From de0c9b0af85f395ea22776e405bf4ce7ea987219 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Mon, 22 Jan 2024 14:09:54 +0100 Subject: [PATCH 01/22] chore(deps):[#xxx] update logback.version to 1.4.14 because of CVE-2023-6378(7.5) --- irs-parent-spring-boot/pom.xml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/irs-parent-spring-boot/pom.xml b/irs-parent-spring-boot/pom.xml index 879e62f3b6..fcadfd2285 100644 --- a/irs-parent-spring-boot/pom.xml +++ b/irs-parent-spring-boot/pom.xml @@ -15,6 +15,10 @@ IRS Spring Boot Parent Parent module for Spring Boot modules. + + 1.4.14 + + @@ -24,6 +28,18 @@ pom import + + ch.qos.logback + logback-classic + ${logback.version} + test + + + ch.qos.logback + logback-core + ${logback.version} + test + From a5ea055c5a1bc90b3f0a089bf700b1b684fe7773 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Mon, 22 Jan 2024 17:40:57 +0100 Subject: [PATCH 02/22] chore(deps):[#xxx] correct scope for logback dependency --- irs-parent-spring-boot/pom.xml | 2 -- 1 file changed, 2 deletions(-) diff --git a/irs-parent-spring-boot/pom.xml b/irs-parent-spring-boot/pom.xml index fcadfd2285..0948d0bb0c 100644 --- a/irs-parent-spring-boot/pom.xml +++ b/irs-parent-spring-boot/pom.xml @@ -32,13 +32,11 @@ ch.qos.logback logback-classic ${logback.version} - test ch.qos.logback logback-core ${logback.version} - test From c07d38aa28df115cf7b994c8912ad014b338057c Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Mon, 22 Jan 2024 18:10:26 +0100 Subject: [PATCH 03/22] chore(deps):[#xxx] remove unused maven property graal-sdk.version graal-sdk comes via transitive dependency from jsonschemafriend but newest version of this still uses 21.2.0. The property with the newer version isn't used anywhere anymore. --- pom.xml | 1 - 1 file changed, 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0201230116..db96b8efd0 100644 --- a/pom.xml +++ b/pom.xml @@ -95,7 +95,6 @@ 3.5.0 1.76 3.2.0 - 23.1.0 1.16.1 0.12.0 2.14.0 From d88a890455e3a59cbb8d7525a038afa1296c78d8 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Mon, 22 Jan 2024 18:11:37 +0100 Subject: [PATCH 04/22] chore(deps):[#xxx] add owasp suppression for CVE-2024-20932 reason: https://nvd.nist.gov/vuln/detail/CVE-2024-20932 "... This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator)..." --- .config/owasp-suppressions.xml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.config/owasp-suppressions.xml b/.config/owasp-suppressions.xml index d77ddac247..325b8ae21a 100644 --- a/.config/owasp-suppressions.xml +++ b/.config/owasp-suppressions.xml @@ -28,4 +28,11 @@ ^pkg:maven/org\.graalvm\.sdk/graal\-sdk@.*$ CVE-2023-22006 + + + ^pkg:maven/org\.graalvm\.sdk/graal\-sdk@.*$ + CVE-2024-20932 + \ No newline at end of file From 03b903baad24b154c163238a097160af9ee983d1 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Mon, 22 Jan 2024 19:07:30 +0100 Subject: [PATCH 05/22] chore(deps):[#xxx] Update CHANGELOG.md --- CHANGELOG.md | 369 ++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 294 insertions(+), 75 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e09e7bc65f..1950166290 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,5 @@ # Changelog + All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), @@ -9,51 +10,76 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed - Updated license header to "Copyright (c) 2021,2024 Contributors to the Eclipse Foundation" +- Suppressed CVE-2024-20932 from graal-sdk-21.2.0.jar because this is not applicable for IRS. + +### Fixed + +- Fixed CVE-2023-6378 by custom dependency management entry for logback (1.4.14). ## [4.4.0] - 2024-01-15 + ### Added + - Added EDR token cache to reuse token after contract negotiation - Added cache mechanism in DiscoveryFinderClientImpl for findDiscoveryEndpoints ### Changed -- Authentication was redesigned to use API keys, instead of OAuth2 protocol. The api key has to be sent as a X-API-KEY request header. IRS is supporting two types of API keys - one for admin and one for regular/view usage. Use new ``apiKeyAdmin`` and ``apiKeyRegular`` config entries to set up API keys. + +- Authentication was redesigned to use API keys, instead of OAuth2 protocol. The api key has to be sent as a X-API-KEY + request header. IRS is supporting two types of API keys - one for admin and one for regular/view usage. Use + new ``apiKeyAdmin`` and ``apiKeyRegular`` config entries to set up API keys. ### Removed + - Removed ``oauth.resourceClaim``, ``oauth.irsNamespace``,``oauth.roles``,``oauth2.jwkSetUri`` config entries ## [4.3.0] - 2023-12-08 + ### Added + - Added support for `hasAlternatives` property in SingleLevelBomAsBuilt aspect ### Changed + - Updated edc dependencies to 0.2.1 - Update deprecated field `providerUrl` to `counterPartyAddress` in EDC catalog request - Update ESS EDC notification creation asset endpoint to v3 ## [4.2.0] - 2023-11-28 + ### Changed -- Changed default behaviour of IRS - when aspects list is not provided or empty in request body, IRS will not collect any submodel now (previously default aspects were collected). + +- Changed default behaviour of IRS - when aspects list is not provided or empty in request body, IRS will not collect + any submodel now (previously default aspects were collected). - ESS - - Added 'hops' parameter to SupplyChainImpacted Aspect model - contains relative distance in the supply chain - - Added `impactedSuppliersOnFirstTier` parameter to Supply SupplyChainImpacted Aspect model - contains information of first level supply chain impacted + - Added 'hops' parameter to SupplyChainImpacted Aspect model - contains relative distance in the supply chain + - Added `impactedSuppliersOnFirstTier` parameter to Supply SupplyChainImpacted Aspect model - contains information + of first level supply chain impacted - Exported health endpoints to prometheus (see HealthMetricsExportConfiguration, DependenciesHealthMetricsExportConfiguration) and added [system health dashboard](charts/irs-helm/dashboards/system-health-dashboard.json) in order to visualize health metrics of IRS and its dependencies ### Fixed + - Fixed incorrect passing of incidentBPNS for ESS Orders ### Known knowns + - [#253] Cancelation of order jobs is not working stable ## [4.1.0] - 2023-11-15 + ### Added -- IRS can now check the readiness of external services. Use the new ``management.health.dependencies.enabled`` config entry to determine if external dependencies health checks should be checked (false by default). - - The map of external services healthcheck endpoints can be configured with ``management.health.dependencies.urls`` property, eg. ``service_name: http://service_name_host/health`` + +- IRS can now check the readiness of external services. Use the new ``management.health.dependencies.enabled`` config + entry to determine if external dependencies health checks should be checked (false by default). + - The map of external services healthcheck endpoints can be configured with ``management.health.dependencies.urls`` + property, eg. ``service_name: http://service_name_host/health`` - Added cache mechanism for ConnectorEndpointService for fetchConnectorEndpoints method cache ### Changed + - Changed name of spring's OAuth2 client registration from 'keycloak' to 'common' like below: ``` spring: @@ -87,37 +113,52 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Update IRS API Swagger documentation to match AAS 3.0.0 ### Fixed + - IRS will return 206 Http status from GET /jobs/{id} endpoint if Job is still running ## [4.0.2] - 2023-11-20 + ### Changed + - Remove `apk upgrade --no-cache libssl3 libcrypto3` in Docker base image to be TRG compliant ## [4.0.1] - 2023-11-10 + ### Changed + - Added state `STARTED` as acceptable state to complete the EDC transfer process to be compatible with EDC 0.5.1 ## [4.0.0] - 2023-10-27 + ### Added + - Introduced new API endpoint to register ESS Jobs in Batch - POST {{IRS_HOST}}/irs/ess/orders - Added role "admin_irs" again ### Changed + - Deprecated query parameter 'jobStates' was removed from GET {{IRS_HOST}}/irs/jobs endpoint -- Moved OAuth2 JWT token claim to configuration. The fields can be configured with `oauth.resourceClaim`, `oauth.irsNamespace`, `oauth.roles`. +- Moved OAuth2 JWT token claim to configuration. The fields can be configured + with `oauth.resourceClaim`, `oauth.irsNamespace`, `oauth.roles`. - ESS - - Added Tombstone to ESS investigation in case required aspect models "PartAsPlanned" or "PartSiteInformationAsPlanned" are missing + - Added Tombstone to ESS investigation in case required aspect models "PartAsPlanned" or " + PartSiteInformationAsPlanned" are missing - Update dependencies to mitigate third party vulnerabilities ## [3.5.4] - 2023-10-25 + ### Changed + - removed role "admin_irs" ## [3.5.3] - 2023-10-09 + ### Fixed + - Fixed default policy creation. ### Changed + - Changed configuration for default policies from: ``` irs-edc-client: @@ -141,275 +182,378 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ``` ## [3.5.2] - 2023-10-06 + ### Changed + - Updated dependencies ## [3.5.1] - 2023-10-05 + ### Fixed + - Fix json schema validation ## [3.5.0] - 2023-09-27 + ### Changed -- IRS now makes use of the value `dspEndpoint` in `subprotocolBody` of the Asset Administration Shell to request submodel data directly. + +- IRS now makes use of the value `dspEndpoint` in `subprotocolBody` of the Asset Administration Shell to request + submodel data directly. - Policy Store API is extended to handle: - - multi permissions per each allowed Policy in POST call to create Policy - - multi constraint per each permission in POST call to create Permission - - logical AndConstraint and OrConstraint to give possibility to create complex restriction + - multi permissions per each allowed Policy in POST call to create Policy + - multi constraint per each permission in POST call to create Permission + - logical AndConstraint and OrConstraint to give possibility to create complex restriction ### Fixed + - Fixed a case where IRS submodel requests did not reuqest all EDC endpoints discovered by Discovery Finder - ESS - - Updated investigation request body field `incidentBPNs` to `incidentBPNSs`. - - Streamlined EDC notification flow and adjusted it to existing EDC client methods - - Changed investigation from BPNL to BPNS (`catenaXSiteId` of `PartSiteInformationAsPlanned`) - - Additional validation for `validityPeriod` of `PartAsPlanned` + - Updated investigation request body field `incidentBPNs` to `incidentBPNSs`. + - Streamlined EDC notification flow and adjusted it to existing EDC client methods + - Changed investigation from BPNL to BPNS (`catenaXSiteId` of `PartSiteInformationAsPlanned`) + - Additional validation for `validityPeriod` of `PartAsPlanned` ## [3.4.1] - 2023-09-22 + ### Changed + - Updated SingleLevelUsageAsBuilt schema to 2.0.0 version. ### Fixed + - Fixed missing access control for Batch and ESS API. ## [3.4.0] - 2023-09-01 + ### Added + - Added fetchCatalog to EDCCatalogFacade - Introduced new API endpoint to update 'validUntil' property of Policy - PUT {{IRS_HOST}}/irs/policies/{policyId} - Introduced new IRS role `admin_irs` which has unrestricted access to every API endpoint ### Changed -- Adjusted API access control. Users with role `view_irs` can only access jobs they created themselves. PolicyStore API access is restricted to role `admin_irs`. + +- Adjusted API access control. Users with role `view_irs` can only access jobs they created themselves. PolicyStore API + access is restricted to role `admin_irs`. ### Fixed + - Fixed bug where BPN's were delivered without 'manufacturerName' property filled ## [3.3.5] - 2023-08-30 + ### Changed + - Updated IRS Digital Twin Registry Client to support latest version 0.3.14-M1 ## [3.3.4] - 2023-08-24 + ### Fixed + - Added missing license information to documentation and docker image ## [3.3.3] - 2023-08-11 + ### Changed -- IRS now calls the entire dataplane URL retrieved from the registry href instead of building it from the URL of the EDC token and the path + +- IRS now calls the entire dataplane URL retrieved from the registry href instead of building it from the URL of the EDC + token and the path ### Fixed + - Switched to POST for DTR lookup request -- Added Base64 encoding to identifier for DTR shell-descriptor request +- Added Base64 encoding to identifier for DTR shell-descriptor request - Fixed an issue where IRS did not pass the BPN correctly for the ESS use-case ## [3.3.2] - 2023-07-31 + ### Fixed + - BPN is now passed on correctly when traversing the item graph - EDC Policies now get validated regardless of the type of constraint. - EDC Policies of type FrameworkAgreement are now validated correctly. - Fixed error in BPN handling for IRS Batch requests ## [3.3.1] - 2023-07-24 + ### Fixed + - Added missing field `businessPartner` for relationship aspect SingleLevelUsageAsBuilt ## [3.3.0] - 2023-07-20 + ### Changed + - BPN is now taken from the submodel data while traversing the item graph - Tombstone is created if no BPN is available for a child item ## [3.2.1] - 2023-07-19 + ### Fixed + - EDC Policies now get validated regardless of the type of constraint. - EDC Policies of type `FrameworkAgreement` are now validated correctly. - Fixed error in BPN handling for IRS Batch requests ## [3.2.0] - 2023-07-14 + ### Changed -- The client code for accessing the Digital Twin Registry (central and decentral) is now available as a spring boot maven library. See the README in the irs-registry-client module for more information. + +- The client code for accessing the Digital Twin Registry (central and decentral) is now available as a spring boot + maven library. See the README in the irs-registry-client module for more information. - Update EDC dependencies to 0.1.3 - Add Transformer to support new EDC constraint operator format -- IRS now supports the AAS API 3.0 and its updated models. **Note**: this also reflects in the Job response shells, please check the new schema. +- IRS now supports the AAS API 3.0 and its updated models. **Note**: this also reflects in the Job response shells, + please check the new schema. ### Known knowns -- [TRI-1460] ESS Notifications endpoints are not working in the decentral Digital Twin Registry scenario because endpoints does not provide bpn as a parameter. + +- [TRI-1460] ESS Notifications endpoints are not working in the decentral Digital Twin Registry scenario because + endpoints does not provide bpn as a parameter. - [TRI-1096] No limiting of requests in parallel - IRS allows sending API requests unlimited -- [TRI-1100] Potential denial-of-service (DoS) attack - IRS allows to enter a large number of characters, which are reflected in the response of the server -- [TRI-1098] Software related information disclosure - IRS returns redundant information about the type and version of used software -- [TRI-793] Misconfigured Access-Control-Allow- Origin Header - by intercepting network traffic it could be possible to read and modify any messages that are exchanged with server -- [TRI-1095] HTTP security headers configuration could be improved and allow for additional protection against some web application attacks -- [TRI-1441] Synchronous communication with shared C-X services without circuit breaker pattern - potentially could affect IRS resilience when other services becomes non-responsive. -- [TRI-1441] Cascading effects of failure when Digital Twin Registry becomes non-responsive - potentially bulkhead pattern could improve IRS resilience -- [TRI-1477] Retry mechanism used inside IRS could potentially affect IRS resilience - DDOS other services on which IRS is dependent, exhaustion of resources and available threads, etc. +- [TRI-1100] Potential denial-of-service (DoS) attack - IRS allows to enter a large number of characters, which are + reflected in the response of the server +- [TRI-1098] Software related information disclosure - IRS returns redundant information about the type and version of + used software +- [TRI-793] Misconfigured Access-Control-Allow- Origin Header - by intercepting network traffic it could be possible to + read and modify any messages that are exchanged with server +- [TRI-1095] HTTP security headers configuration could be improved and allow for additional protection against some web + application attacks +- [TRI-1441] Synchronous communication with shared C-X services without circuit breaker pattern - potentially could + affect IRS resilience when other services becomes non-responsive. +- [TRI-1441] Cascading effects of failure when Digital Twin Registry becomes non-responsive - potentially bulkhead + pattern could improve IRS resilience +- [TRI-1477] Retry mechanism used inside IRS could potentially affect IRS resilience - DDOS other services on which IRS + is dependent, exhaustion of resources and available threads, etc. - [TRI-1478] Lack of resources management - thread pooling, heap limitation etc. - [TRI-1024] IRS does not support scale out on multiple instances ## [3.1.0] - 2023-07-07 + ### Changed + - Removed catalog cache - Changed EDC catalog retrieval from pagination to filter -- Item graphs with asBuilt lifecycle & downward direction are now built with usage of SingleLevelBomAsBuilt aspect, instead of AssemblyPartRelationship aspect +- Item graphs with asBuilt lifecycle & downward direction are now built with usage of SingleLevelBomAsBuilt aspect, + instead of AssemblyPartRelationship aspect - Changed retrieval of BPN value from AAS Shell to SingleLevelBomAsBuilt - Renamed SerialPartTypization to SerialPart aspect - ESS - - Update ESS notification asset creation to new EDC DSP protocol - - Include DiscoveryFinder into ESS flow + - Update ESS notification asset creation to new EDC DSP protocol + - Include DiscoveryFinder into ESS flow ## [3.0.1] - 2023-06-28 + ### Fixed + - Added missing participantId to contract negotiation for decentral DTR contract negotiation - Fixed default value for contract negotiation and transfer process state-suffix ## [3.0.0] - 2023-06-26 + ### Added + - Handling of Decentral Digital Twin Registry as a way of request AAS for identifier - - Extend Register Job with key field that contain BPN and globalAssetId - - Requesting BPN endpoint catalog over Discrovery Finder - - Requesting EDC endpoint addresses for BPN over EDC Discovery Finder - - Add filter for catalog item search in EDC - - Authorize Digital Twin client with EDC Endpoint Reference + - Extend Register Job with key field that contain BPN and globalAssetId + - Requesting BPN endpoint catalog over Discrovery Finder + - Requesting EDC endpoint addresses for BPN over EDC Discovery Finder + - Add filter for catalog item search in EDC + - Authorize Digital Twin client with EDC Endpoint Reference - Added new Policy Store API to manage acceptable EDC policies - - `GET /irs/policies` - - `POST /irs/policies` - - `DELETE /irs/policies/{policyId}` + - `GET /irs/policies` + - `POST /irs/policies` + - `DELETE /irs/policies/{policyId}` ### Changed + - Updated EDC Client to use version 0.4.1 - - Adjusted Protocol from IDS to DSP - - Paths for catalog, contract negotiation and transfer process are now configurable via properties - - `edc.controlplane.endpoint.catalog` - - `edc.controlplane.endpoint.contract-negotiation` - - `edc.controlplane.endpoint.transfer-process` + - Adjusted Protocol from IDS to DSP + - Paths for catalog, contract negotiation and transfer process are now configurable via properties + - `edc.controlplane.endpoint.catalog` + - `edc.controlplane.endpoint.contract-negotiation` + - `edc.controlplane.endpoint.transfer-process` - EDR Callback is now configurable via property `edc.callback-url` ## [2.6.1] - 2023-05-15 + ### Added + - Validation if bpnEndpoint is set in properties before starting a job with lookupBPNs set to true - Automate release workflow - Validate if callback url starts with http or https before register a job ## [2.6.0] - 2023-05-05 + ### Added -- IRS now checks the EDC policies and only negotiates contracts if the policy matches the ones defined in the configuration at `edc.catalog.policies.allowedNames` (comma separated string) + +- IRS now checks the EDC policies and only negotiates contracts if the policy matches the ones defined in the + configuration at `edc.catalog.policies.allowedNames` (comma separated string) ### Changed + - Restructured the repository to make it more comprehensive -- Improved API descriptions regarding errors +- Improved API descriptions regarding errors ## [2.5.1] - 2023-04-28 + ### Changed + - Replaced Discovery Service mock with real implementation ## [2.5.0] - 2023-04-17 + ### Added -- Introduced Batch processing API endpoints. Batch Order is registered and executed for a bunch of globalAssetIds in one call. - - API Endpoint POST Register Batch Order {{IRS_HOST}}/irs/orders - - API Endpoint GET Batch Order {{IRS_HOST}}/irs/orders/:orderId - - API Endpoint GET Batch {{IRS_HOST}}/irs/orders/:orderId/batches/:batchId -- Introduced Environmental- and Social Standards processing API endpoints. - - API Endpoint POST Register job to start an investigation if a given bpn is contained in a part chain {{IRS_HOST}}/ess/bpn/investigations - - API Endpoint GET BPN Investigation {{IRS_HOST}}/ess/bpn/investigations/:id - - API Endpoint POST EDC Notification receive {{IRS_HOST}}/ess/notification/receive +- Introduced Batch processing API endpoints. Batch Order is registered and executed for a bunch of globalAssetIds in one + call. + - API Endpoint POST Register Batch Order {{IRS_HOST}}/irs/orders + - API Endpoint GET Batch Order {{IRS_HOST}}/irs/orders/:orderId + - API Endpoint GET Batch {{IRS_HOST}}/irs/orders/:orderId/batches/:batchId +- Introduced Environmental- and Social Standards processing API endpoints. + - API Endpoint POST Register job to start an investigation if a given bpn is contained in a part chain + {{IRS_HOST}}/ess/bpn/investigations + - API Endpoint GET BPN Investigation {{IRS_HOST}}/ess/bpn/investigations/:id + - API Endpoint POST EDC Notification receive {{IRS_HOST}}/ess/notification/receive ## [2.4.1] - 2023-04-21 + ### Fixed + - Updated spring-boot version to 3.0.6 to fix security issue - change GID in Dockerfile to fix https://github.com/eclipse-tractusx/item-relationship-service/issues/101 - ## [2.4.0] - 2023-03-30 + ### Added -- IRS is now able to cache the EDC catalog. Caching can be disabled via application config. Maximum amount of cached items and item time-to-live can be configured as well. + +- IRS is now able to cache the EDC catalog. Caching can be disabled via application config. Maximum amount of cached + items and item time-to-live can be configured as well. - EDC policies retrieved from contract offer are now added to the contract negotiation ### Changed -- API endpoints have now additional layer of security and require BPN claim in token. Allowed BPN that can access API can be configured with (*env:API_ALLOWED_BPN*) variable. + +- API endpoints have now additional layer of security and require BPN claim in token. Allowed BPN that can access API + can be configured with (*env:API_ALLOWED_BPN*) variable. - Updated Spring Boot dependency to 3.0.5 ### Fixed -- Fixed issue in paging when calling SemanticsHub with some page size configurations +- Fixed issue in paging when calling SemanticsHub with some page size configurations ## [2.3.2] - 2023-03-20 + ### Changed + - Replace pandoc with downdoc for conversion asciidoc to markdown ### Fixed + - In AssemblyPartRelationship the ``measurementUnit`` can be both parsed from both string and object versions - Decode URLs for ``assetId`` to prevent bug that encoded ``assetId`` cannot be found in the catalog ## [2.3.1] - 2023-03-07 + ### Changed + - Updated Spring Boot dependency to 3.0.3 ## [2.3.0] - 2023-02-21 + ### Added -- Introduced new endpoint ``/irs/aspectmodels`` which will list all available aspect models (from semantic hub or locally provided files if present) + +- Introduced new endpoint ``/irs/aspectmodels`` which will list all available aspect models (from semantic hub or + locally provided files if present) ### Fixed + - If Grafana is enabled - dashboards will be automatically imported on startup ### Changed + - Job creation validates ``aspects`` by using models available in semantic hub or locally provided. ## [2.2.1] - 2023-03-15 + ### Fixed -- Property "measurementUnit" of AssemblyPartRelationship can now be a String or a Map. According to the latest model, it is supposed to be a String, but due to varying test data, IRS supports both variants. + +- Property "measurementUnit" of AssemblyPartRelationship can now be a String or a Map. According to the latest model, it + is supposed to be a String, but due to varying test data, IRS supports both variants. - EDC Catalog IDs are now being URL decoded before usage ## [2.2.0] - 2023-01-20 + ### Added + - Added new job parameter flag "lookupBPNs" which toggles lookup of BPN numbers using the configured BPN URL -- Added new summary item "bpnLookups" which tracks completed and failed BPN requests. Excluded these metrics from "asyncFetchedItems" +- Added new summary item "bpnLookups" which tracks completed and failed BPN requests. Excluded these metrics from " + asyncFetchedItems" - Model schema JSON files can now be provided locally as a backup to the Semantic Hub. Use the new ``semanticsHub.localModelDirectory`` config entry to provide a folder with the models. - Added pagination to EDC catalog retrieval. ### Fixed + - BPNs array is now filled correctly when requesting a running job with parameter "returnUncompletedJob=true" ## [2.1.0] - 2023-01-11 + ### Changed + - Change 'jobParameter' to 'parameter' in GET calls in IRS API - Change 'jobStates' to 'states' request parameter in GET call for jobs by states, 'jobStates' is now deprecated - REST clients for DTR, SemHub and BPDM now use their own RestTemplates and configuration - application.yaml received some documentation ## [2.0.0] - 2022-12-09 + ### Added + - Added pagination to GET /irs/jobs endpoint (eg. {{IRS_HOST}}/irs/jobs?page=0&size=10&sort=completedOn,asc) ### Changed + - IRS API now requires 'view_irs' resource access inside Keycloak JWT token. - New 2.0.0 version of IRS API. Main goal was to remove 'job' prefix from attribute names - - change 'jobId' to 'id' in GET and POST calls - - change 'jobState' to 'state' in GET calls - - change 'jobCompleted' to 'completedOn' in GET calls - - change 'jobId' to 'id' and 'jobState' to 'state' in callback URI variables + - change 'jobId' to 'id' in GET and POST calls + - change 'jobState' to 'state' in GET calls + - change 'jobCompleted' to 'completedOn' in GET calls + - change 'jobId' to 'id' and 'jobState' to 'state' in callback URI variables ## [1.6.0] - 2022-11-25 + ### Added + - EDC client implementation (for negotiation and data exchange) - New callback endpoint for EDC (path: /internal/endpoint-data-reference) - Optional trusted port to make internal interfaces only available via that (config: server.trustedPort) ### Removed + - Removed the need for the API wrapper by directly communicating with the EDC control and data plane. ## [1.5.0] - 2022-11-11 + ### Added + - Added new parameters 'startedOn' and 'jobCompleted' to Job status response ### Changed + - Updated Spring Boot to 2.7.5 and Spring Security (Web and OAuth2 Client) dependencies to 5.7.5 due to CVEs - Renamed parameter from 'status' to 'jobState' in Job status response - Time to live for finished jobs is now configurable ## [1.4.0] - 2022-10-28 + ### Added -- Added new 'asPlanned' value for bomLifecycle request parameter - now BomAsPlanned can be traversed by the IRS to build relationships + +- Added new 'asPlanned' value for bomLifecycle request parameter - now BomAsPlanned can be traversed by the IRS to build + relationships ## [1.3.0] - 2022-10-18 + ### Added + - BPDM URL (*env:BPDM_URL*) is now configurable - SemanticsHub URL (*env:SEMANTICSHUB_URL*) and default URNs (*env:SEMANTICSHUB_DEFAULT_URNS*) are now configurable - Added an administration guide covering installation and configuration topics (TRI-593) @@ -417,38 +561,49 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Added new optional parameter 'callbackUrl' to Job registration request ### Known knowns -- discovered lack of circuit breaker for communication with submodel server which is not responding (low risk) - will be addressed in future release + +- discovered lack of circuit breaker for communication with submodel server which is not responding (low risk) - will be + addressed in future release ## [1.2.0] - 2022-09-30 + ### Added + - Automatic eclipse dash IP-ticket creation - Automatic cucumber execution based on Tests in Jira ### Fixed + - Update HSTS header configuration (TRI-659) - Encode log output to avoid log forging (TRI-653) - Add missing X-Frame-Options header (TRI-661) - Switching to a distroless Docker base image to avoid vulnerable library (TRI-729) ### Changed + - Update EDC components to version 0.1.1 - Update testdata set to 1.3.2 - Create Tombstone for faulty/null/none BPN ManufactureId - Update aaswrapper to 0.0.7 ## [1.1.0] - 2022-09-12 + ### Added -- **Aspect Model validation** IRS now validates the aspect model responses requested via EDC. JSON schema files are requested on demand using Semantic Hub API. + +- **Aspect Model validation** IRS now validates the aspect model responses requested via EDC. JSON schema files are + requested on demand using Semantic Hub API. - **BPN mapping** IRS job result includes BPNs and the corresponding names. - **Enabled collecting of "Batch" submodels** IRS supports aspect model "Batch" ### Fixed + - **Malformed date-time in IRS job result** (TRI-627) - **Job cleanup process** Jobs are completely deleted after retention period exceeded. (TRI-631) - **IRS job processing** IRS jobs no longer stay stuck in state RUNNING due to malformed URLs. (TRI-675) - **Security fixes** Fixed various security findings. ### Changed + - **IRS monitoring** Added more metrics and improved Grafana dashboards. - **Submodel payload in IRS job response** Submodels are stored as object instead of string. - **CORS** Enabled CORS configuration @@ -458,85 +613,149 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - **IRS stability and code quality** - **API docs** - **Test data and upload script** -- **Helm charts** Improved security and performance configurations. Created a All-in-One Helm Chart for IRS which includes all IRS dependencies. Helm Chart is released separately. +- **Helm charts** Improved security and performance configurations. Created a All-in-One Helm Chart for IRS which + includes all IRS dependencies. Helm Chart is released separately. - **Refactor relationship result object of IRS** - **FOSS initial GitHub & code preparation** Change package structure to `org.eclipse.tractusx`. ## [1.0.0] - 2022-07-25 + ### Changed + * **Improved Minio Helmchart** Latest Minio version is used now * **Submodel Information** If requested, the IRS collects submodel information now and adds it to the job result * **Improved job response** The job response object contains all the required fields now with correct values ## [0.9.1] - 2022-06-14 + ### Removed + - **Remove AAS Proxy** The IRS works without the AASProxy component ## [0.9.0] - 2022-04-27 + ### Added -- **Build traceability BoM as built tree** You can now use the IRS to retrieve a BoM tree with lifecycle stage "as built" for serialized components, which are distributed across the Catena-X network. In this release, the tree is being built on the aspects "SerialPartTypization" and "AssemblyPartRelationship". Focus is a tree built in the direction top-down/parent-child. + +- **Build traceability BoM as built tree** You can now use the IRS to retrieve a BoM tree with lifecycle stage "as + built" for serialized components, which are distributed across the Catena-X network. In this release, the tree is + being built on the aspects "SerialPartTypization" and "AssemblyPartRelationship". Focus is a tree built in the + direction top-down/parent-child. - *IRS API v1.0.0* First release of the IRS API. ### Fixed -- **Cloud Agnostic Solution** You have the ability now to deploy the solution on different cloud vendor solutions. We decoupled the application from its former Azure Stack. + +- **Cloud Agnostic Solution** You have the ability now to deploy the solution on different cloud vendor solutions. We + decoupled the application from its former Azure Stack. - **Security fixes** Various security fixes. ### Changed -- **Asynchronous Job Management** Since we cannot rely on a synchronous answer of each request within the network, we provide a job management for this process. + +- **Asynchronous Job Management** Since we cannot rely on a synchronous answer of each request within the network, we + provide a job management for this process. - **AAS Proxy** Requests to Digital Twin Registry are executed via the AAS Proxy. -- **Quality Gate for Release 1** The quality measures were implemented in accordance with the requirements for Release 1. +- **Quality Gate for Release 1** The quality measures were implemented in accordance with the requirements for Release + 1. - **Hotel Budapest catenax-ng** C-X-NG ready using the provided catenax-ng infrastructure. - **SCA Composition Analysis** Enablement of SCA Composition Analysis using Veracode and CodeQl. - **Github Integrations** VeraCode/Dependabot/SonarCloud/CodeQl ### Unresolved -- **Select Aspects you need** You are able to select the needed aspects for which you want to collect the correct endpoint information. + +- **Select Aspects you need** You are able to select the needed aspects for which you want to collect the correct + endpoint information. [Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.4.0...HEAD + [4.4.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.3.0...4.4.0 + [4.3.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.2.0...4.3.0 + [4.2.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.1.0...4.2.0 + [4.1.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.0.2...4.1.0 + [4.0.2]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.0.1...4.0.2 + [4.0.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.0.0...4.0.1 + [4.0.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.4...4.0.0 + [3.5.4]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.3...3.5.4 + [3.5.3]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.2...3.5.3 + [3.5.2]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.1...3.5.2 + [3.5.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.0...3.5.1 + [3.5.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.4.1...3.5.0 + [3.4.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.4.0...3.4.1 + [3.4.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.5...3.4.0 + [3.3.5]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.4...3.3.5 + [3.3.4]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.3...3.3.4 + [3.3.3]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.2...3.3.3 + [3.3.2]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.1...3.3.2 + [3.3.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.0...3.3.1 + [3.3.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.2.1...3.3.0 + [3.2.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.2.0...3.2.1 + [3.2.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.1.0...3.2.0 + [3.1.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.0.1...3.1.0 + [3.0.