#!/bin/bash -e
#
# Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

source $(dirname "${0}")/common/helpers

IP_ROUTE=$(ip route get 1)
IP_ADDRESS=$(echo ${IP_ROUTE#*src} | awk '{print $1}')

APISERVER_SERVICE_NAME="gardener-apiserver"
APISERVER_ENDPOINT_NAME="gardener-apiserver"
APISERVER_SERVICE_PORT=443
APISERVICE_PORT_STRING=""

APISERVER_EXTERNAL_NAME=gardener.localhost
if [[ "$(uname -s)" == *"Darwin"* ]] || [[ "$(uname -s)" == "Linux" && "$(uname -r)" =~ "microsoft-standard" ]] ; then
  APISERVER_EXTERNAL_NAME=host.docker.internal
fi

CORE_V1ALPHA1_APISERVICE_NAME="v1alpha1.core.gardener.cloud"
CORE_V1BETA1_APISERVICE_NAME="v1beta1.core.gardener.cloud"
SETTINGS_APISERVICE_NAME="v1alpha1.settings.gardener.cloud"

ADMISSION_CONTROLLER_SERVICE_NAME="gardener-admission-controller"
ADMISSION_CONTROLLER_ENDPOINT_NAME="gardener-admission-controller"
ADMISSION_CONTROLLER_SERVICE_PORT=443

ADMISSION_CONTROLLER_EXTERNAL_NAME=gardener.localhost
if [[ "$(uname -s)" == *"Darwin"* ]] || [[ "$(uname -s)" == "Linux" && "$(uname -r)" =~ "microsoft-standard" ]] ; then
  ADMISSION_CONTROLLER_EXTERNAL_NAME=host.docker.internal
fi

if [[ $(k8s_env) == "$NODELESS" ]]; then
  APISERVER_SERVICE_PORT=$API_SERVER_SECURE_PORT
  APISERVICE_PORT_STRING="    port: $APISERVER_SERVICE_PORT"

  ADMISSION_CONTROLLER_SERVICE_PORT=$ADMISSION_CONTROLLER_SECURE_PORT
fi
ADMISSION_CONTROLLER_PORT_STRING="      port: $ADMISSION_CONTROLLER_SERVICE_PORT"

# TODO: Remove in a future version
cleanup_controller_manager_webhook

if kubectl get apiservice "$CORE_V1ALPHA1_APISERVICE_NAME" &> /dev/null; then
  kubectl delete apiservice $CORE_V1ALPHA1_APISERVICE_NAME --wait=false
  kubectl patch  apiservice $CORE_V1ALPHA1_APISERVICE_NAME -p '{"metadata":{"finalizers":null}}' 2> /dev/null || true
fi
if kubectl get apiservice "$CORE_V1BETA1_APISERVICE_NAME" &> /dev/null; then
  kubectl delete apiservice $CORE_V1BETA1_APISERVICE_NAME --wait=false
  kubectl patch  apiservice $CORE_V1BETA1_APISERVICE_NAME -p '{"metadata":{"finalizers":null}}' 2> /dev/null || true
fi
if kubectl get apiservice "$SETTINGS_APISERVICE_NAME" &> /dev/null; then
  kubectl delete apiservice $SETTINGS_APISERVICE_NAME --wait=false
  kubectl patch  apiservice $SETTINGS_APISERVICE_NAME -p '{"metadata":{"finalizers":null}}' 2> /dev/null || true
fi

if kubectl -n garden get service "$APISERVER_SERVICE_NAME" &> /dev/null; then
  kubectl -n garden delete service $APISERVER_SERVICE_NAME
fi
if kubectl -n garden get service "$ADMISSION_CONTROLLER_SERVICE_NAME" &> /dev/null; then
  kubectl -n garden delete service $ADMISSION_CONTROLLER_SERVICE_NAME
fi
if kubectl -n garden get endpoints "$APISERVER_ENDPOINT_NAME" &> /dev/null; then
  kubectl -n garden delete endpoints $APISERVER_ENDPOINT_NAME
fi
if kubectl -n garden get endpoints "$ADMISSION_CONTROLLER_ENDPOINT_NAME" &> /dev/null; then
  kubectl -n garden delete endpoints $ADMISSION_CONTROLLER_ENDPOINT_NAME
fi

