From 7e85861bd92e42d775e2ec7889943a738f2a1828 Mon Sep 17 00:00:00 2001
From: harrisonmeister <mark.harrison@octopus.com>
Date: Thu, 9 Oct 2025 17:27:08 +0100
Subject: [PATCH] Add Bitwarden Secrets Manager - retrieve secrets steps

---
 gulpfile.babel.js                             |   2 +
 ...rden-secrets-manager-retrieve-secrets.json |  75 ++++++++++++++++++
 step-templates/logos/bitwarden.png            | Bin 0 -> 10512 bytes
 3 files changed, 77 insertions(+)
 create mode 100644 step-templates/bitwarden-secrets-manager-retrieve-secrets.json
 create mode 100644 step-templates/logos/bitwarden.png

diff --git a/gulpfile.babel.js b/gulpfile.babel.js
index bb441ee37..8745c1e28 100644
--- a/gulpfile.babel.js
+++ b/gulpfile.babel.js
@@ -127,6 +127,8 @@ function humanize(categoryId) {
       return "Azure Site Extensions";
     case "azureFunctions":
       return "Azure Functions";
+    case "bitwarden":
+      return "Bitwarden";
     case "cassandra":
       return "Cassandra";
     case "chef":
diff --git a/step-templates/bitwarden-secrets-manager-retrieve-secrets.json b/step-templates/bitwarden-secrets-manager-retrieve-secrets.json
new file mode 100644
index 000000000..36b2550a1
--- /dev/null
+++ b/step-templates/bitwarden-secrets-manager-retrieve-secrets.json
@@ -0,0 +1,75 @@
+{
+  "Id": "740fb4a1-e863-4e81-ab54-ef28292334e4",
+  "Name": "Bitwarden Secrets Manager - Retrieve Secrets",
+  "Description": "This step retrieves one or more secrets from [Bitwarden Secrets Manager](https://bitwarden.com/products/secrets-manager/), and creates [sensitive output variables](https://octopus.com/docs/projects/variables/output-variables#sensitive-output-variables) for each value retrieved. These values can be used in other steps in your deployment or runbook process.\n\nYou can choose a custom output variable name for each secret, or one will be chosen for you.\n\n---\n\n**Required:** \n- PowerShell **5.1** or higher.\n- The Bitwarden Secrets Manager (`bws`) CLI installed on the target or worker. If the CLI can't be found, the step will fail.\n- A machine account [access token](https://bitwarden.com/help/access-tokens/) with permissions to retrieve secrets from the specified project.\n\nNotes:\n\n- Tested on Octopus **2025.4**.\n- Tested on both Windows Server 2022 and Ubuntu 24.04.",
+  "ActionType": "Octopus.Script",
+  "Version": 1,
+  "CommunityActionTemplateId": null,
+  "Packages": [],
+  "GitDependencies": [],
+  "Properties": {
+    "Octopus.Action.Script.ScriptSource": "Inline",
+    "Octopus.Action.Script.Syntax": "PowerShell",
+    "Octopus.Action.Script.ScriptBody": "$ErrorActionPreference = 'Stop'\n\n# Variables\n$BwsServerUrl = $OctopusParameters[\"Bitwarden.SecretsManager.RetrieveSecrets.ServerUrl\"]\n$ProjectName = $OctopusParameters[\"Bitwarden.SecretsManager.RetrieveSecrets.ProjectName\"]\n$BwsAccessToken = $OctopusParameters[\"Bitwarden.SecretsManager.RetrieveSecrets.AccessToken\"]\n$SecretNames = $OctopusParameters[\"Bitwarden.SecretsManager.RetrieveSecrets.SecretNames\"]\n$PrintVariableNames = $OctopusParameters[\"Bitwarden.SecretsManager.RetrieveSecrets.PrintVariableNames\"]\n\nWrite-Output \"Verifying 'bws' command availability...\"\nif (-not (Get-Command bws -ErrorAction SilentlyContinue)) {\n    throw \"The 'bws' (Bitwarden Secrets Manager CLI) command was not found. Please ensure it is installed and available in the system's PATH.\"\n}\nWrite-Output \"'bws' command found.\"\n\n# Validation\nif ([string]::IsNullOrWhiteSpace($ProjectName)) {\n    throw \"Required parameter Bitwarden.SecretsManager.RetrieveSecrets.ProjectName not specified.\"\n}\nif ([string]::IsNullOrWhiteSpace($BwsServerUrl)) {\n    throw \"Required parameter Bitwarden.SecretsManager.RetrieveSecrets.ServerURL not specified.\"\n}\nif ([string]::IsNullOrWhiteSpace($BwsAccessToken)) {\n    throw \"Required parameter Bitwarden.SecretsManager.RetrieveSecrets.AccessToken not specified.\"\n}\nif ([string]::IsNullOrWhiteSpace($SecretNames)) {\n    throw \"Required parameter Bitwarden.SecretsManager.RetrieveSecrets.SecretNames not specified.\"\n}\n\n# Functions\nfunction Save-OctopusVariable {\n    Param(\n        [string] $name,\n        [string] $value\n    )\n    if ($script:storedVariables -icontains $name) {\n        Write-Warning \"A variable with name '$name' has already been created. Check your secret name parameters as this will likely cause unexpected behavior and should be investigated.