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.0.0...3.0.1 + [3.0.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.6.1...3.0.0 + [2.6.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.6.0...2.6.1 + [2.6.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.5.1...2.6.0 + [2.5.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.5.0...2.5.1 + [2.5.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.4.0...2.5.0 + [2.4.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.4.0...2.4.1 + [2.4.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.3.2...2.4.0 + [2.3.2]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.3.1...2.3.2 + [2.3.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.3.0...2.3.1 + [2.3.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.2.0...2.3.0 + [2.2.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.2.0...2.2.1 + [2.2.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.1.0...2.2.0 + [2.1.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.0.0...2.1.0 + [2.0.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/1.6.0...2.0.0 + [1.6.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/1.5.0...1.6.0 + [1.5.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/1.4.0...1.5.0 + [1.4.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/1.3.0...1.4.0 + [1.3.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/1.2.0...1.3.0 + [1.2.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/v1.1.0...1.2.0 + [1.1.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/v1.0.0...v1.1.0 + [1.0.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/v0.9.1...v1.0.0 + [0.9.1]: https://github.com/eclipse-tractusx/item-relationship-service/commits/v0.9.1 + [0.9.0]: https://github.com/eclipse-tractusx/item-relationship-service/commits/v0.9.0 From 2e6411aca74b9104d00c958d250aed2c92a8d382 Mon Sep 17 00:00:00 2001 From: Jaro Hartmann Date: Tue, 23 Jan 2024 11:46:03 +0100 Subject: [PATCH 06/22] chore(testing):[#355] Add env vars for discovery service, semantic hub and BPDM service --- local/testing/IRS_TEMPLATE_environment.json | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/local/testing/IRS_TEMPLATE_environment.json b/local/testing/IRS_TEMPLATE_environment.json index a6b7306e1a..c58e939f79 100644 --- a/local/testing/IRS_TEMPLATE_environment.json +++ b/local/testing/IRS_TEMPLATE_environment.json @@ -1,18 +1,23 @@ { "IRS_HOST": "http://localhost:8080", - "OAUTH2_TOKEN_URL": "", - "CLIENT_ID": "", - "CLIENT_SECRET": "", "ADMIN_API_KEY": "", "REGULAR_API_KEY": "", - "DIGITAL_TWIN_REGISTRY": "", "GLOBAL_ASSET_ID": "", "BPN": "", + "OAUTH2_TOKEN_URL": "", + "DISCOVERY_CLIENT_ID": "", + "DISCOVERY_CLIENT_SECRET": "", + "SEMANTIC_HUB_CLIENT_ID": "", + "SEMANTIC_HUB_CLIENT_SECRET": "", + "BPDM_CLIENT_ID": "", + "BPDM_CLIENT_SECRET": "", + "DIGITAL_TWIN_REGISTRY": "", "SEMANTIC_HUB_URL": "", "BPDM_URL": "", - "CONSUMER_CONTROLPLANE": "", - "EDC_API_KEY": "", "DISCOVERY_FINDER": "", "BPN_DISCOVERY": "", - "EDC_DISCOVERY": "" + "EDC_DISCOVERY": "", + "CONSUMER_CONTROLPLANE": "", + "PROVIDER_CONTROLPLANE_1": "", + "EDC_API_KEY": "" } \ No newline at end of file From 63e80963781a3c65dd7d52861faa8e46e0fa7740 Mon Sep 17 00:00:00 2001 From: Jaro Hartmann Date: Tue, 23 Jan 2024 11:47:24 +0100 Subject: [PATCH 07/22] chore(testing):[#355] Update authentication for discovery service, semantic hub and BPDM service, Add missing header to DT requests --- local/testing/IRS_Request_Collection.json | 947 ++++++++++++++-------- 1 file changed, 615 insertions(+), 332 deletions(-) diff --git a/local/testing/IRS_Request_Collection.json b/local/testing/IRS_Request_Collection.json index b11e5ff507..2223c72d5f 100644 --- a/local/testing/IRS_Request_Collection.json +++ b/local/testing/IRS_Request_Collection.json @@ -1,12 +1,12 @@ { "_type": "export", "__export_format": 4, - "__export_date": "2024-01-11T21:02:36.140Z", - "__export_source": "insomnia.desktop.app:v2023.5.8", + "__export_date": "2024-01-23T10:32:11.813Z", + "__export_source": "insomnia.desktop.app:v8.6.0", "resources": [ { - "_id": "req_5abf771bdc1048ff99f5ce39366febce", - "parentId": "fld_0195759b9c384a03ac70f2fe63701b55", + "_id": "req_1267e02eed7b49a28ea7e8b70bfe1cf6", + "parentId": "fld_9988da1681c94a2a8ce76b85d744325f", "modified": 1705006817408, "created": 1705005887617, "url": "{{IRS_HOST}}/irs/policies", @@ -25,6 +25,7 @@ }, "metaSortKey": -1705005887617, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -34,8 +35,8 @@ "_type": "request" }, { - "_id": "fld_0195759b9c384a03ac70f2fe63701b55", - "parentId": "fld_cefec9f9528a43a185f2267e8ee4c0d5", + "_id": "fld_9988da1681c94a2a8ce76b85d744325f", + "parentId": "fld_1810e742cdde46ab9d50b692c5b8da98", "modified": 1687243055015, "created": 1687243055015, "name": "Policy Store", @@ -46,7 +47,7 @@ "_type": "request_group" }, { - "_id": "fld_cefec9f9528a43a185f2267e8ee4c0d5", + "_id": "fld_1810e742cdde46ab9d50b692c5b8da98", "parentId": "wrk_565df8abe30f4da29d8bffcde97927d7", "modified": 1691572726194, "created": 1680682418636, @@ -68,8 +69,8 @@ "_type": "workspace" }, { - "_id": "req_09113cc4a55e4db0b7b3cf40b8b6d02c", - "parentId": "fld_0195759b9c384a03ac70f2fe63701b55", + "_id": "req_f4ed2f142c40439998f72e2ceb85380e", + "parentId": "fld_9988da1681c94a2a8ce76b85d744325f", "modified": 1702990529632, "created": 1687243204155, "url": "{{IRS_HOST}}/irs/policies/{% prompt 'policyId', '', 'traceability-test', '', false, true %}", @@ -88,6 +89,7 @@ }, "metaSortKey": -1685602897140.75, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -97,8 +99,8 @@ "_type": "request" }, { - "_id": "req_6f2d62a44ccc491cad22dfcc5b157e04", - "parentId": "fld_0195759b9c384a03ac70f2fe63701b55", + "_id": "req_990267ff2ba049fa8e0bfff912088b84", + "parentId": "fld_9988da1681c94a2a8ce76b85d744325f", "modified": 1702990565006, "created": 1693576003390, "url": "{{IRS_HOST}}/irs/policies/{% prompt 'id', '', 'traceability-test', '', false, true %}", @@ -125,6 +127,7 @@ }, "metaSortKey": -1684874704117.875, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -134,8 +137,8 @@ "_type": "request" }, { - "_id": "req_f232d8b29b8e48528496f449145193f9", - "parentId": "fld_0195759b9c384a03ac70f2fe63701b55", + "_id": "req_73b6af41486b4910883d91dea050839e", + "parentId": "fld_9988da1681c94a2a8ce76b85d744325f", "modified": 1705006437142, "created": 1687243182397, "url": "{{IRS_HOST}}/irs/policies", @@ -162,6 +165,7 @@ }, "metaSortKey": -1683962737633.5, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -171,9 +175,9 @@ "_type": "request" }, { - "_id": "req_cfebb971b6574425bcda3123aa358466", - "parentId": "fld_c6b2a98cadb9413ab6eaa95d006a05ed", - "modified": 1691502818583, + "_id": "req_d5741df44ed441d39c6b9325e6cb60ee", + "parentId": "fld_bb755d1cb6a244aca3c64d9a7e5ac10b", + "modified": 1706003275081, "created": 1680682418619, "url": "{{DIGITAL_TWIN_REGISTRY}}/api/v3.0/shell-descriptors/{% prompt 'aasIdentifier', '', _.GLOBAL_ASSET_ID, '', false, true %}", "name": "Get Shell by aasIdentifier", @@ -184,22 +188,16 @@ "headers": [ { "id": "pair_7877c58fd3ae46758cabf9f6cb397818", - "name": "", - "value": "", + "name": "Edc-Bpn", + "value": "BPNL00000001CRHK", "description": "", - "disabled": true + "disabled": false } ], - "authentication": { - "type": "oauth2", - "grantType": "client_credentials", - "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", - "clientId": "{{ _.CLIENT_ID }}", - "clientSecret": "{{ _.CLIENT_SECRET }}", - "credentialsInBody": false - }, + "authentication": {}, "metaSortKey": -1680682418619, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -209,8 +207,8 @@ "_type": "request" }, { - "_id": "fld_c6b2a98cadb9413ab6eaa95d006a05ed", - "parentId": "fld_cefec9f9528a43a185f2267e8ee4c0d5", + "_id": "fld_bb755d1cb6a244aca3c64d9a7e5ac10b", + "parentId": "fld_1810e742cdde46ab9d50b692c5b8da98", "modified": 1691504187689, "created": 1680682418630, "name": "Digital Twin Registry", @@ -221,9 +219,9 @@ "_type": "request_group" }, { - "_id": "req_2665052f708b40a7a0ff9810458142be", - "parentId": "fld_c6b2a98cadb9413ab6eaa95d006a05ed", - "modified": 1690529037286, + "_id": "req_c9f7bc41a36e4d41b9bf26073e7feb98", + "parentId": "fld_bb755d1cb6a244aca3c64d9a7e5ac10b", + "modified": 1706002920212, "created": 1690529035794, "url": "{{DIGITAL_TWIN_REGISTRY}}/api/v3.0/shell-descriptors", "name": "Get Shells", @@ -234,22 +232,16 @@ "headers": [ { "id": "pair_7877c58fd3ae46758cabf9f6cb397818", - "name": "", - "value": "", + "name": "Edc-Bpn", + "value": "BPNL00000001CRHK", "description": "", - "disabled": true + "disabled": false } ], - "authentication": { - "type": "oauth2", - "grantType": "client_credentials", - "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", - "clientId": "{{ _.CLIENT_ID }}", - "clientSecret": "{{ _.CLIENT_SECRET }}", - "credentialsInBody": false - }, + "authentication": {}, "metaSortKey": -1680682418614, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -259,9 +251,9 @@ "_type": "request" }, { - "_id": "req_8874f22975f84acaa3f9c7598a1b9c4d", - "parentId": "fld_c6b2a98cadb9413ab6eaa95d006a05ed", - "modified": 1690366224607, + "_id": "req_4d2cf605282f41ae82adef74435aec12", + "parentId": "fld_bb755d1cb6a244aca3c64d9a7e5ac10b", + "modified": 1706003278149, "created": 1680682418609, "url": "{{DIGITAL_TWIN_REGISTRY}}/api/v3.0/lookup/shells", "name": "Query Registry By BPN", @@ -272,7 +264,7 @@ { "name": "assetIds", "value": "[{\"name\": \"manufacturerId\",\"value\":\"BPNL00000003AYRE\"}],", - "disabled": false, + "disabled": true, "id": "pair_c8a20aa6fd7647a98da9b91abfe0cfa8" }, { @@ -284,7 +276,7 @@ { "name": "assetIds", "value": "[{\"name\": \"manufacturerId\",\"value\":\"BPNL00000003AZQP\"}]", - "disabled": true, + "disabled": false, "id": "pair_4187c8b0b8894410a17eb0ff2cf1523a" }, { @@ -318,17 +310,18 @@ "id": "pair_406c9da4dc014fb297f70bb3da7128c1" } ], - "headers": [], - "authentication": { - "type": "oauth2", - "grantType": "client_credentials", - "credentialsInBody": false, - "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", - "clientId": "{{ _.CLIENT_ID }}", - "clientSecret": "{{ _.CLIENT_SECRET }}" - }, + "headers": [ + { + "id": "pair_72e0b43ab2ba4417bbc72bf08182edd0", + "name": "Edc-Bpn", + "value": "BPNL00000001CRHK", + "description": "" + } + ], + "authentication": {}, "metaSortKey": -1680682418609, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -338,9 +331,9 @@ "_type": "request" }, { - "_id": "req_ed371c67ceb74535928495b3f082a05e", - "parentId": "fld_c6b2a98cadb9413ab6eaa95d006a05ed", - "modified": 1690366542261, + "_id": "req_1619abe9652b4b12b38aa24cbd40a7a1", + "parentId": "fld_bb755d1cb6a244aca3c64d9a7e5ac10b", + "modified": 1706003280850, "created": 1680682418595, "url": "{{DIGITAL_TWIN_REGISTRY}}/api/v3.0/lookup/shells", "name": "Query Registry By VAN", @@ -355,16 +348,18 @@ "id": "pair_50d86e928e9f448d97da8ada0390e12f" } ], - "headers": [], - "authentication": { - "type": "oauth2", - "grantType": "client_credentials", - "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", - "clientId": "{{ _.CLIENT_ID }}", - "clientSecret": "{{ _.CLIENT_SECRET }}" - }, + "headers": [ + { + "id": "pair_ed11c2a6df9248e292914df944e8ba93", + "name": "Edc-Bpn", + "value": "BPNL00000001CRHK", + "description": "" + } + ], + "authentication": {}, "metaSortKey": -1680682418595, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -374,9 +369,9 @@ "_type": "request" }, { - "_id": "req_d62d73a234b04b94bea554e266dedfe7", - "parentId": "fld_c6b2a98cadb9413ab6eaa95d006a05ed", - "modified": 1691061418395, + "_id": "req_d6f383445f204a948970420dcda640d0", + "parentId": "fld_bb755d1cb6a244aca3c64d9a7e5ac10b", + "modified": 1706003354109, "created": 1680682418581, "url": "{{DIGITAL_TWIN_REGISTRY}}/api/v3.0/lookup/shells", "name": "Query Registry By globalAssetId", @@ -391,16 +386,18 @@ "id": "pair_f5f3d12fb2224c1d9e577c42128aa3d9" } ], - "headers": [], - "authentication": { - "type": "oauth2", - "grantType": "client_credentials", - "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", - "clientId": "{{ _.CLIENT_ID }}", - "clientSecret": "{{ _.CLIENT_SECRET }}" - }, + "headers": [ + { + "id": "pair_71ae5e562e9c414a82e84220f3c00343", + "name": "Edc-Bpn", + "value": "BPNL00000001CRHK", + "description": "" + } + ], + "authentication": {}, "metaSortKey": -1680682418581, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -410,9 +407,9 @@ "_type": "request" }, { - "_id": "req_d536ae7dec104219b4f638accf73f4e7", - "parentId": "fld_c6b2a98cadb9413ab6eaa95d006a05ed", - "modified": 1691500553894, + "_id": "req_a6b3fee73a4c43e8a5e0449c3c620da7", + "parentId": "fld_bb755d1cb6a244aca3c64d9a7e5ac10b", + "modified": 1706003284715, "created": 1680682418570, "url": "{{DIGITAL_TWIN_REGISTRY}}/api/v3.0/lookup/shells/query", "name": "Query Registry By VAN", @@ -426,18 +423,20 @@ "headers": [ { "name": "Content-Type", - "value": "application/json" + "value": "application/json", + "id": "pair_2f4c445074514f92a4dee92554053d0a" + }, + { + "id": "pair_35fe7a71647f4aea91ba03bfc87f0cd0", + "name": "Edc-Bpn", + "value": "BPNL00000001CRHK", + "description": "" } ], - "authentication": { - "type": "oauth2", - "grantType": "client_credentials", - "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", - "clientId": "{{ _.CLIENT_ID }}", - "clientSecret": "{{ _.CLIENT_SECRET }}" - }, + "authentication": {}, "metaSortKey": -1680682418570, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -447,9 +446,9 @@ "_type": "request" }, { - "_id": "req_fc2a0a60847f47e4bc868689e02e3c82", - "parentId": "fld_c6b2a98cadb9413ab6eaa95d006a05ed", - "modified": 1691571903257, + "_id": "req_7245f1e26dea444f97742f993492e803", + "parentId": "fld_bb755d1cb6a244aca3c64d9a7e5ac10b", + "modified": 1706003286642, "created": 1691408320970, "url": "{{DIGITAL_TWIN_REGISTRY}}/api/v3.0/lookup/shells/query", "name": "Query Registry By globalAssetId", @@ -463,18 +462,20 @@ "headers": [ { "name": "Content-Type", - "value": "application/json" + "value": "application/json", + "id": "pair_c1f8de03ff8f4f92aeeeef63510f755e" + }, + { + "id": "pair_5dc1d703196747318faff9a8dd96be0c", + "name": "Edc-Bpn", + "value": "BPNL00000001CRHK", + "description": "" } ], - "authentication": { - "type": "oauth2", - "grantType": "client_credentials", - "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", - "clientId": "{{ _.CLIENT_ID }}", - "clientSecret": "{{ _.CLIENT_SECRET }}" - }, + "authentication": {}, "metaSortKey": -1680682418560.5, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -484,9 +485,9 @@ "_type": "request" }, { - "_id": "req_3e1614f342cc4c71b0f3420e10b8a1d0", - "parentId": "fld_c6b2a98cadb9413ab6eaa95d006a05ed", - "modified": 1690366857910, + "_id": "req_8ac0e8a9fe334e6a96dbb168a304ae18", + "parentId": "fld_bb755d1cb6a244aca3c64d9a7e5ac10b", + "modified": 1706003289343, "created": 1689167429413, "url": "{{DIGITAL_TWIN_REGISTRY}}/api/v3.0/shell-descriptors/{% prompt 'id', '', '', '', false, true %}", "name": "Delete Shell by aasIdentifier", @@ -505,22 +506,16 @@ "headers": [ { "id": "pair_7877c58fd3ae46758cabf9f6cb397818", - "name": "", - "value": "", + "name": "Edc-Bpn", + "value": "BPNL00000001CRHK", "description": "", - "disabled": true + "disabled": false } ], - "authentication": { - "type": "oauth2", - "grantType": "client_credentials", - "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", - "clientId": "{{ _.CLIENT_ID }}", - "clientSecret": "{{ _.CLIENT_SECRET }}", - "credentialsInBody": false - }, + "authentication": {}, "metaSortKey": -1680682418470, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -530,8 +525,8 @@ "_type": "request" }, { - "_id": "req_5343969b9bf347789011f1b12a302cc5", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_c1523dcf97d14b58bb72cf3253d4fb4b", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991054859, "created": 1680682418551, "url": "{{IRS_HOST}}/irs/jobs", @@ -558,6 +553,7 @@ }, "metaSortKey": -1680682418551, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -567,8 +563,8 @@ "_type": "request" }, { - "_id": "fld_99c35c51cb3143518e93f7efa74c3a49", - "parentId": "fld_cefec9f9528a43a185f2267e8ee4c0d5", + "_id": "fld_c517b707380249f3bd7290d8d22a9138", + "parentId": "fld_1810e742cdde46ab9d50b692c5b8da98", "modified": 1680682418562, "created": 1680682418562, "name": "IRS Test Collection", @@ -579,8 +575,8 @@ "_type": "request_group" }, { - "_id": "req_787b826634504d14b0725f55f346a80b", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_dc3918d6fa9843ffb4fe8e268888a0c4", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991058493, "created": 1680682418539, "url": "{{IRS_HOST}}/irs/jobs", @@ -607,6 +603,7 @@ }, "metaSortKey": -1680682418539, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -616,8 +613,8 @@ "_type": "request" }, { - "_id": "req_9ec7dfc15e934fee8bd2b2d22b9af2e9", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_add3363de5c941c1864c49fa8313468e", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991063641, "created": 1680682418524, "url": "{{IRS_HOST}}/irs/jobs", @@ -644,6 +641,7 @@ }, "metaSortKey": -1680682418524, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -653,8 +651,8 @@ "_type": "request" }, { - "_id": "req_bce1d4b4865d481a9fbcc34f04a6f218", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_daffa8d4fd694e388086286b52583a30", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991067797, "created": 1680682418514, "url": "{{IRS_HOST}}/irs/jobs", @@ -681,6 +679,7 @@ }, "metaSortKey": -1680682418514, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -690,8 +689,8 @@ "_type": "request" }, { - "_id": "req_e41a57c0151b4bb189133061751364e8", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_4741e3623c0a4649807af10b573a1ffb", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991071709, "created": 1680682418504, "url": "{{IRS_HOST}}/irs/jobs", @@ -718,6 +717,7 @@ }, "metaSortKey": -1680682418504, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -727,8 +727,8 @@ "_type": "request" }, { - "_id": "req_7f697d7f3e55410aaebce0eccb694f0a", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_4103f9f43731449c964103eec0aee11d", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991076696, "created": 1695042901876, "url": "{{IRS_HOST}}/irs/jobs", @@ -755,6 +755,7 @@ }, "metaSortKey": -1680682418496, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -764,8 +765,8 @@ "_type": "request" }, { - "_id": "req_2b725578779e412c8103ffe6a1f88e70", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_af000a718cd94c38aecbff4f182f5a0b", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991080833, "created": 1680682418488, "url": "{{IRS_HOST}}/irs/jobs", @@ -792,6 +793,7 @@ }, "metaSortKey": -1680682418488, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -801,8 +803,8 @@ "_type": "request" }, { - "_id": "req_7042132a15f44a24ab8f1aa41cba781e", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_60460ded5ba94b33b7f9f2373cdea348", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991084713, "created": 1680682418479, "url": "{{IRS_HOST}}/irs/jobs", @@ -829,6 +831,7 @@ }, "metaSortKey": -1680682418479, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -838,8 +841,8 @@ "_type": "request" }, { - "_id": "req_39864c9dceb24feebf3744441f3252b0", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_4e91ca97acf14f019fac724fe25e1e6c", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991088495, "created": 1680682418469, "url": "{{IRS_HOST}}/irs/jobs", @@ -866,6 +869,7 @@ }, "metaSortKey": -1680682418469, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -875,8 +879,8 @@ "_type": "request" }, { - "_id": "req_ed37b0171546433c8a8170945ed698fe", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_f269dfad4827462aae4bea5367b442e7", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991094498, "created": 1680682418460, "url": "{{IRS_HOST}}/irs/jobs", @@ -903,6 +907,7 @@ }, "metaSortKey": -1680682418460, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -912,8 +917,8 @@ "_type": "request" }, { - "_id": "req_5e42af9e4d0d4bfda16f8912d10bfdcb", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_1d5b7da6d6b54735a6166251c0a1edfb", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991098918, "created": 1680682418451, "url": "{{IRS_HOST}}/irs/jobs", @@ -940,6 +945,7 @@ }, "metaSortKey": -1680682418451, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -949,8 +955,8 @@ "_type": "request" }, { - "_id": "req_64119ae49dba4513845e87d9bfaf75e7", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_378c52bc81b64e8b95f641c4f655a1d5", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991103182, "created": 1680682418442, "url": "{{IRS_HOST}}/irs/jobs", @@ -977,6 +983,7 @@ }, "metaSortKey": -1680682418442, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -986,8 +993,8 @@ "_type": "request" }, { - "_id": "req_a13c1a3e1ce2493fb064407aebf87845", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_38b875ef05d14595b892e65914a6df24", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991107672, "created": 1680682418432, "url": "{{IRS_HOST}}/irs/jobs", @@ -1014,6 +1021,7 @@ }, "metaSortKey": -1680682418432, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1023,8 +1031,8 @@ "_type": "request" }, { - "_id": "req_a9d4e40c141e4d77a1f0b5d1bde21c27", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_c96be1a03513429184f85283557a8d65", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991113717, "created": 1695192937155, "url": "{{IRS_HOST}}/irs/jobs", @@ -1051,6 +1059,7 @@ }, "metaSortKey": -1680682418428, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1060,8 +1069,8 @@ "_type": "request" }, { - "_id": "req_92b6e18037c841729ab5fc14ef55f23d", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_33ea4f68b3904bc6bb7ad50dde23632a", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991120609, "created": 1695192971825, "url": "{{IRS_HOST}}/irs/jobs", @@ -1088,6 +1097,7 @@ }, "metaSortKey": -1680682418426, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1097,8 +1107,8 @@ "_type": "request" }, { - "_id": "req_1991d08340764ef1af526011a8929aa5", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_e18ad8582e204828b06e0de32d30390e", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991125292, "created": 1680682418424, "url": "{{IRS_HOST}}/irs/jobs", @@ -1125,6 +1135,7 @@ }, "metaSortKey": -1680682418424, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1134,8 +1145,8 @@ "_type": "request" }, { - "_id": "req_84340ba6eb254659ba0f9e9ee128aefc", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_d52411aa0a6249449a3e99c91b262e4e", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991130711, "created": 1680682418414, "url": "{{IRS_HOST}}/irs/jobs", @@ -1162,6 +1173,7 @@ }, "metaSortKey": -1680682418414, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1171,8 +1183,8 @@ "_type": "request" }, { - "_id": "req_8d98fd4edb7b49199fba171f9d72dd9e", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_c610dd3176ae49d8a96884de371de3c9", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991137603, "created": 1680682418401, "url": "{{IRS_HOST}}/irs/jobs", @@ -1199,6 +1211,7 @@ }, "metaSortKey": -1680682418401, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1208,8 +1221,8 @@ "_type": "request" }, { - "_id": "req_6ca35ef4aec8455797a7bebae102a1b5", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_07403288d3394387926cd9f0926b3ea4", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991145487, "created": 1680682418392, "url": "{{IRS_HOST}}/irs/jobs", @@ -1236,6 +1249,7 @@ }, "metaSortKey": -1680682418392, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1245,8 +1259,8 @@ "_type": "request" }, { - "_id": "req_2c184f2fecea46fe905f3df24d9160a6", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_ae4eeade6f854a3b845f1c4b0d1f351d", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991149742, "created": 1683184048412, "url": "{{IRS_HOST}}/irs/jobs", @@ -1273,6 +1287,7 @@ }, "metaSortKey": -1680682418386.5, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1282,8 +1297,8 @@ "_type": "request" }, { - "_id": "req_bac623bb6747471999c1aabdf30acbcd", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_d2763c0b68e649debd563be84a2e7ac5", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991154342, "created": 1693493383337, "url": "{{IRS_HOST}}/irs/jobs", @@ -1310,6 +1325,7 @@ }, "metaSortKey": -1680682418382.375, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1319,8 +1335,8 @@ "_type": "request" }, { - "_id": "req_4f28e46c77f942b6bea4fdf589be4ca1", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_67e70efe4a904805b6d8d614401097f5", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991159838, "created": 1693493584873, "url": "{{IRS_HOST}}/irs/jobs", @@ -1347,6 +1363,7 @@ }, "metaSortKey": -1680682418381.6875, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1356,8 +1373,8 @@ "_type": "request" }, { - "_id": "req_6f72851efd3840e4ac5dddf85ea485df", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_329716a740284e9d92c0e98b08ef8c4d", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991164094, "created": 1693493594373, "url": "{{IRS_HOST}}/irs/jobs", @@ -1384,6 +1401,7 @@ }, "metaSortKey": -1680682418381.3438, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1393,8 +1411,8 @@ "_type": "request" }, { - "_id": "req_c99503b01abe41f792dccf5a1da33c17", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_1e84830bf707450c9aec67763df4db4d", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991168363, "created": 1693493604521, "url": "{{IRS_HOST}}/irs/jobs", @@ -1421,6 +1439,7 @@ }, "metaSortKey": -1680682418381.1719, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1430,8 +1449,8 @@ "_type": "request" }, { - "_id": "req_a5276cce96634693a65b355c2dd1d7d3", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_846efa768fa4440e92d62d103f8268f0", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991173689, "created": 1680682418381, "url": "{{IRS_HOST}}/irs/jobs", @@ -1461,6 +1480,7 @@ }, "metaSortKey": -1680682418381, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1470,8 +1490,8 @@ "_type": "request" }, { - "_id": "req_d0768a3e244a4634b69a4d26dc85d23b", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_f44e4fb2955e45b4822b3579a5953370", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991177973, "created": 1680682418372, "url": "{{IRS_HOST}}/irs/jobs", @@ -1501,6 +1521,7 @@ }, "metaSortKey": -1680682418372, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1510,8 +1531,8 @@ "_type": "request" }, { - "_id": "req_9319b2847acf48c98d771d7e318315a6", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_94e9199eebac41d4aaa24b79a529e712", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991182139, "created": 1680682418358, "url": "{{IRS_HOST}}/irs/jobs", @@ -1541,6 +1562,7 @@ }, "metaSortKey": -1680682418358, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1550,8 +1572,8 @@ "_type": "request" }, { - "_id": "req_96fc195d9d8647f1b5538e3901cd7968", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_bead38a2831748b0908dea7f60b75fcd", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991186114, "created": 1680682418348, "url": "{{IRS_HOST}}/irs/jobs", @@ -1575,6 +1597,7 @@ }, "metaSortKey": -1680682418348, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1584,8 +1607,8 @@ "_type": "request" }, { - "_id": "req_6f68e1e65bc042079e73460fece779a0", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_3388b98dfadf4ca29be1a8c20eb32540", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991190326, "created": 1680682418339, "url": "{{IRS_HOST}}/irs/jobs", @@ -1615,6 +1638,7 @@ }, "metaSortKey": -1680682418339, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1624,8 +1648,8 @@ "_type": "request" }, { - "_id": "req_67bf27f456f94b578e781c83a58eed4d", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_690f2cd5e1ad46e497a8c25694fe37ec", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991196283, "created": 1680682418325, "url": "{{IRS_HOST}}/irs/jobs/{% prompt 'Job ID', '', '', '', false, true %}", @@ -1655,6 +1679,7 @@ }, "metaSortKey": -1680682418325, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1664,8 +1689,8 @@ "_type": "request" }, { - "_id": "req_e763a14926bc42b6b3cf15a33dbb6262", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_a232e153a891470e8b82c7e42a86f95f", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991200399, "created": 1680682418316, "url": "{{IRS_HOST}}/irs/jobs/{% prompt 'Job ID', '', '', '', false, true %}", @@ -1689,6 +1714,7 @@ }, "metaSortKey": -1680682418316, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1698,8 +1724,8 @@ "_type": "request" }, { - "_id": "req_b6d7199b149042c9b77df6f57379641e", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_8448f684adbd409eaeb7c017af4b1508", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991205447, "created": 1680682418307, "url": "{{IRS_HOST}}/irs/jobs/test", @@ -1723,6 +1749,7 @@ }, "metaSortKey": -1680682418307, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1732,8 +1759,8 @@ "_type": "request" }, { - "_id": "req_7074d238bdfd4ffd9910160d2917a4d1", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_0a5dc1223ebc49ca9aed7114eb470dd7", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991214202, "created": 1680682418297, "url": "{{IRS_HOST}}/irs/jobs/00000000-0000-0000-0000-000000000000", @@ -1757,6 +1784,7 @@ }, "metaSortKey": -1680682418297, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1766,8 +1794,8 @@ "_type": "request" }, { - "_id": "req_9d3b808daa9f4ea5a2683ebcde47703b", - "parentId": "fld_99c35c51cb3143518e93f7efa74c3a49", + "_id": "req_bc8199a1ea134828a0c61c8ce39e5f94", + "parentId": "fld_c517b707380249f3bd7290d8d22a9138", "modified": 1702991218362, "created": 1680682418280, "url": "{{IRS_HOST}}/irs/jobs/{% prompt 'Job ID', '', '', '', false, true %}", @@ -1791,6 +1819,7 @@ }, "metaSortKey": -1680682418280, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1800,9 +1829,9 @@ "_type": "request" }, { - "_id": "req_7a029e9de6814c03928255f9a1982004", - "parentId": "fld_a94b368ce3e84a7488a4f63ad635a162", - "modified": 1683630958934, + "_id": "req_71ca4eb08f894036866e35931ca370c9", + "parentId": "fld_476c769969fd4ad7a5d83e31b2a861d9", + "modified": 1705942015684, "created": 1682672699249, "url": "{{ _.BPN_DISCOVERY }}/api/administration/connectors/bpnDiscovery/search", "name": "Find BPN endpoints for manufacturer numbers", @@ -1823,12 +1852,13 @@ "type": "oauth2", "grantType": "client_credentials", "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", - "clientId": "{{ _.CLIENT_ID }}", - "clientSecret": "{{ _.CLIENT_SECRET }}", + "clientId": "{{ _.DISCOVERY_CLIENT_ID }}", + "clientSecret": "{{ _.DISCOVERY_CLIENT_SECRET }}", "disabled": false }, "metaSortKey": -1683630902023, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1838,8 +1868,8 @@ "_type": "request" }, { - "_id": "fld_a94b368ce3e84a7488a4f63ad635a162", - "parentId": "fld_cefec9f9528a43a185f2267e8ee4c0d5", + "_id": "fld_476c769969fd4ad7a5d83e31b2a861d9", + "parentId": "fld_1810e742cdde46ab9d50b692c5b8da98", "modified": 1683630931664, "created": 1683630887514, "name": "Discovery", @@ -1850,9 +1880,9 @@ "_type": "request_group" }, { - "_id": "req_d1dbbb7587b246c1b0196358496357f9", - "parentId": "fld_a94b368ce3e84a7488a4f63ad635a162", - "modified": 1683630963691, + "_id": "req_d7248e0a7b1f4393a5a390b265482415", + "parentId": "fld_476c769969fd4ad7a5d83e31b2a861d9", + "modified": 1705942027574, "created": 1683031718699, "url": "{{ _.DISCOVERY_FINDER }}/api/administration/connectors/discovery/search", "name": "Find BPN Discovery Endpoints of type BPN", @@ -1873,12 +1903,13 @@ "type": "oauth2", "grantType": "client_credentials", "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", - "clientId": "{{ _.CLIENT_ID }}", - "clientSecret": "{{ _.CLIENT_SECRET }}", + "clientId": "{{ _.DISCOVERY_CLIENT_ID }}", + "clientSecret": "{{ _.DISCOVERY_CLIENT_SECRET }}", "disabled": false }, "metaSortKey": -1683630901923, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1888,9 +1919,9 @@ "_type": "request" }, { - "_id": "req_3210d8eeace1496f98cb810353f5b825", - "parentId": "fld_a94b368ce3e84a7488a4f63ad635a162", - "modified": 1691567913468, + "_id": "req_77fa47273bf343c7b674d6f6062a4699", + "parentId": "fld_476c769969fd4ad7a5d83e31b2a861d9", + "modified": 1705942036978, "created": 1683560906453, "url": "{{ _.EDC_DISCOVERY }}/api/administration/connectors/discovery", "name": "Find EDC endpoints for BPNs", @@ -1911,12 +1942,13 @@ "type": "oauth2", "grantType": "client_credentials", "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", - "clientId": "{{ _.CLIENT_ID }}", - "clientSecret": "{{ _.CLIENT_SECRET }}", + "clientId": "{{ _.DISCOVERY_CLIENT_ID }}", + "clientSecret": "{{ _.DISCOVERY_CLIENT_SECRET }}", "disabled": false }, "metaSortKey": -1683630901873, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1926,8 +1958,8 @@ "_type": "request" }, { - "_id": "req_a6c1b73c7d2d407699913aabe4af51c5", - "parentId": "fld_fb03597a1ff8491f8e2ec1ee57891936", + "_id": "req_b02ac0bfc4704c83a5c5f8b24175d61a", + "parentId": "fld_a78746c77e5042fe9a16e9c07c428503", "modified": 1705006665175, "created": 1680682418265, "url": "{{IRS_HOST}}/irs/jobs", @@ -1954,6 +1986,7 @@ }, "metaSortKey": -1680682418265, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -1963,8 +1996,8 @@ "_type": "request" }, { - "_id": "fld_fb03597a1ff8491f8e2ec1ee57891936", - "parentId": "fld_cefec9f9528a43a185f2267e8ee4c0d5", + "_id": "fld_a78746c77e5042fe9a16e9c07c428503", + "parentId": "fld_1810e742cdde46ab9d50b692c5b8da98", "modified": 1680682418273, "created": 1680682418273, "name": "IRS Basic API Calls", @@ -1975,8 +2008,49 @@ "_type": "request_group" }, { - "_id": "req_07674ad6ec7147568bc8339deaca335d", - "parentId": "fld_fb03597a1ff8491f8e2ec1ee57891936", + "_id": "req_8ba77f0c79bd4a3cbb0b9f661a05b03e", + "parentId": "fld_a78746c77e5042fe9a16e9c07c428503", + "modified": 1705942154792, + "created": 1680682418238, + "url": "{{IRS_HOST}}/irs/jobs/{% response 'body', 'req_b02ac0bfc4704c83a5c5f8b24175d61a', 'b64::JC5pZA==::46b', 'never', 60 %} ", + "name": "Get registered Job", + "description": "", + "method": "GET", + "body": {}, + "parameters": [ + { + "name": "returnUncompletedJob", + "value": "true", + "disabled": false + } + ], + "headers": [ + { + "name": "Content-Type", + "value": "application/json" + } + ], + "authentication": { + "type": "apikey", + "disabled": false, + "key": "X-API-KEY", + "value": "{{ _.REGULAR_API_KEY }}", + "addTo": "header" + }, + "metaSortKey": -1680682418261, + "isPrivate": false, + "pathParameters": [], + "settingStoreCookies": true, + "settingSendCookies": true, + "settingDisableRenderRequestBody": false, + "settingEncodeUrl": true, + "settingRebuildPath": true, + "settingFollowRedirects": "global", + "_type": "request" + }, + { + "_id": "req_58c35dbebe62459182db7768eb9cfe38", + "parentId": "fld_a78746c77e5042fe9a16e9c07c428503", "modified": 1702991288793, "created": 1680682418257, "url": "{{IRS_HOST}}/irs/jobs", @@ -2000,6 +2074,7 @@ }, "metaSortKey": -1680682418257, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2009,8 +2084,8 @@ "_type": "request" }, { - "_id": "req_9e02c92e769c4ad9bf5d53f5d9c2a6de", - "parentId": "fld_fb03597a1ff8491f8e2ec1ee57891936", + "_id": "req_6e01d4795fcd4ec4be9ca7fdc6922fa8", + "parentId": "fld_a78746c77e5042fe9a16e9c07c428503", "modified": 