if [[ $(k8s_env) == "$NODELESS" ]]; then
  cat <<EOF | kubectl apply -f -
kind: Service
apiVersion: v1
metadata:
  name: $APISERVER_SERVICE_NAME
  namespace: garden
spec:
  type: ExternalName
  externalName: $APISERVER_EXTERNAL_NAME
---
kind: Service
apiVersion: v1
metadata:
  name: $ADMISSION_CONTROLLER_SERVICE_NAME
  namespace: garden
spec:
  type: ExternalName
  externalName: $ADMISSION_CONTROLLER_EXTERNAL_NAME
EOF
else
  cat <<EOF | kubectl apply -f -
kind: Service
apiVersion: v1
metadata:
  name: $APISERVER_SERVICE_NAME
  namespace: garden
spec:
  ports:
  - protocol: TCP
    port: 443
    targetPort: $API_SERVER_SECURE_PORT
---
kind: Service
apiVersion: v1
metadata:
  name: $ADMISSION_CONTROLLER_SERVICE_NAME
  namespace: garden
spec:
  ports:
  - name: https
    protocol: TCP
    port: $ADMISSION_CONTROLLER_SERVICE_PORT
    targetPort: $ADMISSION_CONTROLLER_SECURE_PORT
---
kind: Endpoints
apiVersion: v1
metadata:
  name: $APISERVER_ENDPOINT_NAME
  namespace: garden
subsets:
- addresses:
  - ip: ${IP_ADDRESS}
  ports:
  - port: $API_SERVER_SECURE_PORT
---
kind: Endpoints
apiVersion: v1
metadata:
  name: $ADMISSION_CONTROLLER_ENDPOINT_NAME
  namespace: garden
subsets:
- addresses:
  - ip: ${IP_ADDRESS}
  ports:
  - name: http
    port: 2718
  - name: https
    port: $ADMISSION_CONTROLLER_SECURE_PORT
EOF
fi

cat <<EOF | kubectl apply -f -
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
  name: $CORE_V1ALPHA1_APISERVICE_NAME
spec:
  insecureSkipTLSVerify: true
  group: core.gardener.cloud
  version: v1alpha1
  groupPriorityMinimum: 9999
  versionPriority: 19
  service:
    name: gardener-apiserver
    namespace: garden
$APISERVICE_PORT_STRING
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
  name: $CORE_V1BETA1_APISERVICE_NAME
spec:
  insecureSkipTLSVerify: true
  group: core.gardener.cloud
  version: v1beta1
  groupPriorityMinimum: 10000
  versionPriority: 20
  service:
    name: gardener-apiserver
    namespace: garden
$APISERVICE_PORT_STRING
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
  name: $SETTINGS_APISERVICE_NAME
spec:
  insecureSkipTLSVerify: true
  group: settings.gardener.cloud
  version: v1alpha1
  groupPriorityMinimum: 10000
  versionPriority: 20
  service:
    name: gardener-apiserver
    namespace: garden
$APISERVICE_PORT_STRING
EOF