\"\n    }\n    Set-OctopusVariable -Name $name -Value $value -Sensitive\n    $script:storedVariables += $name\n\n    if ($PrintVariableNames -eq $True) {\n        Write-Output \"Created output variable: ##{Octopus.Action[$StepName].Output.$name}\"\n    }\n}\n\nfunction Get-BwsProjectIdByName {\n    param(\n        [Parameter(Mandatory = $true)]\n        [string]$Name,\n        [Parameter(Mandatory = $true)]\n        [string]$AccessToken\n    )\n    \n    # 1. API Call: Retrieve all projects in JSON format (1st API Call)\n    $ProjectJson = bws project list `\n        --access-token $AccessToken `\n        --server-url $BwsServerUrl `\n        --output json | Out-String\n\n    # 2. Convert to PowerShell objects and filter by name\n    $Projects = $ProjectJson | ConvertFrom-Json\n\n    # 3. Find the ID of the matching project\n    $ProjectObject = $Projects | Where-Object { $_.name -eq $Name }\n\n    if (-not $ProjectObject) {\n        throw \"Error: Project '$Name' not found.\"\n    }\n\n    # Handle the case where the project name might not be unique\n    if ($ProjectObject.Count -gt 1) {\n        Write-Warning \"Multiple projects found with name '$Name'. Using the first ID found.\"\n    }\n\n    # Return the ID\n    return $ProjectObject.id\n}\n\n# End Functions\n\n$script:storedVariables = @()\n$StepName = $OctopusParameters[\"Octopus.Step.Name\"]\n$Secrets = @()\n\n# Extract secret names\n@(($SecretNames -Split \"`n\").Trim()) | ForEach-Object {\n    if (![string]::IsNullOrWhiteSpace($_)) {\n        Write-Verbose \"Working on: '$_'\"\n        $secretDefinition = ($_ -Split \"\\|\")\n        $secretName = $secretDefinition[0].Trim()\n        \n        if ([string]::IsNullOrWhiteSpace($secretName)) {\n            throw \"Unable to establish secret name from: '$($_)'\"\n        }\n        $secret = [PsCustomObject]@{\n            Name         = $secretName\n            VariableName = if ($secretDefinition.Count -gt 1 -and ![string]::IsNullOrWhiteSpace($secretDefinition[1])) { $secretDefinition[1].Trim() } else { $secretName } # If VariableName is blank, use SecretName\n        }\n        $Secrets += $secret\n    }\n}\n\nWrite-Verbose \"Project Name: $ProjectName\"\nWrite-Verbose \"Secrets to retrieve: $($Secrets.Count)\"\nWrite-Verbose \"Print variables: $PrintVariableNames\"\n\ntry {\n\n    # 1. Get the Project ID from the friendly name\n    Write-Output \"Looking up project ID for '$ProjectName'\"\n    $ProjectID = Get-BwsProjectIdByName -Name $ProjectName -AccessToken $BwsAccessToken\n    \n    Write-Output \"Project ID found: $ProjectID\"\n    \n    # 2. Retrieve all secrets from the found project (The single efficient call)\n    Write-Output \"Fetching all secrets from project.\"\n    $SecretNamesToQuery = @($Secrets | Select-Object -ExpandProperty Name)\n\n    # Use the projectId to get all secrets in that project\n    $SecretsJson = bws secret list $ProjectID `\n        --access-token $BwsAccessToken `\n        --server-url $BwsServerUrl `\n        --output json | Out-String\n    $AllSecrets = $SecretsJson | ConvertFrom-Json\n\n    # 3. Filter the local objects to only include the desired secret names\n    Write-Output \"Filtering for desired secrets: $($SecretNamesToQuery -join ', ').\"\n    $FilteredSecrets = $AllSecrets | Where-Object { $_.key -in $SecretNamesToQuery } | Select-Object -Property key, value\n    \n    foreach ($secret in $FilteredSecrets) {\n        # Find the VariableName associated with the secret key\n        $variableName = ($Secrets | Where-Object { $_.Name -eq $secret.key }).VariableName    \n        \n        # Save the secret value to the output variable\n        Save-OctopusVariable -name $variableName -value $secret.value\n    }\n}\ncatch {\n    throw \"An error occurred while retrieving secrets: $($_.Exception.Message)\"\n}\n\nWrite-Output \"Created $($script:storedVariables.Count) output variables\""
+  },
+  "Parameters": [
+    {
+      "Id": "2a500677-eb3e-4e1c-93bd-0fa896aad9fd",
+      "Name": "Bitwarden.SecretsManager.RetrieveSecrets.ServerUrl",
+      "Label": "Server Url",
+      "HelpText": "Provide the Server Url for retrieving secrets. Default: `https://vault.bitwarden.eu`",
+      "DefaultValue": "https://vault.bitwarden.eu",
+      "DisplaySettings": {