1702991284435, "created": 1680682418247, "url": "{{IRS_HOST}}/irs/jobs", @@ -2054,6 +2129,7 @@ }, "metaSortKey": -1680682418247, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2063,8 +2139,8 @@ "_type": "request" }, { - "_id": "req_7c35241474cf41d1a6cc2864afc7313e", - "parentId": "fld_fb03597a1ff8491f8e2ec1ee57891936", + "_id": "req_78f9f14b26df47858339421fa25b4692", + "parentId": "fld_a78746c77e5042fe9a16e9c07c428503", "modified": 1703236659047, "created": 1690384427379, "url": "{{IRS_HOST}}/irs/jobs/{% prompt 'Job ID', '', '', '', false, true %}", @@ -2094,6 +2170,7 @@ }, "metaSortKey": -1680682418238, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2103,8 +2180,8 @@ "_type": "request" }, { - "_id": "req_39681ec4183f4a818cef42e8c78d994a", - "parentId": "fld_fb03597a1ff8491f8e2ec1ee57891936", + "_id": "req_ed05f65eded245b88f2e0e8d345c3aea", + "parentId": "fld_a78746c77e5042fe9a16e9c07c428503", "modified": 1702991276045, "created": 1680682418229, "url": "{{IRS_HOST}}/irs/jobs/{% prompt 'Job ID', '', '', '', false, true %}", @@ -2128,6 +2205,7 @@ }, "metaSortKey": -1680682418229, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2137,8 +2215,8 @@ "_type": "request" }, { - "_id": "req_f7475fa73c934aa898e09d0204cfc7da", - "parentId": "fld_fb03597a1ff8491f8e2ec1ee57891936", + "_id": "req_5e18d4a7284c43f5aa60ec7e6123a1c7", + "parentId": "fld_a78746c77e5042fe9a16e9c07c428503", "modified": 1702991272198, "created": 1682498338739, "url": "{{IRS_HOST}}/irs/aspectmodels", @@ -2162,6 +2240,7 @@ }, "metaSortKey": -1680682418179, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2171,9 +2250,9 @@ "_type": "request" }, { - "_id": "req_2912d111f43643828b16baa54c2fcc95", - "parentId": "fld_be446bc05f624985a6a9211e55ee1c7d", - "modified": 1691504888870, + "_id": "req_6a09b68cf4244a0cb956df180e5f4c82", + "parentId": "fld_f4db18660b724e548809bade6bfce615", + "modified": 1705942066941, "created": 1680682418213, "url": "{{ _.SEMANTIC_HUB_URL }}/hub/api/v1/models", "name": "Get all models", @@ -2199,11 +2278,12 @@ "type": "oauth2", "grantType": "client_credentials", "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", - "clientId": "{{ _.CLIENT_ID }}", - "clientSecret": "{{ _.CLIENT_SECRET }}" + "clientId": "{{ _.SEMANTIC_HUB_CLIENT_ID }}", + "clientSecret": "{{ _.SEMANTIC_HUB_CLIENT_SECRET }}" }, "metaSortKey": -1680682418213, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2213,8 +2293,8 @@ "_type": "request" }, { - "_id": "fld_be446bc05f624985a6a9211e55ee1c7d", - "parentId": "fld_cefec9f9528a43a185f2267e8ee4c0d5", + "_id": "fld_f4db18660b724e548809bade6bfce615", + "parentId": "fld_1810e742cdde46ab9d50b692c5b8da98", "modified": 1680682418222, "created": 1680682418222, "name": "Semantics Hub", @@ -2225,9 +2305,9 @@ "_type": "request_group" }, { - "_id": "req_87800d1dbb74434d9d1a6a844e252799", - "parentId": "fld_be446bc05f624985a6a9211e55ee1c7d", - "modified": 1691504864710, + "_id": "req_b1a321440a2e4dfe902ecca571dc62f5", + "parentId": "fld_f4db18660b724e548809bade6bfce615", + "modified": 1705942077015, "created": 1680682418204, "url": "{{ _.SEMANTIC_HUB_URL }}/hub/api/v1/models/urn%3Abamm%3Aio.catenax.serial_part_typization%3A1.0.0%23SerialPartTypization", "name": "Get SerialPartTypization", @@ -2240,11 +2320,12 @@ "type": "oauth2", "grantType": "client_credentials", "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", - "clientId": "{{ _.CLIENT_ID }}", - "clientSecret": "{{ _.CLIENT_SECRET }}" + "clientId": "{{ _.SEMANTIC_HUB_CLIENT_ID }}", + "clientSecret": "{{ _.SEMANTIC_HUB_CLIENT_SECRET }}" }, "metaSortKey": -1680682418204, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2254,9 +2335,9 @@ "_type": "request" }, { - "_id": "req_44e6f1dd9d544129a4454272b948b76c", - "parentId": "fld_be446bc05f624985a6a9211e55ee1c7d", - "modified": 1691504802561, + "_id": "req_f7f18c23f9ed4b26ba84b6fa81fd5a30", + "parentId": "fld_f4db18660b724e548809bade6bfce615", + "modified": 1705942085733, "created": 1680682418192, "url": "{{ _.SEMANTIC_HUB_URL }}/hub/api/v1/models/urn%3Abamm%3Aio.catenax.serial_part_typization%3A1.0.0%23SerialPartTypization/json-schema", "name": "Get SerialPartTypization Json Schema", @@ -2269,11 +2350,12 @@ "type": "oauth2", "grantType": "client_credentials", "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", - "clientId": "{{ _.CLIENT_ID }}", - "clientSecret": "{{ _.CLIENT_SECRET }}" + "clientId": "{{ _.SEMANTIC_HUB_CLIENT_ID }}", + "clientSecret": "{{ _.SEMANTIC_HUB_CLIENT_SECRET }}" }, "metaSortKey": -1680682418192, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2283,9 +2365,9 @@ "_type": "request" }, { - "_id": "req_af09068bf6df4299a86059178155f80c", - "parentId": "fld_365f72e79184426595b3ddd237ab04be", - "modified": 1681718801853, + "_id": "req_76a27e96d5d342e8a7354566da95312a", + "parentId": "fld_91009c5cad114695877a204d8fb6e2d1", + "modified": 1705942100313, "created": 1680682418174, "url": "{{ _.BPDM_URL }}/v1/api/catena/business-partner/{% prompt 'BPN', '', '', '', false, true %}", "name": "Get business partner by id", @@ -2304,11 +2386,12 @@ "type": "oauth2", "grantType": "client_credentials", "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", - "clientId": "{{ _.CLIENT_ID }}", - "clientSecret": "{{ _.CLIENT_SECRET }}" + "clientId": "{{ _.BPDM_CLIENT_ID }}", + "clientSecret": "{{ _.BPDM_CLIENT_SECRET }}" }, "metaSortKey": -1680682418174, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2318,8 +2401,8 @@ "_type": "request" }, { - "_id": "fld_365f72e79184426595b3ddd237ab04be", - "parentId": "fld_cefec9f9528a43a185f2267e8ee4c0d5", + "_id": "fld_91009c5cad114695877a204d8fb6e2d1", + "parentId": "fld_1810e742cdde46ab9d50b692c5b8da98", "modified": 1680682418184, "created": 1680682418184, "name": "Business partner data management", @@ -2330,8 +2413,8 @@ "_type": "request_group" }, { - "_id": "req_e3f5a1c9c48c43e28f6f0989a22283d1", - "parentId": "fld_632cbac21e8b4ad6bc9129682997a72d", + "_id": "req_281c172641d04743b5f4b916639a0fde", + "parentId": "fld_91e10c4c8a0345d6b3a46c5146c12ceb", "modified": 1702991347797, "created": 1680682418157, "url": "{{IRS_HOST}}/esr/esr-statistics/{% prompt 'globalAssetId', 'Provide global asset ID or use default', _.GLOBAL_ASSET_ID, '', false, true %}/{% prompt 'BOM Lifecycle', '', '', '', false, true %}/{% prompt 'Certificate', '', '', '', false, true %}/submodel", @@ -2355,6 +2438,7 @@ }, "metaSortKey": -1680682418158, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2364,8 +2448,8 @@ "_type": "request" }, { - "_id": "fld_632cbac21e8b4ad6bc9129682997a72d", - "parentId": "fld_cefec9f9528a43a185f2267e8ee4c0d5", + "_id": "fld_91e10c4c8a0345d6b3a46c5146c12ceb", + "parentId": "fld_1810e742cdde46ab9d50b692c5b8da98", "modified": 1680682418167, "created": 1680682418167, "name": "ESR Spike", @@ -2376,8 +2460,8 @@ "_type": "request_group" }, { - "_id": "req_20d530394909498d8815bca896b5f1c1", - "parentId": "fld_6e5c69f5335d44ea8c3d9deb8945596c", + "_id": "req_ec674952c1114bce8fb71ea1ed6d9ef7", + "parentId": "fld_e9093d47fe4445c5b0f7a051e4b0f5ad", "modified": 1702991361578, "created": 1680682418143, "url": "{{IRS_HOST}}/ess/bpn/investigations", @@ -2404,6 +2488,7 @@ }, "metaSortKey": -1680682418143, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2413,8 +2498,8 @@ "_type": "request" }, { - "_id": "fld_6e5c69f5335d44ea8c3d9deb8945596c", - "parentId": "fld_cefec9f9528a43a185f2267e8ee4c0d5", + "_id": "fld_e9093d47fe4445c5b0f7a051e4b0f5ad", + "parentId": "fld_1810e742cdde46ab9d50b692c5b8da98", "modified": 1680682418151, "created": 1680682418151, "name": "ESS Spike", @@ -2425,8 +2510,43 @@ "_type": "request_group" }, { - "_id": "req_9d9e0fb370444917be5a38b557030073", - "parentId": "fld_6e5c69f5335d44ea8c3d9deb8945596c", + "_id": "req_98098b47c80842ee9fa4d8a1c00b90cd", + "parentId": "fld_e9093d47fe4445c5b0f7a051e4b0f5ad", + "modified": 1705942138125, + "created": 1680682418134, + "url": "{{IRS_HOST}}/ess/bpn/investigations/{% response 'body', 'req_ec674952c1114bce8fb71ea1ed6d9ef7', 'b64::JC5pZA==::46b', 'never', 60 %}", + "name": "Get registered investigation", + "description": "", + "method": "GET", + "body": {}, + "parameters": [], + "headers": [ + { + "name": "Content-Type", + "value": "application/json" + } + ], + "authentication": { + "type": "apikey", + "disabled": false, + "key": "X-API-KEY", + "value": "{{ _.REGULAR_API_KEY }}", + "addTo": "header" + }, + "metaSortKey": -1680682418138.5, + "isPrivate": false, + "pathParameters": [], + "settingStoreCookies": true, + "settingSendCookies": true, + "settingDisableRenderRequestBody": false, + "settingEncodeUrl": true, + "settingRebuildPath": true, + "settingFollowRedirects": "global", + "_type": "request" + }, + { + "_id": "req_53b8324bea944948ae6156efa74b35a2", + "parentId": "fld_e9093d47fe4445c5b0f7a051e4b0f5ad", "modified": 1702991370481, "created": 1680682418134, "url": "{{IRS_HOST}}/ess/bpn/investigations/{% prompt 'Job ID', '', '', '', false, true %}", @@ -2450,6 +2570,7 @@ }, "metaSortKey": -1680682418134, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2459,8 +2580,8 @@ "_type": "request" }, { - "_id": "req_0ebc01e95f94455bb1b0c87f90bcab06", - "parentId": "fld_acf689d4003a47898ddbe195039a59d4", + "_id": "req_92b9561d03a54fe79c34d95a93ba0955", + "parentId": "fld_3112c2de59e04e4ea40e8d82a8844ccc", "modified": 1702991381651, "created": 1680682418118, "url": "{{IRS_HOST}}/irs/orders", @@ -2487,6 +2608,7 @@ }, "metaSortKey": -1680682418118, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2496,8 +2618,8 @@ "_type": "request" }, { - "_id": "fld_acf689d4003a47898ddbe195039a59d4", - "parentId": "fld_cefec9f9528a43a185f2267e8ee4c0d5", + "_id": "fld_3112c2de59e04e4ea40e8d82a8844ccc", + "parentId": "fld_1810e742cdde46ab9d50b692c5b8da98", "modified": 1680682418128, "created": 1680682418128, "name": "Batch Processing", @@ -2508,8 +2630,8 @@ "_type": "request_group" }, { - "_id": "req_14c9c29c846e4ba8a66d27ced0b899f6", - "parentId": "fld_acf689d4003a47898ddbe195039a59d4", + "_id": "req_7b406e4b799c4c06b26b8989cccdfca9", + "parentId": "fld_3112c2de59e04e4ea40e8d82a8844ccc", "modified": 1702991390349, "created": 1696342619602, "url": "{{IRS_HOST}}/irs/ess/orders", @@ -2536,6 +2658,7 @@ }, "metaSortKey": -1680682418113.5, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2545,8 +2668,8 @@ "_type": "request" }, { - "_id": "req_a92050648817457486cd7664e549e06e", - "parentId": "fld_acf689d4003a47898ddbe195039a59d4", + "_id": "req_78db20c6fbec4ef4a64a15f2b28fe8b9", + "parentId": "fld_3112c2de59e04e4ea40e8d82a8844ccc", "modified": 1705006936944, "created": 1705006139836, "url": "{{IRS_HOST}}/irs/orders/{% prompt 'Order ID', '', '', '', false, true %}", @@ -2574,6 +2697,7 @@ }, "metaSortKey": -1680682418111.25, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2583,8 +2707,8 @@ "_type": "request" }, { - "_id": "req_c42c94e761c24426878cf3cd88e301b1", - "parentId": "fld_acf689d4003a47898ddbe195039a59d4", + "_id": "req_963d3326f7554d41b6730a3b5f293e21", + "parentId": "fld_3112c2de59e04e4ea40e8d82a8844ccc", "modified": 1702991398473, "created": 1680682418109, "url": "{{IRS_HOST}}/irs/orders/{% prompt 'Order ID', '', '', '', false, true %}", @@ -2608,6 +2732,7 @@ }, "metaSortKey": -1680682418109, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2617,8 +2742,8 @@ "_type": "request" }, { - "_id": "req_3e41dd9d2c1a4a9b880ba63ec4dd312b", - "parentId": "fld_acf689d4003a47898ddbe195039a59d4", + "_id": "req_0b2b42f0de3d445eb2dfebe7338cba2f", + "parentId": "fld_3112c2de59e04e4ea40e8d82a8844ccc", "modified": 1702991409664, "created": 1680682418099, "url": "{{IRS_HOST}}/irs/orders/{% prompt 'Order ID', '', '', '', false, true %}/batches/{% prompt 'Batch ID', '', '', '', false, true %}", @@ -2642,6 +2767,7 @@ }, "metaSortKey": -1680682418099, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2651,8 +2777,8 @@ "_type": "request" }, { - "_id": "req_384b37b316254ad1bfe39474877374b7", - "parentId": "fld_c1542e78ff7e4c36839c5cb7ca56e7c6", + "_id": "req_c94c97ae6a724112b590952b9a7a0dea", + "parentId": "fld_d5e9b62b127847188e1e4b518720a102", "modified": 1690472186478, "created": 1678358655308, "url": "{{ _.CONSUMER_CONTROLPLANE }}/management/v2/catalog/request", @@ -2679,6 +2805,7 @@ }, "metaSortKey": -1686195722939.1875, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2688,8 +2815,8 @@ "_type": "request" }, { - "_id": "fld_c1542e78ff7e4c36839c5cb7ca56e7c6", - "parentId": "fld_8b90eb2a99354ecdb14805791a34fbaa", + "_id": "fld_d5e9b62b127847188e1e4b518720a102", + "parentId": "fld_0839b47b8e964caa9174f954735ab106", "modified": 1690362660167, "created": 1690362660167, "name": "Catalog", @@ -2700,8 +2827,8 @@ "_type": "request_group" }, { - "_id": "fld_8b90eb2a99354ecdb14805791a34fbaa", - "parentId": "fld_cefec9f9528a43a185f2267e8ee4c0d5", + "_id": "fld_0839b47b8e964caa9174f954735ab106", + "parentId": "fld_1810e742cdde46ab9d50b692c5b8da98", "modified": 1690363778601, "created": 1675675609576, "name": "EDC-Requests", @@ -2712,8 +2839,8 @@ "_type": "request_group" }, { - "_id": "req_640982624e044311806c5b5af6ba908a", - "parentId": "fld_c1542e78ff7e4c36839c5cb7ca56e7c6", + "_id": "req_13e43b7f93484f80b8006c04b582e128", + "parentId": "fld_d5e9b62b127847188e1e4b518720a102", "modified": 1691500654267, "created": 1685521485278, "url": "{{ _.CONSUMER_CONTROLPLANE }}/management/v2/catalog/request", @@ -2740,6 +2867,7 @@ }, "metaSortKey": -1686195722889.1875, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2749,8 +2877,46 @@ "_type": "request" }, { - "_id": "req_8c3dffcfb17040558c3c96b5a6fe0d07", - "parentId": "fld_f277ccd7006d4c5981445ea5824d5e80", + "_id": "req_d10e25e171d44f0581305ceec28c90bc", + "parentId": "fld_d5e9b62b127847188e1e4b518720a102", + "modified": 1705940987109, + "created": 1691654388376, + "url": "{{ _.CONSUMER_CONTROLPLANE }}/management/v2/catalog/request", + "name": "Get catalog with asset filter", + "description": "", + "method": "POST", + "body": { + "mimeType": "application/json", + "text": "{\n\t\"@context\": {\n\t\t\"dct\": \"https://purl.org/dc/terms/\",\n\t\t\"tx\": \"https://w3id.org/tractusx/v0.0.1/ns/\",\n\t\t\"edc\": \"https://w3id.org/edc/v0.0.1/ns/\",\n\t\t\"odrl\": \"http://www.w3.org/ns/odrl/2/\",\n\t\t\"dcat\": \"https://www.w3.org/ns/dcat/\",\n\t\t\"dspace\": \"https://w3id.org/dspace/v0.8/\"\n\t},\n\t\"edc:providerUrl\": \"{{ _.PROVIDER_CONTROLPLANE_1 }}/api/v1/dsp\",\n\t\"edc:protocol\": \"dataspace-protocol-http\",\n\t\"edc:querySpec\": {\n\t\t\"edc:filterExpression\": {\n\t\t\t\"edc:operandLeft\": \"https://w3id.org/edc/v0.0.1/ns/id\",\n\t\t\t\"edc:operator\": \"=\",\n\t\t\t\"edc:operandRight\": \"{% prompt 'assetId', '', '', '', false, true %}\"\n\t\t}\n\t}\n}" + }, + "parameters": [], + "headers": [ + { + "name": "Content-Type", + "value": "application/json" + } + ], + "authentication": { + "type": "apikey", + "disabled": false, + "key": "X-Api-Key", + "value": "{{ _.EDC_API_KEY }}", + "addTo": "header" + }, + "metaSortKey": -1686195722789.1875, + "isPrivate": false, + "pathParameters": [], + "settingStoreCookies": true, + "settingSendCookies": true, + "settingDisableRenderRequestBody": false, + "settingEncodeUrl": true, + "settingRebuildPath": true, + "settingFollowRedirects": "global", + "_type": "request" + }, + { + "_id": "req_080fffcbca8246cca56c1b89e2ee87d7", + "parentId": "fld_1e28df04607146aa953989fb9b878c79", "modified": 1691578280640, "created": 1675675609557, "url": "{{ _.CONSUMER_CONTROLPLANE }}/management/v2/contractnegotiations", @@ -2777,6 +2943,7 @@ }, "metaSortKey": -1684146511095, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2786,8 +2953,8 @@ "_type": "request" }, { - "_id": "fld_f277ccd7006d4c5981445ea5824d5e80", - "parentId": "fld_8b90eb2a99354ecdb14805791a34fbaa", + "_id": "fld_1e28df04607146aa953989fb9b878c79", + "parentId": "fld_0839b47b8e964caa9174f954735ab106", "modified": 1684146626847, "created": 1684146519491, "name": "Negotiation", @@ -2798,8 +2965,8 @@ "_type": "request_group" }, { - "_id": "req_eda28efb347a4b889574b6d4efbfc2d8", - "parentId": "fld_f277ccd7006d4c5981445ea5824d5e80", + "_id": "req_4b81e1450a7044f4b495396a3c6beec5", + "parentId": "fld_1e28df04607146aa953989fb9b878c79", "modified": 1690362123962, "created": 1675675609549, "url": "{{ _.CONSUMER_CONTROLPLANE }}/management/v2/contractnegotiations/{% prompt 'id', '', '', '', false, true %}", @@ -2823,6 +2990,7 @@ }, "metaSortKey": -1684146511045, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2832,8 +3000,8 @@ "_type": "request" }, { - "_id": "req_7812c8281cfd45bca643079b91d09696", - "parentId": "fld_f277ccd7006d4c5981445ea5824d5e80", + "_id": "req_941858a9157241bdb4b143f49461378e", + "parentId": "fld_1e28df04607146aa953989fb9b878c79", "modified": 1690362117725, "created": 1685444139708, "url": "{{ _.CONSUMER_CONTROLPLANE }}/management/v2/contractnegotiations/{% prompt 'id', '', '', '', false, true %}/cancel", @@ -2852,6 +3020,7 @@ }, "metaSortKey": -1684146511020, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2861,8 +3030,8 @@ "_type": "request" }, { - "_id": "req_d03f85528e3842d3996379ad603bc59c", - "parentId": "fld_f277ccd7006d4c5981445ea5824d5e80", + "_id": "req_d321712166e0404798f4c201b8928aba", + "parentId": "fld_1e28df04607146aa953989fb9b878c79", "modified": 1690361721223, "created": 1681911985730, "url": "{{ _.CONSUMER_CONTROLPLANE }}/management/v2/contractnegotiations/request", @@ -2889,6 +3058,7 @@ }, "metaSortKey": -1684146510995, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2898,8 +3068,8 @@ "_type": "request" }, { - "_id": "req_d7fbd989cc994daa95309f4ddd6f881a", - "parentId": "fld_f277ccd7006d4c5981445ea5824d5e80", + "_id": "req_4ef3b469eec84623ba6fb1558baf732d", + "parentId": "fld_1e28df04607146aa953989fb9b878c79", "modified": 1691578311420, "created": 1675675609541, "url": "{{ _.CONSUMER_CONTROLPLANE }}/management/v2/transferprocesses", @@ -2926,6 +3096,7 @@ }, "metaSortKey": -1684146510945, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2935,8 +3106,8 @@ "_type": "request" }, { - "_id": "req_9e9929d09f944df7ad5a2caff837bea7", - "parentId": "fld_f277ccd7006d4c5981445ea5824d5e80", + "_id": "req_e86d72124f744590931f5cdf6d4ba618", + "parentId": "fld_1e28df04607146aa953989fb9b878c79", "modified": 1691503370103, "created": 1679993996270, "url": "{{ _.CONSUMER_CONTROLPLANE }}/management/v2/transferprocesses/{% prompt 'id', '', '', '', false, true %}", @@ -2960,6 +3131,7 @@ }, "metaSortKey": -1684146510895, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -2969,8 +3141,8 @@ "_type": "request" }, { - "_id": "req_593cc5984c8e4fc983193582d2ca91da", - "parentId": "fld_f277ccd7006d4c5981445ea5824d5e80", + "_id": "req_a4cd5461e45d44d1b0ce29c5076dd8ab", + "parentId": "fld_1e28df04607146aa953989fb9b878c79", "modified": 1690361795179, "created": 1675675609525, "url": "{{ _.CONSUMER_CONTROLPLANE }}/management/v2/transferprocesses/request", @@ -2997,6 +3169,7 @@ }, "metaSortKey": -1684146510845, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -3006,8 +3179,8 @@ "_type": "request" }, { - "_id": "req_a733261194a845e4b83881e53d7c2c21", - "parentId": "fld_f277ccd7006d4c5981445ea5824d5e80", + "_id": "req_c13b0227ea6649c185319bddf09e1ff4", + "parentId": "fld_1e28df04607146aa953989fb9b878c79", "modified": 1690361763512, "created": 1681910653593, "url": "{{CONSUMER_CONTROLPLANE}}/management/v2/contractagreements/request", @@ -3034,6 +3207,7 @@ }, "metaSortKey": -1684146510795, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -3043,8 +3217,8 @@ "_type": "request" }, { - "_id": "req_29f76c4a062d4454adb221a2e579a1ea", - "parentId": "fld_05a20c665a3d49568079f982c40d923c", + "_id": "req_cd795997401045719846198f474ac6c4", + "parentId": "fld_b72920a81fc94ba7ac254f87c04e4bdc", "modified": 1690362947546, "created": 1681907482278, "url": "{{ _.PROVIDER_CONTROLPLANE_1 }}/management/v2/assets", @@ -3071,6 +3245,7 @@ }, "metaSortKey": -1679911033461.75, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -3080,20 +3255,20 @@ "_type": "request" }, { - "_id": "fld_05a20c665a3d49568079f982c40d923c", - "parentId": "fld_8b90eb2a99354ecdb14805791a34fbaa", - "modified": 1684146621298, + "_id": "fld_b72920a81fc94ba7ac254f87c04e4bdc", + "parentId": "fld_0839b47b8e964caa9174f954735ab106", + "modified": 1705940929752, "created": 1684146457388, "name": "Provider", "description": "", "environment": {}, "environmentPropertyOrder": null, - "metaSortKey": -1675675609471, + "metaSortKey": -1678852197613.5625, "_type": "request_group" }, { - "_id": "req_43c51a693ddb4498846e4711e684bc40", - "parentId": "fld_05a20c665a3d49568079f982c40d923c", + "_id": "req_1b5a18e8940948b3b0593152919f0f98", + "parentId": "fld_b72920a81fc94ba7ac254f87c04e4bdc", "modified": 1690362407763, "created": 1685444139630, "url": "{{ _.PROVIDER_CONTROLPLANE_1 }}/management/v2/assets/{% prompt 'id', '', '', '', false, true %}", @@ -3112,6 +3287,7 @@ }, "metaSortKey": -1679911033452.375, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -3121,8 +3297,8 @@ "_type": "request" }, { - "_id": "req_8956d72e30364f2dbb8171daecd01f33", - "parentId": "fld_05a20c665a3d49568079f982c40d923c", + "_id": "req_b00faefd0be84da8972cfe82c018103f", + "parentId": "fld_b72920a81fc94ba7ac254f87c04e4bdc", "modified": 1690362438115, "created": 1685444139625, "url": "{{ _.PROVIDER_CONTROLPLANE_1 }}/management/v2/assets/request", @@ -3149,6 +3325,7 @@ }, "metaSortKey": -1679911033447.6875, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -3158,8 +3335,8 @@ "_type": "request" }, { - "_id": "req_023a617fd5af41d782a2715fe5d81706", - "parentId": "fld_05a20c665a3d49568079f982c40d923c", + "_id": "req_7705a8d515234eeda8a00b72b33c0810", + "parentId": "fld_b72920a81fc94ba7ac254f87c04e4bdc", "modified": 1690362400081, "created": 1685444139636, "url": "{{ _.PROVIDER_CONTROLPLANE_1 }}/management/v2/assets/{% prompt 'id', '', '', '', false, true %}", @@ -3178,6 +3355,7 @@ }, "metaSortKey": -1679911033433.625, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -3187,8 +3365,8 @@ "_type": "request" }, { - "_id": "req_a6217da8bcfb4f60b3f54ccae9ef6657", - "parentId": "fld_05a20c665a3d49568079f982c40d923c", + "_id": "req_b3df4c26f45442b0969e2601ba943f91", + "parentId": "fld_b72920a81fc94ba7ac254f87c04e4bdc", "modified": 1690362581978, "created": 1685444139641, "url": "{{ _.PROVIDER_CONTROLPLANE_1 }}/management/v2/policydefinitions", @@ -3215,6 +3393,7 @@ }, "metaSortKey": -1679911033403.9375, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -3224,8 +3403,8 @@ "_type": "request" }, { - "_id": "req_b951acf896b54364a912cb609440ce2d", - "parentId": "fld_05a20c665a3d49568079f982c40d923c", + "_id": "req_cccc83c71e834cac9e1e7e1562930645", + "parentId": "fld_b72920a81fc94ba7ac254f87c04e4bdc", "modified": 1690362549290, "created": 1685444139647, "url": "{{ _.PROVIDER_CONTROLPLANE_1 }}/management/v2/policydefinitions/{% prompt 'id', '', '', '', false, true %}", @@ -3242,8 +3421,9 @@ "value": "{{ _.EDC_API_KEY }}", "addTo": "header" }, - "metaSortKey": -1679911033364.0937, + "metaSortKey": -1679911033364.0938, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -3253,8 +3433,8 @@ "_type": "request" }, { - "_id": "req_a2c87a2e2ec64753a8d09ce6a9bcde78", - "parentId": "fld_05a20c665a3d49568079f982c40d923c", + "_id": "req_b628dd4600654a57a3d1c4abd71f032f", + "parentId": "fld_b72920a81fc94ba7ac254f87c04e4bdc", "modified": 1690362591799, "created": 1685444139653, "url": "{{ _.PROVIDER_CONTROLPLANE_1 }}/management/v2/policydefinitions/request", @@ -3281,6 +3461,7 @@ }, "metaSortKey": -1679911033344.1719, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -3290,8 +3471,8 @@ "_type": "request" }, { - "_id": "req_2bcbcdb6b42c4271bc6e3c01d08c4799", - "parentId": "fld_05a20c665a3d49568079f982c40d923c", + "_id": "req_c2c69580f2014ea0af92c45b3efa1a0a", + "parentId": "fld_b72920a81fc94ba7ac254f87c04e4bdc", "modified": 1690362559324, "created": 1685444139659, "url": "{{ _.PROVIDER_CONTROLPLANE_1 }}/management/v2/policydefinitions/{% prompt 'id', '', '', '', false, true %}", @@ -3310,6 +3491,7 @@ }, "metaSortKey": -1679911033299.25, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -3319,8 +3501,8 @@ "_type": "request" }, { - "_id": "req_18d8ac1065e74df58d46c70423298692", - "parentId": "fld_05a20c665a3d49568079f982c40d923c", + "_id": "req_9de3020e595e4a79ade1de9bbb5645bd", + "parentId": "fld_b72920a81fc94ba7ac254f87c04e4bdc", "modified": 1690363080444, "created": 1685444139665, "url": "{{ _.PROVIDER_CONTROLPLANE_1 }}/management/v2/contractdefinitions", @@ -3347,6 +3529,7 @@ }, "metaSortKey": -1679911033261.75, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -3356,8 +3539,8 @@ "_type": "request" }, { - "_id": "req_58945d6b76824b07886e2e055341d319", - "parentId": "fld_05a20c665a3d49568079f982c40d923c", + "_id": "req_30779ac0b772473094ad1ab750784f72", + "parentId": "fld_b72920a81fc94ba7ac254f87c04e4bdc", "modified": 1690362691392, "created": 1685444139672, "url": "{{ _.PROVIDER_CONTROLPLANE_1 }}/management/v2/contractdefinitions/{% prompt 'id', '', '', '', false, true %}", @@ -3376,6 +3559,7 @@ }, "metaSortKey": -1679911033199.25, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -3385,8 +3569,8 @@ "_type": "request" }, { - "_id": "req_95d0490f4cd34a88b0cb459b28532b94", - "parentId": "fld_05a20c665a3d49568079f982c40d923c", + "_id": "req_30af5f472981473c9cfec7fe1cceacd6", + "parentId": "fld_b72920a81fc94ba7ac254f87c04e4bdc", "modified": 1690363126919, "created": 1685444139678, "url": "{{ _.PROVIDER_CONTROLPLANE_1 }}/management/v2/contractdefinitions/request", @@ -3413,6 +3597,7 @@ }, "metaSortKey": -1679911033174.25, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -3422,8 +3607,8 @@ "_type": "request" }, { - "_id": "req_8387ed4780104d18b357d9abe6f20f66", - "parentId": "fld_05a20c665a3d49568079f982c40d923c", + "_id": "req_dbc8413f51774f0bab4afdbee92b9b21", + "parentId": "fld_b72920a81fc94ba7ac254f87c04e4bdc", "modified": 1690363136216, "created": 1685444139684, "url": "{{ _.PROVIDER_CONTROLPLANE_1 }}/management/v2/contractdefinitions/{% prompt 'id', '', '', '', false, true %}", @@ -3450,6 +3635,7 @@ }, "metaSortKey": -1679911033149.25, "isPrivate": false, + "pathParameters": [], "settingStoreCookies": true, "settingSendCookies": true, "settingDisableRenderRequestBody": false, @@ -3461,11 +3647,11 @@ { "_id": "env_d2b7eb1621841465ea24b73343568b286aa8ac9a", "parentId": "wrk_565df8abe30f4da29d8bffcde97927d7", - "modified": 1680782486844, + "modified": 1683638503332, "created": 1680782486844, "name": "Base Environment", "data": {}, - "dataPropertyOrder": null, + "dataPropertyOrder": {}, "color": null, "isPrivate": false, "metaSortKey": 1680782486844, @@ -3474,7 +3660,7 @@ { "_id": "jar_d2b7eb1621841465ea24b73343568b286aa8ac9a", "parentId": "wrk_565df8abe30f4da29d8bffcde97927d7", - "modified": 1703236544943, + "modified": 1705938127468, "created": 1680782486851, "name": "Default Jar", "cookies": [ @@ -3490,8 +3676,115 @@ ], "hostOnly": true, "creation": "2023-04-06T13:30:18.499Z", - "lastAccessed": "2023-12-22T09:15:44.943Z", - "id": "44566206612081904" + "lastAccessed": "2024-01-22T15:42:07.467Z", + "id": "352618e3-4618-4778-9693-f76be3b538d4" + }, + { + "key": "KC_RESTART", + "expires": "1970-01-01T00:00:10.000Z", + "maxAge": 0, + "domain": "centralidp.beta.demo.catena-x.net", + "path": "/auth/realms/CX-Central/", + "httpOnly": true, + "extensions": [ + "Version=1" + ], + "hostOnly": true, + "creation": "2023-04-28T12:09:23.681Z", + "lastAccessed": "2023-05-02T09:14:02.169Z", + "id": "44bc1771-1687-42bb-beb0-9d9474131a95" + }, + { + "key": "rack.session", + "value": "5579bbaf14b5ac5c004f6806ca10d35363aca208e5d17e4b6b07da103e23f219", + "domain": "daps1.int.demo.catena-x.net", + "path": "/", + "secure": true, + "httpOnly": true, + "hostOnly": true, + "creation": "2023-06-14T15:30:53.779Z", + "lastAccessed": "2023-06-14T15:30:53.779Z", + "id": "59744b74-474c-47c6-8765-cf287a936c5e" + }, + { + "key": "rack.session", + "value": "26cd0504acae7aa1a40aff58b15b72989eba6ff7efb7890d035d97d7d96129e8", + "domain": "daps-irs.dev.demo.catena-x.net", + "path": "/", + "secure": true, + "httpOnly": true, + "hostOnly": true, + "creation": "2023-06-26T13:21:41.705Z", + "lastAccessed": "2023-06-26T13:21:41.705Z", + "id": "76f1eca0-1990-491d-8e48-55862a864050" + }, + { + "key": "KC_RESTART", + "expires": "1970-01-01T00:00:10.000Z", + "maxAge": 0, + "domain": "localhost", + "path": "/realms/miw_test/", + "httpOnly": true, + "extensions": [ + "Version=1" + ], + "hostOnly": true, + "creation": "2023-06-29T14:17:50.058Z", + "lastAccessed": "2023-06-29T14:38:54.694Z", + "id": "1f19c6ad-ee86-410b-baa9-40d9d2a2664b" + }, + { + "key": "JSESSIONID", + "value": "AA8B41248817CEF92F54E92816BA4E0C", + "domain": "managed-identity-wallets-new.int.demo.catena-x.net", + "path": "/", + "secure": true, + "httpOnly": true, + "hostOnly": true, + "creation": "2023-07-03T14:36:17.598Z", + "lastAccessed": "2023-07-03T14:39:34.758Z", + "id": "d4252d5d-5ba0-4841-a995-0405d9106af4" + }, + { + "key": "KC_RESTART", + "expires": "1970-01-01T00:00:10.000Z", + "maxAge": 0, + "domain": "centralidp-pen.dev.demo.catena-x.net", + "path": "/auth/realms/CX-Central/", + "httpOnly": true, + "extensions": [ + "Version=1" + ], + "hostOnly": true, + "creation": "2023-07-11T15:11:58.167Z", + "lastAccessed": "2023-11-13T09:10:13.699Z", + "id": "d1322e15-2207-4bda-a8ae-6f98e5b92d48" + }, + { + "key": "AWSALB", + "value": "XBr2pDKiJ9eB9tgdQ1S7WNGW6LVV4e4wBnXgbPFZ7pDre9G+02ZrS8VGFUYjlmLgaW909IJIXDy+o9jIE5Q4vphrsvI3ezlFhYjmbXJp9jz5APwKavVG3/gt2YZw", + "expires": "2023-08-15T14:12:54.000Z", + "domain": "connector.cx-rel.edc.aws.bmw.cloud", + "path": "/", + "hostOnly": true, + "creation": "2023-08-07T10:43:07.218Z", + "lastAccessed": "2023-08-08T14:12:54.582Z", + "id": "c6451ae9-9bd5-4e83-b39c-d92af9e9c1a5" + }, + { + "key": "AWSALBCORS", + "value": "XBr2pDKiJ9eB9tgdQ1S7WNGW6LVV4e4wBnXgbPFZ7pDre9G+02ZrS8VGFUYjlmLgaW909IJIXDy+o9jIE5Q4vphrsvI3ezlFhYjmbXJp9jz5APwKavVG3/gt2YZw", + "expires": "2023-08-15T14:12:54.000Z", + "domain": "connector.cx-rel.edc.aws.bmw.cloud", + "path": "/", + "secure": true, + "extensions": [ + "SameSite=None" + ], + "hostOnly": true, + "creation": "2023-08-07T10:43:07.218Z", + "lastAccessed": "2023-08-08T14:12:54.582Z", + "id": "eace0316-1260-4915-953a-e1c27f76df22" } ], "_type": "cookie_jar" @@ -3505,16 +3798,6 @@ "contents": "", "contentType": "yaml", "_type": "api_spec" - }, - { - "_id": "spc_3a573993100a40b3bc2b0a5bd8e5cc48", - "parentId": "wrk_565df8abe30f4da29d8bffcde97927d7", - "modified": 1681726479575, - "created": 1681726479575, - "fileName": "IRS", - "contents": "", - "contentType": "yaml", - "_type": "api_spec" } ] } \ No newline at end of file From d290dbe06526f4afe103a452d9eae2c93268272f Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Tue, 23 Jan 2024 19:50:28 +0100 Subject: [PATCH 08/22] chore(deps):[#xxx] Undo unintended autoformatting in CHANGELOG.md --- CHANGELOG.md | 365 +++++++++++---------------------------------------- 1 file changed, 75 insertions(+), 290 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3f366a39d0..f8d4b9234c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,4 @@ # Changelog - All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), @@ -8,7 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] ### Changed - - Updated license header to "Copyright (c) 2021,2024 Contributors to the Eclipse Foundation" - Suppressed CVE-2024-20932 from graal-sdk-21.2.0.jar because this is not applicable for IRS. @@ -17,70 +15,50 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Fixed CVE-2023-6378 by custom dependency management entry for logback (1.4.14). ## [4.4.0] - 2024-01-15 - ### Added - - Added EDR token cache to reuse token after contract negotiation - Added cache mechanism in DiscoveryFinderClientImpl for findDiscoveryEndpoints - Add concept docs/#322-Provisioning-of-contractAgreementId-for-assets.md ### Changed - -- Authentication was redesigned to use API keys, instead of OAuth2 protocol. The api key has to be sent as a X-API-KEY - request header. IRS is supporting two types of API keys - one for admin and one for regular/view usage. Use - new ``apiKeyAdmin`` and ``apiKeyRegular`` config entries to set up API keys. +- Authentication was redesigned to use API keys, instead of OAuth2 protocol. The api key has to be sent as a X-API-KEY request header. IRS is supporting two types of API keys - one for admin and one for regular/view usage. Use new ``apiKeyAdmin`` and ``apiKeyRegular`` config entries to set up API keys. ### Removed - - Removed ``oauth.resourceClaim``, ``oauth.irsNamespace``,``oauth.roles``,``oauth2.jwkSetUri`` config entries ## [4.3.0] - 2023-12-08 - ### Added - - Added support for `hasAlternatives` property in SingleLevelBomAsBuilt aspect ### Changed - - Updated edc dependencies to 0.2.1 - Update deprecated field `providerUrl` to `counterPartyAddress` in EDC catalog request - Update ESS EDC notification creation asset endpoint to v3 ## [4.2.0] - 2023-11-28 - ### Changed - -- Changed default behaviour of IRS - when aspects list is not provided or empty in request body, IRS will not collect - any submodel now (previously default aspects were collected). +- Changed default behaviour of IRS - when aspects list is not provided or empty in request body, IRS will not collect any submodel now (previously default aspects were collected). - ESS - - Added 'hops' parameter to SupplyChainImpacted Aspect model - contains relative distance in the supply chain - - Added `impactedSuppliersOnFirstTier` parameter to Supply SupplyChainImpacted Aspect model - contains information - of first level supply chain impacted + - Added 'hops' parameter to SupplyChainImpacted Aspect model - contains relative distance in the supply chain + - Added `impactedSuppliersOnFirstTier` parameter to Supply SupplyChainImpacted Aspect model - contains information of first level supply chain impacted - Exported health endpoints to prometheus (see HealthMetricsExportConfiguration, DependenciesHealthMetricsExportConfiguration) and added [system health dashboard](charts/irs-helm/dashboards/system-health-dashboard.json) in order to visualize health metrics of IRS and its dependencies ### Fixed - - Fixed incorrect passing of incidentBPNS for ESS Orders ### Known knowns - - [#253] Cancelation of order jobs is not working stable ## [4.1.0] - 2023-11-15 - ### Added - -- IRS can now check the readiness of external services. Use the new ``management.health.dependencies.enabled`` config - entry to determine if external dependencies health checks should be checked (false by default). - - The map of external services healthcheck endpoints can be configured with ``management.health.dependencies.urls`` - property, eg. ``service_name: http://service_name_host/health`` +- IRS can now check the readiness of external services. Use the new ``management.health.dependencies.enabled`` config entry to determine if external dependencies health checks should be checked (false by default). + - The map of external services healthcheck endpoints can be configured with ``management.health.dependencies.urls`` property, eg. ``service_name: http://service_name_host/health`` - Added cache mechanism for ConnectorEndpointService for fetchConnectorEndpoints method cache ### Changed - - Changed name of spring's OAuth2 client registration from 'keycloak' to 'common' like below: ``` spring: @@ -114,52 +92,37 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Update IRS API Swagger documentation to match AAS 