3ab99 100644 --- a/helm/gen3-external-secrets/values.yaml +++ b/helm/gen3-external-secrets/values.yaml @@ -1,399 +1,469 @@ clusterSecretStore: + # -- (bool) Whether the ClusterSecretStore should be created. + enabled: true + # -- (string) Name of the cluster store name: "gen3" provider: + # -- (map) provider properties (defaulted to aws) aws: + # -- (string) Cloud provider's service service: "SecretsManager" + # -- (string) Cloud provider's region region: "ap-southeast-2" auth: + # -- (map) Authentication method jwt: + # -- (map) Existing Iam role for the service account in the cluster serviceAccountRef: name: "external-secrets-sa" namespace: "external-secrets" fence: + # -- (map) Fence credentials configuration fencecreds: + # -- (string) External Secrets name name: gen3-fence-creds + # -- (string) Namespace namespace: argocd + # -- (string) Cluster Secret Store name secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore + # -- (string) Cluster Secret Store type (SecretStore or ClusterSecretStore) + secretStoreRefKind: ClusterSecretStore + # -- (string) the target describes the secret that shall be created targetName: fence-creds + # -- (list) Data defines the connection between the Kubernetes Secret keys and the Provider data data: - secretKey: creds.json remoteRef: key: gen3-fence-creds +# -- (map) Postgres External Secrets postgresql: + # -- (string) Namespace to create the External Secrets + namespace: argocd + # -- (map) Credentials for shared services Postgres Instance mastercreds: + # -- (string) External Secrets name name: gen3-postgres-master - namespace: argocd + # -- (string) Cluster Secret Store name secretStoreRefName: gen3 + # -- (string) Cluster Secret Store type (SecretStore or ClusterSecretStore) secretStoreRefKind: ClusterSecretStore + # -- (string) the target describes the secret that shall be created targetName: postgresql-secret - commonPostgressCreds: AuroraServerlessClusterdevm-eAb5qgt3cDXp - commonClusterCreds: + # -- (list) Data defines the connection between the Kubernetes Secret keys and the Provider data data: - secretKey: postgres-username remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: username - secretKey: postgres-password remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: password - secretKey: postgres-port remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: port - secretKey: postgres-host remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: host + # -- (map) Credentials for fence Postgres instance fencecreds: + # -- (string) External Secrets name for Fence Creds name: gen3-postgres-fence - namespace: argocd + # -- (string) Cluster Secret Store name secretStoreRefName: gen3 + # -- (string) Cluster Secret Store type (SecretStore or ClusterSecretStore) secretStoreRefKind: ClusterSecretStore + # -- (string) the target describes the secret that shall be created targetName: fence-dbcreds + # -- (list) Data defines the connection between the Kubernetes Secret keys and the Provider data data: + # -- (string) Postgres admin username (e.g. postgres) - secretKey: username remoteRef: - key: AuroraServerlessClusterdevf-UlravMUjgrhO + key: fence-dev-rds property: username + # -- (string) Postgres admin password password - secretKey: password remoteRef: - key: AuroraServerlessClusterdevf-UlravMUjgrhO + key: fence-dev-rds property: password + # -- (string) Postgres port (e.g 5432) - secretKey: port remoteRef: - key: AuroraServerlessClusterdevf-UlravMUjgrhO + key: fence-dev-rds property: port + # -- (string) Postgres host (e.g. mydb.example.com) - secretKey: host remoteRef: - key: AuroraServerlessClusterdevf-UlravMUjgrhO + key: fence-dev-rds property: host - secretKey: database remoteRef: - key: dev-cad-fence + key: dev-service-fence property: database - secretKey: serviceusername remoteRef: - key: dev-cad-fence + key: dev-service-fence property: serviceusername - secretKey: servicepassword remoteRef: - key: dev-cad-fence + key: dev-service-fence property: servicepassword - secretKey: dbcreated remoteRef: - key: dev-cad-fence + key: dev-service-fence property: dbcreated + # -- (map) Credentials for Indexd Postgres instance indexdcreds: + # -- (string) External Secrets name for Indexd Creds name: gen3-postgres-indexd - namespace: argocd + # -- (string) Cluster Secret Store name secretStoreRefName: gen3 + # -- (string) Cluster Secret Store type (SecretStore or ClusterSecretStore) secretStoreRefKind: ClusterSecretStore + # -- (string) the target describes the secret that shall be created targetName: indexd-dbcreds + # -- (list) Data defines the connection between the Kubernetes Secret keys and the Provider data data: - secretKey: username remoteRef: - key: AuroraServerlessClusterdevi-9OSjwLpIXcIC + key: indexd-dev-rds property: username - secretKey: password remoteRef: - key: AuroraServerlessClusterdevi-9OSjwLpIXcIC + key: indexd-dev-rds property: password - secretKey: port remoteRef: - key: AuroraServerlessClusterdevi-9OSjwLpIXcIC + key: indexd-dev-rds property: port - secretKey: host remoteRef: - key: AuroraServerlessClusterdevi-9OSjwLpIXcIC + key: indexd-dev-rds property: host - secretKey: database remoteRef: - key: dev-cad-indexd + key: dev-service-indexd property: database - secretKey: serviceusername remoteRef: - key: dev-cad-indexd + key: dev-service-indexd property: serviceusername - secretKey: servicepassword remoteRef: - key: dev-cad-indexd + key: dev-service-indexd property: servicepassword - secretKey: dbcreated remoteRef: - key: dev-cad-indexd + key: dev-service-indexd property: dbcreated + # -- (map) Credentials for Peregrine Postgres instance peregrinecreds: + # -- (string) External Secrets name for Peregrine Creds name: gen3-postgres-peregrine - namespace: argocd + # -- (string) Cluster Secret Store name secretStoreRefName: gen3 + # -- (string) Cluster Secret Store type (SecretStore or ClusterSecretStore) secretStoreRefKind: ClusterSecretStore + # -- (string) the target describes the secret that shall be created targetName: peregrine-dbcreds + # -- (list) Data defines the connection between the Kubernetes Secret keys and the Provider data data: - secretKey: username remoteRef: - key: AuroraServerlessClusterdevp-39s4edfR4V3g + key: peregrine-dev-rds property: username - secretKey: password remoteRef: - key: AuroraServerlessClusterdevp-39s4edfR4V3g + key: peregrine-dev-rds property: password - secretKey: port remoteRef: - key: AuroraServerlessClusterdevp-39s4edfR4V3g + key: peregrine-dev-rds property: port - secretKey: host remoteRef: - key: AuroraServerlessClusterdevp-39s4edfR4V3g + key: peregrine-dev-rds property: host - secretKey: database remoteRef: - key: dev-cad-peregrine + key: dev-service-peregrine property: database - secretKey: serviceusername remoteRef: - key: dev-cad-peregrine + key: dev-service-peregrine property: serviceusername - secretKey: servicepassword remoteRef: - key: dev-cad-peregrine + key: dev-service-peregrine property: servicepassword - secretKey: dbcreated remoteRef: - key: dev-cad-peregrine + key: dev-service-peregrine property: dbcreated + # -- (map) Credentials for Sheepdog Postgres instance sheepdogcreds: + # -- (string) External Secrets name for Sheepdog db Creds name: gen3-postgres-sheepdog - namespace: argocd + # -- (string) Cluster Secret Store name secretStoreRefName: gen3 + # -- (string) Cluster Secret Store type (SecretStore or ClusterSecretStore) secretStoreRefKind: ClusterSecretStore + # -- (string) the target describes the secret that shall be created targetName: sheepdog-dbcreds + # -- (list) Data defines the connection between the Kubernetes Secret keys and the Provider data data: - secretKey: username remoteRef: - key: AuroraServerlessClusterdevs-14IQBQ549zKC + key: sheepdod-dev-rds property: username - secretKey: password remoteRef: - key: AuroraServerlessClusterdevs-14IQBQ549zKC + key: sheepdod-dev-rds property: password - secretKey: port remoteRef: - key: AuroraServerlessClusterdevs-14IQBQ549zKC + key: sheepdod-dev-rds property: port - secretKey: host remoteRef: - key: AuroraServerlessClusterdevs-14IQBQ549zKC + key: sheepdod-dev-rds property: host - secretKey: database remoteRef: - key: dev-cad-sheepdog + key: dev-service-sheepdog property: database - secretKey: serviceusername remoteRef: - key: dev-cad-sheepdog + key: dev-service-sheepdog property: serviceusername - secretKey: servicepassword remoteRef: - key: dev-cad-sheepdog + key: dev-service-sheepdog property: servicepassword - secretKey: dbcreated remoteRef: - key: dev-cad-sheepdog + key: dev-service-sheepdog property: dbcreated + # -- (map) Postgres credentials for wts service wtscreds: + # -- (string) External Secrets name for WTS db Creds name: gen3-postgres-wts - namespace: argocd + # -- (string) Cluster Secret Store name secretStoreRefName: gen3 + # -- (string) Cluster Secret Store type (SecretStore or ClusterSecretStore) secretStoreRefKind: ClusterSecretStore + # -- (string) the target describes the secret that shall be created targetName: wts-dbcreds + # -- (list) Data defines the connection between the Kubernetes Secret keys and the Provider data data: - secretKey: username remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: username - secretKey: password remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: password - secretKey: port remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: port - secretKey: host remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: host - secretKey: database remoteRef: - key: dev-cad-wts + key: dev-service-wts property: database - secretKey: serviceusername remoteRef: - key: dev-cad-wts + key: dev-service-wts property: serviceusername - secretKey: servicepassword remoteRef: - key: dev-cad-wts + key: dev-service-wts property: servicepassword - secretKey: dbcreated remoteRef: - key: dev-cad-wts + key: dev-service-wts property: dbcreated + # -- (map) Postgres credentials for Arborist service arboristcreds: + # -- (string) External Secrets name for Arborist db Creds name: gen3-postgres-arborist - namespace: argocd + # -- (string) Cluster Secret Store name secretStoreRefName: gen3 + # -- (string) Cluster Secret Store type (SecretStore or ClusterSecretStore) secretStoreRefKind: ClusterSecretStore + # -- (string) the target describes the secret that shall be created targetName: arborist-dbcreds + # -- (list) Data defines the connection between the Kubernetes Secret keys and the Provider data data: - secretKey: username remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: username - secretKey: password remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: password - secretKey: port remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: port - secretKey: host remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: host - secretKey: database remoteRef: - key: dev-cad-arborist + key: dev-service-arborist property: database - secretKey: serviceusername remoteRef: - key: dev-cad-arborist + key: dev-service-arborist property: serviceusername - secretKey: servicepassword remoteRef: - key: dev-cad-arborist + key: dev-service-arborist property: servicepassword - secretKey: dbcreated remoteRef: - key: dev-cad-arborist + key: dev-service-arborist property: dbcreated + # -- (map) Postgres credentials for Audit service auditcreds: + # -- (string) External Secrets name for Audit db Creds name: gen3-postgres-audit - namespace: argocd + # -- (string) Cluster Secret Store name secretStoreRefName: gen3 + # -- (string) Cluster Secret Store type (SecretStore or ClusterSecretStore) secretStoreRefKind: ClusterSecretStore + # -- (string) the target describes the secret that shall be created targetName: audit-dbcreds + # -- (list) Data defines the connection between the Kubernetes Secret keys and the Provider data data: - secretKey: username remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: username - secretKey: password remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: password - secretKey: port remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: port - secretKey: host remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: host - secretKey: database remoteRef: - key: dev-cad-audit + key: dev-service-audit property: database - secretKey: serviceusername remoteRef: - key: dev-cad-audit + key: dev-service-audit property: serviceusername - secretKey: servicepassword remoteRef: - key: dev-cad-audit + key: dev-service-audit property: servicepassword - secretKey: dbcreated remoteRef: - key: dev-cad-audit + key: dev-service-audit property: dbcreated + # -- (map) Postgres credentials for metadata service metadatacreds: + # -- (string) External Secrets name for metadata db Creds name: gen3-postgres-metadata - namespace: argocd + # -- (string) Cluster Secret Store name secretStoreRefName: gen3 + # -- (string) Cluster Secret Store type (SecretStore or ClusterSecretStore) secretStoreRefKind: ClusterSecretStore + # -- (string) the target describes the secret that shall be created targetName: metadata-dbcreds + # -- (list) Data defines the connection between the Kubernetes Secret keys and the Provider data data: - secretKey: username remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: username - secretKey: password remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: password - secretKey: port remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: port - secretKey: host remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: host - secretKey: database remoteRef: - key: dev-cad-metadata + key: dev-service-metadata property: database - secretKey: serviceusername remoteRef: - key: dev-cad-metadata + key: dev-service-metadata property: serviceusername - secretKey: servicepassword remoteRef: - key: dev-cad-metadata + key: dev-service-metadata property: servicepassword - secretKey: dbcreated remoteRef: - key: dev-cad-metadata + key: dev-service-metadata property: dbcreated + # -- (map) Postgres credentials for requestor service requestorcreds: + # -- (string) External Secrets name for requestor db Creds name: gen3-postgres-requestor - namespace: argocd + # -- (string) Cluster Secret Store name secretStoreRefName: gen3 + # -- (string) Cluster Secret Store type (SecretStore or ClusterSecretStore) secretStoreRefKind: ClusterSecretStore + # -- (string) the target describes the secret that shall be created targetName: requestor-dbcreds + # -- (list) Data defines the connection between the Kubernetes Secret keys and the Provider data data: - secretKey: username remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: username - secretKey: password remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: password - secretKey: port remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: port - secretKey: host remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp + key: master-dev-rds property: host - secretKey: database remoteRef: - key: dev-cad-requestor + key: dev-service-requestor property: database - secretKey: serviceusername remoteRef: - key: dev-cad-requestor + key: dev-service-requestor property: serviceusername - secretKey: servicepassword remoteRef: - key: dev-cad-requestor + key: dev-service-requestor property: servicepassword - secretKey: dbcreated remoteRef: - key: dev-cad-requestor + key: dev-service-requestor property: dbcreated \ No newline at end of file From 69cbcf842cd21ce5b25eb4dcd19771ff66a9a665 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Thu, 4 Jan 2024 21:11:36 +1100 Subject: [PATCH 127/131] fence default refresh --- helm/gen3-external-secrets/templates/fence-creds.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/gen3-external-secrets/templates/fence-creds.yaml b/helm/gen3-external-secrets/templates/fence-creds.yaml index 6b4cdb09..b3dd48ea 100644 --- a/helm/gen3-external-secrets/templates/fence-creds.yaml +++ b/helm/gen3-external-secrets/templates/fence-creds.yaml @@ -4,7 +4,7 @@ metadata: name: {{ .Values.fence.fencecreds.name }} namespace: {{.Values.fence.fencecreds.namespace }} spec: - refreshInterval: {{ .Values.fence.fencecreds.refreshInterval | default "10m" }} + refreshInterval: {{ .Values.fence.fencecreds.refreshInterval | default "2m" }} secretStoreRef: name: {{ .Values.fence.fencecreds.secretStoreRefName }} kind: {{ .Values.fence.fencecreds.secretStoreRefKind }} From 1b5f540bd7fbc49be951c5e32524e2a582541635 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 5 Jan 2024 09:24:56 +1100 Subject: [PATCH 128/131] update dependency --- helm/gen3-external-secrets/Chart.