+        "Octopus.ControlType": "SingleLineText"
+      }
+    },
+    {
+      "Id": "18b7321d-803e-4217-993d-6416dd6eb5f7",
+      "Name": "Bitwarden.SecretsManager.RetrieveSecrets.ProjectName",
+      "Label": "Project Name",
+      "HelpText": "Provide the name of the project from which to retrieve secrets.",
+      "DefaultValue": "",
+      "DisplaySettings": {
+        "Octopus.ControlType": "SingleLineText"
+      }
+    },
+    {
+      "Id": "0dada9ac-3a35-4215-b03f-9024486ee7a2",
+      "Name": "Bitwarden.SecretsManager.RetrieveSecrets.AccessToken",
+      "Label": "Machine Account Access Token",
+      "HelpText": "Provide the machine account [access token](https://bitwarden.com/help/access-tokens/) used to authenticate to retrieve secrets.",
+      "DefaultValue": "",
+      "DisplaySettings": {
+        "Octopus.ControlType": "Sensitive"
+      }
+    },
+    {
+      "Id": "b10f61d8-dedc-4a91-add3-451de0cfd47d",
+      "Name": "Bitwarden.SecretsManager.RetrieveSecrets.SecretNames",
+      "Label": "Secret names to retrieve",
+      "HelpText": "Specify the names of the secrets to be returned from Secret Manager in Google Cloud, in the format:\n\n`SecretName | OutputVariableName` where:\n\n- `SecretName` is the name of the secret to retrieve.\n- `OutputVariableName` is the _optional_ Octopus [output variable](https://octopus.com/docs/projects/variables/output-variables) name to store the secret's value in. *If this value isn't specified, an output name will be generated dynamically*.\n\n**Note:** Multiple fields can be retrieved by entering each one on a new line.",
+      "DefaultValue": "",
+      "DisplaySettings": {
+        "Octopus.ControlType": "MultiLineText"
+      }
+    },
+    {
+      "Id": "0a98e37e-7907-4e49-919a-5e50c7765469",
+      "Name": "Bitwarden.SecretsManager.RetrieveSecrets.PrintVariableNames",
+      "Label": "Print output variable names",
+      "HelpText": "Write out the names of the Octopus [output variables](https://octopus.com/docs/projects/variables/output-variables) in the task log. Default: `False`.",
+      "DefaultValue": "False",
+      "DisplaySettings": {
+        "Octopus.ControlType": "Checkbox"
+      }
+    }
+  ],
+  "StepPackageId": "Octopus.Script",
+  "$Meta": {
+    "ExportedAt": "2025-10-09T16:22:38.417Z",
+    "OctopusVersion": "2025.4.3435",
+    "Type": "ActionTemplate"
+  },
+  "LastModifiedBy": "harrisonmeister",
+  "Category": "bitwarden"
+}
diff --git a/step-templates/logos/bitwarden.png b/step-templates/logos/bitwarden.png
new file mode 100644
index 0000000000000000000000000000000000000000..5e40cb25e6daab4210729c3a4724bd11c471093f
GIT binary patch
literal 10512
zcmeHt_cvT`^zINui6DsHi7<MI7DI@hL=dBs1kt0nQ6pOPl8F*6N`x^(bR&B2EqW&y
zqeU1*y=Ok(yY9OG!2RvcFSFK}bKbM}v!D0b``vp!zId)qNzP0T0)Z$sHJ<2!K!iph
z5P=XW32=o&Vem8XMdYEZ`H~d)1dv)sfk2!f%_omv`eyDf_+?t#1nwW~dpPW7FE-dl
zy#5%?>+n+S<42g3+PreC?#p@V)U^8tFxA04Ll3LidwzVa6e6Q_s<gWGM0p|6p)6#}
z{d~(LL?f@WkPSseCxtbK^NJ-ITU%Qw5A?8!7sSPa`+))OQRKHG?A-97d~>&vBXQVn
znBnd^3x$%p%u#yemx3~ag>KC=LcmTmB>@Fso;8sW2o#b?Qx05GR%-!%A!YjiKm0#|
z<g*R{JgW`I1xvZAnuMn1jgXr(<sn4InlY62KNhtNWFdS%o<a5U{{{X^mBtPpAc=TC
zh7j`>ye;IB+M0Uaw_O`lT%g}Yj@|aMzQqwUE$4{bNHtqf)E&q97#!t)kczt-`!_(I
z;3MZN0<tuesewoQ750SW2y07;?HCOuuP-PgU&x(JJmx@c=}!$|%F4bN)~`4uej@IO
z4<YVws(D@QaldRhyIEgH-b#He^@E81fF{+P`G~(|wZ1K+#&9#pN!jBNMMC;VskAPJ
zI!bpz3rv}>eI4Z*j#0QY^u~-Gs#nds8unL$I>LYz?HoF>s|>fX(mMQRT<o@2eYsaF
z^{Q+Z_Pl`tO5do<L(+sA#(LXj8;^`tG%d*`HhwP66e@HI2um}sE-G`f6A5wN^FVoS
z6sztseLJE#n0+vtZ+o35DINTxB20+$Ht@R$YQjoKm@kmN=Q}^d`>9EquGLl|uk=<w
z0h*nFA}YqQ%0JPxJ~37uQlL}9QV+MU*N)`fj)n_y$^lP5gx-GkBq{ODVp3_+rxa6r
zr1cD%)L2Q9)CiPFjBsXtdgxLkH%D$fZ%+E;eF!lq-P#)L;hx$xBSOTj)Iu0iDxvlc
zS#6G~FeeQILIpCmetH<}ZtZyJAe5k=LL3%_zxHN=9J(FU@KDspJ``fCq=8?Y&w0<<
z3sLEA+)JqZ7{8F%x4?J6VqO+;>txDzsi}c2SkcnMBgz&SiX1{5EPHc>>;hp`f=&;z
zPv_o4$npF5h2Fj0@(|d#oZ}D4bh>(wL+(CY<<I^Vh=O{OpD|D`_xrrFgmNt{a2%oF
zYUgZO-fzTzxgjS=n0mJzw|bxqzY;%f&j>RG-Me|g{fYp?s1tNfuq#*GKsAtU^aHk3
z>4QOvF7fe?32jN8j&?hHS)f>D6&g&qVmRnQq5yho3ysHjKJ-RlKWJJ$>G+IfmXf|8
zwW_+uP~8Z3ZC~;LKS*{0TdzOqA)Ms_)@PM19@%Yp8E?%UwYt&T>>_1`g!~4q?$zqU
z?R<J_5hnD?W8n%)3`(qm3%3sDj6H&On?vT&4b&}f@t6_pPGww#Atp8@_eDGn@7b?_
zs_@X=ntnv$%x8wYnoTlIH?Z<cuB3SXj2b|t@=<7#_?H}WyI3dZCi;qL5u!=J45ba<
z>@VZTFEG_s(^xZ)h8HXkX9*=@0JcW?qn6d_miQ-Up;t3qpO+7Gj1Ci!yKRMTH5Biq
zNR5<YPciQ~bOUl2t$117>tKIsS!ZV3GBSiffP^ZY!w~s84(Dme!Ls@W>Yj&$cR|)!
