@drunk-pulumi/azure 0.0.37 → 0.0.38

package/Aks/index.js

@@ -11,11 +11,8 @@ const Identity_1 = require("./Identity");
 const StackEnv_1 = require("../Common/StackEnv");
 const Helpers_1 = require("../Logs/Helpers");
 const Naming_1 = require("../Common/Naming");
-const PrivateDns_1 = require("../VNet/PrivateDns");
-const Helper_1 = require("../VNet/Helper");
 const RoleAssignment_1 = require("../AzAd/RoleAssignment");
-const Group_1 = require("../AzAd/Group");
-const Helper_2 = require("./Helper");
+const Helper_1 = require("./Helper");
 const CustomHelper_1 = require("../KeyVault/CustomHelper");
 const KeyVaultBase_1 = require("@drunk-pulumi/azure-providers/AzBase/KeyVaultBase");
 const autoScaleFor = ({ enableAutoScaling, nodeType, env, }) => {
@@ -24,11 +21,11 @@ const autoScaleFor = ({ enableAutoScaling, nodeType, env, }) => {
     let maxCount = 3;
     if (env === AzureEnv_1.Environments.Prd) {
         switch (nodeType) {
-            case 'User':
+            case "User":
                 maxCount = 5;
                 break;
-            case 'Default':
-            case 'System':
+            case "Default":
+            case "System":
             default:
                 maxCount = 3;
                 break;
@@ -42,12 +39,13 @@ const autoScaleFor = ({ enableAutoScaling, nodeType, env, }) => {
     };
 };
 const defaultNodePoolProps = {
-    availabilityZones: AzureEnv_1.isPrd ? ['1', '2', '3'] : undefined,
+    availabilityZones: AzureEnv_1.isPrd ? ["1", "2", "3"] : undefined,
     type: native.containerservice.AgentPoolType.VirtualMachineScaleSets,
-    vmSize: 'Standard_B2s',
+    vmSize: "Standard_B2s",
     maxPods: 50,
     enableFIPS: false,
     enableNodePublicIP: false,
+    //enableEncryptionAtHost: false,
     enableUltraSSD: AzureEnv_1.isPrd,
     osDiskSizeGB: 128,
     osDiskType: native.containerservice.OSDiskType.Managed,
@@ -55,127 +53,84 @@ const defaultNodePoolProps = {
         environment: AzureEnv_1.currentEnv,
         stack: StackEnv_1.stack,
     },
-    tags: {
-        environment: AzureEnv_1.currentEnv,
-    },
 };
 var VmSizes;
 (function (VmSizes) {
     /** 32G RAM - 4CPU - $221.92 */
-    VmSizes["Standard_E4as_v4_221"] = "Standard_E4as_v4";
+    VmSizes["Standard_E4as_v4"] = "Standard_E4as_v4";
     /** 8G RAM - 2CPU - $77.38 */
-    VmSizes["Standard_B2ms_77"] = "Standard_B2ms";
+    VmSizes["Standard_B2ms"] = "Standard_B2ms";
     /** 16G RAM - 4CPU - $154.03 */
-    VmSizes["Standard_B4ms_154"] = "Standard_B4ms";
+    VmSizes["Standard_B4ms"] = "Standard_B4ms";
     /** 8G RAM - 2CPU - 87.60 */
-    VmSizes["Standard_D2as_v4_87"] = "Standard_D2as_v4";
+    VmSizes["Standard_D2as_v4"] = "Standard_D2as_v4";
     /** 8G RAM - 2CPU - 87.60 */
-    VmSizes["Standard_D2s_v3_87"] = "Standard_D2s_v3";
+    VmSizes["Standard_D2s_v3"] = "Standard_D2s_v3";
+    /** 8G RAM - 4CPU - 182.5 */
+    VmSizes["Standard_D4s_v3"] = "Standard_D4s_v3";
     /** 16G RAM - 4CPU - $175.20 */
-    VmSizes["Standard_D4as_v4_175"] = "Standard_D4as_v4";
+    VmSizes["Standard_D4as_v4"] = "Standard_D4as_v4";
     /** 4G RAM - 2CPU - $69.35 */
-    VmSizes["Standard_A2_v2_69"] = "Standard_A2_v2";
+    VmSizes["Standard_A2_v2"] = "Standard_A2_v2";
     /** 8G RAM - 4CPU - $144.54 */
-    VmSizes["Standard_A4_v2_144"] = "Standard_A4_v2";
+    VmSizes["Standard_A4_v2"] = "Standard_A4_v2";
     /** 32G RAM - 4CPU - $205.13 */
-    VmSizes["Standard_A4m_v2_205"] = "Standard_A4m_v2";
+    VmSizes["Standard_A4m_v2"] = "Standard_A4m_v2";
 })(VmSizes || (exports.VmSizes = VmSizes = {}));
 //Using this to enable the preview feature https://azurecloudai.blog/2019/10/16/aks-enabling-and-using-preview-features-such-as-nodepools-using-cli/
-exports.default = async ({ group, nodeResourceGroup, name, linux, 
-//kubernetesVersion,
-defaultNodePool, nodePools, enableAutoScale, network, log, acr, aksAccess, vaultInfo, featureFlags = { enableDiagnosticSetting: true }, addon = {
+exports.default = async ({ group, name, linux, defaultNodePool, nodePools, network, logWpId, acr, aksAccess, vaultInfo, features = { enableDiagnosticSetting: true }, addon = {
     enableAzurePolicy: true,
-    enableAzureKeyVault: true,
+    enableAzureKeyVault: false,
     enableKubeDashboard: false,
-}, tier = native.containerservice.ManagedClusterSKUTier.Free, lock = true, dependsOn = [], importFrom, }) => {
+}, tier = native.containerservice.ManagedClusterSKUTier.Free, lock = true, dependsOn = [], importUri, ignoreChanges = [], }) => {
     const aksName = (0, Naming_1.getAksName)(name);
     const secretName = `${aksName}-config`;
     const acrScope = acr?.enable ? acr.id ?? AzureEnv_1.defaultScope : undefined;
-    const disableLocalAccounts = vaultInfo
-        ? await (0, KeyVaultBase_1.getKeyVaultBase)(vaultInfo.name).checkSecretExist(secretName)
-        : false;
+    const nodeResourceGroup = (0, Naming_1.getResourceGroupName)(`${aksName}-nodes`);
+    const disableLocalAccounts = await (0, KeyVaultBase_1.getKeyVaultBase)(vaultInfo.name)
+        .checkSecretExist(secretName)
+        .catch(() => false);
     console.log(name, { disableLocalAccounts });
-    nodeResourceGroup = nodeResourceGroup || `${aksName}-nodes`;
-    // const appGateway =
-    //   addon.applicationGateway && network.outboundIpAddress
-    //     ? await AppGateway({
-    //         name,
-    //         group,
-    //         publicIpAddressId: network.outboundIpAddress.ipAddressId,
-    //         subnetId: addon.applicationGateway.gatewaySubnetId,
-    //       })
-    //     : undefined;
-    // const podIdentity = featureFlags?.enablePodIdentity
-    //   ? ManagedIdentity({
-    //       name,
-    //       group,
-    //       lock,
-    //     })
-    //   : undefined;
-    const serviceIdentity = featureFlags.createServicePrincipal
-        ? (0, Identity_1.default)({
-            name: aksName,
-            vaultInfo,
-        })
-        : undefined;
-    const adminGroup = aksAccess?.envRoleNames
-        ? (0, Group_1.getAdGroup)(aksAccess.envRoleNames.admin)
-        : undefined;
-    const contributeGroup = aksAccess?.envRoleNames
-        ? (0, Group_1.getAdGroup)(aksAccess.envRoleNames.contributor)
-        : undefined;
-    //const enableAzureRBAC = Boolean(aksAccess?.adminMembers && adminGroup);
+    ignoreChanges.push("privateLinkResources", "networkProfile", "linuxProfile");
+    const serviceIdentity = (0, Identity_1.default)({
+        name: aksName,
+        vaultInfo,
+        dependsOn,
+    });
     //=================Validate ===================================/
-    if (!network?.subnetId) {
-        console.error('Aks subnetId is required:', name);
-        return undefined;
-    }
-    if (!linux?.sshKeys || !linux.sshKeys[0]) {
-        console.error('Aks sshKeys is required:', name);
-        return undefined;
-    }
-    //Private DNS Zone for Private CLuster
-    const privateZone = aksAccess?.enablePrivateCluster
-        ? (0, PrivateDns_1.default)({
-            name: 'privatelink.southeastasia.azmk8s.io',
-            group,
-            vnetIds: [(0, pulumi_1.output)(network.subnetId).apply(Helper_1.getVnetIdFromSubnetId)],
-        })
-        : undefined;
+    // if (!linux?.sshKeys || !linux.sshKeys[0]) {
+    //   console.error("Aks sshKeys is required:", name);
+    //   return undefined;
+    // }
     //Create AKS Cluster
     const aks = new native.containerservice.ManagedCluster(aksName, {
         resourceName: aksName,
         ...group,
         nodeResourceGroup,
         dnsPrefix: aksName,
+        //fqdnSubdomain: '',
         //kubernetesVersion,
         apiServerAccessProfile: {
-            authorizedIPRanges: aksAccess?.enablePrivateCluster
-                ? []
+            authorizedIPRanges: features?.enablePrivateCluster
+                ? undefined
                 : aksAccess?.authorizedIPRanges || [],
             disableRunCommand: true,
-            enablePrivateCluster: aksAccess?.enablePrivateCluster,
-            privateDNSZone: privateZone?.id,
+            enablePrivateCluster: features?.enablePrivateCluster,
+            enablePrivateClusterPublicFQDN: true,
+            privateDNSZone: "system",
         },
-        //fqdnSubdomain: '',
         addonProfiles: {
             azureKeyvaultSecretsProvider: {
                 config: addon.enableAzureKeyVault
                     ? {
-                        enableSecretRotation: 'true',
+                        enableSecretRotation: "true",
                     }
                     : undefined,
                 enabled: Boolean(addon.enableAzureKeyVault),
             },
             azurePolicy: { enabled: Boolean(addon.enableAzurePolicy) },
             kubeDashboard: { enabled: Boolean(addon.enableKubeDashboard) },
-            //If there is no public P address provided, the public app can access via HTTP app routing only and feature only support HTTP.
-            //TO enable HTTPS support need to create a cluster with a public IP address.