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/helm/gen3-external-secrets/Chart.yaml b/helm/gen3-external-secrets/Chart.yaml index 59340f6d..ce0492ac 100644 --- a/helm/gen3-external-secrets/Chart.yaml +++ b/helm/gen3-external-secrets/Chart.yaml @@ -22,3 +22,7 @@ version: 0.1.0 # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "1.16.0" +dependencies: +- name: external-secrets + version: 0.9.11 + repository: https://charts.external-secrets.io \ No newline at end of file From 506c7d6eaa88926c7572e20b35441118b1620921 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 5 Jan 2024 10:57:09 +1100 Subject: [PATCH 129/131] Read me --- helm/gen3-external-secrets/README.md | 99 ++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 helm/gen3-external-secrets/README.md diff --git a/helm/gen3-external-secrets/README.md b/helm/gen3-external-secrets/README.md new file mode 100644 index 00000000..3201791d --- /dev/null +++ b/helm/gen3-external-secrets/README.md @@ -0,0 +1,99 @@ +# gen3-external-secrets + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) + +A Helm chart for installing ClusterSecretStore and external secrets + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.external-secrets.io | external-secrets | 0.9.11 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| clusterSecretStore.enabled | bool | `true` | Whether the ClusterSecretStore should be created. | +| clusterSecretStore.name | string | `"gen3"` | Name of the cluster store | +| clusterSecretStore.provider.aws | map | `{"auth":{"jwt":{"serviceAccountRef":{"name":"external-secrets-sa","namespace":"external-secrets"}}},"region":"ap-southeast-2","service":"SecretsManager"}` | provider properties (defaulted to aws) | +| clusterSecretStore.provider.aws.auth.jwt | map | `{"serviceAccountRef":{"name":"external-secrets-sa","namespace":"external-secrets"}}` | Authentication method | +| clusterSecretStore.provider.aws.auth.jwt.serviceAccountRef | map | `{"name":"external-secrets-sa","namespace":"external-secrets"}` | Existing Iam role for the service account in the cluster | +| clusterSecretStore.provider.aws.region | string | `"ap-southeast-2"` | Cloud provider's region | +| clusterSecretStore.provider.aws.service | string | `"SecretsManager"` | Cloud provider's service | +| fence.fencecreds | map | `{"data":[{"remoteRef":{"key":"gen3-fence-creds"},"secretKey":"creds.json"}],"name":"gen3-fence-creds","namespace":"argocd","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"fence-creds"}` | Fence credentials configuration | +| fence.fencecreds.data | list | `[{"remoteRef":{"key":"gen3-fence-creds"},"secretKey":"creds.json"}]` | Data defines the connection between the Kubernetes Secret keys and the Provider data | +| fence.fencecreds.name | string | `"gen3-fence-creds"` | External Secrets name | +| fence.fencecreds.namespace | string | `"argocd"` | Namespace | +| fence.fencecreds.secretStoreRefKind | string | `"ClusterSecretStore"` | Cluster Secret Store type (SecretStore or ClusterSecretStore) | +| fence.fencecreds.secretStoreRefName | string | `"gen3"` | Cluster Secret Store name | +| fence.fencecreds.targetName | string | `"fence-creds"` | the target describes the secret that shall be created | +| postgresql | map | `{"arboristcreds":{"data":[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-arborist","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-arborist","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-arborist","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-arborist","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-arborist","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"arborist-dbcreds"},"auditcreds":{"data":[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-audit","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-audit","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-audit","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-audit","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-audit","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"audit-dbcreds"},"fencecreds":{"data":[{"remoteRef":{"key":"fence-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"fence-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"fence-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"fence-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-fence","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-fence","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-fence","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-fence","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-fence","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"fence-dbcreds"},"indexdcreds":{"data":[{"remoteRef":{"key":"indexd-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"indexd-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"indexd-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"indexd-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-indexd","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-indexd","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-indexd","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-indexd","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-indexd","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"indexd-dbcreds"},"mastercreds":{"data":[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"postgres-username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"postgres-password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"postgres-port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"postgres-host"}],"name":"gen3-postgres-master","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"postgresql-secret"},"metadatacreds":{"data":[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-metadata","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-metadata","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-metadata","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-metadata","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-metadata","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"metadata-dbcreds"},"namespace":"argocd","peregrinecreds":{"data":[{"remoteRef":{"key":"peregrine-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"peregrine-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"peregrine-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"peregrine-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-peregrine","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-peregrine","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-peregrine","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-peregrine","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-peregrine","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"peregrine-dbcreds"},"requestorcreds":{"data":[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-requestor","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-requestor","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-requestor","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-requestor","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-requestor","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"requestor-dbcreds"},"sheepdogcreds":{"data":[{"remoteRef":{"key":"sheepdod-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"sheepdod-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"sheepdod-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"sheepdod-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-sheepdog","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-sheepdog","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-sheepdog","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-sheepdog","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-sheepdog","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"sheepdog-dbcreds"},"wtscreds":{"data":[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-wts","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-wts","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-wts","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-wts","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-wts","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"wts-dbcreds"}}` | Postgres External Secrets | +| postgresql.arboristcreds | map | `{"data":[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-arborist","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-arborist","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-arborist","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-arborist","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-arborist","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"arborist-dbcreds"}` | Postgres credentials for Arborist service | +| postgresql.arboristcreds.data | list | `[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-arborist","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-arborist","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-arborist","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-arborist","property":"dbcreated"},"secretKey":"dbcreated"}]` | Data defines the connection between the Kubernetes Secret keys and the Provider data | +| postgresql.arboristcreds.name | string | `"gen3-postgres-arborist"` | External Secrets name for Arborist db Creds | +| postgresql.arboristcreds.secretStoreRefKind | string | `"ClusterSecretStore"` | Cluster Secret Store type (SecretStore or ClusterSecretStore) | +| postgresql.arboristcreds.secretStoreRefName | string | `"gen3"` | Cluster Secret Store name | +| postgresql.arboristcreds.targetName | string | `"arborist-dbcreds"` | the target describes the secret that shall be created | +| postgresql.auditcreds | map | `{"data":[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-audit","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-audit","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-audit","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-audit","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-audit","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"audit-dbcreds"}` | Postgres credentials for Audit service | +| postgresql.auditcreds.data | list | `[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-audit","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-audit","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-audit","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-audit","property":"dbcreated"},"secretKey":"dbcreated"}]` | Data defines the connection between the Kubernetes Secret keys and the Provider data | +| postgresql.auditcreds.name | string | `"gen3-postgres-audit"` | External Secrets name for Audit db Creds | +| postgresql.auditcreds.secretStoreRefKind | string | `"ClusterSecretStore"` | Cluster Secret Store type (SecretStore or ClusterSecretStore) | +| postgresql.auditcreds.secretStoreRefName | string | `"gen3"` | Cluster Secret Store name | +| postgresql.auditcreds.targetName | string | `"audit-dbcreds"` | the target describes the secret that shall be created | +| postgresql.fencecreds | map | `{"data":[{"remoteRef":{"key":"fence-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"fence-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"fence-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"fence-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-fence","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-fence","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-fence","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-fence","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-fence","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"fence-dbcreds"}` | Credentials for fence Postgres instance | +| postgresql.fencecreds.data | list | `[{"remoteRef":{"key":"fence-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"fence-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"fence-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"fence-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-fence","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-fence","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-fence","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-fence","property":"dbcreated"},"secretKey":"dbcreated"}]` | Data defines the connection between the Kubernetes Secret keys and the Provider data | +| postgresql.fencecreds.data[0] | string | `{"remoteRef":{"key":"fence-dev-rds","property":"username"},"secretKey":"username"}` | Postgres admin username (e.g. postgres) | +| postgresql.fencecreds.data[1] | string | `{"remoteRef":{"key":"fence-dev-rds","property":"password"},"secretKey":"password"}` | Postgres admin password password | +| postgresql.fencecreds.data[2] | string | `{"remoteRef":{"key":"fence-dev-rds","property":"port"},"secretKey":"port"}` | Postgres port (e.g 5432) | +| postgresql.fencecreds.data[3] | string | `{"remoteRef":{"key":"fence-dev-rds","property":"host"},"secretKey":"host"}` | Postgres host (e.g. mydb.example.com) | +| postgresql.fencecreds.name | string | `"gen3-postgres-fence"` | External Secrets name for Fence Creds | +| postgresql.fencecreds.secretStoreRefKind | string | `"ClusterSecretStore"` | Cluster Secret Store type (SecretStore or ClusterSecretStore) | +| postgresql.fencecreds.secretStoreRefName | string | `"gen3"` | Cluster Secret Store name | +| postgresql.fencecreds.targetName | string | `"fence-dbcreds"` | the target describes the secret that shall be created | +| postgresql.indexdcreds | map | `{"data":[{"remoteRef":{"key":"indexd-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"indexd-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"indexd-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"indexd-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-indexd","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-indexd","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-indexd","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-indexd","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-indexd","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"indexd-dbcreds"}` | Credentials for Indexd Postgres instance | +| postgresql.indexdcreds.data | list | `[{"remoteRef":{"key":"indexd-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"indexd-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"indexd-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"indexd-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-indexd","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-indexd","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-indexd","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-indexd","property":"dbcreated"},"secretKey":"dbcreated"}]` | Data defines the connection between the Kubernetes Secret keys and the Provider data | +| postgresql.indexdcreds.name | string | `"gen3-postgres-indexd"` | External Secrets name for Indexd Creds | +| postgresql.indexdcreds.secretStoreRefKind | string | `"ClusterSecretStore"` | Cluster Secret Store type (SecretStore or ClusterSecretStore) | +| postgresql.indexdcreds.secretStoreRefName | string | `"gen3"` | Cluster Secret Store name | +| postgresql.indexdcreds.targetName | string | `"indexd-dbcreds"` | the target describes the secret that shall be created | +| postgresql.mastercreds | map | `{"data":[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"postgres-username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"postgres-password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"postgres-port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"postgres-host"}],"name":"gen3-postgres-master","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"postgresql-secret"}` | Credentials for shared services Postgres Instance | +| postgresql.mastercreds.data | list | `[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"postgres-username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"postgres-password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"postgres-port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"postgres-host"}]` | Data defines the connection between the Kubernetes Secret keys and the Provider data | +| postgresql.mastercreds.name | string | `"gen3-postgres-master"` | External Secrets name | +| postgresql.mastercreds.secretStoreRefKind | string | `"ClusterSecretStore"` | Cluster Secret Store type (SecretStore or ClusterSecretStore) | +| postgresql.mastercreds.secretStoreRefName | string | `"gen3"` | Cluster Secret Store name | +| postgresql.mastercreds.targetName | string | `"postgresql-secret"` | the target describes the secret that shall be created | +| postgresql.metadatacreds | map | `{"data":[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-metadata","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-metadata","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-metadata","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-metadata","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-metadata","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"metadata-dbcreds"}` | Postgres credentials for metadata service | +| postgresql.metadatacreds.data | list | `[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-metadata","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-metadata","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-metadata","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-metadata","property":"dbcreated"},"secretKey":"dbcreated"}]` | Data defines the connection between the Kubernetes Secret keys and the Provider