zw&lqeNCZ<o+^-%SX}=OO02m;iM?w+wMDIiO%neA)OyGn6f)3a0ovb}J$&JAqZo^&N
zI{Qaj1+&*gW@>Kd6;O1KV&)0p>Zgx3#Nam9>OQ1sk9qo=2I};V*TbMhDcwkf)LKKe
zY%kg!)+NKqoZd!$mzpOiB9bG?nTFXf3?V#e>MYZ7HpNnp>x8bz&xQBgCdA+2{oft1
z2t>$i?Ed84DJKTPg#<hl^g^dJrb+&34`5F6%uF+a!mNpGzX03c5K{zo%zooqb+w6?
zg?9H$-d)#n@3Tr?u?_GPZE7IkyzwwziR+i?KL<USkg2I1%KCukCYll0i8Noh|L|n*
zr<BLcNN2pR+)RV^$mPB5S=AvyQvqa`;GcE1F$t~?PUbPqN@;jBfo@1l4Bt}*ydH?k
zqijE83W#l%ix98C{oByG>%)-Ok4K7jwO-$K+lp~!_UC*bO|M=`_}+h%Ak8!njX-!4
zA9P99Qh*Us#!8#`(33c=y;ZanJvMY%U$bLhlQgXOOlFJ$WCYaG^=MYi$wm9msqW;}
z;Rh+>Fd<JFd<a`U*OKxS*UANbiVGTsZcfrQdH8V2(c&$BrEMCfJ86n!vN?=&AA}gg
z?M-BIt?-FdJ^Y9Jy14Rri#7X2u&Jrjg1H98O;2__<Rx0m>OXC1P&EH)mM0CXGq@Zx
z?%u}8upZw63D9;%q#1htoyR#g6mD)t*EZNpV^jFRMUq14nWwtMSt0nyXx%B$YuKTy
zBmU4$1mUQ~@zv{rt$+LrJz8s^162sxu|ycPO^o_E1!}&tiP%;4B*J^4%jiQ6)48*A
zKuMU3EL+5zQ^10kn0p7V>uV!h&o;#>aGjG{(DrUGP%mC*z7=qp`8CelJ_E4k?);DZ
z_d_^FtL)2>!nK1rw0-HJ;$aAbFrfmVT8N^d=lR2v@sLut%q-l}WnG~w<8476lfYOw
zpnpuM(XQ+EDVvNQM|;YXQAyl*<@kBY^X%z%*|83}Q7QYs8mmLuL3pY0LD4OHeEdFr
zT>GAhNoYJc$ZP>ybwj2mH;j9g9e{+vsQZCfF%KfxJyl|$9*)Q_`%w+e5mLT;2dG>^
z21wC-)2!|12fP3RQ?txc#u`8l0FBUji8pMr24Rr_u`b_xmH*1@Fo7yWP*yI4ar^DF
zva$B;2p({eOb@|m6x)&;DADF4yZ@SPK+eO={E4=&eZXZ7ypJvie|X{>Ncjp;56)}+
z23|Y%yCXbSbvRc$?s9<&o)-Af%ub5lDXaY}tH!v-Qe8t~UPD2{($pWqIQos?W4}qA
z$)TgE<!93@`fe;fcY%7MowH7AC%Wl}vqE=s%C~rGnuKcGyt(q!TL|BDn95y5m6G&7
znChTG5t6^QDfRQ_0vku&l>&rlnmdd`*T;Qn@xd6ZXc@X8b5@5G?T7#VL=tL2U(SUO
zxy9y^KwVbI^ey9y=?`}Q>7iV1+JZ;?tH7U5f%g5WH%{?TKgEW)()XP{u6_7^mkY0s
zPt0A`ZEu&Q@(0%PP~Y;QAp{aN>SB<9sGS^GH3T;iT+*;dH-GWEjUI1j$Su<OZ(Ij3
zu%gEcm++%kG1MRlQDU%RHmM;-s1&buDe`0C^2G1I|EFwuvVyjk-xu6=p3QBZl0qY3
zLQn98LR78$Db1j+>_(bpb+CIaU8TQ5xMEV&Z7D$ZnIL<-u~zcJ@egmY4|ADuIsCUO
zUPCKY?-vHI3ueQ>ZS<@7bo}Y#+n5&)U8T>|hBd_HSIFG}kHlAzY{e<jLpx0*WRf>q
z$=&cm04?M;Q*Cxvty8{(&n&7Rr%eB4@o2D+aEwN?8%L4ix5hV~HUmZ+)Ix{Tj0>n0
zKs~ooKDw?uYA3peM*(FUKBz%YCVLnBHTh4Ukk!5hZWG2YCXrNSFBae3!zAz)sCw@G
z$M$L-<1e_@KBYQtBd)is@EaXb!pf&Ky(b^}%m~~7O$A9TpN>otbnZYlfMt;Q?dFS!