-            httpApplicationRouting: {
-                enabled: !network.outboundIpAddress?.ipAddressId &&
-                    !network.enableFirewall &&
-                    !aksAccess?.enablePrivateCluster,
-            },
+            httpApplicationRouting: { enabled: false },
             aciConnectorLinux: {
                 enabled: Boolean(network.virtualHostSubnetName),
                 config: network.virtualHostSubnetName
@@ -192,10 +147,10 @@ defaultNodePool, nodePools, enableAutoScale, network, log, acr, aksAccess, vault
                     : undefined,
             },
             omsAgent: {
-                enabled: Boolean(log?.logWpId),
-                config: log
+                enabled: Boolean(logWpId),
+                config: logWpId
                     ? {
-                        logAnalyticsWorkspaceResourceID: log.logWpId,
+                        logAnalyticsWorkspaceResourceID: logWpId,
                     }
                     : undefined,
             },
@@ -204,26 +159,29 @@ defaultNodePool, nodePools, enableAutoScale, network, log, acr, aksAccess, vault
             name: native.containerservice.ManagedClusterSKUName.Base,
             tier,
         },
+        supportPlan: native.containerservice.KubernetesSupportPlan.KubernetesOfficial,
         agentPoolProfiles: [
             {
                 ...defaultNodePoolProps,
                 ...defaultNodePool,
                 ...autoScaleFor({
                     env: AzureEnv_1.currentEnv,
-                    nodeType: defaultNodePool.mode,
-                    enableAutoScaling: enableAutoScale,
+                    nodeType: "System",
+                    enableAutoScaling: features?.enableAutoScale,
+                    // powerState: {
+                    //   code: "Running",
+                    // },
+                    // upgradeSettings: {
+                    //   maxSurge: "10%",
+                    // },
                 }),
-                count: defaultNodePool.mode === 'System' ? 1 : 0,
-                //orchestratorVersion: kubernetesVersion,
+                name: "defaultnodes",
+                mode: "System",
+                count: 1,
                 vnetSubnetID: network.subnetId,
-                kubeletDiskType: 'OS',
-                osSKU: 'Ubuntu',
-                osType: 'Linux',
-                //upgradeSettings: {},
-                tags: {
-                    ...defaultNodePoolProps.tags,
-                    mode: defaultNodePool.mode,
-                },
+                kubeletDiskType: "OS",
+                osSKU: "Ubuntu",
+                osType: "Linux",
             },
         ],
         linuxProfile: linux
@@ -232,51 +190,54 @@ defaultNodePool, nodePools, enableAutoScale, network, log, acr, aksAccess, vault
                 ssh: { publicKeys: linux.sshKeys.map((k) => ({ keyData: k })) },
             }
             : undefined,
+        //This is not inuse
+        windowsProfile: {
+            adminUsername: "azureuser",
+            enableCSIProxy: true,
+        },
         autoScalerProfile: {
-            balanceSimilarNodeGroups: 'true',
-            expander: 'random',
-            maxEmptyBulkDelete: '10',
-            maxGracefulTerminationSec: '600',
-            maxNodeProvisionTime: '15m',
-            maxTotalUnreadyPercentage: '45',
-            newPodScaleUpDelay: '0s',
-            okTotalUnreadyCount: '3',
-            scaleDownDelayAfterAdd: '30m',
-            scaleDownDelayAfterDelete: '60s',
-            scaleDownDelayAfterFailure: '10m',
-            scaleDownUnneededTime: '10m',
-            scaleDownUnreadyTime: '20m',
-            scaleDownUtilizationThreshold: '0.5',
-            scanInterval: '60s',
-            skipNodesWithLocalStorage: 'false',
-            skipNodesWithSystemPods: 'true',
+            balanceSimilarNodeGroups: "true",
+            expander: "random",
+            maxEmptyBulkDelete: "10",
+            maxGracefulTerminationSec: "600",
+            maxNodeProvisionTime: "15m",
+            maxTotalUnreadyPercentage: "45",
+            newPodScaleUpDelay: "0s",
+            okTotalUnreadyCount: "3",
+            scaleDownDelayAfterAdd: "30m",
+            scaleDownDelayAfterDelete: "60s",
+            scaleDownDelayAfterFailure: "10m",
+            scaleDownUnneededTime: "10m",
+            scaleDownUnreadyTime: "20m",
+            scaleDownUtilizationThreshold: "0.5",
+            scanInterval: "60s",
+            skipNodesWithLocalStorage: "false",
+            skipNodesWithSystemPods: "true",
         },
         //Still under preview
         // workloadAutoScalerProfile: enableAutoScale
         //   ? { keda: { enabled: true } }
         //   : undefined,
-        servicePrincipalProfile: serviceIdentity
-            ? {
-                clientId: serviceIdentity.clientId,
-                secret: serviceIdentity.clientSecret,
-            }
-            : undefined,
+        //azureMonitorProfile: { metrics: { enabled } },
+        //Refer here for details https://learn.microsoft.com/en-us/azure/aks/use-managed-identity
+        //enablePodSecurityPolicy: true,
+        servicePrincipalProfile: {
+            clientId: serviceIdentity.clientId,
+            secret: serviceIdentity.clientSecret,
+        },
         securityProfile: {
-            defender: AzureEnv_1.isPrd
+            defender: logWpId && AzureEnv_1.isPrd
                 ? {
-                    logAnalyticsWorkspaceResourceId: log?.logWpId,
+                    logAnalyticsWorkspaceResourceId: logWpId,
                     securityMonitoring: { enabled: true },
                 }
                 : undefined,
             imageCleaner: { enabled: true, intervalHours: 24 },
             workloadIdentity: { enabled: false },
         },
-        //azureMonitorProfile: { metrics: { enabled } },
-        //Refer here for details https://learn.microsoft.com/en-us/azure/aks/use-managed-identity
-        enablePodSecurityPolicy: false,
-        podIdentityProfile: featureFlags.enablePodIdentity
+        podIdentityProfile: features.enablePodIdentity
             ? {
-                enabled: featureFlags.enablePodIdentity,
+                enabled: features.enablePodIdentity,
                 //Not allow pod to use kublet command
                 allowNetworkPluginKubenet: false,
             }
@@ -284,28 +245,21 @@ defaultNodePool, nodePools, enableAutoScale, network, log, acr, aksAccess, vault
         identity: {
             type: native.containerservice.ResourceIdentityType.SystemAssigned,
         },
-        // identityProfile: podIdentity
-        //   ? {
-        //       kubeletidentity: {
-        //         clientId: podIdentity.clientId,
-        //         objectId: podIdentity.principalId,
-        //         resourceId: podIdentity.id,
-        //       },
-        //     }
-        //   : undefined,
-        //Preview Features
         autoUpgradeProfile: {
             upgradeChannel: native.containerservice.UpgradeChannel.Patch,
+            //nodeOSUpgradeChannel: "NodeImage",
         },
-        //securityProfile:{},
         disableLocalAccounts,
         enableRBAC: true,
-        aadProfile: {
-            enableAzureRBAC: true,
-            managed: true,
-            adminGroupObjectIDs: adminGroup ? [adminGroup.objectId] : undefined,
-            tenantID: AzureEnv_1.tenantId,
-        },
+        aadProfile: aksAccess?.envRoles
+            ? {
+                enableAzureRBAC: true,
+                managed: true,
+                adminGroupObjectIDs: [aksAccess.envRoles.admin.objectId],
+                tenantID: AzureEnv_1.tenantId,
+            }
+            : undefined,
+        oidcIssuerProfile: { enabled: false },