data | +| postgresql.metadatacreds.name | string | `"gen3-postgres-metadata"` | External Secrets name for metadata db Creds | +| postgresql.metadatacreds.secretStoreRefKind | string | `"ClusterSecretStore"` | Cluster Secret Store type (SecretStore or ClusterSecretStore) | +| postgresql.metadatacreds.secretStoreRefName | string | `"gen3"` | Cluster Secret Store name | +| postgresql.metadatacreds.targetName | string | `"metadata-dbcreds"` | the target describes the secret that shall be created | +| postgresql.namespace | string | `"argocd"` | Namespace to create the External Secrets | +| postgresql.peregrinecreds | map | `{"data":[{"remoteRef":{"key":"peregrine-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"peregrine-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"peregrine-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"peregrine-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-peregrine","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-peregrine","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-peregrine","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-peregrine","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-peregrine","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"peregrine-dbcreds"}` | Credentials for Peregrine Postgres instance | +| postgresql.peregrinecreds.data | list | `[{"remoteRef":{"key":"peregrine-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"peregrine-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"peregrine-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"peregrine-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-peregrine","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-peregrine","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-peregrine","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-peregrine","property":"dbcreated"},"secretKey":"dbcreated"}]` | Data defines the connection between the Kubernetes Secret keys and the Provider data | +| postgresql.peregrinecreds.name | string | `"gen3-postgres-peregrine"` | External Secrets name for Peregrine Creds | +| postgresql.peregrinecreds.secretStoreRefKind | string | `"ClusterSecretStore"` | Cluster Secret Store type (SecretStore or ClusterSecretStore) | +| postgresql.peregrinecreds.secretStoreRefName | string | `"gen3"` | Cluster Secret Store name | +| postgresql.peregrinecreds.targetName | string | `"peregrine-dbcreds"` | the target describes the secret that shall be created | +| postgresql.requestorcreds | map | `{"data":[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-requestor","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-requestor","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-requestor","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-requestor","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-requestor","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"requestor-dbcreds"}` | Postgres credentials for requestor service | +| postgresql.requestorcreds.data | list | `[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-requestor","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-requestor","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-requestor","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-requestor","property":"dbcreated"},"secretKey":"dbcreated"}]` | Data defines the connection between the Kubernetes Secret keys and the Provider data | +| postgresql.requestorcreds.name | string | `"gen3-postgres-requestor"` | External Secrets name for requestor db Creds | +| postgresql.requestorcreds.secretStoreRefKind | string | `"ClusterSecretStore"` | Cluster Secret Store type (SecretStore or ClusterSecretStore) | +| postgresql.requestorcreds.secretStoreRefName | string | `"gen3"` | Cluster Secret Store name | +| postgresql.requestorcreds.targetName | string | `"requestor-dbcreds"` | the target describes the secret that shall be created | +| postgresql.sheepdogcreds | map | `{"data":[{"remoteRef":{"key":"sheepdod-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"sheepdod-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"sheepdod-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"sheepdod-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-sheepdog","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-sheepdog","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-sheepdog","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-sheepdog","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-sheepdog","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"sheepdog-dbcreds"}` | Credentials for Sheepdog Postgres instance | +| postgresql.sheepdogcreds.data | list | `[{"remoteRef":{"key":"sheepdod-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"sheepdod-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"sheepdod-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"sheepdod-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-sheepdog","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-sheepdog","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-sheepdog","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-sheepdog","property":"dbcreated"},"secretKey":"dbcreated"}]` | Data defines the connection between the Kubernetes Secret keys and the Provider data | +| postgresql.sheepdogcreds.name | string | `"gen3-postgres-sheepdog"` | External Secrets name for Sheepdog db Creds | +| postgresql.sheepdogcreds.secretStoreRefKind | string | `"ClusterSecretStore"` | Cluster Secret Store type (SecretStore or ClusterSecretStore) | +| postgresql.sheepdogcreds.secretStoreRefName | string | `"gen3"` | Cluster Secret Store name | +| postgresql.sheepdogcreds.targetName | string | `"sheepdog-dbcreds"` | the target describes the secret that shall be created | +| postgresql.wtscreds | map | `{"data":[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-wts","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-wts","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-wts","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-wts","property":"dbcreated"},"secretKey":"dbcreated"}],"name":"gen3-postgres-wts","secretStoreRefKind":"ClusterSecretStore","secretStoreRefName":"gen3","targetName":"wts-dbcreds"}` | Postgres credentials for wts service | +| postgresql.wtscreds.data | list | `[{"remoteRef":{"key":"master-dev-rds","property":"username"},"secretKey":"username"},{"remoteRef":{"key":"master-dev-rds","property":"password"},"secretKey":"password"},{"remoteRef":{"key":"master-dev-rds","property":"port"},"secretKey":"port"},{"remoteRef":{"key":"master-dev-rds","property":"host"},"secretKey":"host"},{"remoteRef":{"key":"dev-service-wts","property":"database"},"secretKey":"database"},{"remoteRef":{"key":"dev-service-wts","property":"serviceusername"},"secretKey":"serviceusername"},{"remoteRef":{"key":"dev-service-wts","property":"servicepassword"},"secretKey":"servicepassword"},{"remoteRef":{"key":"dev-service-wts","property":"dbcreated"},"secretKey":"dbcreated"}]` | Data defines the connection between the Kubernetes Secret keys and the Provider data | +| postgresql.wtscreds.name | string | `"gen3-postgres-wts"` | External Secrets name for WTS db Creds | +| postgresql.wtscreds.secretStoreRefKind | string | `"ClusterSecretStore"` | Cluster Secret Store type (SecretStore or ClusterSecretStore) | +| postgresql.wtscreds.secretStoreRefName | string | `"gen3"` | Cluster Secret Store name | +| postgresql.wtscreds.targetName | string | `"wts-dbcreds"` | the target describes the secret that shall be created | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) From afdd8ad2fe64223b73a2e1f07f67618a61777eef Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 5 Jan 2024 11:02:58 +1100 Subject: [PATCH 130/131] removed environment folder --- environments/dev/.helmignore | 1 - environments/dev/Chart.yaml | 126 -- environments/dev/secrets-values.yaml | 399 ----- environments/dev/templates/_helpers.tpl | 62 - .../dev/templates/global-manifest.yaml | 19 - environments/dev/values.yaml | 1524 ----------------- 6 files changed, 2131 deletions(-) delete mode 100644 environments/dev/.helmignore delete mode 100644 environments/dev/Chart.yaml delete mode 100644 environments/dev/secrets-values.yaml delete mode 100644 environments/dev/templates/_helpers.tpl delete mode 100644 environments/dev/templates/global-manifest.yaml delete mode 100644 environments/dev/values.yaml diff --git a/environments/dev/.helmignore b/environments/dev/.helmignore deleted file mode 100644 index e313c9c5..00000000 --- a/environments/dev/.helmignore +++ /dev/null @@ -1 +0,0 @@ -gen3/ \ No newline at end of file diff --git a/environments/dev/Chart.yaml b/environments/dev/Chart.yaml deleted file mode 100644 index a94bad58..00000000 --- a/environments/dev/Chart.yaml +++ /dev/null @@ -1,126 +0,0 @@ -apiVersion: v2 -name: gen3 -description: Helm chart to deploy Gen3 Data Commons - -# Dependancies -dependencies: -- name: ambassador - version: "0.1.8" - repository: "file://../../helm/ambassador" - condition: ambassador.enabled -- name: arborist - version: "0.1.8" - repository: "file://../../helm/arborist" - condition: arborist.enabled -- name: argo-wrapper - version: "0.1.4" - repository: "file://../../helm/argo-wrapper" - condition: argo-wrapper.enabled -- name: audit - version: "0.1.9" - repository: "file://../../helm/audit" - condition: audit.enabled -- name: aws-es-proxy - version: "0.1.6" - repository: "file://../../helm/aws-es-proxy" - condition: aws-es-proxy.enabled -- name: common - version: "0.1.7" - repository: file://../../helm/common -- name: gen3-external-secrets - version: "0.1.0" - repository: file://../../helm/gen3-external-secrets - condition: external-secrets.enabled -- name: fence - version: "0.1.13" - repository: "file://../../helm/fence" - condition: fence.enabled -- name: guppy - version: "0.1.8" - repository: "file://../../helm/guppy" - condition: guppy.enabled -- name: hatchery - version: "0.1.6" - repository: "file://../../helm/hatchery" - condition: hatchery.enabled -- name: indexd - version: "0.1.10" - repository: "file://../../helm/indexd" - condition: indexd.enabled -- name: manifestservice - version: "0.1.10" - repository: "file://../../helm/manifestservice" - condition: manifestservice.enabled -- name: metadata - version: "0.1.8" - repository: "file://../../helm/metadata" - condition: metadata.enabled -- name: peregrine - version: "0.1.9" - repository: "file://../../helm/peregrine" - condition: peregrine.enabled -- name: pidgin - version: "0.1.7" - repository: "file://../../helm/pidgin" - condition: pidgin.enabled -- name: portal - version: "0.1.7" - repository: "file://../../helm/portal" - condition: portal.enabled -- name: requestor - version: "0.1.8" - repository: "file://../../helm/requestor" - condition: requestor.enabled -- name: revproxy - version: "0.1.11" - repository: "file://../../helm/revproxy" - condition: revproxy.enabled -- name: sheepdog - version: "0.1.10" - repository: "file://../../helm/sheepdog" - condition: sheepdog.enabled -- name: ssjdispatcher - version: "0.1.6" - repository: "file://../../helm/ssjdispatcher" - condition: ssjdispatcher.enabled -- name: sower - version: "0.1.6" - condition: sower.enabled - repository: "file://../../helm/sower" -- name: wts - version: "0.1.10" - repository: "file://../../helm/wts" - condition: wts.enabled - - -- name: elasticsearch - version: "0.1.5" - repository: "file://../../helm/elasticsearch" - condition: global.dev - -- name: postgresql - version: 11.9.13 - repository: "https://charts.bitnami.com/bitnami" - condition: global.dev - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.20 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "master" - diff --git a/environments/dev/secrets-values.yaml b/environments/dev/secrets-values.yaml deleted file mode 100644 index f5c07719..00000000 --- a/environments/dev/secrets-values.yaml +++ /dev/null @@ -1,399 +0,0 @@ -clusterSecretStore: - name: "gen3" - provider: - aws: - service: "SecretsManager" - region: "ap-southeast-2" - auth: - jwt: - serviceAccountRef: - name: "external-secrets-sa" - namespace: "external-secrets" -fence: - fencecreds: - name: gen3-fence-creds - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: fence-creds - data: - - secretKey: creds.json - remoteRef: - key: gen3-fence-creds -postgresql: - mastercreds: - name: gen3-postgres-master - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: postgresql-secret - commonPostgressCreds: AuroraServerlessClusterdevm-eAb5qgt3cDXp - commonClusterCreds: - data: - - secretKey: postgres-username - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: username - - secretKey: postgres-password - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: password - - secretKey: postgres-port - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: port - - secretKey: postgres-host - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: host - fencecreds: - name: gen3-postgres-fence - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: fence-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevf-UlravMUjgrhO - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevf-UlravMUjgrhO - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevf-UlravMUjgrhO - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevf-UlravMUjgrhO - property: host - - secretKey: database - remoteRef: - key: dev-cad-fence - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-fence - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-fence - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-fence - property: dbcreated - indexdcreds: - name: gen3-postgres-indexd - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: indexd-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevi-9OSjwLpIXcIC - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevi-9OSjwLpIXcIC - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevi-9OSjwLpIXcIC - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevi-9OSjwLpIXcIC - property: host - - secretKey: database - remoteRef: - key: dev-cad-indexd - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-indexd - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-indexd - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-indexd - property: dbcreated - peregrinecreds: - name: gen3-postgres-peregrine - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: peregrine-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevp-39s4edfR4V3g - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevp-39s4edfR4V3g - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevp-39s4edfR4V3g - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevp-39s4edfR4V3g - property: host - - secretKey: database - remoteRef: - key: dev-cad-peregrine - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-peregrine - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-peregrine - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-peregrine - property: dbcreated - sheepdogcreds: - name: gen3-postgres-sheepdog - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: sheepdog-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevs-14IQBQ549zKC - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevs-14IQBQ549zKC - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevs-14IQBQ549zKC - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevs-14IQBQ549zKC - property: host - - secretKey: database - remoteRef: - key: dev-cad-sheepdog - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-sheepdog - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-sheepdog - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-sheepdog - property: dbcreated - wtscreds: - name: gen3-postgres-wts - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: wts-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: host - - secretKey: database - remoteRef: - key: dev-cad-wts - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-wts - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-wts - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-wts - property: dbcreated - arboristcreds: - name: gen3-postgres-arborist - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: arborist-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: host - - secretKey: database - remoteRef: - key: dev-cad-arborist - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-arborist - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-arborist - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-arborist - property: dbcreated - auditcreds: - name: gen3-postgres-audit - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: audit-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: host - - secretKey: database - remoteRef: - key: dev-cad-audit - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-audit - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-audit - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-audit - property: dbcreated - metadatacreds: - name: gen3-postgres-metadata - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: metadata-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: host - - secretKey: database - remoteRef: - key: dev-cad-metadata - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-metadata - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-metadata - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-metadata - property: dbcreated - requestorcreds: - name: gen3-postgres-requestor - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: requestor-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: host - - secretKey: database - remoteRef: - key: dev-cad-requestor - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-requestor - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-requestor - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-requestor - property: dbcreated \ No newline at end of file diff --git a/environments/dev/templates/_helpers.tpl b/environments/dev/templates/_helpers.tpl deleted file mode 100644 index 3ae97a91..00000000 --- a/environments/dev/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "gen3.