z<QV<+iivH3`>9GDxg2DLd<#$Vr<y8t(JN0Mx6%I(=cCr1K8BeQ+`%gnZ{KoK=o@bi
zD-hmux79|Dtf)8MulnuAK^>hM{RYfZEnnhtb=%zwe>8^Z)DhN%(*qThnu(EHN)vfO
z7To(2>$>vLEf4KD<h4eYYhAQ0;B5pzo)E@CVcPQLR;?QfE5Vpy;fYJzj{|g-v?yve
zK-3tls>+|Vgx&<NQ>+-e42Ve9k~R+e-)2V1+2GN#1NLl3r;%`ZD6uFdBKzu3@Nt$U
z%CC8i78NoAT<qwwgQ1d+R5^FCV|zc8G40QXem$ztg=R$FK~Ymdfhv(M*3%WuHCa9~
z89kx${C+rOr|~>hdiZV_n9~!$_g<qK+IDo}eKBk-HT08%k!GN5mP{sv*L-2g#1#+y
z`a@W^&LgvQ#x?_uO;JKqfGKa1rN?e)L)C%0VtRTdV*;E#MtfGbrVl=w2}P{Ed+x+y
zb`h4m>_Z-*@3|E8*{=KMLje0X$q$mDX2K$O%F91SAFVE7C<CXr>Z9K>nA1bs!^9zN
z@Kh1IcBMMyFd%?WV|k?tE>o%tM2Q7nRwkdZU5=^re@#$$(8w(;{hKkoijUE)?(eOT
zAZk>i5CCFPvgd?wzosRz9!6sUTSz5}S>cc5D1V3cg7#_OBhH%9*By9Xr+f>~4YfnH
zoJJc}uha)*Kc1VzuuSqVZ`C%LCm*3$iVQ^jAGVU8*6F$KJoEU5*#!N>lXX3=U?w7{
zrYz&AkW&>4)mt1jZXRVgo2GqWuyxG0Yv*70x@BbLM<Jlq^nEov%Xq;voxybb;7e<b
zq~hp_x$H?qiVuSd$9eO+oFwn67#RXbl%DRuVy3|C!Fwd0Z~fYe%|3-QhotGYNM6UI
zd48OFg+krQo_%qheWY%Jp-*2{Xc)KvNcU03!L67z#Zo(m&)$@YZ<(P9z8bnZzMiMM
zOmFXE(Ho!riapJ42zlw$kxM`*HE8fGt6a=HY6+BDK>P4*X+LgbhL)J*CuGW(zL{e#
z-mUk!4sAMa^ozSY8J`u(ZdeS&p<KBN0PBu7qj}(Xz?k9tFt&F_S(o3FvjbqKox90L
z@GtiYuBzSm`4muuWI=IZ;0~a~=gqBs<++vxMh7Q5x0M21>cUVqKlrW(xi~0dU_Ki*
z{Wj%9<*kx{$eoLKBIAYt^dkt2_dNU>@$OpIhxYBnO7w(jPKAojIs8ha>w3TO0eWwb
zo^n&Uq*m)ErOJr2dMN#>Y760=SG>jd%>xEA=L<whejw_S&pcq49+3vIuW(w)sJbAt
zWCIaQ^lcopr3To3VLKv><|iL)7Q8L-&c~J(q|+l3G8Mk7XX`~<$A3^SL7)EBjQcc)
z3nXpA{$j&H!$hBa0K6$4#vr5zi(4h2Z=e1u9g?XoILwx!n_;zVJV<<5G1#6Z{Yzk_
zZ(9He3j+a##)#_-X4lekq;ZWkD}}hy3!$(6_bm0$r)25SsbyDI#$YtE38qosG}uMe
zRG8{p_qTdiqfWU3fH^cez92o~>QFr<?}xvSqmg|lW8?Ne6}h#Q^`4D?W!KrG3411E
zFM{$xG>;eo^(AKe;2O>dxK@DEu&lFxd^2IB;_DYSi;A=HBHR|S4pY?5S|IG}S8$V*
z2u_A&faYhK0#K`L;{Z!<0G3XpevYQ@mtr#Z$9$_y<EBcVD^?dsH@m*P(Ky<;8+3V2
zdp2<LR?>Zb=7YKW&a>r*w}ALY0*DM~2r|S$Tz4~%E2Ag8zG0!wk{MI#LBUV?6V!gC
zJRbY)^o#?I4f!;lvFbf5#u}LE8tx11AUeh#&06--EytytqPvKg(mK7S?$M>6o=>jV
zQvJEJwpkQqN?G<ze)W8)Hq3G_dNt<ENNN#90$57GQ*4$9ab3tfW_wGIV3919Y;eN8
zXQ15n)4?VjSzU}Il`IBN5EPfAVH3nY<YyT?vA1!HsRT|pfrme~W{&FYBer6shl)*X
z*$^r9HGXtMmN^fAIEojnM)(|s=TDZOtp>A?o$MQp*l}eFw|2C{%U}rVHhOBH5J=<>
zw8>8hvU;xA<PT7%^`SBN*<_(Kq*})%U@;1&JsOm_<bCq<YAfS|;E@~`QT`{o%A0C+
z%71~FM(^}!UMm<+**41}I>`}6S$1z`ur{`zaPc19l2tsjwbSsDiOpuW7m5ppqq$Rp
z>1A**)yGIM6g46XJl+?3HxA;vmWTRxr3?tOaCvf9YN^FRn1#9L)w?XoI}2<d5Wt?*
zH22*th|pqpS^rr3Ix0VHq1%JhFp36nKK*A>^dxp4l`(lGK)xvd9xkc-L+<>jLIigC
zZkH(@V#X$?H?d^-L#G1z&wKy(|9*T;_G?u#s3szWxM0L}5%c-H<m{+=+@z$!AkCW=
z3>AfW8egAw(N;N%G5iaFXH4)-v5)xRv1>rK4$KSGU6v70(*wZiS=r<_pN?fVohiuu
zESkX9EcXxH-_Cbg%unHV;zdv56f?)>MCQs`7vthP?CoiV^xTSaH(A{#OlexEDe())
z^1#^;wU*vbq_1Ne$j7^?2SblNf~(bYPE%4O@3!~Bc`u!=lNZnH&v~Z|Ug!I`ChV5K
zWc6Q@RcFOPJ$=;i@)b?F5qtc60++2#<rox>Y^y4VW|V4`1?!bT&L$PG;O@i63*}=s
zMVl?9cg-DeKTY@#-W+cTWv}tGqe3tMaX-x&h@sE;!Dq`1-;$f?zE`_Ttzi>}cgAln