         storageProfile: {
             blobCSIDriver: {
                 enabled: true,
@@ -314,6 +268,7 @@ defaultNodePool, nodePools, enableAutoScale, network, log, acr, aksAccess, vault
                 enabled: true,
             },
             fileCSIDriver: { enabled: true },
+            snapshotController: { enabled: true },
         },
         networkProfile: {
             networkMode: native.containerservice.NetworkMode.Transparent,
@@ -322,20 +277,17 @@ defaultNodePool, nodePools, enableAutoScale, network, log, acr, aksAccess, vault
             //dnsServiceIP: '10.0.0.10',
             //dockerBridgeCidr: '172.17.0.1/16',
             //serviceCidr: '10.0.0.0/16',
-            outboundType: network.enableFirewall || aksAccess?.enablePrivateCluster
+            outboundType: features?.enablePrivateCluster || !network.outboundIpAddress
                 ? native.containerservice.OutboundType.UserDefinedRouting
                 : native.containerservice.OutboundType.LoadBalancer,
-            loadBalancerSku: network.outboundIpAddress?.ipAddressId ||
-                network.enableFirewall ||
-                aksAccess?.enablePrivateCluster
-                ? 'Standard'
-                : 'Basic',
-            loadBalancerProfile: network.outboundIpAddress &&
-                !(network.enableFirewall || aksAccess?.enablePrivateCluster)
+            loadBalancerSku: "Standard",
+            loadBalancerProfile: network.outboundIpAddress
                 ? {
-                    outboundIPs: {
-                        publicIPs: [{ id: network.outboundIpAddress.ipAddressId }],
-                    },
+                    outboundIPs: network.outboundIpAddress.ipAddressId
+                        ? {
+                            publicIPs: [{ id: network.outboundIpAddress.ipAddressId }],
+                        }
+                        : undefined,
                     outboundIPPrefixes: network.outboundIpAddress.ipAddressPrefixId
                         ? {
                             publicIPPrefixes: [
@@ -348,13 +300,28 @@ defaultNodePool, nodePools, enableAutoScale, network, log, acr, aksAccess, vault
         },
     }, {
         protect: lock,
-        dependsOn: serviceIdentity
-            ? [...dependsOn, serviceIdentity.resource]
-            : dependsOn,
-        import: importFrom,
+        dependsOn: serviceIdentity.resource,
+        import: importUri,
         deleteBeforeReplace: true,
-        ignoreChanges: ['privateLinkResources', 'networkProfile', 'linuxProfile'],
+        ignoreChanges,
     });
+    new native.containerservice.MaintenanceConfiguration(`${aksName}-MaintenanceConfiguration`, {
+        configName: "default",
+        // notAllowedTime: [
+        //   {
+        //     end: "2020-11-30T12:00:00Z",
+        //     start: "2020-11-26T03:00:00Z",
+        //   },
+        // ],
+        ...group,
+        resourceName: aks.name,
+        timeInWeek: [
+            {
+                day: native.containerservice.WeekDay.Sunday,
+                hourSlots: [0, 23],
+            },
+        ],
+    }, { dependsOn: aks });
     if (lock) {
         (0, Locker_1.default)({ name: aksName, resource: aks });
     }
@@ -368,26 +335,21 @@ defaultNodePool, nodePools, enableAutoScale, network, log, acr, aksAccess, vault
             ...autoScaleFor({
                 env: AzureEnv_1.currentEnv,
                 nodeType: p.mode,
-                enableAutoScaling: enableAutoScale,
+                enableAutoScaling: features.enableAutoScale,
             }),
-            count: p.mode === 'System' ? 1 : 0,
+            count: p.mode === "System" ? 1 : 0,
             //orchestratorVersion: kubernetesVersion,
             vnetSubnetID: network.subnetId,
-            kubeletDiskType: 'OS',
-            osSKU: 'Ubuntu',
-            osType: 'Linux',
-            //upgradeSettings: {},
-            tags: {
-                ...defaultNodePoolProps.tags,
-                mode: p.mode,
-            },
+            kubeletDiskType: "OS",
+            osSKU: "Ubuntu",
+            osType: "Linux",
         }));
     }
     if (vaultInfo) {
         aks.id.apply(async (id) => {
             if (!id)
                 return;
-            const config = await (0, Helper_2.getAksConfig)({
+            const config = await (0, Helper_1.getAksConfig)({
                 name: aksName,
                 groupName: group.resourceGroupName,
                 formattedName: true,
@@ -396,6 +358,7 @@ defaultNodePool, nodePools, enableAutoScale, network, log, acr, aksAccess, vault
             (0, CustomHelper_1.addCustomSecret)({
                 name: secretName,
                 value: config,
+                formattedName: true,
                 dependsOn: aks,
                 ignoreChange: true,
                 contentType: name,
@@ -407,151 +370,72 @@ defaultNodePool, nodePools, enableAutoScale, network, log, acr, aksAccess, vault
     aks.id.apply(async (id) => {
         if (!id)
             return;
-        //Admin
-        if (adminGroup) {
-            await Promise.all([
-                {
-                    shortName: 'Admin-Contributor-Role',
-                    name: 'Azure Kubernetes Service Contributor Role',
-                },
-                {
-                    shortName: 'Admin-RBAC-Cluster-Admin',
-                    name: 'Azure Kubernetes Service RBAC Cluster Admin',
-                },
-                {
-                    shortName: 'Admin-Cluster-Admin-Role',
-                    name: 'Azure Kubernetes Service Cluster Admin Role',
-                },
-                {
-                    shortName: 'Admin-Cluster-Monitoring-User',
-                    name: 'Azure Kubernetes Service Cluster Monitoring User',
-                },
-                {
-                    shortName: 'Admin-Cluster-User-Role',
-                    name: 'Azure Kubernetes Service Cluster User Role',
-                },
-            ].map((r) => (0, RoleAssignment_1.roleAssignment)({
-                name: `${name}-${r.shortName}`,
-                principalId: adminGroup.objectId,
-                principalType: 'Group',
-                roleName: r.name,
-                scope: id,
-            })));
-        }
-        //Contributor
-        if (contributeGroup) {
-            await Promise.all([
-                {
-                    shortName: 'Contributor-Contributor-Role',
-                    name: 'Azure Kubernetes Service Contributor Role',
-                },
-                {
-                    shortName: 'Contributor-RBAC-Admin',
-                    name: 'Azure Kubernetes Service RBAC Admin',
-                },
-                {
-                    shortName: 'Contributor-RBAC-Reader',
-                    name: 'Azure Kubernetes Service RBAC Reader',
-                },
-                {
-                    shortName: 'Contributor-RBAC-Writer',
-                    name: 'Azure Kubernetes Service RBAC Writer',
-                },
-            ].map((r) => (0, RoleAssignment_1.roleAssignment)({
-                name: `${name}-${r.shortName}`,
-                principalId: contributeGroup.objectId,
-                principalType: 'Group',
-                roleName: r.name,
-                scope: id,
-            })));
-        }
+        //Grant Permission for Identity
+        pulumi
+            .all([aks.identity, aks.identityProfile, network.subnetId])
+            .apply(([identity, identityProfile, sId]) => {
+            if (acrScope && identityProfile && identityProfile["kubeletidentity"]) {
+                (0, RoleAssignment_1.roleAssignment)({
+                    name: `${name}-aks-identity-profile-pull`,
+                    principalId: identityProfile["kubeletidentity"].objectId,