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gen3.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "gen3.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "gen3.labels" -}} -helm.sh/chart: {{ include "gen3.chart" . }} -{{ include "gen3.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "gen3.selectorLabels" -}} -app.kubernetes.io/name: {{ include "gen3.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "gen3.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "gen3.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/environments/dev/templates/global-manifest.yaml b/environments/dev/templates/global-manifest.yaml deleted file mode 100644 index 945088d5..00000000 --- a/environments/dev/templates/global-manifest.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: manifest-global -data: - "environment": {{ .Values.global.environment | quote }} - "hostname": {{ .Values.global.hostname | quote }} - "revproxy_arn": {{ .Values.global.revproxyArn | quote }} - "dictionary_url": {{ .Values.global.dictionaryUrl | quote }} - "portal_app": {{ .Values.global.portalApp | quote }} - "public_datasets": {{ .Values.global.publicDataSets | quote }} - "tier_access_level": {{ .Values.global.tierAccessLevel | quote }} - "tier_access_limit": {{ .Values.global.tierAccessLimit | quote }} - "netpolicy": {{ .Values.global.netPolicy | quote }} - "dispatcher_job_num": {{ .Values.global.dispatcherJobNum | quote }} - "dd_enabled": {{ .Values.global.ddEnabled | quote }} - {{- with .Values.global.origins_allow_credentials }} - "origins_allow_credentials": {{ . | toJson | quote }} - {{- end -}} \ No newline at end of file diff --git a/environments/dev/values.yaml b/environments/dev/values.yaml deleted file mode 100644 index 233df516..00000000 --- a/environments/dev/values.yaml +++ /dev/null @@ -1,1524 +0,0 @@ - -global: - dev: false - hostname: beta.biocommons.org.au - namespace: argocd - aws: - enabled: true - cloudsecrets: - enabled: true - postgres: - dbCreate: true - -peregrine: - dictionaryUrl: https://biocommons-gen3-schema.s3.ap-southeast-2.amazonaws.com/cad/dev/cad.json - -gen3: - enabled: false - -# requestor: -# enabled: false - -# audit: -# enabled: false -pelican: - bucket: sandbox-s3-buckets-pelicancredss3bucketsandboxs3bu-veftfoxeyecg - -clusterSecretStore: - name: "gen3" - provider: - aws: - service: "SecretsManager" - region: "ap-southeast-2" - auth: - jwt: - serviceAccountRef: - name: "external-secrets-sa" - namespace: "external-secrets" -fence: - fencecreds: - name: gen3-fence-creds - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: fence-creds - data: - - secretKey: creds.json - remoteRef: - key: gen3-fence-creds -postgresql: - mastercreds: - name: gen3-postgres-master - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: postgresql-secret - commonPostgressCreds: AuroraServerlessClusterdevm-eAb5qgt3cDXp - commonClusterCreds: - data: - - secretKey: postgres-username - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: username - - secretKey: postgres-password - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: password - - secretKey: postgres-port - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: port - - secretKey: postgres-host - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: host - fencecreds: - name: gen3-postgres-fence - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: fence-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevf-UlravMUjgrhO - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevf-UlravMUjgrhO - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevf-UlravMUjgrhO - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevf-UlravMUjgrhO - property: host - - secretKey: database - remoteRef: - key: dev-cad-fence - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-fence - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-fence - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-fence - property: dbcreated - indexdcreds: - name: gen3-postgres-indexd - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: indexd-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevi-9OSjwLpIXcIC - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevi-9OSjwLpIXcIC - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevi-9OSjwLpIXcIC - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevi-9OSjwLpIXcIC - property: host - - secretKey: database - remoteRef: - key: dev-cad-indexd - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-indexd - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-indexd - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-indexd - property: dbcreated - peregrinecreds: - name: gen3-postgres-peregrine - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: peregrine-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevp-39s4edfR4V3g - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevp-39s4edfR4V3g - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevp-39s4edfR4V3g - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevp-39s4edfR4V3g - property: host - - secretKey: database - remoteRef: - key: dev-cad-peregrine - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-peregrine - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-peregrine - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-peregrine - property: dbcreated - sheepdogcreds: - name: gen3-postgres-sheepdog - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: sheepdog-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevs-14IQBQ549zKC - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevs-14IQBQ549zKC - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevs-14IQBQ549zKC - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevs-14IQBQ549zKC - property: host - - secretKey: database - remoteRef: - key: dev-cad-sheepdog - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-sheepdog - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-sheepdog - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-sheepdog - property: dbcreated - wtscreds: - name: gen3-postgres-wts - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: wts-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: host - - secretKey: database - remoteRef: - key: dev-cad-wts - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-wts - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-wts - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-wts - property: dbcreated - arboristcreds: - name: gen3-postgres-arborist - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: arborist-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: host - - secretKey: database - remoteRef: - key: dev-cad-arborist - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-arborist - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-arborist - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-arborist - property: dbcreated - auditcreds: - name: gen3-postgres-audit - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: audit-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: host - - secretKey: database - remoteRef: - key: dev-cad-audit - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-audit - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-audit - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-audit - property: dbcreated - metadatacreds: - name: gen3-postgres-metadata - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: metadata-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: host - - secretKey: database - remoteRef: - key: dev-cad-metadata - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-metadata - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-metadata - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-metadata - property: dbcreated - requestorcreds: - name: gen3-postgres-requestor - namespace: argocd - secretStoreRefName: gen3 - secretStoreRefKind: ClusterSecretStore - targetName: requestor-dbcreds - data: - - secretKey: username - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: username - - secretKey: password - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: password - - secretKey: port - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: port - - secretKey: host - remoteRef: - key: AuroraServerlessClusterdevm-eAb5qgt3cDXp - property: host - - secretKey: database - remoteRef: - key: dev-cad-requestor - property: database - - secretKey: serviceusername - remoteRef: - key: dev-cad-requestor - property: serviceusername - - secretKey: servicepassword - remoteRef: - key: dev-cad-requestor - property: servicepassword - - secretKey: dbcreated - remoteRef: - key: dev-cad-requestor - property: dbcreated -portal: - enabled: true - resources: - requests: - cpu: 0.2 - memory: 500Mi - gitops: - createdby: iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg== - css: ":root {\n --blue: #4b5196;\n --light-blue: #7986b3;\n --dark-red: #971e1f;\n\ - \ --very-dark-red: #5c1414;\n}\n\n/* Buttons */\n\n.g3-button--primary,\n.g3-dropdown-button__button--primary,\n\ - .data-dictionary__switch-button--active,\n.popup__title, .button-primary-orange\ - \ {\n background-color: var(--blue);\n}\n\n.g3-button--primary:hover,\n.g3-dropdown-button__button--primary:hover,\n\ - .data-dictionary__switch-button:hover,\n.button-primary-orange:hover {\n background-color:\ - \ var(--light-blue)\n}\n\n.g3-button--default:active, .g3-button--default:active\ - \ svg path {\n border: 1px solid var(--blue);\n color: 1px solid var(--blue);\n\ - \ fill: 1px solid var(--blue);\n}\n\n/* Nav Bars and Footer */\n\n.top-bar,\n\ - .top-bar__header,\n.top-icon-button.body-typo {\n background-color: var(--very-dark-red);\n\ - }\n\n.top-bar__link {\n border-right: 2px solid #fff;\n}\n\n.nav-button:hover,\n\ - .button-active,\n.nav-bar__link--home:hover {\n border-bottom: 3px solid var(--blue);\n\ - }\n\n.nav-bar__logo {\n padding: 15px 0;\n}\n\n.nav-bar__logo-img {\n height:\ - \ 50px;\n}\n\n.footer__version-area {\n width: 600px;\n}\n\n.footer {\n background-color:\ - \ var(--blue);\n}\n\n.footer-container {\n background-color: var(--blue)\n}\n\ - \n.footer__nav {\n background-color: var(--blue);\n}\n\n/* Data Explorer */\n\ - \n.filter-group__tab,\n.g3-filter-group__tab {\n border-top: 1px solid var(--blue);\n\ - \ border-right: 1px solid var(--blue);\n border-left: 1px solid var(--blue);\n\ - \ color: var(--blue);\n}\n\n.tier-access-selector__radio-input:checked + .tier-access-selector__customized-radio-input::after\ - \ {\n background-color: var(--blue);\n}\n\n.filter-group__tab--selected,\n.g3-filter-group__tab--selected\ - \ {\n background-color: var(--blue);\n color: #fff;\n}\n\n.aggregation-card\ - \ .bucket-item .bucket-count {\n color: var(--blue);\n}\n\n.aggregation-card\ - \ input[type='checkbox']:checked {\n background: var(--light-blue);\n}\n\n.g3-single-select-filter__checkbox:checked\ - \ {\n background: var(--blue);\n}\n\n.sqon-clear {\n background-color: var(--blue);\n\ - }\n\n.sqon-value {\n background-color: var(--light-blue);\n}\n\n.sqon-value-group,\ - \ .sqon-more, .sqon-less {\n color: var(--blue);\n}\n\n.input-range__track--active,\n\ - .rc-slider-track,\n.g3-single-select-filter__count .g3-icon--under {\n background-color:\ - \ var(--blue);\n}\n\n/* Charts */\n\n/** changes for CAD **/\n.guppy-explorer\ - \ .summary-pie-chart {\n\tmin-width: 30em;\n}\n\n.guppy-explorer .summary-pie-chart__legend-item\ - \ {\n\tmin-width: 9em;\n\tdisplay: inline-block;\n}\n\n.guppy-explorer .recharts-wrapper\ - \ {\n\twidth: 100% !important;\n\theight: 200px !important;\n}\n\n.guppy-explorer\ - \ .recharts-surface {\n\twidth: 100% !important;\n\theight: 200px !important;\n\ - }\n\n/** end of changes for CAD **/\n\ntspan.special-number,\n.special-number,\n\ - .form-special-number,\n.g3-single-select-filter__count {\n color: var(--blue);\n\ - }\n\n.special-number {\n fill: var(--blue);\n}\n\n.data-explorer__charts {\n\ - \ tspan.special-number,\n .special-number,\n .form-special-number {\n color:\ - \ var(--blue);\n }\n\n .special-number {\n fill: var(--blue);\n }\n}\n\n\ - .explorer-button-group__dropdown {\n margin-right: 10px;\n}\n\n/** fix study\ - \ overview on main page **/\n\n.index-page__bar-chart {\n width: 770px;\n padding:\ - \ 0px;\n}\n\n/** add mouse pointer to Study Explorer **/\n.discovery-container\ - \ tr {\n cursor: pointer;\n}\n\n/** increase size of font under discovery search\ - \ bar **/\n.discovery-input-subtitle {\n font-size: 14px;\n}\n" - favicon: !!binary | - QUFBQkFBTUFFQkFBQUFFQUlBQm9CQUFBTmdBQUFDQWdBQUFCQUNBQUtCRUFBSjRFQUFBd01BQUFB - UUFnQUdnbUFBREdGUUFBS0FBQQpBQkFBQUFBZ0FBQUFBUUFnQUFBQUFBQUFBQUFBQUFBQUFBQUFB - QUFBQUFBQUFBQUFBUC8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCjZPam8vLy8vLy8vMDlQVC9i - VzF0LzQyTmpmL1MwdEwvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - L3cKOFBEL1ZGUlUvd2tKQ2YvcjYrdi8vLy8vLzBCQVFQOEFBQUQvQUFBQS8wQkFRUC9WMWRYLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLzl2YjIveE1URS84QUFBRC9aMmRuLy8vLy8v - LzgvUHoveWNuSi8zTnpjLzhJQ0FqL0RBd00vN201dWYvLy8vLy8vLy8vCi8vLy8vLy9yNit2L3Vi - bTUvLy8vLy8rWm1abi9BQUFBL3dBQUFQOU9UazcvbnA2ZS83T3pzLy9lM3Q3L3pjM04veGNYRi84 - TURBei8KMTlmWC8vLy8vLy8vLy8vL2FtcHEveEFRRVAvT3pzNy8vLy8vLzVtWm1mOFlHQmovQUFB - QS93SUNBdjhJQ0FqL0F3TUQvekF3TVArRQpoSVQvQlFVRi8wWkdSdi8vLy8vLy9QejgveEVSRWY4 - QUFBRC9FQkFRLzZTa3BQLzkvZjMvL2YzOS8ram82UC96OC9QLzVlWGwvOG5KCnlmK2dvS0QvVUZC - US94UVVGUDhCQVFILzJkblovLy8vLy8renM3UC9EZzRPL3dBQUFQOEFBQUQvR1JrWi96dzhQUDh5 - TWpML0VCQVEKL3dBQUFQOEhCd2YvRWhJUy94OGZILzhaR1JuL0FBQUEvNWVYbC8vMTlmWC8vLy8v - LytQajQvOXhjWEgvS3lzci94WVdGdjgyTmpiLwpkSFIwLzdLeXN2L2o0K1AvL2YzOS8vLy8vLy8w - OVBUL1lXRmgvd0FBQVA5M2QzZi9vS0NnLzBoSVNQL2UzdDcvLy8vLy8vLy8vLy8vCi8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vOGZIeC84QUFBRC9mSHg4LzhYRnhmOEFB - QUQvaVltSi8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8ram82UC9BQUFBLzZPam8vLzYrdnIvRnhjWAoveW9xS3YvNysvdi8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy9Sa1pHL3dZR0J2L3A2ZW4vCi8vLy8v - NGlJaVA4QUFBRC9nWUdCLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly9vNk9qL3dBQUFQOWwKWldYLy8vLy8vLy8vLy8vNStmbi9PRGc0L3dFQkFmK0FnSUQvK3ZyNi8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vKy92Ny9tWm1aL3dZRwpCdjhqSXlQLzdlM3QvLy8vLy8vLy8v - Ly8vLy8vLyt2cjYvODZPanIvQUFBQS95VWxKZitDZ29ML3M3T3ovN2EydHYrTWpJei9Nakl5Ci93 - QUFBUDhvS0NqLzNOemMvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vK3ZyNi80Mk5qZjhjSEJ6 - L0FBQUEvd0FBQVA4QUFBRC8KQUFBQS94TVRFLzk3ZTN2LzgvUHovLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy9QejgvODdPenYrcApxYW4vcHFhbS84Zkh4Ly81K2Zu - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vOEFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB - CkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB - S0FBQUFDQUFBQUJBQUFBQUFRQWcKQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBUC8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vL2IyOXYvT3pzNy81ZVhsLy9iMjl2Ly8vLy8vLy8vLy8vLy8v - Ly8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8rWGw1 - Zis4dkx6Ly8vLy8vLy8vLy8vLy8vLy8zZDNkL3dFQkFmOEFBQUQvQ3dzTAovek16TS85NmVuci8w - TkRRLy83Ky92Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8rRGc0UDlqWTJQL0NB - Z0kveDBkSGYvNysvdi8vLy8vLy8vLy8vLzkKL2YzL0tDZ28vd0FBQVA4QUFBRC9BQUFBL3dBQUFQ - OENBZ0wvUUVCQS84REF3UC8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy9Cd2NIL0RRME4vd0FBQVA4 - QUFBRC9BQUFBCi83UzB0UC8vLy8vLy8vLy8vLy8vLy8vQ3dzTC9GeGNYL3dBQUFQOEFBQUQvQUFB - QS93QUFBUDhBQUFEL0FnSUMvMkppWXYveTh2TC8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vOXJhMnY4QwpBZ0wvQUFB - QS93QUFBUDhBQUFEL016TXovL3I2K3YvLy8vLy8vLy8vLy8vLy8vL3o4L1AvdExTMC8zRnhjZjhq - SXlQL0FBQUEvd0FBCkFQOEFBQUQvQUFBQS95NHVMdi9nNE9ELy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8wcEtTdjhB - QUFEL0FBQUEvd0FBQVA4QUFBRC9jSEJ3Ly83Ky92Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8v - Ly96OC9QK3NyS3ovSUNBZy93QUFBUDhBQUFEL0FBQUEveU1qSS8vaDRlSC8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vL2g0ZUgvLy8vLy8vLy8vLy8vLy8vL3pzN08v - d2NIQi84QUFBRC9BQUFBL3dBQUFQOEFBQUQvVmxaVy85M2QKM2YvLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy91N3U3L1RrNU8vd0FBQVA4QUFBRC9BQUFBL3pFeE1mLzA5UFQvLy8vLwov - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vc2JHeC94MGRIZi9uNStmLy8vLy8vLy8vLy8vLy8v - Ly9rWkdSL3dFQkFmOEFBQUQvCkFBQUEvd0FBQVA4QUFBRC9CQVFFL3kwdExmOU1URXovV0ZoWS8z - ZDNkLytmbjUvLzI5dmIvLzcrL3YvNysvdi9YVjFkL3dBQUFQOEEKQUFEL0FBQUEvMnBxYXYvLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vWDE5ZjhnSUNEL0FBQUEvejQrUHYvMjl2Yi8vLy8vLy8v - LwovLy8vLy8vL2pvNk8vd1lHQnY4QUFBRC9BQUFBL3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBQUFE - L0FBQUEvd0FBQVA4QkFRSC9MeTh2Ci81T1RrLy94OGZIL1NFaEkvd0FBQVA4QUFBRC9Bd01ELzh2 - THkvLy8vLy8vLy8vLy8vLy8vLy8vLy8vL2taR1Ivd0FBQVA4QUFBRC8KQUFBQS8wMU5UZi8zOS9m - Ly8vLy8vLy8vLy8vLy8vLy8wTkRRLzFaV1Z2OE1EQXovQUFBQS93QUFBUDhBQUFEL0J3Y0gveEFR - RVA4UQpFQkQvREF3TS93QUFBUDhBQUFEL0FBQUEveVVsSmYreHNiSC9GUlVWL3dBQUFQOEFBQUQv - VEV4TS8vLy8vLy8vLy8vLy8vLy8vLzM5Ci9mOG9LQ2ovQUFBQS93QUFBUDhBQUFEL0FBQUEvejgv - UC8vbTV1Yi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vWDE5Zi9ZMk5qL3pNek0KLytIaDRmL3o4L1Av - Ky92Ny8vejgvUC8zOS9mLzR1TGkvN0N3c1A5aFlXSC9EQXdNL3d3TURQOU5UVTMvQUFBQS93QUFB - UDhEQXdQLwozTnpjLy8vLy8vLy8vLy8vOC9Qei94c2JHLzhBQUFEL0FBQUEvd0FBQVA4QUFBRC9B - QUFBL3hZV0Z2K1hsNWYvOWZYMS8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vcjYr - di9kM2QzL3Y3Ky8vNmlvcVAram82UC9xS2lvLzhqSXlQL2EydHIvVDA5UC93UUUKQlA4QUFBRC9B - QUFBL3dBQUFQK0ppWW4vLy8vLy8vLy8vLy8vLy8vLzA5UFQveGtaR2Y4QUFBRC9BQUFBL3dBQUFQ - OEFBQUQvQUFBQQovd0FBQVA4VEV4UC9VbEpTLzNWMWRmOTdlM3YvYzNOei8xZFhWLzh6TXpQL0Rn - NE8vd0VCQWY4QUFBRC9BQUFBL3dBQUFQOEFBQUQvCkFBQUEvd3dNRFA5Z1lHRC9Ta3BLL3dBQUFQ - OEFBQUQvQUFBQS8wZEhSLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8zOS9mL3prNU9mOEEKQUFEL0FB - QUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4 - QUFBRC9BQUFBL3dBQQpBUDhLQ2dyL0V4TVQveWNuSi84aUlpTC9FQkFRL3dFQkFmOFdGaGIvQlFV - Ri93QUFBUDhBQUFEL0dob2EvLzM5L2YvLy8vLy8vLy8vCi8vLy8vLy8vLy8vLyt2cjYvNVNVbFA4 - ZEhSMy9BQUFBL3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4UUVCRC8KU1Vs - Si8zOS9mLyt4c2JILzNkM2QvL2IyOXYvKy92Ny8vLy8vLy8vLy8vLzgvUHovMU5UVS8xSlNVdjhB - QUFEL0FBQUEvd0FBQVA4QwpBZ0wvOHZMeS8vLy8vLy9WMWRYLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly9qNCtQK3hzYkgvYkd4cy8wRkJRZjhvS0NqL01EQXcvMUJRClVQK0lpSWoveXNySy8vajQrUC8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLysvdjcK - L3pZMk52OEFBQUQvQUFBQS93QUFBUC9xNnVyLy8vLy8vems1T2Y5UlVWSC96TXpNLy83Ky92Ly8v - Ly8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8v - Ly8vaW9xSy93QUFBUDhBQUFEL0FBQUEvKzN0N2YvLy8vLy9TRWhJL3dBQUFQOENBZ0wvZlgxOS8v - Ly8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLytWbFpYL0FBQUEvd0FBQVA4TURBei85L2YzLy8vLy8vOXdjSEQvCkFBQUEvd0FBQVA4NU9U - bi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vMjF0YmY4QUFBRC9BQUFBL3l3cwpMUC8vLy8vLy8vLy8vNmVucC84QUFBRC9BQUFBL3dZ - R0J2L282T2ovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vOS9mMy8KSXlNai93QUFBUDhBQUFEL1ltSmkvLy8vLy8vLy8vLy82K3ZyL3dnSUNQOEFBQUQv - QUFBQS80eU1qUC8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8v - Ly8vLy84akl5UDhCQVFIL0FBQUEvd0FBQVArdnI2Ly8vLy8vLy8vLy8vLy8vLy8vVTFOVC93QUFB - UDhBQUFEL0d4c2IKLy9EdzhQLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8rL3Y3L1QwOVAvd0FBQVA4QUFBRC9HQmdZLy9iMjl2Ly8vLy8vLy8vLy8vLy8vLy9ICng4Zi9B - Z0lDL3dBQUFQOEFBQUQvYVdscC8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vNnVycS84QkFRSC9BQUFBL3dBQUFQK0VoSVQvLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8v - OVhWMWYvQUFBQS93QUFBUDhCQVFIL25aMmQvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - UjBkSC9FQkFRL3dBQUFQOEEKQUFEL0lDQWcvL0x5OHYvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8rZm41LzhaR1JuL0FBQUEvd0FBQVA4RkJRWC9tNXViLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy95TWpJ - Ci94a1pHZjhBQUFEL0FBQUEvd1FFQlArNXVibi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vOEhCd2Y4SUNBai8KQUFBQS93QUFBUDhCQVFIL1kyTmovK3pzN1AvLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vK3ZyNi81Q1FrUDhM - Q3d2L0FBQUEvd0FBQVA4QkFRSC9oNGVILy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vCi8vLy8vLy8vLy8vLy83R3hzZjhKQ1FuL0FBQUEvd0FBQVA4QUFBRC9FeE1ULzRDQWdQL2Qz - ZDMvLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vN3U3dS81MmRuZjh0TFMzL0FBQUEv - d0FBQVA4QUFBRC9BUUVCLzNWMWRmLysvdjcvLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vOFhGeGY4Y0hCei9BQUFBL3dBQUFQOEFBQUQvQUFBQS93 - TURBLzhxCktpci9XVmxaLzNaMmR2OTRlSGovWW1KaS96azVPZjhKQ1FuL0FBQUEvd0FBQVA4QUFB - RC9BQUFBL3dnSUNQK1ZsWlgvL3Y3Ky8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLyt2cjYvOWhZV0gvQkFRRQovd0FBQVA4QUFB - RC9BQUFBL3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dB - QUFQODdPenYvCno4L1AvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vUTBORC9ZV0ZoL3hB - UUVQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dVRgpCZjlHUmti - L3RMUzAvLzM5L2YvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - OVBUMC83aTR1UCtEZzRQL1lXRmgvMFpHUnY5RVJFVC8KV0ZoWS8zZDNkLytwcWFuLzZPam8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8v - LzhBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQpB - QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB - QUFBQUFBQUFBQUFBQUFBQUFBCkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB - QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUEKQUFBQUFBQUFBQUFBQUFBQUFB - QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB - QQpBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB - QUFBQUFLQUFBQURBQUFBQmdBQUFBCkFRQWdBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB - QUFQLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLwovLy8vLy8vLyt2cjYvKzd1N3YveTh2TC85L2YzLy92NysvLysvdjcvLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLwovLy8vL3Y3Ky8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy95OHZMLzA1T1R2OVpX - Vm4vYVdscC8zbDVlZitabVpuL3ZMeTgvK25wCjZmLzkvZjMvLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8ram82UCtSa1pIL3FhbXAvLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vMHRMUy93TURBLzhBCkFBRC9BQUFBL3dJQ0F2OEpDUW4vRkJRVS95 - a3BLZjlxYW1yL3k4dkwvLzM5L2YvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vcjYrdi9hMnRy - L2ZuNSsveFVWRmY4QUFBRC9SRVJFLy96OC9QLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8rUGo0L3ln - b0tQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9CUVVGLzBkSFIvKzcKdTd2 - LzhmSHgvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLzUrZm4vNGlJaVA4cUtpci9BZ0lDCi93QUFBUDhBQUFEL0Nnb0svOUxT - MHYvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy81NmVudjhPRGc3L0FBQUEvd0FBQVA4QUFBRC8K - QUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4UkVSSC9YRnhjLzhIQndmLzcrL3YvLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLysvdjcvZFhWMS93Y0hC - LzhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBLzJabVp2LzkvZjMvLy8vLy8vLy8vLy8vLy8vLy8v - Ly8KLy9UMDlQK0lpSWovRUJBUS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQ - OEFBQUQvQVFFQi94d2NIUCtQajQvLworUGo0Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vL3E2dXIvd0VCQWY4QUFBRC9BQUFBL3dBQUFQOEFBQUQvQUFB - QS94c2IKRy8vSHg4Zi8vdjcrLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8rL3Y3LzN0N2UvNU9Uay85 - UVVGRC9KaVltL3hBUUVQOERBd1AvQUFBQQovd0FBQVA4QUFBRC9BQUFBL3dBQUFQOEZCUVgvYzNO - ei8rM3Q3Zi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy84Zkh4 - L3lrcEtmOEEKQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dNREEvOVpXVm4vN2UzdC8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy84L1B6LzQrUGovNit2ci85c2JHei9IaDRl - L3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0F3TUQvMXRiVy8vZjM5Ly8vLy8vCi8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vNW1abWY4REF3UC9BQUFBL3dBQUFQOEFB - QUQvQUFBQS93QUFBUDhJQ0FqL2NIQncvL3Y3Ky8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLzI5dmIvMHRMUy8xSlNVdjhFQkFUL0FBQUEvd0FBCkFQOEFB - QUQvQUFBQS93VUZCZjlkWFYzLzd1N3UvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vRHc4UC8rL3Y3Ly8vLy8vLy8vLy8vLy8v - Ly8vLy8vLytibTV2ODdPenYvQVFFQi93QUFBUDhBQUFELwpBQUFBL3dBQUFQOEFBQUQvQVFFQi8x - cGFXdi9aMmRuLytmbjUvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8v - Ly8vLy8vLy9YMTlmK0Nnb0wvRXhNVC93QUFBUDhBQUFEL0FBQUEvd0FBQVA4REF3UC9lSGg0Ly9u - NStmLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - LzRPRGcvMTVlWHYvVjFkWC8vLy8vLy8vLy8vLy8vLy8vLy8vLwovL3o4L1ArcnE2di9GUlVWL3dB - QUFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0lDQXY4cUtpci9jM056LzZXbHBmKy92Ny8v - CnpzN08vOWJXMXYvajQrUC85ZlgxLy83Ky92Ly8vLy8vLy8vLy8vLy8vLy8zOS9mL282T2oveHdj - SFA4QUFBRC9BQUFBL3dBQUFQOEEKQUFEL0NBZ0kvNWVYbC8vOC9Qei8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vMzkvZi9XbHBhL3dVRgpCZjlrWkdULzh2THkvLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLzQrUGovaTR1TC93TURBLzhBQUFEL0FBQUEvd0FBQVA4QUFBRC9B - QUFBCi93QUFBUDhBQUFEL0FnSUMvdzBORGY4VkZSWC9HaG9hL3gwZEhmOGxKU1gvTVRFeC8xWldW - ditOalkzLzFOVFUvL3o4L1AvLy8vLy8KL2YzOS83aTR1UDhjSEJ6L0FBQUEvd0FBQVA4QUFBRC9B - QUFBL3lBZ0lQL0t5c3IvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vNysv - dit1cnE3L0VSRVIvd0FBQVA4R0JnYi9rcEtTLy9yNit2Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy92 - NysvNHFLCml2OFRFeFAvQVFFQi93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQ - OEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEKL3dBQUFQOEFBQUQvQkFRRS96YzNOLytXbHBiLzNk - M2QvL2YzOS8rZ29LRC9FQkFRL3dBQUFQOEFBQUQvQUFBQS93SUNBdjltWm1iLwo5UFQwLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vKzd1N3Y5UVVGRC9BUUVCL3dBQUFQOEFBQUQvRGc0 - Ty81V1ZsZi8zCjkvZi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vZjM5LytvcUtqL1BqNCsvd1VGQmY4 - QUFBRC9BQUFBL3dBQUFQOEFBQUQvQUFBQS93QUEKQVA4QUFBRC9BQUFBL3dBQUFQOEFBQUQvQUFB - QS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4REF3UC9LaW9xLzRDQWdQL1UxTlQvYzNOegovd0VCQWY4 - QUFBRC9BQUFBL3dBQUFQOFlHQmoveHNiRy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - LzcrL3YvOE5EUTMvCkFBQUEvd0FBQVA4QUFBRC9BQUFBL3hJU0V2K1dscGIvK3ZyNi8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vOC9Qei81K2ZuLzZhbXB2OUQKUTBQL0N3c0wvd0FBQVA4QUFBRC9BQUFB - L3dBQUFQOENBZ0wvRVJFUi94a1pHZjhjSEJ6L0d4c2IveFlXRnY4SUNBai9BQUFBL3dBQQpBUDhB - QUFEL0FBQUEvd1lHQnY4OVBUMy94TVRFL3pnNE9QOEFBQUQvQUFBQS93QUFBUDhCQVFIL1hGeGMv - LzcrL3YvLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy92NysvMXhjWFA4QUFBRC9BQUFBL3dBQUFQOEFB - QUQvQUFBQS93QUFBUDhQRHcvL2s1T1QvL0h4OGYvLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vOS9mMy81dWJtLzhYRnhmK21wcWIvdGJXMS84bkp5Zi9iMjl2LzcrL3YvL2YzOS8vNgor - dnIvK3ZyNi8vVDA5UC9rNU9UL3lNakkvNHlNalA5S1Nrci9IUjBkL3djSEIvOEFBQUQvSVNFaC80 - T0RnLzhMQ3d2L0FBQUEvd0FBCkFQOEFBQUQvQ2dvSy85dmIyLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly82ZW5wL3hFUkVmOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEKL3dBQUFQOEFBQUQvQmdZRy8y - QmdZUC9LeXNyLy9QejgvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - LwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy83 - Ky92LzQrUGovMGRIUi80ZUhoLzh2Ckx5Ly9BZ0lDL3hzYkcvOFdGaGIvQUFBQS93QUFBUDhBQUFE - L0FBQUEvNENBZ1AvKy92Ny8vLy8vLy8vLy8vLy8vLy8vOXZiMi8waEkKU1A4QUFBRC9BQUFBL3dB - QUFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd01EQS84Z0lDRC9lbnA2LytYbDVmLysvdjcv - Ly8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy85L2YzLzgvUHovOVBU - MC8rc3JLei9pWW1KLzNCd2NQOXBhV24vCloyZG4vMnhzYlArRWhJVC9yYTJ0LytEZzRQL1UxTlQv - VEV4TS93RUJBZjhCQVFIL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3pZMk52L3kKOHZMLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLytQajQvOUZSVVgvQXdNRC93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9B - QUFBL3dBQQpBUDhBQUFEL0FBQUEveEFRRVA5VVZGVC9scGFXLzcyOXZmL0d4c2IveU1qSS83Ky92 - LytycTZ2L2hZV0YvMk5qWS84ME5EVC9EUTBOCi93TURBLzhBQUFEL0FBQUEvd0FBQVA4QUFBRC9B - QUFBL3dBQUFQOEFBQUQvQUFBQS93b0tDdjlLU2tyL3NMQ3cvMVJVVlA4RkJRWC8KQUFBQS93QUFB - UDhBQUFEL0FBQUEveHNiRy8vUTBORC8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vNysvdi9WMWRYL1ZG - UlUvd01EQS84QQpBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQ - OEFBQUQvQVFFQi93SUNBdjhEQXdQL0F3TUQvd0lDCkF2OEJBUUgvQUFBQS93QUFBUDhBQUFEL0FB - QUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEKL3dBQUFQ - OEFBQUQvQ2dvSy8wcEtTdjhuSnlmL0FRRUIvd0FBQVA4QUFBRC9BQUFBL3c4UEQvK3JxNnYvLy8v - Ly8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vN2UzdC80YUdodjhRRUJEL0FBQUEvd0FBQVA4 - QUFBRC9BQUFBL3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBCkFBRC9BQUFBL3dBQUFQOEFBQUQvQUFB - QS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQOEFBQUQvQUFBQS93ME4KRGY4 - YUdoci9JU0VoL3o0K1B2OUdSa2IvTURBdy94MGRIZjhPRGc3L0FRRUIvd01EQS84TURBei9BUUVC - L3dBQUFQOEFBQUQvQUFBQQovd2NIQi8rU2twTC8vdjcrLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vL3o4L1ArN3U3di9QVDA5L3c4UEQvOEJBUUgvCkFBQUEvd0FBQVA4QUFBRC9BQUFB - L3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QkFRSC9DQWdJL3hVVkZmOGkK - SWlML1EwTkQvM0J3Y1Ara3BLVC96OC9QLyt2cjYvLzUrZm4vL3Y3Ky8vLy8vLy8vLy8vLy8vLy8v - L3o4L1AvbzZPai9vS0NnL3pjMwpOLzhHQmdiL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dFQkFmOTNk - M2YvKy92Ny8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLzd1N3Uv - NmlvcVA5Z1lHRC9KU1VsL3dVRkJmOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4Q0Fn - TC8KRnhjWC8wRkJRZjlxYW1yL2xKU1UvNzYrdnYvaTR1TC8rZm41Ly8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vK1BqNC85WVdG - ai9CQVFFL3dBQUFQOEFBQUQvQUFBQS93QUFBUDl1Ym03LytmbjUvLy8vCi8vL1QwOVAveGNYRi8v - Nysvdi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy83Ky92L3o4L1AvMzkvZi83eTh2UCtLaW9y - L1pHUmsKLzBORFEvOURRMFAvVjFkWC8zdDdlLytycTZ2LzF0YlcvK3JxNnYvMzkvZi8vdjcrLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vL0p5Y24vR3hzYi93QUFBUDhBCkFBRC9BQUFBL3dB - QUFQOXFhbXIvK1BqNC8vLy8vLysxdGJYL0Z4Y1gvMkJnWVAvTnpjMy85UFQwLy8vLy8vLy8vLy8v - Ly8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8v - Ly8vNCtQai9PVGs1L3dBQUFQOEFBQUQvQUFBQS93QUFBUDl0YlczLytmbjUvLy8vLy8rK3ZyNy9G - UlVWL3dFQkFmOGMKSEJ6L1ltSmkvN0N3c1AvNysvdi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLysvdjcvVmxaVy93QUFBUDhBQUFEL0FB - QUEvd0VCQWY5emMzUC8KK3ZyNi8vLy8vLy9OemMzL0dob2Evd0FBQVA4QUFBRC9BUUVCL3kwdExm - L2k0dUwvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy85L2YzL1MwdEwKL3dBQUFQOEFBQUQvQUFBQS93WUdCditMaTR2Ly9mMzkvLy8vLy8v - bjUrZi9KU1VsL3dBQUFQOEFBQUQvQUFBQS94Y1hGLy9EdzhQLwovLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ci8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vL3g4ZkgvTHk4di93QUFBUDhB - QUFEL0FBQUEvd3dNRFAraW9xTC8vLy8vLy8vLy8vLzQrUGovUTBORAovd0FBQVA4QUFBRC9BQUFB - L3drSkNmK1dscGIvL3Y3Ky8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy9KeWNuL0dSa1ovd0FBQVA4QUFBRC9BQUFBL3hjWApGLy9GeGNYLy8vLy8v - Ly8vLy8vLy8vLy9mMzkvL3dBQUFQOEFBQUQvQUFBQS93RUJBZjlnWUdELzlQVDAvLy8vLy8vLy8v - Ly8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLzcrL3YrVAprNVAvQ0FnSS93 - QUFBUDhBQUFEL0FBQUEveWtwS2YvcDZlbi8vLy8vLy8vLy8vLy8vLy8vejgvUC93VUZCZjhBQUFE - L0FBQUEvd0FBCkFQOGpJeVAvMmRuWi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vTHk4djlaV1ZuL0FRRUIvd0FBQVA4QUFBRC9BQUFBLzJWbFpmLzkvZjMv - Ly8vLy8vLy8vLy8vCi8vLy8rdnI2L3pzN08vOEFBQUQvQUFBQS93QUFBUDhEQXdQL2dvS0MvLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vODNOemY4Y0hCei9B - QUFBL3dBQUFQOEFBQUQvCkJRVUYvNysvdi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy82T2pv - LzhFQkFUL0FBQUEvd0FBQVA4QUFBRC9GQlFVLzlmWDEvLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwov - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vZjM5Ci8xeGNYUDhCQVFIL0FBQUEvd0FBQVA4QUFBRC9QVDA5Ly9uNStm - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vK1hsNWY4MU5UWC8KQUFBQS93QUFBUDhBQUFEL0FB - QUEvMHhNVFAvdjcrLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - LwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy85L2YzL3A2ZW4vd0lDQXY4 - QUFBRC9BQUFBL3dBQUFQOElDQWovckt5cy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8v - Ly8vcjYrditNakl6L0NRa0ovd0FBQVA4QUFBRC9BQUFBL3dvS0N2K0lpSWovK1BqNC8vLy8vLy8v - Ly8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLzcrL3YvRnhjWC9KU1VsL3dBQUFQOEFBQUQvQUFBQS93RUIKQWY5S1Nrci82K3Zy - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vbTV1Yi9ORFEwL3dBQUFQOEFB - QUQvQUFBQQovd0FBQVA4VkZSWC9yS3lzLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLytMaTR2OUEKUUVEL0FnSUMv - d0FBQVA4QUFBRC9BQUFBL3hBUUVQK3NyS3ovL2YzOS8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLwovLy8vLy8vL3Y3Ky8veEFRRVA4QUFBRC9BQUFBL3dBQUFQOEFBQUQvREF3TS82 - eXNyUC8zOS9mLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8v - Ly8vLy85L2YzLzNkM2QvMFJFUlA4QUFBRC9BQUFBL3dBQUFQOEFBQUQvQWdJQy8yUmtaUC80K1Bq - Ly8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vdjcrLzVD - UWtQOE9EZzcvQUFBQS93QUFBUDhBQUFEL0FBQUEveFVWCkZmK0RnNFAvN096cy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vL241K2YrMnRyYi9OVFUxL3dBQUFQOEFBQUQv - QUFBQS93QUFBUDhCQVFILwpSMGRILytqbzZQLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vTHk4djl1CmJtNy9CUVVGL3dBQUFQOEFBQUQv - QUFBQS93QUFBUDhLQ2dyL1IwZEgvODNOemYvKy92Ny8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8K - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy84 - Zkh4LzMxOWZmOFlHQmovQVFFQgovd0FBQVA4QUFBRC9BQUFBL3dBQUFQODNOemYvMTlmWC8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vL3M3T3ovVjFkWC93VUZCZjhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3cwTkRm - OXcKY0hELzB0TFMvL0R3OFAvOC9Qei8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vKy92Ny85L2YzLytMaQo0ditob2FIL0t5c3Ivd0FBQVA4QUFBRC9BQUFBL3dBQUFQ - OEFBQUQvQUFBQS95WW1Kdis4dkx6Ly92NysvLy8vLy8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLzdlM3QvM0p5Y3Y4 - UUVCRC8KQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QkFRSC9HUmtaLzFOVFUvK0lpSWovc3JL - eS85VFUxUC9uNStmLzgvUHovL1B6OC8vdAo3ZTMvMjl2Yi84TEN3ditibTV2L2EydHIvekF3TVA4 - SEJ3Zi9BQUFBL3dBQUFQOEFBQUQvQUFBQS93QUFBUDhDQWdML1B6OC8vOFhGCnhmLzkvZjMvLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vVDA5UCtZbUpqL0V4TVQvd0FBQVA4QUFBRC9BQUFB - L3dBQUFQOEFBQUQvQUFBQS93QUFBUDhHQmdiLwpFUkVSL3gwZEhmOG5KeWYvTHk4di95OHZMLzhy - S3l2L0lDQWcveFlXRnY4S0Nnci9BUUVCL3dBQUFQOEFBQUQvQUFBQS93QUFBUDhBCkFBRC9BQUFB - L3dVRkJmOWNYRnovMzkvZi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vKy92Ny95TWpJL3pvNk92OExDd3YvQUFBQQovd0FBQVA4QUFBRC9BQUFBL3dBQUFQOEFB - QUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQOEFBQUQvCkFBQUEv - d0FBQVA4QUFBRC9BQUFBL3dBQUFQOEVCQVQvSGg0ZS80dUxpLy8wOVBULy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vK3pzN1ArWW1K - ai9QejgvL3dnSUNQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBCi93 - QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQOEFBQUQvQVFFQi95TWpJLzkwZEhU - L3pzN08vLzcrL3YvLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLzgvUHovNmVucC83UzB0UDlSVVZIL0RRME4vd0FB - CkFQOEFBQUQvQUFBQS93QUFBUDhBQUFEL0FBQUEvd0FBQVA4QUFBRC9BQUFBL3dBQUFQOEFBQUQv - QUFBQS93TURBLzh1TGk3L2pvNk8KLzl6YzNQLzM5L2YvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vCi8vLy8vLy8vLy8vLy8vLysvdjcvNCtQai81cWFtdjlkWFYzL016TXoveUlpSXY4Ykd4di9G - eGNYL3hZV0Z2OFpHUm4vSHg4Zi95Z28KS1A5TFMwdi9nSUNBLzhyS3l2LzM5L2YvLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vOS9mMy84L1B6LytUazVQL1IKMGRIL3hNVEUvOExDd3YvS3lzci8zZDNkLyszdDdm - LzYrdnIvLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8KLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLwovLy8vLy8v - Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8v - Ly8vLy8vLy8vLy8vCi8vLy8vLy8vLy8vLy93QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB - QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUEKQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB - QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQpBQUFB - QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB - QUFBQUFBQUFBQUFBQUFBCkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB - QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUEKQUFBQUFBQUFBQUFBQUFBQUFBQUFB - QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQpB - QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB - QUFBQUFBQUFBQUFBQUFBQUFBCkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB - QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUEKQUFBQUFBQUFBQUFBQUFBQUFB - QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB - QQpBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB - QUFBQUFBQUFBQUFBQUFBQUFBQUFBCkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB - QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUEKQUFBQUFBQUFBQUFBQUFB - QUFBQUFBQT09Cg== - json: "{\n \"gaTrackingId\": \"UA-119127212-17\",\n \"graphql\": {\n \"boardCounts\"\ - : [\n {\n \"graphql\": \"_subject_count\",\n \"name\": \"\ - Subject\",\n \"plural\": \"Subjects\"\n }\n ],\n \"chartCounts\"\ - : [\n {\n \"graphql\": \"_subject_count\",\n \"name\"\ - : \"Subject\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n\ - \ },\n \"useArboristUI\": true,\n \"showArboristAuthzOnProfile\": true,\n \ - \ \"showFenceAuthzOnProfile\": false,\n \"components\": {\n \"appName\": \"\ - Australian Cardiovascular disease Data Commons\",\n \"index\": {\n \"\ - introduction\": {\n \"heading\": \"Australian Cardiovascular disease Data\ - \ Commons\",\n \"text\": \"This data sharing platform supports the management,\ - \ analysis and sharing of Australian Coronary Artery Disease (CAD) cohorts as\ - \ part of the Australian Cardiovascular Alliance (ACvA) Precision Medicine flagship.\"\ - \n },\n \"buttons\": [\n {\n \"name\": \"View Studies\"\ - ,\n \"icon\": \"stage-access\",\n \"body\": \"Use the Study\ - \ Explorer to view summary information about the information collected across\ - \ the ACDC cohorts and apply for access.\",\n \"link\": \"/discovery\"\ - ,\n \"label\": \"Explore studies\",\n \"color\": \"#4b5196\"\ - \n },\n {\n \"name\": \"Explore Data\",\n \"icon\"\ - : \"stage-explore\",\n \"body\": \"The Data Explorer allows you to explore\ - \ and filter data by the harmonised variables. Detailed information is only available\ - \ after gaining access to a particular study.\",\n \"link\": \"/explorer\"\ - ,\n \"label\": \"Explore data\",\n \"color\": \"#4b5196\"\n\ - \ },\n {\n \"name\": \"Understand Variables\",\n \ - \ \"icon\": \"stage-planning\",\n \"body\": \"The platform has a harmonised\ - \ data dictionary that describes the captured variables across all studies. Please\ - \ study the dictionary before you start browsing.\",\n \"link\": \"/DD\"\ - ,\n \"label\": \"Explore variables\",\n \"color\": \"#4b5196\"\ - \n },\n {\n \"name\": \"Analyze Data\",\n \"icon\"\ - : \"stage-analyze\",\n \"body\": \"Analyze your selected subjects using\ - \ Jupyter Notebooks in our secure cloud environment\",\n \"link\": \"\ - /workspace\",\n \"label\": \"Launch workspace\",\n \"color\"\ - : \"#4b5196\"\n }\n ],\n \"homepageChartNodes\": [\n {\n\ - \ \"node\": \"subject\",\n \"name\": \"Subjects\"\n },\n\ - \ {\n \"node\": \"sample\",\n \"name\": \"Samples\"\n\ - \ }\n ]\n },\n \"navigation\": {\n \"title\": \"Australian\ - \ Cardiovascular disease Data Commons\",\n \"items\": [\n {\n \ - \ \"icon\": \"query\",\n \"link\": \"/discovery\",\n \"\ - color\": \"#a2a2a2\",\n \"name\": \"Study Explorer\"\n },\n \ - \ {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\"\ - ,\n \"color\": \"#4b5196\",\n \"name\": \"Data Explorer\"\n\ - \ },\n {\n \"icon\": \"dictionary\",\n \"link\"\ - : \"/DD\",\n \"color\": \"#4b5196\",\n \"name\": \"Data Dictionary\"\ - \n },\n {\n \"icon\": \"workspace\",\n \"link\"\ - : \"#hostname#workspace/\",\n \"color\": \"#4b5196\",\n \"name\"\ - : \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \ - \ \"link\": \"/identity\",\n \"color\": \"#4b5196\",\n \ - \ \"name\": \"Profile\"\n }\n ]\n },\n \"login\": {\n \ - \ \"title\": \"Australian Cardiovascular disease Data Commons (dev environment)\"\ - ,\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\":\ - \ \"This data sharing platform supports the management, analysis and sharing of\ - \ Australian Coronary Artery Disease (CAD) cohorts as part of the Australian Cardiovascular\ - \ Alliance (ACvA) Precision Medicine flagship.\",\n \"contact\": \"If you\ - \ have any questions about access or the registration process, please contact\ - \ \",\n \"email\": \"gen3-support@biocommons.org.au\"\n },\n \"categorical9Colors\"\ - : [\n \"#0A2463\",\n \"#A31621\",\n \"#3E92CC\",\n \"#E2711D\"\ - ,\n \"#40476D\",\n \"#FFA630\",\n \"#AE8799\",\n \"#1A535C\"\ - ,\n \"#462255\"\n ],\n \"categorical2Colors\": [\n \"#0A2463\"\ - ,\n \"#A31621\"\n ],\n \"footerLogos\": [\n {\n \"src\"\ - : \"/src/img/gen3.png\",\n \"href\": \"https://gen3.org/\",\n \"\ - alt\": \"Gen3 Data Commons\"\n }\n ,\n {\n\t\"src\": \"/src/img/sponsors/gitops-sponsors/acva.png\"\ - ,\n\t\"href\": \"https://ozheart.org\",\n\t\"alt\": \"ACvA\"\n }\n ,\n\ - \ {\n \"src\": \"/src/img/sponsors/gitops-sponsors/ausbiocommons.png\"\ - ,\n \"href\": \"https://www.biocommons.org.au\",\n \"alt\": \"Australian\ - \ BioCommons\"\n }\n ]\n },\n \"featureFlags\": {\n \"explorer\"\ - : true,\n \"analysis\": true,\n \"discovery\": true\n },\n \"explorerConfig\"\ - : [\n {\n \"tabTitle\": \"Subjects\",\n \"charts\": {\n \"\ - project_id\": {\n \"chartType\": \"stackedBar\",\n \"title\"\ - : \"Subjects per Study\"\n },\n \"node_id\": {\n \"chartType\"\ - : \"count\",\n \"title\": \"Subjects\"\n },\n \"sex\":\ - \ {\n \"chartType\": \"stackedBar\",\n \"title\": \"Sex\"\n\ - \ },\n \"smoking_status\":{\n \"chartType\": \"stackedBar\"\ - ,\n \"title\": \"Smoking Status\",\n\t \"outerRadius\": 50\n \ - \ },\n \"hypertension\":{\n \"chartType\": \"stackedBar\",\n\ - \ \"title\": \"Hypertension Status\"\n },\n \"diabetes_type\"\ - :{\n \"chartType\": \"stackedBar\",\n \"title\": \"Diabetes\ - \ Type\"\n }\n },\n \"filters\": {\n \"tabs\": [\n \ - \ {\n \"title\": \"Study Info\",\n \"fields\":[\n\ - \ \"project_id\",\n \"_measured_lipids\",\n \ - \ \"_measured_proteins\",\n \"_measured_metabolites\",\n \ - \ \"_measured_serum_markers\",\n \"data_format\",\n \ - \ \"data_type\",\n \"data_category\",\n \"\ - _aligned_reads_files_count\",\n \"_lipidomics_files_count\",\n \ - \ \"_proteomics_files_count\",\n \"_metabolomics_files_count\"\ - ,\n \"_serum_marker_files_count\"\n ]\n },\n\ - \ {\n \"title\": \"Demographic\",\n \"fields\"\ - :[\n \"sex\",\n \"baseline_age\",\n \"\ - bmi_baseline\",\n \"education\",\n \"height_baseline\"\ - ,\n \"height_measurement_type\",\n \"weight_baseline\"\ - ,\n \"weight_measurement_type\"\n ]\n },\n \ - \ {\n \"title\": \"Blood Pressure\",\n \"fields\"\ - :[\n \"_blood_pressure_tests_count\",\n \"max_sbp\"\ - ,\n \"min_sbp\",\n \"max_dbp\",\n \"min_dbp\"\ - \n ]\n },\n {\n \"title\": \"Lab result\"\ - ,\n \"fields\":[\n \"_lab_results_count\",\n \ - \ \"max_total_cholesterol\",\n \"max_ldl_c\",\n \ - \ \"max_hdl_c\",\n \"max_trigs\",\n \"max_egfr\",\n\ - \ \"max_creatinine_serum_jaffe\",\n \"max_creatinine_serum_enzymatic\"\ - ,\n \"max_creatinine_urinary\",\n \"max_hba1c_mmol\"\ - ,\n \"max_hba1c_percent\"\n ]\n },\n \ - \ {\n \"title\": \"Lifestyle\",\n \"fields\":[\n \ - \ \"smoking_status\",\n \"cigarettes_per_day\",\n \ - \ \"drinking_current\"\n ]\n },\n {\n \ - \ \"title\": \"Medical\",\n \"fields\":[\n \"diabetes\"\ - ,\n \"diabetes_type\",\n \"incident_diabetes\",\n \ - \ \"hypertension\",\n \"angina\",\n \"stroke\"\ - ,\n \"myocardial_infarction\"\n ]\n },\n \ - \ {\n \"title\": \"Medication\",\n \"fields\": [\n\ - \ \"lipid_lowering_medication\",\n \"antihypertensive_meds\"\ - ,\n \"diabetes_therapy\"\n ]\n }\n ]\n\ - \ },\n \"table\": {\n \"enabled\": true,\n \"fields\"\ - :[\n \"node_id\",\n \"sex\",\n \"baseline_age\",\n\ - \ \"smoking_status\",\n \"drinking_current\",\n \"\ - angina\",\n \"hypertension\",\n \"diabetes\",\n \"\ - myocardial_infarction\",\n \"stroke\",\n \"antihypertensive_meds\"\ - ,\n \"diabetes_therapy\",\n \"lipid_lowering_medication\",\n\ - \ \"max_hdl_c\",\n \"max_total_cholesterol\",\n \"\ - max_trigs\",\n \"max_fasting_glucose\",\n \"max_hba1c_percent\"\ - , \n \"max_sbp\",\n \"max_dbp\",\n \"bmi_baseline\"\ - ,\n \"all_sbp\",\n \"all_dbp\",\n \"diabetes_type\"\ - \n ]\n },\n \"dropdowns\": {},\n \"buttons\": [\n \ - \ {\n \"enabled\": true,\n \"type\": \"export-to-pfb\",\n \ - \ \"title\": \"Export to PFB\",\n \"leftIcon\": \"datafile\"\ - ,\n \"rightIcon\": \"download\"\n },\n {\n \"\ - enabled\": true,\n \"type\": \"export-to-workspace\",\n \"title\"\ - : \"Export to Workspace\",\n \"leftIcon\": \"datafile\",\n \"\ - rightIcon\": \"download\"\n }\n ],\n \"guppyConfig\": {\n \ - \ \"dataType\": \"subject\",\n \"nodeCountTitle\": \"Subjects\",\n\ - \ \"fieldMapping\": [\n { \n \"field\": \"hypertension\"\ - , \n \"name\": \"Has Hypertension\" \n },\n { \n\ - \ \"field\": \"baseline_age\", \n \"name\": \"Age (years)\"\ - \n },\n {\n \"field\": \"project_id\",\n \ - \ \"name\": \"Study id\"\n },\n {\n \"field\"\ - : \"bmi_baseline\",\n \"name\": \"BMI (baseline)\"\n },\n\ - \ {\n \"field\": \"height_baseline\",\n \"name\"\ - : \"Height (m)\"\n },\n {\n \"field\": \"weight_baseline\"\ - ,\n \"name\": \"Weight (kg)\"\n },\n {\n \ - \ \"field\": \"max_total_cholesterol\",\n \"name\": \"Max. total\ - \ cholesterol (mmol/L)\"\n },\n {\n \"field\": \"\ - max_ldl_c\",\n \"name\": \"Max. Low density lipids (mmol/L)\"\n \ - \ },\n {\n \"field\": \"max_hdl_c\",\n \"\ - name\": \"Max. High density lipids (mmol/L)\"\n },\n {\n \ - \ \"field\": \"max_trigs\",\n \"name\": \"Max. Triglycerides\ - \ (mmol/L)\"\n },\n {\n \"field\": \"max_egfr\",\n\ - \ \"name\": \"Max. eGFR (mL/min/1.73m^2)\"\n },\n \ - \ {\n \"field\": \"hba1c_mmol\",\n \"name\": \"Max. Glycated\ - \ Haemoglobin (HbA1C mmol/mol)\"\n },\n {\n \"field\"\ - : \"hba1c_percent\",\n \"name\": \"Max. Glycated Haemoglobin (HbA1C\ - \ %)\"\n },\n {\n \"field\": \"max_sbp\",\n \ - \ \"name\": \"Max. Systolic Blood Pressure (mmHg)\"\n },\n \ - \ {\n \"field\": \"min_sbp\",\n \"name\": \"Min. Systolic\ - \ Blood Pressure (mmHg)\"\n },\n {\n \"field\": \"\ - max_dbp\",\n \"name\": \"Max. Diastolic Blood Pressure (mmHg)\"\n \ - \ },\n {\n \"field\": \"min_dbp\",\n \"\ - name\": \"Min. Diastolic Blood Pressure (mmHg)\"\n }\n ],\n \ - \ \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \ - \ \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\"\ - : \"_subject_id\",\n \"referenceIdFieldInDataIndex\": \"_subject_id\"\ - \n },\n \"accessibleFieldCheckList\": [\"project_id\"],\n \ - \ \"accessibleValidationField\": \"project_id\"\n },\n \"getAccessButtonLink\"\ - : \"https://www.biocommons.org.au/cad-data-access\"\n },\n {\n \"tabTitle\"\ - : \"Files\",\n \"charts\": {\n \"data_type\": {\n \"chartType\"\ - : \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"\ - data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\"\ - : \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\"\ - : [\n {\n \"title\": \"File\",\n \"fields\": [\n\ - \ \"project_id\",\n \"sample_provider\",\n \ - \ \"data_type\",\n \"data_format\",\n \"data_category\"\ - \n ]\n }\n ]\n },\n \"table\": {\n \ - \ \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \ - \ \"file_name\",\n \"file_size\",\n \"object_id\"\n \ - \ ]\n },\n \"dropdowns\": {},\n \"buttons\": [\n {\n\ - \ \"enabled\": true,\n \"type\": \"export-to-pfb\",\n \ - \ \"title\": \"Export to PFB\",\n \"leftIcon\": \"datafile\",\n \ - \ \"rightIcon\": \"download\"\n },\n {\n \"enabled\"\ - : true,\n \"type\": \"export-to-workspace\",\n \"title\": \"\ - Export to Workspace\",\n \"leftIcon\": \"datafile\",\n \"rightIcon\"\ - : \"download\"\n },\n {\n \"enabled\": true,\n \ - \ \"type\": \"manifest\",\n \"title\": \"download manifest\",\n \ - \ \"leftIcon\": \"datafile\",\n \"rightIcon\": \"download\",\n \ - \ \"fileName\": \"file_manifest.json\"\n }\n ],\n \"\ - guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n\ - \ { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \ - \ \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \ - \ \"resourceIndexType\": \"subject\",\n \"resourceIdField\": \"_subject_id\"\ - ,\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"\ - referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\"\ - : [\"project_id\"],\n \"accessibleValidationField\": \"project_id\",\n\ - \ \"downloadAccessor\": \"object_id\"\n },\n \"getAccessButtonLink\"\ - : \"https://www.biocommons.org.au/cad-data-access\"\n }\n ],\n \"discoveryConfig\"\ - : { \n \"requireLogin\": false,\n \"public\": true,\n \"features\": {\n\ - \ \"exportToWorkspace\": { \n },\n \"pageTitle\": {\n \"\ - enabled\": true,\n \"text\": \"Study Explorer\"\n },\n \"search\"\ - : {\n \"searchBar\": {\n \"enabled\": true,\n \"inputSubtitle\"\ - : \"To find out what variables were collected in these studies, click anywhere\ - \ in the study row. To filter by variables across studies, please use the 'Data\ - \ Explorer' (data access required).\",\n \"placeholder\": \"Search studies\ - \ by keyword\",\n \"searchableTextFields\": [\"project_description\"\ - , \"name\", \"code\", \"acknowledgees\", \"collected_variables\"]\n },\n\ - \ \"tagSearchDropdown\": { \n \"enabled\": false,\n \"\ - collapseOnDefault\": true,\n \"collapsibleButtonText\": \"Study Characteristics\"\ - \n }\n },\n \"advSearchFilters\": {\n \"enabled\": false\n\ - \ },\n \"authorization\": {\n \"enabled\": false\n }\n \ - \ },\n \"aggregations\": [ \n {\n \"name\": \"Studies\",\n \ - \ \"field\": \"code\",\n \"type\": \"count\" \n }\n ],\n \ - \ \"tagSelector\": {\n \"title\": \"Associated tags organized by category\"\ - \n },\n \"studyColumns\": [ \n {\n \"name\": \"Study Name\"\ - ,\n \"field\": \"name\"\n },\n {\n \"name\": \"Acknowledgees\"\ - ,\n \"field\": \"acknowledgees\"\n },\n {\n \"name\":\ - \ \"Data access URL\",\n \"field\": \"data_access_url\",\n \"contentType\"\ - : \"link\", \n \"errorIfNotAvailable\": false,\n \"valueIfNotAvailable\"\ - : \"No access url has been provided for this study.