zRjFSp95lvRz!nHD*9`fk%;q@-3-i(xc74d1f4GO&b?A$MUd_c8WGSd!Z$>jISQ}bw
zDtO%A((Ws@G0gZ<d)C3ybrd<w6z{dS?UFtQUaB?x5IDHIW@Y^?O`(T1Ot2${UMTm5
zj2d=d9Jby3Y}>z9lrK;=UD7;NP&I$pk~+8!y?v$HxW4A2t)SOxOiLG<Ex@RC9$Ggm
z<{PV1r`!kV!|l;8DYr!>k0OF0r61HW3G_t=83xteqYOh!#i<HBi}W2cg%OKa2aRV3
zP4scjFMTE=Z0pENX=lZN#CnVH?#N^B&A1@n+>%X8UyTPb@5WNcac1DSG9!hJj=Z4L
zP5+}z{-f?QH*=)v<w4}$2wZyD&hs)o;_<9l0k@gogmS0BI5A#JJ=4sI^Er0RM;ora
zlq<EvO25A}x36%(MHKCfOt{SDcW0TzdtGS_PN?QInC6^qd{Xl_xkN#0+d`{eNAZ~v
zFH~r^*6>hMtL`a9iYI%+V<CTbiFesukBUT>3Y8xTr%70SeO--_LI26*$~qa~$`WI}
zW;nHMz6e=7aJeZpzbRQ6mhkFRv@6_KykS^81Yd;SwtiYUelA~@t^eaUM#tjO=OaEZ
zV#hDG<RywlU<>(gn~<-Tg+z;d*SL&Jx$6`vyIec?p>fnuRw%@h3g4ph{GOTArKJ{p
zHp7HF`F%9Id8=0Oh{4&w+#c<Ko8>>ohBCxrV<X{r>f`&H{9cs#Em=_B&e&l45Qa$X
zx`|I@az;ZM`8U)ygZBV6Q4<Y3qn-<&6Em+Zxyu@ep>LPlEdKD(i42|G<k?<lalGRH
zOPX4*POI~CZh|;)L{KIY%57hdlT1so_?OO;%#+37!Seq3hKap<CpJ|_1mj{Uk+&46
z9Q+0mV%g-TY<s=7&?n6-xLJ7z^}Sa41ZZ2C=k92@BQ5@owmV2V$nB@g!>t<1k)07$
zFOn9|N`o%TD%Cx)d&+O7+;PuRU{{J4Pl?wYM%3%D@o&5pQxhX(L-6Mw^Sm96=e-!I
z90+$ea$D7Q59;#qQ+0Or*pmeZC$X~NvrDe5!(Wf#F}(pjlg!YmfTDVL18+0jdIcTo
z&TUsB@RL{o%%nUX%KK%8<`M{i2H+t71Xy%fsR1RJ4P}(&p_Z_CkW6!l6+Pzl5k`4V
zP_DtYy7!VQ%?vHyyRN$gG<#I}%dU`*0_PL+Z{10(wYgJ)Z=a7-c$vEniGHu@<bk5&
z00penYsa)PP;GfN%jdN&{thjId-hh}JUZuSR`;8lcp=zkz&|g5!Jpu4&xZ+DRaywq
zFM5;I`c)fuEBK_CPqw^<<#qFKbQXw$Y3L0zij5Tx8MI;DvOKV}HE&*+f;PQjYT#k6
z#d&MP#1zkPsQ2(IzCunjua?ibWwIfEfE_6UmmV_;*4(di*F2;+*$QsL&}CIUSX{G6
zw&r6)X}_BpRkc0Yp0~Yaf8tu<;`e~UD{vzt5O%nEEY%M0&LRy%AO~oy12_YK*vG8L
zP7EzpTpe$N(c8;xuxsLkUz+&~92J5n$x3V7>A2Qe4@d0Q6i1R7a-w90&v5@TwGoX0
z(=y-J?#x{&VZkDmzwq>&;#;;#sUFtVj_SsS^BWkn;`xtvzMDLrXZ8y-U<6icoF2T}
zvz07;Yr9j2MNgo9kAez)G7^2YoF{*T<QQ@&P~`9ax+s__8ydgw0jHiOc_&IJ(bD7K
z<D%;ka|717wD5J?C0pYxS=oj!&am{Ghg$Hz%%Fwfm0r1h<1JD{#jBZ2i{O>rvq|Se
zW;RZ<e_z^9S*+&P%7&Edls%1F2_@Pce2NQ9H*b1vEG-s;m(0cwb6|R74D{0hDkdfs
zu-3Ic*k-@lkz)ep*<kmEPmmmP^RhiFBLih$+I_w`^E3<rq-Nm6B?X*_p4vy0w*D2#
zx*TdaN&*LoOx+87HmC1Zc;IJvc`19@OyP~KXqGWf(9x|!ug=}X{gz%VnW@j{>LX}}
zANY92Pu*J7A-fY4P$~z6Hht1k=@;I@?vl)Y#GesbTvza7**TTS)^3^Kr-*a?@|+Eo
z1ucDgFi!4l861hrTVfvjn7`!*M*K1hJpJpB<IhpdeXpDUMr2F4bwdbP8YqCsvB*ao
zoG-cFZTT4zQX?|;N2Yt;U0znxqOFz&(Wk;i+pqm$DNUuvcah)Bw&HYVz8>btm#QmN
zWlpaQu%u@qw?rYZB8Yc;EJ?JU_yG*DA=J8o0h$$6nqX=IAiWwx>&<i<BD}Xta@c<v
zxLh{9yI4vXP2rIKd=&27=jV{nbd04@SU-Z`3Y=PZ`4w}f{1}!BbN0-C_1so}zM3`j
zrILsx$CcPA^+$~gg;=5k|4#?eB_p<WjT%&O{f81!L)?2s-!zMpP<?&Bh?V(@2_+pg
zL~I-7`ELrKcfun71Pe1*ZZSqplL3fJJd@SMSa;#}7jkp1!2Mj%o40%^Q+C&6%sb%i
z!JH;_m!?yG^!^ACaqrBka71r<$<<$4pRIYSrF;t-)WtAuAWMWVdill|s~GAKUa%}N
z+}}sAh%9iGWevUi-llO=s%VQTVJZEnvv6$CXK1TT(IWx%(+{fB82|S<sSi2H=TKL8
zvOMvJpX{VJz(ydG(%*Cj({7<%B(S5bhE3dn&-Kgwv)@@6nZ@@4-HLyduVQmh0ZIwM
zQ_kqW>Xpn3EBE(x2SmJ7>adv)Z#}l43Im!0AV;8o>e1Lxt)EgdX?V2QzdwaM8QK=!