if [[ "$1" == "--with-webhooks" ]]; then
  cat <<EOF | kubectl apply -f -
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
  name: gardener-admission-controller
webhooks:
- name: validate-namespace-deletion.gardener.cloud
  rules:
  - apiGroups:
    - ""
    apiVersions:
    - v1
    operations:
    - DELETE
    resources:
    - namespaces
  failurePolicy: Fail
  namespaceSelector:
    matchLabels:
      gardener.cloud/role: project
  clientConfig:
    service:
      namespace: garden
      name: gardener-admission-controller
      path: /webhooks/validate-namespace-deletion
$ADMISSION_CONTROLLER_PORT_STRING
    caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZRENDQWtpZ0F3SUJBZ0lVYWEyY0ZPL0NTVnJ2cThPLzBnZXVNdFhMT3NJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1NERUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdUQWtOQk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaApibU5wYzJOdk1SUXdFZ1lEVlFRREV3dGxlR0Z0Y0d4bExtNWxkREFlRncweE9EQTRNVFl5TURNeU1EQmFGdzB5Ck16QTRNVFV5TURNeU1EQmFNRWd4Q3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSUV3SkRRVEVXTUJRR0ExVUUKQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJR0ExVUVBeE1MWlhoaGJYQnNaUzV1WlhRd2dnRWlNQTBHQ1NxRwpTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDNUM4L3ZoWHVFeWQwZlQ2YmxIcGtrbERiY251ckQ0SzZTCmJGaGRMWmVHQ0krdktXMzRPdEFzOFNwQXZrSmsxL0FPZ0ZsZFBGaTdGYThZbWdKQ3piR255bEZxcXJhd2RCaEgKdFZZeENBZTE0dTJTZGlxMXNPZ3VyRHRRM0doK0V1NXUrUDBsMTZ5MGR5UXhsNGREdHdIZno0anJOVmFkbldEYwpULytQUHNkNDZpMCtjT1loa0RrN1I1NEV1Rysxa1hha0c0c1hWcEt5MVRNd295bnJCVmg0MkwzYnNrcXJWbnBUCitnY0F6Q3RvaWE4WFJKL2pob3NjWHRSMHIxdEtpM2cxSjRxQTd1WDRJOXJUc2dPQmNrMGV4SlBSZ0Vtd3VPNUYKc1o0NEU4TUlveCtGVkg5TkRUY0JkSVQ5NVhVbGNhbkhKK1Baa1JVWFp5c2lNOWxuSWpCakFnTUJBQUdqUWpCQQpNQTRHQTFVZER3RUIvd1FFQXdJQkJqQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCUVVKVTJJCmlDcll0dEhoTmhqNWh3c1FJK01JbGpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQVRlOTNldkVBSThtZGlwZG0KanBGQjkrMFczQzJrTzEvQ3RCdWpOM1B2ZWc5OGxVOXBrS2lVOVdRL3orYlpEV3pUeklTdlYzMk9WSkNtUVN6cgpWRFJUMDNjbGpQaUJYOW9GNTc3TTE2TzNacnZQV3QxUXo2WHptYk9hdjVidkJXaTlpVWRMSEptOHA2Q0RIS1lYCklEZXdsVUg4K0FGaU10d0xlcjRRZFdRUnkrMGlOZG5YQjhCYnZ3QmxhcU1oUlphancyaW83eUdaZ3FXVmI5cnkKNlRsNnF1ZVpaazJOeUszSURtbTdhMWV4TFhQUjh2U2QyUUI2YlNCTVI3NXAvRm1jVkN1VzY0MlRZTnEwUW9VcwpXOXlUM3YxcHhRZlhraTZWTGQ3L3Y4QnhwTlEzazFWM01LWGlLOEIwOEdzRDZJa2s5R2dNVmNkWDRaQmVtWmYzCjBjVUQyUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
- name: validate-kubeconfig-secrets.gardener.cloud
  rules:
  - apiGroups:
    - ""
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - secrets
  failurePolicy: Fail
  namespaceSelector:
    matchLabels:
      gardener.cloud/role: project
  clientConfig:
    service:
      namespace: garden
      name: gardener-admission-controller
      path: /webhooks/validate-kubeconfig-secrets
$ADMISSION_CONTROLLER_PORT_STRING
    caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZRENDQWtpZ0F3SUJBZ0lVYWEyY0ZPL0NTVnJ2cThPLzBnZXVNdFhMT3NJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1NERUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdUQWtOQk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaApibU5wYzJOdk1SUXdFZ1lEVlFRREV3dGxlR0Z0Y0d4bExtNWxkREFlRncweE9EQTRNVFl5TURNeU1EQmFGdzB5Ck16QTRNVFV5TURNeU1EQmFNRWd4Q3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSUV3SkRRVEVXTUJRR0ExVUUKQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJR0ExVUVBeE1MWlhoaGJYQnNaUzV1WlhRd2dnRWlNQTBHQ1NxRwpTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDNUM4L3ZoWHVFeWQwZlQ2YmxIcGtrbERiY251ckQ0SzZTCmJGaGRMWmVHQ0krdktXMzRPdEFzOFNwQXZrSmsxL0FPZ0ZsZFBGaTdGYThZbWdKQ3piR255bEZxcXJhd2RCaEgKdFZZeENBZTE0dTJTZGlxMXNPZ3VyRHRRM0doK0V1NXUrUDBsMTZ5MGR5UXhsNGREdHdIZno0anJOVmFkbldEYwpULytQUHNkNDZpMCtjT1loa0RrN1I1NEV1Rysxa1hha0c0c1hWcEt5MVRNd295bnJCVmg0MkwzYnNrcXJWbnBUCitnY0F6Q3RvaWE4WFJKL2pob3NjWHRSMHIxdEtpM2cxSjRxQTd1WDRJOXJUc2dPQmNrMGV4SlBSZ0Vtd3VPNUYKc1o0NEU4TUlveCtGVkg5TkRUY0JkSVQ5NVhVbGNhbkhKK1Baa1JVWFp5c2lNOWxuSWpCakFnTUJBQUdqUWpCQQpNQTRHQTFVZER3RUIvd1FFQXdJQkJqQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCUVVKVTJJCmlDcll0dEhoTmhqNWh3c1FJK01JbGpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQVRlOTNldkVBSThtZGlwZG0KanBGQjkrMFczQzJrTzEvQ3RCdWpOM1B2ZWc5OGxVOXBrS2lVOVdRL3orYlpEV3pUeklTdlYzMk9WSkNtUVN6cgpWRFJUMDNjbGpQaUJYOW9GNTc3TTE2TzNacnZQV3QxUXo2WHptYk9hdjVidkJXaTlpVWRMSEptOHA2Q0RIS1lYCklEZXdsVUg4K0FGaU10d0xlcjRRZFdRUnkrMGlOZG5YQjhCYnZ3QmxhcU1oUlphancyaW83eUdaZ3FXVmI5cnkKNlRsNnF1ZVpaazJOeUszSURtbTdhMWV4TFhQUjh2U2QyUUI2YlNCTVI3NXAvRm1jVkN1VzY0MlRZTnEwUW9VcwpXOXlUM3YxcHhRZlhraTZWTGQ3L3Y4QnhwTlEzazFWM01LWGlLOEIwOEdzRDZJa2s5R2dNVmNkWDRaQmVtWmYzCjBjVUQyUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
- name: validate-resource-size-kubernetes.gardener.cloud
  rules:
  - apiGroups:
    - ""
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - secrets
    - configmaps
  - apiGroups:
    - rbac.authorization.k8s.io
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - roles
    - rolebindings
  failurePolicy: Fail
  namespaceSelector:
    matchLabels:
      gardener.cloud/role: project
  clientConfig:
    service:
      namespace: garden
      name: gardener-admission-controller
      port:
      path: /webhooks/validate-resource-size
$ADMISSION_CONTROLLER_PORT_STRING
    caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZRENDQWtpZ0F3SUJBZ0lVYWEyY0ZPL0NTVnJ2cThPLzBnZXVNdFhMT3NJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1NERUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdUQWtOQk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaApibU5wYzJOdk1SUXdFZ1lEVlFRREV3dGxlR0Z0Y0d4bExtNWxkREFlRncweE9EQTRNVFl5TURNeU1EQmFGdzB5Ck16QTRNVFV5TURNeU1EQmFNRWd4Q3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSUV3SkRRVEVXTUJRR0ExVUUKQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJR0ExVUVBeE1MWlhoaGJYQnNaUzV1WlhRd2dnRWlNQTBHQ1NxRwpTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDNUM4L3ZoWHVFeWQwZlQ2YmxIcGtrbERiY251ckQ0SzZTCmJGaGRMWmVHQ0krdktXMzRPdEFzOFNwQXZrSmsxL0FPZ0ZsZFBGaTdGYThZbWdKQ3piR255bEZxcXJhd2RCaEgKdFZZeENBZTE0dTJTZGlxMXNPZ3VyRHRRM0doK0V1NXUrUDBsMTZ5MGR5UXhsNGREdHdIZno0anJOVmFkbldEYwpULytQUHNkNDZpMCtjT1loa0RrN1I1NEV1Rysxa1hha0c0c1hWcEt5MVRNd295bnJCVmg0MkwzYnNrcXJWbnBUCitnY0F6Q3RvaWE4WFJKL2pob3NjWHRSMHIxdEtpM2cxSjRxQTd1WDRJOXJUc2dPQmNrMGV4SlBSZ0Vtd3VPNUYKc1o0NEU4TUlveCtGVkg5TkRUY0JkSVQ5NVhVbGNhbkhKK1Baa1JVWFp5c2lNOWxuSWpCakFnTUJBQUdqUWpCQQpNQTRHQTFVZER3RUIvd1FFQXdJQkJqQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCUVVKVTJJCmlDcll0dEhoTmhqNWh3c1FJK01JbGpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQVRlOTNldkVBSThtZGlwZG0KanBGQjkrMFczQzJrTzEvQ3RCdWpOM1B2ZWc5OGxVOXBrS2lVOVdRL3orYlpEV3pUeklTdlYzMk9WSkNtUVN6cgpWRFJUMDNjbGpQaUJYOW9GNTc3TTE2TzNacnZQV3QxUXo2WHptYk9hdjVidkJXaTlpVWRMSEptOHA2Q0RIS1lYCklEZXdsVUg4K0FGaU10d0xlcjRRZFdRUnkrMGlOZG5YQjhCYnZ3QmxhcU1oUlphancyaW83eUdaZ3FXVmI5cnkKNlRsNnF1ZVpaazJOeUszSURtbTdhMWV4TFhQUjh2U2QyUUI2YlNCTVI3NXAvRm1jVkN1VzY0MlRZTnEwUW9VcwpXOXlUM3YxcHhRZlhraTZWTGQ3L3Y4QnhwTlEzazFWM01LWGlLOEIwOEdzRDZJa2s5R2dNVmNkWDRaQmVtWmYzCjBjVUQyUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
- name: validate-resource-size-gardener.gardener.cloud
  rules:
  - apiGroups:
    - core.gardener.cloud
    apiVersions:
    - "*"
    operations:
    - CREATE
    - UPDATE
    resources:
    - shoots
    - shoots/status
    - secretbindings
    - quotas
    - plants
  - apiGroups:
    - settings.gardener.cloud
    apiVersions:
    - "*"
    operations:
    - CREATE
    - UPDATE
    resources:
    - openidconnectpresets
  failurePolicy: Fail
  namespaceSelector:
    matchLabels:
      gardener.cloud/role: project
  clientConfig:
    url: https://127.0.0.1:$ADMISSION_CONTROLLER_SECURE_PORT/webhooks/validate-resource-size
    caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZRENDQWtpZ0F3SUJBZ0lVYWEyY0ZPL0NTVnJ2cThPLzBnZXVNdFhMT3NJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1NERUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdUQWtOQk1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaApibU5wYzJOdk1SUXdFZ1lEVlFRREV3dGxlR0Z0Y0d4bExtNWxkREFlRncweE9EQTRNVFl5TURNeU1EQmFGdzB5Ck16QTRNVFV5TURNeU1EQmFNRWd4Q3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSUV3SkRRVEVXTUJRR0ExVUUKQnhNTlUyRnVJRVp5WVc1amFYTmpiekVVTUJJR0ExVUVBeE1MWlhoaGJYQnNaUzV1WlhRd2dnRWlNQTBHQ1NxRwpTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDNUM4L3ZoWHVFeWQwZlQ2YmxIcGtrbERiY251ckQ0SzZTCmJGaGRMWmVHQ0krdktXMzRPdEFzOFNwQXZrSmsxL0FPZ0ZsZFBGaTdGYThZbWdKQ3piR255bEZxcXJhd2RCaEgKdFZZeENBZTE0dTJTZGlxMXNPZ3VyRHRRM0doK0V1NXUrUDBsMTZ5MGR5UXhsNGREdHdIZno0anJOVmFkbldEYwpULytQUHNkNDZpMCtjT1loa0RrN1I1NEV1Rysxa1hha0c0c1hWcEt5MVRNd295bnJCVmg0MkwzYnNrcXJWbnBUCitnY0F6Q3RvaWE4WFJKL2pob3NjWHRSMHIxdEtpM2cxSjRxQTd1WDRJOXJUc2dPQmNrMGV4SlBSZ0Vtd3VPNUYKc1o0NEU4TUlveCtGVkg5TkRUY0JkSVQ5NVhVbGNhbkhKK1Baa1JVWFp5c2lNOWxuSWpCakFnTUJBQUdqUWpCQQpNQTRHQTFVZER3RUIvd1FFQXdJQkJqQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCUVVKVTJJCmlDcll0dEhoTmhqNWh3c1FJK01JbGpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQVRlOTNldkVBSThtZGlwZG0KanBGQjkrMFczQzJrTzEvQ3RCdWpOM1B2ZWc5OGxVOXBrS2lVOVdRL3orYlpEV3pUeklTdlYzMk9WSkNtUVN6cgpWRFJUMDNjbGpQaUJYOW9GNTc3TTE2TzNacnZQV3QxUXo2WHptYk9hdjVidkJXaTlpVWRMSEptOHA2Q0RIS1lYCklEZXdsVUg4K0FGaU10d0xlcjRRZFdRUnkrMGlOZG5YQjhCYnZ3QmxhcU1oUlphancyaW83eUdaZ3FXVmI5cnkKNlRsNnF1ZVpaazJOeUszSURtbTdhMWV4TFhQUjh2U2QyUUI2YlNCTVI3NXAvRm1jVkN1VzY0MlRZTnEwUW9VcwpXOXlUM3YxcHhRZlhraTZWTGQ3L3Y4QnhwTlEzazFWM01LWGlLOEIwOEdzRDZJa2s5R2dNVmNkWDRaQmVtWmYzCjBjVUQyUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
EOF
fi