\",\n \"width\": 50\n\ - \ },\n {\n \"name\": \"Subject count\",\n \"field\": \"\ - subjects_count\",\n \"errorIfNotAvailable\": false,\n \"valueIfNotAvailable\"\ - : \"n/a\",\n \"contentType\": \"number\" \n },\n {\n \"\ - name\": \"Aligned Reads files count\",\n \"field\": \"aligned_reads_files_count\"\ - ,\n \"errorIfNotAvailable\": false,\n \"valueIfNotAvailable\": \"\ - n/a\",\n \"contentType\": \"number\" \n },\n {\n \"name\"\ - : \"Variant files count\",\n \"field\": \"variant_files_count\",\n \ - \ \"errorIfNotAvailable\": false,\n \"valueIfNotAvailable\": \"n/a\"\ - ,\n \"contentType\": \"number\" \n },\n {\n \"name\":\ - \ \"Lipidomics files count\",\n \"field\": \"lipidomics_files_count\",\n\ - \ \"errorIfNotAvailable\": false,\n \"valueIfNotAvailable\": \"\ - n/a\",\n \"contentType\": \"number\" \n },\n {\n \"name\"\ - : \"Proteomics files count\",\n \"field\": \"proteomics_files_count\",\n\ - \ \"errorIfNotAvailable\": false,\n \"valueIfNotAvailable\": \"\ - n/a\",\n \"contentType\": \"number\" \n },\n {\n \"name\"\ - : \"Metabolomics files count\",\n \"field\": \"metabolomics_files_count\"\ - ,\n \"errorIfNotAvailable\": false,\n \"valueIfNotAvailable\": \"\ - n/a\",\n \"contentType\": \"number\" \n },\n {\n \"name\"\ - : \"Serum marker files count\",\n \"field\": \"serum_marker_files_count\"\ - ,\n \"errorIfNotAvailable\": false,\n \"valueIfNotAvailable\": \"\ - n/a\",\n \"contentType\": \"number\" \n }\n \n ],\n \"\ - studyPreviewField\": { \n \"name\": \"Description\",\n \"field\": \"\ - project_description\",\n \"contentType\": \"string\",\n \"includeName\"\ - : false,\n \"includeIfNotAvailable\": true,\n \"valueIfNotAvailable\"\ - : \"No description has been provided for this study.\"\n },\n \"studyPageFields\"\ - : { \n \"header\": { \n \"field\": \"name\"\n },\n \"fieldsToShow\"\ - : [ \n {\n \"groupName\": \"Count of subjects with non-null values\ - \ for each variable\",\n \"includeName\": true,\n \"fields\"\ - : [\n {\n \"name\": \"Total subjects\",\n \ - \ \"field\": \"subjects_count\",\n \"contentType\": \"number\" \n\ - \ },\n {\n \"name\": \"HDL\",\n \ - \ \"field\": \"lab_result.hdl\",\n \"contentType\": \"number\"\ - \ \n },\n {\n \"name\": \"LDL\",\n \ - \ \"field\": \"lab_result.ldl\",\n \"contentType\": \"number\"\ - \ \n },\n {\n \"name\": \"Fasting status\"\ - ,\n \"field\": \"lab_result.fasting\",\n \"contentType\"\ - : \"number\" \n },\n {\n \"name\": \"hba1cc\ - \ (%)\",\n \"field\": \"lab_result.hba1cc_ngsp\",\n \ - \ \"contentType\": \"number\" \n },\n {\n \"\ - name\": \"EGFR\",\n \"field\": \"lab_result.egfr_baseline\",\n \ - \ \"contentType\": \"number\" \n },\n {\n \ - \ \"name\": \"Triglycerides\",\n \"field\": \"lab_result.triglycerides\"\ - ,\n \"contentType\": \"number\" \n },\n {\n\ - \ \"name\": \"Creatinine serum\",\n \"field\": \"lab_result.creatinine_serum\"\ - ,\n \"contentType\": \"number\" \n },\n {\n\ - \ \"name\": \"Sex\",\n \"field\": \"demographic.sex\"\ - ,\n \"contentType\": \"string\" \n },\n {\n\ - \ \"name\": \"Age at baseline\",\n \"field\": \"demographic.baseline_age\"\ - ,\n \"contentType\": \"number\" \n },\n {\n\ - \ \"name\": \"BMI at baseline\",\n \"field\": \"demographic.bmi_baseline\"\ - ,\n \"contentType\": \"number\" \n },\n {\n\ - \ \"name\": \"Highest level of education\",\n \"field\"\ - : \"demographic.education\",\n \"contentType\": \"string\" \n \ - \ },\n {\n \"name\": \"Smoking status\",\n \ - \ \"field\": \"exposure.smoking_status\",\n \"contentType\"\ - : \"string\" \n },\n {\n \"name\": \"Cigarettes\ - \ per day\",\n \"field\": \"exposure.cigarettes_per_day\",\n \ - \ \"contentType\": \"string\" \n },\n {\n \ - \ \"name\": \"Current Drinking status\",\n \"field\": \"\ - exposure.drinking_current\",\n \"contentType\": \"string\" \n \ - \ },\n {\n \"name\": \"Systolic blood pressure\"\ - ,\n \"field\": \"blood_pressure_test.sbp\",\n \"contentType\"\ - : \"number\" \n },\n {\n \"name\": \"Diastolic\ - \ blood pressure\",\n \"field\": \"blood_pressure_test.dbp\",\n \ - \ \"contentType\": \"number\" \n },\n {\n \ - \ \"name\": \"Myocardial infarction\",\n \"field\": \"\ - medical_history.myocardial_infarction\",\n \"contentType\": \"string\"\ - \ \n },\n {\n \"name\": \"Hypertension\",\n\ - \ \"field\": \"medical_history.hypertension\",\n \"\ - contentType\": \"string\" \n },\n {\n \"name\"\ - : \"Angina\",\n \"field\": \"medical_history.angina\",\n \ - \ \"contentType\": \"string\" \n },\n {\n \ - \ \"name\": \"Stroke\",\n \"field\": \"medical_history.stroke\"\ - ,\n \"contentType\": \"string\" \n },\n {\n\ - \ \"name\": \"Diabetes\",\n \"field\": \"medical_history.diabetes\"\ - ,\n \"contentType\": \"string\"\n },\n {\n\ - \ \"name\": \"Diabetes Therapy\",\n \"field\": \"medication.diabetes_therapy\"\ - ,\n \"contentType\": \"string\"\n },\n {\n\ - \ \"name\": \"Antihypertensive medication\",\n \"field\"\ - : \"medication.antihypertensive_meds\",\n \"contentType\": \"string\"\ - \n },\n {\n \"name\": \"Lipid lowering medication\"\ - ,\n \"field\": \"medication.lipid_lowering_medication\",\n \ - \ \"contentType\": \"string\"\n }\n ]\n },\n\ - \ {\n \"fields\": [\n {\n \"name\": \"\ - Description\",\n \"field\": \"project_description\",\n \ - \ \"contentType\": \"paragraphs\", \n \"includeName\": false,\n\ - \ \"includeIfNotAvailable\": true,\n \"valueIfNotAvailable\"\ - : \"No description has been provided for this study.\"\n },\n \ - \ {\n \"name\": \"Data access URL\",\n \"field\"\ - : \"data_access_url\",\n \"contentType\": \"link\", \n \ - \ \"includeName\": true,\n \"includeIfNotAvailable\": true,\n\ - \ \"valueIfNotAvailable\": \"No description has been provided for\ - \ this study.\"\n }\n ]\n }\n ]\n },\n \"\ - minimalFieldMapping\": { \n \"tagsListFieldName\": \"tags\", \n \"authzField\"\ - : \"authz\", \n \"dataAvailabilityField\": \"data_availability\", \n \ - \ \"uid\": \"code\" \n },\n \"tagCategories\": [\n {\n \"name\"\ - : \"data type\",\n \"color\": \"rgba(112, 182, 3, 1)\",\n \"display\"\ - : true\n }\n ],\n \"tagsDisplayName\": \"Tags\" \n }\n}\n" - logo: !!binary | - aVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQW5jQUFBRGpDQVlBQUFEbm9qSWVBQUFBQ1hCSVdYTUFB - QXNTQUFBTEVnSFMzWDc4QUFBZwpBRWxFUVZSNG5PMmQvWFhiTnR2R2llZjBmN3NUV0owZzZnUlJK - b2c2UWVRSm9rd1FaWUlxRTBTZUlQSUVsU2VvTkVHbENWNXBBcndICjdrVVhoa21LeEJjQjh2cWR3 - OU0wc2ZrQmdzQ0ZHL2VIa0ZJV0pEeENpTnVpS0taVkY1SlM3dmdLQ0NHRUVPSURpanNITk1FMk1Z - NEMKZjM5amVmWlRVUlJIL0hsZkZNVzUvQytGSUNHRUVFS2FvTGhyaVJCaUNzR21IN2JpelpWUy9P - MGcrdlpTeW1QWVN4SkNDQ0VrQnlqdQphaEJDeklxaUtJLzNTZDdrYTA0UWVrcnc3YVNVKzVSdWpo - QkNDQ0Z4b0xnRFFnaTFuVHFIbVB1WXhFMjVjU3FGWGxFVVd5bmxPZWVICklZUVFRa2c3UmkzdU5F - RzNLSXJpWFFLM0ZKSkhKZklvOUFnaGhKQmhNenB4aHlDSXhVZ0VYUjJQRUhtYk5HK1BFRUlJSWJh - TVJ0d0oKSVVvTDNSQzJYSDF4S1lwQ0NidzFBeklJSVlTUVlUQm9jYWRaNlpaRlVkd2xjRXNwOHdT - UnR4MTdReEJDQ0NFNU0waHhCMSs2VXRUMQpsYTRrVjFRZ3hvcGJ0b1FRUWtpZURFcmNRZFN0aXFM - NGxNRHQ1QTVGSGlHRUVKSWhneEIzMkg1Vm91NXpBcmN6TkNqeUNDR0VrSXpJCld0eEIxQzI1L1Jv - RkpmS1c5TWtqaEJCQzBpWmJjU2VFV01CYXgwQ0p1RHhCNUxFQ0JpR0VFSklnMllrNytOVnRNaWtK - Tm1TK1k3dVcKQ1pFSklZU1FoTWhLM0FraGxLWHVhd0szUXY2Rlc3VVpBN2VHS1o1Z2dzTkVXV2lW - Z0QvVFdrc0lJWG1RaGJnVFFreGhyUnRyUlluVQpVUlV2RnJUaXBRc3Mzak9JdWFtRDVmc0F3ZmRj - dHppbjVOZFlITTQ4bkVvSjNibUg4MWdoaEZocm9qd1dSLzJRVXU3NmVuNUN5SFdTCkYzZTAxbVhE - QlFLUFZyeEVpRlE3K1lDRjF5WmxjUThyNWRGajROV0h2Z1NPRUdLWGlGdktRUlA1L080SlNZaGt4 - UjBtcGkydGRkbngKWFVxNUhIc2o5QWxLN1MxN0VBQVA4TU5NenBxSEFLd2ZIay81SUtWY2VEeGZh - eElTZHpvWGpOY2JXdlVJNlovL3BmZ09NRG50S2V5eQo1TE1RWW8rdGRCSVI5ZDBJSVpTdyt0blQ1 - SytTaC84amhOakFVcFlTdnJkUmU5dVdUWlFidlArL1ZCK0VtQ2FFOUVSeTRnNytKRCtaCnR5NXJs - Q2pmUWFTVHdDZ3JONnc1UHhOSkRhUW1lVFhCSjJIQnhTN0FSOCtudldIL3JrWDF3UjhVZVlUMFJ6 - TGJzbGpwN3daa3JUc2cKeXJEUUlnNmJVSmF1MHRveEhaQzQ1VFp0UUNDZy9rejRGbnNQdGduWVJv - OTlCRllrdWkzYkJITmpFaEtaSk1RZHR2QzJHU1lrdm1pUgpnMlUwMmQ3WFJBYUx3MFNMY0p4a210 - K1AwYlNld1dKb0U4QWlGWUlEM244dmt6dTJxa09OTGIvRzd0Y1ppcnVTYjFMS1ZScTNRc2l3CjZW - M2NZV3RqazRtbDZsUkdoL1daQmdKaWVLWWRPYlNkbXVCbkZIanVaQnBzZE1IN2p5cnc4SzM4SGZB - Uzk3SHJMbWNzN2dwWThlWWMKQndnSlM2L2lMa0FFV3dnZU1aRW1tOU1MRTlnY1I4b1RmaThUL0pE - QXU5NWx1bTBmL2YzRGgvZHp3RXNjcEpSUmc0Y3lGM2RGMzVaYwpRc1pBYitJdThmeDFwYURiNXJi - Q2pKVGJ6QVVLUEVzeUYzWWw2djFQWXkyVWhCRG5DTzMxVzh5RjN3REVYY0Z4Z0pDdzlCSXRxMUls - CkpDanMxSmJyRi9qUXFHMkRwSk95MXFFbUdTbmxHdGFFMzVGNzdKTFFMZDR3a3JZN21vOWQ3b0Uy - NnY2M01WS2xvSS9GYUM5R2hIYW4KSEFlWU1vbVFBRVFYZHhCMm54SjZtWS9JTmorQktCcU1MNGhh - RlNQUnFyTG0zVVBBcG9BYTJIOHlUVUluaHBUUVd6MUhETWY2V0FzSQo5bU03U29HWFdrNUVRcklu - NnJac1lzSXUyV3o2SWVteGVrRWQwUjNTY3lPd0MwTVo4VzJtNjduVklyUkRSWm9HSytFRndmQi9J - YzVkCncrK3h0aGdIc2kyckU5MXZrWkNoRTAzY0pTVHNSaW5xVElRUU0xaFBVcGdrS1BCcUNCVHRl - ZEhxd1Y0VkpKb2Y1OUt6MERzcGk3bkgKODczUVE3Qld0SEpranVLdWN6b1M5TUh5bUFjUys4eUhT - WWhIb216TEppTHNudUQ0dkJpN3NDdiszYkpWMGIrelJMWnIxL1M5cWNXbgo2RldpN291VThsWk5w - RzB0VFpvZnArL3QvYnVBVy9PeHQwb0g2ME1LOTQ0TitzeEU4K1gxeVdjc09Ba2hIZ2d1N2pCNDl5 - bnNUdGorCm1WSFV2UVdEdGhxd3YvVVllRUhuNmdydzdmanlzMU9MbTJlL1VwZVR3TUk2aGErcUQ3 - ejczc0hTR05zaVBacHlaSm92NzI4ZSs0RWkKeFpyRWhHUkpVSEhYY3g2N0M3WWdKcUg4ZW9ZRXRt - cDhUdHBkS1FWZWtHMjZUUEVsZkI2d3VQRVNMS1RPZzdKYlBxdzNJYXgzTHVkegpXZUNNS3JBQ0Z0 - MDVyTGsrRm9aMzJQb25oRGdTVE56QkN0T1hzSHRDTGkyV3V1bUFObGovMFpNVkwxcWFqTlNCNFBI - aDJ4VE1Gd3puCjlTSHdVaEYzSjBRbDIvSnhqSDBYMXR5WnB6Rmp5UVVlSWU0RUVYZGFzdFUrK01J - dFdEZWtsRnRFU2ZaaHhYdm5PTUVPQlI4TGs4ZlEKVHY0NC81UGphZDc3bXRBeDl0aUs0cTJIdmpm - Sy9JM3czL1FoOEc0aXBja2haTkI0RjNjOUpsczlJQjJCazA4UitSZHQ2KzFMRDFhOAo5d2pDR1NW - d0xIZTEycDBpYmhQT1BmUVJYNkxJWlZ0dmc0V05TOERJYUxjVklmQjg5TGs1cmZlRXVCSENjcmZw - SWRucUEwdlpoQUZpCmVRYnhISk5QSTA1eTdPTzVGN0VTY3VNNnJvc3FYNUdTdGlMeG9JMGZMdGE3 - ZDJQZVZvUTQvdVo0bWhzbWhpYkVEYS9pRHNsV1AwWisKSi9kSWJ6S1l5aEtwb1cyNXhONm1IV3VL - RkZjcjFrTVBRVVJyUit1ZHM3aHpMRGUycWZtekRhTVdKdkIxZGsyWHc4QUtRaHp3SnU2dwpsUlN6 - WHV3RktVNlkvRFlDMmpidDk0aVhIVjJBaGFkNnFORjlsckM0Y3ZrV2J6d0llUmRSOVdLdHcyTEdS - WnpRNnVUZUJuZE1qVVNJClBWN0VuZVpuRjRzRHRtR1o0aVF5eUNKL0gvR3FkNUg3VnQrNFdyQWVl - d3dtY24xUDF0dVpHSU5zZHcwT0ZXM21zalU3ZW1HQ3NkazEKMElZaW1SQkxmRm51TmdIclQ1b2M2 - Ri9YTDdDV3hreVg4bkZFL25ldTRxNDNJWXh2MHFWUHVBZ2lsNjNzcWpaemJVZHVLN3EzSVN0VwpF - R0tKYzIzWnlJbUtTMkZILzdvRTBGTGV4SWlNdmlCMzRXQlQzSGdvZG45UnBjVTgzbEpuTUI3WVd1 - QjJ0dFo0SWNUZUlaRHJ0NnArCjVYak9ZTzhpZG0xWkY0UVFaOGZ4NFZlTzk0UjA1eGVYTmtOVVdL - elVJeFIyaWFFc05mQzFqQ0h3Ym1BSkdQSnEzblVyci9mOGdIMzQKd0dJY3NoVmhUdzBMQnZVc2Yx - cWU5N2tjR2FKSHg4eldzZnhrbnpsVENja1cxMjNaV1Buc0tPd1N4V1B5MGphby9IZEQzdTV5Rlhk - agpuUVJkdHV5YnhLaXJNS1BQbUhzYmNtdVdFQXVzeFIyaSttSVU1NmF3UzV6SUFtODE0T2haMStj - YXF4K3FseWhaRTFqMFhQSTdqckljCm1ZRnJuMlRFTENFV1dJbTdpTkd4RkhhWkFJRVhvL1RTellD - alo1MnNGR01NTW5LczV2SFlZbXh4N1d1akxFZFdBb0hzc3VnYnV6Z20KeEFwYnk5MHF3bmJzaGNJ - dUwrQU1IeU5OeWtkTTZ1US9ZbGNRU1lVZ1Zqc05SczI2NDdMb29PV09FQXM2aXp0RVNINE8zTmdV - ZHBrQwpoM3JYOGtOdEdLTDF6cVZzMVZpL0ZSZkwyRlZ4aHpISXBUTExxTXVSQVpjSTk5ZzF5Z2ta - QkRhV3V4alJzVXZtc2NzWHBGb0lYYXJzCmJvREJGUzY1SWtjbjdwQjJ4WGJ5YjdNbFcrSWFGRERx - clZsSGNVY0lzYUNUdU1OV1dPZ2dpdThzS1RZSUZoRzJDb2NjWE5HVk1TNkcKZkNjdXJzTlYzSEZy - MWdGKzQ0UjBwNnZsTHJUb2VrSjVLNUk1c0lvc0FrZlEzbkRpSENlTzVjWXVYZkxQZWRpYUhYMDVN - a2ZZZG9SMApwTFc0d3haSXlCSmpGMjVmREF0c3JZY1dYMHV1N0VkSjZFQUtFOWVGTFhQZUVVS2kw - Y1Z5Rjdwa3pZSUJGTU1EVyt3aC9lOXVJbFpKCklla1FWZHpCMHVkaWhhYTRzNGZ6QWlFZGFTWHVJ - bGp0dnJOTXo2QlIvZWNVOEFFLzBYbzNubnhnanVYR09tM0pHcmlNVVRkSS9FNDYKd3VBNlFyclQx - bklYMG1wM2ltQVZKRDJpK2QrRlpPeStkMlB5UzNKNTF5NENqVkd6aEpBc3VDcnVJbGp0dUIwN0Fw - RGdPT1QyN0JCOAo3NTRTdUljY2lCVWwrd29QVzdOanRUQXpJSUtReUxTeDNJVzB1RHhpMGlmaklH - VDA3TTNJL1pwR01ZRmlhOU4yc1hueU1ONndIRmwzClhBVHRXQ3V2RU9KRW83aEQrSDZvdkhZWGJx - V05DMWhvUTI3QjU5NmZYQ3pZTnlPeENnV3RTTkVDUnMxMngyVU80YTRPSVJiOGN1VlgKUWs2V2F4 - U1ZKaU5DU3JuR1ZyK3RRM3dUS3AvWVBPUGduTDFEN3JZQzFydkJXc0loWGwzRTNkRlRUZUtMUTJX - TTl5b2daQ3hqbjRmOApmZ3ltSU1TQ1duR0hnZlJUb0VZOU1YM0ZxRkdMaHI4Q05jRFNrNFdtRDF3 - bnN0bVF4UjJFblV1dDBUODkzb3NMOHhHTmY2NWltdUtPCkVBdWF0bVZEYmgrc0dFUXhYdUQzRkNw - NDRIM0doZHBkclRsRDkrY2F5dk9OeVIzRmRSNmh1Q1BFZ3FadDJWRGk3c1Rhc1FTK2Q2R3MKZDRz - YzArdW9mRjVDQ0pjdHYzZDliL2tKSWRTM2JTdXVOM1ZqQXdTN3k1WjFTanlYSXh0Ni9qYkhmSVFG - Y2hKUzNCRmlRYVc0ZzU5RQpDSitvZ2pudFNBSHJuUkRpS1ZEQVRwYmlEdXdjUlV4dnorN0JsYU5w - TzMxb1ZzbkZDQ3g0cnMvSFRBcUVXRkszTFV1ckhZbEJLTCtqCm5BdTF1MDVvZlVaanVncXdKaXZO - MEtKTUJ4MDFDNkh2K295c1drU0lKWFhpTHRRcW1VRVU1QVZFdFlZcVM1YnI1T2s2b2QwaEdya1AK - Z3ZoWEJkNUo2SXVobHlOYk9nYS9GQlIzaE5qelJ0eGhJQTFSa2VMaUlVY1VHUjZoQnZBc0owNzR5 - N2ttYmwzSHpua0gveXFYTGZaVApRNURWVUsxY2d4UjNtRU8rT3A3bWdVRjNoTmhUWmJrTE5aQnUr - TEdTQ3JnMSt4YlhSZEJORDM1M3J2ZmN0QjA5VkhFM3VISmtlQjRmCmkzZ2FBZ2h4b0VyY2NVdVdS - TU9UcGFxT3NXN05LajdIMnZiRGRWd0RZeXFmR2VkMjNkNUxtYUZaNzlZZXR0QjlsSWtqWk5TOEVu - ZlkKV2dteEpmdkVhaFNrZ1ZDcmRCL1ZDS0tEYitYQnczVTNvYTJYT0wvcis3czBWQlVaZXU2K3dW - Z2xrUWJIUitKN1psUWd4QkhUY2hkcQpJS1dKblRRUnl1L3VYY1lKalgxTWNNcml0UXNsOExRdHVD - Q084NEdyNUtSQ3prbTNuMUh2eWFPd096Q2pBaUh1bU9JdWxLV0RVVStrCkZsaXFRa1hOanQxNlZ3 - bzhyKzBBd2JqM0ZNVmFKMlNIYnJVcnlmWTUwUTkySGtYNG1LcDNFQktNR09MdWtZRVVwQVdoRmdC - WmlqdmcKYTN0S0NieS9oQkJlemllRVdHSkM5K0hDOGRqZ3N1R3laYW44dGtTTW95aUtMdzczV2VR - b2FKUzFFZGE2dnoybXFYbWdyeDBoZm5nUgpkMWlCaFhCY3B0V090SUYrZHdZUVBkODhudktyRU9L - bzh1RFpSR25pOS9Zb3dPOXJyS2dVTmg1U3E4UWNkM3prSmt3K3NodmJyNm9QCnFPZjl4L09XK1lW - V08wTDhvWmNmNDVZczZRM1VWVDBGQ09pNTY3dmVxZ3RTeWhVaVJuMVpSMVQ3L2tBdXZCMHNjUHNx - aXdtMmNpY1kKRzBKRXJYNXZlQyt1VzVYUi9MYlVNM2dvcFJlckhObWs1UmI5UktzUlBNV2ZReWFT - bm5PSGh4Qi9xRzJGNTVONWRJalZVVkd5T1crTAprWWdJSVZRYWhjOEJydmhIUXpSbThtaCtUVU5L - Q2FLRS9MUnVRbGNXUmdlaHI3Wmtvd1lwb0NySUQ0ZFRxSWpoVnRaVWlQSVFOWm43CjRvdVVrcW15 - Q1BHSTduTVhRb1RSZjRKMElaUzFKZGRreHM4b3ErWUF0NndXRGNMT3RVcE9IMExCZGZFdzlISmtk - VHhRMkJIaW4yZHgKQi8rYkVQbnRLTzVJYXlCaUxnRmFMSHZyTWRKRGZFL2dWbnp3NVlyanZLdVFq - VzZsaFZCOWREek4yTVNkRW5aRHJUNUNTSytVbHJzZwpsZzFHUGhFTFF2U1pyQzEzSlZMS3BhZjBL - SDNTeGxMakluSU9QZnBYdW9ySytkREtrVFZBWVVkSVFFS0t1eWUrT0dMQlBrQ2ozZVNlCktMWUVF - Mkt1QXUvcWhPNmgzRmh2Q1hCaFhYV3hQTitNeEhyM2hjS09rTENVNGk3RXhFZXJIYkVoVkw4WmhM - Z3IvaE40OXduY1NoZmEKV21wY0ovMitxeHM0Vys4ODNVZUtLT0g3Z1Q1MmhJUW5wT1V1aEFXR0RK - OVEvV1lRVzdNbHNCSjlDT1NqNkp0V2xocHNTWDUwdUhZSwpDZE5keGQzSG9WaVpEWlEvNG9TdU9v - VEVJYVRsanVLT2RDYmc1RHc0WHlaTWxCTVBqdnloT0hXMDFMaGFyWHBQZDRPVU82NkNlMGpXCnV4 - TlNFVEdQSFNFUktjV2Q5MGpaWEpQR2tpUUk0YTg1eUh5TGFzSlVFeWVzZUtIcTg5cndIWG5zdWxo - cXNvdVNyY0YxYTNnSS9taXEKTDk2cmZJTTU1NWdrSkZmK0YyZ0xnTUVVaEVSRWlTZ2s3cjN2V2VT - cFlJL2ZWR1J2RjBzTnhpR1hDZ2dQQ1ZtR1hNWGR1eHpLa2RWdwowRVJkMy82UGhJeVcvd1hha3FY - NW5hVEdrREw2MTZJbVZJaThEeEczYXkrYXFGdFlXdTFkclZYSldJZVFyOUZWWU9ka3ZUdWdCcko2 - Ci8xT0tPa0w2NTVjQXZraUhuakxFRTBJQXRrTjNDRktZWTF0NjV0RUY0d0pCdGZXMDdlWWlaaTRK - YnYxdEhVdnB6Uk90U25LQlAvVWUKa2UwNyt0SVJraDYvZUlvaUxBZjZOVmF0aENTSDJ2b2JteThv - SnQ1TnVWV0k3YytwVmd5K3ROelhXVFl2V25DVW1zeFYrKzBEZk9jdQoxcDRVMytuYWRRZWpvYjl1 - SXFXYTJtdlBjT2JZVGtnK2lLSW9Wa1ZSZkxXODR4TUdzUTFYYjhRWEFRdWpmMkFxQmtJSUlVUG5G - OHZuCmU0S1ZqbEZRaEJCQ0NDRUowWFZiVm9tNkZhMGZKRENEU2poTUNDR0V4S1J0UUFWRkhZa0NB - Z0JjYW9zMk1aYWk3SVFRUWtiTS82NDgKK2dGK1NqTUtPeEtKa01tR2FSRWtoQkF5ZU9wODdsU0Uz - Skw1aWtnUERMS1NCQ0dFRUJLTEtzdmROeFI0cHJBamZUQ2t1cHFFRUVKSQpkSFRMM1JPc2RkbmxN - aEpDekxTY1hWUDRWazA2Sm13dFM2WWR5MXhlNnIvTTdSUVBJY1FpUkoxalFnZ2haRXo4Z2lTVlg2 - U1VXVlNWClFNM0ZHVVNjejR6Nzc0My9sdGNySVB5WWtUMDhReWlZVGdnaGhQU0trRkltL1FhTThr - bnpnSkdVWFRob1FvKzUvandBcTkyUHdKZjUKSnFWY1JYa2dRZ2docENlU0ZIZWFvRlBIeHdSdTZS - cFBtdGhqVkhGSDhMNlBFWVE3eFIwaGhKREJrNVM0ZysrY3N1QjhTdUIyWEtEWQo2MERBY21NbWY5 - RFNTZ2doWk9qMEx1NDBLOTFxd003MEZIczFDQ0UyRWNVOGE4c1NRcUlqaEpoZ25pdUQvczd3NDk1 - endVbEMwSnU0Cmc2aGI0a2pCank0bUx6NTdZdzdRaUN6c0NvbzdRa2hNTU0rdHI0eHpGMVNBeWlL - b2tlUkJkSEUzY2xGWHh3bENidyt4TitqMEsxakYKcXRYcXU4aVhwcmdqaEVRQm1SMTJIZWE1Qnlr - bE13WVFMMFFWZDBLSUZVVmRhOHIwSzZYcGZoQ0NyK2MrOEdzT1ZsSk1Dcm11NHJQTQpsVW1JVHh5 - Q3hMNUxLWmQ4R2NTVktPSk9DREhIWk1VRXRXNlVndThJd1plRkZRb0QzUUtpcnJjK0lLVVVmVjI3 - Q3dncytpdUhlNjJBCjFsRXllaHhkVG42VFVoN0gzb2JFamJyYXNsN0E5dHNtVWlUa0dIaXZ0eVVT - TEovMGlocGFaWTFlQjRjTTA5a1FRb2d6R1B0Y2ZJbFgKVE9oT1hBa203b1FRUzNSU2JzR0c1UTVI - VldXTmsxWk9yUlI3TDFZVkh4WVdDUGdKU3I1TnRXaXcyUDUwMTNoeSszVkNDR25GekxHWgpYSCtm - RVAvaWp0YTZwS2dTZmwvTFAwQUE2cHcwRVZoSDE1cTloQkFTQlNIRUdvdkxydXc5K3JyWlhGK0g0 - eXR4eHF1NFF3bXBOYTExCjJYSTM0SUdGZm1DRURKOHBEUXVFRk1YL2ZMU0I4akdBQStrUENqdGl3 - UVc1LzBJeXlseUNoQkJDeG9lenVNTTI3RzRBSmNOSWYyd2kKK09neFBRY2hKQWF1dXdTaEY3cGtC - RGlKTzZSczJDZm9QRS95UUZuc3ZpQ2lOalFVZDRTUTRDQlE3ZUp3SFpZakk4NVlpenY0MS8zRgpi - VmhpeVFWUllkTUlmbjZYc1paNEk0VDBnbTBTOGt2R0NjeEpRbGlKTzFRWitNRVhTU3c1UU5STkky - M24wMnBIQ0ltR2xISmx1YjI2CjVFS1UrS0N6dUVQZ3hOY1dQMHBJRmQra2xGUGt4WXUxUW1Xa0xD - RWtOck9PK1RYdnBaUWJ2aVhpZzA3aXpyR2tDaGszVHlpcnM3SW8KcU8wS0xYZUVrS2dvQzV5VWNn - YS80bFBEdGRYWStEdUZIZkZKNnp4M0l4QjJCNjE4MTFrWEJFMlZIQ0JVYnJXL0tyT0w2NVVieGh4 - dwpvZ2F1VmRtR0tNMnppZXlyT1RiTDNZY2VyMDBoVFlpR2xGTHRVS3dSZ0tqUEYycSsyYkdPTEFs - QkszRTNVR0gzaUVuZnFRQy9sTktjCnpDclBCVkV6MVVSZitlZWhDcjhISmVMMHRrVWI3Q0kvODJG - c1Bpd3MzRTlJZXVDNzVMZEpvbkJWM0ExSTJGMFFZcjZWVWtZUE5ZZkEKcUJOK3BlQ2JhZUl2eHl6 - ckIxamxOcWFnZ29VelJqNDdFMXFTQ0NHRWpJcEdjVGNRWWZjRXNaR3NQd1BNOGtkVC9HVWcrazY0 - NXgxRQpjNldGckFjZk94M21qQ0tFRURJcWFzVWQ4dGpsTE96ZWJBdm1Sb1BvTTdkNFEvdjNYV0FC - MCs5bjMyYTdFLzJvejdRNTNBWWhoQkF5CktpckZuUkJpbm5FZXV3YzQ4QS9XU2JWcGk3ZEVzL3FW - bVA5ZngxNnJ3M3EwYlVjSTBIWFBDNFRSK2R1bEJwekl1OUpxNGFCVEVkaWsKT0ZmNHhEcWpMYTdL - YTE1N3hxTVdyTFdQTVRaWnRIdnJieDF0UGROOGgrdllhMEVEenU5QmEvY216RDdRbHR1T2JkYllS - eXZHMzlhRQpOa2pnM3FhR2dhQ09zL1llOXlHK3A0cDc2OXB1bmIvemhyN1VlZXlwT2Y5TVM5SmZY - cXRwNTZwTW1iUHoxdFpTeWxjSGJrSTluTXpzClVJMHlNNStIUi93RG5mcVlRUDlaNXZqKzBYN1d6 - NTNZczlnOFErTjNqTUZ5aVMzM3BuNjI4L2djVXl4VzloNzY1Um4rcDhxcWZadEkKdTI5YlBQL0dZ - VzRvbjlsNmpIYjlMandmMS9yb0txWHZGMjIzOFRRdWIwUDFYY3QydS9xZDQvblgwQW5XWTAvRCtX - L1JKbHVQL2F6OApadVpXOTFSeGs4dUVQcUMyRFdEMThEeThmNWhsbXBOVStzWTB4M2RNY2Zkc2Vh - ODYxNlJqLzNJU2Q5cUE3VVBRTlkxZjZwa21QYmY3CnNhSE5yMDJJWFErcmhUakZuVlgvWFFaZWFH - OTlHbFVzMiszY2NMNUZ4K2Z2OUN6NFB0WVJER0pudEUzcmNhSXFpWEZPUGtyZjhiQjAKbXU4Ulpl - SkdTYnFqeFRhc1M0SHRKazZodHhCSU1ONXN5OEIzY3g5cm0xOElVVTZLUHdKSGVOL2dtZjVSQVd6 - WWx1cURPL1BhK0tiLwpDUkRFcGM3M2x4QmlpKzB4NGhtdC8vNFp1SGIzUjd6TG5hVUxoZzl1S3Zx - dW1wTjIrSDZEUEQrK0R6VW1mWTRRTEhpRHltQnFuRmkxCitXN2VpRHRNaUUzWnRGTkEzZDhIS1NY - cjhQV0lJZXErV25Ud3A0Q3BTaWo0ODhVY3FEY1lwSU5IV3l0L01pSEVIcE5pN09qdVV1U3QKSWwr - MzVOa0hTWnNZUTVlWlZNTGdDQjgrNG9FZSsyOHAyTmM5Q2ZhWE1RUDk2UmdxczRRU2ttaGptem5Q - QitxNisydGl1cTc4V0t5YQpuelk4WXJ1TlVaQTlnYzY5ZGhCMUJYTGlyUU9tZG1FcG4zeDU2Uk14 - MHpGQlZQMmRRR0x4cjJyeTZNR0tOOVVTamNkS3VhVEdqcjloCm1TVU9vQTFqSjRrMytRemhFVnV3 - UHd1ZDBHbTNjUDU5QW1QRUhjUjA3VUt3VHR5bGF2WDRJcVdjMDFvWEg2em1GMm9yQlZzMUxxWm8K - dFJVN2h6OUlDQTdja3MwYkxDQ1dNWVFkK3ZZbWdxV3FDKzk2bUNUblBZcURIOGpTUUN6QUpCL0Z1 - dDBDSlR4MmtRWDdCQXVUYldCaAoxMWUrMWpxK1l1eDZRMlVxRkJVU0w0UjRTaWhoN2dXT2pweXdJ - NEtQWlk3am82Y3JYN1EwQ3JUYWtUcm0yRm9LU2s4bDhkcHlnMGt5CjF0alhkeHNvbjhNcGE2MTJJ - OUZpQXpjUTdFV2tBZ0psc0ZVby83cmJCSVZkeVNjaGhBb3FlV1VzYWFwUXNVbEUzQjBnN0dpdEN3 - dzYKOEV3N2ZBLzJMeUlkUGoyaG9MakxuK0RDRHZSUkVxOExzUVZlbjl5VTZWSUcvcHpleUtEWXdB - OElqOUM3Z2FHMVNqQ0xvQ2MrcXpsVgpiK2RhY2FmVU52eXErbnlnQnlsbHNyNFlEY2tncXlwRkhM - VGt3SVdSTExnVU9sNFNLTGE0YjdQQ1JXbEpDeGxWcFF1N2VjQ1A4WUVMCkFkSUdqRysrTE5JaEtR - WGVaQVI5KzcwU0xDbVhpMHdGT05UblVHeGdrL1BpSlBCODVaTTFCTjd6R05GWVd4YXJxTTg5M1do - eXdrN0wKekY0ZVhZU3ZLZmIwenZMaTY2UE0yRnE1cjBMTEVLNVQ5WGNsVlJtK3k1VndxUEprMTFE - Q2RxRjkzQ0VEZGpncGtLdGd3TzVyYkxQaApwc3dwTm9LM3UrSjMzSXptWDVZRHBVVTIxNmhvSDlI - ckI3d3ZjKzZlYVZWdVhPZm1PL2l4UDkvdk5YRzM3bWtBdkU5bDVRWkJ0NEFQClVFakxsczZOSWY1 - eXNDN1U4V3BiSFk2L29kcnh4Q2pxbHpZT3pURlg2d29teGh6dlhWbTFWUHFubExNWitFRGwzSnN6 - ZjJranZuYlYKbnZBdHZDbDNaYmpwTEJ5djkwNk5TMUxLdnRMOFdJSDUzMFYwZlVPTit6by8wcGY1 - Q3RkeURTSmJ2SWpSRmhtWVkxY2NXUGpNMU82UQoyVHQwWnZveEhKdUtiTjRoTTNuMzNuYzg5YitV - TXZIWEhhMnFQNlI0ajVnWXZWMERBL0tiYWlnWVIrYWVNOWlmMjVSOUN0U2VaZG1wCnFYR3RTWURu - ZkZNT2pSVXF2TFpEcHlvaDZNc3JEKyszc2NLQ1M3dUZlSzhPWThYWnRrSVMzcTlMT3o5WDdFcHRv - dWwxY3ZiWWdjZCsKbkt2ZXBlZTZlMjgrcGo3N2p1ZCtTSEhYL3Roam9xbzYxaFgzTS9GNFhadkow - Y2UxSzh1ekJXejNYZHV5UjNoT0wrTFo4dHV4TFpYbQpyUTZ4REMvdVhNdkJ2Zmt1T2p6WDFOSG9z - UW5WYmkyUGM4TjRzYXRZdU5pMnRWTkpOc2NhLzgvdk4vUUgwK1hvVGRoUjFIazk5alZXCmpIbmc2 - MTZkOEhJNUtPNGFqMk9kcGF6bC9mallpV2ljb0ZvTTJxNjFQcTlhN3p5Mjk5THlPUmNlcm0xVGYz - YlE0Zzc5Si9yN3JKZ3YKWFFSZTdVSWhrTGpiWVA2NWF2SDI5QjN0UGZVaDIyL291UyszdlVqb3lh - WlBZVGNQWEZoNVRFZGR3ZmZid01LNTFWWlZMZ2ZGWGUwNwpkaG9uUFBWRGEySG4rVDRhSjJsUGJl - NjBZUEl3VVhlKy9nakVuY3ZpNU0xV3Q4UHp1WWpNMnI3cldkeHR1eFRhOS9nZGVldEx0dHBFCi9X - NWRoWXBYd0VuOXFhMUhYMGQ2Q1o1QUJuejFYRDhqQmtvTUZkVTNmbXR3bGcyZEkyak45Q2VEcGt5 - ajR6cE96QjM3NGFPUENINzAKMVJtZXk1WlExVjFLbmx5ZDMvSDdCNGRUTU4vZFcyeXJlRng4OWhr - RVgzeXovUFhRZlZmeGdHcFd1U2ZFdGs0ZjAwcmNnUkJSTHQ5NgpFblp6TkZvT3VXdFM1bFFVeFI5 - U3lsbmRSNFFTVWlIYitaSjRMV1RpanE4Y1dTN2xyUzdZSnZFQ25zZWwzOTRGTGszbTYxbGRuakYy - CmJkMmt3YnhsdXpqWkJoQTZ0dS8yTG5EZFpDK0xNQWZlKy9vMklWQkYxNlBvSXU0Q1dPOGUrZ2lM - UnFtV240bG5tMDZkRXl5dWs2WjAKQmVqZ29Tc04wR28zYkw1NVRIN3FrbEpvNmJ1ZllmdzdPWndp - bEdYcndaY1F3T0xkMWtMSkhaWFh1THh2N3d0Z2ZBK1BscjhlcXU5NgpYWVE1c0lOaG96ZTZXTzRL - ajQwV1hWbWpPUGcrOFZJdHFhT0x1a2FMYTZRa202ZmM4aWFSVG5penlpS2J2eTJYZ0RzTUx2MDMx - QVRwCis3dTFQbDlnQzA5dTJMN3ZTOERxRUxaNVJVUDFYZCtMZmR1RmlUSWUvYWxLcnltRGtoSjZh - Z3lLMlordkpURitoVnJOQ1NFZUhBWFMKSWJheWhnVXAxYUsvT2ZBQXMzNlhRWG9YWWVWTllUZHNO - aDRIYXBmSkpLVHJ5TmFoaEZTUUNUSkE4bUNYUmZVRVR1WEVQcG51T1dCaQpjMXV4RWtyaytMWlF1 - cnB2M2FEdnYvUi9WS0U2b1YrZnRWS2tleVNIOTlMZk80azdzSFJ3VEw0Z3dWNjBiVFFLTzJ2S3pP - WGJydThMClc5K2h5NXc5c2Y3azRQSDVmbDBtazJCVlQ5UzNKWVI0c3B4QWJwU0YzUE40R2lKd0xz - dWFvaW5oNk1OMXA1ZTRUSVFRZnRpUEFiVEYKTnRDOTNtbkdqMWZ1SWhCL1QvaHU5b2krN1N6NHVt - N0xsdnZzdHF1QVdzZjdFRkRZZFVaWlZiOGc4dlU1T3RGQzJMbVdUMmxMci80TQpKRGkrdDVLc3hW - MkVNbGd1NHRGM1VFVUlJVWJMbXp1M3VUOUFCRUlzd3ZvcWdmY2VwVitWVmY4ZklZVGFOVjEzRWZt - ZHhWM3g3MkMzCnRnaHh2dys0Ny84R0NydldQR21DVGlXR1hkc0tjQ0hFSWtJQWhlSjd6TDVFZXNI - Mys3VVZkeTRCRDIxSnFTOTczMVVaUURxS0ZNaTEKNkg1TXZIOUg2THZmRTNpMk80aTl2eUgwVnZC - cnI4VkszSUV1Zm5NUE1iZlFLT3dhT2FDejNoZEY4U3NzZFBPMlpaMEFBQmkyU1VSQgpWTmFDcmdU - Q3p0WjNxQXNuK3RvMVl4TTZiM0dFemtIbWU2QzI5ZitNSVV4Y0JKWHZTWitSNTJreU9NdWRZNUJU - RmFFV1NhNzVHbjFUCmJyTTNpandibjd0bmxPVkVDUEd0eFY3K0llWVdHaDZVd3U1ZkRxV1RKdHBr - SDhMZk1hS3dLMEtrcENCSk1xWjM3UEtzdmlkOVdzUkoKbG9TYUYrQVh1MGhRVjl4QWY2bEkzSVhw - UG1JdDdncmthVUppeFRybitRdEtCa1VacUVjcTdBNUd4TTBPUmZTakROS1JoZDFqQlA4bgpRcUtD - aFRJYm5ZeU5iQllTK0VZbm1GOURCd3QyUmVtZG4wS0lWOVcrbk1RZFVKUDczelgvdG96c0c3Vk9z - T0hiY3FubzdMcUQ2Rm43CjkyamlyWW5Jd2k2VjVKU0VlSVc1M01nWXlXMEhCdmM3UlZxWjFLS1BG - VDlVWHIzU0FPSXM3aHEyWng4ais5a3RNa3BRZklKdzJ5R3YKVGJCVUM2R0lMT3lLMkNsMENJa0l4 - UjBobVlBZHl3MTg4VkxUSENwaHNpb3ljSFlKcUhnQlZRTDAvRWlubUZZV0JGQ2tYbC8wcEVXbApx - c1pmSU5WSWpzSnVIVm5ZZmMreG5VaFMyR2FhVDkyUm5kOEZ5WkVRK1JTam9RSVFVV1hyVndRbjJw - Wmg4ODFOR2VQZ1JkeUJ1VGFBClJ2T3pBNXVFL2V4VUovNEFRZWNjbGRvbktPRzJRVWgyTEE1U1N1 - YTBJNjdZdWpIRWNQTUlIWGxNOHNkRnhIK0xGRUhmNVJoRW4xYzYKQjBhYU9RcjJmMUR0RGJFWEk0 - MVNGYy96cFErZnUyY1FVVExIOWxtMDFTVDJ2MVAwczFPaWJqVVVpeFA4Z3JhUjIvcUNSUU1ocmxn - dgpObFhLaHNEZnNVczZFK2FRSTlmZ3RuOGtNRTY4akJVSThweml1TVZDN2pid1BLb3ExOHk5aWJ1 - aTRzRkNBOEdSbW1QakNZRWtnNG5xCjdERnY0SndKVUlrbjltYVpudzdNQTQ5cnR2ZkZCTUVqUWMy - dERoSFZUSURjRTlqQnJOUkZtdkNiNEpqaHZ6NXFzazk5YnN2MlFXcTEKUlZXQi9lbkFoTjBTMGRD - eGhkMFgrdGtSajdoRWx3ZXpIaU13eVphcy9aWklaMndUNmI2N1ZzMkF4QWRidWp0czY2NVFVRUNK - dTk4OApWTVdZZWJYY3hRVFpyVU1VOUxYbGZraUY3REVZYkZ5c0NnNDhvTVFkSWI1d1dTamNJVWxv - aU8vYnBkb0tGei9qWXUrd25UY1BZUXpCCnJvNk5jQXlTVUg4SXdCcS9oSCs3OVk1WnR1SXVJYXVk - OGd1YkRhbldLWVR6eHBONXVDc0hSQ0VSNGczNEJCOGNKa2VWL21EcmMwS0MKMWM3bEcyTkM3M0d4 - ZFVpOXNmUTlaOElBVUpmajlob2ZVbDZjWUE3OHkrSlh2eUY3aUROSU03ZXlyZGVlNWJhc2gwSFJG - NE1TZG9pRwpYYU5UOXlMc0dEbElBdUl5dWQzNXJHa01mMkVYNi9ScFNBdEswZ29YTWZRdVFDMVhG - M2VGMVB1dXJTK3JiLzlHNjNlZXE4OWRDb1hqCmh5YnNadmpnWXFZNTBia3dVVEVKakt2bDRyT2pq - OXd6c0hoc0hmMVlhYlh6Uy9KQkJ4Z2JIeHhPc2ZIbGU0ZnoyTTdEaDlUSGVZZEEKcFkrZUs4NVl0 - MU4yNGk0UnE5MWdoSjNxaUdxN3FVZHJYYUcxSnlQL1NEQThUSTRGU3Z4WTUxM1U2bCs3cGtLZ1Q2 - cGZibHplYTBSYwpyYysrdG1iWER2TkZMcjdwdGdGTFByOU42MFZIanBhN3ZxMTJneEIyMklKZE9h - YUk4TUhnZkJaSjB2Z1lQLzVVQzZLdUszUXNUSThlCmhOMERGMEsxdUZpRWxGL2xNdVhJVW1RUWNJ - bVMvb2krYS8yTWNQUjNLYnVWaTlYWmRrNzZpTG5WQjdibjJXVWw3cEFrdVcrcjNUSm4KSWFLSnVp - TnlCUFpaMllQQ2prUUZvc2pWZWxkZ1FmU1BtdWd3TGxVQ3k3Z1NERWVVN1BQeHZhWGdscElxTG1Q - SkRaelgvMDhJc2J0Mgo5UGo4cnU5ZjlkMTlWeDg4OWZOQ2lMMmpzTXRwWWVKaVlmeUtzY0ZLUkd2 - Vm9Hd1hncnZjb21YN05wdC96elhkQ2F3TUt6akJwbENxCmpjS085SVhQNzBCTmRKK1FZUFprT0dL - SFNOWDBqVmE3Um56NWNxV1VadXNWU0dqODZMampvb3drZndraFRoQXhPek05aVpaa2Q0YnYKeFVk - VmhXd1dKb2hXZlhMb0MycHNtQ05JY2RQbXUwV2J6OUZPdG9Zc0ZXeVZqN2lET09uemc4dXV4cW5X - VVJhSkRWWVVkcVEzMUNEcgprbUtnZ2J2QU93c0hYMmtXQnN4WXhwUnlpOTkxZ1hLSEhaem5TazhP - VlREYThEM0RoY25LTWlWS3lVM1p2a2pGdE1NQzVJaWp6Qk5ZCkNta2Y4L1N6QVNvbnkxM2Z3aXFM - M0d1YW9KdjM3RXRYeHdsUnNSUjJwRGRVa213a1lIWFpZb3JKSlpjeHFFOWcxYm9rc2pzUkRLMlcK - dTR2d2lNa3BSM2NDOUNjWDY1M091d2kxMlM5bFFFZE9QbmQ5RG16ZlVoWWo4SVZZd1IvaS8rRGJr - Nkt3TzZBOEc0VWRTWUdsUTBtbgoyQ3o0M2JSbUZHbGlFRnh4bjhDdHRDSG5ORmR6aUtZY1dKVHRu - SVc0d3dxbHI1WFlLYlcwQTVxWVU2c0tpZFhiMXdpckFoY2VzUlhMClBIWWtDZEFYWnhrSXZQc2gx - YXVPd0dES1FGNERQdUNwQzd6N25CY20yamlSdXNEN3JvOFR1V3pMQml2YzNZSlYzNElFVVUzbGth - eWoKYndQZmMvTlhKT01BMjFzelQ3bm5mSE5CZFA1b3hJb1BQRytsSlkvcUgvQ1YrNUhndlE2aTVq - cUNLMll1dFY0RDgyRE9zYmxzeS9ZbAo3cDc2NnBoSW9hRDhnczZhWlM3SHdlcWV3bzZrakJKNFVz - cXBweFFwdmpqQjBrMWhaOGNpbzYwMFo5QlAva2pvbVM5REVYWWxzRDdPCjhHMm14RU5WUGZia3hW - M1BXN0xSSFVBaDZ0UUg4UTlLZ2VYcUdLdytnTjg1T1pGY3dBQ1p3Z1Q1UU45VU54Q1ZPYW82MWRp - U204QUYKcGs4T1ExMlk0SnVjSnRER0JjYXBQNnFFWFpHSjVhNVBxMTNVUkpYSVlPK2FKRElGSGpr - NWtSelJKc2p2UGR5KzJrcjhvQVpyK3FhNgpnL0huOTVGWjhKUVZXczJaSDNxd01GMFFmRGpvc2Iv - bk5pNVJDOEJKa3k5dUR1S3VyOVZYVktzZHJIVytNdGozeVJmVjhUazVrVnpCCjRLMWNDWDZEeUFz - dERrcFJONHU5b0J3NkVCbVR4TGJjZzZQNmtaUnlBa3UwUzdteU5qeUxPb2lOMGVSaDFOcjRQa0li - RjJobjFZOS8KYTdNQXpFSGM5ZUU3Y1lvNXlIcW8xWmNDQjJ6RHNxQTVHUVJxYTArSlBDbmxMU2JK - QjQ5amtmcGV2bUNncHFnTENNUzZta2QrUlp2SAptSWlUUUZsMlZQL0NRc1gzc3ovQ3IrNVdpYnF4 - THVqVjlyUFJ4ajZqN3k5bE8wTThMOW9tZ2haU1NvLzNFUVlrNXQxRXpOMFd6UkVVCnBVayt4N2hX - UUw0eGM3NC9VSTNGT3E5alN1L0NvWUQyTGxYQmcrVEgrbEUwQkRzZGpJejBiOG84QmJwSDIzWnZW - U2FwSzZuZFQvSGYKZXl4cmYzYmVJV3I2enJRTUI1Mko4ZjNpL3Fhd2FsN3J3eWV0L3g1RGZwdXB0 - MXRiak5KdHR5M2ErS0pWVjltaG5mY3UyOXRaaUxzUwp2UGhONEJJL0Z5ams0S3NRQkl2OERIMmRn - RHdoVlFOOTZ3Z2hoSkJFeUtsQ1JabVJlNHI5L1ZCc0l3bTcyNHlUYlY3Z1c4ZjZzSVFRClFraGla - Q1h1aXYvOEoxYlkzdzdoT3hITFoyeVphZkJFR2FWRDN6cENDQ0VrUWJMYWxxM0M4MWJ0Q2RFdlFZ - SFY3cGladU9NV0xDR0UKRUpJQjJWbnVUSXh3Wk5lY003SHFOeTR5RW5aNm1nWUtPMElJSVNSeHNo - ZDNKUWhIZGhWNXNYemdyQ01oSThMY1c0UVFRa2lHWkw4dApXd2VxUFN3N0ZBT1B0U1U3UVdteFZG - R2lia1ZCUndnaGhPVEpZQ3gzSnJEa1RWRWlwRTBkdUZoaUpzVjZoM3JtYTFycUNDR0VrSXo1Clpl - Z3ZEMEpscHlXR1hkUUVYOFR5dDB0SjNCMFFIUndsL1FzaGhCQkN3alBZYmRrbWtEeTRQTXJBaGw4 - ajViZmJkOWdxRHNFSlFuYkQKQUFsQ0NDRmtlSXhTM09sQTZFMWpsUzRSUXZUUjRCUjBoQkJDeUVn - WXZiaUxDZkxiL1Yra1N6NUIwTzBvNkFnaGhKRHhNSGlmdThTWQpCcnlkSndTRkpGdHduUkJDQ0NI - aG9iakxEeFhadXRjUFd1WUlJWVFRVWtKeGx4WXFlclVNNmpoRHdCVmxtaFphNUFnaGhCQnlEZnJj - CkVVSUlJWVFNaU1FbU1TYUVFRUlJR1NNVWQ0UVFRZ2doQTRMaWpoQkNDQ0ZrUUZEY0VVSUlJWVFN - Q0lvN1FnZ2hoSkFCUVhGSENDR0UKRURJZ0tPNElJWVFRUWdZRXhSMGhoQkJDeUlDZ3VDT0VFRUlJ - R1JBVWQ0UVFRZ2doQTRMaWpoQkNDQ0ZrUUZEY0VVSUlJWVFNQ0lvNwpRZ2doaEpBQlFYRkhDQ0dF - RURJZ0tPNElJWVFRUWdZRXhSMGhtU0NFdUJWQ0xJUVFXeUhFV1FnaHRVUDkvMDRJc1ZRL3gzZnFC - eUhFCkhPMjlNOXA3TjRUbkd4dDhoeVFXUW9pWjBkOVdNUnYvRjc1cFF0SkhpYmFpS05UZ2NGTnpz - K3J2MytOWUNTSFdVc3FvZzBuZkNDRW0KUlZFc3ROdllTU210SjNBTXhsK3pieGhDTkF5UmNaUlNi - dnBzSHlXQ2lxS1lsZjlmTjI2bGR0K3BRM0ZIU01MQUNxY0dzWThkN2xJSgp2YThZTk9kU3l2Tkkz - dkdrUW94WmlUdTBPNFVkR1NKNnYzN0MrTkluTStPZTZoYWxxZDEzMGxEY0VaSTJXMWpqVEI2TG90 - aHJmemV0CkVJRHZJVzZtZk1lZE1kdnNnc21rRk1ySHhPK2ZFREppS080SVNSUnNRNWpDVHExWUYx - TEtOK0lDMjVJYjQzZmVxZk9NYll2V0F6UGoKRktvTjExaytDU0ZrZERDZ2dwQUVnVkF6dHdVZnBK - U3pLbUZYL091cm92eFFsQ2g1TVA3cEs4NUg3Tm16N1FnaHVVQnhSMGlhTEkyNwpPbFg4WFIxTC9M - ek9LOHRkbDZoQlpmblRmNzdoNXlZcWtFTUljYXlJNUZVUnA0dTYzOVhPb1NLQ054WG5VTWUrS2hw - WXU2Ky9qTk45CjdSS3Rwa2UzVlFqcnY2NjFXVU1rOHhIUFZMczlia1RqYnZGM1UvemVya3UwWFVX - N3RUbXFudWNXN2IyditQM0d5T3lxUG9QenJmRzcKNTVwcmxuMm84elZ0d1hzenIzZEcyMTlkRkRY - MGU5bTIzeGZOL2VmcTkyUDgvRXc3MzA2N0w5TWFyWGp2R2tGODVaM3QwUmZNYjNhbAo5WTJ2eHI5 - SnMrL1kzSGREZTNaOUw3T2FNYWw4TDFYdDJvbUt0bHNiOTFDT2kxWFBzcXQ4RmlrbER4NDhFanZn - MHlXMVk5SGxIaEUxCnF2LysyZmgzL2Q5MlY4NjEwbisrNFhwbjQ3eFZoN0tBVFdyT01hMTQ3cXBE - WFdkYTh5eE54K3JLYzg0Nm5HdG4zUGUrNWUrdGE2NjkKMDgrTmM1cnQyWGovRnUxUjJ3ZHFybDkx - SFBWM1VkZG5hdHJJdk9heXd6Vm5OdCtzZVgyNE1WenJhN1hmWHNkKy82YWRjSTViNC8wMwp2aWYx - ODFlZWExbnpYTE1XL2FOeExHZ3h6clQ5WnMzK1VYdTA3TmM3bisycG5XdmQ4anhiOHp3VjQwbmw5 - MXZ4cnZZVjUrbmN4emlwCjgrQ1IySUdKMFB4d2F3ZWdob0hKSEJEcUJKR1R1T3N3d09zRHZUa1Ex - b21KdWtIdFhJckVEdGYxTHU0NmlDRDkyRlJjMjV5TXFzNFoKVXR4dGpYZlI5ZmVuc3FIUDFEeVBQ - aUczblVUMVkyN3hUZGkwelp2bmMrajNieFkySFJZRzVmRm1nZER5bS9FcTdsVDcyejUvWUhIWAp0 - VDIzTmMrM2RUbFBHM0ZYSmV6MHNiRmhUS3A3eDhmeTl4bFFRVWg2bU50T1Q1YnBUUFpHY01YVXQr - OFl0cTErR0grdElubVhwVzhnCnRpM1U1UDBPLzM2RGdWUGZ6cGdiT2Z5K1F3VHRzYVV6dzRTZ24y - T0o0eHYrVHQzTEorMGNUMFlxbEd0YlRrZnRYRE9qN1I2TUNObnkKenh2anZpOTQxbDI1a3NZOTZw - SE1uOVFXejVVZ2wvS2NCNXpyM0NHdHk3Y3IvNjVFeVoxeHo4OWIvbWpycmZIelQ1aVlkdmlaS2Q2 - Rgova3hxYTJqUzBFL0w1em5oT1k1bEc2Si9mSzY0NXJxYzdOQ09LK08rTjFldTJaWVR6bDIrMHhu - YVEzK3ZLL1RSb3VqVzcvV2dxQnYwCmw1bDJub1hXcHd1OGl4WEVTdG4zbDhiVzVXZmtzYXlMMk5i - dlc0K3FyL3I1azVGU3BFc1V1QmxnOUloenFYcy8xM3ozSy9RL3ZTK2IKMzlxMS9sdDczeTNiVS8z - TW45clBmRVEvZW5sMnVFQ1kyUWNlY00zeXUxNFk0NDA2ejZKdC9qMjF6V3I4L2dFQ1hPL1A1bmJy - TjR5TApSenpMM1BndTd2QTdhMXB0ZVBCSTdLaFkxYjZ4OUxSY1dadm5XV24vMW5xMTNtUzVxMWg1 - MWxxWEtxeFRNKzNmOU5YMnNlYjN6VlZzCjFmWkZxM3V4YUxzMzI0QlZXOThOVzI5VlA2dXYwS3Uy - a1RwdHhiZDhyaXByazI3UlhiYXhhdFM4KzJWRCs5WDI0d3BMUzkzUDNWYjgKYk9VMmQ4TTltL2Uw - cjlubWJMU2VWeng3N1gxYzZmZW1kV2paOGh5TEZzOVY1LzdRK3R0dmVLWTMzMkpOTzVyV3ZYM0Z6 - MXgxKzJoNwozMDE5OGtwNzZuMzN0c0l5VnZrdFZyeS92YXh2STMzOE5TM1Z4NXIyTzdkNFpyT05u - MytPQVJXRXBFL0tPZFgwbGVmcGlqWEtEQWlaCmEzL1dWOXUzVlU3enNCejlYaFRGQnh4dEEweENN - VGZPcXlhSVNzc29Wdk9QMmwvZFZQeSt6b1B2RFB5d3VKbldwbnZqbmsxTFFWTWIKTDJFWnFmdGRu - Y3FBSU56VHUycy9WL3piaHVlS05tdmxGTi9Bc3NyeWh6WXhvODcxZ0JpOTMxK2tsTmZhcWU2ZVYx - cC8vdENRYnNmOAorMnVCSHNzR3k1NFA5dnA5MXlWTGwxSnVqZUN1ZDE3djRpMXJ5L2JVeHh0ekYr - R3A0VnRjR04vQXUydEJPTEF1NnBicVMwT3llZjArCkpqWGo0dFo0RjgvOWpkdXloS1NIK1pIYkpp - RU9XbU8yS2txc1kvMUUvYmtPeHZiTkVSRndlMjBMYjE4bm5ucEMzN2E1dEJCalpxV1IKV1VPVy9S - REN6dHpXL1Y1eHorYVdsb280YkRyMVdadUFtaWJ1YmMza1pmYWhUZE0ySzdham52U3RUdlZzbHYz - aWRLVTgzZDRRY2M5VQo5UHR6eDM3L012bWI5NjJkMjd4R2wxUkdCNWV5ZTIzQU8zcTVCaUptWjdq - UDN0SXVlV3BQODk5cXYwVnNQMCtOMzZudHZ4QjI1Z0pyCjF0Qi9MOXIzZFlkeGNWdU9od2lVcXl5 - elNIRkhTSHFZSDNydFFBUUJWRTUwVC9qZEZRWmZVeFNHRmtaM0RpVzcxT1Q0VS92L0d3aWgKVjM0 - dlFvZ0RCRUJxQ1lXdnRxMWFZUnRDcWZhOStweWN0UkoydWhYZ3diUTJWVmdjYmp5V1lLdDdIbk1C - MHVhNWQ0YVBsdTBpNXBwbAp5M3luczVyNzY5cnZYN1V6M3MrNndtSmtTN1FGRU1TSzZRdlpLeDdh - MHhTQ2plMEpDMmtiSyttOFpnRTBhYmpHMGhDRE4rYUNBMlBLCkFlUCtpNzhzdDJVSlNROXpvSGpY - TXJmWGU1ajdkNWlvemVvV3lTYml4YUQwT3dScUUycHcvQk81blppWXVSMWJZMUk1MUd4OWhtelAK - c2RRM2JvUHV1RC9CLzMveUpPeUtXRzRjQ0FqNGtaaXc4OTZlSG5jTDZpemI2N3J4SFpiMUQvaG1y - NTM3Si9MdVBaK0xsanRDRWdOYgpUeWRqMEZ3MkZOUTJlVmNoNUU0T1BqaHR0NFVmT200bnZwcndN - WWpPc0pVeXczVnZhMnJydmpjakQxUEhkL0xkTm1BQzF0dnZVaEdSClYyTDJqem9SR0pMb2JlUUJs - MzV2V2xSUEVPUG0rekVqd1hzRjM2aDVQMmE5NnhJek9qc2tWZEhybTQ3dCtlcG4xYk42M3VhKzRC - cDYKaE91cXdkZjBPZTlseTNIeEk2eVdDNG83UXRKa2JZVHJxOHo4bXdxQnRzRlcwY1RZaGpCWHJV - MlR6N1VKdFU3Y21RUG1yWTlCRU9kNApkUjR0SllTZW91SzltY0lnTWhmalhtNnZwT1V3Z3dHQ1ds - S3haZmJLOGI5QjJKV0xDdjJ2dkx6UEs1anZibGFSaXNYRWJNZlk3OTlMCnYwZWZOaWZveXZLQ05X - S3FUOHhBRnJYTlh4bmNnbnNQTHU1cTJuTnEwWjU3d3gya3lsOVZQOWZjR0NPcnhtbWRKZnFzWGxG - SHBiZloKTnZXam1uRnhnbmVodXdXbzUxcHdXNWFRTk5rWVVWalB1ZUZNNjQ4eTI2c0lWUXlzTStO - M1NpNFYwV0c2bWI4MndxdHBZSWFsVGIvZQp4eWJybEZtU3FuUkMxOHQrMVpYWlVvSUVrYmpteE4v - bjFxeDVMOWVzWE9hL0J4Tk9tSEJNeCszYWFGNE5QYUwzcnFtMFVzVjdzM2tlCjgzY1dWL3JRekl5 - dWpTM3VhL3A5azE5c1piK3ZXRFE5Tmp4TGFoWnE4M2tyZHhWcUJGY2pEaFp1c3owUGx1MXA5c25h - N3hydi9TZkUKMWZOeHBUL2VZOHplSVplbnprWi9kcFRhMC92Tm0vdEFQZkdWOGQwK1EzRkhTSUxB - dW1LdWhOOGhXcW91L2NPMHhyZXBLZ0xSbk9RMwpGZlVmSnkyMm0welJ1S3NhbkJGUlpqcWRsK0xJ - SEF5L05reVc1cURjTkpDR25oRE50dmxhOTI2d1BXcUtrbXNXS2l2UTF1YTlmV21aCldzVzhwemY5 - b25nZHBQSHFaN3ZlTHlaQzNjL3k1a29mZW5OL1hhL3BDYlBmdjFsNEZkZjd2Y21zNFJ6bXhHNGJR - Vy95M3BPN1FOMjMKOXViOU5OVllCazBwZ2tyYVBIOWw2cEJyN1FuaHBhZHZ1Y1AzVzRYNTkyOUVs - b1labmI0eXIyT0laSE9NZmxPanQvanZXM3piL2pZSgpESG53NEJIbmFLaDlXYVlpS0xkbHI1WEFP - dUxuRmpVSk5zdWZXZUZZMTUyeklyR3MrWE5IREo2bGowaFZ6VkN6cnFpWlZIUVBjVHZSCjd0ZE1H - SHFzdUplcVpLN3JNak4raHlTdFY1TVkxeVF4bFhpVzh2bkx5Z2Ztejh5Ym50KzJmNkVOek91ZHRm - ZGFlelM4aS9MM3kvZTUKcUxqRzBVankyNnI5WkgzQzRMTVc4YmlvK1E0cUU3OWVhWityaVhCYkpx - R3RhdWRPL2I2bXYyN3h2SHBWanJwdmUxdFRndTlhbVQzegovUjdSdnF1MmliOHJrdkNXZldTcXVZ - alUxWGQ5VmErM0p1SDFWdXVuWmRtMHFuRm1yZDkzemJlNHdEMTFhYytxMG1wSDdUdFkxcFE1Cm03 - WHBQdzAvWTU3RDdHTTczTnN0amxsRk96OG5IdWNrellOSDRrZVhPb3d0RG4yQzZsbzdVVllKRDR2 - NnFtK3kyVnZXYUsycUdsRWwKcE41TXJDMG1yN2JpcnFwcXdyWGphbTFaMno3WnNUNXU1WHUxZUtZ - M2xUbTZpRHRwWDZlMXNocklsZXUwN2cvWEptZUxQbHRWVTdsdApUZDF6alZpcXFoZDdUZHcxamlj - dDIzSFM0ZG1yN250bnRHUFQ3NWZDclc2aCszTGZ2dHF6NDducStrZXJpamxOMVNvc3Z1ZVg3NExi - CnNvUWtEbndxUHJSSUUxS2lmdTZQRmorL3VMS05VT0FjWDVwK0FENUkwNWIzOTFUbDFGOUd5cllJ - K1Mrd2xmRkhqZlB4dk1idk1BaDQKamxtRi8wd1ZGL2pjdUZaVmlQVk1ab1dHS2s1WGtyQzJ2V2Fa - OHVIVTRzZWZNSUgxbXRySG90Ky9xWU9MWElQWDJ2bUM5K0VydCtPNgo1WGRXQzdiVDIzeHJhaXV5 - OGJ1dXFRWlNoYm1OV1hXdUx1M1ptSDBBNTdwdjhZd1h1RDEwU1dTdFU3czlpekd1N1hmeDZsdGt0 - Q3doCkdZQ1BmQVova1htTmo4c09Kdmx5MHR2Q0IyeWkvZnlMajFwWnpnbE82Z3ZEU2ZvSUM5TU8x - Mnljd0REWWwvZTNxRW1nZkMwYWJJK1EKLy9MNXpITWNzZUp2eWhpLzE5ckl6QnpmUlF5WXZtQk5W - UlBPaUdZdXR4Rk5uNkV6cktSMVZScTYzbHNUNXc2TGdGcEtuMDg0L3k4cQordHUxZDlHNi9VclFO - eVo0Ly9NS3AvMDkrcVJMVytuM2RPMDhabHUrOGU5czBlOWZ2cU82aXlpeEQ1OHVNK3F5UUw4cGZX - WlYzNzdICnV5amJwbXpYeHZzMHJsY1c5Uyt2WitXL2g3RmhvdlVQM1IvTWZPNjUwWS8yeHJuS05w - alY5TFVDMGR4Nk8xZjY1ZUpjeitsQXJyU24KOGxlcmE4L3lYTXJuVlAxTzJTZjFaM3h4amFuNXJx - LzJIMXhEdlk4eUdYU0pHZ2VmTXdHMCtDN1VlZFhZOHA4dloxRVUvdzlscURkVwo1cjdLVGdBQUFB - QkpSVTVFcmtKZ2dnPT0K - -# postgresql: -# primary: -# persistence: -# # -- (bool) Option to persist the dbs data. -# enabled: true - -revproxy: - service: - type: "LoadBalancer" - -revproxyArn: arn:aws:acm:ap-southeast-2:690491147947:certificate/f7b5d099-96b9-414a-98f7-ac40abab5429 - - -## disabled services -# wts: -# enabled: true - -sower: - pelican: - bucket: sandbox-s3-buckets-pelicancredss3bucketsandboxs3bu-veftfoxeyecg - -guppy: - enabled: false - - From ce9e4e42cf7d40f96f794112eabcd6505b2455f4 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 5 Jan 2024 12:09:13 +1100 Subject: [PATCH 131/131] read me --- helm/gen3-external-secrets/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/gen3-external-secrets/README.md b/helm/gen3-external-secrets/README.md index 3201791d..987a9c54 100644 --- a/helm/gen3-external-secrets/README.md +++ b/helm/gen3-external-secrets/README.md @@ -5,6 +5,7 @@ A Helm chart for installing ClusterSecretStore and external secrets ## Requirements +Make sure the "ClusterSecretStore" CRD is installed on the destination cluster. | Repository | Name | Version | |------------|------|---------|