3.0.0 ### Fixed - - IRS will return 206 Http status from GET /jobs/{id} endpoint if Job is still running ## [4.0.2] - 2023-11-20 - ### Changed - - Remove `apk upgrade --no-cache libssl3 libcrypto3` in Docker base image to be TRG compliant ## [4.0.1] - 2023-11-10 - ### Changed - - Added state `STARTED` as acceptable state to complete the EDC transfer process to be compatible with EDC 0.5.1 ## [4.0.0] - 2023-10-27 - ### Added - - Introduced new API endpoint to register ESS Jobs in Batch - POST {{IRS_HOST}}/irs/ess/orders - Added role "admin_irs" again ### Changed - - Deprecated query parameter 'jobStates' was removed from GET {{IRS_HOST}}/irs/jobs endpoint -- Moved OAuth2 JWT token claim to configuration. The fields can be configured - with `oauth.resourceClaim`, `oauth.irsNamespace`, `oauth.roles`. +- Moved OAuth2 JWT token claim to configuration. The fields can be configured with `oauth.resourceClaim`, `oauth.irsNamespace`, `oauth.roles`. - ESS - - Added Tombstone to ESS investigation in case required aspect models "PartAsPlanned" or " - PartSiteInformationAsPlanned" are missing + - Added Tombstone to ESS investigation in case required aspect models "PartAsPlanned" or "PartSiteInformationAsPlanned" are missing - Update dependencies to mitigate third party vulnerabilities ## [3.5.4] - 2023-10-25 - ### Changed - - removed role "admin_irs" ## [3.5.3] - 2023-10-09 - ### Fixed - - Fixed default policy creation. ### Changed - - Changed configuration for default policies from: ``` irs-edc-client: @@ -183,378 +146,275 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ``` ## [3.5.2] - 2023-10-06 - ### Changed - - Updated dependencies ## [3.5.1] - 2023-10-05 - ### Fixed - - Fix json schema validation ## [3.5.0] - 2023-09-27 - ### Changed - -- IRS now makes use of the value `dspEndpoint` in `subprotocolBody` of the Asset Administration Shell to request - submodel data directly. +- IRS now makes use of the value `dspEndpoint` in `subprotocolBody` of the Asset Administration Shell to request submodel data directly. - Policy Store API is extended to handle: - - multi permissions per each allowed Policy in POST call to create Policy - - multi constraint per each permission in POST call to create Permission - - logical AndConstraint and OrConstraint to give possibility to create complex restriction + - multi permissions per each allowed Policy in POST call to create Policy + - multi constraint per each permission in POST call to create Permission + - logical AndConstraint and OrConstraint to give possibility to create complex restriction ### Fixed - - Fixed a case where IRS submodel requests did not reuqest all EDC endpoints discovered by Discovery Finder - ESS - - Updated investigation request body field `incidentBPNs` to `incidentBPNSs`. - - Streamlined EDC notification flow and adjusted it to existing EDC client methods - - Changed investigation from BPNL to BPNS (`catenaXSiteId` of `PartSiteInformationAsPlanned`) - - Additional validation for `validityPeriod` of `PartAsPlanned` + - Updated investigation request body field `incidentBPNs` to `incidentBPNSs`. + - Streamlined EDC notification flow and adjusted it to existing EDC client methods + - Changed investigation from BPNL to BPNS (`catenaXSiteId` of `PartSiteInformationAsPlanned`) + - Additional validation for `validityPeriod` of `PartAsPlanned` ## [3.4.1] - 2023-09-22 - ### Changed - - Updated SingleLevelUsageAsBuilt schema to 2.0.0 version. ### Fixed - - Fixed missing access control for Batch and ESS API. ## [3.4.0] - 2023-09-01 - ### Added - - Added fetchCatalog to EDCCatalogFacade - Introduced new API endpoint to update 'validUntil' property of Policy - PUT {{IRS_HOST}}/irs/policies/{policyId} - Introduced new IRS role `admin_irs` which has unrestricted access to every API endpoint ### Changed - -- Adjusted API access control. Users with role `view_irs` can only access jobs they created themselves. PolicyStore API - access is restricted to role `admin_irs`. +- Adjusted API access control. Users with role `view_irs` can only access jobs they created themselves. PolicyStore API access is restricted to role `admin_irs`. ### Fixed - - Fixed bug where BPN's were delivered without 'manufacturerName' property filled ## [3.3.5] - 2023-08-30 - ### Changed - - Updated IRS Digital Twin Registry Client to support latest version 0.3.14-M1 ## [3.3.4] - 2023-08-24 - ### Fixed - - Added missing license information to documentation and docker image ## [3.3.3] - 2023-08-11 - ### Changed - -- IRS now calls the entire dataplane URL retrieved from the registry href instead of building it from the URL of the EDC - token and the path +- IRS now calls the entire dataplane URL retrieved from the registry href instead of building it from the URL of the EDC token and the path ### Fixed - - Switched to POST for DTR lookup request -- Added Base64 encoding to identifier for DTR shell-descriptor request +- Added Base64 encoding to identifier for DTR shell-descriptor request - Fixed an issue where IRS did not pass the BPN correctly for the ESS use-case ## [3.3.2] - 2023-07-31 - ### Fixed - - BPN is now passed on correctly when traversing the item graph - EDC Policies now get validated regardless of the type of constraint. - EDC Policies of type FrameworkAgreement are now validated correctly. - Fixed error in BPN handling for IRS Batch requests ## [3.3.1] - 2023-07-24 - ### Fixed - - Added missing field `businessPartner` for relationship aspect SingleLevelUsageAsBuilt ## [3.3.0] - 2023-07-20 - ### Changed - - BPN is now taken from the submodel data while traversing the item graph - Tombstone is created if no BPN is available for a child item ## [3.2.1] - 2023-07-19 - ### Fixed - - EDC Policies now get validated regardless of the type of constraint. - EDC Policies of type `FrameworkAgreement` are now validated correctly. - Fixed error in BPN handling for IRS Batch requests ## [3.2.0] - 2023-07-14 - ### Changed - -- The client code for accessing the Digital Twin Registry (central and decentral) is now available as a spring boot - maven library. See the README in the irs-registry-client module for more information. +- The client code for accessing the Digital Twin Registry (central and decentral) is now available as a spring boot maven library. See the README in the irs-registry-client module for more information. - Update EDC dependencies to 0.1.3 - Add Transformer to support new EDC constraint operator format -- IRS now supports the AAS API 3.0 and its updated models. **Note**: this also reflects in the Job response shells, - please check the new schema. +- IRS now supports the AAS API 3.0 and its updated models. **Note**: this also reflects in the Job response shells, please check the new schema. ### Known knowns - -- [TRI-1460] ESS Notifications endpoints are not working in the decentral Digital Twin Registry scenario because - endpoints does not provide bpn as a parameter. +- [TRI-1460] ESS Notifications endpoints are not working in the decentral Digital Twin Registry scenario because endpoints does not provide bpn as a parameter. - [TRI-1096] No limiting of requests in parallel - IRS allows sending API requests unlimited -- [TRI-1100] Potential denial-of-service (DoS) attack - IRS allows to enter a large number of characters, which are - reflected in the response of the server -- [TRI-1098] Software related information disclosure - IRS returns redundant information about the type and version of - used software -- [TRI-793] Misconfigured Access-Control-Allow- Origin Header - by intercepting network traffic it could be possible to - read and modify any messages that are exchanged with server -- [TRI-1095] HTTP security headers configuration could be improved and allow for additional protection against some web - application attacks -- [TRI-1441] Synchronous communication with shared C-X services without circuit breaker pattern - potentially could - affect IRS resilience when other services becomes non-responsive. -- [TRI-1441] Cascading effects of failure when Digital Twin Registry becomes non-responsive - potentially bulkhead - pattern could improve IRS resilience -- [TRI-1477] Retry mechanism used inside IRS could potentially affect IRS resilience - DDOS other services on which IRS - is dependent, exhaustion of resources and available threads, etc. +- [TRI-1100] Potential denial-of-service (DoS) attack - IRS allows to enter a large number of characters, which are reflected in the response of the server +- [TRI-1098] Software related information disclosure - IRS returns redundant information about the type and version of used software +- [TRI-793] Misconfigured Access-Control-Allow- Origin Header - by intercepting network traffic it could be possible to read and modify any messages that are exchanged with server +- [TRI-1095] HTTP security headers configuration could be improved and allow for additional protection against some web application attacks +- [TRI-1441] Synchronous communication with shared C-X services without circuit breaker pattern - potentially could affect IRS resilience when other services becomes non-responsive. +- [TRI-1441] Cascading effects of failure when Digital Twin Registry becomes non-responsive - potentially bulkhead pattern could improve IRS resilience +- [TRI-1477] Retry mechanism used inside IRS could potentially affect IRS resilience - DDOS other services on which IRS is dependent, exhaustion of resources and available threads, etc. - [TRI-1478] Lack of resources management - thread pooling, heap limitation etc. - [TRI-1024] IRS does not support scale out on multiple instances ## [3.1.0] - 2023-07-07 - ### Changed - - Removed catalog cache - Changed EDC catalog retrieval from pagination to filter -- Item graphs with asBuilt lifecycle & downward direction are now built with usage of SingleLevelBomAsBuilt aspect, - instead of AssemblyPartRelationship aspect +- Item graphs with asBuilt lifecycle & downward direction are now built with usage of SingleLevelBomAsBuilt aspect, instead of AssemblyPartRelationship aspect - Changed retrieval of BPN value from AAS Shell to SingleLevelBomAsBuilt - Renamed SerialPartTypization to SerialPart aspect - ESS - - Update ESS notification asset creation to new EDC DSP protocol - - Include DiscoveryFinder into ESS flow + - Update ESS notification asset creation to new EDC DSP protocol + - Include DiscoveryFinder into ESS flow ## [3.0.1] - 2023-06-28 - ### Fixed - - Added missing participantId to contract negotiation for decentral DTR contract negotiation - Fixed default value for contract negotiation and transfer process state-suffix ## [3.0.0] - 2023-06-26 - ### Added - - Handling of Decentral Digital Twin Registry as a way of request AAS for identifier - - Extend Register Job with key field that contain BPN and globalAssetId - - Requesting BPN endpoint catalog over Discrovery Finder - - Requesting EDC endpoint addresses for BPN over EDC Discovery Finder - - Add filter for catalog item search in EDC - - Authorize Digital Twin client with EDC Endpoint Reference + - Extend Register Job with key field that contain BPN and globalAssetId + - Requesting BPN endpoint catalog over Discrovery Finder + - Requesting EDC endpoint addresses for BPN over EDC Discovery Finder + - Add filter for catalog item search in EDC + - Authorize Digital Twin client with EDC Endpoint Reference - Added new Policy Store API to manage acceptable EDC policies - - `GET /irs/policies` - - `POST /irs/policies` - - `DELETE /irs/policies/{policyId}` + - `GET /irs/policies` + - `POST /irs/policies` + - `DELETE /irs/policies/{policyId}` ### Changed - - Updated EDC Client to use version 0.4.1 - - Adjusted Protocol from IDS to DSP - - Paths for catalog, contract negotiation and transfer process are now configurable via properties - - `edc.controlplane.endpoint.catalog` - - `edc.controlplane.endpoint.contract-negotiation` - - `edc.controlplane.endpoint.transfer-process` + - Adjusted Protocol from IDS to DSP + - Paths for catalog, contract negotiation and transfer process are now configurable via properties + - `edc.controlplane.endpoint.catalog` + - `edc.controlplane.endpoint.contract-negotiation` + - `edc.controlplane.endpoint.transfer-process` - EDR Callback is now configurable via property `edc.callback-url` ## [2.6.1] - 2023-05-15 - ### Added - - Validation if bpnEndpoint is set in properties before starting a job with lookupBPNs set to true - Automate release workflow - Validate if callback url starts with http or https before register a job ## [2.6.0] - 2023-05-05 - ### Added - -- IRS now checks the EDC policies and only negotiates contracts if the policy matches the ones defined in the - configuration at `edc.catalog.policies.allowedNames` (comma separated string) +- IRS now checks the EDC policies and only negotiates contracts if the policy matches the ones defined in the configuration at `edc.catalog.policies.allowedNames` (comma separated string) ### Changed - - Restructured the repository to make it more comprehensive -- Improved API descriptions regarding errors +- Improved API descriptions regarding errors ## [2.5.1] - 2023-04-28 - ### Changed - - Replaced Discovery Service mock with real implementation ## [2.5.0] - 2023-04-17 - ### Added +- Introduced Batch processing API endpoints. Batch Order is registered and executed for a bunch of globalAssetIds in one call. + - API Endpoint POST Register Batch Order {{IRS_HOST}}/irs/orders + - API Endpoint GET Batch Order {{IRS_HOST}}/irs/orders/:orderId + - API Endpoint GET Batch {{IRS_HOST}}/irs/orders/:orderId/batches/:batchId +- Introduced Environmental- and Social Standards processing API endpoints. + - API Endpoint POST Register job to start an investigation if a given bpn is contained in a part chain {{IRS_HOST}}/ess/bpn/investigations + - API Endpoint GET BPN Investigation {{IRS_HOST}}/ess/bpn/investigations/:id + - API Endpoint POST EDC Notification receive {{IRS_HOST}}/ess/notification/receive -- Introduced Batch processing API endpoints. Batch Order is registered and executed for a bunch of globalAssetIds in one - call. - - API Endpoint POST Register Batch Order {{IRS_HOST}}/irs/orders - - API Endpoint GET Batch Order {{IRS_HOST}}/irs/orders/:orderId - - API Endpoint GET Batch {{IRS_HOST}}/irs/orders/:orderId/batches/:batchId -- Introduced Environmental- and Social Standards processing API endpoints. - - API Endpoint POST Register job to start an investigation if a given bpn is contained in a part chain - {{IRS_HOST}}/ess/bpn/investigations - - API Endpoint GET BPN Investigation {{IRS_HOST}}/ess/bpn/investigations/:id - - API Endpoint POST EDC Notification receive {{IRS_HOST}}/ess/notification/receive ## [2.4.1] - 2023-04-21 - ### Fixed - - Updated spring-boot version to 3.0.6 to fix security issue - change GID in Dockerfile to fix https://github.com/eclipse-tractusx/item-relationship-service/issues/101 -## [2.4.0] - 2023-03-30 +## [2.4.0] - 2023-03-30 ### Added - -- IRS is now able to cache the EDC catalog. Caching can be disabled via application config. Maximum amount of cached - items and item time-to-live can be configured as well. +- IRS is now able to cache the EDC catalog. Caching can be disabled via application config. Maximum amount of cached items and item time-to-live can be configured as well. - EDC policies retrieved from contract offer are now added to the contract negotiation ### Changed - -- API endpoints have now additional layer of security and require BPN claim in token. Allowed BPN that can access API - can be configured with (*env:API_ALLOWED_BPN*) variable. +- API endpoints have now additional layer of security and require BPN claim in token. Allowed BPN that can access API can be configured with (*env:API_ALLOWED_BPN*) variable. - Updated Spring Boot dependency to 3.0.5 ### Fixed +- Fixed issue in paging when calling SemanticsHub with some page size configurations -- Fixed issue in paging when calling SemanticsHub with some page size configurations ## [2.3.2] - 2023-03-20 - ### Changed - - Replace pandoc with downdoc for conversion asciidoc to markdown ### Fixed - - In AssemblyPartRelationship the ``measurementUnit`` can be both parsed from both string and object versions - Decode URLs for ``assetId`` to prevent bug that encoded ``assetId`` cannot be found in the catalog ## [2.3.1] - 2023-03-07 - ### Changed - - Updated Spring Boot dependency to 3.0.3 ## [2.3.0] - 2023-02-21 - ### Added - -- Introduced new endpoint ``/irs/aspectmodels`` which will list all available aspect models (from semantic hub or - locally provided files if present) +- Introduced new endpoint ``/irs/aspectmodels`` which will list all available aspect models (from semantic hub or locally provided files if present) ### Fixed - - If Grafana is enabled - dashboards will be automatically imported on startup ### Changed - - Job creation validates ``aspects`` by using models available in semantic hub or locally provided. ## [2.2.1] - 2023-03-15 - ### Fixed - -- Property "measurementUnit" of AssemblyPartRelationship can now be a String or a Map. According to the latest model, it - is supposed to be a String, but due to varying test data, IRS supports both variants. +- Property "measurementUnit" of AssemblyPartRelationship can now be a String or a Map. According to the latest model, it is supposed to be a String, but due to varying test data, IRS supports both variants. - EDC Catalog IDs are now being URL decoded before usage ## [2.2.0] - 2023-01-20 - ### Added - - Added new job parameter flag "lookupBPNs" which toggles lookup of BPN numbers using the configured BPN URL -- Added new summary item "bpnLookups" which tracks completed and failed BPN requests. Excluded these metrics from " - asyncFetchedItems" +- Added new summary item "bpnLookups" which tracks completed and failed BPN requests. Excluded these metrics from "asyncFetchedItems" - Model schema JSON files can now be provided locally as a backup to the Semantic Hub. Use the new ``semanticsHub.localModelDirectory`` config entry to provide a folder with the models. - Added pagination to EDC catalog retrieval. ### Fixed - - BPNs array is now filled correctly when requesting a running job with parameter "returnUncompletedJob=true" ## [2.1.0] - 2023-01-11 - ### Changed - - Change 'jobParameter' to 'parameter' in GET calls in IRS API - Change 'jobStates' to 'states' request parameter in GET call for jobs by states, 'jobStates' is now deprecated - REST clients for DTR, SemHub and BPDM now use their own RestTemplates and configuration - application.yaml received some documentation ## [2.0.0] - 2022-12-09 - ### Added - - Added pagination to GET /irs/jobs endpoint (eg. {{IRS_HOST}}/irs/jobs?page=0&size=10&sort=completedOn,asc) ### Changed - - IRS API now requires 'view_irs' resource access inside Keycloak JWT token. - New 2.0.0 version of IRS API. Main goal was to remove 'job' prefix from attribute names - - change 'jobId' to 'id' in GET and POST calls - - change 'jobState' to 'state' in GET calls - - change 'jobCompleted' to 'completedOn' in GET calls - - change 'jobId' to 'id' and 'jobState' to 'state' in callback URI variables + - change 'jobId' to 'id' in GET and POST calls + - change 'jobState' to 'state' in GET calls + - change 'jobCompleted' to 'completedOn' in GET calls + - change 'jobId' to 'id' and 'jobState' to 'state' in callback URI variables ## [1.6.0] - 2022-11-25 - ### Added - - EDC client implementation (for negotiation and data exchange) - New callback endpoint for EDC (path: /internal/endpoint-data-reference) - Optional trusted port to make internal interfaces only available via that (config: server.trustedPort) ### Removed - - Removed the need for the API wrapper by directly communicating with the EDC control and data plane. ## [1.5.0] - 2022-11-11 - ### Added - - Added new parameters 'startedOn' and 'jobCompleted' to Job status response ### Changed - - Updated Spring Boot to 2.7.5 and Spring Security (Web and OAuth2 Client) dependencies to 5.7.5 due to CVEs - Renamed parameter from 'status' to 'jobState' in Job status response - Time to live for finished jobs is now configurable ## [1.4.0] - 2022-10-28 - ### Added - -- Added new 'asPlanned' value for bomLifecycle request parameter - now BomAsPlanned can be traversed by the IRS to build - relationships +- Added new 'asPlanned' value for bomLifecycle request parameter - now BomAsPlanned can be traversed by the IRS to build relationships ## [1.3.0] - 2022-10-18 - ### Added - - BPDM URL (*env:BPDM_URL*) is now configurable - SemanticsHub URL (*env:SEMANTICSHUB_URL*) and default URNs (*env:SEMANTICSHUB_DEFAULT_URNS*) are now configurable - Added an administration guide covering installation and configuration topics (TRI-593) @@ -562,49 +422,38 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Added new optional parameter 'callbackUrl' to Job registration request ### Known knowns - -- discovered lack of circuit breaker for communication with submodel server which is not responding (low risk) - will be - addressed in future release +- discovered lack of circuit breaker for communication with submodel server which is not responding (low risk) - will be addressed in future release ## [1.2.0] - 2022-09-30 - ### Added - - Automatic eclipse dash IP-ticket creation - Automatic cucumber execution based on Tests in Jira ### Fixed - - Update HSTS header configuration (TRI-659) - Encode log output to avoid log forging (TRI-653) - Add missing X-Frame-Options header (TRI-661) - Switching to a distroless Docker base image to avoid vulnerable library (TRI-729) ### Changed - - Update EDC components to version 0.1.1 - Update testdata set to 1.3.2 - Create Tombstone for faulty/null/none BPN ManufactureId - Update aaswrapper to 0.0.7 ## [1.1.0] - 2022-09-12 - ### Added - -- **Aspect Model validation** IRS now validates the aspect model responses requested via EDC. JSON schema files are - requested on demand using Semantic Hub API. +- **Aspect Model validation** IRS now validates the aspect model responses requested via EDC. JSON schema files are requested on demand using Semantic Hub API. - **BPN mapping** IRS job result includes BPNs and the corresponding names. - **Enabled collecting of "Batch" submodels** IRS supports aspect model "Batch" ### Fixed - - **Malformed date-time in IRS job result** (TRI-627) - **Job cleanup process** Jobs are completely deleted after retention period exceeded. (TRI-631) - **IRS job processing** IRS jobs no longer stay stuck in state RUNNING due to malformed URLs. (TRI-675) - **Security fixes** Fixed various security findings. ### Changed - - **IRS monitoring** Added more metrics and improved Grafana dashboards. - **Submodel payload in IRS job response** Submodels are stored as object instead of string. - **CORS** Enabled CORS configuration @@ -614,149 +463,85 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - **IRS stability and code quality** - **API docs** - **Test data and upload script** -- **Helm charts** Improved security and performance configurations. Created a All-in-One Helm Chart for IRS which - includes all IRS dependencies. Helm Chart is released separately. +- **Helm charts** Improved security and performance configurations. Created a All-in-One Helm Chart for IRS which includes all IRS dependencies. Helm Chart is released separately. - **Refactor relationship result object of IRS** - **FOSS initial GitHub & code preparation** Change package structure to `org.eclipse.tractusx`. ## [1.0.0] - 2022-07-25 - ### Changed - * **Improved Minio Helmchart** Latest Minio version is used now * **Submodel Information** If requested, the IRS collects submodel information now and adds it to the job result * **Improved job response** The job response object contains all the required fields now with correct values ## [0.9.1] - 2022-06-14 - ### Removed - - **Remove AAS Proxy** The IRS works without the AASProxy component ## [0.9.0] - 2022-04-27 - ### Added - -- **Build traceability BoM as built tree** You can now use the IRS to retrieve a BoM tree with lifecycle stage "as - built" for serialized components, which are distributed across the Catena-X network. In this release, the tree is - being built on the aspects "SerialPartTypization" and "AssemblyPartRelationship". Focus is a tree built in the - direction top-down/parent-child. +- **Build traceability BoM as built tree** You can now use the IRS to retrieve a BoM tree with lifecycle stage "as built" for serialized components, which are distributed across the Catena-X network. In this release, the tree is being built on the aspects "SerialPartTypization" and "AssemblyPartRelationship". Focus is a tree built in the direction top-down/parent-child. - *IRS API v1.0.0* First release of the IRS API. ### Fixed - -- **Cloud Agnostic Solution** You have the ability now to deploy the solution on different cloud vendor solutions. We - decoupled the application from its former Azure Stack. +- **Cloud Agnostic Solution** You have the ability now to deploy the solution on different cloud vendor solutions. We decoupled the application from its former Azure Stack. - **Security fixes** Various security fixes. ### Changed - -- **Asynchronous Job Management** Since we cannot rely on a synchronous answer of each request within the network, we - provide a job management for this process. +- **Asynchronous Job Management** Since we cannot rely on a synchronous answer of each request within the network, we provide a job management for this process. - **AAS Proxy** Requests to Digital Twin Registry are executed via the AAS Proxy. -- **Quality Gate for Release 1** The quality measures were implemented in accordance with the requirements for Release - 1. +- **Quality Gate for Release 1** The quality measures were implemented in accordance with the requirements for Release 1. - **Hotel Budapest catenax-ng** C-X-NG ready using the provided catenax-ng infrastructure. - **SCA Composition Analysis** Enablement of SCA Composition Analysis using Veracode and CodeQl. - **Github Integrations** VeraCode/Dependabot/SonarCloud/CodeQl ### Unresolved - -- **Select Aspects you need** You are able to select the needed aspects for which you want to collect the correct - endpoint information. +- **Select Aspects you need** You are able to select the needed aspects for which you want to collect the correct endpoint information. [Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.4.0...HEAD - [4.4.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.3.0...4.4.0 - [4.3.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.2.0...4.3.0 - [4.2.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.1.0...4.2.0 - [4.1.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.0.2...4.1.0 - [4.0.2]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.0.1...4.0.2 - [4.0.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.0.0...4.0.1 - [4.0.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.4...4.0.0 - [3.5.4]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.3...3.5.4 - [3.5.3]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.2...3.5.3 - [3.5.2]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.1...3.5.2 - [3.5.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.0...3.5.1 - [3.5.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.4.1...3.5.0 - [3.4.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.4.0...3.4.1 - [3.4.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.5...3.4.0 - [3.3.5]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.4...3.3.5 - [3.3.4]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.3...3.3.4 - [3.3.3]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.2...3.3.3 - [3.3.2]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.1...3.3.2 - [3.3.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.0...3.3.1 - [3.3.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.2.1...3.3.0 - [3.2.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.2.0...3.2.1 - [3.2.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.1.0...3.2.0 - [3.1.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.0.1...3.1.0 - [3.0.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.0.0...3.0.1 - [3.0.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.6.1...3.0.0 - [2.6.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.6.0...2.6.1 - [2.6.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.5.1...2.6.0 - [2.5.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.5.0...2.5.1 - [2.5.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.4.0...2.5.0 - [2.4.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.4.0...2.4.1 - [2.4.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.3.2...2.4.0 - [2.3.2]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.3.1...2.3.2 - [2.3.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.3.0...2.3.1 - [2.3.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.2.0...2.3.0 - [2.2.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.2.0...2.2.1 - [2.2.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.1.0...2.2.0 - [2.1.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/2.0.0...2.1.0 - [2.0.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/1.6.0...2.0.0 - [1.6.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/1.5.0...1.6.0 - [1.5.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/1.4.0...1.5.0 - [1.4.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/1.3.0...1.4.0 - [1.3.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/1.2.0...1.3.0 - [1.2.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/v1.1.0...1.2.0 - [1.1.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/v1.0.0...v1.1.0 - [1.0.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/v0.9.1...v1.0.0 - [0.9.1]: https://github.com/eclipse-tractusx/item-relationship-service/commits/v0.9.1 - [0.9.0]: https://github.com/eclipse-tractusx/item-relationship-service/commits/v0.9.0 From 54411092d683a3082f7a7398c8df2ce8e741ed7f Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Tue, 23 Jan 2024 20:23:36 +0100 Subject: [PATCH 09/22] chore(deps):[#xxx] Update DEPENDENCIES file --- DEPENDENCIES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index 1d6bd77288..9197d6e308 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -1,5 +1,5 @@ -maven/mavencentral/ch.qos.logback/logback-classic/1.4.11, EPL-1.0 OR LGPL-2.1-only, approved, #3435 -maven/mavencentral/ch.qos.logback/logback-core/1.4.11, EPL-1.0 OR LGPL-2.1-only, approved, #3373 +maven/mavencentral/ch.qos.logback/logback-classic/1.4.14, EPL-1.0 OR LGPL-2.1-only, approved, #3435 +maven/mavencentral/ch.qos.logback/logback-core/1.4.14, EPL-1.0 OR LGPL-2.1-only, approved, #3373 maven/mavencentral/com.aayushatharva.brotli4j/brotli4j/1.11.0, Apache-2.0, approved, clearlydefined maven/mavencentral/com.aayushatharva.brotli4j/native-linux-aarch64/1.11.0, Apache-2.0, approved, clearlydefined maven/mavencentral/com.aayushatharva.brotli4j/native-linux-x86_64/1.11.0, Apache-2.0, approved, clearlydefined From b5d0fb12e833ef09842c9b5ca0c0c9005179c82a Mon Sep 17 00:00:00 2001 From: "Krzysztof Massalski (Extern)" Date: Wed, 24 Jan 2024 15:43:19 +0100 Subject: [PATCH 10/22] feat(impl):[#378] separate credentials config --- .../configmap-spring-app-config.yaml | 25 ++++++++------ charts/irs-helm/templates/deployment.yaml | 26 ++++++++++----- charts/irs-helm/templates/secrets.yaml | 10 +++--- charts/irs-helm/values.yaml | 17 ++++++---- .../docs/administration/configuration.adoc | 20 ++++++++--- irs-api/src/main/resources/application.yml | 33 +++++++++++-------- 6 files changed, 84 insertions(+), 47 deletions(-) diff --git a/charts/irs-helm/templates/configmap-spring-app-config.yaml b/charts/irs-helm/templates/configmap-spring-app-config.yaml index bad14f82a5..42eabd1625 100644 --- a/charts/irs-helm/templates/configmap-spring-app-config.yaml +++ b/charts/irs-helm/templates/configmap-spring-app-config.yaml @@ -56,16 +56,21 @@ data: oauth2: client: registration: - common: - client-id: "${OAUTH2_CLIENT_ID}" # taken from secret ENV - client-secret: "${OAUTH2_CLIENT_SECRET}" # taken from secret ENV - portal: - client-id: ${PORTAL_OAUTH2_CLIENT_ID} # taken from secret ENV - client-secret: ${PORTAL_OAUTH2_CLIENT_SECRET} # taken from secret ENV + semantics: + client-id: "${SEMANTICS_OAUTH2_CLIENT_ID}" # taken from secret ENV + client-secret: "${SEMANTICS_OAUTH2_CLIENT_SECRET}" # taken from secret ENV + discovery: + client-id: ${DISCOVERY_OAUTH2_CLIENT_ID} # taken from secret ENV + client-secret: ${DISCOVERY_OAUTH2_CLIENT_SECRET} # taken from secret ENV + bpdm: + client-id: ${BPDM_OAUTH2_CLIENT_ID} # taken from secret ENV + client-secret: ${BPDM_OAUTH2_CLIENT_SECRET} # taken from secret ENV provider: - common: + semantics: token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }} - portal: + discovery: + token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }} + bpdm: token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }} digitalTwinRegistry: @@ -87,7 +92,7 @@ data: bpdm: bpnEndpoint: {{ tpl (.Values.bpdm.bpnEndpoint | default "") . | quote }} - + irs-edc-client: callback-url: {{ tpl (.Values.edc.callbackurl | default (printf "http://%s%s" .Release.Name "-irs-helm:8181/internal/endpoint-data-reference")) . | quote }} controlplane: @@ -129,7 +134,7 @@ data: irs: url: {{ tpl (.Values.irsUrl | default "") . | quote }} discovery: - oAuthClientId: {{ .Values.discovery.oAuthClientId | default "portal" }} + oAuthClientId: {{ .Values.discovery.oAuthClientId | default "discovery" }} {{- if .Values.ess.mockEdcResult }} mockEdcResult: {{- tpl (toYaml .Values.ess.mockEdcResult) . | nindent 10 }} diff --git a/charts/irs-helm/templates/deployment.yaml b/charts/irs-helm/templates/deployment.yaml index 785961cfe5..e30f10c7e8 100644 --- a/charts/irs-helm/templates/deployment.yaml +++ b/charts/irs-helm/templates/deployment.yaml @@ -81,26 +81,36 @@ spec: secretKeyRef: name: {{ template "irs.secretName" . }} key: minioPassword - - name: OAUTH2_CLIENT_ID + - name: SEMANTICS_OAUTH2_CLIENT_ID valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: clientId - - name: OAUTH2_CLIENT_SECRET + key: semanticsId + - name: SEMANTICS_OAUTH2_CLIENT_SECRET valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: clientSecret - - name: PORTAL_OAUTH2_CLIENT_ID + key: semanticsSecret + - name: DISCOVERY_OAUTH2_CLIENT_ID valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: portalClientId - - name: PORTAL_OAUTH2_CLIENT_SECRET + key: discoveryClientId + - name: DISCOVERY_OAUTH2_CLIENT_SECRET valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: portalClientSecret + key: discoveryClientSecret + - name: BPDM_OAUTH2_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ template "irs.secretName" . }} + key: bpdmClientId + - name: BPDM_OAUTH2_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ template "irs.secretName" . }} + key: bpdmClientSecret - name: EDC_API_KEY_SECRET valueFrom: secretKeyRef: diff --git a/charts/irs-helm/templates/secrets.yaml b/charts/irs-helm/templates/secrets.yaml index c9f8741a28..6d86e464ef 100644 --- a/charts/irs-helm/templates/secrets.yaml +++ b/charts/irs-helm/templates/secrets.yaml @@ -35,10 +35,12 @@ type: Opaque data: minioUser: {{ .Values.minioUser | default "minio" | b64enc | quote }} minioPassword: {{ .Values.minioPassword | default "minioPass" | b64enc | quote }} - clientId: {{ .Values.oauth2.clientId | default "clientId" | b64enc | quote }} - clientSecret: {{ .Values.oauth2.clientSecret | default "clientSecret" | b64enc | quote }} - portalClientId: {{ .Values.portal.oauth2.clientId | default "portalClientId" | b64enc | quote }} - portalClientSecret: {{ .Values.portal.oauth2.clientSecret | default "portalClientSecret" | b64enc | quote }} + semanticsId: {{ .Values.oauth2.semantics.clientId | default "semanticsId" | b64enc | quote }} + semanticsSecret: {{ .Values.oauth2.semantics.clientId | default "semanticsSecret" | b64enc | quote }} + discoveryClientId: {{ .Values.oauth2.discovery.clientId | default "discoveryClientId" | b64enc | quote }} + discoveryClientSecret: {{ .Values.oauth2.discovery.clientId | default "discoveryClientSecret" | b64enc | quote }} + bpdmClientId: {{ .Values.oauth2.bpdm.clientId | default "bpdmClientId" | b64enc | quote }} + bpdmClientSecret: {{ .Values.oauth2.bpdm.clientId | default "bpdmClientSecret" | b64enc | quote }} edcApiSecret: {{ .Values.edc.controlplane.apikey.secret | toString | default "" | b64enc | quote }} {{- if .Values.grafana.enabled }} grafanaUser: {{ .Values.grafana.user | default "grafana" | b64enc | quote }} diff --git a/charts/irs-helm/values.yaml b/charts/irs-helm/values.yaml index 9744cd5efd..c436def741 100644 --- a/charts/irs-helm/values.yaml +++ b/charts/irs-helm/values.yaml @@ -152,13 +152,16 @@ minioUser: "minio" # minioPassword: # minioUrl: "http://{{ .Release.Name }}-minio:9000" oauth2: - clientId: # - clientSecret: # clientTokenUri: # -portal: - oauth2: - clientId: # - clientSecret: # + semantics: + clientId: # + clientSecret: # + discovery: + clientId: # + clientSecret: # + bpdm: + clientId: # + clientSecret: # edc: controlplane: endpoint: @@ -207,7 +210,7 @@ edc: cacheTTL: PT24H # Time to live for ConnectorEndpointService for fetchConnectorEndpoints method cache discovery: - oAuthClientId: portal # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: discovery # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client ess: edc: diff --git a/docs/src/docs/administration/configuration.adoc b/docs/src/docs/administration/configuration.adoc index 5c4bbc6241..d3430cc7b9 100644 --- a/docs/src/docs/administration/configuration.adoc +++ b/docs/src/docs/administration/configuration.adoc @@ -156,11 +156,23 @@ This is a list of all secrets used in the deployment. WARNING: Keep the values for these settings safe and do not publish them! -=== -Client ID for OAuth2 provider. Request this from your OAuth2 operator. +=== +Semantic Hub client ID for OAuth2 provider. Request this from your OAuth2 operator. -=== -Client secret for OAuth2 provider. Request this from your OAuth2 operator. +=== +Semantic Hub client secret for OAuth2 provider. Request this from your OAuth2 operator. + +=== +Dataspace Discovery client ID for OAuth2 provider. Request this from your OAuth2 operator. + +=== +Dataspace Discovery client secret for OAuth2 provider. Request this from your OAuth2 operator. + +=== +BPDM client ID for OAuth2 provider. Request this from your OAuth2 operator. + +=== +BPDM client secret for OAuth2 provider. Request this from your OAuth2 operator. === Login username for Minio. To be defined by you. diff --git a/irs-api/src/main/resources/application.yml b/irs-api/src/main/resources/application.yml index ecf233bb2b..52df8d461c 100644 --- a/irs-api/src/main/resources/application.yml +++ b/irs-api/src/main/resources/application.yml @@ -9,20 +9,25 @@ spring: oauth2: client: registration: - common: + semantics : authorization-grant-type: client_credentials - client-id: ${OAUTH2_CLIENT_ID} # OAuth2 client ID used to authenticate with the IAM - client-secret: ${OAUTH2_CLIENT_SECRET} # OAuth2 client secret used to authenticate with the IAM - portal: + client-id: ${SEMANTICS_OAUTH2_CLIENT_ID} # Semantic Hub OAuth2 client ID used to authenticate with the IAM + client-secret: ${SEMANTICS_OAUTH2_CLIENT_SECRET} # Semantic Hub OAuth2 client secret used to authenticate with the IAM + discovery: authorization-grant-type: client_credentials - client-id: ${PORTAL_OAUTH2_CLIENT_ID} # OAuth2 client ID used to authenticate with the IAM - client-secret: ${PORTAL_OAUTH2_CLIENT_SECRET} # OAuth2 client secret used to authenticate with the IAM + client-id: ${DISCOVERY_OAUTH2_CLIENT_ID} # Dataspace Discovery OAuth2 client ID used to authenticate with the IAM + client-secret: ${DISCOVERY_OAUTH2_CLIENT_SECRET} # Dataspace Discovery OAuth2 client secret used to authenticate with the IAM + bpdm: + authorization-grant-type: client_credentials + client-id: ${BPDM_OAUTH2_CLIENT_ID} # BPDM Pool OAuth2 client ID used to authenticate with the IAM + client-secret: ${BPDM_OAUTH2_CLIENT_SECRET} # BPDM Pool OAuth2 client secret used to authenticate with the IAM provider: - common: - token-uri: ${OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials - portal: - token-uri: ${PORTAL_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials - + semantics: + token-uri: ${SEMANTICS_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials + discovery: + token-uri: ${DISCOVERY_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials + bpdm: + token-uri: ${BPDM_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials management: # Spring management API config, see https://spring.io/guides/gs/centralized-configuration/ endpoints: @@ -211,7 +216,7 @@ semanticshub: # │ │ │ │ │ │ scheduler: 0 0 23 * * * # How often to clear the semantic model cache defaultUrns: "${SEMANTICSHUB_DEFAULT_URNS:urn:bamm:io.catenax.serial_part:1.0.0#SerialPart}" # IDs of models to cache at IRS startup - oAuthClientId: common # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: semantics # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client timeout: read: PT90S # HTTP read timeout for the semantic hub client connect: PT90S # HTTP connect timeout for the semantic hub client @@ -219,7 +224,7 @@ semanticshub: bpdm: bpnEndpoint: "${BPDM_URL:}" # Endpoint to resolve BPNs, must contain the placeholders {partnerId} and {idType} - oAuthClientId: common # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: bpdm # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client timeout: read: PT90S # HTTP read timeout for the bpdm client connect: PT90S # HTTP connect timeout for the bpdm client @@ -234,7 +239,7 @@ ess: irs: url: "${IRS_URL:}" # IRS Url to connect with discovery: - oAuthClientId: portal # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: discovery # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client timeout: read: PT90S # HTTP read timeout for the discovery client connect: PT90S # HTTP connect timeout for the discovery client From eaf6f46cc906b3419feeb30efba7d5d12d3e2131 Mon Sep 17 00:00:00 2001 From: "Krzysztof Massalski (Extern)" Date: Wed, 24 Jan 2024 15:46:00 +0100 Subject: [PATCH 11/22] feat(impl):[#378] separate credentials config --- charts/irs-helm/templates/configmap-spring-app-config.yaml | 2 +- charts/irs-helm/templates/secrets.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/irs-helm/templates/configmap-spring-app-config.yaml b/charts/irs-helm/templates/configmap-spring-app-config.yaml index 42eabd1625..b43e15ce64 100644 --- a/charts/irs-helm/templates/configmap-spring-app-config.yaml +++ b/charts/irs-helm/templates/configmap-spring-app-config.yaml @@ -92,7 +92,7 @@ data: bpdm: bpnEndpoint: {{ tpl (.Values.bpdm.bpnEndpoint | default "") . | quote }} - + irs-edc-client: callback-url: {{ tpl (.Values.edc.callbackurl | default (printf "http://%s%s" .Release.Name "-irs-helm:8181/internal/endpoint-data-reference")) . | quote }} controlplane: diff --git a/charts/irs-helm/templates/secrets.yaml b/charts/irs-helm/templates/secrets.yaml index 6d86e464ef..d9488ae665 100644 --- a/charts/irs-helm/templates/secrets.yaml +++ b/charts/irs-helm/templates/secrets.yaml @@ -36,11 +36,11 @@ data: minioUser: {{ .Values.minioUser | default "minio" | b64enc | quote }} minioPassword: {{ .Values.minioPassword | default "minioPass" | b64enc | quote }} semanticsId: {{ .Values.oauth2.semantics.clientId | default "semanticsId" | b64enc | quote }} - semanticsSecret: {{ .Values.oauth2.semantics.clientId | default "semanticsSecret" | b64enc | quote }} + semanticsSecret: {{ .Values.oauth2.semantics.clientSecret | default "semanticsSecret" | b64enc | quote }} discoveryClientId: {{ .Values.oauth2.discovery.clientId | default "discoveryClientId" | b64enc | quote }} - discoveryClientSecret: {{ .Values.oauth2.discovery.clientId | default "discoveryClientSecret" | b64enc | quote }} + discoveryClientSecret: {{ .Values.oauth2.discovery.clientSecret | default "discoveryClientSecret" | b64enc | quote }} bpdmClientId: {{ .Values.oauth2.bpdm.clientId | default "bpdmClientId" | b64enc | quote }} - bpdmClientSecret: {{ .Values.oauth2.bpdm.clientId | default "bpdmClientSecret" | b64enc | quote }} + bpdmClientSecret: {{ .Values.oauth2.bpdm.clientSecret | default "bpdmClientSecret" | b64enc | quote }} edcApiSecret: {{ .Values.edc.controlplane.apikey.secret | toString | default "" | b64enc | quote }} {{- if .Values.grafana.enabled }} grafanaUser: {{ .Values.grafana.user | default "grafana" | b64enc | quote }} From f933ca85f2e161ef168bfb9e7345b449eb4a9b50 Mon Sep 17 00:00:00 2001 From: "Krzysztof Massalski (Extern)" Date: Wed, 24 Jan 2024 16:15:37 +0100 Subject: [PATCH 12/22] feat(impl):[#378] changelog --- charts/irs-helm/CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/charts/irs-helm/CHANGELOG.md b/charts/irs-helm/CHANGELOG.md index 28169057dd..265f53c398 100644 --- a/charts/irs-helm/CHANGELOG.md +++ b/charts/irs-helm/CHANGELOG.md @@ -5,6 +5,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +### Added +- Added configuration parameters `oauth2.semantics.clientId`,`oauth2.semantics.clientSecret`, `oauth2.discovery.clientId`,`oauth2.discovery.clientSecret`, `oauth2.bpdm.clientId`,`oauth2.bpdm.clientSecret` +- +### Removed +- Removed configuration parameters `oauth2.clientId`,`oauth2.clientSecret`, `portal.oauth2.clientId`,`portal.oauth2.clientSecret` ## [6.13.0] - 2024-01-15 - Update IRS version to 4.4.0 From 3223e423aa1f4a1c6e9f1d437d29386f3962ef4f Mon Sep 17 00:00:00 2001 From: "Krzysztof Massalski (Extern)" Date: Wed, 24 Jan 2024 16:16:00 +0100 Subject: [PATCH 13/22] feat(impl):[#378] changelog --- charts/irs-helm/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/irs-helm/CHANGELOG.md b/charts/irs-helm/CHANGELOG.md index 265f53c398..1a763d03c5 100644 --- a/charts/irs-helm/CHANGELOG.md +++ b/charts/irs-helm/CHANGELOG.md @@ -7,7 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] ### Added - Added configuration parameters `oauth2.semantics.clientId`,`oauth2.semantics.clientSecret`, `oauth2.discovery.clientId`,`oauth2.discovery.clientSecret`, `oauth2.bpdm.clientId`,`oauth2.bpdm.clientSecret` -- + ### Removed - Removed configuration parameters `oauth2.clientId`,`oauth2.clientSecret`, `portal.oauth2.clientId`,`portal.oauth2.clientSecret` From d3464a54567cff39f1c63b4673fe84d9b8d6652a Mon Sep 17 00:00:00 2001 From: "Krzysztof Massalski (Extern)" Date: Thu, 25 Jan 2024 11:47:18 +0100 Subject: [PATCH 14/22] feat(impl):[#372] fix OpenApi generation - use apiKey security instead oauth --- docs/src/api/irs-api.yaml | 46 +++++++++---------- .../configuration/OpenApiConfiguration.java | 21 ++++----- .../irs/controllers/BatchController.java | 10 ++-- .../irs/controllers/IrsController.java | 10 ++-- .../irs/ess/controller/EssController.java | 4 +- .../controllers/PolicyStoreController.java | 8 ++-- 6 files changed, 46 insertions(+), 53 deletions(-) diff --git a/docs/src/api/irs-api.yaml b/docs/src/api/irs-api.yaml index 67879e47ea..1655a04f7b 100644 --- a/docs/src/api/irs-api.yaml +++ b/docs/src/api/irs-api.yaml @@ -7,7 +7,7 @@ info: servers: - url: http://localhost:8080 security: - - oAuth2: [] + - api_key: [] paths: /ess/bpn/investigations: post: @@ -58,7 +58,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId. tags: @@ -123,7 +123,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job with the requested jobId not found. security: - - oAuth2: [] + - api_key: [] summary: Return job with additional supplyChainImpacted information. tags: - Environmental and Social Standards @@ -202,7 +202,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches." tags: @@ -292,7 +292,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: Returns paginated jobs with state and execution times. tags: - Item Relationship Service @@ -343,7 +343,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: "Register an IRS job to retrieve an item graph for given {globalAssetId}." tags: - Item Relationship Service @@ -427,7 +427,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job with the requested jobId not found. security: - - oAuth2: [] + - api_key: [] summary: Return job with optional item graph result for requested id. tags: - Item Relationship Service @@ -492,7 +492,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job for requested jobId not found. security: - - oAuth2: [] + - api_key: [] summary: Cancel job for requested jobId. tags: - Item Relationship Service @@ -529,7 +529,7 @@ paths: $ref: "#/components/schemas/ErrorResponse" description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: Get all available aspect models from semantic hub or local models. tags: - Aspect Models @@ -582,7 +582,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: "Registers an IRS order with an array of {globalAssetIds}.\ \ Each globalAssetId will be processed in an IRS Job, grouped in batches." tags: @@ -649,7 +649,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch Order with the requested orderId not found. security: - - oAuth2: [] + - api_key: [] summary: Get a batch order for a given orderId. tags: - Item Relationship Service @@ -714,7 +714,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch Order with the requested orderId not found. security: - - oAuth2: [] + - api_key: [] summary: Cancel a batch order for a given orderId. tags: - Item Relationship Service @@ -790,7 +790,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch with the requested orderId and batchId not found. security: - - oAuth2: [] + - api_key: [] summary: Get a batch with a given batchId for a given orderId. tags: - Item Relationship Service @@ -826,7 +826,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: Lists the registered policies that should be accepted in EDC negotiation. tags: - Item Relationship Service @@ -870,7 +870,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: Register a policy that should be accepted in EDC negotiation. tags: - Item Relationship Service @@ -915,7 +915,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: Removes a policy that should no longer be accepted in EDC negotiation. tags: - Item Relationship Service @@ -965,7 +965,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: [] + - api_key: [] summary: Updates an existing policy with new validUntil value. tags: - Item Relationship Service @@ -2639,10 +2639,8 @@ components: required: - validUntil securitySchemes: - oAuth2: - flows: - clientCredentials: - scopes: - {} - tokenUrl: https://localhost - type: oauth2 + api_key: + description: Api Key access + in: header + name: X-API-KEY + type: apiKey diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java index 837d9d9810..991ab57564 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java @@ -26,16 +26,12 @@ import io.swagger.v3.oas.models.Components; import io.swagger.v3.oas.models.OpenAPI; import io.swagger.v3.oas.models.info.Info; -import io.swagger.v3.oas.models.security.OAuthFlow; -import io.swagger.v3.oas.models.security.OAuthFlows; -import io.swagger.v3.oas.models.security.Scopes; import io.swagger.v3.oas.models.security.SecurityRequirement; import io.swagger.v3.oas.models.security.SecurityScheme; import io.swagger.v3.oas.models.servers.Server; import lombok.RequiredArgsConstructor; import org.eclipse.tractusx.irs.IrsApplication; import org.springdoc.core.customizers.OpenApiCustomizer; -import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -59,7 +55,7 @@ public class OpenApiConfiguration { @Bean public OpenAPI customOpenAPI() { return new OpenAPI().addServersItem(new Server().url(irsConfiguration.getApiUrl().toString())) - .addSecurityItem(new SecurityRequirement().addList("oAuth2")) + .addSecurityItem(new SecurityRequirement().addList("api_key")) .info(new Info().title("IRS API") .version(IrsApplication.API_VERSION) .description( @@ -69,20 +65,19 @@ public OpenAPI customOpenAPI() { /** * Generates example values in Swagger * - * @param tokenUri the OAuth2 token uri loaded from application.yaml * @return the customizer */ @Bean - public OpenApiCustomizer customizer( - @Value("${spring.security.oauth2.client.provider.common.token-uri}") final String tokenUri) { + public OpenApiCustomizer customizer() { return openApi -> { final Components components = openApi.getComponents(); - components.addSecuritySchemes("oAuth2", new SecurityScheme().type(SecurityScheme.Type.OAUTH2) - .flows(new OAuthFlows().clientCredentials( - new OAuthFlow().scopes( - new Scopes()) - .tokenUrl(tokenUri)))); + components.addSecuritySchemes("api_key", new SecurityScheme().type(SecurityScheme.Type.APIKEY) + .description("Api Key access") + .in(SecurityScheme.In.HEADER) + .name("X-API-KEY") + ); openApi.getComponents().getSchemas().values().forEach(s -> s.setAdditionalProperties(false)); + new OpenApiExamples().createExamples(components); }; } diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java index cfb85c6231..c8ff5c60f2 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java @@ -81,7 +81,7 @@ public class BatchController { @Operation(operationId = "registerOrder", summary = "Registers an IRS order with an array of {globalAssetIds}. " + "Each globalAssetId will be processed in an IRS Job, grouped in batches.", - security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }, description = "Registers an IRS order with an array of {globalAssetIds}. " + "Each globalAssetId will be processed in an IRS Job, grouped in batches.") @ApiResponses( @@ -121,7 +121,7 @@ public BatchOrderCreated registerBatchOrder(final @Valid @RequestBody RegisterBa @Operation(operationId = "registerESSInvestigationOrder", summary = "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches.", - security = @SecurityRequirement(name = "oAuth2"), tags = { "Environmental and Social Standards" }, + security = @SecurityRequirement(name = "api_key"), tags = { "Environmental and Social Standards" }, description = "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches.") @ApiResponses( value = { @ApiResponse(responseCode = "201", description = "Returns orderId of registered Batch order.", @@ -160,7 +160,7 @@ public BatchOrderCreated registerESSInvestigationOrder( } @Operation(description = "Get a batch order for a given orderId.", operationId = "getBatchOrder", - summary = "Get a batch order for a given orderId.", security = @SecurityRequirement(name = "oAuth2"), + summary = "Get a batch order for a given orderId.", security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Get a batch order for a given orderId.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, schema = @Schema( @@ -206,7 +206,7 @@ public BatchOrderResponse getBatchOrder( @Operation(description = "Get a batch with a given batchId for a given orderId.", operationId = "getBatch", summary = "Get a batch with a given batchId for a given orderId.", - security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Get a batch with a given batchId for a given orderId.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -255,7 +255,7 @@ public BatchResponse getBatch( } @Operation(description = "Cancel a batch order for a given orderId.", operationId = "cancelBatchOrder", - summary = "Cancel a batch order for a given orderId.", security = @SecurityRequirement(name = "oAuth2"), + summary = "Cancel a batch order for a given orderId.", security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) @ApiResponses( value = { @ApiResponse(responseCode = "200", description = "Cancel a batch order for a given orderId.", diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java index 60166e2c87..a8a23c11c4 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java @@ -93,7 +93,7 @@ public class IrsController { @Operation(operationId = "registerJobForGlobalAssetId", summary = "Register an IRS job to retrieve an item graph for given {globalAssetId}.", - security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }, description = "Register an IRS job to retrieve an item graph for given {globalAssetId}.") @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Returns id of registered job.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -131,7 +131,7 @@ public JobHandle registerJobForGlobalAssetId(final @Valid @RequestBody RegisterJ @Operation(description = "Return job with optional item graph result for requested id.", operationId = "getJobForJobId", summary = "Return job with optional item graph result for requested id.", - security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Return job with item graph for the requested id.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -190,7 +190,7 @@ public ResponseEntity getJobById( } @Operation(description = "Cancel job for requested jobId.", operationId = "cancelJobByJobId", - summary = "Cancel job for requested jobId.", security = @SecurityRequirement(name = "oAuth2"), + summary = "Cancel job for requested jobId.", security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Job with requested jobId canceled.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -236,7 +236,7 @@ public Job cancelJobByJobId( @Operation(description = "Returns paginated jobs with state and execution times.", operationId = "getJobsByJobStates", summary = "Returns paginated jobs with state and execution times.", - security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Paginated list of jobs with state and execution times for requested job states.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -280,7 +280,7 @@ public PageResult getJobsByState( @Operation(operationId = "getAllAspectModels", summary = "Get all available aspect models from semantic hub or local models.", - security = @SecurityRequirement(name = "oAuth2"), tags = { "Aspect Models" }, + security = @SecurityRequirement(name = "api_key"), tags = { "Aspect Models" }, description = "Get all available aspect models from semantic hub or local models.") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Returns all available aspect models.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java index 9414172ec8..ca6720b605 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java @@ -75,7 +75,7 @@ class EssController { @Operation(operationId = "registerBPNInvestigation", summary = "Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId.", - security = @SecurityRequirement(name = "oAuth2"), + security = @SecurityRequirement(name = "api_key"), tags = { "Environmental and Social Standards" }, description = "Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId.") @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Returns id of registered job.", @@ -114,7 +114,7 @@ public JobHandle registerBPNInvestigation(final @Valid @RequestBody RegisterBpnI @Operation(description = "Return job with additional supplyChainImpacted information.", operationId = "getBPNInvestigation", summary = "Return job with additional supplyChainImpacted information.", - security = @SecurityRequirement(name = "oAuth2"), + security = @SecurityRequirement(name = "api_key"), tags = { "Environmental and Social Standards" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Return job with item graph for the requested id.", diff --git a/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java b/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java index 2c18570427..9365e0f13a 100644 --- a/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java +++ b/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java @@ -74,7 +74,7 @@ public class PolicyStoreController { @Operation(operationId = "registerAllowedPolicy", summary = "Register a policy that should be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "oAuth2"), + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }, description = "Register a policy that should be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "201"), @@ -106,7 +106,7 @@ public void registerAllowedPolicy(final @Valid @RequestBody CreatePolicyRequest @Operation(operationId = "getAllowedPolicies", summary = "Lists the registered policies that should be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "oAuth2"), + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }, description = "Lists the registered policies that should be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Returns the policies.", @@ -135,7 +135,7 @@ public List getPolicies() { @Operation(operationId = "deleteAllowedPolicy", summary = "Removes a policy that should no longer be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "oAuth2"), + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }, description = "Removes a policy that should no longer be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "200"), @@ -166,7 +166,7 @@ public void deleteAllowedPolicy(@PathVariable("policyId") final String policyId) } @Operation(operationId = "updateAllowedPolicy", summary = "Updates an existing policy with new validUntil value.", - security = @SecurityRequirement(name = "oAuth2"), + security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }, description = "Updates an existing policy with new validUntil value.") @ApiResponses(value = { @ApiResponse(responseCode = "200"), From b8a96fcc0c0428ce8edb553270ef2e280e26fc18 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Thu, 25 Jan 2024 13:39:16 +0100 Subject: [PATCH 15/22] chore(deps):[#xxx] add suppression for CVE-2023-51074 because only used in tests --- .config/owasp-suppressions.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.config/owasp-suppressions.xml b/.config/owasp-suppressions.xml index 325b8ae21a..50fc202188 100644 --- a/.config/owasp-suppressions.xml +++ b/.config/owasp-suppressions.xml @@ -30,9 +30,9 @@ - ^pkg:maven/org\.graalvm\.sdk/graal\-sdk@.*$ - CVE-2024-20932 + ^pkg:maven/com\.jayway\.jsonpath@.*$ + CVE-2023-51074 \ No newline at end of file From 1578604516f49a325a19578180fa6643a3ff9761 Mon Sep 17 00:00:00 2001 From: mk Date: Thu, 25 Jan 2024 15:49:34 +0100 Subject: [PATCH 16/22] chore(CONTRIBUTION):[#389] add matrix chat and stuff for consultants --- CONTRIBUTING.md | 55 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 74a2048915..4cddc482a9 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,6 +2,16 @@ Thanks for your interest in this project. +# Table of Contents +1. [Project description](#project-description) +2. [Developer resources](#developer-resources) +3. [Eclipse Development Process](#eclipse-development-process) +4. [Eclipse Contributor Agreement](#eclipse-contributor-agreement) +5. [General contribution to the project](#general-contribution-to-the-project) +6. [Contributing as a Consultant](#contributing-as-a-consultant) +7. [Contributing as a Developer](#contributing-as-a-developer) +9. [Contact](#contact) + ## Project description The companies involved want to increase the automotive industry's @@ -53,7 +63,7 @@ fulfills the DCO's requirement that you sign-off on your contributions. For more information, please see the Eclipse Committer Handbook: https://www.eclipse.org/projects/handbook/#resources-commit -# Eclipse Dependency License Check +## Eclipse Dependency License Check In case of new dependencies or version updates, it might be necessary to have the new library checked and accepted by the Eclipse foundation. Do create new tickets for this, you can use this command: ``` @@ -62,6 +72,45 @@ mvn org.eclipse.dash:license-tool-plugin:license-check -Ddash.iplab.token=$ECLIP For more information on the tool and how to acquire the token, check https://github.com/eclipse/dash-licenses. +## General contribution to the project + + +## Contributing as a Consultant + +### Conceptual work and specification guidelines +1. The prerequisite for a concept is always a github issue that defines the business value and the acceptance criteria that are to be implemented with the concept +2. Copy and rename directory /docs/#000-concept-name-template /docs/#- +3. Copy file /docs/Concept_TEMPLATE.md into new directory /docs/#- + +### Diagrams +PlantUML and Mermaid is used for conceptual work. +https://mermaid.js.org/ +https://plantuml.com/ + + +#### PlantUML +default skinparam for plantUml diagrams +```` +@startuml +skinparam monochrome true +skinparam shadowing false +skinparam linetype ortho +skinparam defaultFontName "Architects daughter" +autonumber "[000]" + +@enduml +```` + +#### Mermaid +Default header for mermaid sequence diagrams +```` +sequenceDiagram + %%{init: {'theme': 'dark', 'themeVariables': { 'fontSize': '15px'}}}%% + autonumber + ```` + +## Contributing as a Developer + ### Commit messages The commit messages have to match a pattern in the form of: ``< type >(scope):[] < description >`` @@ -80,11 +129,13 @@ cp local/development/commit-msg .git/hooks/commit-msg && chmod 500 .git/hooks/co For further information please see https://github.com/hazcod/semantic-commit-hook -## Code formatting +### Code formatting Please use the following code formatter: [.idea/codeStyles](.idea/codeStyles) + ## Contact Contact the project developers via the project's "dev" list. * https://accounts.eclipse.org/mailing-list/tractusx-dev +* Eclipse Matrix Chat https://chat.eclipse.org/#/room/#tractusx-irs:matrix.eclipse.org From 4dceefbc0bc1fc7386a09b6437fde9c74ad91812 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Fri, 26 Jan 2024 02:13:37 +0100 Subject: [PATCH 17/22] chore(deps):[#xxx] fix suppression for CVE-2023-51074 because only used in tests --- .config/owasp-suppressions.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.config/owasp-suppressions.xml b/.config/owasp-suppressions.xml index 50fc202188..051a11d32b 100644 --- a/.config/owasp-suppressions.xml +++ b/.config/owasp-suppressions.xml @@ -32,7 +32,7 @@ - ^pkg:maven/com\.jayway\.jsonpath@.*$ + ^pkg:maven/com.jayway.jsonpath/json-path@2.8.0$ CVE-2023-51074 \ No newline at end of file From 2b375d99d295091c82507b352ab2318266a2c219 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Fri, 26 Jan 2024 02:29:35 +0100 Subject: [PATCH 18/22] chore(deps):[#xxx] fix spring-core-6.0.14.jar: CVE-2024-22233(7.5) by updating spring boot to 3.1.8 also fixes CVE-2023-6378 logback serialization vulnerability therefore undo of manual dependency management for logback --- irs-parent-spring-boot/pom.xml | 14 -------------- pom.xml | 2 +- 2 files changed, 1 insertion(+), 15 deletions(-) diff --git a/irs-parent-spring-boot/pom.xml b/irs-parent-spring-boot/pom.xml index 0948d0bb0c..879e62f3b6 100644 --- a/irs-parent-spring-boot/pom.xml +++ b/irs-parent-spring-boot/pom.xml @@ -15,10 +15,6 @@ IRS Spring Boot Parent Parent module for Spring Boot modules. - - 1.4.14 - - @@ -28,16 +24,6 @@ pom import - - ch.qos.logback - logback-classic - ${logback.version} - - - ch.qos.logback - logback-core - ${logback.version} - diff --git a/pom.xml b/pom.xml index 97ad8c7a40..2e47b76a2d 100644 --- a/pom.xml +++ b/pom.xml @@ -76,7 +76,7 @@ 1.5.1-SNAPSHOT - 3.1.6 + 3.1.8 2.2.0 1.11.4 1.9.0 From 8bada1716d53cc165167658eeb2a02a1523f7aa0 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Fri, 26 Jan 2024 03:00:01 +0100 Subject: [PATCH 19/22] chore(deps):[#xxx] update DEPENDENCIES file --- DEPENDENCIES | 197 +++++++++++++++++++++++++++------------------------ 1 file changed, 105 insertions(+), 92 deletions(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index 9197d6e308..cc0f92a3fe 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -124,33 +124,33 @@ maven/mavencentral/io.github.resilience4j/resilience4j-retry/2.1.0, Apache-2.0, maven/mavencentral/io.github.resilience4j/resilience4j-spring-boot3/2.1.0, Apache-2.0, approved, #10913 maven/mavencentral/io.github.resilience4j/resilience4j-spring6/2.1.0, Apache-2.0, approved, #10915 maven/mavencentral/io.github.resilience4j/resilience4j-timelimiter/2.1.0, Apache-2.0, approved, #10166 -maven/mavencentral/io.micrometer/micrometer-commons/1.11.6, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #9243 -maven/mavencentral/io.micrometer/micrometer-core/1.11.6, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #9238 -maven/mavencentral/io.micrometer/micrometer-observation/1.11.6, Apache-2.0, approved, #9242 +maven/mavencentral/io.micrometer/micrometer-commons/1.11.8, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #9243 +maven/mavencentral/io.micrometer/micrometer-core/1.11.8, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #9238 +maven/mavencentral/io.micrometer/micrometer-observation/1.11.8, Apache-2.0, approved, #9242 maven/mavencentral/io.micrometer/micrometer-registry-prometheus/1.11.4, Apache-2.0, approved, #9805 maven/mavencentral/io.minio/minio/8.5.6, Apache-2.0, approved, #9097 maven/mavencentral/io.netty.incubator/netty-incubator-transport-classes-io_uring/0.0.21.Final, Apache-2.0, approved, #9622 maven/mavencentral/io.netty.incubator/netty-incubator-transport-native-io_uring/0.0.21.Final, GPL-2.0-only WITH Linux-syscall-note OR MIT AND Apache-2.0 AND MIT, approved, #9649 -maven/mavencentral/io.netty/netty-buffer/4.1.101.Final, Apache-2.0, approved, CQ21842 -maven/mavencentral/io.netty/netty-codec-dns/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-codec-http/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-codec-http2/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-codec-mqtt/4.1.101.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280 -maven/mavencentral/io.netty/netty-codec-socks/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-codec/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-common/4.1.101.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843 -maven/mavencentral/io.netty/netty-handler-proxy/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-handler/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-resolver-dns-classes-macos/4.1.101.Final, Apache-2.0, approved, #6367 -maven/mavencentral/io.netty/netty-resolver-dns-native-macos/4.1.101.Final, Apache-2.0, approved, #7004 -maven/mavencentral/io.netty/netty-resolver-dns/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-resolver/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-buffer/4.1.105.Final, Apache-2.0, approved, CQ21842 +maven/mavencentral/io.netty/netty-codec-dns/4.1.105.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-codec-http/4.1.105.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-codec-http2/4.1.105.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-codec-mqtt/4.1.105.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280 +maven/mavencentral/io.netty/netty-codec-socks/4.1.105.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-codec/4.1.105.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-common/4.1.105.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843 +maven/mavencentral/io.netty/netty-handler-proxy/4.1.105.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-handler/4.1.105.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-resolver-dns-classes-macos/4.1.105.Final, Apache-2.0, approved, #6367 +maven/mavencentral/io.netty/netty-resolver-dns-native-macos/4.1.105.Final, Apache-2.0, approved, #7004 +maven/mavencentral/io.netty/netty-resolver-dns/4.1.105.