+                    principalType: "ServicePrincipal",
+                    roleName: "AcrPull",
+                    scope: acrScope,
+                });
+                if (vaultInfo) {
+                    (0, CustomHelper_1.addCustomSecret)({
+                        name: `${name}-identity-clientId`,
+                        value: identityProfile["kubeletidentity"].clientId,
+                        dependsOn: aks,
+                        contentType: name,
+                        vaultInfo,
+                    });
+                }
+            }
+            if (network.subnetId && identity) {
+                (0, RoleAssignment_1.roleAssignment)({
+                    name: `${name}-system-net`,
+                    principalId: identity.principalId,
+                    roleName: "Contributor",
+                    principalType: "ServicePrincipal",
+                    scope: (0, AzureEnv_1.getResourceIdFromInfo)({
+                        group: (0, AzureEnv_1.parseResourceInfoFromId)(sId).group,
+                    }),
+                });
+            }
+        });
         //Diagnostic
-        if (featureFlags.enableDiagnosticSetting) {
+        if (features.enableDiagnosticSetting && logWpId) {
             (0, Helpers_1.createDiagnostic)({
                 name,
                 targetResourceId: id,
-                ...log,
+                logWpId,
                 logsCategories: [
-                    'guard',
-                    'kube-controller-manager',
-                    'kube-audit-admin',
-                    'kube-audit',
-                    'kube-scheduler',
-                    'cluster-autoscaler',
+                    "guard",
+                    "kube-controller-manager",
+                    "kube-audit-admin",
+                    "kube-audit",
+                    "kube-scheduler",
+                    "cluster-autoscaler",
                 ],
+                dependsOn: aks,
             });
-        }
-    });
-    //Grant Permission for Identity
-    pulumi
-        .all([aks.identity, aks.identityProfile, network.subnetId])
-        .apply(([identity, identityProfile, sId]) => {
-        console.log('Grant RBAC for cluster:', name);
-        //Already assigned when creating the service
-        // if (serviceIdentity?.principalId) {
-        //   await roleAssignment({
-        //     name: `${name}-aks-identity-acr-pull`,
-        //     principalId: serviceIdentity?.principalId,
-        //     principalType: 'ServicePrincipal',
-        //     roleName: 'AcrPull',
-        //     scope: defaultScope,
-        //   });
-        // }
-        if (acrScope && identityProfile && identityProfile['kubeletidentity']) {
-            (0, RoleAssignment_1.roleAssignment)({
-                name: `${name}-aks-identity-profile-pull`,
-                principalId: identityProfile['kubeletidentity'].objectId,
-                principalType: 'ServicePrincipal',
-                roleName: 'AcrPull',
-                scope: acrScope,
-            });
-            if (vaultInfo) {
-                (0, CustomHelper_1.addCustomSecret)({
-                    name: `${name}-identity-clientId`,
-                    value: identityProfile['kubeletidentity'].clientId,
-                    dependsOn: aks,
-                    contentType: name,
-                    vaultInfo,
-                });
-            }
-        }
-        // if (identity?.principalId) {
-        //   await roleAssignment({
-        //     name: `${name}-system-acr-pull`,
-        //     principalId: identity.principalId,
-        //     principalType: 'ServicePrincipal',
-        //     roleName: 'AcrPull',
-        //     scope: defaultScope,
-        //   });
-        // }
-        if (network.subnetId && identity) {
-            (0, RoleAssignment_1.roleAssignment)({
-                name: `${name}-system-net`,
-                principalId: identity.principalId,
-                roleName: 'Contributor',
-                principalType: 'ServicePrincipal',
-                scope: (0, AzureEnv_1.getResourceIdFromInfo)({
-                    group: (0, AzureEnv_1.getResourceInfoFromId)(sId).group,
-                }),
-            });
-        }
-        if (privateZone && identity) {
-            (0, RoleAssignment_1.roleAssignment)({
-                name: `${name}-private-dns`,
-                principalId: identity.principalId,
-                roleName: 'Private DNS Zone Contributor',
-                principalType: 'ServicePrincipal',
-                scope: privateZone.id,
+            //Apply monitoring for VMScale Sets
+            (0, VmSetMonitor_1.default)({
+                group: { resourceGroupName: nodeResourceGroup },
+                logWpId,
+                vaultInfo,
+                dependsOn: aks,
             });
         }
     });
-    //Apply monitoring for VMScale Sets
-    (0, VmSetMonitor_1.default)({
-        group: { resourceGroupName: nodeResourceGroup },
-        ...log,
-        vaultInfo,
-        dependsOn: aks,
-    });
-    return { aks, serviceIdentity, adminGroup, privateZone };
+    return {
+        aks,
+        serviceIdentity,
+        disableLocalAccounts,
+        getKubeConfig: () => (0, pulumi_1.output)((0, KeyVaultBase_1.getKeyVaultBase)(vaultInfo.name)
+            .getSecret(secretName)
+            .then((s) => s.value)),
+    };
 };
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvQWtzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLCtDQUErQztBQUMvQyx5Q0FBeUM7QUFDekMsMkNBQStDO0FBQy9DLGlEQUEyQztBQUUzQyxpREFRNEI7QUFDNUIsMkNBQW9DO0FBQ3BDLHlDQUE0QztBQUM1QyxpREFBMkM7QUFDM0MsNkNBQW1EO0FBQ25ELDZDQUE4QztBQUM5QyxtREFBNEM7QUFDNUMsMkNBQXVEO0FBQ3ZELDJEQUF3RDtBQUN4RCx5Q0FBMkM7QUFFM0MscUNBQXdDO0FBQ3hDLDJEQUEyRDtBQUUzRCxvRkFBb0Y7QUFFcEYsTUFBTSxZQUFZLEdBQUcsQ0FBQyxFQUNwQixpQkFBaUIsRUFDakIsUUFBUSxFQUNSLEdBQUcsR0FLSixFQUFFLEVBQUU7SUFDSCxNQUFNLFNBQVMsR0FBRyxDQUFDLENBQUM7SUFDcEIsTUFBTSxRQUFRLEdBQUcsQ0FBQyxDQUFDO0lBQ25CLElBQUksUUFBUSxHQUFHLENBQUMsQ0FBQztJQUVqQixJQUFJLEdBQUcsS0FBSyx1QkFBWSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBQzdCLFFBQVEsUUFBUSxFQUFFLENBQUM7WUFDakIsS0FBSyxNQUFNO2dCQUNULFFBQVEsR0FBRyxDQUFDLENBQUM7Z0JBQ2IsTUFBTTtZQUVSLEtBQUssU0FBUyxDQUFDO1lBQ2YsS0FBSyxRQUFRLENBQUM7WUFDZDtnQkFDRSxRQUFRLEdBQUcsQ0FBQyxDQUFDO2dCQUNiLE1BQU07UUFDVixDQUFDO0lBQ0gsQ0FBQztJQUVELE9BQU87UUFDTCxpQkFBaUI7UUFDakIsU0FBUyxFQUFFLGlCQUFpQixDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLFNBQVM7UUFDcEQsUUFBUSxFQUFFLGlCQUFpQixDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLFNBQVM7UUFDbEQsUUFBUSxFQUFFLGlCQUFpQixDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLFNBQVM7S0FDbkQsQ0FBQztBQUNKLENBQUMsQ0FBQztBQUVGLE1BQU0sb0JBQW9CLEdBQUc7SUFDM0IsaUJBQWlCLEVBQUUsZ0JBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTO0lBQ3RELElBQUksRUFBRSxNQUFNLENBQUMsZ0JBQWdCLENBQUMsYUFBYSxDQUFDLHVCQUF1QjtJQUNuRSxNQUFNLEVBQUUsY0FBYztJQUV0QixPQUFPLEVBQUUsRUFBRTtJQUNYLFVBQVUsRUFBRSxLQUFLO0lBQ2pCLGtCQUFrQixFQUFFLEtBQUs7SUFFekIsY0FBYyxFQUFFLGdCQUFLO0lBQ3JCLFlBQVksRUFBRSxHQUFHO0lBQ2pCLFVBQVUsRUFBRSxNQUFNLENBQUMsZ0JBQWdCLENBQUMsVUFBVSxDQUFDLE9BQU87SUFFdEQsVUFBVSxFQUFFO1FBQ1YsV0FBVyxFQUFFLHFCQUFVO1FBQ3ZCLEtBQUssRUFBTCxnQkFBSztLQUNOO0lBRUQsSUFBSSxFQUFFO1FBQ0osV0FBVyxFQUFFLHFCQUFVO0tBQ3hCO0NBQ0YsQ0FBQztBQUVGLElBQVksT0FtQlg7QUFuQkQsV0FBWSxPQUFPO0lBQ2pCLCtCQUErQjtJQUMvQixvREFBeUMsQ0FBQTtJQUN6Qyw2QkFBNkI7SUFDN0IsNkNBQWtDLENBQUE7SUFDbEMsK0JBQStCO0lBQy9CLDhDQUFtQyxDQUFBO0lBQ25DLDRCQUE0QjtJQUM1QixtREFBd0MsQ0FBQTtJQUN4Qyw0QkFBNEI7SUFDNUIsaURBQXNDLENBQUE7SUFDdEMsK0JBQStCO0lBQy9CLG9EQUF5QyxDQUFBO0lBQ3pDLDZCQUE2QjtJQUM3QiwrQ0FBb0MsQ0FBQTtJQUNwQyw4QkFBOEI7SUFDOUIsZ0RBQXFDLENBQUE7SUFDckMsK0JBQStCO0lBQy9CLGtEQUF1QyxDQUFBO0FBQ3pDLENBQUMsRUFuQlcsT0FBTyx1QkFBUCxPQUFPLFFBbUJsQjtBQXVFRCxvSkFBb0o7QUFDcEosa0JBQWUsS0FBSyxFQUFFLEVBQ3BCLEtBQUssRUFDTCxpQkFBaUIsRUFDakIsSUFBSSxFQUNKLEtBQUs7QUFDTCxvQkFBb0I7QUFDcEIsZUFBZSxFQUNmLFNBQVMsRUFDVCxlQUFlLEVBQ2YsT0FBTyxFQUNQLEdBQUcsRUFDSCxHQUFHLEVBQ0gsU0FBUyxFQUNULFNBQVMsRUFDVCxZQUFZLEdBQUcsRUFBRSx1QkFBdUIsRUFBRSxJQUFJLEVBQUUsRUFDaEQsS0FBSyxHQUFHO0lBQ04saUJBQWlCLEVBQUUsSUFBSTtJQUN2QixtQkFBbUIsRUFBRSxJQUFJO0lBQ3pCLG1CQUFtQixFQUFFLEtBQUs7Q0FDM0IsRUFDRCxJQUFJLEdBQUcsTUFBTSxDQUFDLGdCQUFnQixDQUFDLHFCQUFxQixDQUFDLElBQUksRUFDekQsSUFBSSxHQUFHLElBQUksRUFDWCxTQUFTLEdBQUcsRUFBRSxFQUNkLFVBQVUsR0FDRCxFQUFFLEVBQUU7SUFDYixNQUFNLE9BQU8sR0FBRyxJQUFBLG1CQUFVLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFDakMsTUFBTSxVQUFVLEdBQUcsR0FBRyxPQUFPLFNBQVMsQ0FBQztJQUN2QyxNQUFNLFFBQVEsR0FBRyxHQUFHLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsRUFBRSxJQUFJLHVCQUFZLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQztJQUNsRSxNQUFNLG9CQUFvQixHQUFHLFNBQVM7UUFDcEMsQ0FBQyxDQUFDLE1BQU0sSUFBQSw4QkFBZSxFQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxnQkFBZ0IsQ0FBQyxVQUFVLENBQUM7UUFDcEUsQ0FBQyxDQUFDLEtBQUssQ0FBQztJQUNWLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxFQUFFLEVBQUUsb0JBQW9CLEVBQUUsQ0FBQyxDQUFDO0lBQzVDLGlCQUFpQixHQUFHLGlCQUFpQixJQUFJLEdBQUcsT0FBTyxRQUFRLENBQUM7SUFFNUQscUJBQXFCO0lBQ3JCLDBEQUEwRDtJQUMxRCwyQkFBMkI7SUFDM0IsZ0JBQWdCO0lBQ2hCLGlCQUFpQjtJQUNqQixvRUFBb0U7SUFDcEUsOERBQThEO0lBQzlELFdBQVc7SUFDWCxtQkFBbUI7SUFFbkIsc0RBQXNEO0lBQ3RELHdCQUF3QjtJQUN4QixjQUFjO0lBQ2QsZUFBZTtJQUNmLGNBQWM7SUFDZCxTQUFTO0lBQ1QsaUJBQWlCO0lBRWpCLE1BQU0sZUFBZSxHQUFHLFlBQVksQ0FBQyxzQkFBc0I7UUFDekQsQ0FBQyxDQUFDLElBQUEsa0JBQWtCLEVBQUM7WUFDakIsSUFBSSxFQUFFLE9BQU87WUFDYixTQUFTO1NBQ1YsQ0FBQztRQUNKLENBQUMsQ0FBQyxTQUFTLENBQUM7SUFFZCxNQUFNLFVBQVUsR0FBRyxTQUFTLEVBQUUsWUFBWTtRQUN4QyxDQUFDLENBQUMsSUFBQSxrQkFBVSxFQUFDLFNBQVMsQ0FBQyxZQUFZLENBQUMsS0FBSyxDQUFDO1FBQzFDLENBQUMsQ0FBQyxTQUFTLENBQUM7SUFFZCxNQUFNLGVBQWUsR0FBRyxTQUFTLEVBQUUsWUFBWTtRQUM3QyxDQUFDLENBQUMsSUFBQSxrQkFBVSxFQUFDLFNBQVMsQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDO1FBQ2hELENBQUMsQ0FBQyxTQUFTLENBQUM7SUFFZCx5RUFBeUU7SUFFekUsZ0VBQWdFO0lBQ2hFLElBQUksQ0FBQyxPQUFPLEVBQUUsUUFBUSxFQUFFLENBQUM7UUFDdkIsT0FBTyxDQUFDLEtBQUssQ0FBQywyQkFBMkIsRUFBRSxJQUFJLENBQUMsQ0FBQztRQUNqRCxPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0lBQ0QsSUFBSSxDQUFDLEtBQUssRUFBRSxPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7UUFDekMsT0FBTyxDQUFDLEtBQUssQ0FBQywwQkFBMEIsRUFBRSxJQUFJLENBQUMsQ0FBQztRQUNoRCxPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0lBRUQsc0NBQXNDO0lBQ3RDLE1BQU0sV0FBVyxHQUFHLFNBQVMsRUFBRSxvQkFBb0I7UUFDakQsQ0FBQyxDQUFDLElBQUEsb0JBQVUsRUFBQztZQUNULElBQUksRUFBRSxxQ0FBcUM7WUFDM0MsS0FBSztZQUNMLE9BQU8sRUFBRSxDQUFDLElBQUEsZUFBTSxFQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsQ0FBQyxLQUFLLENBQUMsOEJBQXFCLENBQUMsQ0FBQztTQUNqRSxDQUFDO1FBQ0osQ0FBQyxDQUFDLFNBQVMsQ0FBQztJQUVkLG9CQUFvQjtJQUNwQixNQUFNLEdBQUcsR0FBRyxJQUFJLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxjQUFjLENBQ3BELE9BQU8sRUFDUDtRQUNFLFlBQVksRUFBRSxPQUFPO1FBQ3JCLEdBQUcsS0FBSztRQUNSLGlCQUFpQjtRQUNqQixTQUFTLEVBQUUsT0FBTztRQUNsQixvQkFBb0I7UUFFcEIsc0JBQXNCLEVBQUU7WUFDdEIsa0JBQWtCLEVBQUUsU0FBUyxFQUFFLG9CQUFvQjtnQkFDakQsQ0FBQyxDQUFDLEVBQUU7Z0JBQ0osQ0FBQyxDQUFDLFNBQVMsRUFBRSxrQkFBa0IsSUFBSSxFQUFFO1lBQ3ZDLGlCQUFpQixFQUFFLElBQUk7WUFDdkIsb0JBQW9CLEVBQUUsU0FBUyxFQUFFLG9CQUFvQjtZQUNyRCxjQUFjLEVBQUUsV0FBVyxFQUFFLEVBQUU7U0FDaEM7UUFDRCxvQkFBb0I7UUFFcEIsYUFBYSxFQUFFO1lBQ2IsNEJBQTRCLEVBQUU7Z0JBQzVCLE1BQU0sRUFBRSxLQUFLLENBQUMsbUJBQW1CO29CQUMvQixDQUFDLENBQUM7d0JBQ0Usb0JBQW9CLEVBQUUsTUFBTTtxQkFDN0I7b0JBQ0gsQ0FBQyxDQUFDLFNBQVM7Z0JBQ2IsT0FBTyxFQUFFLE9BQU8sQ0FBQyxLQUFLLENBQUMsbUJBQW1CLENBQUM7YUFDNUM7WUFFRCxXQUFXLEVBQUUsRUFBRSxPQUFPLEVBQUUsT0FBTyxDQUFDLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxFQUFFO1lBQzFELGFBQWEsRUFBRSxFQUFFLE9BQU8sRUFBRSxPQUFPLENBQUMsS0FBSyxDQUFDLG1CQUFtQixDQUFDLEVBQUU7WUFDOUQsOEhBQThIO1lBQzlILDRFQUE0RTtZQUM1RSxzQkFBc0IsRUFBRTtnQkFDdEIsT0FBTyxFQUNMLENBQUMsT0FBTyxDQUFDLGlCQUFpQixFQUFFLFdBQVc7b0JBQ3ZDLENBQUMsT0FBTyxDQUFDLGNBQWM7b0JBQ3ZCLENBQUMsU0FBUyxFQUFFLG9CQUFvQjthQUNuQztZQUVELGlCQUFpQixFQUFFO2dCQUNqQixPQUFPLEVBQUUsT0FBTyxDQUFDLE9BQU8sQ0FBQyxxQkFBcUIsQ0FBQztnQkFDL0MsTUFBTSxFQUFFLE9BQU8sQ0FBQyxxQkFBcUI7b0JBQ25DLENBQUMsQ0FBQyxFQUFFLFVBQVUsRUFBRSxPQUFPLENBQUMscUJBQXFCLEVBQUU7b0JBQy9DLENBQUMsQ0FBQyxTQUFTO2FBQ2Q7WUFFRCx5QkFBeUIsRUFBRTtnQkFDekIsT0FBTyxFQUFFLE9BQU8sQ0FBQyxLQUFLLENBQUMsa0JBQWtCLENBQUM7Z0JBQzFDLE1BQU0sRUFBRSxLQUFLLENBQUMsa0JBQWtCO29CQUM5QixDQUFDLENBQUM7d0JBQ0UsV0FBVyxFQUFFLEdBQUcsSUFBSSxVQUFVO3dCQUM5QixRQUFRLEVBQUUsS0FBSyxDQUFDLGtCQUFrQixDQUFDLGVBQWU7cUJBQ25EO29CQUNILENBQUMsQ0FBQyxTQUFTO2FBQ2Q7WUFFRCxRQUFRLEVBQUU7Z0JBQ1IsT0FBTyxFQUFFLE9BQU8sQ0FBQyxHQUFHLEVBQUUsT0FBTyxDQUFDO2dCQUM5QixNQUFNLEVBQUUsR0FBRztvQkFDVCxDQUFDLENBQUM7d0JBQ0UsK0JBQStCLEVBQUUsR0FBRyxDQUFDLE9BQVE7cUJBQzlDO29CQUNILENBQUMsQ0FBQyxTQUFTO2FBQ2Q7U0FDRjtRQUVELEdBQUcsRUFBRTtZQUNILElBQUksRUFBRSxNQUFNLENBQUMsZ0JBQWdCLENBQUMscUJBQXFCLENBQUMsSUFBSTtZQUN4RCxJQUFJO1NBQ0w7UUFFRCxpQkFBaUIsRUFBRTtZQUNqQjtnQkFDRSxHQUFHLG9CQUFvQjtnQkFDdkIsR0FBRyxlQUFlO2dCQUVsQixHQUFHLFlBQVksQ0FBQztvQkFDZCxHQUFHLEVBQUUscUJBQVU7b0JBQ2YsUUFBUSxFQUFFLGVBQWUsQ0FBQyxJQUFJO29CQUM5QixpQkFBaUIsRUFBRSxlQUFlO2lCQUNuQyxDQUFDO2dCQUVGLEtBQUssRUFBRSxlQUFlLENBQUMsSUFBSSxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO2dCQUNoRCx5Q0FBeUM7Z0JBQ3pDLFlBQVksRUFBRSxPQUFPLENBQUMsUUFBUTtnQkFDOUIsZUFBZSxFQUFFLElBQUk7Z0JBQ3JCLEtBQUssRUFBRSxRQUFRO2dCQUNmLE1BQU0sRUFBRSxPQUFPO2dCQUVmLHNCQUFzQjtnQkFDdEIsSUFBSSxFQUFFO29CQUNKLEdBQUcsb0JBQW9CLENBQUMsSUFBSTtvQkFDNUIsSUFBSSxFQUFFLGVBQWUsQ0FBQyxJQUFJO2lCQUMzQjthQUNGO1NBQ0Y7UUFFRCxZQUFZLEVBQUUsS0FBSztZQUNqQixDQUFDLENBQUM7Z0JBQ0UsYUFBYSxFQUFFLEtBQUssQ0FBQyxhQUFhO2dCQUNsQyxHQUFHLEVBQUUsRUFBRSxVQUFVLEVBQUUsS0FBSyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsRUFBRSxPQUFPLEVBQUUsQ0FBQyxFQUFFLENBQUMsQ0FBQyxFQUFFO2FBQ2hFO1lBQ0gsQ0FBQyxDQUFDLFNBQVM7UUFFYixpQkFBaUIsRUFBRTtZQUNqQix3QkFBd0IsRUFBRSxNQUFNO1lBQ2hDLFFBQVEsRUFBRSxRQUFRO1lBQ2xCLGtCQUFrQixFQUFFLElBQUk7WUFDeEIseUJBQXlCLEVBQUUsS0FBSztZQUNoQyxvQkFBb0IsRUFBRSxLQUFLO1lBQzNCLHlCQUF5QixFQUFFLElBQUk7WUFDL0Isa0JBQWtCLEVBQUUsSUFBSTtZQUN4QixtQkFBbUIsRUFBRSxHQUFHO1lBQ3hCLHNCQUFzQixFQUFFLEtBQUs7WUFDN0IseUJBQXlCLEVBQUUsS0FBSztZQUNoQywwQkFBMEIsRUFBRSxLQUFLO1lBQ2pDLHFCQUFxQixFQUFFLEtBQUs7WUFDNUIsb0JBQW9CLEVBQUUsS0FBSztZQUMzQiw2QkFBNkIsRUFBRSxLQUFLO1lBQ3BDLFlBQVksRUFBRSxLQUFLO1lBQ25CLHlCQUF5QixFQUFFLE9BQU87WUFDbEMsdUJBQXVCLEVBQUUsTUFBTTtTQUNoQztRQUVELHFCQUFxQjtRQUNyQiw2Q0FBNkM7UUFDN0Msa0NBQWtDO1FBQ2xDLGlCQUFpQjtRQUVqQix1QkFBdUIsRUFBRSxlQUFlO1lBQ3RDLENBQUMsQ0FBQztnQkFDRSxRQUFRLEVBQUUsZUFBZSxDQUFDLFFBQVE7Z0JBQ2xDLE1BQU0sRUFBRSxlQUFlLENBQUMsWUFBWTthQUNyQztZQUNILENBQUMsQ0FBQyxTQUFTO1FBRWIsZUFBZSxFQUFFO1lBQ2YsUUFBUSxFQUFFLGdCQUFLO2dCQUNiLENBQUMsQ0FBQztvQkFDRSwrQkFBK0IsRUFBRSxHQUFHLEVBQUUsT0FBTztvQkFDN0Msa0JBQWtCLEVBQUUsRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFO2lCQUN0QztnQkFDSCxDQUFDLENBQUMsU0FBUztZQUNiLFlBQVksRUFBRSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsYUFBYSxFQUFFLEVBQUUsRUFBRTtZQUNsRCxnQkFBZ0IsRUFBRSxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUU7U0FDckM7UUFFRCxnREFBZ0Q7UUFDaEQseUZBQXlGO1FBQ3pGLHVCQUF1QixFQUFFLEtBQUs7UUFDOUIsa0JBQWtCLEVBQUUsWUFBWSxDQUFDLGlCQUFpQjtZQUNoRCxDQUFDLENBQUM7Z0JBQ0UsT0FBTyxFQUFFLFlBQVksQ0FBQyxpQkFBaUI7Z0JBQ3ZDLHFDQUFxQztnQkFDckMseUJBQXlCLEVBQUUsS0FBSzthQUNqQztZQUNILENBQUMsQ0FBQyxTQUFTO1FBRWIsUUFBUSxFQUFFO1lBQ1IsSUFBSSxFQUFFLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxvQkFBb0IsQ0FBQyxjQUFjO1NBQ2xFO1FBQ0QsK0JBQStCO1FBQy9CLFFBQVE7UUFDUiwyQkFBMkI7UUFDM0IsMENBQTBDO1FBQzFDLDZDQUE2QztRQUM3QyxzQ0FBc0M7UUFDdEMsV0FBVztRQUNYLFFBQVE7UUFDUixpQkFBaUI7UUFFakIsa0JBQWtCO1FBQ2xCLGtCQUFrQixFQUFFO1lBQ2xCLGNBQWMsRUFBRSxNQUFNLENBQUMsZ0JBQWdCLENBQUMsY0FBYyxDQUFDLEtBQUs7U0FDN0Q7UUFDRCxxQkFBcUI7UUFDckIsb0JBQW9CO1FBQ3BCLFVBQVUsRUFBRSxJQUFJO1FBQ2hCLFVBQVUsRUFBRTtZQUNWLGVBQWUsRUFBRSxJQUFJO1