zeDqW&U?3{`pHq-heT{L?RT6@Iguh9luqp4Qh`hkRmf;rQ6y{OR7gYs_t5LVsH_js4
zr=9EV%)7>;3@+)DC;O&jIhTvT<|);eluN8IJ>{+eEGl8?@;YER+1fb&ET!lEn~??u
z>~74dcpQNf0Rcq|Nyc3G^Wn6r03)kTdbV^VR+wW6u^lXt@AGr@<>gs^goN9T3pOgD
zt;^J<vV=e@y?bSE4Ufg*-)u#=(rZ0So$4R|TTOy54PVhB6DJz<_x=`mOA2ClJv`Ti
z)sNsgqJXq!mZn}G3(QLW%0d`>Xj7U8w%1*4ES+q}2lg`yoSRlBlNw%a{(<?iRy+UC
zAuBg-()+dF%e_9DV%<@r-qAL_XD;=>EfxZ%G8d0lBe6&0BnH^z+0qE`!oQY0h#wAO
zezDswL3x6CJP1*a*)-%jctE^nH=Y>r#(S8o##6QhI%-FklsjryE1qnc)F8n(_gzE6
z9qDP^2`7n0W5W5jY=$AK{%X;hmUf)uF_h+hmya7ymZ&h<H^76(6o{O5bAVB?qm)3?
z*Sz~jLYyUx#Gc|S&nvDwM5XVnc}-IqBn7si92brBQx2~e;ofjur*!5wTSd22n0D3#
z!MEA+vmu>txNka(`KJ3uFN&9RuV+;<9_S9RPq9AkqFQqdyjUX=dh$LbT!XqC4NscK
zii3?2Z?~b<5uUB%-AA*P93|sAESRWgX*v6rW1CHAo&Br6f?uvuCPpVT*}ipJttAHc
zJ&4#8GhF#-%JJ1Q_v04qTLjm3l#`XJqhb{nnqll+_&yZky(b`d;uG{ZaNW#3byltL
zEe`(W_SUdyy`|3%!Y+4e)U8|e9y=<dlITnRVY`8h0_tIKW=Qyb>T+r_LTK%SWMsd2
zcB1o3uYt%^aTD*t&Mh?iNfg`J`BZjE(RJ6mb^R*G(*@HauLGNt?WHDJ<OM1-!hIWJ
zsSi~12`$uhiSiUU=wbqGIW_TrR`!KXBue>tHn=WCuCHXkp`}A|`IZdLTS>6rDrYJ6
zzdi@9^}~jXj<K}Y;==2NKgLLM5I?FYg<VL2$$A6+zW^kEvcF!oKi)3ZD|cA8ivM0i
zG^J>JF*Z(SM9M}$k;M7RCOpZ>VDB%D@yT>XsR0Te|I(~Daq3#ZHo*cmDIjNWD?5pJ
z^vHDFU<s1zV-ci8t6y!kf7=ZF87VkSKp4ODUmr0FY^KSLkGRm2&=5EuvVkI%s&-Fg
zUabE6s@7o)O44XVu^CI(_=kz#-cG#=c?xxaTAn3*IBVBtADO?3)(YI1Zn%+9|D?^p
z*Mo>jaq<6(R3CTkMBD3Kt;vHN(|$@srz&_?Wb3f(iZ}~bu)w@WRm*a5;jXfD)mm_M
z>Op0<zi2~$9!pZgR9ZksR~b2$^oV#al#HR$<(QT5Zk|$$GB2qSlg;+FiHy@ly$zr6
z!%`@-nyo^K4#UqsbP5Nf?aa4*qmFjom@EGDfO1@|Ld*|RWMz{h4xJ%2`ZOrJ_7PTv
z`ZAy^pv(Cm#Y;^VL^2&J&3!*P7V>z3>(!di$}KKOE4{Z)f;<wQPrp$=P47gb&i4u+
zmpHe;-5NhlXghI!=G0C1RcA&yF0;bi#XgVNS74w*`QIe3aKi1i6+fd`n({zOE|gb*
zq0Ay%3%0vs+Cz^XC&271=cX0{Um07X?Uh~rjd9uk<fbo73QeLFGm^R%zH{5q&56QW
z8JI#awl+WiKZ|nCO_#6v&!zT!cR+4zk7?%fWnEW^H=YjAdae#tM2Ba_7MLtd{Bkld
zToC&T$eCH~zNM~<1-2I%^irJ_@O#;E6=)co%f$v?{U8zwi~nywax(QIrR1B=jeAWF
zU!!Z(96jrDH?Q5BpR<DnHW}F-=}q8#L@@CO(d1nYoVJrcC3j6j2aQ7qM+tCHb`M^I
zfu<Q&z(lTD{{jN*G<arcX14A=ywr>1o0^{Gke&MTk^w_pF-uW_+V*30K?Zy?awBbu