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-resolver/4.1.105.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-tcnative-boringssl-static/2.0.61.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280 maven/mavencentral/io.netty/netty-tcnative-classes/2.0.61.Final, Apache-2.0, approved, clearlydefined -maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.101.Final, Apache-2.0, approved, #6366 -maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-transport/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.105.Final, Apache-2.0, approved, #6366 +maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.105.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.105.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-transport/4.1.105.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.opentelemetry/opentelemetry-api/1.25.0, Apache-2.0, approved, clearlydefined maven/mavencentral/io.opentelemetry/opentelemetry-api/1.29.0, Apache-2.0, approved, #10088 maven/mavencentral/io.opentelemetry/opentelemetry-context/1.25.0, Apache-2.0, approved, clearlydefined @@ -186,10 +186,10 @@ maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/4.0.1, BSD-3-Clause, ap maven/mavencentral/javax.jms/javax.jms-api/2.0.1, CDDL-1.1 OR GPL-2.0 WITH Classpath-exception-2.0, approved, #1516 maven/mavencentral/joda-time/joda-time/2.10.2, Apache-2.0, approved, clearlydefined maven/mavencentral/junit/junit/4.13.2, EPL-2.0, approved, CQ23636 -maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.14.10, Apache-2.0, approved, #7164 +maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.14.11, Apache-2.0, approved, #7164 maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.14.4, Apache-2.0, approved, #7164 maven/mavencentral/net.bytebuddy/byte-buddy/1.12.21, Apache-2.0 AND BSD-3-Clause, approved, #1811 -maven/mavencentral/net.bytebuddy/byte-buddy/1.14.10, Apache-2.0 AND BSD-3-Clause, approved, #7163 +maven/mavencentral/net.bytebuddy/byte-buddy/1.14.11, Apache-2.0 AND BSD-3-Clause, approved, #7163 maven/mavencentral/net.datafaker/datafaker/1.9.0, Apache-2.0, approved, #8797 maven/mavencentral/net.debasishg/redisclient_2.13/3.42, Apache-2.0, approved, clearlydefined maven/mavencentral/net.java.dev.jna/jna/5.12.1, Apache-2.0 OR LGPL-2.1-or-later, approved, #3217 @@ -209,9 +209,9 @@ maven/mavencentral/org.apache.commons/commons-compress/1.23.0, Apache-2.0 AND BS maven/mavencentral/org.apache.commons/commons-compress/1.24.0, Apache-2.0 AND BSD-3-Clause AND bzip2-1.0.6 AND LicenseRef-Public-Domain, approved, #10368 maven/mavencentral/org.apache.commons/commons-lang3/3.12.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.apache.commons/commons-pool2/2.11.1, Apache-2.0, approved, CQ23795 -maven/mavencentral/org.apache.groovy/groovy-json/4.0.15, Apache-2.0, approved, #7411 -maven/mavencentral/org.apache.groovy/groovy-xml/4.0.15, Apache-2.0, approved, #10179 -maven/mavencentral/org.apache.groovy/groovy/4.0.15, Apache-2.0 AND BSD-3-Clause AND MIT, approved, #1742 +maven/mavencentral/org.apache.groovy/groovy-json/4.0.17, Apache-2.0, approved, #7411 +maven/mavencentral/org.apache.groovy/groovy-xml/4.0.17, Apache-2.0, approved, #10179 +maven/mavencentral/org.apache.groovy/groovy/4.0.17, Apache-2.0 AND BSD-3-Clause AND MIT, approved, #1742 maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.13, Apache-2.0 AND LicenseRef-Public-Domain, approved, CQ23527 maven/mavencentral/org.apache.httpcomponents/httpcore/4.4.16, Apache-2.0, approved, CQ23528 maven/mavencentral/org.apache.httpcomponents/httpmime/4.5.13, Apache-2.0, approved, CQ11718 @@ -220,11 +220,11 @@ maven/mavencentral/org.apache.logging.log4j/log4j-core/2.20.0, Apache-2.0 AND (A maven/mavencentral/org.apache.logging.log4j/log4j-jul/2.20.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.apache.logging.log4j/log4j-slf4j2-impl/2.20.0, Apache-2.0, approved, #8801 maven/mavencentral/org.apache.logging.log4j/log4j-to-slf4j/2.20.0, Apache-2.0, approved, #8799 -maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.16, Apache-2.0 AND (EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND (CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND W3C AND CC0-1.0, approved, #5949 -maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-el/10.1.16, Apache-2.0, approved, #6997 -maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.16, Apache-2.0, approved, #7920 +maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.18, Apache-2.0 AND (EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND (CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND W3C AND CC0-1.0, approved, #5949 +maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-el/10.1.18, Apache-2.0, approved, #6997 +maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.18, Apache-2.0, approved, #7920 maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.aspectj/aspectjweaver/1.9.20.1, Apache-2.0 AND BSD-3-Clause AND EPL-1.0 AND BSD-3-Clause AND Apache-1.1, approved, #7695 +maven/mavencentral/org.aspectj/aspectjweaver/1.9.21, Apache-2.0 AND BSD-3-Clause AND EPL-1.0 AND BSD-3-Clause AND Apache-1.1, approved, #7695 maven/mavencentral/org.assertj/assertj-core/3.24.2, Apache-2.0, approved, #6161 maven/mavencentral/org.awaitility/awaitility/4.2.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.76, MIT, approved, #9825 @@ -284,45 +284,45 @@ maven/mavencentral/org.eclipse.edc/web-spi/0.2.1, Apache-2.0, approved, technolo maven/mavencentral/org.eclipse.jetty.toolchain/jetty-jakarta-servlet-api/5.0.2, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty.toolchain/jetty-jakarta-websocket-api/2.0.0, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-client/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-client/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-client/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-common/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-common/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-common/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-server/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-server/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-server/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-client/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-client/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-client/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-common/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-common/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-common/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-server/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-server/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-server/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty.websocket/websocket-servlet/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty.websocket/websocket-servlet/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty.websocket/websocket-servlet/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty/jetty-alpn-client/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-alpn-client/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-alpn-client/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty/jetty-annotations/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-annotations/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-annotations/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty/jetty-client/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-client/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-client/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty/jetty-http/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-http/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-http/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty/jetty-io/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-io/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-io/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty/jetty-jndi/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-jndi/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-jndi/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty/jetty-plus/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-plus/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-plus/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty/jetty-security/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-security/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-security/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty/jetty-server/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-server/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-server/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty/jetty-servlet/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-servlet/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-servlet/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty/jetty-util/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-util/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-util/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty/jetty-xml/11.0.17, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-xml/11.0.18, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-xml/11.0.19, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.tractusx.irs/irs-api/0.0.2-SNAPSHOT, Apache-2.0, approved, automotive.tractusx maven/mavencentral/org.eclipse.tractusx.irs/irs-common/0.0.2-SNAPSHOT, Apache-2.0, approved, automotive.tractusx maven/mavencentral/org.eclipse.tractusx.irs/irs-edc-client/1.5.1-SNAPSHOT, Apache-2.0, approved, automotive.tractusx @@ -331,19 +331,32 @@ maven/mavencentral/org.eclipse.tractusx.irs/irs-policy-store/0.0.2-SNAPSHOT, Apa maven/mavencentral/org.eclipse.tractusx.irs/irs-registry-client/1.5.1-SNAPSHOT, Apache-2.0, approved, automotive.tractusx maven/mavencentral/org.eclipse.tractusx.irs/irs-testing/1.5.1-SNAPSHOT, Apache-2.0, approved, automotive.tractusx maven/mavencentral/org.glassfish.hk2.external/aopalliance-repackaged/3.0.4, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish +maven/mavencentral/org.glassfish.hk2.external/aopalliance-repackaged/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish maven/mavencentral/org.glassfish.hk2/hk2-api/3.0.4, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish +maven/mavencentral/org.glassfish.hk2/hk2-api/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish maven/mavencentral/org.glassfish.hk2/hk2-locator/3.0.4, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish +maven/mavencentral/org.glassfish.hk2/hk2-locator/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish maven/mavencentral/org.glassfish.hk2/hk2-utils/3.0.4, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish +maven/mavencentral/org.glassfish.hk2/hk2-utils/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish maven/mavencentral/org.glassfish.hk2/osgi-resource-locator/1.0.3, CDDL-1.0, approved, CQ10889 maven/mavencentral/org.glassfish.jersey.containers/jersey-container-servlet-core/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.containers/jersey-container-servlet-core/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey maven/mavencentral/org.glassfish.jersey.containers/jersey-container-servlet/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.containers/jersey-container-servlet/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey maven/mavencentral/org.glassfish.jersey.core/jersey-client/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.core/jersey-client/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey maven/mavencentral/org.glassfish.jersey.core/jersey-common/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.core/jersey-common/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey maven/mavencentral/org.glassfish.jersey.core/jersey-server/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.core/jersey-server/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey maven/mavencentral/org.glassfish.jersey.ext/jersey-entity-filtering/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.ext/jersey-entity-filtering/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey maven/mavencentral/org.glassfish.jersey.inject/jersey-hk2/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.inject/jersey-hk2/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey maven/mavencentral/org.glassfish.jersey.media/jersey-media-json-jackson/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.media/jersey-media-json-jackson/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey maven/mavencentral/org.glassfish.jersey.media/jersey-media-multipart/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.media/jersey-media-multipart/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey maven/mavencentral/org.glassfish/jakarta.json/2.0.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp maven/mavencentral/org.graalvm.js/js/21.2.0, UPL-1.0 AND (MPL-2.0 AND LicenseRef-MIT-style) AND (BSD-3-Clause AND UPL-1.0) AND (GPL-2.0-only WITH Classpath-exception-2.0 AND UPL-1.0) AND (UPL-1.0 AND LicenseRef-Permission-Notice), approved, #10176 maven/mavencentral/org.graalvm.regex/regex/21.2.0, UPL-1.0 AND (Unicode-TOU AND UPL-1.0), approved, #10181 @@ -408,51 +421,51 @@ maven/mavencentral/org.scala-lang/scala-reflect/2.13.10, Apache-2.0, approved, # maven/mavencentral/org.simpleflatmapper/lightning-csv/8.2.3, MIT, approved, clearlydefined maven/mavencentral/org.simpleflatmapper/sfm-util/8.2.3, MIT, approved, clearlydefined maven/mavencentral/org.skyscreamer/jsonassert/1.5.1, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.slf4j/jul-to-slf4j/2.0.9, MIT, approved, #7698 -maven/mavencentral/org.slf4j/slf4j-api/2.0.9, MIT, approved, #5915 +maven/mavencentral/org.slf4j/jul-to-slf4j/2.0.11, MIT, approved, #7698 +maven/mavencentral/org.slf4j/slf4j-api/2.0.11, MIT, approved, #5915 maven/mavencentral/org.springdoc/springdoc-openapi-starter-common/2.2.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-api/2.2.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-ui/2.2.0, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.springframework.boot/spring-boot-actuator-autoconfigure/3.1.6, Apache-2.0, approved, #9348 -maven/mavencentral/org.springframework.boot/spring-boot-actuator/3.1.6, Apache-2.0, approved, #9342 -maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.1.6, Apache-2.0, approved, #9341 -maven/mavencentral/org.springframework.boot/spring-boot-configuration-metadata/3.1.6, Apache-2.0, approved, #11032 -maven/mavencentral/org.springframework.boot/spring-boot-properties-migrator/3.1.6, Apache-2.0, approved, #10675 -maven/mavencentral/org.springframework.boot/spring-boot-starter-actuator/3.1.6, Apache-2.0, approved, #9344 -maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.1.6, Apache-2.0, approved, #9338 -maven/mavencentral/org.springframework.boot/spring-boot-starter-json/3.1.6, Apache-2.0, approved, #9336 -maven/mavencentral/org.springframework.boot/spring-boot-starter-log4j2/3.1.6, Apache-2.0, approved, #8800 -maven/mavencentral/org.springframework.boot/spring-boot-starter-logging/3.1.6, Apache-2.0, approved, #9343 -maven/mavencentral/org.springframework.boot/spring-boot-starter-oauth2-client/3.1.6, Apache-2.0, approved, #8806 -maven/mavencentral/org.springframework.boot/spring-boot-starter-oauth2-resource-server/3.1.6, Apache-2.0, approved, #8804 -maven/mavencentral/org.springframework.boot/spring-boot-starter-security/3.1.6, Apache-2.0, approved, #9337 -maven/mavencentral/org.springframework.boot/spring-boot-starter-test/3.1.6, Apache-2.0, approved, #9353 -maven/mavencentral/org.springframework.boot/spring-boot-starter-tomcat/3.1.6, Apache-2.0, approved, #9351 -maven/mavencentral/org.springframework.boot/spring-boot-starter-validation/3.1.6, Apache-2.0, approved, #9335 -maven/mavencentral/org.springframework.boot/spring-boot-starter-web/3.1.6, Apache-2.0, approved, #9347 -maven/mavencentral/org.springframework.boot/spring-boot-starter/3.1.6, Apache-2.0, approved, #9349 -maven/mavencentral/org.springframework.boot/spring-boot-test-autoconfigure/3.1.6, Apache-2.0, approved, #9339 -maven/mavencentral/org.springframework.boot/spring-boot-test/3.1.6, Apache-2.0, approved, #9346 -maven/mavencentral/org.springframework.boot/spring-boot/3.1.6, Apache-2.0, approved, #9352 -maven/mavencentral/org.springframework.data/spring-data-commons/3.1.6, Apache-2.0, approved, #8805 -maven/mavencentral/org.springframework.security/spring-security-config/6.1.5, Apache-2.0, approved, #9736 -maven/mavencentral/org.springframework.security/spring-security-core/6.1.5, Apache-2.0, approved, #9801 -maven/mavencentral/org.springframework.security/spring-security-crypto/6.1.5, Apache-2.0 AND ISC, approved, #9735 -maven/mavencentral/org.springframework.security/spring-security-oauth2-client/6.1.5, Apache-2.0, approved, #9740 -maven/mavencentral/org.springframework.security/spring-security-oauth2-core/6.1.5, Apache-2.0, approved, #9741 -maven/mavencentral/org.springframework.security/spring-security-oauth2-jose/6.1.5, Apache-2.0, approved, #9345 -maven/mavencentral/org.springframework.security/spring-security-oauth2-resource-server/6.1.5, Apache-2.0, approved, #8798 -maven/mavencentral/org.springframework.security/spring-security-test/6.1.5, Apache-2.0, approved, #10674 -maven/mavencentral/org.springframework.security/spring-security-web/6.1.5, Apache-2.0, approved, #9800 -maven/mavencentral/org.springframework/spring-aop/6.0.14, Apache-2.0, approved, #5940 -maven/mavencentral/org.springframework/spring-beans/6.0.14, Apache-2.0, approved, #5937 -maven/mavencentral/org.springframework/spring-context/6.0.14, Apache-2.0, approved, #5936 -maven/mavencentral/org.springframework/spring-core/6.0.14, Apache-2.0 AND BSD-3-Clause, approved, #5948 -maven/mavencentral/org.springframework/spring-expression/6.0.14, Apache-2.0, approved, #3284 -maven/mavencentral/org.springframework/spring-jcl/6.0.14, Apache-2.0, approved, #3283 -maven/mavencentral/org.springframework/spring-test/6.0.14, Apache-2.0, approved, #7003 -maven/mavencentral/org.springframework/spring-web/6.0.14, Apache-2.0, approved, #5942 -maven/mavencentral/org.springframework/spring-webmvc/6.0.14, Apache-2.0, approved, #5944 +maven/mavencentral/org.springframework.boot/spring-boot-actuator-autoconfigure/3.1.8, Apache-2.0, approved, #9348 +maven/mavencentral/org.springframework.boot/spring-boot-actuator/3.1.8, Apache-2.0, approved, #9342 +maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.1.8, Apache-2.0, approved, #9341 +maven/mavencentral/org.springframework.boot/spring-boot-configuration-metadata/3.1.8, Apache-2.0, approved, #11032 +maven/mavencentral/org.springframework.boot/spring-boot-properties-migrator/3.1.8, Apache-2.0, approved, #10675 +maven/mavencentral/org.springframework.boot/spring-boot-starter-actuator/3.1.8, Apache-2.0, approved, #9344 +maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.1.8, Apache-2.0, approved, #9338 +maven/mavencentral/org.springframework.boot/spring-boot-starter-json/3.1.8, Apache-2.0, approved, #9336 +maven/mavencentral/org.springframework.boot/spring-boot-starter-log4j2/3.1.8, Apache-2.0, approved, #8800 +maven/mavencentral/org.springframework.boot/spring-boot-starter-logging/3.1.8, Apache-2.0, approved, #9343 +maven/mavencentral/org.springframework.boot/spring-boot-starter-oauth2-client/3.1.8, Apache-2.0, approved, #8806 +maven/mavencentral/org.springframework.boot/spring-boot-starter-oauth2-resource-server/3.1.8, Apache-2.0, approved, #8804 +maven/mavencentral/org.springframework.boot/spring-boot-starter-security/3.1.8, Apache-2.0, approved, #9337 +maven/mavencentral/org.springframework.boot/spring-boot-starter-test/3.1.8, Apache-2.0, approved, #9353 +maven/mavencentral/org.springframework.boot/spring-boot-starter-tomcat/3.1.8, Apache-2.0, approved, #9351 +maven/mavencentral/org.springframework.boot/spring-boot-starter-validation/3.1.8, Apache-2.0, approved, #9335 +maven/mavencentral/org.springframework.boot/spring-boot-starter-web/3.1.8, Apache-2.0, approved, #9347 +maven/mavencentral/org.springframework.boot/spring-boot-starter/3.1.8, Apache-2.0, approved, #9349 +maven/mavencentral/org.springframework.boot/spring-boot-test-autoconfigure/3.1.8, Apache-2.0, approved, #9339 +maven/mavencentral/org.springframework.boot/spring-boot-test/3.1.8, Apache-2.0, approved, #9346 +maven/mavencentral/org.springframework.boot/spring-boot/3.1.8, Apache-2.0, approved, #9352 +maven/mavencentral/org.springframework.data/spring-data-commons/3.1.8, Apache-2.0, approved, #8805 +maven/mavencentral/org.springframework.security/spring-security-config/6.1.6, Apache-2.0, approved, #9736 +maven/mavencentral/org.springframework.security/spring-security-core/6.1.6, Apache-2.0, approved, #9801 +maven/mavencentral/org.springframework.security/spring-security-crypto/6.1.6, Apache-2.0 AND ISC, approved, #9735 +maven/mavencentral/org.springframework.security/spring-security-oauth2-client/6.1.6, Apache-2.0, approved, #9740 +maven/mavencentral/org.springframework.security/spring-security-oauth2-core/6.1.6, Apache-2.0, approved, #9741 +maven/mavencentral/org.springframework.security/spring-security-oauth2-jose/6.1.6, Apache-2.0, approved, #9345 +maven/mavencentral/org.springframework.security/spring-security-oauth2-resource-server/6.1.6, Apache-2.0, approved, #8798 +maven/mavencentral/org.springframework.security/spring-security-test/6.1.6, Apache-2.0, approved, #10674 +maven/mavencentral/org.springframework.security/spring-security-web/6.1.6, Apache-2.0, approved, #9800 +maven/mavencentral/org.springframework/spring-aop/6.0.16, Apache-2.0, approved, #5940 +maven/mavencentral/org.springframework/spring-beans/6.0.16, Apache-2.0, approved, #5937 +maven/mavencentral/org.springframework/spring-context/6.0.16, Apache-2.0, approved, #5936 +maven/mavencentral/org.springframework/spring-core/6.0.16, Apache-2.0 AND BSD-3-Clause, approved, #5948 +maven/mavencentral/org.springframework/spring-expression/6.0.16, Apache-2.0, approved, #3284 +maven/mavencentral/org.springframework/spring-jcl/6.0.16, Apache-2.0, approved, #3283 +maven/mavencentral/org.springframework/spring-test/6.0.16, Apache-2.0, approved, #7003 +maven/mavencentral/org.springframework/spring-web/6.0.16, Apache-2.0, approved, #5942 +maven/mavencentral/org.springframework/spring-webmvc/6.0.16, Apache-2.0, approved, #5944 maven/mavencentral/org.testcontainers/junit-jupiter/1.18.3, MIT, approved, #7941 maven/mavencentral/org.testcontainers/junit-jupiter/1.19.1, MIT, approved, #10344 maven/mavencentral/org.testcontainers/testcontainers/1.18.3, MIT, approved, #7938 From 2042dd34dcf57ff40560b8d5ad5bb16e0ea7f735 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Fri, 26 Jan 2024 03:22:34 +0100 Subject: [PATCH 20/22] chore(deps):[#xxx] correct CHANGELOG.md --- CHANGELOG.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 12be290d34..458cdcad76 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,7 +15,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Suppressed CVE-2024-20932 from graal-sdk-21.2.0.jar because this is not applicable for IRS. ### Fixed -- Fixed CVE-2023-6378 by custom dependency management entry for logback (1.4.14). +- Update to Spring Boot 3.1.8. This fixes the following CVEs: + - CVE-2023-6378 serialization vulnerability in logback + - CVE-2023-51074 json-path v2.8.0 stack overflow + - CVE-2024-22233 Spring Framework server Web DoS Vulnerability ## [4.4.0] - 2024-01-15 ### Added From b2c3090a7a0a0171c2dc7be982ae4466e0fe7688 Mon Sep 17 00:00:00 2001 From: ds-ext-kmassalski <100765908+ds-ext-kmassalski@users.noreply.github.com> Date: Fri, 26 Jan 2024 08:45:34 +0100 Subject: [PATCH 21/22] Revert "feat(impl):[#378] separate credentials config" --- charts/irs-helm/CHANGELOG.md | 5 -- .../configmap-spring-app-config.yaml | 23 ++++------ charts/irs-helm/templates/deployment.yaml | 26 ++++------- charts/irs-helm/templates/secrets.yaml | 10 ++-- charts/irs-helm/values.yaml | 17 +++---- docs/src/api/irs-api.yaml | 46 ++++++++++--------- .../docs/administration/configuration.adoc | 20 ++------ .../configuration/OpenApiConfiguration.java | 21 +++++---- .../irs/controllers/BatchController.java | 10 ++-- .../irs/controllers/IrsController.java | 10 ++-- .../irs/ess/controller/EssController.java | 4 +- irs-api/src/main/resources/application.yml | 33 ++++++------- .../controllers/PolicyStoreController.java | 8 ++-- 13 files changed, 99 insertions(+), 134 deletions(-) diff --git a/charts/irs-helm/CHANGELOG.md b/charts/irs-helm/CHANGELOG.md index 1a763d03c5..28169057dd 100644 --- a/charts/irs-helm/CHANGELOG.md +++ b/charts/irs-helm/CHANGELOG.md @@ -5,11 +5,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] -### Added -- Added configuration parameters `oauth2.semantics.clientId`,`oauth2.semantics.clientSecret`, `oauth2.discovery.clientId`,`oauth2.discovery.clientSecret`, `oauth2.bpdm.clientId`,`oauth2.bpdm.clientSecret` - -### Removed -- Removed configuration parameters `oauth2.clientId`,`oauth2.clientSecret`, `portal.oauth2.clientId`,`portal.oauth2.clientSecret` ## [6.13.0] - 2024-01-15 - Update IRS version to 4.4.0 diff --git a/charts/irs-helm/templates/configmap-spring-app-config.yaml b/charts/irs-helm/templates/configmap-spring-app-config.yaml index b43e15ce64..bad14f82a5 100644 --- a/charts/irs-helm/templates/configmap-spring-app-config.yaml +++ b/charts/irs-helm/templates/configmap-spring-app-config.yaml @@ -56,21 +56,16 @@ data: oauth2: client: registration: - semantics: - client-id: "${SEMANTICS_OAUTH2_CLIENT_ID}" # taken from secret ENV - client-secret: "${SEMANTICS_OAUTH2_CLIENT_SECRET}" # taken from secret ENV - discovery: - client-id: ${DISCOVERY_OAUTH2_CLIENT_ID} # taken from secret ENV - client-secret: ${DISCOVERY_OAUTH2_CLIENT_SECRET} # taken from secret ENV - bpdm: - client-id: ${BPDM_OAUTH2_CLIENT_ID} # taken from secret ENV - client-secret: ${BPDM_OAUTH2_CLIENT_SECRET} # taken from secret ENV + common: + client-id: "${OAUTH2_CLIENT_ID}" # taken from secret ENV + client-secret: "${OAUTH2_CLIENT_SECRET}" # taken from secret ENV + portal: + client-id: ${PORTAL_OAUTH2_CLIENT_ID} # taken from secret ENV + client-secret: ${PORTAL_OAUTH2_CLIENT_SECRET} # taken from secret ENV provider: - semantics: + common: token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }} - discovery: - token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }} - bpdm: + portal: token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }} digitalTwinRegistry: @@ -134,7 +129,7 @@ data: irs: url: {{ tpl (.Values.irsUrl | default "") . | quote }} discovery: - oAuthClientId: {{ .Values.discovery.oAuthClientId | default "discovery" }} + oAuthClientId: {{ .Values.discovery.oAuthClientId | default "portal" }} {{- if .Values.ess.mockEdcResult }} mockEdcResult: {{- tpl (toYaml .Values.ess.mockEdcResult) . | nindent 10 }} diff --git a/charts/irs-helm/templates/deployment.yaml b/charts/irs-helm/templates/deployment.yaml index e30f10c7e8..785961cfe5 100644 --- a/charts/irs-helm/templates/deployment.yaml +++ b/charts/irs-helm/templates/deployment.yaml @@ -81,36 +81,26 @@ spec: secretKeyRef: name: {{ template "irs.secretName" . }} key: minioPassword - - name: SEMANTICS_OAUTH2_CLIENT_ID + - name: OAUTH2_CLIENT_ID valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: semanticsId - - name: SEMANTICS_OAUTH2_CLIENT_SECRET + key: clientId + - name: OAUTH2_CLIENT_SECRET valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: semanticsSecret - - name: DISCOVERY_OAUTH2_CLIENT_ID + key: clientSecret + - name: PORTAL_OAUTH2_CLIENT_ID valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: discoveryClientId - - name: DISCOVERY_OAUTH2_CLIENT_SECRET + key: portalClientId + - name: PORTAL_OAUTH2_CLIENT_SECRET valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: discoveryClientSecret - - name: BPDM_OAUTH2_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ template "irs.secretName" . }} - key: bpdmClientId - - name: BPDM_OAUTH2_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ template "irs.secretName" . }} - key: bpdmClientSecret + key: portalClientSecret - name: EDC_API_KEY_SECRET valueFrom: secretKeyRef: diff --git a/charts/irs-helm/templates/secrets.yaml b/charts/irs-helm/templates/secrets.yaml index d9488ae665..c9f8741a28 100644 --- a/charts/irs-helm/templates/secrets.yaml +++ b/charts/irs-helm/templates/secrets.yaml @@ -35,12 +35,10 @@ type: Opaque data: minioUser: {{ .Values.minioUser | default "minio" | b64enc | quote }} minioPassword: {{ .Values.minioPassword | default "minioPass" | b64enc | quote }} - semanticsId: {{ .Values.oauth2.semantics.clientId | default "semanticsId" | b64enc | quote }} - semanticsSecret: {{ .Values.oauth2.semantics.clientSecret | default "semanticsSecret" | b64enc | quote }} - discoveryClientId: {{ .Values.oauth2.discovery.clientId | default "discoveryClientId" | b64enc | quote }} - discoveryClientSecret: {{ .Values.oauth2.discovery.clientSecret | default "discoveryClientSecret" | b64enc | quote }} - bpdmClientId: {{ .Values.oauth2.bpdm.clientId | default "bpdmClientId" | b64enc | quote }} - bpdmClientSecret: {{ .Values.oauth2.bpdm.clientSecret | default "bpdmClientSecret" | b64enc | quote }} + clientId: {{ .Values.oauth2.clientId | default "clientId" | b64enc | quote }} + clientSecret: {{ .Values.oauth2.clientSecret | default "clientSecret" | b64enc | quote }} + portalClientId: {{ .Values.portal.oauth2.clientId | default "portalClientId" | b64enc | quote }} + portalClientSecret: {{ .Values.portal.oauth2.clientSecret | default "portalClientSecret" | b64enc | quote }} edcApiSecret: {{ .Values.edc.controlplane.apikey.secret | toString | default "" | b64enc | quote }} {{- if .Values.grafana.enabled }} grafanaUser: {{ .Values.grafana.user | default "grafana" | b64enc | quote }} diff --git a/charts/irs-helm/values.yaml b/charts/irs-helm/values.yaml index c436def741..9744cd5efd 100644 --- a/charts/irs-helm/values.yaml +++ b/charts/irs-helm/values.yaml @@ -152,16 +152,13 @@ minioUser: "minio" # minioPassword: # minioUrl: "http://{{ .Release.Name }}-minio:9000" oauth2: + clientId: # + clientSecret: # clientTokenUri: # - semantics: - clientId: # - clientSecret: # - discovery: - clientId: # - clientSecret: # - bpdm: - clientId: # - clientSecret: # +portal: + oauth2: + clientId: # + clientSecret: # edc: controlplane: endpoint: @@ -210,7 +207,7 @@ edc: cacheTTL: PT24H # Time to live for ConnectorEndpointService for fetchConnectorEndpoints method cache discovery: - oAuthClientId: discovery # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: portal # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client ess: edc: diff --git a/docs/src/api/irs-api.yaml b/docs/src/api/irs-api.yaml index 1655a04f7b..67879e47ea 100644 --- a/docs/src/api/irs-api.yaml +++ b/docs/src/api/irs-api.yaml @@ -7,7 +7,7 @@ info: servers: - url: http://localhost:8080 security: - - api_key: [] + - oAuth2: [] paths: /ess/bpn/investigations: post: @@ -58,7 +58,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId. tags: @@ -123,7 +123,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job with the requested jobId not found. security: - - api_key: [] + - oAuth2: [] summary: Return job with additional supplyChainImpacted information. tags: - Environmental and Social Standards @@ -202,7 +202,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches." tags: @@ -292,7 +292,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: Returns paginated jobs with state and execution times. tags: - Item Relationship Service @@ -343,7 +343,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: "Register an IRS job to retrieve an item graph for given {globalAssetId}." tags: - Item Relationship Service @@ -427,7 +427,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job with the requested jobId not found. security: - - api_key: [] + - oAuth2: [] summary: Return job with optional item graph result for requested id. tags: - Item Relationship Service @@ -492,7 +492,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job for requested jobId not found. security: - - api_key: [] + - oAuth2: [] summary: Cancel job for requested jobId. tags: - Item Relationship Service @@ -529,7 +529,7 @@ paths: $ref: "#/components/schemas/ErrorResponse" description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: Get all available aspect models from semantic hub or local models. tags: - Aspect Models @@ -582,7 +582,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: "Registers an IRS order with an array of {globalAssetIds}.