lBQ3JCLE9BQU8sRUFBRSxJQUFJO1lBQ2IsbUJBQW1CLEVBQUUsVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUztZQUNuRSxRQUFRLEVBQUUsbUJBQVE7U0FDbkI7UUFFRCxjQUFjLEVBQUU7WUFDZCxhQUFhLEVBQUU7Z0JBQ2IsT0FBTyxFQUFFLElBQUk7YUFDZDtZQUNELGFBQWEsRUFBRTtnQkFDYixPQUFPLEVBQUUsSUFBSTthQUNkO1lBQ0QsYUFBYSxFQUFFLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRTtTQUNqQztRQUVELGNBQWMsRUFBRTtZQUNkLFdBQVcsRUFBRSxNQUFNLENBQUMsZ0JBQWdCLENBQUMsV0FBVyxDQUFDLFdBQVc7WUFDNUQsYUFBYSxFQUFFLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxhQUFhLENBQUMsS0FBSztZQUMxRCxhQUFhLEVBQUUsTUFBTSxDQUFDLGdCQUFnQixDQUFDLGFBQWEsQ0FBQyxLQUFLO1lBRTFELDRCQUE0QjtZQUM1QixvQ0FBb0M7WUFDcEMsNkJBQTZCO1lBRTdCLFlBQVksRUFDVixPQUFPLENBQUMsY0FBYyxJQUFJLFNBQVMsRUFBRSxvQkFBb0I7Z0JBQ3ZELENBQUMsQ0FBQyxNQUFNLENBQUMsZ0JBQWdCLENBQUMsWUFBWSxDQUFDLGtCQUFrQjtnQkFDekQsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxZQUFZLENBQUMsWUFBWTtZQUV2RCxlQUFlLEVBQ2IsT0FBTyxDQUFDLGlCQUFpQixFQUFFLFdBQVc7Z0JBQ3RDLE9BQU8sQ0FBQyxjQUFjO2dCQUN0QixTQUFTLEVBQUUsb0JBQW9CO2dCQUM3QixDQUFDLENBQUMsVUFBVTtnQkFDWixDQUFDLENBQUMsT0FBTztZQUViLG1CQUFtQixFQUNqQixPQUFPLENBQUMsaUJBQWlCO2dCQUN6QixDQUFDLENBQUMsT0FBTyxDQUFDLGNBQWMsSUFBSSxTQUFTLEVBQUUsb0JBQW9CLENBQUM7Z0JBQzFELENBQUMsQ0FBQztvQkFDRSxXQUFXLEVBQUU7d0JBQ1gsU0FBUyxFQUFFLENBQUMsRUFBRSxFQUFFLEVBQUUsT0FBTyxDQUFDLGlCQUFpQixDQUFDLFdBQVcsRUFBRSxDQUFDO3FCQUMzRDtvQkFDRCxrQkFBa0IsRUFBRSxPQUFPLENBQUMsaUJBQWlCLENBQUMsaUJBQWlCO3dCQUM3RCxDQUFDLENBQUM7NEJBQ0UsZ0JBQWdCLEVBQUU7Z0NBQ2hCLEVBQUUsRUFBRSxFQUFFLE9BQU8sQ0FBQyxpQkFBaUIsQ0FBQyxpQkFBaUIsRUFBRTs2QkFDcEQ7eUJBQ0Y7d0JBQ0gsQ0FBQyxDQUFDLFNBQVM7aUJBQ2Q7Z0JBQ0gsQ0FBQyxDQUFDLFNBQVM7U0FDaEI7S0FDRixFQUNEO1FBQ0UsT0FBTyxFQUFFLElBQUk7UUFDYixTQUFTLEVBQUUsZUFBZTtZQUN4QixDQUFDLENBQUMsQ0FBQyxHQUFHLFNBQVMsRUFBRSxlQUFlLENBQUMsUUFBUSxDQUFDO1lBQzFDLENBQUMsQ0FBQyxTQUFTO1FBQ2IsTUFBTSxFQUFFLFVBQVU7UUFDbEIsbUJBQW1CLEVBQUUsSUFBSTtRQUN6QixhQUFhLEVBQUUsQ0FBQyxzQkFBc0IsRUFBRSxnQkFBZ0IsRUFBRSxjQUFjLENBQUM7S0FDMUUsQ0FDRixDQUFDO0lBRUYsSUFBSSxJQUFJLEVBQUUsQ0FBQztRQUNULElBQUEsZ0JBQU0sRUFBQyxFQUFFLElBQUksRUFBRSxPQUFPLEVBQUUsUUFBUSxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUM7SUFDM0MsQ0FBQztJQUVELElBQUksU0FBUyxFQUFFLENBQUM7UUFDZCxTQUFTLENBQUMsR0FBRyxDQUNYLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FDSixJQUFJLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxTQUFTLENBQUMsR0FBRyxJQUFJLElBQUksQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFO1lBQ3pELHVCQUF1QjtZQUN2QixZQUFZLEVBQUUsR0FBRyxDQUFDLElBQUk7WUFDdEIsR0FBRyxLQUFLO1lBRVIsR0FBRyxvQkFBb0I7WUFDdkIsR0FBRyxDQUFDO1lBRUosR0FBRyxZQUFZLENBQUM7Z0JBQ2QsR0FBRyxFQUFFLHFCQUFVO2dCQUNmLFFBQVEsRUFBRSxDQUFDLENBQUMsSUFBSTtnQkFDaEIsaUJBQWlCLEVBQUUsZUFBZTthQUNuQyxDQUFDO1lBRUYsS0FBSyxFQUFFLENBQUMsQ0FBQyxJQUFJLEtBQUssUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDbEMseUNBQXlDO1lBQ3pDLFlBQVksRUFBRSxPQUFPLENBQUMsUUFBUTtZQUM5QixlQUFlLEVBQUUsSUFBSTtZQUNyQixLQUFLLEVBQUUsUUFBUTtZQUNmLE1BQU0sRUFBRSxPQUFPO1lBRWYsc0JBQXNCO1lBQ3RCLElBQUksRUFBRTtnQkFDSixHQUFHLG9CQUFvQixDQUFDLElBQUk7Z0JBQzVCLElBQUksRUFBRSxDQUFDLENBQUMsSUFBSTthQUNiO1NBQ0YsQ0FBQyxDQUNMLENBQUM7SUFDSixDQUFDO0lBQ0QsSUFBSSxTQUFTLEVBQUUsQ0FBQztRQUNkLEdBQUcsQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsRUFBRTtZQUN4QixJQUFJLENBQUMsRUFBRTtnQkFBRSxPQUFPO1lBRWhCLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBQSxxQkFBWSxFQUFDO2dCQUNoQyxJQUFJLEVBQUUsT0FBTztnQkFDYixTQUFTLEVBQUUsS0FBSyxDQUFDLGlCQUFpQjtnQkFDbEMsYUFBYSxFQUFFLElBQUk7Z0JBQ25CLG9CQUFvQixFQUFFLG9CQUFvQjthQUMzQyxDQUFDLENBQUM7WUFFSCxJQUFBLDhCQUFlLEVBQUM7Z0JBQ2QsSUFBSSxFQUFFLFVBQVU7Z0JBQ2hCLEtBQUssRUFBRSxNQUFNO2dCQUNiLFNBQVMsRUFBRSxHQUFHO2dCQUNkLFlBQVksRUFBRSxJQUFJO2dCQUNsQixXQUFXLEVBQUUsSUFBSTtnQkFDakIsU0FBUzthQUNWLENBQUMsQ0FBQztRQUNMLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELDRCQUE0QjtJQUU1QixHQUFHLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLEVBQUU7UUFDeEIsSUFBSSxDQUFDLEVBQUU7WUFBRSxPQUFPO1FBRWhCLE9BQU87UUFDUCxJQUFJLFVBQVUsRUFBRSxDQUFDO1lBQ2YsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUNmO2dCQUNFO29CQUNFLFNBQVMsRUFBRSx3QkFBd0I7b0JBQ25DLElBQUksRUFBRSwyQ0FBMkM7aUJBQ2xEO2dCQUNEO29CQUNFLFNBQVMsRUFBRSwwQkFBMEI7b0JBQ3JDLElBQUksRUFBRSw2Q0FBNkM7aUJBQ3BEO2dCQUNEO29CQUNFLFNBQVMsRUFBRSwwQkFBMEI7b0JBQ3JDLElBQUksRUFBRSw2Q0FBNkM7aUJBQ3BEO2dCQUNEO29CQUNFLFNBQVMsRUFBRSwrQkFBK0I7b0JBQzFDLElBQUksRUFBRSxrREFBa0Q7aUJBQ3pEO2dCQUNEO29CQUNFLFNBQVMsRUFBRSx5QkFBeUI7b0JBQ3BDLElBQUksRUFBRSw0Q0FBNEM7aUJBQ25EO2FBQ0YsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUNWLElBQUEsK0JBQWMsRUFBQztnQkFDYixJQUFJLEVBQUUsR0FBRyxJQUFJLElBQUksQ0FBQyxDQUFDLFNBQVMsRUFBRTtnQkFDOUIsV0FBVyxFQUFFLFVBQVUsQ0FBQyxRQUFRO2dCQUNoQyxhQUFhLEVBQUUsT0FBTztnQkFDdEIsUUFBUSxFQUFFLENBQUMsQ0FBQyxJQUFJO2dCQUNoQixLQUFLLEVBQUUsRUFBRTthQUNWLENBQUMsQ0FDSCxDQUNGLENBQUM7UUFDSixDQUFDO1FBRUQsYUFBYTtRQUNiLElBQUksZUFBZSxFQUFFLENBQUM7WUFDcEIsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUNmO2dCQUNFO29CQUNFLFNBQVMsRUFBRSw4QkFBOEI7b0JBQ3pDLElBQUksRUFBRSwyQ0FBMkM7aUJBQ2xEO2dCQUNEO29CQUNFLFNBQVMsRUFBRSx3QkFBd0I7b0JBQ25DLElBQUksRUFBRSxxQ0FBcUM7aUJBQzVDO2dCQUNEO29CQUNFLFNBQVMsRUFBRSx5QkFBeUI7b0JBQ3BDLElBQUksRUFBRSxzQ0FBc0M7aUJBQzdDO2dCQUNEO29CQUNFLFNBQVMsRUFBRSx5QkFBeUI7b0JBQ3BDLElBQUksRUFBRSxzQ0FBc0M7aUJBQzdDO2FBQ0YsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUNWLElBQUEsK0JBQWMsRUFBQztnQkFDYixJQUFJLEVBQUUsR0FBRyxJQUFJLElBQUksQ0FBQyxDQUFDLFNBQVMsRUFBRTtnQkFDOUIsV0FBVyxFQUFFLGVBQWUsQ0FBQyxRQUFRO2dCQUNyQyxhQUFhLEVBQUUsT0FBTztnQkFDdEIsUUFBUSxFQUFFLENBQUMsQ0FBQyxJQUFJO2dCQUNoQixLQUFLLEVBQUUsRUFBRTthQUNWLENBQUMsQ0FDSCxDQUNGLENBQUM7UUFDSixDQUFDO1FBRUQsWUFBWTtRQUNaLElBQUksWUFBWSxDQUFDLHVCQUF1QixFQUFFLENBQUM7WUFDekMsSUFBQSwwQkFBZ0IsRUFBQztnQkFDZixJQUFJO2dCQUNKLGdCQUFnQixFQUFFLEVBQUU7Z0JBQ3BCLEdBQUcsR0FBRztnQkFDTixjQUFjLEVBQUU7b0JBQ2QsT0FBTztvQkFDUCx5QkFBeUI7b0JBQ3pCLGtCQUFrQjtvQkFDbEIsWUFBWTtvQkFDWixnQkFBZ0I7b0JBQ2hCLG9CQUFvQjtpQkFDckI7YUFDRixDQUFDLENBQUM7UUFDTCxDQUFDO0lBQ0gsQ0FBQyxDQUFDLENBQUM7SUFFSCwrQkFBK0I7SUFDL0IsTUFBTTtTQUNILEdBQUcsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxRQUFRLEVBQUUsR0FBRyxDQUFDLGVBQWUsRUFBRSxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUM7U0FDMUQsS0FBSyxDQUFDLENBQUMsQ0FBQyxRQUFRLEVBQUUsZUFBZSxFQUFFLEdBQUcsQ0FBQyxFQUFFLEVBQUU7UUFDMUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyx5QkFBeUIsRUFBRSxJQUFJLENBQUMsQ0FBQztRQUU3Qyw0Q0FBNEM7UUFDNUMsc0NBQXNDO1FBQ3RDLDJCQUEyQjtRQUMzQiw2Q0FBNkM7UUFDN0MsaURBQWlEO1FBQ2pELHlDQUF5QztRQUN6QywyQkFBMkI7UUFDM0IsMkJBQTJCO1FBQzNCLFFBQVE7UUFDUixJQUFJO1FBRUosSUFBSSxRQUFRLElBQUksZUFBZSxJQUFJLGVBQWUsQ0FBQyxpQkFBaUIsQ0FBQyxFQUFFLENBQUM7WUFDdEUsSUFBQSwrQkFBYyxFQUFDO2dCQUNiLElBQUksRUFBRSxHQUFHLElBQUksNEJBQTRCO2dCQUN6QyxXQUFXLEVBQUUsZUFBZSxDQUFDLGlCQUFpQixDQUFDLENBQUMsUUFBUztnQkFDekQsYUFBYSxFQUFFLGtCQUFrQjtnQkFDakMsUUFBUSxFQUFFLFNBQVM7Z0JBQ25CLEtBQUssRUFBRSxRQUFRO2FBQ2hCLENBQUMsQ0FBQztZQUVILElBQUksU0FBUyxFQUFFLENBQUM7Z0JBQ2QsSUFBQSw4QkFBZSxFQUFDO29CQUNkLElBQUksRUFBRSxHQUFHLElBQUksb0JBQW9CO29CQUNqQyxLQUFLLEVBQUUsZUFBZSxDQUFDLGlCQUFpQixDQUFDLENBQUMsUUFBUztvQkFDbkQsU0FBUyxFQUFFLEdBQUc7b0JBQ2QsV0FBVyxFQUFFLElBQUk7b0JBQ2pCLFNBQVM7aUJBQ1YsQ0FBQyxDQUFDO1lBQ0wsQ0FBQztRQUNILENBQUM7UUFFRCwrQkFBK0I7UUFDL0IsMkJBQTJCO1FBQzNCLHVDQUF1QztRQUN2Qyx5Q0FBeUM7UUFDekMseUNBQXlDO1FBQ3pDLDJCQUEyQjtRQUMzQiwyQkFBMkI7UUFDM0IsUUFBUTtRQUNSLElBQUk7UUFFSixJQUFJLE9BQU8sQ0FBQyxRQUFRLElBQUksUUFBUSxFQUFFLENBQUM7WUFDakMsSUFBQSwrQkFBYyxFQUFDO2dCQUNiLElBQUksRUFBRSxHQUFHLElBQUksYUFBYTtnQkFDMUIsV0FBVyxFQUFFLFFBQVEsQ0FBQyxXQUFXO2dCQUNqQyxRQUFRLEVBQUUsYUFBYTtnQkFDdkIsYUFBYSxFQUFFLGtCQUFrQjtnQkFDakMsS0FBSyxFQUFFLElBQUEsZ0NBQXFCLEVBQUM7b0JBQzNCLEtBQUssRUFBRSxJQUFBLGdDQUFxQixFQUFDLEdBQUcsQ0FBRSxDQUFDLEtBQUs7aUJBQ3pDLENBQUM7YUFDSCxDQUFDLENBQUM7UUFDTCxDQUFDO1FBRUQsSUFBSSxXQUFXLElBQUksUUFBUSxFQUFFLENBQUM7WUFDNUIsSUFBQSwrQkFBYyxFQUFDO2dCQUNiLElBQUksRUFBRSxHQUFHLElBQUksY0FBYztnQkFDM0IsV0FBVyxFQUFFLFFBQVEsQ0FBQyxXQUFXO2dCQUNqQyxRQUFRLEVBQUUsOEJBQThCO2dCQUN4QyxhQUFhLEVBQUUsa0JBQWtCO2dCQUNqQyxLQUFLLEVBQUUsV0FBVyxDQUFDLEVBQUU7YUFDdEIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztJQUNILENBQUMsQ0FBQyxDQUFDO0lBRUwsbUNBQW1DO0lBQ25DLElBQUEsc0JBQWEsRUFBQztRQUNaLEtBQUssRUFBRSxFQUFFLGlCQUFpQixFQUFFLGlCQUFpQixFQUFFO1FBQy9DLEdBQUcsR0FBRztRQUNOLFNBQVM7UUFDVCxTQUFTLEVBQUUsR0FBRztLQUNmLENBQUMsQ0FBQztJQUVILE9BQU8sRUFBRSxHQUFHLEVBQUUsZUFBZSxFQUFFLFVBQVUsRUFBRSxXQUFXLEVBQUUsQ0FBQztBQUMzRCxDQUFDLENBQUMifQ==