z*wl;L%=vXJXsw9bEd1}%9Xnu-$f*pK@RMB^2Zo=f-PqD`??M$p`S?D*GC#RTW}RaZ
zt*1SFWRc*tP3An5{EfDxyzy3$CqFnnGjlBJ={s{ha+}Twpfp|={6qW5g1xPeeudl|
zIJ9t*08`nq@~5bY(ALADa*X2BwR(Lq$`wJ(lw8m0>jeRzCuIxdohVJPHC#QxvR6*c
zx3hoOA}9UfE&F{p`aY>Us6?Q12NE|y_A)2AJ#@IoY*_c#H?TGgp|p0M=nKpNhCi-t
zgPeeg8|PbOq5-o7Lq*=T7|yI#t1~Oq!s>KdMEfz2uVH4y={#Xb-CRJyLI7=LK%uNV
zX;Gm+7jwjvRa<r|WM;*97uN)1GekH|fESY4FPIy#FIYFY!V{Dasv^ObbMd;s>><5<
zdmZ?eQYSm|W%aTRp#tvhm5`M!{0i+c2?i+vCH-_J-}I^5JXdO{>$-wwd3SNGax^ef
z;dSzAaP>9sA<thFjF%@KXGbZ2mx?Y-%X0m1c$!G4F5kq`UFq!qhbn->>Xeal`IL=X
z@Xbt696D`bm{sW%7+L7GX?0aWE41W-8p`=T%W;aj1uUzZkFVqY%G6lO=kDE_z6ZGH
zDK0C!{xwbo`Ws2`Nc8z=B)$cD;6(NfI3+h_yN3S;tSLz7Wou5R_j3dd6DX(gteb{H
zHZZYPE~HTWBu+_=sfek<ef^k1&YslJt(t>WvWd#vZHE#VZ2(RAM2oH@edhV9dx!^E
z<j*b*O&aOW9i{Jpfn$TerFT-`zQJHi58v<znHsi0jm{s^7CL0;UD6I<cF(!)<jCjv
zq)R{pTi{Cn`#@~tk2s`z5d?@S0p?bhv4_&pJz>@YOuK<#y#K+2$f^Dh@5o>YG?!Cc
zXGq;w4Zu6(o*<a)?O)99>?q4sp3`<^g}%R1(ARSTW<)?cA0*e~(8HW;G8ayz6)5h{
z=urU7(z+S5EPP19fUa?Fd+DS#B|D|@0yT;-Vc$0Dd%M9A!cliBi{LdtM9kBBqD7LN
z>knr{juaES+r^P)d}fZHKC&AUfjfZzh~%mm_tO2QyBWVEawLp(g<qNEpU#RArSrtY
z#W~FYF0c(~-QzEksf$ab_xj;?<`^e29`W8aoCtv26Oxjmzq6#=)2G1_!MP$xZy71m
zM!!Naig%sRv6kY{VU8b+b7s64Si$|J29V`H@D*Ax&Hp+`;1mkHTf53chAxs%f8>Cx
ze@#V^ens%iB;U6UKGjcVhzSB-Zr-8QRcfz>X0BKzg$UHCh<v{BMV}qDIvqqDfPV?(
z-qO5?B*a7}?C)z<uV;p?&g}+30}F9T#K!aI6ll8w&68XTU>@4PZCEk+5q+s-hJ)hU
zD|y4IIkG=3vIC-sC-Hwk(Ss(BJE@^{d&uW~1c0o&aNq?@!^rR^4B1z^+J%?C^yH;_
zEY!J^%|PQCF9{rnn((zl$eyh`^6qWt8j3GEM-S4v+k4BVJM@8R3E?aNeow?C!RXue
zySMe0VPJuS7c@)%!<<X3)y4N(-}fOvbR{}^=x$nP;(Qpqd)VBa+u_6Fvx;2HYe5^N
z_puF-_lW?|)-i6@<d+inn$K7Wy0zQc+}S+}R;O7MJ$xG<tpfK@1CxL21UGA~8_2|U
zgA{n^!&}bk31~_cBh!3<?n(jp_w?DnW5^i19rZl;d(RVF?_pV>iy?=9FtxXr?%X<F
zo>Ok2b7zogEI97KsTp>ARpBQ7uoH62(K|po9KvMl#RtA@<;!-3|C!>Vk94^)2h3m-
z-D;|nCz|hBJ9DBQ5Cg55k?0w`5KQ0YHRE~%z?aA?D-q5Hh~}=w;{@<N86gA(NLO`m
zXwKu=1fb6b43$9T*t%Wi&Z(dl9y4OUOYHsk>{RPfTxHr(zPPwo;f$BT_Zci)-BmOB
QK)^>+_4yN&@~hDQ1$gklN&o-=

literal 0
HcmV?d00001