\ \ Each globalAssetId will be processed in an IRS Job, grouped in batches." tags: @@ -649,7 +649,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch Order with the requested orderId not found. security: - - api_key: [] + - oAuth2: [] summary: Get a batch order for a given orderId. tags: - Item Relationship Service @@ -714,7 +714,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch Order with the requested orderId not found. security: - - api_key: [] + - oAuth2: [] summary: Cancel a batch order for a given orderId. tags: - Item Relationship Service @@ -790,7 +790,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch with the requested orderId and batchId not found. security: - - api_key: [] + - oAuth2: [] summary: Get a batch with a given batchId for a given orderId. tags: - Item Relationship Service @@ -826,7 +826,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: Lists the registered policies that should be accepted in EDC negotiation. tags: - Item Relationship Service @@ -870,7 +870,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: Register a policy that should be accepted in EDC negotiation. tags: - Item Relationship Service @@ -915,7 +915,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: Removes a policy that should no longer be accepted in EDC negotiation. tags: - Item Relationship Service @@ -965,7 +965,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: Updates an existing policy with new validUntil value. tags: - Item Relationship Service @@ -2639,8 +2639,10 @@ components: required: - validUntil securitySchemes: - api_key: - description: Api Key access - in: header - name: X-API-KEY - type: apiKey + oAuth2: + flows: + clientCredentials: + scopes: + {} + tokenUrl: https://localhost + type: oauth2 diff --git a/docs/src/docs/administration/configuration.adoc b/docs/src/docs/administration/configuration.adoc index d3430cc7b9..5c4bbc6241 100644 --- a/docs/src/docs/administration/configuration.adoc +++ b/docs/src/docs/administration/configuration.adoc @@ -156,23 +156,11 @@ This is a list of all secrets used in the deployment. WARNING: Keep the values for these settings safe and do not publish them! -=== -Semantic Hub client ID for OAuth2 provider. Request this from your OAuth2 operator. +=== +Client ID for OAuth2 provider. Request this from your OAuth2 operator. -=== -Semantic Hub client secret for OAuth2 provider. Request this from your OAuth2 operator. - -=== -Dataspace Discovery client ID for OAuth2 provider. Request this from your OAuth2 operator. - -=== -Dataspace Discovery client secret for OAuth2 provider. Request this from your OAuth2 operator. - -=== -BPDM client ID for OAuth2 provider. Request this from your OAuth2 operator. - -=== -BPDM client secret for OAuth2 provider. Request this from your OAuth2 operator. +=== +Client secret for OAuth2 provider. Request this from your OAuth2 operator. === Login username for Minio. To be defined by you. diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java index 991ab57564..837d9d9810 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java @@ -26,12 +26,16 @@ import io.swagger.v3.oas.models.Components; import io.swagger.v3.oas.models.OpenAPI; import io.swagger.v3.oas.models.info.Info; +import io.swagger.v3.oas.models.security.OAuthFlow; +import io.swagger.v3.oas.models.security.OAuthFlows; +import io.swagger.v3.oas.models.security.Scopes; import io.swagger.v3.oas.models.security.SecurityRequirement; import io.swagger.v3.oas.models.security.SecurityScheme; import io.swagger.v3.oas.models.servers.Server; import lombok.RequiredArgsConstructor; import org.eclipse.tractusx.irs.IrsApplication; import org.springdoc.core.customizers.OpenApiCustomizer; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -55,7 +59,7 @@ public class OpenApiConfiguration { @Bean public OpenAPI customOpenAPI() { return new OpenAPI().addServersItem(new Server().url(irsConfiguration.getApiUrl().toString())) - .addSecurityItem(new SecurityRequirement().addList("api_key")) + .addSecurityItem(new SecurityRequirement().addList("oAuth2")) .info(new Info().title("IRS API") .version(IrsApplication.API_VERSION) .description( @@ -65,19 +69,20 @@ public OpenAPI customOpenAPI() { /** * Generates example values in Swagger * + * @param tokenUri the OAuth2 token uri loaded from application.yaml * @return the customizer */ @Bean - public OpenApiCustomizer customizer() { + public OpenApiCustomizer customizer( + @Value("${spring.security.oauth2.client.provider.common.token-uri}") final String tokenUri) { return openApi -> { final Components components = openApi.getComponents(); - components.addSecuritySchemes("api_key", new SecurityScheme().type(SecurityScheme.Type.APIKEY) - .description("Api Key access") - .in(SecurityScheme.In.HEADER) - .name("X-API-KEY") - ); + components.addSecuritySchemes("oAuth2", new SecurityScheme().type(SecurityScheme.Type.OAUTH2) + .flows(new OAuthFlows().clientCredentials( + new OAuthFlow().scopes( + new Scopes()) + .tokenUrl(tokenUri)))); openApi.getComponents().getSchemas().values().forEach(s -> s.setAdditionalProperties(false)); - new OpenApiExamples().createExamples(components); }; } diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java index c8ff5c60f2..cfb85c6231 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java @@ -81,7 +81,7 @@ public class BatchController { @Operation(operationId = "registerOrder", summary = "Registers an IRS order with an array of {globalAssetIds}. " + "Each globalAssetId will be processed in an IRS Job, grouped in batches.", - security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }, + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Registers an IRS order with an array of {globalAssetIds}. " + "Each globalAssetId will be processed in an IRS Job, grouped in batches.") @ApiResponses( @@ -121,7 +121,7 @@ public BatchOrderCreated registerBatchOrder(final @Valid @RequestBody RegisterBa @Operation(operationId = "registerESSInvestigationOrder", summary = "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches.", - security = @SecurityRequirement(name = "api_key"), tags = { "Environmental and Social Standards" }, + security = @SecurityRequirement(name = "oAuth2"), tags = { "Environmental and Social Standards" }, description = "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches.") @ApiResponses( value = { @ApiResponse(responseCode = "201", description = "Returns orderId of registered Batch order.", @@ -160,7 +160,7 @@ public BatchOrderCreated registerESSInvestigationOrder( } @Operation(description = "Get a batch order for a given orderId.", operationId = "getBatchOrder", - summary = "Get a batch order for a given orderId.", security = @SecurityRequirement(name = "api_key"), + summary = "Get a batch order for a given orderId.", security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Get a batch order for a given orderId.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, schema = @Schema( @@ -206,7 +206,7 @@ public BatchOrderResponse getBatchOrder( @Operation(description = "Get a batch with a given batchId for a given orderId.", operationId = "getBatch", summary = "Get a batch with a given batchId for a given orderId.", - security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Get a batch with a given batchId for a given orderId.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -255,7 +255,7 @@ public BatchResponse getBatch( } @Operation(description = "Cancel a batch order for a given orderId.", operationId = "cancelBatchOrder", - summary = "Cancel a batch order for a given orderId.", security = @SecurityRequirement(name = "api_key"), + summary = "Cancel a batch order for a given orderId.", security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses( value = { @ApiResponse(responseCode = "200", description = "Cancel a batch order for a given orderId.", diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java index a8a23c11c4..60166e2c87 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java @@ -93,7 +93,7 @@ public class IrsController { @Operation(operationId = "registerJobForGlobalAssetId", summary = "Register an IRS job to retrieve an item graph for given {globalAssetId}.", - security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }, + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Register an IRS job to retrieve an item graph for given {globalAssetId}.") @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Returns id of registered job.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -131,7 +131,7 @@ public JobHandle registerJobForGlobalAssetId(final @Valid @RequestBody RegisterJ @Operation(description = "Return job with optional item graph result for requested id.", operationId = "getJobForJobId", summary = "Return job with optional item graph result for requested id.", - security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Return job with item graph for the requested id.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -190,7 +190,7 @@ public ResponseEntity getJobById( } @Operation(description = "Cancel job for requested jobId.", operationId = "cancelJobByJobId", - summary = "Cancel job for requested jobId.", security = @SecurityRequirement(name = "api_key"), + summary = "Cancel job for requested jobId.", security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Job with requested jobId canceled.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -236,7 +236,7 @@ public Job cancelJobByJobId( @Operation(description = "Returns paginated jobs with state and execution times.", operationId = "getJobsByJobStates", summary = "Returns paginated jobs with state and execution times.", - security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Paginated list of jobs with state and execution times for requested job states.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -280,7 +280,7 @@ public PageResult getJobsByState( @Operation(operationId = "getAllAspectModels", summary = "Get all available aspect models from semantic hub or local models.", - security = @SecurityRequirement(name = "api_key"), tags = { "Aspect Models" }, + security = @SecurityRequirement(name = "oAuth2"), tags = { "Aspect Models" }, description = "Get all available aspect models from semantic hub or local models.") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Returns all available aspect models.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java index ca6720b605..9414172ec8 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java @@ -75,7 +75,7 @@ class EssController { @Operation(operationId = "registerBPNInvestigation", summary = "Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId.", - security = @SecurityRequirement(name = "api_key"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Environmental and Social Standards" }, description = "Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId.") @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Returns id of registered job.", @@ -114,7 +114,7 @@ public JobHandle registerBPNInvestigation(final @Valid @RequestBody RegisterBpnI @Operation(description = "Return job with additional supplyChainImpacted information.", operationId = "getBPNInvestigation", summary = "Return job with additional supplyChainImpacted information.", - security = @SecurityRequirement(name = "api_key"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Environmental and Social Standards" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Return job with item graph for the requested id.", diff --git a/irs-api/src/main/resources/application.yml b/irs-api/src/main/resources/application.yml index 52df8d461c..ecf233bb2b 100644 --- a/irs-api/src/main/resources/application.yml +++ b/irs-api/src/main/resources/application.yml @@ -9,25 +9,20 @@ spring: oauth2: client: registration: - semantics : + common: authorization-grant-type: client_credentials - client-id: ${SEMANTICS_OAUTH2_CLIENT_ID} # Semantic Hub OAuth2 client ID used to authenticate with the IAM - client-secret: ${SEMANTICS_OAUTH2_CLIENT_SECRET} # Semantic Hub OAuth2 client secret used to authenticate with the IAM - discovery: + client-id: ${OAUTH2_CLIENT_ID} # OAuth2 client ID used to authenticate with the IAM + client-secret: ${OAUTH2_CLIENT_SECRET} # OAuth2 client secret used to authenticate with the IAM + portal: authorization-grant-type: client_credentials - client-id: ${DISCOVERY_OAUTH2_CLIENT_ID} # Dataspace Discovery OAuth2 client ID used to authenticate with the IAM - client-secret: ${DISCOVERY_OAUTH2_CLIENT_SECRET} # Dataspace Discovery OAuth2 client secret used to authenticate with the IAM - bpdm: - authorization-grant-type: client_credentials - client-id: ${BPDM_OAUTH2_CLIENT_ID} # BPDM Pool OAuth2 client ID used to authenticate with the IAM - client-secret: ${BPDM_OAUTH2_CLIENT_SECRET} # BPDM Pool OAuth2 client secret used to authenticate with the IAM + client-id: ${PORTAL_OAUTH2_CLIENT_ID} # OAuth2 client ID used to authenticate with the IAM + client-secret: ${PORTAL_OAUTH2_CLIENT_SECRET} # OAuth2 client secret used to authenticate with the IAM provider: - semantics: - token-uri: ${SEMANTICS_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials - discovery: - token-uri: ${DISCOVERY_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials - bpdm: - token-uri: ${BPDM_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials + common: + token-uri: ${OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials + portal: + token-uri: ${PORTAL_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials + management: # Spring management API config, see https://spring.io/guides/gs/centralized-configuration/ endpoints: @@ -216,7 +211,7 @@ semanticshub: # │ │ │ │ │ │ scheduler: 0 0 23 * * * # How often to clear the semantic model cache defaultUrns: "${SEMANTICSHUB_DEFAULT_URNS:urn:bamm:io.catenax.serial_part:1.0.0#SerialPart}" # IDs of models to cache at IRS startup - oAuthClientId: semantics # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: common # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client timeout: read: PT90S # HTTP read timeout for the semantic hub client connect: PT90S # HTTP connect timeout for the semantic hub client @@ -224,7 +219,7 @@ semanticshub: bpdm: bpnEndpoint: "${BPDM_URL:}" # Endpoint to resolve BPNs, must contain the placeholders {partnerId} and {idType} - oAuthClientId: bpdm # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: common # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client timeout: read: PT90S # HTTP read timeout for the bpdm client connect: PT90S # HTTP connect timeout for the bpdm client @@ -239,7 +234,7 @@ ess: irs: url: "${IRS_URL:}" # IRS Url to connect with discovery: - oAuthClientId: discovery # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: portal # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client timeout: read: PT90S # HTTP read timeout for the discovery client connect: PT90S # HTTP connect timeout for the discovery client diff --git a/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java b/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java index 9365e0f13a..2c18570427 100644 --- a/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java +++ b/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java @@ -74,7 +74,7 @@ public class PolicyStoreController { @Operation(operationId = "registerAllowedPolicy", summary = "Register a policy that should be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "api_key"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Register a policy that should be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "201"), @@ -106,7 +106,7 @@ public void registerAllowedPolicy(final @Valid @RequestBody CreatePolicyRequest @Operation(operationId = "getAllowedPolicies", summary = "Lists the registered policies that should be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "api_key"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Lists the registered policies that should be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Returns the policies.", @@ -135,7 +135,7 @@ public List getPolicies() { @Operation(operationId = "deleteAllowedPolicy", summary = "Removes a policy that should no longer be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "api_key"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Removes a policy that should no longer be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "200"), @@ -166,7 +166,7 @@ public void deleteAllowedPolicy(@PathVariable("policyId") final String policyId) } @Operation(operationId = "updateAllowedPolicy", summary = "Updates an existing policy with new validUntil value.", - security = @SecurityRequirement(name = "api_key"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Updates an existing policy with new validUntil value.") @ApiResponses(value = { @ApiResponse(responseCode = "200"), From d53a141407580abb0a035e98a2f8021be863c02d Mon Sep 17 00:00:00 2001 From: mk Date: Sun, 28 Jan 2024 14:09:47 +0100 Subject: [PATCH 22/22] chore(image):[#000] add logo --- docs/logo/IRS_Logo.png | Bin 0 -> 71293 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 docs/logo/IRS_Logo.png diff --git a/docs/logo/IRS_Logo.png b/docs/logo/IRS_Logo.png new file mode 100644 index 0000000000000000000000000000000000000000..4fddcbe5592fa07256433ecdc9699af63f08cb2e GIT binary patch literal 71293 zcmYhiWl&wgvNnuEfFQx0KyZfu8{4=CcbAR3ySuvt-M9pI*Wm8%?(X{K-t(SY-;b&4 zn$_!>e!6FRrh3f^mzNd)iinR00RizdFK;YSV#dH2g0*jX#*UxK#7dhNV-uA$2d)GH5{}m=C5Q+gA4Wa{|I>!#GIzOT zy^(P7D2gQV+ykJJ zyV(Lz$uh(J+7k(JlrMr7AiZ^)F@hNS^>boun<}5%NG_?OA1WT#_{+!z9$p$$Qf!`8 z#6b?rO*4@0nu&YZclKA3<&E30L-yKe5PG|)MuOAE%;zoOqsh2nv}l1@EGv`j9#veN z*24sKh823BUKSZ8%`je{%r`*E=tDtiY;vbhuEy_>h#H(hO!%{3l1#5sn<|5VtG|~X z97dC35;D3dmEf?XG?pk^MJFAZFsKxy-Qr^-Wi*C)7?u}U44`8mv*QjWkCiswzIh2Y z4a z9X6?*CZIHO==Um1`=w>6j71VbP))!`wI z`<=%2=piC3Ahc?h zc=UY^`m4ZY4ihs}q5*gLSAxHF`q*P3(AyGjz)WPO0LN`FHw7=-9o2LUC?CzQmK!#S0a{lnR~1V;2y$L_3iO4w)jO2>)efNx@Z% z;-^IXJ4oMK-e=X9WPoCb&tm<1^*8Yt+5t~Wz4lITIyr!|<+_c! zJGpJU{dxsPK!ni=VCYFjlS9L}L7)f{4yp^%3Q7%9$YY%jI}$?vju<8#o)Hco#?VL5 z2i&2S3^o#SAQw$gl(dv6Eby42n8BFwgoTCmhBXalhK=vF2v!WvM^wY~zyv0i8ac9t z^2XAW+mbEDO(v2gY${P>f+DCWvJ+&MMM?{`3wZOr6booHX&kU%Bg!yGu?VniX*w0i zXz^%jlCi1xX_Kjm)LL_Ymi$uYP(7f&O;V#xr2{K=R`He#Db*-^Q5cqAE^(09|0BhZ zCC6U$A`d&~b>ed(YQgk17jFvi6KKtF4srgiA~q&JW2)s&*#rF@p(7DkAf?iv7Okq2 zr&;MC){x=P9EGPX#tmZI#oZ;|jZAOE*ODn|6s*uaPgx0jL3WmN&h^Ok2z=4GXTtyW zl_dISbOpW)z8pJC`a!xudL;X!h3*VtrXYBmJCHx$ZlDG)wqBpXvBIvxSo5`kyFR4B zx&FPLVx_H~$pZC+*@@R#(Yf(7a~^N1@VNCf!l~&rd)B*O*|;|CcudiRz)?a@dQwlW zNUe0Sl=F{m9!Vj%cr)j7&d;cuRf2WNX3B!usKgR5XxCzpwM|Z*hdxT(Z&s|(HXT+I zZXb2+u}it@gW-%(DOo9*HH@JYQ5t$oHcLCpV*+4H(MVq=uFE*6ZV7acaBq43inP=_ zEo4+Pm}g1pQgr+4dhAcyBg1ft)hOX8_b4%4h)SGFwo2lBhDJ!;j;VFlJn*!wA<((? z9`baMLpcK?gEs>^!?p3C(QDOVmB$5>N3TuAW!%N~oZ&3^!SkF1FhzI(D0ek;emXeX zqjoNLCA4F8lCoPlcLIx=2G?@bRsuj-9hqueV3&`xouhhiO%vwzaldmvP|0P1dg45A{!h&x()7mKAMaQwk5} z7G^bB4nrIvF1kAQ6YmhO1pXW=d^QHN>1rlbk66#nRuLLn@7HDQo1b$(oD`0j44SK_ zs&A@swmG&(|E`jop(Bx_hAGmpWIe9t1U1@_`cn%)M9e=AaUv79MK1(0y>EyJKdiSISOCh-<#Zu{G7=A;c z@Y)Z)`s4ODe64RiT-Xc6m+G^jTd7)ynbZjb8%d9{g#wG}o~n()R+?DiT7pIr57S=6 zIIpSnqZF%@-2A&ayE*8X<@hUJP*hNqlHnhK%vwrmV#|*@X~XX{aZXGQ8ug&*xS#Tx zS+K_AlNJ+2`OylYW6F)P3yHhgO4+yO_IEqG(#k1esZR9ldaVY>quQHm;1q+D>(mCu zMXgQ~_esQuh>_%}k-p@LGGx{LsuQjArk5@Jne=-0t^N%c|=|W)2qlUvGR)whbo?0^4Z||78_Ic6WV3wL}#xmkdtfo%K+?&seto zx*oG`>e24Woh{DmyEc01{qDJNsrP!LC$F2-KIg5mYP;&|(e1i*P}WlQqART%i-P@@ zdoy^!S!65wcKmEQD1Rousdcs{+fccpn-J`+E^533I>{SKnqm#K$BII&aw261Ttk<$k$&=&rH>PYo^{3Vd` z6Ot0)jVk-Bg=!4l&%+7VHWF|M35aODwoqQh@Vic-p26sLad7~jcvHRH+5gS;rGIT7 zJl<}6F6-g9stx^=UjHQQY5v3aboj(%Bm*~pf+!#I@AwKZR+lu9k%6H7CnG>WhMGgb z{F5O6HT-`K0s<-r>c2gZD>=~rClCM6L&G@DZ3qYf2uTq^WjDyP4$o@SMHON;o0_h z@sZW>pt&mW^v){^N!~c9Yolk`#GizNopG#LXt~9A5Q%1+3R)#TK zZyu{KfDna_OU^8|l@`@);n-^GxZ-7YJ9iK`JK!|wbTY>$XKTg#w5;_x5SsmEQ}9uP z=nlmy^)vh*uKnK8bYiGlsBX*3TD!HQ=DJDZ*4}}IRncnndUfpog6cnt>)+>^8xvg5 z%K5tOPMrwr`Mh1D@;>ccy4yYOo{MUc^Ei8p3fM_I(2WW790G3t|IZDKfzI(Ep^>=9d&)* zS!?!Xhd0TeUq3avY`fUpCQOU|5BI2U4P5`WbH>LCu*bG*$18mw_b%G2Pd*XB86J37 z@PDb{`rkUkTxeMTy5zoJy1RIPtG(%5HyecW?5vEOu3~`#!3-dry&$ZC!0JA)?@eBd zv1i=3jA$2a(GRUWJ}-MGdB+de->w-m*9BSrm$5&RCCtOV^vLT!i$XIwIL zsBH6<<6eK}7<(EcA{xa8IF~oW|3kk= zI2$%;J0&<@GJ5nNM*jG}Q2j+;x*vB@+sr4*I3vz}5#;-?@unb{D`~~c{!8GQYPHU) z+4b?xwWVB}vnJf+e^E34qPt!9i!*s#+VpQGr^eW}-xk~Ouv>3=*5?0b!T-o5Q{**{ z+W-?V>)0Ll|MaT)#r0=5u)Xh#Kh9izw$h4R#a!!gNLmoOo}6yd;7EM_e}LfF?vW3_ zH_ypEc!un2u~QNs&5BM>FzS?q?f=;IA0K2MBWSnSJKgH>DkYfS&9Jz*yv6&C&mUBJ zzdfh9=s*46Lc{g1V}+W$`l~Q`6tmC?x+4H3^3fGL!~DMlg6sdz3iYsEa{94VtmoW% zocSQ81@w2maf1H(_TRCh&;eWIevg)){l_1_`^~NE-G<%XsQV$ol;rRKjR+tS-R(5G6o0+OSlpE$y z(47AbAqWO#385UND*IzQ>!3Yfj%b$x8KEiY)yCV0dwDdM-c;Xq_?kcoH}q^H5?+_ zLxvZo^+(zt8~ioG-3BkKY6sKXmMR-TfA#kbMwQ#05}@3GmO9P#ZJ<_&AU7KAETGIL zvwhmb#4|?Jmr(1%ESO4u`myuzOm0`r3|!0paOY&ZSdCgI5imGLk4Zr+yS_$;yR8o34K620>u2e+Tu5IU`6QfLCLA7Z-<#t2?1Vh-Lb7I7Qa%h`M@IKU?~ioQmwCp&De zwZT=osH^UwGnyMhb%eM@-VNUYMXqS^O2mBp0HFs9vKdK?{DF{84q@4bo*hJ-=oYXb zpOQvbf&Srpuh9U2il-PzV5%Xk1M-uNa|X(kQaVg?k;U?=BQ08NZ)#eM!VERUMw55w z`_@{uF1d9*)$^4TXV|i-w=Fln{!25jt?+tpe5f{}nv>hy@+}!1o>|^U;AI5;E!1Vi zexW|m*iobBolLoJ#)LI%&D1pgP{lxoAt66p_x$m8_iK|5_-kmkC>MfB(1Tj0ljKmQ z1||6C?MG)LzhwHv`zkKj7K=C+MI3`74c0p3rfm{_>usrE*B^6 z-z2Ap;BrTzPXD+cnJW=$pd6h3B@h%{xbua()MPXte2q|PV;qFotdanRD4|TuPZce5 zk7Upg=cF}&CiCqn9ZmDbZ;UH-CV=((P{Qk_-^G@Y1u5kqSqqNH$m*K!LC&)YWh{MGJEg2L>cZMzr=$F@OFx+|D zqx#l6O1w6TznvVpasz6gGUT;)ZL>R>IotVt-x9%QN|uIR{)x7w{)dpNmNdxK@0LpY zYFu5xgowqhSMfzLL8lj@Y-Y7ke0^m{+vHaY5jax_ndVkVD`Wud6iLT#9%p*4=9li6 zQb(s#^;|Z-MA!D$+oAPym`M(GY2fu}$%#F0vi>7reI96A)~4C6+0wXWdl~! z+eidS|E(R)1N;*P28w~%_-p$&At+gPC!l!W?@J;m%g%O246bg};b_xzB z;`ieI;%lp1M{A>M!^;YEvP4q8ZLiejn@h>dj9>!}=iy%a9O^UW@5o9Vev8$3FM=b& zR+Fd7WU|kN#ac(v(%CQLfT3aKJhXUwn`+^O($8uYR18hzRTg-t=%KA6=_&()!J&G? zh`5S*6XLY4c{Ym$!M_|aQOW1~chfaI2LNW{F688FP*c<`0Ln$1CtTPj#yVEbh9!Z5 zCo(jSS1xIG2C6ff3Vd)BZOt!2YcbYr!jsmIr7sT1^{FI?OLF{%hybPd2EMAzre`EYK=%_ z=nW)94-QqFf4!;@b90B!AEXW!)O{e&f2r%^Ules=rxj3rQG?UmbdS_M|1BAsUT>dy z-}B3mB75m7xbIuaKF4pnRL@T(y@%A)ea;i2=?8)C1VZ7h zXiqSlY833CA;f%^#XIZ8BXK&ozNNP`-c_;PElp_OwXTph^ar1ga9h>UD%uJWj2Ls;a`l^pzj zH|-li=`c(&EtiZA2GOktvm55j?_dRKHiYHLzHeq$@;hALIS*E4>)Kz}6`!K&5pI3A z=7ge(A!#|fKNYa#Tsb}}Rg2za)8({sP#`i0!b868-Qtn|PK`XB?#_SFclpCq=b?QqRe9;v~oYyGB z1G%G-2JqBkKjbBePkzO0xK3Nf07uNhhAQ?48C@>5C|yrP*jLqz@?EqxC#x*I3#6QP zKzG%nGYJ@X*eqs4WnZy{3`!;n!usHR7itx>wwZ~E50fSgoI1GQ^RYx3f#P-h>5l2p zKU(u!%d8e$KSKkjpHK2#B%gMNAy6RB=g%(O`J z^Ny?0-mLY0Df~ENAf(J-rLyt6_IrnOP6I)OH}(U=X=VseOn`tMxYqZjs#Gcpy9WCY zucO6$^_m~Xg)}qh?PQ2ab`P_f^RseleOE8iT6O zDgqtlToG7XYhu*p_NaCh!!I;j93_+($h@UWc!aMJy>=YnUup!yNe3k@XKnd~Xpl23 zizyw8S~UwbMkh@imLe+i;JvVD2UEO(up$I8mP`B&iTBxHT+sr?)^eqEz!NM~Qbevb zvtM7JR3Q;Bvj>$iXwm&FNiHr&7%|)3qflpszG7z|>KV9x9#gxIkg5F$50A~cLh#Y` z*uHQiYa{9IPryR-j?ssNBY-T!AAd_WJ;nZe4x*3}IG0cdP6>3HPASj~QzS6>ssf`k z6$fg-({`v_tacHUvW4U@)kb*RH*$r`z^(h4UxIkg-~Oi*-Rm}R0O}h7aopU9gYXt^ zZkTNiAy|1P%~O!^d`UkS%lk&$&w}uJIEX4rBlS5Ra;3yEd!YbzCr3d_pVE^8 zn&M}KKR$4IGIu}j{$|)^sAok}Q*XsX=OI{zMfq>p3xqboZS$QiDOROMsoP$xC8Sr) z_J+fB_%T*0uP1ls$_-n+#HkPi9YJ~%y|XT8b*ZxJmhT~BfX=EhpFRo#i1yc%I(_{e z7LfS@xljNnv>}v#o>4x2=JFYWQ`8o7qn`zmp!7)3cHB!i7W1U^$e*X}=C#@^{44(U zxx0%hgSyHzED#DiAkq3aQGBjX^dc(Nvmq*(W237u>-;%HJIK!B*vFa$Q2@XU7(;{U!kt@ zqj8qyGz}Cv{;;PiYP{PFd!-HgRUA#Ro_0T7dw6bl7V`_#A%$*@ev(-2M83t5!byt- zZ$wvo7?lU)mtgF2Nc%=?gB31vh7%3R>%OX|-ig)bfqIr81>LKD_#)uP6ZvkLApTGZ z=Xn`W?OyMmi_k^t4QmY^nJKNtNJ`?FfJlWL$CF*IXbihE)f%wC6k7Tz-ubpdnmS=gbPO&18i+Cr zP@x>_=G$xGW4+lm;nX?7be^P8kxSDShg4rg0`W;QeG({|M{A~ z;+sYlmsR)}CIk#Xn1(kt$Ytvx9z6e1>qO7v{>2wix=q%F_l@*ytk=WD@gYg;AT~;o zB|YQSvq)2*Rz0>PhgBl1XsGd*9}(Blrbeg6rH`tpeZ+58H{cISqGpHcPG zU=rYl&}JZSEiukq!swlLv2VP<=yYd%93ezaQI83qXu zx}zfzsvic|>@BaxE}s@Wb-M)9icbShLd&PXy!5_KL;e8z$v;$FB2si|X$#yourp?&JX(1P1F zrZZaFk5r$k=BRzrw=#op0Fr2)l2P7H$J zqRZ#PvPg@mwU$vr#s(&+97(o9n)3IXCYsyj{ipi{r(9LnNm+#RBdt|4zx^y2ym3{I zqpG+crpcwe+q*CP)EyKwO7ao{kGh9h<@LJqeo|sz9+3Rat9e*#byixc51mu~A}}*T zL`SUNZArloL3wy%=gHks#8dvWz_?vsUu$7&;@N>*s8Us*dH@asld?ghv0?*paHx3Z z_sFj1`C$caUq8M$c41-TiGW1lo!Whw%9Mj_0pMWn)%^8rP`bSLFJlV|rXfPf%D0E+ z!mm6e2{2aP{eP*gL`5_L3GlP|Z-$}Ew+FG&4DI+^e~LesgrI{iL!GI5#0cWfR9!GN@l6ib?!r+>`mU*gH(%4Y&0t~OL-$|K?_T*#jM!u^2bU|0;)xgk{ZVp zGBxgfV0-^4Ettw=%>BN0gk`i0oQ{DIN zE$3Khli#G^E2mOCmE{qEH>p9m2&qtd>tog}#`IH){OW6pe80x2ruMD6w6~eFg|Xh` zUlbsdJOM)OqQjAoXUO)Pn zy~2BXDWO_E+$#Ga)k(%DpK-w%nalv5;d1GY-vU+)SF!Wyu&okQltQWeLxN`_7`LqU zL6FU~v4poaulPO!7FMMV_MCslDC?aREXNAa|E}>HUP)Hm*vmOh!W^~xQs`Hke#Ctj zjjUa{iw5Q1A>ziWBqgyC9OzHZUtbsKWMB3M`{r5ww5eFX-a|ovJKS29 z{#J2qO<-Rx(^BojyGh#SE+kNz4@jy4tZF;Co>eNF8b59XD-b&1SL`LtjFEpZvQ|Sc zf@JnZT_?k8`j`k$tXyU9piz-}sW2Q-`f*U-$mlFyfe^FUyZ3+)rz^tmUh1SZh2;)} zThjx=z;5)&TTHPa)h`MeL0(}~Iu&+*%vGe*k{*OGuuHKB@DEbi$MnXg2_)hPn%hYz z@7}-Yy~Oe5g<{$t&fq7_VT;(S({VNoQ6p={IcBt~l1EvdZ#DGatq=mbxGZMk;Rm~G z3PF(~W%Je1sR`F<@s_A0iMz0BBs@;_KAy!sCr_>XPs7)Vky^ik_1yOoXN4cuXSM5P zYh`b+LStmBTF%7So60wx#w$J~jRM?yrs`yV?EohTsydyeJFWU$jeWO!Jd0v^Keq0M z?^wLNxSyGHJp!3RqV%Z9LrI!1PK&#ICO<7V+q`RgU*1+Y+N5>XhKc~ab1-~?W;9(&E~59*>oRjYB~ZlnkD1K^$8Qi!vcn~oH1>U2Ew!?&;&cao zD_a<14u6fsP_oP+qY$q&<6P~&{dR|;$Fx|$_wZHR!v|^E!SPGkNk9{cGg|ev1int; zSg*s*jWh8K_jpg`fM2lbA(K2C?SK09_ejDZmZFet{n>#E$6H&&;(cCIR@4Ue zGJ27F$XZ1zFQ@c*dD1y@T{kai@7sGTC3C#d=CYGT;1t@(keuX*?ewv&U(Hc zelF?xd|aN}+&jCdb?EfK7knHfPlA2k97#&$?HVGPD)s|LaPLK7s^=BMyrOgljN?QB z4URVQR5`flWhAVMPh(HZaSMx246o}kOQMM~C{nP8^(EjzGJJ{IH3oJ3b zzXcmj`Sa|4GWkg%qa8$YXe`0!;3_CqBTK`S|)SAFTbS!J1N8q+N!L!?ZQ9w zJJvoZcH!b=_vgwL)Yqxln*|h_mG7uG{QOU9?*Gw<6{ zD~!sILGRw1kq*ygNQgGeGE2`jX?+}KlHL3~<|%UZ`N(HW)xAz1wW&rhD#fWKHaf>4 zZZi~I{R1@LTzqG`{Ae&qlrc~4?^EyoV0!%AxXVZFJ6Nu5VDMVR?#Hp{H4NKTh1H$SI6n2=?EkYMSe!*UJ5?8 z)Lu>kuS$`h?lBPob^}5Ijz0PYt{Xx2ku=-ko6F-AoD^(O@?-2CVshJ>#CcagdOxwy z{&>ZUf|r<@FeA8jJuLNmBH=mUnEEjh%$9{@t%9)>eE>N;Ll**(yBYHGKfR#|cIyuT zJ(lep#^2TH#E6@Qh_d}dF)LJ6qo%|T`xIHk$TYknXsj0CF(}3-qx{$S_d+`j>fT3? zE-{9w?t#`;^|Kah(-tP>r631~hr=5 zNQSqKBbR;O)=&PW(LOyVTrW**ccrr3*p*o2_SFl!Cc38_VXv-~tp0%lfM&_o^i$9; z%gF7#M_$D6*es$wrts;N4{Aokt#J7dD&7;q*;{)b301Ue%;%D5O;ziyKYtUZzteHf zeH@>BV|#+ipy12R@0zl=A5$Ni04L!>_ua~rHb4H}ki(G^IUW?ii_33-I=4s6HPXKi zo2#bTu9S>2K&P{KuE9=m=2LM%h!DGBQ4fRVY@wCiEjb%g2jM}mz6{XUieF5wA^xbZ z5Z%>x$FmD zTMDjXeaz+O!Q*q$$j#&3gIv@iQ!|@rySpB4GKlhEQ@FY#8=oM9#>BPt3j&EmffuP& z3qM~KfH9ID;X6}9r(~r3TPa>TrfRTV!gbtkeT2`6k?#V8(SoFh-=6FWA67&Tnbf{t z(PTRa6C4r;i{s1!YS&5jFS$}ajH1q@TOTB)#N&44`l04;=-@iN7$_qz92%E0mr^OcEK}RWZ{pge8UAexI)oyYT~+|`JSTVb)le7q0b5UOL@Ph!Ow{Uh(C7@#I|G%c3>qVDufmxe%bq z>`G-e%;=yjmb)92H9hN@W#kJ4m9E$1wOD+5XNcX7%*l~>_4nWC%#;K(xWXKbAYrL6 zyAPYlXiKX1?2{^P$cYikNoDtNQ>_CKu{SLAlwzOGQx&q zUMyOh9ebvX#GAn090|sg^2a#@jd;^(gwi(z+n3S`O{+BFS_^|d)DAuMw(*5~D6REZ zs>H|%wInVut*72l!ftr+4nB(LzL_QFexPPp`EGT*!XZjC5YD>~!ZIl;S@f1oK5ncF z0!{5&Kc2)0dtd~e0tu4jNd1;fHi}-v!h-&*z(k^h$S{4JLUYXWOy)%MP^cTBvzU-D z&Fe5W_kdrvqPB3m&e%Kd!3Q0Vox}wD{mR=^MBdRvmDq2Y07cM5Npy>49N9~pc;Vz1 z^>)+Oqtap~KYod7Jc0`6x5o3(T7qSy`r+fji9^w`@WNnC>{x&H%4a&3(-0Ie^+4=P zJ~fI3=Jj6H(G)BHNB(J-fk#`%;frn?^t`Bmm!p%JpZgHU&F96&rh~E14XJWRNm^b9 z0`n{d$&*Emq}X~ap7U)!BUV^ww4~nX@t~OXd=#F$;D|fvw-s8ONkqKz6wQWTCrpDa zO(Ec`k)FwFsE4)$e`s;JYg6wOe<4quQXFOJ>B;XWP+|*7_PNRilR@#S4R^hsKJG%e zcDY&?D0-Pnn8f`%w2KY+TS1qM2M>!_0H&x!v_{F~7bVO>C}kE+t^olS=wTpNFjte$ z6f5M-&QKj(q@f@R|G3o>jU})Jl?MOtilT|MJ3mOr`k)V+Eub6##A&yN4?N&k?a6eH zGP|KNJ?`#MFIBRUCny={*+rgf@G3$U6yWM#j;xBH_ABYujNOvi~P*K@ya6?i^1?V z?5z#$j6R|EkC2R1lX!Mvj+G`*Ut*%4($9{UL%vq423nhEGzc3y-**PXqO zZ9NSPzJn@CeU1F#y_HECFPA%yp6VuE_2POr(Y7AVIExdH-l$K-N#(F}ro^^I=7VXR z;!a?@_q1YkBzLg~#b-u)(?}S9*M~VD?&@91G4EDASgC!qdUIln^al5bU;9D7va#^gcaS{auN3=M7U=Ol{nby2jmO~`RT1>Mtz6#oM zV{-OjTio7hr5G0+8tC43_Wd?i-0p!Bc?d+Y?s$oN7n)d347}WCV9f;`pt&fPb z#~MW}^x>aF`B=1nK$xtTNi(pWM4ACS3%;7F=hZIb^`NyW#>C4f^2tmCniR@KnYtmx zz0R|W-Nj+j#ML%>V}y^z5OVySdm#5Jfu3o7U-NJ+64UcKEEz2+HC3yeBUeD z7)N=1CbcH!e?;pO+6*etHWie-0V7bqum+9-W+Du%p^y=jhc-k?BV~IdwCvHA{ zpAY5d@-BO~f6T&O+Xfy+NPEo&Pl}&aJ~6%)mgsrz0XO}wYh5l9-SD*V`@){uw?e%?`&u(naZ^Dej`uZX>85)b<@=zJb_1g> z`ap_Wx$iPCda){1mh?#V;p2_X4^LxZ03!-~2CV0Nh9s-L2Jdf0RmT`_aY5)L7WPsb z)x^yFbsAufayeDwP{Yx#`Jt4r^8yOs9*lW z)KRblMx_E}H40!4!k6H@6;6>qISgZAz0(*Zq&uO%g6b{UnE2E49fqv?$y4+EsH9@> zGzSC-(!MBJVsuB_DsGkW``#@HFWZ9c_m~AEO6nTF+{aR|`w>!K`AGOVNaZqc+#3XU)g?4SDZeHy_ zc>Q47IPAiO&2sRM$|GDli6Lt4IJK%Fss}yn>o_I2*FZ?`=_~$BmyvJ2(mg?%L}Jbp ztZ4L_Mjf&+wb`yiVMUw(N_Cl!JrVW){i7}FNUxqmvS&rE<~cp;vXvT%i`42=piC^s zE8>9MO+mwU=W_#_&3eHa_ytE5>$)W791lS^eO|afzRIHFColSpSkft>9I%J}>uFLt z-IS^ggTuzjZ6sGW@g1)R)OWu3<%FsM0rK#YlURpSM@qRps*foFMVJ`CU|`q?6$A9{35f_tbRqd9w+%W_ z=h^$M`NWVeaTJtH)WBb^x8fF@zjzam!<5PJ0WFm|N=zXeni%Urqjy|~(}g50vcx8| zQSud1Uhdauy7sn!NlPh5pjH?u+}=?KJPl8fmQfLGB~A301Xqu=ldGi9JEe5&7)-U> zZ;Tat8zXp1ejyS~Hx(NU=KX20uSpTiQR0zK?~w%;OyXr+a@*vwMn4tou%p^??)d;R*l=NklJ z?{gGl8|R^B@y6o*cELjI#`Fjey#4MQ-lA8e$vXa9T^NVxNB($GPcsnv;~VPLRMl-D z_>J^mit!t1K@iey zVnQS`#huhXTl%|&T&JXm3GVhC*`Xp6M@efg*2}G@tZ*JS9`7o~a zrHdx&cfrlPwz;)D0X$@^2~M}oA`WK)bD8X>l`Sg%)SM}79EaAg5~?0ofLKSj1_Q7$ z7t4Eghn^=8E8|A(h;QY#RL^rJwMqBU*|Qf(aV>WTo&li2l`)&i7+Hkc#r3`>?Ao?D zx%T#l?|HTU2{PK(VR!W1Qi$I~4`)U#wmxdL&`49dl@XB0c`l=(^U+W~#gr5QsyiiD zSVLfg?}^x@?&|&CxczoA%a#gJhuFN8ohBm)!!V%<COE#p&4B-yZ30m*pFOGbbLurYs{6`_j7=8#fcp=`KX z?34wsa{v|v9hwFx2I5GHEX#NN%*BxfM_$n=La_>6!Ag>Fvs24zITIn}b7^cvmPsX)h z%QGwc-dSypx8rh;Q%=u&8p|2alEzXn0{#3CTMyGle+g`aNg$nza*Y|yK9X2K3$D6m zANZajx>s-5O%C2keN{4qpyQQKz;oOPpsY1hAhdkZXA@F5 zXI()n7paK!H8Xb9=Pv1r0>^$avUqyrq6~^$&NhC!$u;w1Du?OQNHsgxxl5!6JOsas z*8?LQ(6jh+*bBGv9$uHohw$;yv4PVZ8QAJ`uEc_7P_cGR!xOy#n9IThj^8STR;*M$pO{3 zZfcYh{iG%*e@z_tp%DhRZRNVhU|kN;ZQ(@#>%-nLn2|L0En}ChfJOt@MFx zhXc>$HS!{(lbOtySmg9$MD+MP*Jao#*4wx$KrZ+#OI|Lj2Vy#j1!=Kg{Q?XfUU%PW zR}O{wbh&|{rs({mPbqTi+jvhuLgvP}86aeT(aZmuK|WpuS9h&AUJC2|@s%L<^|@qE z-2iy!ds9bd6oh(;{VS#On~@~FWca?=N})tmdO0vAIHRjSTgp$9+{1=LltD4pA8$7H zeJS@UxNU^}tAp3FyWGNjB^=MR-0<&*Ge=#%g{#dq?|(;wsasIz5D0!H9q_>rbJ&|@ zPJI{0i6E3N?;vR&!XSsvLbSRoqyh#1yL;DYI3)huqv`n5eHaD#-Z)cgZfK%Fs01HK z8?PoZ{tPilEFzo-|)XXykR_iyGj06Vb-hG`?nR0ESXJCYxH^6ZoU?GX?%L=W*Ko{u;8_50??BU zvkRuUWCt{4?y6Q?jW=yk>vb)_KYYduIhTq&D}0ai4{D)dfzeU$KF}J*I>a-lhP$rP z3)4O<0mTn`1v2AbJ+eqVY2mdxRSW_~+tEnH*qv+J6>g!bb;RzjWQKFCW5Q-}blc}X zff;UH=sshK^dlPYiYA5-x~==o0wU-nKk+7s1?V`2_(Hgk?PYJ=j5`JX@Sk}OnEoPQ z*Q))Mw2={9c!`ScehyP-+h|Aor_c+O%`yuNSt)lUtQE}v`o-YnEfkrG={pU)S;}5{ zVwICwcOP!`I>|Z?JnT8-LW;&)%lQYEaM0Nw+Xj;7 z=W!-)5C7+_(g88glu0}vyPeP4N2AT_XZ~8QKQy?BiiyZ|n6Av4C#^Zt#6A*TFG-z! z!N}N4;e+7GSrUTobq0=&#jNJ#6U)fM2dv*8=^ds>*&IkOtcIOA>Th{Y?ZZ!TNmBf9 zGx-aJf_(Y}^hfCVfs*YPN?2wZrJ%5yOq|}~FP44CR_din1nk7Tti{0gl?WNVeL34= zb-)nkubX_aOat+cbJT2k3%)S$|+8M+B!B zJ+qKB^rD>A%;(-71S){?`|tJgZc`hO2;G*CS^z4XV()b4<}NZDa)E$ z%rM23@JaGso^QUf`K0Z$r>+A!u1~az2;TXYD&Y4r&I^ysUr>#w&CngqEps1Q4t)9( z=Baa3LyQS?(y??XSN2PRDsFhpswrUjD%Hu1W!ll5Ei{dPH!Vj5tYf3;vijwDqY;=5 zm56*q2HosoN>p^YQ*UZrTK@cz>o&ch|0~TU7)#c6Qts&Ie$-omJJmLk*(Yp8SgQ7L zYA?hLJS>@X1U+;XKy1XIiAG55<#4yC#9AFTFPml5K2(u9%I<`J6$YuBH=*Muw7)nUnHYVXf*HY*my_|-An{83dP`7s&GqwaF;HfS(u$nIAnO)|zD4dpfId*k3 zdfPR+LqZb(ah*SvVu_!?ri26x6Gtc`RA-X|){mUV*MqBF2Tu!K=5I~l`+(!i&Bvbp zFd*LOScaSk1N~h3OF<8l$o9L^TM+r%9+KrRBg52~=Ftz>SAhklCB4_@PRlNrm+Ug# zYM3%^tFfiH>%&`2>B#Ksl3?xglhj2EKh_t;`uSqGpZ*;8gcVoNvYl~!lqf2a?N(;N za4Ty?7)Yhh+HvV=FOB)>GMxLSUao$Vdq zBBJW};HAjIYPcYf1b~0L%UPI7ueYQp?-}8|65g@ z!{@UVhS_g7|2TJAZ@*vN&;o?T=|EljEt#-^uD&-nQe!xmR3q!6<99WF zH7J8>sGMhL>CU*!DHCQ~*^AulTvAw^oOkvSmvk`(lwg-lSk%F1{V$!8F5`L`nD7R7 z%PtP$XqQ}FA;1k)F*X>}t4)3&rODB=78n*H7J@E6)+b#>nA&wV$vj^#}Qn4vdYKXLVPO zm<+#VKc)EcZGH{v?>y_z`1`b51+9~}%;2}(@RBWmFBx~4_!TPr!jvX`}vh0HOyABAM@Z?(HfbF2YAWE@K|3yPDWvq%E5h`IBI(v973mlGp6fP2ZT#10?RmL zuACe6*#|s`%6Z0-#_s2RR1indk6iM~zGdv8vXWyczI3sHFsjdYqr{Vyz#uE+H7`rL zoRRE#-gr)CD9^=e4L!RFuQZ3OB_3c<7-LDVH9=fHx{n>|GE2rjKk*9^{Z}TefjeY( zwYZtM`vBk7=J&$Y=TV=*2;hTG+m*jsqWCIG**NHV8nY{>GJj_n*Z5YmQ*@o+IfLI1ZanL}v#sV3I~lR02B$~d9G zD?aGdW=#u@iVqBmaBRgfHYX42+`!5oTx1O&<)sUASVEEyYUe6fQf;zK6`i{7k9N=6};q&yV`kK`CU{y z;e4(5o$4IlYVbF2{~O!H=}$jR?x;1DTVE_jUEFr^fhc^KDy^wX#^s@CP`B}9$&1)8 z3TBY4_kvyz*if=RFHdbYEm!d|i2ErZ)w3gf=lszV^++*PS0W80Nc<{Cj~<71)`_?B z6d_|ki9(&Vyf4(zu#P2R+`o@5PU71B7ahVuObG#pM=r>K>;kH8T(e6fV{`X{cqU>9 z5ko9}JX)y*X59$rVki44#bLAmn_fB!m-`PNJfg?y zGubMq36Rmv`Ve997gqdg0|r@ov{CvEow^bSjS>qY3i;5RkZ6e`EVNQ5Ec-_t?rN_& zd@P&}n54OPz|!8|>F(sN_V1*-+L&Z~Sql>^Pcrn@Ka91_1`ga?o_*W&ZT1HN#3`O= zO9M0uY`ze!#t&QIYd>2RydSLhg2mh8wOFLrQd4yJK~~!ZOG19qujkK;o+$Y$ChF|3 zi;e5uz<3ZNGJUdNw)QcUXO88*W}9bJ^d$ro*WfGd26V4G_wY+|I3T49%jmyl&;Elbws zJ5IruaPonTcA?5ygR`l;l1Wab4nO$BOUv8ECG{Fogq@j6PAP^`0W`-WQkkh1I%IIaRe7QA@+b(8hGbMc`My7=PhstF-^I zy`TH$Yi@N2*fOK|S%($U%WQ-FXU}=XR@82Lf0sw*UvgH=elbOK^FpHleA95%dS?2D zoiRud+IcqF=5kTw?Wxam&O!}h!X5a`3#%?>)Dy9U0~V$Chc4%YHcG}R&&q2;y&D9! zfKka0HSpEPWEEl1Uc#ui+>p=;7D<@{Jkb^c+O{YsY1MCzuUUgckS4z{lS!FXunDxx zsi0TCFkW?opuruGxeBrLkqldc3tH>!U;73JEA1YO2M zuY!2uEg_4EE$LLl2syWlgI9SBpb$RYFO_xx}1&2tG~dCiDB z*nfW0E2j6@Ujf?gkI5si_u1EgP?+Pog`4{kSo+D+X?VZ@NL>a)7Yi+Bnc*pidNqn;X=0+!s8 zC|CDJWBV9%QJ?9RFeaIbj|`oBhKta>zQxfKT=VT9Jf7 zjTk=P0k)!k24|d8BH~zFsv`KqA|BMPl>%N#hA-?=39mNbD#Q^F-9df%czo(uXLOfq z-PLaO31q!ji%mJED-zL^YqbwO_2l%H&)hM+^EuzNqipd>y`Q=HFZiF~yX&zBCp_@U zXt2VD$4gK1H<0m(Wc|97l0ddvEYjs#z2M?ROPWAo(f3*{W^K4YFU85a?XciL9N#QV z@VGTF1@Yw?ekc{1WL`LEkzKxY!Ut~RVgXrt)M)7$Z?U*phs-Zst`RfG^R_AajS4;) zCl2y+1J2_oyXrPKwcvqZL@oAT1XjzdI&`+&7rckcw$=WfB18g%X$w*NL@BctT;k7S z&J+4}jLo+Y`}}~tIAlM_tzS(`>1kLH!gYMw?9Dh>IDHD);~87$Q7 z47USS#zwn`rwbeC%P)ELmJ#q??f?C`Kl1lH0n`Me%oZ0XXX~##{K@HOAG~M!_7f)o z*-_D^ieG;^lY(r1;4>fg4{VjSV;V|o1B0SAWc5ikYUKK3OtP|6LmzFI{+Guo*AvQaN_m@!a&Av?8kmU4{jA+*PJQj3WoDS&)UTZ{al zpgtc7lb>p7>o_NarU)@D60z8mkbsaoY7|~GAQ7j`pz(rk8Q3#rx&_Gwd1B1q109|a zqAo67OR)mu*w(?lfn*^Qj?zG{HtVq92P_Wa9~;mUY4&*>cXb4CSNn%{7r9l@T`i_k zOsDJ-QxXXLd$awr)ScV#W`^C8|MyRS$nTE1G|0L>?=~uMxylnbHbEgD#Vak{EDGE`&CX;N`@WSTCAbxEPCRp>wz#!>0}Pr!G926J{}vb&hj4B z@36bo?F#N{w|Z|hZ#0s>?N5H)|Bmf;+`DD}hqlSy{`o(yizhAwu@pk$BFk;$kr!dK zS}k!7=7qyn7ZCb~{`b7_$ps6NihX`glZz= z$ZXjLMs37U(fLPPTGh}sah-rxVN?T)q8Mz+KTzU>UE01@Pd!f=3m#3y$XwuCSKyOq zI+$6ENSrYb32S|U60)U{wvWTMSW3&P8pj;r3yU~{S(ea{A=<6fex0wu8Wq}%!#UsB ziw%5=n%{eej!$TDR>&kS_@JOqZo$C{e5irUmaFWLTkcZ~#Z|CHKVj+^8k(|ZwsNdA zo)=nuT;zq9j}KZI8|@ySv7faMFyX5?TNT~a3R5R$QD_=U4>i7G^Y=gb!Rc+Ey;E*` zQsd6~Tkd|pZ?Yc1lE`^5C^OWefL-$Xq=aA%A3fkxV@O#PTAJdOIk)LAOK}vyYG@F3 zW-+CEl`BFYD^WE46HmrV2cIm9gPXc}SS;C9S4El?PQk zAJXPn$z`p$6&@SGyhQYzpZb(_)fZ!C29H(J&0PhK>fnYhw|ZW+bMIqh@nkBBu;P>j z`7lOCFs?AFi4bp#calPmxZE)5$vkkx<|`IvnsX$&k1Y@CGoIrac=d%m>X%rhZENME zD4C<{;o{vi@huW9JrE5Ty?o5*2je(4+Ou$;-tmQxZX2b)t8J$n+^Oj&)b$z@(eW>O z7arnJt=#g)3tQ%u3{DgtasR*w;##VugCAak?_V8|T`_>`OZ0{4>?4^zU?G#aK)Xx!9K*fM|iflaYoZ-;(ECuV*m502{#F|u=<)lyPDgLpY!F`_M3^eGUP z*{Qo|VJuP`H_)xVcMEHuACPXf18U#c3!GJC>h?qpOIYE5@LoP18*MtFdnNwM2S4t2 zpj+|xceTQnxyVUcl)PvNG5PzzFZ)lwG=1Bj{KoWi58hq>U_l^uF8z+Zulx_}W#Vu8 z<6oM7#Qwm5UVZ|Da>;D%5^NE9!L$}G9QK1tNEg1~OHrzGEH|m(mtQhVUY(fZ&^tKV zzVTuTd>aq=&~)@=baX*ie}qyjwNbmShJip-#zNKuJ}8JGjOv_MmT502Y=WdPQf64& z(x(~-+Q}#^YRP~{JZ`eog%)kUutF#$bBK#|=a=vhF&}k@=dTLzWI4)X7>W3bD{Y;& zUqfwFd4g$)jdl;+#S3)%Bq%clMsZZ*{B-A~IHqno82Re#pkB^@DSHwsheGe1>Q7|D z7>vV+5ml(D#Tgn%bFJrU2Ru1)*-^x4{bY_g!!(^ZVBe=*U3ceCy?!-q+@3pjP-Op0 zHXG}|zTh5;-pwO-R{dLehexCM0D1fdPC!_G|2C z8S#^fHyypCc^??D9)9`>zgxw3bMJcmLI0UY{Nj@eFX&ptk%3EgK<$e&$y_|VpgT@v zsfONtyPA;x5||tdUaK?mi%60%7Lvh`$1Ce$Q-NN7=m+{1b?eo(+WwG_Y{d2G$PN5) z;#!WqVjR$g*+mMBvjjf&&NO-KS!kmdVjQO4ogVE z4W6uLJG{|G@xD=<;i;xi9=8JbD#wU<15;RXj5=vrgtgEsc+oGs$<%+PrAKAFLN_{R z=OOY8mNeuQ+56|*m~G)pK!`1uyee%YBvouXD`v5}(tngXX9)5C`f8n+%bQyxPSqU%BWBM6+4QxKMll zlb-RQV8S^sVZAO5z2u7Xgv_AEBXt*KizWI-bMKRRB=bFD@>gA9&;A-MnuzS7dx29NKq1GN0VAt8p`#p@@YyOSdh$qLMqKh?9uYlqYNOWgq(WUxt*;M2 z4qe9xxaCb&aQfmYZlR_@10|T%Eh5nK=rzsat!z1l+3FS}SUPXQi9aHyq!z?H*4~Yt zz~d>Wj0Tx|IBSlFzrp>$Q;#o1+kdL@(((Q~C#Ri}<}4f`tL>YGwXtBN0|u?QfKWp% zmyxish^0}j#>kqG#S0BejtAyGH=^c8#b6z*7#3(^!CKA$IDBESPFKV}duNNr9*K%1Uq&3MsfCY2L(GuwR-AVDgwCut)H4?AQ*uz(C!V@azng zQ(0HLyR?3}<+&O7Qv3PZgHpyudqB<P+qX!mPNJS>fICSN4 zDEtB|N%fo!Inb(Fyr`G_T&Lu%f%Yt?;tLyi2`3V5{xhQ$QL#ln`auK9Fm}S)e!99? zB@@e5dkjA6`QKTTH+qEmt0` zzGpon+2*Jg=VK_^nt{2!&fExB2Co7OQSxt zJ(RW8&U}3w(}rPgGfdG@&m(hfk-3#+pAZ-?A2YMSm;h?#n%T#Q;8V?VK@E$n8e{t4 zNG8VxD9lMB4?z)u0L2qrD71++je(jtuyu~`a||54E@BB(A1B)v1I(it1i=qaS#ufoadkw78!gVmUA-G0ZIp_a(1H5VTZ#c)c9T!;kuVCQ47^>GnM3xzX5YouTE(3g zJap1$v^L&Gmm0`r(a-eC6Sd^(S|+0Nr{LmJEj-&AG0wM)fs9AaM`&=wco@!r!osE! zIr5C)2tVn?4PTXrArveLVQTMcQK904F*1)l6-PGd6RVqm!yjA7di6~{s)>qM1QbKQ z%*ko(04qw_mk*2+yWYCH8?9G?&QMFN~jl2tuyF=G?-UFKr5k8a6!i-R8hj-*eZ5%m*$&(BYEvK_zh7Q=j;6q6$(58}Ng02)Ou-7I4#tQh7`h~V0zydOr0nle!B zxYco_DIMWK&f}}G(WZeJ;@KGiP3OEi>iY1>$wQf?2IrI&J|?j86=T$rz$-tYBNjAT zkbte+4F_IiDA7+WV$L>Zh`eNF47C))eQ*F-F=ih`atwrRig3y+!$VhcG6nlalzh=D zY1BFplF~*{@bV!-xM+#L$Ei&_TYdk7C31tV$6>>81`V!bvNz@I2RXMjPNDj%*imol@$P^sOJYX~=y3 zs|`jz6f4Idvoxv|2Q_rmrwzRWAeM4OjfZ>$WjpxLmXB<}qHky`f7h8J#~=mJbJ3!~-`kW89tuzI_z+X}RVZP>AUt$y3u3h^vw<$fP;PDZ zjhi>*Tl)otU%6$8Va+*;pD6W$J<3tCPu8pNp5L0jc`D`(v1Xe{_bX1Ah7d75ye^L777uKQtbEW`p}b@fB4W749N^Q&APe>3 zCyCZ*$sZh$XVHs7I7X!MqVXQB26EJUIRbfNwsH8f40OQgSS8NdtWFbLMt7_SX~|dB z<`mFnZWW^}qnI*)5U(Pk;xo6mdMK6Wc zxXw5C4Uf6RzK|V9J=7=nFr{BW36rWJQ(v-QoSEcUyt0Nlv}1wMaZDym5n;=@C)1W< zj@tvt+2+ye)apIw=W>pK#{BW0RRdXKh7JX_hCwoF-C0A%gT+S08dX;WwN=Z5=Sb}0 znAaHV$V6W7gFcl+B{6)76I16|NQg#*IHE#pVqqH*=P>Mo{az}UeIeILW9YuB^d}xjRydGT?|tF=&@gBE7H zStYxxw0I9=((eRWa#aUzk+3D$wYpt0a1<(+|SV5 zqKi1N-~b|WgHk;-8BJDIM%(*dy%V5_*(Y1;D*{~%V3vIPSjsbFm4C#6rj!hX%Gy~a zBz0`Hx)xt3oIJ(=O?Vkgsd5YlH-~s>pYVt-KjqN4bq!&q?tL`NGA_&VQ=RdY$yj}g zfJ!=C10;u*!vNl}wQ_D{4orKW`jM2R#Fn$mOoSpPABwIzQHc#Ebh8`0BmSr8Tl{`( zjSoZZ$FuSbb6TFJn9TgQNDHSjiGA^uX2xP}i#y9%$3-X&YA!O@*r8dJnY>)_w0^{( zc81c{TA-6g83mf9xb2j)u9pcIVBRO$vKLn{8fiLHH@fy=dsye9D&!owpJpf zB{OqQlbZ~%0w*`s;T4i{3QyYP<5RITP*EhhVyd3Lu+I6yo2YaYQBqyBaWJ;9gYl8A zG_XV5dIT^RF?m&IG!~1VmCCLf4!Ukb7cAg{7YjBs$*Q5zLIjGOVI?2^rNu>o@rWiy zNTKMXqcE_tFS79BCNDBN$aD1zQ2xYH$q?R(2>C|)gVHw~xw!O?QJ_cv)KU!Ud1OB_ zB9Bj|z)b}Ua?O94L zb=-yJ{6R+ckTN?Y8D^A%E?o1TuJ2#67#Ti4(3ds^ozFG%tZ@bw1xJ&u(gx^5S%?=x zx)(=moz)?wzly`r;L$@WH0w?U297n%%uzsWS>llecxIE=c#L(K9`=Qi@MDWi zp(mT#Y!R&^Y*{ba^~IRS6n~%gsZBl27R&ys$40xq&d07~qlv0IllD4HV(EOb0Bp+k z5*f>1lO8bmv1CcISc#CIw7LLsp~^>m!7Y4`5Fe7IjY#28`*U3b2G)3Oh3f7Wmy2&W ze)aUtm)C;C)}a8)pKQNN_FeS$&>RLUxNKj2GP^vf0L z07Q6&LDW@~l00l4PgTSI6vjroKhMhw|1Ef2e$#|a_nlw(==94E-|KLmxAr0#=V?ibC}E{eckX&p1g-ePOQ$niG(+1w zvQNmIB|asbg1&BdWpI?HO&|P=B0V&{oOO{EeLZp^@-;wp+F;uGT+C}LQt4QhR(?BMyo*fzb=HV8sInJ*kON(9-}jssxq!F(;XVJ)#N$jp6_=Uqm1#S+i4+ z?`vsnwEOz>>|Js(kz)b*^e>ax?R9SRWuy6GX!EP^qK+6^EHrqC5(gSQD+aeVccR<^ z?b_wacslChgsANWAV2HAe05}c!?m|e-+krtBg~LadjzoQe&4mXO)oz7tm&Pf|LF9o zrylil$g>f2KBv4nKaYW;L|?-}@Uu>DHR}_mIPQ(Qeq z!IT?$gpii~QA?exo4pxmLkty;hWMdfFGp?}CwyMpV&9Lop1ADC+(u5jJOY@UctpV> z(Uhgl?RC`%nY}2-g+rLFYWQT1zGZD+g>iWynoARMPDw9uA!24#Uow^q=5NAHwmJO7 zSN!?0$ztGkso?JR$8LPt^z6gO>r86TiOvzUVQE`Anbv~Mj~gMqgCTrc9sM;2vMtNu zUFMd>@w+Dj^%rl=A^Lztn@en(nJ>qIOb@UGljlc+yGleIMe8#(kb))j;fGbgm4L{( zFD@%kxVl6S7|E1j)a1CHyGv|?pGl1+_`? zZIq>vT_mdpq?OU)-52J)KW04Pp}6!SP`cvgm9{?THURMTjy5}IC(lD0O@Kmbz-bJa z0q?