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvQWtzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLCtDQUErQztBQUMvQyx5Q0FBeUM7QUFDekMsMkNBQXVEO0FBQ3ZELGlEQUEyQztBQUUzQyxpREFRNEI7QUFDNUIsMkNBQW9DO0FBQ3BDLHlDQUE0QztBQUM1QyxpREFBMkM7QUFDM0MsNkNBQW1EO0FBQ25ELDZDQUFvRTtBQUNwRSwyREFBd0Q7QUFFeEQscUNBQXdDO0FBQ3hDLDJEQUEyRDtBQUUzRCxvRkFBb0Y7QUFJcEYsTUFBTSxZQUFZLEdBQUcsQ0FBQyxFQUNwQixpQkFBaUIsRUFDakIsUUFBUSxFQUNSLEdBQUcsR0FLSixFQUFFLEVBQUU7SUFDSCxNQUFNLFNBQVMsR0FBRyxDQUFDLENBQUM7SUFDcEIsTUFBTSxRQUFRLEdBQUcsQ0FBQyxDQUFDO0lBQ25CLElBQUksUUFBUSxHQUFHLENBQUMsQ0FBQztJQUVqQixJQUFJLEdBQUcsS0FBSyx1QkFBWSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBQzdCLFFBQVEsUUFBUSxFQUFFLENBQUM7WUFDakIsS0FBSyxNQUFNO2dCQUNULFFBQVEsR0FBRyxDQUFDLENBQUM7Z0JBQ2IsTUFBTTtZQUVSLEtBQUssU0FBUyxDQUFDO1lBQ2YsS0FBSyxRQUFRLENBQUM7WUFDZDtnQkFDRSxRQUFRLEdBQUcsQ0FBQyxDQUFDO2dCQUNiLE1BQU07UUFDVixDQUFDO0lBQ0gsQ0FBQztJQUVELE9BQU87UUFDTCxpQkFBaUI7UUFDakIsU0FBUyxFQUFFLGlCQUFpQixDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLFNBQVM7UUFDcEQsUUFBUSxFQUFFLGlCQUFpQixDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLFNBQVM7UUFDbEQsUUFBUSxFQUFFLGlCQUFpQixDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLFNBQVM7S0FDbkQsQ0FBQztBQUNKLENBQUMsQ0FBQztBQUVGLE1BQU0sb0JBQW9CLEdBQUc7SUFDM0IsaUJBQWlCLEVBQUUsZ0JBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTO0lBQ3RELElBQUksRUFBRSxNQUFNLENBQUMsZ0JBQWdCLENBQUMsYUFBYSxDQUFDLHVCQUF1QjtJQUNuRSxNQUFNLEVBQUUsY0FBYztJQUV0QixPQUFPLEVBQUUsRUFBRTtJQUNYLFVBQVUsRUFBRSxLQUFLO0lBQ2pCLGtCQUFrQixFQUFFLEtBQUs7SUFDekIsZ0NBQWdDO0lBRWhDLGNBQWMsRUFBRSxnQkFBSztJQUNyQixZQUFZLEVBQUUsR0FBRztJQUNqQixVQUFVLEVBQUUsTUFBTSxDQUFDLGdCQUFnQixDQUFDLFVBQVUsQ0FBQyxPQUFPO0lBRXRELFVBQVUsRUFBRTtRQUNWLFdBQVcsRUFBRSxxQkFBVTtRQUN2QixLQUFLLEVBQUwsZ0JBQUs7S0FDTjtDQUNGLENBQUM7QUFFRixJQUFZLE9BcUJYO0FBckJELFdBQVksT0FBTztJQUNqQiwrQkFBK0I7SUFDL0IsZ0RBQXFDLENBQUE7SUFDckMsNkJBQTZCO0lBQzdCLDBDQUErQixDQUFBO0lBQy9CLCtCQUErQjtJQUMvQiwwQ0FBK0IsQ0FBQTtJQUMvQiw0QkFBNEI7SUFDNUIsZ0RBQXFDLENBQUE7SUFDckMsNEJBQTRCO0lBQzVCLDhDQUFtQyxDQUFBO0lBQ25DLDRCQUE0QjtJQUM1Qiw4Q0FBbUMsQ0FBQTtJQUNuQywrQkFBK0I7SUFDL0IsZ0RBQXFDLENBQUE7SUFDckMsNkJBQTZCO0lBQzdCLDRDQUFpQyxDQUFBO0lBQ2pDLDhCQUE4QjtJQUM5Qiw0Q0FBaUMsQ0FBQTtJQUNqQywrQkFBK0I7SUFDL0IsOENBQW1DLENBQUE7QUFDckMsQ0FBQyxFQXJCVyxPQUFPLHVCQUFQLE9BQU8sUUFxQmxCO0FBOEVELG9KQUFvSjtBQUNwSixrQkFBZSxLQUFLLEVBQUUsRUFDcEIsS0FBSyxFQUNMLElBQUksRUFDSixLQUFLLEVBQ0wsZUFBZSxFQUNmLFNBQVMsRUFDVCxPQUFPLEVBQ1AsT0FBTyxFQUNQLEdBQUcsRUFDSCxTQUFTLEVBQ1QsU0FBUyxFQUNULFFBQVEsR0FBRyxFQUFFLHVCQUF1QixFQUFFLElBQUksRUFBRSxFQUM1QyxLQUFLLEdBQUc7SUFDTixpQkFBaUIsRUFBRSxJQUFJO0lBQ3ZCLG1CQUFtQixFQUFFLEtBQUs7SUFDMUIsbUJBQW1CLEVBQUUsS0FBSztDQUMzQixFQUNELElBQUksR0FBRyxNQUFNLENBQUMsZ0JBQWdCLENBQUMscUJBQXFCLENBQUMsSUFBSSxFQUN6RCxJQUFJLEdBQUcsSUFBSSxFQUNYLFNBQVMsR0FBRyxFQUFFLEVBQ2QsU0FBUyxFQUNULGFBQWEsR0FBRyxFQUFFLEdBQ1QsRUFBdUIsRUFBRTtJQUNsQyxNQUFNLE9BQU8sR0FBRyxJQUFBLG1CQUFVLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFDakMsTUFBTSxVQUFVLEdBQUcsR0FBRyxPQUFPLFNBQVMsQ0FBQztJQUN2QyxNQUFNLFFBQVEsR0FBRyxHQUFHLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsRUFBRSxJQUFJLHVCQUFZLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQztJQUNsRSxNQUFNLGlCQUFpQixHQUFHLElBQUEsNkJBQW9CLEVBQUMsR0FBRyxPQUFPLFFBQVEsQ0FBQyxDQUFDO0lBQ25FLE1BQU0sb0JBQW9CLEdBQUcsTUFBTSxJQUFBLDhCQUFlLEVBQUMsU0FBUyxDQUFDLElBQUksQ0FBQztTQUMvRCxnQkFBZ0IsQ0FBQyxVQUFVLENBQUM7U0FDNUIsS0FBSyxDQUFDLEdBQUcsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDO0lBRXRCLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxFQUFFLEVBQUUsb0JBQW9CLEVBQUUsQ0FBQyxDQUFDO0lBQzVDLGFBQWMsQ0FBQyxJQUFJLENBQUMsc0JBQXNCLEVBQUUsZ0JBQWdCLEVBQUUsY0FBYyxDQUFDLENBQUM7SUFFOUUsTUFBTSxlQUFlLEdBQUcsSUFBQSxrQkFBa0IsRUFBQztRQUN6QyxJQUFJLEVBQUUsT0FBTztRQUNiLFNBQVM7UUFDVCxTQUFTO0tBQ1YsQ0FBQyxDQUFDO0lBRUgsZ0VBQWdFO0lBQ2hFLDhDQUE4QztJQUM5QyxxREFBcUQ7SUFDckQsc0JBQXNCO0lBQ3RCLElBQUk7SUFFSixvQkFBb0I7SUFDcEIsTUFBTSxHQUFHLEdBQUcsSUFBSSxNQUFNLENBQUMsZ0JBQWdCLENBQUMsY0FBYyxDQUNwRCxPQUFPLEVBQ1A7UUFDRSxZQUFZLEVBQUUsT0FBTztRQUNyQixHQUFHLEtBQUs7UUFDUixpQkFBaUI7UUFDakIsU0FBUyxFQUFFLE9BQU87UUFDbEIsb0JBQW9CO1FBQ3BCLG9CQUFvQjtRQUVwQixzQkFBc0IsRUFBRTtZQUN0QixrQkFBa0IsRUFBRSxRQUFRLEVBQUUsb0JBQW9CO2dCQUNoRCxDQUFDLENBQUMsU0FBUztnQkFDWCxDQUFDLENBQUMsU0FBUyxFQUFFLGtCQUFrQixJQUFJLEVBQUU7WUFDdkMsaUJBQWlCLEVBQUUsSUFBSTtZQUN2QixvQkFBb0IsRUFBRSxRQUFRLEVBQUUsb0JBQW9CO1lBQ3BELDhCQUE4QixFQUFFLElBQUk7WUFDcEMsY0FBYyxFQUFFLFFBQVE7U0FDekI7UUFFRCxhQUFhLEVBQUU7WUFDYiw0QkFBNEIsRUFBRTtnQkFDNUIsTUFBTSxFQUFFLEtBQUssQ0FBQyxtQkFBbUI7b0JBQy9CLENBQUMsQ0FBQzt3QkFDRSxvQkFBb0IsRUFBRSxNQUFNO3FCQUM3QjtvQkFDSCxDQUFDLENBQUMsU0FBUztnQkFDYixPQUFPLEVBQUUsT0FBTyxDQUFDLEtBQUssQ0FBQyxtQkFBbUIsQ0FBQzthQUM1QztZQUVELFdBQVcsRUFBRSxFQUFFLE9BQU8sRUFBRSxPQUFPLENBQUMsS0FBSyxDQUFDLGlCQUFpQixDQUFDLEVBQUU7WUFDMUQsYUFBYSxFQUFFLEVBQUUsT0FBTyxFQUFFLE9BQU8sQ0FBQyxLQUFLLENBQUMsbUJBQW1CLENBQUMsRUFBRTtZQUM5RCxzQkFBc0IsRUFBRSxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUU7WUFFMUMsaUJBQWlCLEVBQUU7Z0JBQ2pCLE9BQU8sRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLHFCQUFxQixDQUFDO2dCQUMvQyxNQUFNLEVBQUUsT0FBTyxDQUFDLHFCQUFxQjtvQkFDbkMsQ0FBQyxDQUFDLEVBQUUsVUFBVSxFQUFFLE9BQU8sQ0FBQyxxQkFBcUIsRUFBRTtvQkFDL0MsQ0FBQyxDQUFDLFNBQVM7YUFDZDtZQUVELHlCQUF5QixFQUFFO2dCQUN6QixPQUFPLEVBQUUsT0FBTyxDQUFDLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQztnQkFDMUMsTUFBTSxFQUFFLEtBQUssQ0FBQyxrQkFBa0I7b0JBQzlCLENBQUMsQ0FBQzt3QkFDRSxXQUFXLEVBQUUsR0FBRyxJQUFJLFVBQVU7d0JBQzlCLFFBQVEsRUFBRSxLQUFLLENBQUMsa0JBQWtCLENBQUMsZUFBZTtxQkFDbkQ7b0JBQ0gsQ0FBQyxDQUFDLFNBQVM7YUFDZDtZQUVELFFBQVEsRUFBRTtnQkFDUixPQUFPLEVBQUUsT0FBTyxDQUFDLE9BQU8sQ0FBQztnQkFDekIsTUFBTSxFQUFFLE9BQU87b0JBQ2IsQ0FBQyxDQUFDO3dCQUNFLCtCQUErQixFQUFFLE9BQU87cUJBQ3pDO29CQUNILENBQUMsQ0FBQyxTQUFTO2FBQ2Q7U0FDRjtRQUVELEdBQUcsRUFBRTtZQUNILElBQUksRUFBRSxNQUFNLENBQUMsZ0JBQWdCLENBQUMscUJBQXFCLENBQUMsSUFBSTtZQUN4RCxJQUFJO1NBQ0w7UUFDRCxXQUFXLEVBQ1QsTUFBTSxDQUFDLGdCQUFnQixDQUFDLHFCQUFxQixDQUFDLGtCQUFrQjtRQUNsRSxpQkFBaUIsRUFBRTtZQUNqQjtnQkFDRSxHQUFHLG9CQUFvQjtnQkFDdkIsR0FBRyxlQUFlO2dCQUNsQixHQUFHLFlBQVksQ0FBQztvQkFDZCxHQUFHLEVBQUUscUJBQVU7b0JBQ2YsUUFBUSxFQUFFLFFBQVE7b0JBQ2xCLGlCQUFpQixFQUFFLFFBQVEsRUFBRSxlQUFlO29CQUM1QyxnQkFBZ0I7b0JBQ2hCLHFCQUFxQjtvQkFDckIsS0FBSztvQkFDTCxxQkFBcUI7b0JBQ3JCLHFCQUFxQjtvQkFDckIsS0FBSztpQkFDTixDQUFDO2dCQUVGLElBQUksRUFBRSxjQUFjO2dCQUNwQixJQUFJLEVBQUUsUUFBUTtnQkFDZCxLQUFLLEVBQUUsQ0FBQztnQkFDUixZQUFZLEVBQUUsT0FBTyxDQUFDLFFBQVE7Z0JBQzlCLGVBQWUsRUFBRSxJQUFJO2dCQUNyQixLQUFLLEVBQUUsUUFBUTtnQkFDZixNQUFNLEVBQUUsT0FBTzthQUNoQjtTQUNGO1FBQ0QsWUFBWSxFQUFFLEtBQUs7WUFDakIsQ0FBQyxDQUFDO2dCQUNFLGFBQWEsRUFBRSxLQUFLLENBQUMsYUFBYTtnQkFDbEMsR0FBRyxFQUFFLEVBQUUsVUFBVSxFQUFFLEtBQUssQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLEVBQUUsT0FBTyxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUMsRUFBRTthQUNoRTtZQUNILENBQUMsQ0FBQyxTQUFTO1FBQ2IsbUJBQW1CO1FBQ25CLGNBQWMsRUFBRTtZQUNkLGFBQWEsRUFBRSxXQUFXO1lBQzFCLGNBQWMsRUFBRSxJQUFJO1NBQ3JCO1FBQ0QsaUJBQWlCLEVBQUU7WUFDakIsd0JBQXdCLEVBQUUsTUFBTTtZQUNoQyxRQUFRLEVBQUUsUUFBUTtZQUNsQixrQkFBa0IsRUFBRSxJQUFJO1lBQ3hCLHlCQUF5QixFQUFFLEtBQUs7WUFDaEMsb0JBQW9CLEVBQUUsS0FBSztZQUMzQix5QkFBeUIsRUFBRSxJQUFJO1lBQy9CLGtCQUFrQixFQUFFLElBQUk7WUFDeEIsbUJBQW1CLEVBQUUsR0FBRztZQUN4QixzQkFBc0IsRUFBRSxLQUFLO1lBQzdCLHlCQUF5QixFQUFFLEtBQUs7WUFDaEMsMEJBQTBCLEVBQUUsS0FBSztZQUNqQyxxQkFBcUIsRUFBRSxLQUFLO1lBQzVCLG9CQUFvQixFQUFFLEtBQUs7WUFDM0IsNkJBQTZCLEVBQUUsS0FBSztZQUNwQyxZQUFZLEVBQUUsS0FBSztZQUNuQix5QkFBeUIsRUFBRSxPQUFPO1lBQ2xDLHVCQUF1QixFQUFFLE1BQU07U0FDaEM7UUFFRCxxQkFBcUI7UUFDckIsNkNBQTZDO1FBQzdDLGtDQUFrQztRQUNsQyxpQkFBaUI7UUFDakIsZ0RBQWdEO1FBQ2hELHlGQUF5RjtRQUN6RixnQ0FBZ0M7UUFFaEMsdUJBQXVCLEVBQUU7WUFDdkIsUUFBUSxFQUFFLGVBQWUsQ0FBQyxRQUFRO1lBQ2xDLE1BQU0sRUFBRSxlQUFlLENBQUMsWUFBWTtTQUNyQztRQUNELGVBQWUsRUFBRTtZQUNmLFFBQVEsRUFDTixPQUFPLElBQUksZ0JBQUs7Z0JBQ2QsQ0FBQyxDQUFDO29CQUNFLCtCQUErQixFQUFFLE9BQU87b0JBQ3hDLGtCQUFrQixFQUFFLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRTtpQkFDdEM7Z0JBQ0gsQ0FBQyxDQUFDLFNBQVM7WUFDZixZQUFZLEVBQUUsRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLGFBQWEsRUFBRSxFQUFFLEVBQUU7WUFDbEQsZ0JBQWdCLEVBQUUsRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFO1NBQ3JDO1FBQ0Qsa0JBQWtCLEVBQUUsUUFBUSxDQUFDLGlCQUFpQjtZQUM1QyxDQUFDLENBQUM7Z0JBQ0UsT0FBTyxFQUFFLFFBQVEsQ0FBQyxpQkFBaUI7Z0JBQ25DLHFDQUFxQztnQkFDckMseUJBQXlCLEVBQUUsS0FBSzthQUNqQztZQUNILENBQUMsQ0FBQyxTQUFTO1FBQ2IsUUFBUSxFQUFFO1lBQ1IsSUFBSSxFQUFFLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxvQkFBb0IsQ0FBQyxjQUFjO1NBQ2xFO1FBQ0Qsa0JBQWtCLEVBQUU7WUFDbEIsY0FBYyxFQUFFLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxjQUFjLENBQUMsS0FBSztZQUM1RCxvQ0FBb0M7U0FDckM7UUFDRCxvQkFBb0I7UUFDcEIsVUFBVSxFQUFFLElBQUk7UUFDaEIsVUFBVSxFQUFFLFNBQVMsRUFBRSxRQUFRO1lBQzdCLENBQUMsQ0FBQztnQkFDRSxlQUFlLEVBQUUsSUFBSTtnQkFDckIsT0FBTyxFQUFFLElBQUk7Z0JBQ2IsbUJBQW1CLEVBQUUsQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUM7Z0JBQ3hELFFBQVEsRUFBRSxtQkFBUTthQUNuQjtZQUNILENBQUMsQ0FBQyxTQUFTO1FBQ2IsaUJBQWlCLEVBQUUsRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFO1FBQ3JDLGNBQWMsRUFBRTtZQUNkLGFBQWEsRUFBRTtnQkFDYixPQUFPLEVBQUUsSUFBSTthQUNkO1lBQ0QsYUFBYSxFQUFFO2dCQUNiLE9BQU8sRUFBRSxJQUFJO2FBQ2Q7WUFDRCxhQUFhLEVBQUUsRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFO1lBQ2hDLGtCQUFrQixFQUFFLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRTtTQUN0QztRQUNELGNBQWMsRUFBRTtZQUNkLFdBQVcsRUFBRSxNQUFNLENBQUMsZ0JBQWdCLENBQUMsV0FBVyxDQUFDLFdBQVc7WUFDNUQsYUFBYSxFQUFFLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxhQUFhLENBQUMsS0FBSztZQUMxRCxhQUFhLEVBQUUsTUFBTSxDQUFDLGdCQUFnQixDQUFDLGFBQWEsQ0FBQyxLQUFLO1lBRTFELDRCQUE0QjtZQUM1QixvQ0FBb0M7WUFDcEMsNkJBQTZCO1lBRTdCLFlBQVksRUFDVixRQUFRLEVBQUUsb0JBQW9CLElBQUksQ0FBQyxPQUFPLENBQUMsaUJBQWlCO2dCQUMxRCxDQUFDLENBQUMsTUFBTSxDQUFDLGdCQUFnQixDQUFDLFlBQVksQ0FBQyxrQkFBa0I7Z0JBQ3pELENBQUMsQ0FBQyxNQUFNLENBQUMsZ0JBQWdCLENBQUMsWUFBWSxDQUFDLFlBQVk7WUFFdkQsZUFBZSxFQUFFLFVBQVU7WUFDM0IsbUJBQW1CLEVBQUUsT0FBTyxDQUFDLGlCQUFpQjtnQkFDNUMsQ0FBQyxDQUFDO29CQUNFLFdBQVcsRUFBRSxPQUFPLENBQUMsaUJBQWlCLENBQUMsV0FBVzt3QkFDaEQsQ0FBQyxDQUFDOzRCQUNFLFNBQVMsRUFBRSxDQUFDLEVBQUUsRUFBRSxFQUFFLE9BQU8sQ0FBQyxpQkFBaUIsQ0FBQyxXQUFXLEVBQUUsQ0FBQzt5QkFDM0Q7d0JBQ0gsQ0FBQyxDQUFDLFNBQVM7b0JBQ2Isa0JBQWtCLEVBQUUsT0FBTyxDQUFDLGlCQUFpQixDQUFDLGlCQUFpQjt3QkFDN0QsQ0FBQyxDQUFDOzRCQUNFLGdCQUFnQixFQUFFO2dDQUNoQixFQUFFLEVBQUUsRUFBRSxPQUFPLENBQUMsaUJBQWlCLENBQUMsaUJBQWlCLEVBQUU7NkJBQ3BEO3lCQUNGO3dCQUNILENBQUMsQ0FBQyxTQUFTO2lCQUNkO2dCQUNILENBQUMsQ0FBQyxTQUFTO1NBQ2Q7S0FDRixFQUNEO1FBQ0UsT0FBTyxFQUFFLElBQUk7UUFDYixTQUFTLEVBQUUsZUFBZSxDQUFDLFFBQVE7UUFDbkMsTUFBTSxFQUFFLFNBQVM7UUFDakIsbUJBQW1CLEVBQUUsSUFBSTtRQUN6QixhQUFhO0tBQ2QsQ0FDRixDQUFDO0lBRUYsSUFBSSxNQUFNLENBQUMsZ0JBQWdCLENBQUMsd0JBQXdCLENBQ2xELEdBQUcsT0FBTywyQkFBMkIsRUFDckM7UUFDRSxVQUFVLEVBQUUsU0FBUztRQUNyQixvQkFBb0I7UUFDcEIsTUFBTTtRQUNOLG1DQUFtQztRQUNuQyxxQ0FBcUM7UUFDckMsT0FBTztRQUNQLEtBQUs7UUFDTCxHQUFHLEtBQUs7UUFDUixZQUFZLEVBQUUsR0FBRyxDQUFDLElBQUk7UUFDdEIsVUFBVSxFQUFFO1lBQ1Y7Z0JBQ0UsR0FBRyxFQUFFLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxPQUFPLENBQUMsTUFBTTtnQkFDM0MsU0FBUyxFQUFFLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQzthQUNuQjtTQUNGO0tBQ0YsRUFDRCxFQUFFLFNBQVMsRUFBRSxHQUFHLEVBQUUsQ0FDbkIsQ0FBQztJQUVGLElBQUksSUFBSSxFQUFFLENBQUM7UUFDVCxJQUFBLGdCQUFNLEVBQUMsRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFFLFFBQVEsRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDO0lBQzNDLENBQUM7SUFFRCxJQUFJLFNBQVMsRUFBRSxDQUFDO1FBQ2QsU0FBUyxDQUFDLEdBQUcsQ0FDWCxDQUFDLENBQUMsRUFBRSxFQUFFLENBQ0osSUFBSSxNQUFNLENBQUMsZ0JBQWdCLENBQUMsU0FBUyxDQUFDLEdBQUcsSUFBSSxJQUFJLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRTtZQUN6RCx1QkFBdUI7WUFDdkIsWUFBWSxFQUFFLEdBQUcsQ0FBQyxJQUFJO1lBQ3RCLEdBQUcsS0FBSztZQUNSLEdBQUcsb0JBQW9CO1lBQ3ZCLEdBQUcsQ0FBQztZQUVKLEdBQUcsWUFBWSxDQUFDO2dCQUNkLEdBQUcsRUFBRSxxQkFBVTtnQkFDZixRQUFRLEVBQUUsQ0FBQyxDQUFDLElBQUk7Z0JBQ2hCLGlCQUFpQixFQUFFLFFBQVEsQ0FBQyxlQUFlO2FBQzVDLENBQUM7WUFFRixLQUFLLEVBQUUsQ0FBQyxDQUFDLElBQUksS0FBSyxRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNsQyx5Q0FBeUM7WUFDekMsWUFBWSxFQUFFLE9BQU8sQ0FBQyxRQUFRO1lBQzlCLGVBQWUsRUFBRSxJQUFJO1lBQ3JCLEtBQUssRUFBRSxRQUFRO1lBQ2YsTUFBTSxFQUFFLE9BQU87U0FDaEIsQ0FBQyxDQUNMLENBQUM7SUFDSixDQUFDO0lBRUQsSUFBSSxTQUFTLEVBQUUsQ0FBQztRQUNkLEdBQUcsQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsRUFBRTtZQUN4QixJQUFJLENBQUMsRUFBRTtnQkFBRSxPQUFPO1lBRWhCLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBQSxxQkFBWSxFQUFDO2dCQUNoQyxJQUFJLEVBQUUsT0FBTztnQkFDYixTQUFTLEVBQUUsS0FBSyxDQUFDLGlCQUFpQjtnQkFDbEMsYUFBYSxFQUFFLElBQUk7Z0JBQ25CLG9CQUFvQixFQUFFLG9CQUFvQjthQUMzQyxDQUFDLENBQUM7WUFFSCxJQUFBLDhCQUFlLEVBQUM7Z0JBQ2QsSUFBSSxFQUFFLFVBQVU7Z0JBQ2hCLEtBQUssRUFBRSxNQUFNO2dCQUNiLGFBQWEsRUFBRSxJQUFJO2dCQUNuQixTQUFTLEVBQUUsR0FBRztnQkFDZCxZQUFZLEVBQUUsSUFBSTtnQkFDbEIsV0FBVyxFQUFFLElBQUk7Z0JBQ2pCLFNBQVM7YUFDVixDQUFDLENBQUM7UUFDTCxDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsR0FBRyxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRSxFQUFFO1FBQ3hCLElBQUksQ0FBQyxFQUFFO1lBQUUsT0FBTztRQUVoQiwrQkFBK0I7UUFDL0IsTUFBTTthQUNILEdBQUcsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxRQUFRLEVBQUUsR0FBRyxDQUFDLGVBQWUsRUFBRSxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUM7YUFDMUQsS0FBSyxDQUFDLENBQUMsQ0FBQyxRQUFRLEVBQUUsZUFBZSxFQUFFLEdBQUcsQ0FBQyxFQUFFLEVBQUU7WUFDMUMsSUFBSSxRQUFRLElBQUksZUFBZSxJQUFJLGVBQWUsQ0FBQyxpQkFBaUIsQ0FBQyxFQUFFLENBQUM7Z0JBQ3RFLElBQUEsK0JBQWMsRUFBQztvQkFDYixJQUFJLEVBQUUsR0FBRyxJQUFJLDRCQUE0QjtvQkFDekMsV0FBVyxFQUFFLGVBQWUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDLFFBQVM7b0JBQ3pELGFBQWEsRUFBRSxrQkFBa0I7b0JBQ2pDLFFBQVEsRUFBRSxTQUFTO29CQUNuQixLQUFLLEVBQUUsUUFBUTtpQkFDaEIsQ0FBQyxDQUFDO2dCQUVILElBQUksU0FBUyxFQUFFLENBQUM7b0JBQ2QsSUFBQSw4QkFBZSxFQUFDO3dCQUNkLElBQUksRUFBRSxHQUFHLElBQUksb0JBQW9CO3dCQUNqQyxLQUFLLEVBQUUsZUFBZSxDQUFDLGlCQUFpQixDQUFDLENBQUMsUUFBUzt3QkFDbkQsU0FBUyxFQUFFLEdBQUc7d0JBQ2QsV0FBVyxFQUFFLElBQUk7d0JBQ2pCLFNBQVM7cUJBQ1YsQ0FBQyxDQUFDO2dCQUNMLENBQUM7WUFDSCxDQUFDO1lBRUQsSUFBSSxPQUFPLENBQUMsUUFBUSxJQUFJLFFBQVEsRUFBRSxDQUFDO2dCQUNqQyxJQUFBLCtCQUFjLEVBQUM7b0JBQ2IsSUFBSSxFQUFFLEdBQUcsSUFBSSxhQUFhO29CQUMxQixXQUFXLEVBQUUsUUFBUSxDQUFDLFdBQVc7b0JBQ2pDLFFBQVEsRUFBRSxhQUFhO29CQUN2QixhQUFhLEVBQUUsa0JBQWtCO29CQUNqQyxLQUFLLEVBQUUsSUFBQSxnQ0FBcUIsRUFBQzt3QkFDM0IsS0FBSyxFQUFFLElBQUEsa0NBQXVCLEVBQUMsR0FBRyxDQUFFLENBQUMsS0FBSztxQkFDM0MsQ0FBQztpQkFDSCxDQUFDLENBQUM7WUFDTCxDQUFDO1FBQ0gsQ0FBQyxDQUFDLENBQUM7UUFFTCxZQUFZO1FBQ1osSUFBSSxRQUFRLENBQUMsdUJBQXVCLElBQUksT0FBTyxFQUFFLENBQUM7WUFDaEQsSUFBQSwwQkFBZ0IsRUFBQztnQkFDZixJQUFJO2dCQUNKLGdCQUFnQixFQUFFLEVBQUU7Z0JBQ3BCLE9BQU87Z0JBQ1AsY0FBYyxFQUFFO29CQUNkLE9BQU87b0JBQ1AseUJBQXlCO29CQUN6QixrQkFBa0I7b0JBQ2xCLFlBQVk7b0JBQ1osZ0JBQWdCO29CQUNoQixvQkFBb0I7aUJBQ3JCO2dCQUNELFNBQVMsRUFBRSxHQUFHO2FBQ2YsQ0FBQyxDQUFDO1lBRUgsbUNBQW1DO1lBQ25DLElBQUEsc0JBQWEsRUFBQztnQkFDWixLQUFLLEVBQUUsRUFBRSxpQkFBaUIsRUFBRSxpQkFBaUIsRUFBRTtnQkFDL0MsT0FBTztnQkFDUCxTQUFTO2dCQUNULFNBQVMsRUFBRSxHQUFHO2FBQ2YsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztJQUNILENBQUMsQ0FBQyxDQUFDO0lBRUgsT0FBTztRQUNMLEdBQUc7UUFDSCxlQUFlO1FBQ2Ysb0JBQW9CO1FBQ3BCLGFBQWEsRUFBRSxHQUFtQixFQUFFLENBQ2xDLElBQUEsZUFBTSxFQUNKLElBQUEsOEJBQWUsRUFBQyxTQUFTLENBQUMsSUFBSSxDQUFDO2FBQzVCLFNBQVMsQ0FBQyxVQUFVLENBQUM7YUFDckIsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFFLENBQUMsS0FBTSxDQUFDLENBQzFCO0tBQ0osQ0FBQztBQUNKLENBQUMsQ0FBQyJ9