#G22Lm?wwhEzt@G1($?SFblqV(L3u@Irzg8fIsqx4~Nb1TMTcd+z7qiI=QXnO% zZk+aEV{Ekh@TBZTN?dv^GbZlRhFLEzHj90+6z5ntn(|zfd9q7Zt!2wNef+pUI=49~ zPep)7=(s4=78_y#ub6Dn54tPt?^fbY_QoTZ$Ys>KJOY>782=yFef@O3-Px+d`Oq1O z8klTXyVr@!?J(NON7dtK(q_@dS(-1sj&Zae%-<#?Hp1o(t%=JSmuHul=`r?R~(_3#eO}Gjds7DnLW%)QxkPeUoIytmsxlK&QSPd0&RZP@^ zhb)b-@>n2D-1|iw8|{8M6Xz(8n7&9r%T1F$C1pUz;vl)2sdPKdjiok{&_`HWF71Vf z?8L=pn<&%ehq=Dw;;Y9?#(99wl6;xHU;7;=o>woHTZh%GAxbUP*_U&M7QeGC5um{X zb7MY_=1f_WW%=q74mRIn%;0me#IdR=#EU6rwlojOcyeQ8N*aUwxs@+tsMdMy(!MYY&9U|Nmzd``D3f+8G&fwT2y4U>+a+bZ}e&!fQDmxfNmk zImx(lEsu@%T%Un`6u)04eQLfi3teCEL7oX*HK#e z!R;?ycB9NYs^9hbk4-=Rz+KZLn@?6eFHZ5EST&eXQmd-ApR{g`sjeF6=)N5m`moLD=v$0fL6(G+pZqh9kOg0Xtp_Y3!RWcuuZfd3#qul2|44SLm?k)YIuY`e6nSYY!2Sn z;s=!H;_&(1s^Su-9yxelAI3(zuTRg}O-_?o3lY&JN6m%6#bf{zHSGp{H%%Mtix z3jnaP0HflYpEZ212#E2_7bASW`ZRu+;$C~1_{Z!{HW!6Zzw-qeIN7rdUFa!An>Mvk zO9lrEqHWeqeQu9&lZ_rN7i@X#z>T)+aPYx2R2fv@`$zAOIKTd-`=?)e_!EZSS$Y1^ z%RL6T^lM&|l|9EsEcTDhTwt}K5PX_xk-;2 zParCHkq$Old^bZ?(&<T%4Yn4!cGc&`c1a+EA+@I@?s>#i+-?A(vyc?&=)yJRYq%t1|iL|(sq8XN7U_WrKNF1tjjoV3ZQ4Pz~4 zg5y$7^3863SIb}+%xrQwYaoMHH2@lK$~e-V{irhy{v(Fh4y^}M)si`(L|Z!GgjFra zXdBuZwL6fLAMiLQEHP)$&T)h&K(E3MiLHt&gHz)s$3Ror=L0QteVO?Qq@Ze>qd560 zQZf{qxP?=DKi6ZU-Op#|9Ob5|&Gn{b$Yi)AV=6bw|I+I;yh#}P&~VxTCiU@?S(n+QCbJ&xS6 z3KJ~k#!+-6B^UKMaWLsotX}0lKmklHOFoF$>oL{ybVnY{NHsH)pKNF!q%tJJ(;u8NHrj)8uFhJfn$D>8h~S*`T9{f8)dzysg$cyP zOPjph1ly8C&Nj06kx;cjt_B9hCRkNVqt&K=zJ+_TOcE$or zXho{(UVA^s+JH!8neM_F$Z+bDm{P zZY&a9FuA}&&lK~f*LTC2uOI8;b~H!-YklhVgR`0lL^>!X22t@iiui9SlZB^VnO&K$}fCk zyx}jGT*EiFA?p1}2E5a`ZS|sMkMFI~XBlx*L}a-Kic;u>rFYFzYQRkvx7GmET08OqXO<&I^piZaD1>lc7bSUUQEb(S zz2D2&X!rXW+9&y8itC}2Fwy(T?n?m&tPHK3;;Rjo=D0%>G`l&E2bym(P>01ZMY#8M0}D37covn;~Q{ggrWrJOWHM1?G5QATLz(O_H53+Jcc z#Z!?+C{F1zM%kl|m~$Wa3PV1!R2`IsIP)te82dcP8Hnu1Y+9T917r_O4HWrgyduE{ zpFVDG11n$oX^!cMy71srJQH1pul%6f@8$nz@7;cN>yq=X)t$5t-EsSr7{`vC_#!q+ z`XVFaT4c( zge09P#_o38*pAcfKE#L6O+EFD->4eno$uOf?eDPX+TWb}duP?Cdg`efW4^P-JKw$b z`mT-k>{sYy_3`GXEN&QX8rk!v*zOL+31eJI;dO&?BW+=c_YLJ66P)69Y}z6b%|PR) zAL8e@%_R?WPyPaDjm*vSb8X;>?PG94_IWhgNkZeXPiHfMMHauSF##D=g%9vu&R7;t zN%b0sH1OD-D)+dW`+bJWY>YU}16v`mAP;MmQ?C(L(dOse?WI@6vqa$<6HF4o0)~J34RW@r&*$KkF&obW<;oMWN@8YU~jFRHy)p`AH zvh@tlG8Fp7qL{w63~Q`mM6xcI_q@0sVflPK&lHs~JX*g5xc=ao)%9VdS5doDFh{wSv7gzYc+_d|F%7i)zL?#OItqx zd^t?A=1Zq`*gn1KVbow#eatsOp=e$?H|fKH?6@=Q*G7Bht8?<&e7o+q%k3?YmN*H| zOH%_`4Ww+{Fa78sUYzsp54Amr9fjT4;E_YR=Ox{Z3A-d;Z%GH3jUXc(BbRtOuWTHv zFRO2vK$*TqrS+NZ^u8+9B<|;izFwL6`>e_OW!TTI>uA zQ0Sg=+FVK%L#bP!)F9f-j}4D<3XdI1No?}dvuOm> z<#ixR$lIfMI?fDOBza8+1%}Z%rZsVlh(X#;^8>X?VUG`aBI(%u?&FT5WnJs=IPIM? z7BO*QV?AN4wIbFvvEH&C)kWUjmuok2lj9bHCo9dtj_C+czAk)ALj_S`s9VaxS(tHY zCvDG%&RQ_OnYjQ11ZENr<(?gG@P)IsJlTgy^VwsF6}IBBmh8T+?~L+go=DW!uVU_1 zP`S>aT^sEguEGnfL2qxp@1{<!iRS&Wux)%;&=F@aII<7MiQ#K=Q?`I=Ae(L$DVUCJw zXkx^xD?wUC(2eex z9;3fUdYwaIJ+#KQQbWh=d1wr_*Qa{8_E^TA5gBMVtGvlYHyw_9Ipi+>8ueORF#TmH1O`1NNPr*BZsX=j|gLUZ6{ zd@F_UhlawMrRq>rdHbf>bD5i1kFdF-;;{X8QzB=dfuqPIk1QZ$FP%Eew&aXKVXZk{ zy64sL=tx)H&$l0>@;X(LdEM@FbiOyMUmNY4UH`W#JNJNZxw;{lq;3>mx+~QTDn_Wf zH5p0vzZVt$fLXBhc#XU7v5>X0z3$ea+JtWFbcqczYqkxKKT4<`ECMd$S*#UuNlw>b z7f0s@>!+asYS?bcSc-@Xwm)rl?5>k%t2}Fgl9+w0H%hkJeKG_rQlJ8&-Ed|MR-^LQ zU5?d}MP4Mx3|mgj49WVI6x>`?GYDkl)l{2wUXRL9_7G zR^avMv+(*HU?X_u9gGqnDFta?0lR&Tlg9^|r0Q@j!+BzHZL}x8I4`NRegjZ)b&7(r~_{5N>Ag|Qwn}?nKI8-^8 zypcF<`9?X8k=5)K*?G!3xF*e5E4Vek={tVU+3&O0P3OlCvGzZ6cNk$kr%W364A>-f zkP#`{!aosV*W5ZVu{O!9I32`yaMdAyy@c;yA;U4KZcm!CLb}HQy=5mp8_Yo#i}~bT$&D0N28IaL$r=L)~P!juk&uL1}pEHT^5cW zcOM0Mm8_H2Z_PL6u)?zn^097y>NHS3{9EXO-N+r!c-E#Tb&=^5uOa4&q;Dj%-dCY} z2WY`=Hr^z|+?ixzOl^jF<)kZ{Fl0q)eQgJ8xEJydsrm-V?2GEa7G78mm^e8ZEC3_VuqLnd!@MgHhbrgwB5?vwEdtF_h zxKJvO5%NvHh~ntu&V#S}_xOB*PL`*g`YiA1)Sz6_$!{5!c$2W<9%WteitiS)cizr1 zkz)s{SQX+Cm>%aW^4Pm$$^&AJ#;UX(E7Z>ARnZJ;Lj!|!oJO9n#;YE@;m%EP1a-7# z+W$D-=guh02ydBe(K%mn%Jr5U!EnewyptzQ!-_6xY`3gBYxflF8u?~M*GBth*8KyK zm7B#aOE*t73l=~aJ_YOM;jpSRnprgB#szyTZ}Z$@Rtq(DYc`B-n7V7CY3#Th2LzP4 zRg*0|-A%d!#dBO4G~%U@@|s}gX$xr{`#HlwJoAwM9$vmitKpN5%3-*lyDGH%yKY3Y zY{})p+jYgU4(2EvV`KWr`g|r-E_R7q*vyM7uXhZn2fO5B>zO#^ItmP@%{ueSh`XnH ze+g1CEL}>99f%_`@xbL8sHLPc$lC}9=Zpyj@3ak!;;E4}5(XSzWYyCVfnSG$pYpgi z+EZSZmt9nU?{{6Z(wLiOndJa-<8XsktMctwcDO9zf}5Kc`>UllXX1sYb|jpPnTf}W zMBB1eKs1KJZKyfi=SaJf9Uqj~GB}Jp{Y@DTVRjp2KCn(iFJT(brCb~Bxvs}s zUXAXE+q)ufM$LS5gLzZwCLJy5Xki9?X#&nb>pP0NXQMW6xJPyFzmr)^u0gSCO~hh% zE_svBupCkQ@Z_pcf$>#=XY--_ArxjtJlG`dCjbZQ-C@q}!r;cw_-+n>uaNiSRpc!6 zhDCA2N@`E?2bF^2FUzrJ+$}nJM~EwlSq~WKeJr@J^4E*ilDFyxXX}2BYdXkht`-Yg zKJ$RWb6&^HxUL+?iuqurN?vqYt?H0 zomCYmE~OUJyX{u(ZLD+ogHPpPZf%_gf8}(>e4-1Ie6n>|2AOw_SM1K*LXw)e$|DZ{ z#FTe2uH*iJPOzSfI7z?Aq0v_501qLmJXo(a9^YEa2nkVD5Ldp^gzEW9Co6Rq zqoNB}BS!=yspUH9ac#6Gy)bV}S^dUZZi9ZaD;~!1l;_o2Zt_8p z4Yu9ZdsBNg(=2&`&YGk|9)C3{_UUO^D^zpxOJ@$Oj9Htb+#_MI5G4yQ81NO7Jc_Bj zFcI?{DHg@=2kYH4Q43Nrvx@e~W!i?nj~!!+ui@@3PCS;JJ#)TBRsnp=3x1uCS5!Xc zvg7PiWpx-E9>8)1)ym!R=I;SpXn}`DJsyJg{5tqJ=l)@(Sc*wDMy01kq{Ef>SPaQS zge$?Scpvx~OJbw?jKbJ~C)2Nu_GB02Z7WCjK)cs+di&<$M!>D(n8I?7QIt48i_bry1WPwB=GU3D$>3^=HYR+(&>;4;8q8r^adjmLDxg;(RQYpmnQX3x3KzxG_^T-CgdE3n@TG!xC$H=dhp zpL^OBIPSLO2)%B2S;Vwj#9>ZpuXm_9@bpsbbyFYl+lHq`Oo2+0n}K8`BC4B-lk5j$ zN3oK{K-`RpglWqO5p8cDiJ^~$u+3JTk1G}O)dv;sIeH}g`k^HB?w3C6jCp-H<|IDX zc3i(=D(AZ4_L|Uz=P<8pNe&WiV9dlRW8%}mdz&j})J74;h>4)ISMa2iNv~qFOZduW zR^#l~nKAKZ8IBNoYh-SR&ov&y#y{$Fl@q5NV5O5$b!pZ}JPC=@8l&-Q>2)hcUJ&@4 zOWt!I*Awlzug_aooo*0bnw)Mz{n?L+*<35ux7{(r&Uk;UCd1Kn+2C%FthSGh18WZr zVe+CRXRX04u9&6C4+bf!z7Dcil)MMyn3(3~zqb{-B08^P85cs<*E`@q!lE%Y=Hj)! zzsVA-`m%w0LbG1#26rU)yc#QxS`@<=KG)~!!o;=FzOW1Swv=19>*F)hjg}8%4MuaZ$+u$X+i%VmdRN_J)ZpsSV9hGu0x57J z9q|~7#y8qaB-9_C037L@zyzI|8$d4qpDmYqQ zqbh&ZVxFp6A0F6{dXBD>Q?l|}1J|WIjQcj}T;UlcVBlw5%%ur~AK7hi*ajk`{u{$) zrGybyn_B1Tdd0GKeU?>QkC9HCHO0zOR$<0+NX^4uFy+P41Ewt^h4ek34E9uX=f2f# zIp_J>XwP|F-ukL^3-MyIzJ+&d;KGzvotA@J(Z(Km16|^d2d|DXqG#Y5{j*>P@MW%pV}mQY-yBKB5hZmgEzd)`;;`2?Lw{Vde$>-BcK zSY2E3_bOG-jz6-P=hm~w_FVXSKL7jLs-^$i*T-_0OJ~1oTr0lM#jD)k16&2?HwTPW zlPqjdSc#+p?8w6_8em;67Fa4g;`cjkx&zi%uk4ir&C>IYn2{r8gV?MyNAY*7y!)7l zGsymR0Mt}B@9kvw8)zTv4wFqU-?-ATm=FG2_FIc0kB+fFc%x6yx@jtgJe{L# z-FlQ^%p+hl9!*1Y(Vrup&baD~kj}>lF4r8R{IBLCoY%1GBo^sL&ZuyYX}KxsF*;t3 zyp5No*SFV!PdL5!p)Bk(|DevzeHyI{*R+zu>#W*#gmYo-x%^Z+sUB5`?^P%l_Ab$d zHKr^%j-l$1m3j(cyJK~(v2^03-#?rc?v7I)f8eN$uES{Q9#_d8zd~X#I zKlpQh^Wjs!`lYz3>MOCjRo9zbH=b{DYuunuT|37b4OiM?pq@SZDaJ|MBd0MHd2YSl z1ZkQ?z^~ldMRd9iwrd2zPrXPJtQqi0>PTt^F;2B@P|cM-eHxcduYmUBLkAKI*PsjV<^I!QV4}b5MK9~Au{>eX{bx;#BD~V(|j*G{% zdcNao3sE1Z3Q5h*!^r%a&Hi&qafXe1~{oov9jlc-61mx&;IF-xmW|=WB=yYwgFX&>uEv0_n zN5AFacYiEiAwTi8-)uc2zg zP#&%oyvm`?w$~^9H-6-6bEDl;eg4b8`tW1__#Zy}#V`EK!;gLG=O5U3_j!7Q>a6Qr zRu5UQQl;&1YgC>wpK!9F+wT~ii;XMqc=)#MCIb~y{xsz&*H4TB3}WGiI)T_MZ{KeM z?lA;A#xs-+E&}Fw1k~mSgPA+7>-KIK0XRbcO1O={=&`Ee*!|egDzA<9tXJkOt4mL+ zfApKb=iv{2!*@M=M?A4U<>)t7HMeo|bI-LquG+&>*gK}0f453knh)vbZ;nct-t_eP zWaxO0Z#O^j2nP#NcpZIH>aC~8B~I9Qk<&UO`D7`74#r7O?Aa{GCb;Yv4Y=3VT(4BA z#8n6$>pga+Ti+|`9=hzBOM$|Gi)S+{1qpAI!A*ex`jm%X}j#8=;2e?3v1D z?Za)&s%}SkY@9dq&Q#Z8k5k0DG1Vs6>oU%DqALS@nv0I~VYF$!mptSSsyxIEc#4f8 zZ0r5dYuMu}wluhV+$eeE^T=n%Ezu(|{c-ZYmp0n@2OtJZ9EndTuZ{ME7v*g#Nt^2T z|AtTG2K(H3(UfQxeKV_D&8#%ive%9I)V!TvF`WTkzDmv;JWqIt@V3@tF2a)0O_{@sV4j<1(FlsD6bl%8XpcVyPO`G{L3 z^N4E|j(pFyNq}vroWJcltDbcuv@Kl?OWj2JgB$!vVygsa_9~l`bJdiWJI%JaF5@Ck zz9&3N-Z)jPvE!XOIf{|GE1p`DE6u($80%VbKP!=cfeG>c5a7|vIbR#?%ehuBs!~0{ ze*d?8;^B{e)Azh~-TV*?H=v06Ey)e5&Y75Dkmxsh4xf0UVH`E4LNxK=XNr5 z;n0!9;&I!oxY=x|dj#^7yO~=pjU%mIF`eD_DF6UK07*naRIJQv)Ct>AcI3=7IC>1HYx!PKVA>#rxH>ZiKcckB=w{svD zk{Za93^DNRj7og~!4ppg?2`THV`I8y%x{=9A03%5POhQm&YX-o_nDtTICqs-buVfK z{`vU3*B|}v-}jC-Sxs0smR`q)??P_I30&{nA> zs5!~rad4+CPWXsHYAU@pjX4TK^!h;{bHWWIf}J~}(`E;5BsrcU71L|<21}ywWFpu0 zI{bSLzwsj{VK$pa0>4@l{w zqMNud?AWK~sBCXuyEfW4e+}NM3jXxB{xc7M?zjBjn;&p`?j&_{@!Dg%T{mWqbz1IH z8J>1@z8+BwZUXZ4G&HvT@98S8*sw`jXM64Q1XXc4r8s4-Ha~C8#u0^-6{u|3ZCmGJ zhK6BMlL4l}5c3?_>tMaIuE%zx=Oj45ep_s^fBv`piw}S38^0^OG4HXVA3(P?N_5&( zqyPP=qP&tmdsM6AHD9I^PO#+cW9c62Tujn-oZ<_w(ZGaJId>oavZI;3zkiYpzA>O0 zMWKVsWX;&r2Jv=?K|CCA61Vy)PWFDuI!;{s82&TLYok5mRe6CmeSLgw_n&^-_rBw& zSfwo*hABi8t^AYTsgHb_`>Xo-vtTg6<+*$Hk&Ne|t_ba39C00wd7Kkw1|v*C_Hs zVW@gnR$})Y;7wASZI9MwuAJ+pt_aOvN1@S**BOhMa`#B%IFmCcwEaL9nCD39p}rm~ z--qS|H7n2^_4>NLO4jjb;s>Sjh+LVoEvV{B+mHs9jaBPwy<;kV)L(|9usO@R5;b== zEGWn&$$MY=k$+^L?}~M-cS2eA>v25Zt;!t7FvDhJ9~mHvwC*{w6=qx?MFnt=a~_|a zpyCyHHBE89fFrH-J%}w@b0qO=UFSlY@USHFV%xh=qH@SR_=M5eP_3PHN zlcJiLVTi38qB_D29pyEN`kuAR+2uEHwjoYi^?12L&s>17t{@xPOJKu*GhV1Nc@3nM{!tmSfGf%eS$a_oXc!3@1UWB+d+81$| z&RgUkf6afo^SUz{_u5T3H}s9;H4MJZ*TA*O7}0Sw9hxc8)TQQduXbVGJah&rt79bX zmu5X1&wx5dA;^Ptl+VW6Q|HPf+fqRon8V22>0YTTmUwY1)}c+E2BK@QbKoy?<;3Bks?F}B|$<&fVQ?diHKdz^A=v$=-@ze^FZg!r6s&rw;q zMjf}u%115zL#1+Y$gfv3rEBL04-N^x{1sy>n4Zr#*v>1jua3`qZBAdAe!5uyM)sW^ zpZ?V^KK$h`{_Mlw`lZi4{N%5G;o%qmzh4dgA1$=pWEdIuFTwD=my+hE9KE6R29b?U z{_!!KhC$1u_FkuL<*C+En!GdTfTlO}uf$io@ONHEyYWf)SZ6nWpB=IAC&G5VHO|cf zLc5-P?&~&6pRrKR20FUf94O?>EFu!vmgEDhwl!lf5!8=hjRUg-}*Zq zKKYY>DSw^gSK`+Y&7Xn}pK9ov2(^(i3Q7blLzzgO4J;zYbNAquvE=oRwG5S zy}JV_Y`<0&bw2IdXwP>|UPMK@pMK!mzxTCk)n@ubzwmb-emH)k&!=LeeJ4lWaPNd5 zV&Qm|R2rI?{~`U_04c)_Ado?5-5&|Ic9D4%qxICw`RP`+(3r3auVapf;<^^koEKQ} zD~rZ7K=U*61mww>8cTEhYJ19vIP$U%WJP9mu&z07vmRE{DSlUuK0Jd zzwhJUdHCxYg?-hbf8+fh#V@${cRu}>1L|v(F>#@et`fD~TMyZf4&vq$a~N{o1cVeu z2PW$p`RcGv_>sctAcsdp4ZZ*;|46cLN^7jQH1X>-LXvjHRjsNpe`^z9d8x*9L27JX&>)L*68r}dN3JbxhmhXFtQxgYQ5 z*VefaMZk^h7WG_8GxeKW4EwmV`et|5ZtpsqtZlT1jwqd`(d&2XuLiWvx3PvJpDeO9 ztqqL~d#szDvXQygP%&7MYO2{uA$*c#1r2r$^EoAr@Jse5DLHe+@EHZNq;sGvG=eF*% zfOTy<3U0q&TwVTf*|K$k8dII=>*Gbui!HHY(5Oh&d^tZ9)ok-EBH%VBo7OyJ@T_Kt zpz|o^X?#>cAcguj>*+ zctfxOuGn-X#<{w;XQ=te3QE#(#_GvkOLwq*3E(%qQKO?)K5UXbkL|W#Uy}F06YAGS zd%}xy_LB5}-g(Z`tZs~d?=yep;ZH_W{KfcvwC~oz4Tpqxzmc)ula8llSTd52SC3Z? z@{k`X95KD=h*L3pbB33ANn`Et?;9>JwGk(o-T@K+o(IkzgKj=WRTDqT0seI))f4O0 zV+BY3;oS3PoOTJlbi{)0n4gLb_uu-7zxeQf#MjHuIe4mFV#WpYrcqUwR<$aQd04xx zUl`Tf<7Ly4Unw6sC?Xis}-&RLl5BYkcB)I;~epZb{}%fE|#YRv24xaW5H z6t3zGimqE)vE{3qzH^cfoA9zpE=_0H<#B6S^MpGO_`2MY`?$xdp~}yuDIGkV!tXjb z*$Zz}$CB&yWM56K#6C7F`KHW`B1W2Agvic|I`lsj_!FP`(fC^V=P|ufDm(w&M|^dR zy0#10G3Y{i9*&_d{NhAMRv!7nDo4(-u*4BFDhjhStU~$dmagNUOWmAJP1ri-Lzk`i zb_u`VGjSdONw8pcsTg7EeNYj$d$!Dd^}d>a&-W(B*GBs$SN{d(*8fZPIZw0yN&J26 z59yb?zsCpdhnw;_>2w48maix`fx5NfHMVfldMpu%8-r{*p_>B)6|Y>3K$*Wc9L23n z9h;so%pbr>bUgtHtCtz9$1snw<6ZLzB+OF}atSXcuW3c^Ypk!0tA?s^MzHbG&8NeP z;{U{F{_3;7M*gi|{qcui*M5rG^Bc2_JbfLRPp{FoeP(N6nma2xm>U33Y&S!NACJHl zccc|vc`HUX&m%s71?l>JEL^cjQ1*3T^RUX}M%3Y6HJwNC{@3ZLdLY zw6^haK(+BAHs!j28N@u0pNl8kKm9X*BYjUf=_inX&-iz>;_x~-zvB6)KT5sN=a%19 zuv!}Fb@=zrGkA^3fDuRhgbusM_9_?oI!=18*S@jB!?AC;!nhiv`&GbxPxe^XPFB{7r);JH{f&g=F>z3E56^n z_xNO|k%8&W!n&)#uhF_!@b`^IbetpCGx_{g+kLb=nMVpuHD)E%vF2@V8wyU?kYt{) z*HU<5&H94DvY)*X^lV2pX2hJJc~p?+=buV`&R594GyZ)phq!f!i#$9H@^lLZnE`oH z{oQIEuEJH#vdtL5+vJ-%L*c3{vhWdQ!d!a{3pet}(2Wt^hhkXAu42|Gz&M1n7mH=t zq^)d>B(3WmSrIVp_fO#+cN;& z!gmPDoBr_b^)0^N=t?KsZ7Y#oo7z$Ps3O^LtAS+&1sMF@Kn>M|Y`KkeRN9Br)!a^S zkJT8Pbu3kBujzGks;IR?tBjqOdeXKGV6stXHuL}C7eCc09@X_jQP6e?dw$=lPh#V{ z-DwY2;VZ`4e&x&WGE}2Dx?M4OUE__xX9)a?lHOz18jRGr$0!b*;~B|Q$C0(T94R!m z{!WmsAN!aJm{Vc{R5^3jonq0&SJ-mN&a15F)vk^9yw~P*m3`u?pZ-4$_>nLD>>I0J zH{i36gP;Rb()Jr446^5yO|Knan=EJ{_NO8H-~cJ9rd-WjvGA+c?B|hEc`Hd%tG06AXu|W7le%WEQP7rV@=)(mM0j#AySuY1f}n-V}=o)QEo(za@(l5Y_g-%W+O|OPAk5pPqh$2`VSaKnxW&SA7cU| zmPrB#NmE^*)8F%r;-~M`iZ~UuN0Lhn)^)x;j;$jm167~Lik7Z_M)t{H{+xzSI==NI zUz>3P-{xDZ*Qn=XUft%Ts|8-HjE$}Heti-bC*lez+xpiJ-A7$(^+x21^#a5{a=;-s zbCr!%UZv|I=2-Sb!AW5ad}~sciYu)Jy&(14XkXC9defzTdwlYL>hY;x`NC77ZypzS zdG0-NH|GtnyL#N&vR4!EGZ${;J^>npq$A8QC~Gsvun;JsGRnmW+2PJnC}ECqJ<2+D zYD6iLJs!I-HG7Sob2yW@`U?hfl1q6M0k-4Nmw9IAHX07ePyW&`0)JGB>$|_|>+fP* zOE5+rZGwFxbkyf2fJ&%ewqjqhyXS^yWtVy@ZbN*S+-}>dxo^Td-N*Z_V zego&-JbQ$_byN3S{SNOP^Q3J4+~{MRjkTQxArq1?jm3rCv3OTGaRV&uzM-!XHG-et z>{FhnXjHkj<)byg<~8;R8=0z>Ht*d00)aDB#eMQup8iDp8{>(#AEIh>-cqKe`eDM69V9B{0$1;j6l^jn-Wd(9n34ARy<1HaSYI*KJm(tgLl zl1n)V^f^iDp3fZXU#Wm0w=i9I%=ymOMti<%a@vYM{^75BQf=?_e-iMdB<~?eH#0Xh zY3Q-5-6QZwVkFllW8NL7v6_u?sA)X50Sc?5OU10sj;smIQ^(Vp-1_iT!;%FnvY4K$ z)l*=vQ7mw~evh#+(%5z0<^?@j^7yd)Z=60?`R!;8-+b{jwjn&lr78$ z|9(AL2jMv2XDsR8T^;l1jnSQ(o^?$dS9Z0^eUyiKX82HgefY{&TD^0Oy3K04*THeT z-!-*aQ`bjA)uuSlh$>o4nC|5(^qbeNjrPr7gSV~%{hxVW(s9&i)Cf3qBd=rM+B8r> z`^_$$@$SQe9o&?m^m@>dstK%g9gL~RR-f@LHW_h*g!?H^tb}#G`+6{|lg@)hC8K3W z2)d3LSrQ3T;#&@*!mG`2=6$vDb@3DRaK92A`N*GNCA)|WQ_kDGvJhcSxsI^dQs%s* z#W93rQx{hb4o={4sS<4aHP5P)gBL+V66g9o2eDz_;5n4fFSPjS@OI5+a4pe{lTz%* zS+=l@J=^KpXwP;<-hz65@yoyRqGrJ-W);m%O&_4wW#bvM;>ND#QEe2Tx!ho+vkAIY zYz@OigZ)-eQ}-y(#*(!QTRBQ2cGd?$NNNMq8D!h@fP1Cf0@-w{Dp#ZNtm`hRH%?!x zs%cAM9xmQpu46~N4~n(4HD)aC>uhi3C90&;!@``(j|M_xXYkn- zg&qK2#yC=OylnBfW3ZoHUK{P%uh3QB`?Lbp4$!*Hua5V-J}aZa7)^{^=txgQcps8# zR*YqxjV+Am0F3Ks$I8;JY!l-12M0AaALP?G^-yM>f#K^!VkFTAtvqpg#JOX-j{hmL z>Tzv-tax}OdC8tvBo;7j+ozTuBWyoBzcq{S$v1#qmuaE{$cKre9L1xE{>Qb`_zP$I zNLyk9WX&WD)Lx$govkQrTgQxqg+JjQS{P|R(-EJw}gAVWqA4~z2UW(zpR_8(U~N&su?3h{Mh#rpV58iNPa|!tsl<=#`XqcvkAL?AQ3hFH0+Gyn3E zPndp?LpERi#@3xJ2!uGvSD72|u1eHkh~YjzQj^R4o)L=Ig0 z82dd5UXs^6?2(#qoLI2VwsO!wvwycD)%^Cl_A$I>Bp7+@%{)N_JF?JE z)B42aj?&29LADZ&uqX#$Jyd$9tdT zE1Tobe!e!^vtOaBzV~$nxcRx6TWjfUCTjwd-7hQ^>nCA>gyGf4(mAw=(U2tjrZ#g7 z@N7CUHm@rL=QaiNDyd_g(~8k3adA?v#L6&^9*gasbeQLM53}2Aeva0;*0s>G8zGyj zsu8GL3!cX%+{f`$b6gi*$3|75z(>~3+jaSk)fpzDEc>@A-J_@3eBU&}rcS6>Z9noF zcIy$h565d>o|~*(vmOU-ge?Lba&aD9NBJ`c#UBT*G$$Kf8|}$1$W_jpT>;(0deK;V zHQo?y!Jqg1xbb_#apND3d(C5z8w+o3Ovm0IXt(p^WkXCG;N7ox8Kv-Y}CHvG~R8KBOG~sNAP2FQ;e^V zqv4fQIMUu)OTT~Q4NM4qU7hJ{0)BdVZM3JqL|1|D_X_lzzTeL@a`%<;Ol>M|9BbV; zk^U`B8u0>89*x~-@Z3r@p1r}*rr>qGYfY}gTe{EnRNS*9&R}S}`x!d3x}6d9Ggl~@ zlQ$@Pb>?+1DIZYqGjGPPlFH{lMmqCtR7WwJy*7<+^N01;mPiATK-T9hN>bhisE$>J2>HX7LT0Gq+S1~zxo?yrl%`nsO+T`!-^<7arIPK^XYX- zXC8`XE}iL>dMxC=S@)Qp5BrXH9rl9nHs;=KaP2n6H5Y#~fSowxjh$pe%D*2#>Z+F} z><#C%na#BgqXbEYgg;#4AkIT)!-vgMvF2Z6HT!cQD!50k86`2Ao1n>~2K`3qn6|Ha8XuxTEv1*)|6f|YY%V^TQ+dnCzV z-$ry4&~2Jryx=&JFqW^bP^Xd(=Efd5_&?WtC_vzlJAUVK4Mz7E>GCap%_)xjkTSqM zCVlctnMZwez>b`dq10*(0}B*G#pIHr4+ug~#aA{wC3{}y>K5~F#aHmjv}>b1*#)`E zd3RReCx7J&PbT`lkABO;AN>07x{Gi9;1D> z{`N0_HUTiQb~1V$l;!D1$4cMFw@hTY^>mAPKKaX^vndADx#ti-wje;gAnMKRmeBYcCiw zOZHgCnuD>Plh&N~evdt){%g-z)K$~90`GJM^go~f%U}H2hwuB?w>*hT4d73I>+gK{ zBj5Zz4?q0bAAk7NuYPffTN}jUnge0>rg0lrmeMB0VH59d@hE0S-*IAAZRj&5ZAVrk zJ|6!=^ndBsecQu7_tD?bLtd%ttNR~~C)&=;+E_C3nsuDW@lN|Nd_~{4#^F|*YGT33 zE8VCOWZ09=84=w(dGb?|bhGa{M3}h2yw+q-_ZJ?f8JL@H#y3|}=bT(k_pCJx##UE+ zRUO6;$6V?w>E0d$Ea@bZWzn;);=OznBteSpj=#~dW<+XM+uVPv?Umd7n1anS# zZM5gSE>~6Wa0PVx{m)5Q*Fi|M9@G{i|8RrrMghYoXX0IP?%juT=YNk5*} z^oZ8K1{ol6aClSFh$p<-^vKourE8P*KmE}_vFkjDvu8b%J9%0hsP4y>aujhirHZkp zYwLOS%4=Q=Zwz?v?Dn&cudj~JdS$M<-th|j+0Xui2R+$d$NReiYMuZ2Km6O7bZwh^ z9d5E}u+@0yK9FGS0%)_~Yt|XiP!qeSdE%IO$$V*t(9tF#3txi{?^4SAFc4OU8KpCL z*%@PFUits)4Zn_#0VjLKcdOU1mAb?y-&nsyMkqg&C6*qSSe@b!*34D^n$@v;{0L4V za$;CgJDPnW@RUy$;_+5hSk5i4jrQEv=c?`W+2ukKB*I%RE-@p=QufU!BO=sm~c9UEbM zn&>5@E*w@QPjzgB1noJnTPn&~wW;^~@UD1mq+~BdX~*lPn5-*{Y3QDCN#v*VgbzE= z7QIC*!&48gjrP=+=PK@xHb;R#-m{ask7yH5+#yO`1lvjH#+;X8KZL2L- z_KKFb4%y{*Y^y2^`%|qk6)UZ>kl_dgzhjB9j7>DxZsqMG;mj^>jh>RjIggQ@{mtvw zM*HTk!BxR~xB|Kf|M+MA%JmiUd$`6>Ypws?pZbw_n*HKvm9mT{n*lm%inMRGifXu6 zs)?tsk@zcDH*!$TO=+)`;;lMha+q>V-%#ebF)J^*c~+cHb_3TjEp)^YEl<}Asl2;~ zT;|@rgwp1iD`%~RtLWPySV{DXC`(4huq>-i%z8C!RSff&4#zsLVmOm_ zZM0{)8dojv$qM{rH2#0{C;qo8SYN}YJv5sc`kKq;V%8Ms| zaEYC-%$aq^7PoTRE1N5*VAoY^uO-XB6ZWJWTJVhT95B}ZxS}eNrUOYX+jKSkfh(sp zK>PHFaZYE$mgI4=&w0p&@67VrXwQ6guG-$U75JOK^pA40{nW3l|7_=7OYi|E`o;KV z587n^yU+bZ{`F$^ZLP=XiZp01k+Bj73+xw(5)@ z2~JY;)*rY+okvrrt==K_I^T+9B#Ax=PN-ZP?Flc+RnmL20@`fpY1D$8ocT#2tjLk8 z=R@!FcDz0KC#RHtz#Xz<1<_dRJ2x&F$046zYaDiPlCp7l-53@39=DG{&g(rWj%ov& zm5t;_I9Fb0LHWQk!ZM5PRr8s(Yok5$)wybW*H=JaBY*GT|L-6E}=XJ!fb--qOFszt>3PrX4yh!g=Hhdbger^nw9AQ*Fuie zdlB0-l6hjsQz!LJdnD-ky?jR)aV_?->B@#3y-VfTYn6={=^V1%4N(8e*Zro4 zKNSB{f#3ba-yrq=S9-3DpNqB>8JjHAfCL(fmeom(e!;gkmJk zl32#_mW>!&unQynG9CooCfrjFZ_xho5OId-f~T~M zr(nznl6Kdua`kRT0ZkI!Ob_~cSR1VVCjpWi&>h8q$$dzJ$eWwfC?Ff{Y_aP`Nvx%_ zxa@UK9fyYvP(H_W)T?#AqBOE*R+@QpgB>~27Zd%;*fgkxY}CQuxYpcd@dpTDdmJ%v z6p?sK_QF}Y2 z8$0ncrZEhn(~E1PJ^dxR3Vc6SK)>5qufOp5pL*BRWs?k6HzUcl!7Aa7ncx;DTt~uZ zd!4b@vx0nXSNIAYj0eUw)@WcfzN1Enuk)8JwD_+!+{Ke2LUA2g@zTn3|N0A~gLPo6fA5M7rs8wV(YY|z#8I|`xnve0 z;s~&&rc-XbHp#Obey=d|&hA_S561YdT74dkW=t;Y3-JD)ELO$eu3uw1rF#7x?I|zI zRn*(G0yG)sL_?P>-Ckikp2oPwuG`?~Q3>hz;_q$B{4+-cWHVLXVWg2w49SIQI;wN7 z9*w#s$HUNnNdg?m9#gh%O{TFObUWxSU*+%ERj)ND4re}?SA=@)!1}6!hq0CEWVt(CX|M;$%bAvRGe*&bS_!S-*tKH zl~tJfLm|8eJEPG)%g(I3-Z5v?uZ{MMSLLedty}>&22V}Rj3&EJHk(m^XRk|uTNE)g zna(Mg#=V(k=z+!d5ikT#5i~Nh32BSCkB-$|(MMR7l6gkZ5n3)@aI86Mh8@>+#}y8q zds49-On(EwLg044G;$7w1&W>`}=9<>om}yomWe%)6 z2SzflaafIFMm77L7X0hTs-&I*m9etb6vUso<0P5u5DO{U@xt{3pLsp1ylZT?Pma7; zcq(2Ny=1|wn9@Bb*>r$M-{TG|i6G)6oqf$AzFWJjYpgA@HPT_E7T%W&HV2AQ1?NAm zjrRQ4=&JB7S%G_v$J2AeSQ^LZJ@RMMnPXvTLu=zQOEtY3!|djyGn~#}XX>mTRxCpC zf3K;Cp0Dz_eL8k>Mo?Nd!@8As=FZ*iVyU`Bw^7Ci2mC$mz7AvY5O2w-Gsw2*mS4H` z6}kL94jq};K=7x=6<77h+m84o<~f=zaf29sBvHy^zTIQQt<@ISr+Ec#6m+jHVRiWH zaPp<;iKmFyf1-(3e&8IDGAXa*OFFKN_9b1dtJW920=+p%XIxTE>9&1MY;)1f91Fv` zJhHZsblN7XJ@{pxFDW|0iAtj#=5%u+j(Wt%#)#!DO zqa5P#_3%8Lt+JD=EX>;#6em}!Dl^xLFK=m`yR0K_Y~-@f4;7Vk!l@GjV^_s!t!2&I zNgKXYs8fQr?B5EkIhLRpuu9H7-U~r8YZ>`Si`;q6IKDR8GhUUerVqpl(2#oj>CLY< z5U=a9wQwT68|k{Ll3@`a~WE_(mD=u5lAw6*l zh{M}oN7$}&$6*z6=MYY>zTsgbPV?|wiuE3kVvO?H|5iC{F}E2#7602=W*{@VX9t%n zk)M|>bxwY*UmQbN&-2SVT^sGox?WecZ_x@=16rGprr288oN@MSx{_ogaND#~W?(aT zD6;D~@*vR*Sm-FQausC1B_Fyo0@DKx7?nO{H(()nV=`gqZs8X zdsW}<)FWJB?nLxx-LI`s=P`)v|o(P{JV14Y!jMaB_KVv?sqnS9x#m3eYbkM<2<_@}$JfyH9!^p`;GU zXnnG}VXjY*f=%e4kf6DC@5~YY`SorD6K_eLM)s(xD7`v+1<0CBG*PO`S&$%)7>uO8 zV}9ZvlkfJW45M=S!yk&n>8+rUhXe2dJOT{aL{~TSL zUQ>@HhDiB@1>dpCRpa%2DPKQ?1H0siIq6TnA4$@%o#Tx9wb7pOs$4aFpjJSAqnb-^ zR<`O)Z;_s_I7#B5DcLHtpCAS4N5%{TPYjCfc#XiRXJ_9IN@}pzF`@#Cu5q{Rn}qYN z7{%%sd&HD!Yiz1v=NCqY>oYq!?0M>$SaT^)&3V-sDFR%_?iqOsO#58aLNO;~c{E>H z*JHQrV`^EyC8&A9rZ}+JBzHd9gu7=~9{KPeaf(9+7^JOb@3H;8BR!X{ada#^XO!1Q zd&aAB)%1Z{fun}g8;qOzipmBfQ@q%mWGj@P93E@ZdU7tjmfV@7-5etixg4i6Pbe#s z;<1p07)RkXu0}DAL7(5c7FC&fYD~`8ZN8qHE9v!+fqa%Ayz2PC9?IN}0-29xMjXW* z)z2Cp@(v>vX_#|~JV#Hp=^rr?^>?}J_3wN=rrY^-nmrE}zT=3uO=q;*ne{lltVxas zfcK)f&wgAR?b)x;Ro@441>9h0FULzz?JE2+s0L-tXLFR#T#WVH>y7MwMzBAdjP!Q7S8;AkC&E5(c(Zw8IY15UPy!#HH;C+-M~ zP53#lyR4N2e%@o$f)w(8UZeWPUd-pzu8sDb*X63}1G)m$xM~4tO4-aFX+Jb3LCiBP zYJ)-8$L1#=*)#_0Ex;q&jS`ERTs6ARdz+`niox?JX;#-PEQeTgFG?9vxoK1`a7WUp z&US<wi=?^P zJl3)B*yZlL13o`+F_!ExrSBgK3s{)Wvd&L)?ekU4Q5<&u=M*dBIY-wwDB`5CE8gP@ zGG~pgDc7w>mTv9(&hWHxR2G|*H+Qq?%sLdutwlapS#jWHvDJ!nepRC|)2Bfk;IT9J zF7biSz;Vha=hUOlv8nUKzOT3AVb;jsAnY?FAJTC;t6p0(Z>k-&&(DADz${m!`E(}# z?&rNz$n$E~Mtk0Cb5-^MUICg4QcFP-d#u4^FC86}Sj9>At8{bj&9Cy151i!QoOxh! zGjztDM=?6&w>O9Lb1&$YNJxmMt21!$bT(aZ+Z+Rx&TK{lUeq+vP1{-aCP$XZDB z=A-OuiOO@^=wLybA2t~9I!{$7J3g?I()I7Tt|6`@6x(iGDa%J z50!jIdE_|hWkr*u4x?Y*`Pyh--Zi@_{s6524XE|1Is5)JGmW8WW9W^E*xDv;8?@qS zXyhz>XEUznLuYd*o{bPcQhqS9ISE>KElc*>qbVLQH2rCQg@SmE`868z**zIe?sfF>)})$C|$L@E>= zUSc%Pl!G5Xc$pIuvfkH3_kV(9+@N_e;@W6m%%!>t{UEOZjfrMtsYcX2ULhLV^q`Cd z^w2F%dUto7^>!8`@!!Z{koeHlbCfjFh8fyBvf8WwdyJ~q{IdGR$IxB9* zMv~OMRKvsHE1GV)2KzdmOv7t|6)CIY=5-54t+``3Cr(%lsrONH43(OM>Uw@6Q_?#} z|M#^8DZI2A8G(&DW%bjvzC|&*$8=pWdhwgl`a6NT#ixTj9-aSuZM5gVMpuQ`3M?y7 zO~;xyTW>TAkU<4t2}z5){TjJ}7L|yKwR_q}p56pya(xq(LAEdSqj~brikMYlIxlSO z6Gj*IoobnDCW$#jB8K8dPuw={e(4-A5L@=*)4Jp`CMdO=T#B;?221giqkE_ko5s%J zN{;3>F$4|ih}9@tw~M=vL8pyR69<@;hq-u0M||+U1bJ<=FX1X(HC`*wR)D6{n<_TL zwh_Z2Y0{4Oa|RI7XuR9xqy0(e$wPV`Js@>9e`maL6SqmB*BUoK8~X20ZRlTB_c|N= zT~Iv>p3+3P)>|q1d~Nltm>bAGR?HHY8~ycjHLrICYV3mqdn(!xvIKW;L#OOgP}=Pv$54rb`>sbVMgF| zi$yOVJC<>emrj$#euxXBHYN_mIFpUU;71Z-bfK_!TzSJ9gW3pdPT*f9)z1B=kgy=9 zCk;AP1$%uHRJ{dTox!d)j6-oK?y#Ux+}&LYEw05D?(Xiz-QA13LveS9g}b|3-_?Eg zxz6|ff#=C2narI#lT1bh0sg6V!Suiu!u$GBw(TZNRENMLK6gz028DH6EAV#AR}aLb zAzU_UcvYeKwJ!0`khE#i7ckRdNd=7Tk^e^1p>6aT-ZCKZy@&|RI4V`ms~$E&fe=f1 z)=6yqY;5Q#q<9%j2uuW=f7OebS*=TYR!&?sVbb5(u=YR?^+$EA$DqQsf_}3YXS&$z zT*y4JliD*U?=|*^)H=j=?gTNMR=LJ#dQMiEUbOlV91D9mIbCEV0(7iz8X@*aEhwal z;<^rw3aaRMcM}}%V~e$m$}!*5Zt-A$>m+bXASmZnW|+;9ic#li zu6tUnLI*mOr&~N_(fyjB#}bUF~?q~wRwSsyNagj;me*)Y=%d$ z(5N`FlIG0qz?c?61)Vd$oe@2;m7BnniUKJ)(hMiFbwJ0U z&o;gT_f6nfR!b{S$)nQW};vHe5TNCb&O4 zhfCdah|-%Jrf{A0Onxr?vCRG^_j>(fjNmta(pZ6wvJ*>#MkLS3^_~V&y0Dwy=&)z+ zr9X$`6jjXNuVEB{yDfD@8Dhar*_P|TQu`1l>W!2NVrRx&7@VW_O67qE8#c+*$&@a8{RW7iXWfyanHdNPvswA^S=sF5D%US%-` z-$?I`Tg!On5j!k~VoifAm)tV|j8+d1WezW0FS{H&ms_&AyXtcvgrvBScOCv1aOL4t zuuI*h`0f*q!1+-vwB;gmf9ffG`Rg^*(NT4mcL=J^%k!rpIXuUPsbI<>nA>(1sIsWS zc2igL`_jls+4%b<-QkM`p|TC$Hrb^7EWqlgtSP-<^SDi1V|M(N7gbmS-*@(1uPPZ- zsk98D{^V+U{aJOB+^Kl%svQgPQP(I4LnC8@$x}jfoCseVFZF$>i?varHtz@Ib1cO@ z^x-$oTWL+ZED|(7__?gnMvU+r}Q9{KyAt?;eJdshbLAINAd_IP(xD|&< z|HV`;mEC;0kOWE?t@|@}97?zy1Hn9JTf+0pky7@>9TR}FeroV5hi*|{WCM9l)Q*jW z`;tW%qOXCoI&{4tSWfb2%d}do)afu(_Xgc=eMw$Y_sAOr@qN;-6jH`V%K-1j`?zQ0 zW3^M@?%0T%g6F$u=5o-rrPP?Vd$ggWWE>i*)YEt<*3S5aEZ>FIzufLTT<2bg?uxMr z0!1dVllWSd${Jly7H(U-@c@G*tKLqv!)gzb4%Ck-A;6DjG_=;{aAgDyU%Pi#qbHfq7A?bDXE?vEB1{vjy=j?Rzc%Q)!yjj*j}YCAU2yQIB`M zKbnj+TUGC@1nL#IZ_|oCf9LZYCx`?<&l6jBPshVE+qF|-d!;Pqo6fnJ*%UIO$D@O> z+ZY|R^fmXF96H-dE0T}Nzec=&g&nZ-PpNn7snViM#K6g_tL0?Kb8@T#Ff8Nt8`r&h zak7b&LuMaB(`MX*+pKGvis@3%_1Kml?;KfrrRYiIJS#l|p{dQQ8Gijr;4CPsoIWsH zb_iBmGSO3xsyz-2f9_k%=DfbVzspomcfTV4TH>fb2Rp{AHF*reTB5))AJ9#Q_8?h| zXq7SP>Ve1rOnHOpEl0ha@;0y)cfnT7nlt7@#*Jd)>LJ42NCz2c(hW{HGyJiYW1m=Y z?TdA1EnLPfpqKKZJcuSQE`58s z3OY+IicTXekFyldkvI-V_vn%&;p`KwTJ4uAtY3d=Hy*mOP2lKUU)r541Go2UR*!?n zV?bT@AWm!L>1HH%vMU?RQp6^@?Q?5qH3`LZe`>lJarB(F=$XR%Dzfqrjtp1re>d88 zknkSD2JQtPoe0cRXSWkUA~LNqv@$a&)c}dAQbV0?&2c zdgE*ox~iIi)?D##$@Y^ReQi6xCo(DkbN@RFAg;rgUF$ls+j7m)gt3#e)-T29;NL{d z|5`Fd-EUC*b2*$kAs${4oRrjDM<%=QQP~|@iLgyd9U9|Qr3A!`UcsB z8j*9~^ok9%!sd;DeGA!RtA764yH&eVqf+#|Kp@dMnmEAXRUc+)W$*vO zg``?HVH&~tx(T6ol~Bhta`_rant3G@sb$aZmEWfKY42Wrcp;K-Jxa@-tBM-`;i=%d z?UPv{M}-(~b@T)WawsQq7dCf4wkqox zsPRg@Z(-_ILj&xtQs)2wW0uGBlbEAcj5KVUJ>eqe`loK3@Mi>##bU=e(Vc3Pu5C$C z12^JM*Wp9_jlr>a-(fztDcb)nXo0WD8o-)`vvVpvP?xNnK_M%=^LgqluW7A6y&zP1 z&bB%~%r)5Uov@r?OW!c0a-svOO?*`3y)utLR+!mI9UQKA?9mArXlSG)bcNg#!S|TR z;|L?vt9v=oT_?F0axHQBX)0nlx6)ElB)5opVo66aOE1YwG&!D=4QBOG>fW(5chSxg z<*ESsBNg3mi`mVFo_DWY;2rsBTUq^W2{F?Fmc-JKT?!EXA`}N5$Oc`&yDxWn9&&CIo zlJ8soKF%^%Kh;NpwPvNhS9S>2nmeqSD!WM0pQWoa!YD^42TtK;6Wq%$CndbvUd7J| zb1ahw_05g_km3Fgd&*AJh1pIJ9wD=&k2nhHHKQ`$CS?K*?5tUQ21Ggx(vjGjU`Mm% zc!*3b4eX z+6VD5`_zn{WQn=B&|jG{vrPq?+X1OtSv~0(0o>FEjJCl|4_ZfUN(wNS7Fyx!(%=of zGdg^IWWj;#Vyu-rVJ>fEFFbeAweu5cYA}bQ{@n-U^sQ(joyc%AOxWu$0gH1z&?*ZS zN4^3gLwc%GQhNeCL-t<0OALJ_15#7nciapSJdjqUT61rG!)>7Z9v1Rsd4*txajzk{MA zQ68@l94|1qZ19PK%g1KdM|mDo`;qkz(1DSciw+uFyOJjm9JfY{>cQXBcx36yt$glF z*sF6nLrD5ss)=uJzCgj_GmQAFYB*x^;T6{WmSW}X`fA$o!x<~Xx&w`URegYSH`x)Z zm^9i@{@UFql0NOVO_n1+Td*W)+v}gnHaS{p!AT}NoiJNHzeTxf8S}e{43Jow6KW-z zpyG^oe%Mm3E{aX3-T){qS-YBh>xA(J`!%jC1V)n2mTbOQyY*TEzv#J8(EVoB}av_ZBcsgHrF0J*LOTx{(2hcx97hZX! z6`_w63(mS_3*=lsI`sbLxhGo2j>>+t3hQSm9k-(*Z2a2)$!;4Oxss#=H^tZAJw0m4n&bdfl}0Doa>}8Yp&4f(oq?r}x$+ zEAwzjO;pF_me%Bu4w!v?Rt5E#%kO@0Eho`w{xLMY?UG!MQRaIO!Tzv{v&)Pi&mvY1g$v{&t_VhKM$_$SOry(VY4X#!o!eW2y^{P$fE$1Y{0O z@rx<)?3u(VFGqd7t@fjBg4-vb!r@S+(uXRZ_-XssLW`BUJkxKYW<#3l;w=Ybpk(3* zCH>f$J`g-VbA9>|RJEI}8&-x%*eH}-zEsGq;nB5+)R&s>BJ%Ak4@S9tO!eufxY%>&_S>nkzpAZgxw(J zcgmbMW)sD~95-+IN07aegcT61hhY#VWnTG}RA&o@j-O>G)N*QJcd`(yjkKyk)v-n> zCNo%%TkWx8l+|<;6$>zS>jR^z1uzdG6d^5z;$L0 zA{uy*ZoEqtg(O~IVw3y9lP3IND>DzoP&3pi7Zj2`vhbLXEfCYXYiAD&U~%R}Ks+Jw z&>uPv>6`KtC;7r}oko4I+d#~Ef1#AAE5$M4_xUS0x6F^QPjaa2meYYuFDlA08*LIq zF*Kc?)dMu=MoFh?rZ9V%i+e59CE9} zE(4|IV(q@b|KC1WlA?5lRPA5K%G7P7g^#j%_yAbOY`OO(x=X<=*852Nh(0&Nw-6WL zay&c|b}x9wKW?p6N+&#%)u6N>UBh(8XX6WSa4UiV?TK%u?iwe@HQg~I^i-!zA{ zYKO2aaNdFfRfp#;%UBzF>)E!^WU)fNJ85WG0643ZMw@jH!FO<+ah0zM2Pa1Mbj&Z8 z^6OUY+zxC6>n*n5*!8xzL}%ymzgOjzuDncH(=V&bv{21p_qDLLJh22H<8oSK#IgVr zwnm!%CJ-J#hZ;J^ju93!jDli#2u8hT=MAF=)|Ud@g6}f<9tASb_T+gOGh45$@P=8F z!x!H=lgC*O(MhX@F>=O-$z+h5k`Lxj{*RMlRRf1vbeZ1A(F=_S~l+Sx^KA{CfQ|6QP4q)urZSHi#3y~^PjI2Zcs7oztj zCpBZQ+IsnZk|QJimX-AzD~%NVFemCkZwqC{){6+lUqvFlch9*>hQ!tf%)(7wPtB$3 z7SBkBOW+E7tL_x}7ymK*9JdUW^dFN(vDfDI}KP5We ztm)52>rHn^g^o99S1hRBKPfXql&$Xg%u=*cxYL{^zL~Rucnt3tg_*VCr|WNOKZ4f* z9rlBmwC?VR%q2M@Kxhq-cb~+N=`jaTvY(>o0{H&U@Z2rEvDJ1f{*U)KGSn#o^BzqV zegtGp2Zd@1fl22z7@_tteK(oKWja#=*_g@|W!Z6DU-#+c#%;%`PPsF!JZ=iP$+G$o zZg;6=xpkK*8~^U30i&W~xn){v@41f$iE0UCi1@91Du`Y3+AqvjUOc2kOZbpRpoE!@zVS8OMw&wk!QhF{Py!q>YEUP@=X zD0ty7L*oxzmH`Ho@-$u?w0IrqvwnS{dN2@R)5|Jv0v~Trh#h7455;M13VlZtBXHyG zM(&abeP&M|;SL14d8G|!4XcT)yiWYroVl~G4CJ}oYT*^`wF5d3j5Q)C zjQy#$M< zMkVW_ds5s6q<;mXiDv(*>$>ykJ=o0 zlx>CH4_Mdgv?dw|aD+B-V)Cq~D+vJv!F92L>p8R)LK4+9*F{tct%_#Cm>7}JpJ%#l z4iN*S$9lOuW9#yIVz6X+neu}kX~%YTjLvF%$8?QV>w^*ZeNc$vtok z8_mKAvL1kM-m{r&h77+ReMU~93}uO=2j2#e2keBAQ$IZW?{nTc{p$%{r)ot6hlg_= z{}nQz$B}pO#_U;!&)4hGS|h;|+EG+Pqdams-v^AIG(e#ncoc}RM?w>OS*g_qJA8`U zU^)8Y#Y)dej!VPNX{&RPgpdVf;vX(eg*zK`gyK`4O=OqC~-sY~xH#obzAT zTcV97?eHfI8m#7Z020I2j?fN%_j73I4~%RZyb?z4y&^IgXxUr;Ay9lOs{*tR{>aO( z`(*IV#_zAMryef-imI;b%gK-^6gdxUa@-R}6*o5JXg88%^k-4pTz*Q4Oo-&);n0j5 zkgqG49b#K)z9gctO4!Oi7==&{N*LR)Sb(pvRq>M2-DHUD;K3-7?9KH{kLS)^mzjdz zC9evbt?jQ>0t=>>@9&q+2ieY##}|%y-4Sv$z{h~3<}*3vJATrcxq`tMb0OBh@e$mt zB*@Gp&CAAsv3%Gul2?N+GXZ1gH&%@E>l|oRG8hFcsE(^0C|+lb;OxSY2xngj2HB(Q z8ytWv>RdszNFl|MOpO|k1k^ak6-S=7qZGo-GTiM4v<5Z;^+evjok`E!c5c~Pg`W1O z#7hKb##gL)i}QDnfyDitHht8yExi=u>!YY_hvod%@gilq0KwN#G|6)=4C~iJX>3IQ zED1l{sSaV?+p zgFUD;62m>*>NeegH#?)=U5w9)2bNs}_a<5$vfV1;+KJ?GqA9F>I-ISGRpJaC33&I; zq_i;N^p(#7=)KEt(;i!C?jP24JXf$2)NMoI7h&4v=WymAbbw?b#0b4A%4suSOM03z zVIJed%=kGL(=|JrjdhNbvJW{nf!QoDg7NLh(mTC7+vwD37sD(78SfT5E|r|J#<)OW zu@7zsfT5K9x>15~e6V0tjyDH~d9bZq_D$VSoHU8?<%SXBwdRVzA-clSoj%|C`K*+a z+%5op7*{`X$T2V=d=}WUjGFH+ahlifsx9#88>O8hjTvFQz4&ASQZv5hh8KFDF~aZKX>Ni__z< zd<|!Z@yCGM=}-X&6hq`MKRgVDdg)GX?9KS4i1J9QVe67X`wX}xt3lmGqFbw-bZzQ- z_VTV{a#ep+zBW@#u^mo1Pi6Y%wf}vlj;YYqQF1q!l)0%IWUA=sFrjmG@!gCYr1CIw z?fJ@hz@ucZfxwB?4ZZNnf*E-@jV$n!^{J5ze_3|Up_8?_SaWh)RSMPhK8w6OUk_1E zRTHuZBZ=jA9t(q;j~A7QPv%_qZP;$9BI&hGFVFpkfcekzQ#Xl~~@ z#8}X+ySwj)cx5QXZVstJ^_WJJ89YVhthn0O3p z+|Ps`+2(5ENMk@|5%}O2b8k~{GPOO6BAIs$_f}C0 ze#0Rspr=VjEM`0i>*c*dHfV1tpa!M;>)o)3kCD3MGwoprnP?;g`;~G=fJfZC@Ow?j z&<$$eg~HxaP&>?{cV;T$IO2YCSRz}AY0`wNr#D@rpJF9^TqciO`lGK56Bc38_*66e zrp_px)?Ai;aYtf3S0XiFP2ev?BYwT0_Np6ZDkbjZ>` z`E@i7>0_g>H)CZ6As-RpyiQ70_4_41?V5BQ2E8P7$~G%4ep@AJTIk2owL`01C!^i|Bp=1sZ7mu27IZGO74V`+4V)&Qa_-HO!#z*Ty{F0Sr-=(-eA zRfbKA-wk$(!-a+E`y+E2F0N5K&F$!THXPj@B};1bx+0SCUZ_Vihs48}&leFIAhBRb zMNF_vR%`R8m-`-6_p^OkfN{z9xrgiHsf`Io4tJfvdzLXjiL{DkEnV@x3yi<{K5Y2J z`Ya#D!Q`PF&mM*b-jRZ=2N74uBj zf)QiyJ4HB{v3;=k{{GY+lJ_JlG@s&Yi59p%>zmMGegiia@F&mhO;dn``&x%~k#Aap zM-d{W%C9qB&diq{@e*-;;|&~ z^H60&N|E+Z5HwQKG;24E#}CvV24rfc`8P$zP}seu|8-EkD?&5eV*$>hI!0ax{LCpp zIKye>32j`#;$t5)&MDH(kgKzn=I`>ITBO4p#2=h;#|M<<7f$GkgAUvkRS88Qnz zjg|T>IGz+Htp)I+&CaYdsVC)3c0-p1Jc0^o#ZpaOn}3~@66*g9t}QnB7E?>3t=gMu z5~D{je03J;Z^fxQbn}<^^W+c><_rnoN!GgoVJj5#a-{4h0gT_HZ`*Yx;rC>wVHT2& zS>#daAk0C_1sJZbqoYfK=%V>#pE$^}=}%X=O2q|+5_7s@B(%RGR+KXMNNnz>*#$2w~LS-y!UOb?D=Of?=zmcLECAOUfV2O>V5oQIRq7A(G=!M|1v ztQD~Fy%-2C(>IWxrl-3zi@@v|py6vb1)>lRWp_%CbsOz(9qa54h0TJNgd;!O_u;hF z3Y?u;Dldzs;HJP;+tUxOCF_c}GnmRcR|P}(gvH!I^IBp%21NS5<|JLx=!J7SU++_` zI4Q%)Ar^e~=%_*MaJXI8JkkAP;CBKMU!$J&{hS2T<=+J?rNVp;*l!9d z7Ie`n% zOk2vq0}|e{?K+YUegkzZ?3AoOekDYGhJ3S9!OuJV6mjVDgT;j-FoQ$Vz)Mf+=m>rU z3r?qb35HPe4sRC#j66>@)!AGYQt#1NF*&-_h;p3C=3!~R{37;4+7*ot6uvxf!9T?O z8Q3%r4l%rhWyS!6E%+OO{ibW)bE(7ZQ^A{rOCo%p3S~LVrYGSQfog_Lp)QBUOHycG z{^6a{Fit%+mPuTFonaaF)9s^n-X~_C=!x3Xw=kXYW>fb-aRvpJ`c(`63M9c+mZs;_ zfa|Z@>1$JsB#@Z5)gts##C-uTlnz5Z7`hlBDFg5ZpVn7D<(s@J7-|sefYy#Qfd6V! z-qwUXJxhtgKyC9iX184#B(=_K^ZLfFy3Q$p_Jm?g-DCkh(sdi>854=8R#~9hPMUN` z@aJ~Mvwa9jp}YxH-D$2m7qxsH@QqcQ%j~J0n(<(a@u*|old**6C4oOR$6<0tj8pY+ zdGXxrG>&}C8RY=^2TE)p#hwJ=lo)4NgFe?hPIWxA(J6jz)G&*vldVBdoc42BZ^(mp z3=y)1Ee5lwZ9ObB#yL(VWm1bERCASE`)8qsOZT&kb+%Wgikv+dcmAIr0cb97-!GK#V^Y>(l>{!Df=|l}Z)J!%U5B6ah@s+8>cStp_ZM7R_l5w(IvE$Jo z7^Lgq^ydf3G$>DlocgJsSubc(NrmFE*Jga#0NNUW^(?Bxs$ph^fzjm(obCz}sEHG2 zrpZN8Wl922GYR`40uBxg9i+O@)w^#6D5tUCAhuGhpB%8-@QhiVv`gSTdS!jeUn2@2`^&fnSQZi&l0(4)5j{_T>?rq;99eBL@7_bG7a_lVIfE%bLoyHPV`bdIvFhwSz zpA>YO`;hl&s1w379Niq-H`qDYMdQ!3+WV!N^j5_pCUOi>O|oevAa3FSCtC< zGYPVq3##R_^3UD{j~IvGYyU&3Sh;ARnn=YNTY#_5TpA^bYiC<7if=+KMASp(Zj6B=0Ge6_F7@}e`}v=U(k z;%6$8ML_VE3xi;KlY~pds0eAc~FD65xDeA#+uSD;B+3H}&zsA5B%y@~fovRmM<>ip7QiGL8 zC9H1;S-odu?ioC%D9~R>q}6mOyQrt{2-Vfz=Zf| zoAIGfq`;Z^AW6u9Es2kxzz2(<>dKJO2$@YgqlV^NCSg~$f1GBZdcf{h57xLcmTtHDU zZ_Fi(W1aJ(l#Mp43+9)hJi`G&A_AR`sP)7!y+O%}NZw|nt=jYlh6=0N*$%nJT?1ph zt-23=csAG{^L0>2x;vhIjO(^hfOM&#=vtmZBB1X!UQ|=;k3PYQRia=2AD8pf+uFSm zbcWPR6xm7nD?!XLh9kmDcv7o z$_V|zne81^`!hAA_A^tLw!Gw&fdm1V59kRt@#4x`*HCN~tn`y<^Ycs156+)6H0BWLRlGc9-t{t|2KPJ&)Sm2!D|5cp2lB5go%!?|EprG)47~Rj9^1 zFcPlwZ=Jp}p)!HTiL4&f9^SPst+ki+_-Q@S%#h9b5K)Xnb@{TP{jjD_Mzp^)pJQNa+^m>aG_lcLnpK}IJ}Wy%F(~h!Awb!-oU|pW-&m2adWpD7 z>0JCwcYaSjp+%63%!Km7nqeMg%@ON;^du*bnm?mLlfj*|`RQyTP)K+*H1W%_1>};Z z&DynI#z=93m-Yu;IC~eUfbWeS=YvT@!88aiBYkDdYe$rw;z0+1TqD zPeVbB6ir+FybulSgvP0w@~i=zq-8bkKNyi-f$(>Plo7W;mB0tx_wR{%g&{2=xg90K zmLpX2&)d-?Lm?-Zm%sNFn!Qa;W!k28_cPD9|urqBhor+_2LHcve zzlb8UUb#-)0wNMq?y-Lh5B^z&gg=%!#b!+*IH_3 zOG$MW2jCZRBc*45DofW5`+7R{;iiwYvJ;%u&(3@=!&3Yn8!C)X64f8uImCJ)8w!&y z;HAS;dRB}Jh&+yUHkKo0vZzC;UqmtaBfOY=%Z%w&Y}k#%d9llxASfXX^7@|L6gk0j z1Ab7fk`u$a+_bo-?dm@JHOJGTX!Hu&ZVAO!cSKE6R6hZsqj^nU^RUlt)5qufFFWH& zM@>Da?tCEgT7Z{ny#q|o#(_-w0ku*;#SS`e*QVCUNVRdO!EneT+_Wt#66me4j6XFWzk=5g4-DVnnKAndy%0_h;GMyhBj<4$L7U zyk;ATpC&WyvWj_He909o(Q9(<;}(^&l=i-e7t~2Q!LRM(uC$TrwTc$*(c)8yXu`$a!ClixA9*NFG4bU?J?13Cb}3 z_6R-S!Y`E_?e7OFf=e`{RnBs@l`yP=GYD_x4nuo{e;hqSn`sx#U4`Dw9>+f{VzBpv zvjlFyP2-s3+*N!2U-gWoXZNb23qR|IokZ2`DJ0#`KlXlta_ZfKkMkHSf{q!96eJ9V zg}h0Eem+^J9^;v`j7q)0cGN=ioE5yFd2D|)?3E2&w4M|PgVdDb^4?diavvI6rah)n zYLUNFLT^jNf))8+U>I@yL8B$Be@`tpXS}Q4FkR2nW8U8sS0*+b4`v!=A;`BlB&a_w zc7K3;4Vz8!NGqmUS=#$!Y6|3sWw^-wiS_8id2}w=h=#6pNFAERt(pr3_ogM-=m=C< zT%Q{9FNf(ZnsmITk{2(cp6;M)`9|_%lIZ(lp0!VyY=7e|)DeTT;jIFpXNAY8rOl1X zS9ln^2(;$->-&hQ_nXl5&MAKTtx&}#Xbe^N-{{>Xzpf()x_FyTpuY|_ZvSPv7$v$R zFRev8xB~9trFeJcq#M^ji_}bV&o#E1?irI{Zl>A^*euzrA1Y!510Iwyr%W`Gg_{a0KMlESs7HVa z*Ma&vSdRBnFQwZAp}$?;%g4<70d_(U+O|zgfu=bpS574S?k9OKKO$eLyBzFO`EOQq zVT6mDyY^l#ipQ#((74whW;eCKFM2e3c-i7KN1=hFiLT%!uFU#)%XNe?(#8%}NR9lp zM<`MHp~>BKF3r)>V$8q4pm>gHXH9ItNb|`DMoy3T^~k-7!@v z`IB-ubjGHN=BtT+fTuEZCN2&-`)&TGW-5{Rm~ZT}8)|#~7UK1WmX9xrP!N~kn_j7! zFBC?1FwS>e&>aZ5#n|ic_)-@upYqqfh&1zkh=XS2`UgGgf%bt0sg_sls5jYE5Dei# z;H1nT6*nvD*$ti};-HH{D~5SbbqnK*M*nf&uv^P1QCs9U%P*@n@p-DrZN@WwMiB(A zx7sRovevMWZ+d_0sXtP@J?fLvRYK7_~Dc z^Hdtuu7tNP?7b%3rjIV%6A-oUp4lS<>>v}jb*ie{?^>X*VOGs29a)KnGIeN4Q&2<_ z0L|P(Ja=IuAZtMv^)K4oH9&u8fi!P~v*+G$9N-CWC^q>Q3$`p zUt$?-ro0U&;I*ud9aLR*5xfq-)rKd}x^jA+1cc$>zjaK~6t;tFgP+1&V$-r_;^puO z-&nqmX0 zXzv>>0Bhof!PSg6se>bkXPjoa%71by0FIrN)re@&Pj>F51L|O?@#}|eyQFW1%jtKE zT_lJepPdo-bEX?2*WY4LVfbN#$AOeP;`3ACzcn-bnz{&vJ=ryQ-dYO9k$0d@ZvU~XxWv7V@ubWbxL~Wv~>1V*4QBz-2HhUm-me|lsZyCg~Y86WkLp(lHd*s|IOnslb*-AQ zdOMH9%iEW9u9ZApZsd(0%U$X)x(9IhRAZ0lz!k&q9amoN%%j!O=K@P|_MDMrnVoQj zeQOG-WT|9D)6WPj(i*Yzc2znq^pZZF&HSi!@vqB?-^&fH`X^eY53;8!%>p$(1g)=G zpqp<*fefm=r8&+m(R4%fZ)S52O#dpinX#)ibSoiQBcFJPC+O#V$t{aBBN+RS4e&x> zV88wvr04#vK&k0*sNv2Z*+-@sPF%tjUu+&>r=~G&yp|-o`_N!q#s6s52XHj{>UH#; zlelX0S7O&V%T+nXR_JO|(XsLn$e~!J1RWiU8V)jEeu_#0B5h2B?PCh^xKbYN1$>=A zKQV+d#w{ZKx_)vf4yY*g$tuJpQ?akDrf;8dN#-+$7$L)}=qO%X;2*r8@8#fZuiRA9 z`4c30jWWU=rLvj?W)GB1`Vregs=RTEkB)a}VPYrx4CqIj^f*TYe&C({Wpk`0#8P3w z*s&=Gm2%Eug@K5<^a&HRs&JkBHcki+-0q$#12;P*`V6NNt4cUn()I|55rb#M_wNTi z(fzx-WWw=L%Fb(WlPt%5B)pL`$ruUeW)T>!=?x`IvCBUR8lQ-yVsbiLF`M(?x`;rN zP2adpi5~5EoHTRZ&6oa1&)|wU8H@|2|2HfVvJVm}C%1hQBbA^A=bdfj8}eYKK5mv0 z%6#n#hg=l)n!3z|ajP=e-*d(b`tvg(hH67+R|BbzUkXY0TfYp7UVhB|F*9mc8wA(8 zCxcGVp+vXD$st(Dww|WS+iZsG1oZvt9Oafi%J?wiuUw9>F_| z5A2;?=~#{P+&TOaWP)3O(6j7K^ohVY26=u@W2XWKUT0pF$ba^NgrvsQ`}#zc@Z-oU z)Y8!b@fA{VM%HB}8{!1DQves38W>A}!L^hHd&M%i5QRujB(!($8?tfYv3Ms{6t3Z-(VLVlw2Mr+%0A^f|BL;XB%bZh( z&9g>g@aJ4Isa3y%KZgp?r(|pG`o;$ED64>W=yinZyksz$KzzixwHueG~44C;TMKJ0e z-_6!XM8oI7f&6ffATGmL#AG)o7R1}97n53jY<=}oh-}Cn#c%8hXM4D-u$P4Z_*6}t z?FyXML`!Qfu4;&bR`C@DM1>JD&0suO%W3?=i^GsC66PSsRR%ND87F9}4JreXG7h(A zibw)+ikJchxG(xNrX4f+rNp${ruZW#HsTe{k3FLX2qz`K5~PQl5%S{Gf{9Q_atIil zPyJM41Wpx^W#OwXX-R+d55-7kq~DI0SFGF|u*;LPSykFKgb+B!|NfwWukx zi{)29TQp-$wc*epn&lNlk3&gUunkrt?CS@iZ`l?%MYMe5fO>B`WCrk z?B#4JwI?WWP%PpTEi3Fv(U^+@%gvR)s%_Jfe>VJ;Iu;c{;&)S0#bDX?qUA$(=9 zaVISfx;s|12iq0F|0_(UPi8OcPli<`OG?#w1>FyS>XW0S!$PTHuWzG{mMNb6n7JcL z=uh@-6{Z(Qebh!Qb=AlKjjxCNz8MJ43E;4pP$D4#4vSHNBxNY*>>NK!ATY6!sbtg{(jI9iEZ5U zR?MIeKW7o~Te&D1|I``5Egd|d*W&E?I=Wg8_oUpV)lp88)YDBtTkcQG+4=@}J8bYM zO8iG{MF>RS0yOy$A)&q@BaD6X5hQ(%EEWTM+LOuT7%+&esP95Fips-jTt{?s?e)=% z3G4a^3;}k9;LHBAz#2#xX^}#3yK0)bc|cc3z_|V?TY3wO6kDaYnM_-8Df~fi12u>u zGmQ|nMV=UK(vR31Z>2I<#4-F~R0qm)*$QbS|76Vm$7iVjh;uIHR~R@dqoJUX+D@79 z6=77GDKdi63>izBf@rYcYPol8U)hHe^h~qa!dYG(WRSxaOvl#t7;$Uu9@=!;P%vSt z0{rLo-8kgT65n*Ye7)g;%U8=WWP3=xv(jb?rWgAJLbF~KkmoZg4?x0$d}4?0knF_1 z9QQ%scxUV5b1>z6^Afl|z(-vs{m+0ktWdzNYo3@cF%*KR8WTmlNe?bGV`340HGi!C zSJbt~GyVPlnUxi}7Ezc>QJA~Pow@bNrBp(G|XitxnClea+}*Hm3u_YW${H3 z(n7P$rBKYsWs4cVx%Jz>XYX@f=kC6v_7%LJEvH;Fqqw3Uop)|IXhk}# zTnQY|m#RpORWDKm&O+CU=Wjh^yZ%XySa)$axqe8wxQR0fho{eSF36aORri4-LUWt= zZS*}OkI^EvZ)UI{^7Q=^rySGqT!ZI2Vr#@`PYXM9<$n%F1{I>)%nEA;zr1sK8=ixx zwM~dc%q3o`9|CLL-+GiWk7AO?a&MWAO6;%rq2I`8L)JQiDsm;`$LD!!~L^V$wa1 zXdgMD)KeC$8zU^VrW60ni=i$_TyoC$PEefxCNGJVOL6=m1gnD?F!~`8!V9mk=QfwZ zm%AFMy8qK;ZI2cJ=IS6i>~AD*d?F|_YrkdVH*GblIW9y3-Y2fcEEWfRME?qL{w5R+ z-WFJDe|teNskiRu$q~O}_~FeSbk5cJ-rOIYa6ihVNl*Rkde@a2UtxDy6_OZ;f}(uL zuvuYqwV^lWY?;xrU%PZ1g2{0MMC8Y@Mf5Laq|p}U?N;;@usEilSp{K#DX$8Il#AU> z)nlN-s-zOAhuq{v9~#(f-~1(EX&m*b&HbO-Zh2R1pm&MBr(D92PKT_li042{E@9g% zmI!9c#!SY@1Nxf_4;q?(Y;b}YOI5wTmm9RPS#X4FAb#2=aIs};ZS2h>ZyO)nHpv~; z{Hl?h%*|42#B1{{+~`tT7XBI0-}_8P93dUDiRAndD~M6bC$NP*?cOwIn+t_&zW>Ch z>s#@evt?j?sHBA0PV9;>gs~t0g5X3~>C$0hy$%14IM!d(pU{3!tI+S)WE+jc~~&@ars%d{A0#cx>F}53+x|B<|2H5?78#+r z+v}MBxIE9-kkPoEBdZfM_(k!-sN~J$u=|@eP~W3AJ#zXdyM3*t*xon%N&%OA_K_|U zmMB`c5L+U^x2m!Bn&lF@rEj^znTO(^ltG{G65YrrM@+p%@OST}`6d(+rf~P*vFzrH zbLi)o5;Xok_&J#1dvl~aEMH}zp}mYczPmCM3Qc>sjg*&4smkl0?-&p@HbBzaDCQt$>=oRB0DqQ&y= z?v@fl26kc7Y?5PitKOHVN!2Sl17-L1W!m!HsYh>S1&s?wpk%iiejd4j7aM$NfKK@e z9Yq^K$UGBB=Brsc2IYM_w!Jyf6sWVj#<_?tTR04~KuYSs`97#2r7la@KTT(0gr?X0 zta$y2T&k*&fVtGblt_q+-(Cvo)Oq}T+JXx3&oweuq_H8yK6q7J#Oilt*4P)_uRz^z zo`#^HUmZ68wIXLymlfhg1IMA3q^m>+P*6Y3m_GD7zUF%!=2<|&z|s+`Exr>MQzC*l z%hwH+HxmpLqx;l!eD5Xl%!rSkyC$j01CEf*RcLi737Nk>a%!@2rE~%zEWLR(a-?Ir z;|}xFU6mLgIQ*;;R(=2JS$W|b)yHy(0jc{1<)W=^9XngGw2moL|X$I53=B!V8Bzl?CvsxS8$~=V+ zsOH<{#3GKK_^?aP3<^vj?+0Ig_7jy)bK7#EJg-QeOnEHAD#5GTZI|XY6_ppJ5O4fO`iV{C^i##V@$1disvjDfC@`s_u{it- zBW5;+fRaU6(!`a~ce9#+`SZwu?4*x}+?Weo$W*-dxxz)f&~YbkLqMD`93pQh z^46S+#=r9ma}aN{*CpQD1;c9C{VKZ|O#H&Vp*gx{&aeRK=4l*s2<*gB!S;Bg_Y^7gL2qi|*> z1)3?RSDGm1uWp~PYulUFn-d+}Ktu8L#qvK~_ukf7_1sY}3)7aO zaGetV8%crRVx+YPGvzfHeVsAaK|2FG8Z#&e<(|_i`oy;oT1mTmBp!J%An;IcT`gry z%{VdNqo#9+UMIj>7P@P0%!y9|T@5wqLN!0*_<=2!|JZ(E-(8966e>XXKU=cm9I-bR z@ghRkG>+~Mya0bZj0qOvUhr#PnwLK+b+C-V#3yh%wrdR4OJXh3UYp^{J%`d-YV|It z`Kzw#!@%10?T^E(MXH@!%_!Cjr#xl%h1Ub0P6V_LKaA0HEjv^+wD6rHrR!kdH;fCk zI6M~+osF4VL=vu@=F|6(fs_i5;G;$IL7?CFz*zo^9?( zo++WQICa;G;F;#JwiM5i`ge9{tX`v!7X459kmO*yKPr3+Z_Syu2iA^S4MER!Kt>7w z!9s=-W_A8EQQ|$jb|6@$xWc-aw4MAJyU@}bSiAO;eW#DYT?JX>g?EUef}bJI4YuoJ zM_sGUp!>4oxTP&4v&SBA^Rw|*Al|U)OXclr2u;C_$u4O;_HZt6kh9u9jWF4N1ny8^ z?b2Jwpr;KMP!2j+J_1+F)^g#WSg2{8!m5K0?Reh*qc;iuI2$t7W_##iM(i-+O)aIk z43wU9u#T{alVd(`t@F1imu>w_Ml64SsbAywgj(ON3Rkq`fztd9xYgf~&skZ|!=HIf zHn&}%Ph8{PkIT$U3~msa)vAo*hW=m&OTeu#!Wi$+e9LWSy~lw&5~9U`)EAwsA{L5u zRDvChJqzy_y6rH{zf5}`X}0g>22M6SPy2dfBIWJ3`zfO^c0jM(58c;M*!bte%)Yf< zvv!KbHT#dpj5NAlrWx{7j2Td7MBTanVt_cwvYq}ryCE^IyO6mL-Ig`W9ysk+>wCTZ zXsHJ#O9NB#wQ2K)sLr)dFm{Ei&`Gk%CECwqV43T_R~|6|_&u3=cig=PUZ*L0T)?O< z=&{kc31MU#wR)-7a?k&SjGah*R9*k4G}o1EXuJmx_z-yjt9!m9n6v!A$kB4fPCDa@ zI@Bljr0q8e4jo2(a!1t}U78dbS^B#KIpeJZ^n~_=ufgNYCnibC!hKRl*B2((IF;Ab>keYq!ym9M}++jUcFQEOK% zM_1DL#s0W|PiYhv?r%sXHlj@`WL{WQ{ncpl9h2VM`2HJkhM4reatls?ddB@QsEt*g zG+BORiKdqSthj%PLo z?pSAcGN4s71Rh8rKg?Rb@jGb9{4wzuSJ<>}rh&iA`pi9a_CY+g6+nL{bJ-|94qrsID*zw}kx?j?9rsp4Ms7Q<=xlonPB7hW$EN+2cs%l*g6*=U?D*%Rh>Vvyg_mJ_LBv85*hdm~M5xtA zdo)I@icoZAUXNsq3|FANuIwjs88HQUjJS^V77&*;vqBiL3*n*~$b9uoYZsMy3Rk0Z zxuz~wvX9NJ-THaQZ1)*;eelGv|N8ffD|D(`Z5wjy8$ljECw0;1=zJdJ`FxMf!^)=R zSAkibn>ow&1H@kVk)}#O9iJEROWcjqJ0RisAx@ej4BstW{S&V)q|}G^q=5x$Z)v9c zc3n906{n;RYXSH6EY3bEV!^h8w7!Y{ynW1<9TWDO%t~y!?-0$1gNSf1l3x=R`)IR% z=P!smVn_N&*8*Dvv-r?Pj@7%Ff!UL(XZd0+Y}k4wn1&;f$Y=(G;un}|+x;}(HlT*s z#{}k%#18xl?G0c{|DyS Bix&U@ literal 0 HcmV?d00001